a/aaa_glibc-solibs-2.38-x86_64-3.txz: Rebuilt.
a/xfsprogs-6.5.0-x86_64-1.txz: Upgraded.
l/glibc-2.38-x86_64-3.txz: Rebuilt.
Don't strip ld-2.38.so as this breaks valgrind.
Thanks to rastos and alienBOB.
Fixed unreplaced @@VERSION@@ in the doinst.sh "dead code."
Thanks to pee_bee.
l/glibc-i18n-2.38-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.38-x86_64-3.txz: Rebuilt.
l/pipewire-0.3.82-x86_64-1.txz: Upgraded.
l/libcaca-0.99.beta20-x86_64-1.txz: Upgraded.
Fixed a crash bug (a crafted file defining width of zero leads to divide by
zero and a crash). Seems to be merely a bug rather than a security issue, but
I'd been meaning to get beta20 building so this was a good excuse.
Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-0856
(* Security fix *)
l/libcue-2.3.0-x86_64-1.txz: Upgraded.
xap/xscreensaver-6.08-x86_64-1.txz: Upgraded.
testing/packages/rust-1.73.0-x86_64-1.txz: Upgraded.
ap/sqlite-3.43.2-x86_64-1.txz: Upgraded.
l/libcue-2.2.1-x86_64-4.txz: Rebuilt.
Fixed a bug which could allow memory corruption resulting in arbitrary
code execution.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-43641
(* Security fix *)
l/libnotify-0.8.3-x86_64-1.txz: Upgraded.
This release contains a critical stability/minor security update which
affects Electron applications that utilize Portal notifications (eg,
through Flatpak). It is highly recommended that all users of libnotify
0.8.x update to this release.
(* Security fix *)
n/iptables-1.8.10-x86_64-1.txz: Upgraded.
a/aaa_glibc-solibs-2.38-x86_64-2.txz: Rebuilt.
ap/qpdf-11.6.2-x86_64-1.txz: Upgraded.
ap/vim-9.0.2009-x86_64-1.txz: Upgraded.
l/desktop-file-utils-0.27-x86_64-1.txz: Upgraded.
l/glibc-2.38-x86_64-2.txz: Rebuilt.
These glibc packages are the exact ones that were previously in /testing.
A test mass rebuild was done here finding no new FTBFS, so I think these
are good to go. :)
l/glibc-i18n-2.38-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.38-x86_64-2.txz: Rebuilt.
l/imagemagick-7.1.1_20-x86_64-1.txz: Upgraded.
l/libxkbcommon-1.6.0-x86_64-1.txz: Upgraded.
l/shared-mime-info-2.3-x86_64-1.txz: Upgraded.
n/c-ares-1.20.0-x86_64-1.txz: Upgraded.
n/libtirpc-1.3.4-x86_64-1.txz: Upgraded.
n/proftpd-1.3.8a-x86_64-1.txz: Upgraded.
n/whois-5.5.19-x86_64-1.txz: Upgraded.
Fixed english support for Japanese queries to not add again the /e argument
if it had already been provided by the user. (Closes: #1050171)
Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers.
Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy,
.a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao)
TLD servers.
Upgraded the TLD URLs to HTTPS whenever possible.
Updated the charset for whois.jprs.jp.
Removed 3 new gTLDs which are no longer active.
Removed support for the obsolete as32 dot notation.
x/xterm-386-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.2009-x86_64-1.txz: Upgraded.
kde/krita-5.2.0-x86_64-1.txz: Upgraded.
l/fftw-3.3.10-x86_64-2.txz: Rebuilt.
Build and package missing FFTW3LibraryDepends.cmake.
This is needed for krita-5.2.0.
l/immer-0.8.1-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
l/lager-0.1.0-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
l/libunibreak-5.1-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
l/zug-0.1.0-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
xap/network-manager-applet-1.34.0-x86_64-1.txz: Upgraded.
a/aaa_glibc-solibs-2.37-x86_64-3.txz: Rebuilt.
a/dialog-1.3_20231002-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.3-x86_64-1.txz: Upgraded.
d/llvm-17.0.2-x86_64-1.txz: Upgraded.
d/meson-1.2.2-x86_64-2.txz: Rebuilt.
[PATCH] Revert rust: apply global, project, and environment C args to bindgen.
This fixes building Mesa.
Thanks to lucabon and marav.
kde/calligra-3.2.1-x86_64-34.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/cantor-23.08.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/kfilemetadata-5.110.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/kile-2.9.93-x86_64-28.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/kitinerary-23.08.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/krita-5.1.5-x86_64-15.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/okular-23.08.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
l/glibc-2.37-x86_64-3.txz: Rebuilt.
l/glibc-i18n-2.37-x86_64-3.txz: Rebuilt.
Patched to fix the "Looney Tunables" vulnerability, a local privilege
escalation in ld.so. This vulnerability was introduced in April 2021
(glibc 2.34) by commit 2ed18c.
Thanks to Qualys Research Labs for reporting this issue.
For more information, see:
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txthttps://www.cve.org/CVERecord?id=CVE-2023-4911
(* Security fix *)
l/glibc-profile-2.37-x86_64-3.txz: Rebuilt.
l/mozilla-nss-3.94-x86_64-1.txz: Upgraded.
l/poppler-23.10.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/NetworkManager-1.44.2-x86_64-1.txz: Upgraded.
n/irssi-1.4.5-x86_64-1.txz: Upgraded.
x/fcitx5-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-anthy-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-chinese-addons-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-gtk-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-hangul-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-kkc-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-m17n-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-sayura-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-table-extra-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-table-other-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-unikey-5.1.1-x86_64-1.txz: Upgraded.
x/libX11-1.8.7-x86_64-1.txz: Upgraded.
This update fixes security issues:
libX11: out-of-bounds memory access in _XkbReadKeySyms().
libX11: stack exhaustion from infinite recursion in PutSubImage().
libX11: integer overflow in XCreateImage() leading to a heap overflow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-43785https://www.cve.org/CVERecord?id=CVE-2023-43786https://www.cve.org/CVERecord?id=CVE-2023-43787
(* Security fix *)
x/libXpm-3.5.17-x86_64-1.txz: Upgraded.
This update fixes security issues:
libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
libXpm: out of bounds read on XPM with corrupted colormap.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-43788https://www.cve.org/CVERecord?id=CVE-2023-43789
(* Security fix *)
testing/packages/aaa_glibc-solibs-2.38-x86_64-2.txz: Rebuilt.
testing/packages/glibc-2.38-x86_64-2.txz: Rebuilt.
Patched to fix the "Looney Tunables" vulnerability, a local privilege
escalation in ld.so. This vulnerability was introduced in April 2021
(glibc 2.34) by commit 2ed18c.
Thanks to Qualys Research Labs for reporting this issue.
For more information, see:
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txthttps://www.cve.org/CVERecord?id=CVE-2023-4911
(* Security fix *)
testing/packages/glibc-i18n-2.38-x86_64-2.txz: Rebuilt.
testing/packages/glibc-profile-2.38-x86_64-2.txz: Rebuilt.
ap/mpg123-1.32.2-x86_64-1.txz: Upgraded.
l/cairo-1.18.0-x86_64-1.txz: Upgraded.
l/gtk4-4.12.3-x86_64-1.txz: Upgraded.
x/fonttosfnt-1.2.3-x86_64-1.txz: Upgraded.
xap/geeqie-2.1-x86_64-2.txz: Rebuilt.
Patched and recompiled against lua-5.4.6.
xap/mozilla-firefox-115.3.1esr-x86_64-1.txz: Upgraded.
This update contains a security fix.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
xfce/xfce4-panel-4.18.5-x86_64-1.txz: Upgraded.
testing/packages/aaa_glibc-solibs-2.38-x86_64-1.txz: Added.
testing/packages/glibc-2.38-x86_64-1.txz: Added.
Instead of building the deprecated glibc crypt library, bundle
libxcrypt-4.4.36 (both .so.1 compat version and .so.2 new API version).
testing/packages/glibc-i18n-2.38-x86_64-1.txz: Added.
testing/packages/glibc-profile-2.38-x86_64-1.txz: Added.
kde/ktextaddons-1.5.2-x86_64-1.txz: Upgraded.
l/fluidsynth-2.3.4-x86_64-1.txz: Upgraded.
l/opencv-4.8.1-x86_64-1.txz: Upgraded.
l/openexr-3.2.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.3.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.3.0/releasenotes/
a/gettext-0.22.2-x86_64-1.txz: Upgraded.
ap/cups-2.4.7-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Fixed Heap-based buffer overflow when reading Postscript in PPD files.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4504
(* Security fix *)
d/cmake-3.27.6-x86_64-1.txz: Upgraded.
d/gettext-tools-0.22.2-x86_64-1.txz: Upgraded.
l/dconf-editor-45.0.1-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.6-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.22.6-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.22.6-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.22.6-x86_64-1.txz: Upgraded.
l/gstreamer-1.22.6-x86_64-1.txz: Upgraded.
l/gtk4-4.12.2-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_17-x86_64-1.txz: Upgraded.
n/bind-9.18.19-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Limit the amount of recursion that can be performed by isccc_cc_fromwire.
Fix use-after-free error in TLS DNS code when sending data.
For more information, see:
https://kb.isc.org/docs/cve-2023-3341https://www.cve.org/CVERecord?id=CVE-2023-3341https://kb.isc.org/docs/cve-2023-4236https://www.cve.org/CVERecord?id=CVE-2023-4236
(* Security fix *)
n/stunnel-5.71-x86_64-1.txz: Upgraded.
x/mesa-23.1.8-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-23.2.1-x86_64-1.txz: Upgraded.
xap/freerdp-2.11.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.2.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.2.3/releasenotes/
xap/seamonkey-2.53.17.1-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.17.1https://www.cve.org/CVERecord?id=CVE-2023-4863
(* Security fix *)
a/sysklogd-2.5.2-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.11-x86_64-1.txz: Upgraded.
l/adwaita-icon-theme-45.0-noarch-1.txz: Upgraded.
l/gsettings-desktop-schemas-45.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_16-x86_64-1.txz: Upgraded.
l/libdeflate-1.19-x86_64-1.txz: Upgraded.
l/libqalculate-4.8.1-x86_64-1.txz: Upgraded.
l/vte-0.74.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.17-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Validate data type in dalloc_value_for_key(). This flaw could allow a
malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
execute arbitrary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-42464
(* Security fix *)
ap/vim-9.0.1903-x86_64-1.txz: Upgraded.
l/at-spi2-atk-2.38.0-x86_64-3.txz: Removed.
l/at-spi2-core-2.50.0-x86_64-1.txz: Upgraded.
This now includes the features from the former at-spi2-atk and atk packages.
l/atk-2.38.0-x86_64-1.txz: Removed.
l/cairo-1.17.6-x86_64-1.txz: Upgraded.
l/glib-networking-2.78.0-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.78.1-x86_64-1.txz: Upgraded.
l/json-glib-1.8.0-x86_64-1.txz: Upgraded.
l/libsoup3-3.4.3-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1903-x86_64-1.txz: Upgraded.
ap/ksh93-1.0.7-x86_64-1.txz: Upgraded.
d/cmake-3.27.5-x86_64-1.txz: Upgraded.
d/python3-3.9.18-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass
of the TLS handshake and included protections (like certificate verification)
and treating sent unencrypted data as if it were post-handshake TLS encrypted
data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-40217
(* Security fix *)
l/gvfs-1.52.0-x86_64-1.txz: Upgraded.
l/mozjs102-102.15.1esr-x86_64-1.txz: Upgraded.
n/dovecot-2.3.21-x86_64-1.txz: Upgraded.
x/ibus-table-1.17.3-x86_64-1.txz: Upgraded.
x/igt-gpu-tools-1.28-x86_64-1.txz: Upgraded.
x/libva-2.20.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.20.0-x86_64-1.txz: Upgraded.
xfce/elementary-xfce-0.18-x86_64-1.txz: Upgraded.
a/kernel-firmware-20230906_ad03b85-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.52-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.52-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.52-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.52-x86-1.txz: Upgraded.
d/lua-5.4.6-x86_64-3.txz: Rebuilt.
Set MYCFLAGS rather than CFLAGS in the build script to keep the other
default CFLAGS in src/Makefile. This automatically sets -DLUA_USE_LINUX
as well as -DLUA_COMPAT_5_3.
d/mercurial-6.5.2-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.52-noarch-1.txz: Upgraded.
kde/alkimia-8.1.2-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-33.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/cantor-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kfilemetadata-5.109.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kile-2.9.93-x86_64-27.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kitinerary-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/krita-5.1.5-x86_64-14.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/ktextaddons-1.5.0-x86_64-1.txz: Upgraded.
kde/okular-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
l/poppler-23.09.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/zstd-1.5.5-x86_64-3.txz: Rebuilt.
Fix library path in zstdTargets-release.cmake.
Thanks to Steven Voges and gian_d.
Use additional build options:
-DZSTD_BUILD_STATIC=OFF -DZSTD_PROGRAMS_LINK_SHARED=ON -DZSTD_LZ4_SUPPORT=ON
-DZSTD_LZMA_SUPPORT=ON -DZSTD_ZLIB_SUPPORT=ON
Thanks to USUARIONUEVO.
n/iproute2-6.5.0-x86_64-1.txz: Upgraded.
t/texlive-2023.230322-x86_64-5.txz: Rebuilt.
Recompiled against zlib-1.3 to fix lualatex.
Thanks to unInstance and marav.
x/ibus-libpinyin-1.15.4-x86_64-1.txz: Upgraded.
x/mesa-23.1.7-x86_64-1.txz: Upgraded.
xap/gnuplot-5.4.9-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230814_0e048b0-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.46-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.46-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.46-x86_64-1.txz: Upgraded.
ap/inxi-3.3.29_1-noarch-1.txz: Upgraded.
d/kernel-headers-6.1.46-x86-1.txz: Upgraded.
k/kernel-source-6.1.46-noarch-1.txz: Upgraded.
-ACPI_TINY_POWER_BUTTON n
ACPI_AC m -> y
ACPI_BATTERY m -> y
ACPI_BUTTON m -> y
ACPI_FAN m -> y
ACPI_THERMAL m -> y
kde/kirigami-addons-0.11.0-x86_64-1.txz: Upgraded.
n/bind-9.18.18-x86_64-1.txz: Upgraded.
n/httpd-2.4.57-x86_64-2.txz: Rebuilt.
rc.httpd: wait using pwait after stopping, fix usage to show force-restart.
Thanks to metaed.
n/net-snmp-5.9.4-x86_64-1.txz: Upgraded.
n/openvpn-2.6.6-x86_64-1.txz: Upgraded.
n/php-8.2.9-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Security issue with external entity loading in XML without enabling it.
Buffer mismanagement in phar_dir_read().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824
(* Security fix *)
x/xorg-server-xwayland-23.2.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.1.1/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-21.txz: Rebuilt.
Upgraded: libcap.so.2.69, liblzma.so.5.4.4, libboost*.so.1.82.0,
libglib-2.0.so.0.7600.4, libgmodule-2.0.so.0.7600.4, libgmp.so.10.5.0,
libgmpxx.so.4.7.0, libgobject-2.0.so.0.7600.4, libgthread-2.0.so.0.7600.4,
libjpeg.so.62.4.0, libpng16.so.16.40.0, libstdc++.so.6.0.32,
libtdb.so.1.4.9, libturbojpeg.so.0.3.0.
a/kernel-firmware-20230809_789aa81-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.45-x86_64-1.txz: Upgraded.
ap/pamixer-1.5-x86_64-7.txz: Rebuilt.
Recompiled against boost-1.83.0.
d/kernel-headers-6.1.45-x86-1.txz: Upgraded.
k/kernel-source-6.1.45-noarch-1.txz: Upgraded.
kde/kig-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/kopeninghours-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/krita-5.1.5-x86_64-12.txz: Rebuilt.
Recompiled against boost-1.83.0.
l/boost-1.83.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
The shared libraries from the previous version will stick around in
the aaa_libraries package for at least a month.
l/cryfs-0.10.3-x86_64-9.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/fcitx5-chinese-addons-5.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/libime-1.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Thanks to Heinz Wiesinger for these added python packages to implement
PEP 427 and PEP 517! Python modules are phasing out setup.py in favor of
building wheels, and then using python-installer to install them. These
are the bits needed to make that happen.
l/python-build-0.10.0-x86_64-1.txz: Added.
l/python-flit-core-3.9.0-x86_64-1.txz: Added.
l/python-glad2-2.0.4-x86_64-1.txz: Added.
l/python-installer-0.7.0-x86_64-1.txz: Added.
l/python-lxml-4.9.3-x86_64-1.txz: Added.
l/python-pyproject-hooks-1.0.0-x86_64-1.txz: Added.
l/python-tomli-w-1.0.0-x86_64-1.txz: Added.
l/python-wheel-0.41.1-x86_64-1.txz: Added.
n/nftables-1.0.8-x86_64-2.txz: Rebuilt.
Correctly generate nftables Python module using PEP 427/517 method.
Thanks to marav.
n/openssh-9.4p1-x86_64-1.txz: Upgraded.
a/sdparm-1.12-x86_64-3.txz: Rebuilt.
Recompiled against sg3_utils-1.48.
a/udisks-1.0.5-x86_64-11.txz: Rebuilt.
Recompiled against sg3_utils-1.48. Does anything still need this?
ap/vim-9.0.1678-x86_64-1.txz: Upgraded.
Applied the last patch from Bram Moolenaar.
RIP Bram, and thanks for your great work on VIM and your kindness to the
orphan children in Uganda.
If you'd like to honor Bram with a donation to his charity, please visit:
https://iccf-holland.org/
d/mercurial-6.5.1-x86_64-1.txz: Upgraded.
d/vala-0.56.10-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.27.7.1-x86_64-1.txz: Upgraded.
kde/sddm-0.20.0-x86_64-2.txz: Rebuilt.
Eliminate duplicate log messages polluting the first virtual console.
l/gtk4-4.10.5-x86_64-1.txz: Upgraded.
l/gvfs-1.50.6-x86_64-1.txz: Upgraded.
l/libgpod-0.8.3-x86_64-12.txz: Rebuilt.
Recompiled against sg3_utils-1.48.
l/netpbm-11.03.02-x86_64-1.txz: Upgraded.
l/sg3_utils-1.48-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/speech-dispatcher-0.11.5-x86_64-1.txz: Upgraded.
n/gnutls-3.8.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.3-x86_64-2.txz: Rebuilt.
Move 99-nfs.rules to the proper directory. Thanks to Petri Kaukasoina.
xap/vim-gvim-9.0.1678-x86_64-1.txz: Upgraded.
d/binutils-2.41-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-12.txz: Rebuilt.
Recompiled against binutils-2.41.
d/tree-sitter-0.20.8-x86_64-1.txz: Added.
This is a dependency for an interesting new feature of emacs-29.1.
e/emacs-29.1-x86_64-1.txz: Upgraded.
Compiled against tree-sitter-0.20.8. Grammar libraries for this can be
downloaded and installed from within Emacs - see the NEWS file for details.
l/gmp-6.3.0-x86_64-1.txz: Upgraded.
l/libarchive-3.7.1-x86_64-1.txz: Upgraded.
l/polkit-123-x86_64-1.txz: Upgraded.
ap/tmux-3.3a-x86_64-2.txz: Rebuilt.
Patched to fix a crash when copying text. Thanks to nullptr, gnw, and Daedra.
d/parallel-20230722-noarch-1.txz: Upgraded.
l/libarchive-3.7.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.75-x86_64-2.txz: Rebuilt.
[PATCH] pipewire: add missing stdbool.h include to version.h.in.
Thanks to marav.
n/network-scripts-15.1-noarch-1.txz: Upgraded.
Added netconfig.8 manpage. Thanks to metaed.
extra/brltty/brltty-6.6-x86_64-1.txz: Upgraded.
l/librsvg-2.56.3-x86_64-1.txz: Upgraded.
l/nodejs-20.5.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.75-x86_64-1.txz: Upgraded.
l/talloc-2.4.1-x86_64-1.txz: Upgraded.
l/tdb-1.4.9-x86_64-1.txz: Upgraded.
l/tevent-0.15.0-x86_64-1.txz: Upgraded.
l/xxHash-0.8.2-x86_64-1.txz: Upgraded.
n/ca-certificates-20230721-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.htmlhttps://www.samba.org/samba/security/CVE-2023-3347.htmlhttps://www.samba.org/samba/security/CVE-2023-34966.htmlhttps://www.samba.org/samba/security/CVE-2023-34967.htmlhttps://www.samba.org/samba/security/CVE-2023-34968.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-2127https://www.cve.org/CVERecord?id=CVE-2023-3347https://www.cve.org/CVERecord?id=CVE-2023-34966https://www.cve.org/CVERecord?id=CVE-2023-34967https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/sudo-1.9.14p2-x86_64-1.txz: Upgraded.
This is a bugfix release.
d/meson-1.2.0-x86_64-1.txz: Upgraded.
xap/sane-1.2.1-x86_64-1.txz: Upgraded.
extra/xv/xv-4.2.0-x86_64-1.txz: Upgraded.
Hey folks! It's time to acknowledge another one of those milestones... 30 (!)
years since I made the post linked below announcing Slackware's first stable
release after months of beta testing. Thanks to all of our dedicated
contributors, loyal users, and those who have helped us to keep the lights on
here. It's really been a remarkable journey that I couldn't have anticipated
starting out back in 1993. Cheers! :-)
https://www.slackware.com/announce/1.0.php
kde/sddm-0.20.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_13-x86_64-1.txz: Upgraded.
n/nghttp2-1.55.1-x86_64-1.txz: Upgraded.
xap/xlockmore-5.72-x86_64-1.txz: Upgraded.
a/util-linux-2.39.1-x86_64-2.txz: Rebuilt.
Since libmount has dropped support for the traditional /etc/mtab file, if
we find one replace it with a symlink to /proc/mounts.
kde/digikam-8.0.0-x86_64-4.txz: Rebuilt.
Recompiled against opencv-4.8.0.
kde/kirigami-addons-0.9.0-x86_64-1.txz: Upgraded.
l/glib-networking-2.76.1-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.4-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.8.0.
l/gvfs-1.50.5-x86_64-1.txz: Upgraded.
l/libpaper-2.1.1-x86_64-1.txz: Upgraded.
l/libwebp-1.3.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.91-x86_64-1.txz: Upgraded.
l/netpbm-11.03.00-x86_64-1.txz: Upgraded.
l/opencv-4.8.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/bluez-5.67-x86_64-1.txz: Upgraded.
n/openresolv-3.13.2-noarch-1.txz: Upgraded.
n/p11-kit-0.25.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
Make /etc/mtab a symlink to /proc/mounts. (I thought we did this before?)
Remove /etc/mounts symlink.
In rc.S, don't try to initialize /etc/mtab or fake mount /.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Make /etc/mtab a symlink to /proc/mounts. (I thought we did this before?)
Remove /etc/mounts symlink.
In rc.S, don't try to initialize /etc/mtab or fake mount /.
ap/vim-9.0.1667-x86_64-1.txz: Upgraded.
This fixes a rare divide-by-zero bug that could cause vim to crash. In an
interactive program such as vim, I can't really see this qualifying as a
security issue, but since it was brought up as such on LQ we'll just go
along with it this time. :)
Thanks to marav for the heads-up.
(* Security fix *)
l/freetype-2.13.1-x86_64-2.txz: Rebuilt.
The profile scripts still mentioned three options to choose from when there
are now only two. This has been fixed.
Thanks to burdi01.
l/gegl-0.4.46-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_12-x86_64-1.txz: Upgraded.
l/librsvg-2.56.1-x86_64-1.txz: Upgraded.
l/openexr-3.1.9-x86_64-1.txz: Upgraded.
l/pipewire-0.3.72-x86_64-1.txz: Upgraded.
n/network-scripts-15.0-noarch-19.txz: Rebuilt.
This update fixes a bug and adds a new feature:
Re-add support for the DHCP_IPADDR parameter from rc.inet1.conf.
Expand the help text for DHCP_IPADDR in rc.inet1.conf.
Add support for a DHCP_OPTS parameter.
Thanks to ljb643 and Darren 'Tadgy' Austin.
xap/vim-gvim-9.0.1667-x86_64-1.txz: Upgraded.
l/freetype-2.13.1-x86_64-1.txz: Upgraded.
NOTE: Infinality mode has been removed. If you've enabled it in your
/etc/profile.d/freetype.{csh,sh} script, you'll need to make sure that
either all of the available choices are commented out, or enable one of
the two remaining choices.
a/btrfs-progs-6.3.2-x86_64-1.txz: Upgraded.
l/a52dec-0.8.0-x86_64-1.txz: Upgraded.
l/gjs-1.76.2-x86_64-1.txz: Upgraded.
x/libX11-1.8.6-x86_64-1.txz: Upgraded.
This update fixes buffer overflows in InitExt.c that could at least cause
the client to crash due to memory corruption.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-3138
(* Security fix *)
a/hwdata-0.371-noarch-1.txz: Upgraded.
ap/cups-2.4.3-x86_64-1.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
d/git-2.41.0-x86_64-1.txz: Upgraded.
d/llvm-16.0.5-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-29.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kimageformats-5.106.0-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kio-extras-23.04.1-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/krita-5.1.5-x86_64-9.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/Imath-3.1.9-x86_64-1.txz: Upgraded.
Evidently the shared library .so-version bump in Imath-3.1.8 should not have
happened, so this update reverts it to the previous value.
l/gst-plugins-bad-free-1.22.3-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/imagemagick-7.1.1_11-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/mozjs102-102.12.0esr-x86_64-1.txz: Upgraded.
l/openexr-3.1.7-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/serf-1.3.10-x86_64-1.txz: Upgraded.
l/vte-0.72.2-x86_64-1.txz: Upgraded.
n/nettle-3.9.1-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p16-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551https://www.cve.org/CVERecord?id=CVE-2023-26552https://www.cve.org/CVERecord?id=CVE-2023-26553https://www.cve.org/CVERecord?id=CVE-2023-26554https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
n/samba-4.18.3-x86_64-1.txz: Upgraded.
tcl/tclx-8.6.2-x86_64-1.txz: Upgraded.
x/ibus-libpinyin-1.15.3-x86_64-1.txz: Upgraded.
x/libX11-1.8.5-x86_64-1.txz: Upgraded.
xap/gimp-2.10.34-x86_64-4.txz: Rebuilt.
Recompiled against Imath-3.1.9.
xfce/xfce4-pulseaudio-plugin-0.4.7-x86_64-1.txz: Upgraded.
d/vala-0.56.8-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-28.txz: Rebuilt.
Recompiled against Imath-3.1.8.
kde/kimageformats-5.106.0-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.8.
kde/kio-extras-23.04.1-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.8.
kde/krita-5.1.5-x86_64-8.txz: Rebuilt.
Recompiled against Imath-3.1.8.
l/Imath-3.1.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/gst-plugins-bad-free-1.22.3-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.8.
l/imagemagick-7.1.1_10-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.8.
l/openexr-3.1.7-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.8.
xap/gimp-2.10.34-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.8.
xap/mozilla-thunderbird-102.11.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.11.1/releasenotes/
a/elilo-3.16-x86_64-16.txz: Rebuilt.
eliloconfig: don't mess with mounting efivarfs. This should be handled by
rc.S, or by whatever the admin put in /etc/fstab.
a/kernel-firmware-20230523_1ba3519-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.30-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-5.txz: Rebuilt.
rc.S: mount efivarfs rw, may be overridden in /etc/default/efivarfs.
ap/sc-im-0.8.3-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.30-x86-1.txz: Upgraded.
d/parallel-20230522-noarch-1.txz: Upgraded.
k/kernel-source-6.1.30-noarch-1.txz: Upgraded.
l/enchant-2.4.0-x86_64-1.txz: Upgraded.
l/glib2-2.76.3-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.38-x86_64-1.txz: Upgraded.
l/qt5-5.15.9_20230523_245f369c-x86_64-1.txz: Upgraded.
This update fixes a security issue.
Qt-based clients may mismatch HSTS headers (Strict-Transport-Security),
which would prevent the client from switching to a secure HTTPS
connection as requested by a server.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32762
(* Security fix *)
n/curl-8.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
t/texlive-2023.230322-x86_64-3.txz: Rebuilt.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
xap/mozilla-firefox-113.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/113.0.2/releasenotes/
xfce/libxfce4ui-4.18.4-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/gexiv2-0.14.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.89.1-x86_64-1.txz: Upgraded.
n/ca-certificates-20230506-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
a/xz-5.4.3-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.9-x86_64-1.txz: Upgraded.
d/mercurial-6.4.3-x86_64-1.txz: Upgraded.
l/alsa-lib-1.2.9-x86_64-1.txz: Upgraded.
l/libssh-0.10.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
A NULL dereference during rekeying with algorithm guessing.
A possible authorization bypass in pki_verify_data_signature under
low-memory conditions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-1667https://www.cve.org/CVERecord?id=CVE-2023-2283
(* Security fix *)
l/nodejs-20.1.0-x86_64-1.txz: Upgraded.
x/libXi-1.8.1-x86_64-1.txz: Upgraded.
d/llvm-16.0.3-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-27.txz: Rebuilt.
Recompiled against poppler-23.05.0.
kde/cantor-23.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.05.0.
kde/kfilemetadata-5.105.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.05.0.
kde/kile-2.9.93-x86_64-24.txz: Rebuilt.
Recompiled against poppler-23.05.0.
kde/kitinerary-23.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.05.0.
kde/krita-5.1.5-x86_64-7.txz: Rebuilt.
Recompiled against poppler-23.05.0.
kde/okular-23.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.05.0.
l/poppler-23.05.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/sof-firmware-2.2.4-noarch-1.txz: Added.
Thanks to Heinz Wiesinger.
n/whois-5.5.17-x86_64-1.txz: Upgraded.
Added the .cd TLD server.
Updated the -kg NIC handles server name.
Removed 2 new gTLDs which are no longer active.
kde/kalk-23.04.0-x86_64-1.txz: Removed.
kde/ktextaddons-1.2.1-x86_64-1.txz: Upgraded.
Revert to this version until a newer one works.
kde/qcoro-0.9.0-x86_64-1.txz: Upgraded.
l/iso-codes-4.15.0-noarch-1.txz: Upgraded.
n/lynx-2.9.0dev.12-x86_64-1.txz: Upgraded.
x/xdpyinfo-1.3.4-x86_64-1.txz: Upgraded.
x/xinput-1.6.4-x86_64-1.txz: Upgraded.
d/poke-3.1-x86_64-1.txz: Upgraded.
l/apr-1.7.4-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_7-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-112.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/112.0.1/releasenotes/
xap/network-manager-applet-1.32.0-x86_64-1.txz: Upgraded.
xfce/tumbler-4.18.1-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.1-x86_64-1.txz: Upgraded.
a/kernel-generic-6.1.24-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.24-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.24-x86_64-1.txz: Upgraded.
a/tcsh-6.24.09-x86_64-1.txz: Upgraded.
ap/vim-9.0.1450-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.24-x86-1.txz: Upgraded.
d/mercurial-6.4.1-x86_64-1.txz: Upgraded.
d/rust-bindgen-0.65.1-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.24-noarch-1.txz: Upgraded.
kde/digikam-8.0.0-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.76.1-x86_64-1.txz: Upgraded.
l/pipewire-0.3.69-x86_64-1.txz: Upgraded.
When enabled, use wireplumber rather than the deprecated media-session.
Thanks to saxa for the help. :-)
n/openvpn-2.6.3-x86_64-1.txz: Upgraded.
n/php-8.2.5-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.2.5
xap/vim-gvim-9.0.1450-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230406_86da2ac-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.23-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.23-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.23-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.23-x86-1.txz: Upgraded.
d/llvm-16.0.1-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.23-noarch-1.txz: Upgraded.
l/SDL2-2.26.5-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_6-x86_64-1.txz: Upgraded.
l/isl-0.26-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-16.0.0-x86_64-2.txz: Rebuilt.
Looks like this is working now after some linking adjustments.
Thanks very much to lucabon!
x/mesa-23.0.1-x86_64-3.txz: Rebuilt.
x/xf86-input-wacom-1.2.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
kde/krusader-2.8.0-x86_64-2.txz: Rebuilt.
[PATCH 1/2] Add workaround for icon size in HiDPI environment.
[PATCH 2/2] Don't set QStyle::State_None for brief view.
Thanks to Heinz Wiesinger.
l/apr-1.7.3-x86_64-1.txz: Upgraded.
n/irssi-1.4.4-x86_64-1.txz: Upgraded.
Do not crash Irssi when one line is printed as the result of another line
being printed.
Also solve a memory leak while printing unformatted lines.
(* Security fix *)
xap/xsnow-3.7.4-x86_64-1.txz: Upgraded.
a/kernel-generic-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.22-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-32.txz: Rebuilt.
Add /lib/firmware directory to _initrd-tree.tar.gz. Thanks to walecha.
d/cmake-3.26.2-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.22-x86-1.txz: Upgraded.
d/llvm-16.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to Heinz Wiesinger for the assistance.
Compiled with -DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON
-DCLANG_LINK_CLANG_DYLIB=ON.
I think we'll get 16.0.1 next week if we need to make any adjustments.
d/ruby-3.2.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
ReDoS vulnerability in URI.
ReDoS vulnerability in Time.
For more information, see:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/https://www.cve.org/CVERecord?id=CVE-2023-28755https://www.cve.org/CVERecord?id=CVE-2023-28756
(* Security fix *)
k/kernel-source-6.1.22-noarch-1.txz: Upgraded.
kde/kdevelop-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0.
l/openexr-3.1.7-x86_64-1.txz: Upgraded.
l/qt5-5.15.8_20230325_c1a3e988-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
l/spirv-llvm-translator-16.0.0-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
Thanks to Heinz Wiesinger for finding the fix for -DBUILD_SHARED_LIBS=ON.
n/pssh-2.3.5-x86_64-1.txz: Upgraded.
n/samba-4.18.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
An incomplete access check on dnsHostName allows authenticated but otherwise
unprivileged users to delete this attribute from any object in the directory.
The Samba AD DC administration tool, when operating against a remote LDAP
server, will by default send new or reset passwords over a signed-only
connection.
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential
attribute disclosure via LDAP filters was insufficient and an attacker may
be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should assume they have
been obtained and need replacing.
For more information, see:
https://www.samba.org/samba/security/CVE-2023-0225.htmlhttps://www.samba.org/samba/security/CVE-2023-0922.htmlhttps://www.samba.org/samba/security/CVE-2023-0614.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-0225https://www.cve.org/CVERecord?id=CVE-2023-0922https://www.cve.org/CVERecord?id=CVE-2023-0614
(* Security fix *)
x/mesa-23.0.1-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0 and spirv-llvm-translator-16.0.0.
xap/seamonkey-2.53.16-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.16
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.68.2-x86_64-2.txz: Rebuilt.
Use the bundled LLVM rather than the system LLVM.
This version of Rust actually does compile with llvm-16.0.0, but since it
bundles LLVM 15 let's let it use that for now.
usb-and-pxe-installers/usbboot.img: Rebuilt.
kde/digikam-7.10.0-x86_64-1.txz: Upgraded.
l/serf-1.3.9-x86_64-9.txz: Rebuilt.
Applied a patch from LFS to fix a build error in Subversion caused by serf
using internal OpenSSL API functions for its own use. Also fixes a crash bug
that happens due to a return value being invalid.
Thanks to lucabon.
x/xcb-imdkit-1.0.5-x86_64-1.txz: Upgraded.
Hey folks, just some more updates on the road to an eventual beta. :-)
At this point nothing remains linked with openssl-1.1.1 except for python2 and
modules, and vsftpd. I think nobody cares about trying to force python2 to use
openssl3... it's EOL but still a zombie, unfortunately. I have seen some
patches for vsftpd and intend to take a look at them. We've bumped PHP to 8.2
and just gone ahead and killed 8.0 and 8.1. Like 7.4, 8.0 is not compatible
with openssl3 and it doesn't seem worthwhile to try to patch it. And with 8.2
already out for several revisions, 8.1 does not seem particularly valuable.
If you make use of PHP you should be used to it being a moving target by now.
Enjoy, and let me know if anything isn't working right. Cheers!
a/aaa_libraries-15.1-x86_64-19.txz: Rebuilt.
Recompiled against openssl-3.0.8: libcups.so.2, libcurl.so.4.8.0,
libldap.so.2.0.200, libssh2.so.1.0.1.
a/cryptsetup-2.6.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/kmod-30-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/openssl-solibs-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
a/openssl11-solibs-1.1.1t-x86_64-1.txz: Added.
ap/cups-2.4.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/hplip-3.20.5-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/lxc-4.0.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/mariadb-10.6.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/qpdf-11.3.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/sudo-1.9.13p3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cargo-vendor-filterer-0.5.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cvs-1.11.23-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/git-2.39.2-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/perl-5.36.0-x86_64-5.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/python3-3.9.16-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/ruby-3.2.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/rust-1.66.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/scons-4.5.1-x86_64-1.txz: Upgraded.
kde/falkon-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
kde/kitinerary-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/M2Crypto-0.38.0-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/SDL2-2.26.4-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libarchive-3.6.2-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libevent-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libimobiledevice-20211124_2c6121d-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libssh2-1.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libvncserver-0.9.14-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/mlt-7.14.0-x86_64-1.txz: Upgraded.
l/neon-0.32.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/nodejs-19.7.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/opusfile-0.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pipewire-0.3.66-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pulseaudio-16.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pycurl-7.44.1-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qca-2.3.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qt5-5.15.8_20230304_d8b881f0-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
l/serf-1.3.9-x86_64-8.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/alpine-2.26-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/bind-9.18.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/curl-7.88.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/cyrus-sasl-2.1.28-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/dovecot-2.3.20-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/epic5-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/fetchmail-6.4.37-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/htdig-3.2.0b6-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/httpd-2.4.56-x86_64-1.txz: Upgraded.
This update fixes two security issues:
HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.56https://www.cve.org/CVERecord?id=CVE-2023-27522https://www.cve.org/CVERecord?id=CVE-2023-25690
(* Security fix *)
NOTE: This package is compiled against openssl-3.0.8.
n/irssi-1.4.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/krb5-1.20.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lftp-4.9.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/links-2.28-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lynx-2.9.0dev.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/mutt-2.2.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/net-snmp-5.9.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/netatalk-3.1.14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/nmap-7.93-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ntp-4.2.8p15-x86_64-12.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openldap-2.6.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssh-9.2p1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssl-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/openssl11-1.1.1t-x86_64-1.txz: Added.
n/openvpn-2.6.0-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/php-8.2.3-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
n/pidentd-3.0.19-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/popa3d-1.0.3-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/postfix-3.7.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ppp-2.4.9-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/proftpd-1.3.8-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/rsync-3.2.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/s-nail-14.9.24-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/samba-4.18.0-x86_64-1.txz: Upgraded.
Build with the bundled Heimdal instead of the system MIT Kerberos.
Thanks again to rpenny.
n/slrn-1.0.3a-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/snownews-1.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/socat-1.7.4.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/stunnel-5.69-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/tcpdump-4.99.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wget-1.21.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wpa_supplicant-2.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/freerdp-2.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gftp-2.9.1b-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gkrellm-2.3.11-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/hexchat-2.16.1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/sane-1.0.32-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/x3270-4.0ga14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/xine-lib-1.2.13-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
y/bsd-games-2.17-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/php80/php80-8.0.28-x86_64-1.txz: Removed.
extra/php81/php81-8.1.16-x86_64-1.txz: Removed.
extra/rust-for-mozilla/rust-1.60.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-8.17.1-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-cf-8.17.1-noarch-7.txz: Rebuilt.
testing/packages/rust-1.67.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
testing/packages/samba-4.17.5-x86_64-2.txz: Removed.
a/aaa_libraries-15.1-x86_64-18.txz: Rebuilt.
Upgraded: libcap.so.2.67, libelf-0.189.so, libzstd.so.1.5.4,
libcares.so.2.6.0, libglib-2.0.so.0.7400.6, libgmodule-2.0.so.0.7400.6,
libgobject-2.0.so.0.7400.6, libgthread-2.0.so.0.7400.6, libtdb.so.1.4.8.
Removed: libnsl-2.36.so, libboost*.so.1.80.0.
Added: libnsl.so.3.0.0.
a/grep-3.9-x86_64-1.txz: Upgraded.
a/pam-1.5.2-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
a/quota-4.09-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
ap/linuxdoc-tools-0.9.82-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
ap/vorbis-tools-1.4.2-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/cvs-1.11.23-x86_64-8.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/perl-5.36.0-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/python2-2.7.18-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/python3-3.9.16-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/subversion-1.14.2-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
kde/kio-5.103.0-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
kde/kopete-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
l/libasyncns-0.8-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
l/libnsl-2.0.0-x86_64-1.txz: Upgraded.
Deprecated NIS+ code has been removed.
Sorry for so many rebuilds due to (of all things) an NIS support library,
but we had to get this out of the way eventually.
Shared library .so-version bump.
l/libnss_nis-3.1-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
l/loudmouth-1.5.4-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/autofs-5.1.8-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/epic5-2.1.12-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/irssi-1.4.3-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/net-snmp-5.9.3-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/netatalk-3.1.14-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/ntp-4.2.8p15-x86_64-11.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/openldap-2.6.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/openssh-9.2p1-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/openvpn-2.6.0-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/postfix-3.7.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/ppp-2.4.9-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/procmail-3.24-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/proftpd-1.3.8-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/rpcbind-1.2.6-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/socat-1.7.4.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/stunnel-5.69-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/tcp_wrappers-7.6-x86_64-7.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/tftp-hpa-5.2-x86_64-9.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/uucp-1.07-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/vsftpd-3.0.5-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/yptools-4.2.3-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
Upgraded to ypserv-4.2.
xap/gftp-2.9.1b-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/pidgin-2.14.12-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/rxvt-unicode-9.26-x86_64-5.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/xine-lib-1.2.13-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/xine-ui-0.99.14-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/xscreensaver-6.06-x86_64-2.txz: Rebuilt.
ap/vim-9.0.1337-x86_64-1.txz: Upgraded.
OK, so the upstream runtime update didn't fix sh syntax highlighting, so we
patched it. Thanks to marav.
Also, we needed this version number. ;-)
d/autoconf-archive-2023.02.20-noarch-1.txz: Upgraded.
l/babl-0.1.100-x86_64-1.txz: Upgraded.
l/gegl-0.4.42-x86_64-1.txz: Upgraded.
x/ibus-1.5.28-x86_64-1.txz: Upgraded.
x/ibus-libpinyin-1.15.1-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1337-x86_64-1.txz: Upgraded.
a/aaa_glibc-solibs-2.37-x86_64-2.txz: Rebuilt.
a/e2fsprogs-1.46.6-x86_64-1.txz: Upgraded.
a/hwdata-0.367-noarch-1.txz: Upgraded.
l/glibc-2.37-x86_64-2.txz: Rebuilt.
[PATCH] Account for grouping in printf width (bug 23432).
This issue could cause a overflow with sprintf in the corner case where an
application computes the size of buffer to be exactly enough to fit the
digits in question, but sprintf ends up writing a couple of extra bytes.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-25139
(* Security fix *)
l/glibc-i18n-2.37-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.37-x86_64-2.txz: Rebuilt.
l/libcap-2.67-x86_64-1.txz: Upgraded.
l/poppler-data-0.4.12-noarch-1.txz: Upgraded.
extra/php81/php81-8.1.15-x86_64-1.txz: Upgraded.
testing/packages/samba-4.17.5-x86_64-2.txz: Rebuilt.
Build with the bundled Heimdal instead of the system MIT Kerberos, since MIT
Kerberos has more issues when Samba is used as an AD DC. I'd appreciate any
feedback on the "Samba on Slackware 15" thread on LQ about how well this
works. Although it's not the sort of change I'd normally make in a -stable
release such as Slackware 15.0, in this case I'm considering it if it can
be done painlessly for any existing users... but I'll need to see some
reports about this. I'd like to note that yes, of course we saw the
"experimental" label in the configure flag we used to build Samba, but we
also saw another prominent Linux distribution go ahead and use it anyway. :)
And the Samba package built against MIT Kerberos cooked in the previous
-current development cycle for a couple of years without any objections.
Anyway, hopefully we'll get some testing from folks out there with networks
that use AD and go from there.
Thanks to Rowland Penny of the Samba team for clarifying this situation.
a/kernel-firmware-20230125_5c11a37-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.9-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.9-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.9-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.9-x86-1.txz: Upgraded.
k/kernel-source-6.1.9-noarch-1.txz: Upgraded.
l/apr-1.7.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer. (CVE-2022-24963)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-24963https://www.cve.org/CVERecord?id=CVE-2021-35940https://www.cve.org/CVERecord?id=CVE-2017-12613
(* Security fix *)
l/apr-util-1.6.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer. (CVE-2022-25147)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-25147
(* Security fix *)
l/libhandy-1.8.1-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-2.1.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.7.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.7.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/https://www.cve.org/CVERecord?id=CVE-2023-0430
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/perl-5.36.0-x86_64-3.txz: Rebuilt.
Upgraded: IO-Socket-SSL-2.081, Moo-2.005005, Path-Tiny-0.144,
Sub-Quote-2.006008, Template-Toolkit-3.101, URI-5.17.
Added: JSON-4.10 (needed to build Samba with --bundled-libraries=heimdal).
kde/kstars-3.6.3-x86_64-1.txz: Upgraded.
l/gjs-1.74.1-x86_64-1.txz: Upgraded.
Compiled against mozjs102-102.7.0esr.
l/mozjs102-102.7.0esr-x86_64-1.txz: Added.
This is required by gjs-1.74.1 and polkit-122.
l/mozjs78-78.15.0esr-x86_64-1.txz: Removed.
l/polkit-122-x86_64-1.txz: Upgraded.
Compiled against mozjs102-102.7.0esr.
ap/sysstat-12.7.2-x86_64-1.txz: Upgraded.
kde/kimageformats-5.102.0-x86_64-2.txz: Rebuilt.
Recompiled against LibRaw-0.21.1.
kde/krita-5.1.5-x86_64-3.txz: Rebuilt.
Recompiled against LibRaw-0.21.1.
kde/kstars-3.6.2-x86_64-3.txz: Rebuilt.
Recompiled against LibRaw-0.21.1.
kde/libkdcraw-22.12.1-x86_64-2.txz: Rebuilt.
Recompiled against LibRaw-0.21.1.
l/LibRaw-0.21.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/dconf-editor-43.0-x86_64-1.txz: Upgraded.
l/gegl-0.4.40-x86_64-3.txz: Rebuilt.
Recompiled against LibRaw-0.21.1.
l/imagemagick-7.1.0_60-x86_64-1.txz: Upgraded.
Compiled against LibRaw-0.21.1.
l/libhandy-1.8.0-x86_64-1.txz: Added.
This is required by dconf-editor-43.0.
xap/geeqie-2.0.1-x86_64-2.txz: Rebuilt.
Recompiled against LibRaw-0.21.1.
xap/mozilla-firefox-109.0.1-x86_64-1.txz: Upgraded.
For more information, see:
https://www.mozilla.org/en-US/firefox/109.0.1/releasenotes/
a/btrfs-progs-6.1.2-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.87-x86_64-1.txz: Upgraded.
Fixed memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures.
For more information, see:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/https://www.cve.org/CVERecord?id=CVE-2021-43527
(* Security fix *)
l/nodejs-19.4.0-x86_64-1.txz: Upgraded.
n/php-7.4.33-x86_64-2.txz: Rebuilt.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
extra/php80/php80-8.0.27-x86_64-1.txz: Upgraded.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
extra/php81/php81-8.1.14-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
ap/lsof-4.96.5-x86_64-1.txz: Upgraded.
ap/sqlite-3.40.1-x86_64-1.txz: Upgraded.
kde/bluedevil-5.26.5-x86_64-1.txz: Upgraded.
kde/breeze-5.26.5-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.26.5-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.26.5-x86_64-1.txz: Upgraded.
kde/digikam-7.9.0-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.7.0.
kde/drkonqi-5.26.5-x86_64-1.txz: Upgraded.
kde/kactivitymanagerd-5.26.5-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.26.5-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.26.5-x86_64-1.txz: Upgraded.
kde/kdecoration-5.26.5-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.26.5-x86_64-1.txz: Upgraded.
kde/kgamma5-5.26.5-x86_64-1.txz: Upgraded.
kde/khotkeys-5.26.5-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.26.5-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.26.5-x86_64-1.txz: Upgraded.
kde/kpipewire-5.26.5-x86_64-1.txz: Upgraded.
kde/kscreen-5.26.5-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.26.5-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.26.5-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.26.5-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.26.5-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.26.5-x86_64-1.txz: Upgraded.
kde/kwin-5.26.5-x86_64-1.txz: Upgraded.
kde/kwrited-5.26.5-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.26.5-x86_64-1.txz: Upgraded.
kde/libkscreen-5.26.5-x86_64-1.txz: Upgraded.
kde/libksysguard-5.26.5-x86_64-1.txz: Upgraded.
kde/milou-5.26.5-x86_64-1.txz: Upgraded.
kde/oxygen-5.26.5-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-browser-integration-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.26.5-x86_64-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.26.5-x86_64-1.txz: Upgraded.
kde/powerdevil-5.26.5-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.26.5-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.26.5-x86_64-1.txz: Upgraded.
kde/systemsettings-5.26.5-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.26.5-x86_64-1.txz: Upgraded.
l/SDL2-2.26.2-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.20.5-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.7.0.
l/imagemagick-7.1.0_57-x86_64-1.txz: Upgraded.
l/libpcap-1.10.2-x86_64-1.txz: Upgraded.
l/libpsl-0.21.2-x86_64-1.txz: Upgraded.
l/librevenge-0.0.5-x86_64-1.txz: Upgraded.
l/libsndfile-1.2.0-x86_64-1.txz: Upgraded.
l/libtiff-4.4.0-x86_64-2.txz: Rebuilt.
Patched various security bugs.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-2056https://www.cve.org/CVERecord?id=CVE-2022-2057https://www.cve.org/CVERecord?id=CVE-2022-2058https://www.cve.org/CVERecord?id=CVE-2022-3970https://www.cve.org/CVERecord?id=CVE-2022-34526
(* Security fix *)
l/netpbm-11.01.00-x86_64-1.txz: Upgraded.
l/opencv-4.7.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/poppler-23.01.0-x86_64-1.txz: Upgraded.
n/getmail-6.18.11-x86_64-1.txz: Upgraded.
n/tcpdump-4.99.2-x86_64-1.txz: Upgraded.
n/whois-5.5.15-x86_64-1.txz: Upgraded.
Updated the .bd, .nz and .tv TLD servers.
Added the .llyw.cymru, .gov.scot and .gov.wales SLD servers.
Updated the .ac.uk and .gov.uk SLD servers.
Recursion has been enabled for whois.nic.tv.
Updated the list of new gTLDs with four generic TLDs assigned in October 2013
which were missing due to a bug.
Removed 4 new gTLDs which are no longer active.
Added the Georgian translation, contributed by Temuri Doghonadze.
Updated the Finnish translation, contributed by Lauri Nurmi.
xap/pidgin-2.14.12-x86_64-1.txz: Upgraded.
xap/rxvt-unicode-9.26-x86_64-4.txz: Rebuilt.
When the "background" extension was loaded, an attacker able to control the
data written to the terminal would be able to execute arbitrary code as the
terminal's user. Thanks to David Leadbeater and Ben Collver.
For more information, see:
https://www.openwall.com/lists/oss-security/2022/12/05/1https://www.cve.org/CVERecord?id=CVE-2022-4170
(* Security fix *)
Hey folks, Merry Christmas and Hanukkah Sameach! Figured it was about time to
get some kind of kernel activity going again, but it most definitely belongs
in /testing for now. I've been trying to shape this up for weeks, but there
are still issues, and maybe someone out there can help. The biggest problem
is that the 32-bit kernels crash on boot. Initially there's some sort of
Intel ME failure (this is on a Thinkpad X1E). If those modules are
blacklisted, then the kernel will go on to crash loading the snd_hda_intel
module. The other issue is that I've got a 4K panel in this machine, and
have always appended the kernel option video=1920x1080@60 to put the console
in HD instead, and then loaded a Terminus console font to make the text even
larger. With these kernels, that option is completely ignored. I've tried some
other syntax I've seen online to no avail. And when the Terminus font is
loaded the text gets *even smaller* for some reason.
So be careful of these kernels (especially the 32-bit ones), but I welcome
any hints about what's going on here or if there are config changes that
might get this working properly. Is anyone out there running a 6.x kernel on
bare metal 32-bit x86?
Cheers!
ap/vim-9.0.1091-x86_64-1.txz: Upgraded.
d/meson-1.0.0-x86_64-1.txz: Upgraded.
d/ruby-3.2.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/subversion-1.14.2-x86_64-3.txz: Rebuilt.
Recompiled against ruby-3.2.0.
l/glib2-2.74.4-x86_64-1.txz: Upgraded.
l/netpbm-11.00.03-x86_64-1.txz: Upgraded.
l/rubygem-asciidoctor-2.0.18-x86_64-1.txz: Upgraded.
Compiled against ruby-3.2.0.
n/epic5-2.1.12-x86_64-2.txz: Rebuilt.
Recompiled against ruby-3.2.0.
x/marisa-0.2.6-x86_64-6.txz: Rebuilt.
Recompiled against ruby-3.2.0.
xap/vim-gvim-9.0.1091-x86_64-1.txz: Upgraded.
testing/packages/linux-6.1.x/kernel-generic-6.1.1-x86_64-1.txz: Added.
testing/packages/linux-6.1.x/kernel-headers-6.1.1-x86-1.txz: Added.
testing/packages/linux-6.1.x/kernel-huge-6.1.1-x86_64-1.txz: Added.
testing/packages/linux-6.1.x/kernel-modules-6.1.1-x86_64-1.txz: Added.
testing/packages/linux-6.1.x/kernel-source-6.1.1-noarch-1.txz: Added.
d/p2c-2.02-x86_64-1.txz: Upgraded.
kde/dolphin-22.12.0-x86_64-2.txz: Rebuilt.
[PATCH] Revert "portalize drag urls"
Thanks to marav.
l/gst-plugins-bad-free-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.20.5-x86_64-1.txz: Upgraded.
l/gstreamer-1.20.5-x86_64-1.txz: Upgraded.
l/libqalculate-4.5.0-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-1.txz: Upgraded.
l/sdl-1.2.15-x86_64-14.txz: Rebuilt.
This update fixes a heap overflow problem in video/SDL_pixels.c in SDL.
By crafting a malicious .BMP file, an attacker can cause the application
using this library to crash, denial of service, or code execution.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33657
(* Security fix *)
n/gnupg2-2.2.41-x86_64-1.txz: Upgraded.
n/libksba-1.6.3-x86_64-1.txz: Upgraded.
Fix another integer overflow in the CRL's signature parser.
(* Security fix *)
x/libSM-1.2.4-x86_64-1.txz: Upgraded.
x/xcb-util-0.4.1-x86_64-1.txz: Upgraded.
x/xdriinfo-1.0.7-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_55-x86_64-2.txz: Rebuilt.
Rebuilt to fix dng.so module that was mistakenly compiled against the new
LibRaw that we don't yet include.
a/xz-5.4.0-x86_64-1.txz: Upgraded.
l/harfbuzz-6.0.0-x86_64-1.txz: Upgraded.
l/libmpc-1.3.1-x86_64-1.txz: Upgraded.
n/NetworkManager-1.40.8-x86_64-1.txz: Upgraded.
n/samba-4.17.4-x86_64-1.txz: Upgraded.
This update fixes security issues:
This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for
use between modern clients and servers despite all modern Kerberos
implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy'
would force rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
This is the Samba CVE for the Windows Kerberos Elevation of Privilege
Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission
could forge a more powerful ticket than the one it was presented with.
The "RC4" protection of the NetLogon Secure channel uses the same
algorithms as rc4-hmac cryptography in Kerberos, and so must also be
assumed to be weak.
Note that there are several important behavior changes included in this
release, which may cause compatibility problems interacting with system
still expecting the former behavior.
Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
CVE-2022-38023 carefully!
For more information, see:
https://www.samba.org/samba/security/CVE-2022-37966.htmlhttps://www.samba.org/samba/security/CVE-2022-37967.htmlhttps://www.samba.org/samba/security/CVE-2022-38023.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-37966https://www.cve.org/CVERecord?id=CVE-2022-37967https://www.cve.org/CVERecord?id=CVE-2022-38023
(* Security fix *)
xfce/exo-4.18.0-x86_64-1.txz: Upgraded.
xfce/garcon-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4ui-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4util-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-volman-4.18.0-x86_64-1.txz: Upgraded.
xfce/tumbler-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-appfinder-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-dev-tools-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.6.5-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-power-manager-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-session-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-settings-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-weather-plugin-0.11.0-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfdesktop-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfwm4-4.18.0-x86_64-1.txz: Upgraded.
a/usbutils-015-x86_64-1.txz: Upgraded.
l/adwaita-icon-theme-43-noarch-1.txz: Upgraded.
l/gtk+3-3.24.35-x86_64-1.txz: Upgraded.
l/libarchive-3.6.2-x86_64-1.txz: Upgraded.
This is a bugfix and security release.
Relevant bugfixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
Security fixes:
various small fixes for issues found by CodeQL
(* Security fix *)
l/mozilla-nss-3.86-x86_64-1.txz: Upgraded.
l/pipewire-0.3.62-x86_64-1.txz: Upgraded.
x/OpenCC-1.1.6-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.7-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
d/cbindgen-0.24.3-x86_64-1.txz: Added.
d/python3-3.9.16-x86_64-1.txz: Upgraded.
This update fixes security issues:
gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680
(heap use-after-free).
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio
related name resolution functions no longer involves a quadratic algorithm
to fix CVE-2022-45061. This prevents a potential CPU denial of service if an
out-of-spec excessive length hostname involving bidirectional characters were
decoded. Some protocols such as urllib http 3xx redirects potentially allow
for an attacker to supply such a name.
gh-100001: python -m http.server no longer allows terminal control characters
sent within a garbage request to be printed to the stderr server log.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the
gc module.
gh-97514: On Linux the multiprocessing module returns to using filesystem
backed unix domain sockets for communication with the forkserver process
instead of the Linux abstract socket namespace. Only code that chooses to use
the "forkserver" start method is affected. This prevents Linux CVE-2022-42919
(potential privilege escalation) as abstract sockets have no permissions and
could allow any user on the system in the same network namespace (often the
whole system) to inject code into the multiprocessing forkserver process.
Filesystem based socket permissions restrict this to the forkserver process
user as was the default in Python 3.8 and earlier.
gh-98517: Port XKCP's fix for the buffer overflows in SHA-3 to fix
CVE-2022-37454.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text
(filenames, MIME types, parameters) into shell commands to address
CVE-2015-20107. Instead of using such text, it will warn and act as if a
match was not found (or for test commands, as if the test failed).
For more information, see:
https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-43680https://www.cve.org/CVERecord?id=CVE-2022-45061https://www.cve.org/CVERecord?id=CVE-2022-42919https://www.cve.org/CVERecord?id=CVE-2022-37454https://www.cve.org/CVERecord?id=CVE-2015-20107
(* Security fix *)
d/rust-bindgen-0.63.0-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
l/pcre2-10.41-x86_64-1.txz: Upgraded.
n/proftpd-1.3.8-x86_64-1.txz: Upgraded.
x/mesa-22.3.0-x86_64-1.txz: Upgraded.
Compiled with Rusticl support. Thanks to Heinz Wiesinger.
x/xdm-1.1.14-x86_64-1.txz: Upgraded.
a/gptfdisk-1.0.9-x86_64-2.txz: Rebuilt.
Applied upstream patches to fix a crash and partition corruption caused by
the popt upgrade:
[PATCH] Updated guid.cc to deal with minor change in libuuid
[PATCH] Fix failure & crash of sgdisk when compiled with latest popt
[PATCH] Fix NULL dereference when duplicating string argument
Thanks to jloco.
d/cmake-3.25.1-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-24.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/cantor-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kfilemetadata-5.100.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kile-2.9.93-x86_64-22.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kitinerary-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/krita-5.1.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/okular-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
l/glib2-2.74.3-x86_64-1.txz: Upgraded.
l/poppler-22.12.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/NetworkManager-1.40.6-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-1.txz: Upgraded.
xap/libnma-1.10.4-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.30.0-x86_64-1.txz: Upgraded.
a/bash-5.2.012-x86_64-1.txz: Upgraded.
a/less-612-x86_64-1.txz: Upgraded.
a/tcsh-6.24.02-x86_64-1.txz: Upgraded.
ap/vim-9.0.0942-x86_64-1.txz: Upgraded.
d/make-4.4-x86_64-2.txz: Rebuilt.
[SV 63307] Spawn children with the default disposition of sigpipe.
Thanks to nobodino.
d/ruby-3.1.3-x86_64-1.txz: Upgraded.
This release includes a security fix:
HTTP response splitting in CGI.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33621
(* Security fix *)
l/pipewire-0.3.61-x86_64-1.txz: Upgraded.
n/ipset-7.16-x86_64-1.txz: Upgraded.
x/fcitx5-5.0.21-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.0942-x86_64-1.txz: Upgraded.
a/gawk-5.2.1-x86_64-1.txz: Upgraded.
a/rpm2tgz-1.2.2-x86_64-7.txz: Rebuilt.
Take rpmoffset fixes from Gentoo.
Thanks to allend.
d/ccache-4.7.4-x86_64-1.txz: Upgraded.
d/meson-0.64.1-x86_64-1.txz: Upgraded.
d/parallel-20221122-noarch-1.txz: Upgraded.
kde/fcitx5-configtool-5.0.16-x86_64-1.txz: Upgraded.
l/SDL2-2.26.0-x86_64-1.txz: Upgraded.
l/glib2-2.74.1-x86_64-2.txz: Rebuilt.
[PATCH 1/2] Revert "Handling collision between standard i/o file descriptors
and newly created ones."
[PATCH 2/2] glib-unix: Add test to make sure g_unix_open_pipe will intrude
standard range.
Thanks to marav.
l/newt-0.52.22-x86_64-1.txz: Upgraded.
l/pipewire-0.3.60-x86_64-2.txz: Rebuilt.
[PATCH] alsa: force playback start when buffer is full.
Thanks to marav.
tcl/tcl-8.6.13-x86_64-1.txz: Upgraded.
tcl/tk-8.6.13-x86_64-1.txz: Upgraded.
x/libglvnd-1.6.0-x86_64-1.txz: Upgraded.
x/wayland-protocols-1.30-noarch-1.txz: Upgraded.
xap/blueman-2.3.5-x86_64-1.txz: Upgraded.
ap/texinfo-7.0-x86_64-1.txz: Upgraded.
l/iso-codes-4.12.0-noarch-1.txz: Upgraded.
l/lcms2-2.14-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.85-x86_64-1.txz: Upgraded.
l/pipewire-0.3.60-x86_64-1.txz: Upgraded.
n/php-7.4.33-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
x/ibus-table-1.16.14-x86_64-1.txz: Upgraded.
a/btrfs-progs-6.0.1-x86_64-1.txz: Upgraded.
ap/sysstat-12.7.1-x86_64-1.txz: Upgraded.
On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1,
allocate_structures contains a size_t overflow in sa_common.c. The
allocate_structures function insufficiently checks bounds before arithmetic
multiplication, allowing for an overflow in the size allocated for the
buffer representing system activities.
This issue may lead to Remote Code Execution (RCE).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-39377
(* Security fix *)
kde/bluedevil-5.26.3.1-x86_64-1.txz: Upgraded.
kde/breeze-5.26.3.1-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.26.3.1-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.10-x86_64-1.txz: Upgraded.
l/orc-0.4.33-x86_64-1.txz: Upgraded.
n/mobile-broadband-provider-info-20221107-x86_64-1.txz: Upgraded.
xfce/xfce4-settings-4.16.4-x86_64-1.txz: Upgraded.
Fixed an argument injection vulnerability in xfce4-mime-helper.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45062
(* Security fix *)
ap/sudo-1.9.12p1-x86_64-1.txz: Upgraded.
Fixed a potential out-of-bounds write for passwords smaller than 8
characters when passwd authentication is enabled.
This does not affect configurations that use other authentication
methods such as PAM, AIX authentication or BSD authentication.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-43995
(* Security fix *)
l/nodejs-19.0.1-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-106.0.5-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/106.0.5/releasenotes/
a/iniparser-4.1-x86_64-1.txz: Added.
This is needed by ndctl.
a/ndctl-74-x86_64-1.txz: Upgraded.
l/libical-3.0.15-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.3.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.3.2/releasenotes/
a/bash-5.2.000-x86_64-1.txz: Upgraded.
ap/vim-9.0.0594-x86_64-1.txz: Upgraded.
Fixed stack-based buffer overflow.
Thanks to marav for the heads-up.
In addition, Mig21 pointed out an issue where the defaults.vim file might
need to be edited for some purposes as its contents will override the
settings in the system-wide vimrc. Usually this file is replaced whenever
vim is upgraded, which in those situations would be inconvenient for the
admin. So, I've added support for a file named defaults.vim.custom which
(if it exists) will be used instead of the defaults.vim file shipped in
the package and will persist through upgrades.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296
(* Security fix *)
l/fluidsynth-2.3.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_49-x86_64-1.txz: Upgraded.
l/libcap-2.66-x86_64-1.txz: Upgraded.
l/netpbm-10.99.03-x86_64-1.txz: Upgraded.
l/readline-8.2.000-x86_64-1.txz: Upgraded.
l/xapian-core-1.4.21-x86_64-1.txz: Upgraded.
n/dnsmasq-2.87-x86_64-1.txz: Upgraded.
Fix write-after-free error in DHCPv6 server code.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934
(* Security fix *)
x/xterm-373-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.0594-x86_64-1.txz: Upgraded.
a/quota-4.09-x86_64-1.txz: Upgraded.
d/parallel-20220922-noarch-1.txz: Upgraded.
l/jemalloc-5.3.0-x86_64-2.txz: Rebuilt.
Fixed version numbers in jemalloc.h. Thanks to Markus Wiesner.
n/ca-certificates-20220922-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
testing/packages/rust-1.64.0-x86_64-1.txz: Added.
We've found ourselves in a situation where Thunderbird requires the Rust
compiler in /extra, and Firefox requires the one in the main tree (and
can't use this one until Firefox 107 sometime in November), so we'll just
park this here until we can use it.
a/aaa_libraries-15.1-x86_64-10.txz: Rebuilt.
Upgraded: liblzma.so.5.2.6, libpng16.so.16.38.0, libslang.so.2.3.3.
Removed: libboost_*.so.1.79.0.
Use ldconfig to activate the libraries as they might be needed by install
scripts (or to chroot to the install partition from the installer).
Thanks to Stuart Winter.
a/kernel-generic-5.19.9-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.9-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.9-x86_64-1.txz: Upgraded.
ap/qpdf-11.1.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.9-x86-1.txz: Upgraded.
k/kernel-source-5.19.9-noarch-1.txz: Upgraded.
l/libpng-1.6.38-x86_64-1.txz: Upgraded.
l/pipewire-0.3.58-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/vim-9.0.0465-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.25.5-x86_64-2.txz: Rebuilt.
[PATCH] Bring back workaround for threaded render loop not working on
NVIDIA Wayland.
Thanks to marav.
l/jemalloc-5.3.0-x86_64-1.txz: Upgraded.
Thanks to villeph.
xap/vim-gvim-9.0.0465-x86_64-1.txz: Upgraded.
a/kernel-firmware-20220912_4c004d8-noarch-1.txz: Upgraded.
e/emacs-28.2-x86_64-1.txz: Upgraded.
kde/kjots-20220731_6e48fca-x86_64-1.txz: Upgraded.
Upgraded to fix FTBFS. Thanks to marav.
l/grantlee-5.3.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_48-x86_64-1.txz: Upgraded.
n/stunnel-5.66-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
Switched from pcre to pcre2 for GNU grep. Thanks to EdGr.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Switched from pcre to pcre2 for GNU grep. Thanks to EdGr.
a/aaa_glibc-solibs-2.36-x86_64-3.txz: Rebuilt.
a/kernel-generic-5.19.6-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.6-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.6-x86_64-1.txz: Upgraded.
d/git-2.37.3-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.6-x86-1.txz: Upgraded.
d/ninja-1.11.1-x86_64-1.txz: Upgraded.
k/kernel-source-5.19.6-noarch-1.txz: Upgraded.
kde/krename-5.0.2-x86_64-1.txz: Upgraded.
l/glibc-2.36-x86_64-3.txz: Rebuilt.
Applied all post-release patches from the 2.36 branch.
This fixes a security issue introduced in glibc-2.36: When the syslog
function is passed a crafted input string larger than 1024 bytes, it
reads uninitialized memory from the heap and prints it to the target log
file, potentially revealing a portion of the contents of the heap.
Thanks to marav.
The patches also help with several packages failing to build from source.
Thanks to nobodino.
l/glibc-i18n-2.36-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.36-x86_64-3.txz: Rebuilt.
l/libssh-0.10.1-x86_64-1.txz: Upgraded.
n/curl-7.85.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
control code in cookie denial of service.
For more information, see:
https://curl.se/docs/CVE-2022-35252.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252
(* Security fix *)
x/fcitx5-gtk-5.0.18-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.0.15-x86_64-1.txz: Upgraded.
x/ico-1.0.6-x86_64-1.txz: Upgraded.
x/libdrm-2.4.113-x86_64-1.txz: Upgraded.
x/libfontenc-1.1.6-x86_64-1.txz: Upgraded.
x/oclock-1.0.5-x86_64-1.txz: Upgraded.
x/showfont-1.0.6-x86_64-1.txz: Upgraded.
x/xmh-1.0.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_glibc-solibs-2.36-x86_64-2.txz: Rebuilt.
a/kernel-generic-5.19.2-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.2-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.2-x86_64-1.txz: Upgraded.
ap/vim-9.0.0223-x86_64-1.txz: Upgraded.
Fix use after free, out-of-bounds read, and heap based buffer overflow.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
(* Security fix *)
d/kernel-headers-5.19.2-x86-1.txz: Upgraded.
k/kernel-source-5.19.2-noarch-1.txz: Upgraded.
l/glibc-2.36-x86_64-2.txz: Rebuilt.
Rebuilt with a patch from Arch to reenable DT_HASH in shared objects since
the change broke Steam games that use EPIC's EAC. I'm not exactly 100% on
board with this approach, but since DT_GNU_HASH remains and is still used,
I guess I'll go along with it for now. Hopefully EAC will be patched and we
can back this out.
Thanks to Swaggajackin for the notice and for providing links to the glibc
bug discussion as well as the patch.
If anything else needs a rebuild after this, let me know in the LQ thread.
l/glibc-i18n-2.36-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.36-x86_64-2.txz: Rebuilt.
xap/vim-gvim-9.0.0223-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/etc-15.1-x86_64-2.txz: Rebuilt.
Added support for $HOME/.profile.d/*.{csh,sh} scripts.
Thanks to Heinz Wiesinger.
a/mcelog-188-x86_64-1.txz: Upgraded.
kde/fcitx5-configtool-5.0.14-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
kde/fcitx5-theme-breeze-2.0.0-noarch-1.txz: Added.
Thanks to Heinz Wiesinger.
kde/kcm-fcitx-0.5.6-x86_64-4.txz: Removed.
l/fmt-9.0.0-x86_64-1.txz: Added.
Thanks to Steven Voges.
l/librsvg-2.54.4-x86_64-2.txz: Rebuilt.
Removed dangling symlink. Thanks to marav.
n/rsync-3.2.5-x86_64-1.txz: Upgraded.
Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154
(* Security fix *)
x/anthy-9100h-x86_64-4.txz: Removed.
x/anthy-unicode-1.0.0.20211224-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx-4.2.9.8-x86_64-3.txz: Removed.
x/fcitx-anthy-0.2.4-x86_64-1.txz: Removed.
x/fcitx-configtool-0.4.10-x86_64-3.txz: Removed.
x/fcitx-hangul-0.3.1-x86_64-3.txz: Removed.
x/fcitx-kkc-0.1.4-x86_64-3.txz: Removed.
x/fcitx-libpinyin-0.5.4-x86_64-2.txz: Removed.
x/fcitx-m17n-0.2.4-x86_64-3.txz: Removed.
x/fcitx-qt5-1.2.7-x86_64-1.txz: Removed.
x/fcitx-sayura-0.1.2-x86_64-3.txz: Removed.
x/fcitx-table-extra-0.3.8-x86_64-3.txz: Removed.
x/fcitx-table-other-0.2.4-x86_64-3.txz: Removed.
x/fcitx-unikey-0.2.7-x86_64-3.txz: Removed.
x/fcitx5-5.0.18-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-anthy-5.0.12-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-chinese-addons-5.0.14-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-gtk-5.0.17-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-hangul-5.0.10-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-kkc-5.0.10-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-m17n-5.0.10-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-qt-5.0.14-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-sayura-5.0.8-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-table-extra-5.0.11-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-table-other-5.0.10-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/fcitx5-unikey-5.0.11-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/ibus-1.5.26-x86_64-2.txz: Rebuilt.
Use correct path to kimpanel in ibus-autostart.
Thanks to Lockywolf.
x/ibus-anthy-1.5.14-x86_64-2.txz: Rebuilt.
Recompiled against anthy-unicode-1.0.0.20211224.
Thanks to Heinz Wiesinger.
x/libime-1.0.13-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
x/m17n-lib-1.8.0-x86_64-5.txz: Rebuilt.
Rebuilt to drop the dependency on anthy-9100h.
Thanks to Heinz Wiesinger.
x/skkdic-20210919-noarch-1.txz: Upgraded.
Thanks to Heinz Wiesinger.
x/x11-skel-7.7-x86_64-9.txz: Rebuilt.
Added imconfig script for selecting the input method.
Thanks to Heinz Wiesinger.
x/xcb-imdkit-1.0.3-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
a/kernel-firmware-20220810_ad5ae82-noarch-1.txz: Upgraded.
d/binutils-2.39-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-10.txz: Rebuilt.
Recompiled against binutils-2.39.
l/gdk-pixbuf2-2.42.9-x86_64-1.txz: Upgraded.
l/nodejs-18.7.0-x86_64-1.txz: Upgraded.
Might as well go with the latest version of this since everyone else does.
Fixed a sed substitution to get the correct lib${LIBDIRSUFFIX} in npm.js.
Thanks to conraid and zerouno.
n/gpgme-1.18.0-x86_64-1.txz: Upgraded.
n/libnftnl-1.2.3-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.2-x86_64-1.txz: Upgraded.
n/nftables-1.0.5-x86_64-1.txz: Upgraded.
a/mcelog-187-x86_64-1.txz: Upgraded.
l/zlib-1.2.12-x86_64-2.txz: Rebuilt.
Applied an upstream patch to restore the handling of CRC inputs to be the
same as in previous releases of zlib. This fixes an issue with OpenJDK.
Thanks to alienBOB.
x/xf86-input-wacom-1.1.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.1.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.1.2/releasenotes/
Hey folks, here's that graphics stack upgrade that you've been waiting for!
After looking at what drivers are currently shipped by other projects, I took
an axe to the driver list. Some of the removed drivers will still compile even
though they are abandoned, and some of the others are still getting git commits
(which allows *some* of them to compile). The removed stuff mostly looks
obsolete to me (we really can't support ancient hardware forever). But if you
think I've gone too far with any of these removals, please make or contribute
to a thread about it on LQ and I'll take any comments there into consideration.
a/kernel-firmware-20220808_e6857b6-noarch-1.txz: Upgraded.
ap/vim-9.0.0174-x86_64-1.txz: Upgraded.
l/gnu-efi-3.0.15-x86_64-1.txz: Upgraded.
n/libtirpc-1.3.3-x86_64-1.txz: Upgraded.
n/mutt-2.2.7-x86_64-1.txz: Upgraded.
x/egl-wayland-1.1.10-x86_64-1.txz: Upgraded.
x/libdrm-2.4.112-x86_64-1.txz: Upgraded.
x/libglvnd-1.4.0-x86_64-1.txz: Upgraded.
x/mesa-22.1.5-x86_64-1.txz: Upgraded.
Includes Mesa amber 21.3.9 DRI drivers, and mesa-demos-8.5.0.
Thanks to LuckyCyborg for posting some valuable hints on LQ.
x/xcb-proto-1.15.2-x86_64-1.txz: Upgraded.
x/xf86-input-acecad-1.5.0-x86_64-14.txz: Removed.
x/xf86-input-evdev-2.10.6-x86_64-4.txz: Rebuilt.
x/xf86-input-joystick-1.6.3-x86_64-5.txz: Removed.
x/xf86-input-keyboard-1.9.0-x86_64-5.txz: Removed.
x/xf86-input-libinput-1.2.1-x86_64-2.txz: Rebuilt.
x/xf86-input-mouse-1.9.3-x86_64-3.txz: Removed.
x/xf86-input-penmount-1.5.0-x86_64-14.txz: Removed.
x/xf86-input-synaptics-1.9.2-x86_64-1.txz: Upgraded.
x/xf86-input-vmmouse-13.1.0-x86_64-9.txz: Removed.
x/xf86-input-void-1.4.1-x86_64-3.txz: Removed.
x/xf86-input-wacom-1.0.0-x86_64-2.txz: Rebuilt.
x/xf86-video-amdgpu-22.0.0-x86_64-2.txz: Rebuilt.
x/xf86-video-apm-1.3.0-x86_64-3.txz: Removed.
x/xf86-video-ark-0.7.5-x86_64-13.txz: Removed.
x/xf86-video-ast-1.1.5-x86_64-7.txz: Removed.
x/xf86-video-ati-20220730_7a6a34af-x86_64-1.txz: Upgraded.
x/xf86-video-chips-1.4.0-x86_64-3.txz: Removed.
x/xf86-video-cirrus-1.5.3-x86_64-7.txz: Removed.
x/xf86-video-dummy-0.4.0-x86_64-2.txz: Rebuilt.
x/xf86-video-glint-1.2.9-x86_64-5.txz: Removed.
x/xf86-video-i128-1.4.0-x86_64-3.txz: Removed.
x/xf86-video-i740-1.4.0-x86_64-3.txz: Removed.
x/xf86-video-intel-20210115_31486f40-x86_64-1.txz: Upgraded.
x/xf86-video-mach64-6.9.6-x86_64-3.txz: Removed.
x/xf86-video-mga-2.0.0-x86_64-3.txz: Removed.
x/xf86-video-neomagic-1.3.0-x86_64-3.txz: Removed.
x/xf86-video-nouveau-20220125_29cc528-x86_64-1.txz: Upgraded.
x/xf86-video-nv-2.1.21-x86_64-5.txz: Removed.
x/xf86-video-openchrome-0.6.0-x86_64-6.txz: Rebuilt.
x/xf86-video-r128-6.12.0-x86_64-3.txz: Removed.
x/xf86-video-rendition-4.2.7-x86_64-3.txz: Removed.
x/xf86-video-s3-0.7.0-x86_64-3.txz: Removed.
x/xf86-video-s3virge-1.11.0-x86_64-3.txz: Removed.
x/xf86-video-savage-20190128_8579718-x86_64-3.txz: Removed.
x/xf86-video-siliconmotion-1.7.9-x86_64-5.txz: Removed.
x/xf86-video-sis-0.12.0-x86_64-3.txz: Removed.
x/xf86-video-sisusb-0.9.7-x86_64-5.txz: Removed.
x/xf86-video-tdfx-1.5.0-x86_64-3.txz: Removed.
x/xf86-video-tga-1.2.2-x86_64-13.txz: Removed.
x/xf86-video-trident-1.3.8-x86_64-5.txz: Removed.
x/xf86-video-tseng-1.2.5-x86_64-13.txz: Removed.
x/xf86-video-v4l-0.3.0-x86_64-3.txz: Removed.
x/xf86-video-vboxvideo-1.0.0-x86_64-5.txz: Removed.
x/xf86-video-vesa-2.5.0-x86_64-4.txz: Rebuilt.
x/xf86-video-vmware-20220621_ff5637a-x86_64-1.txz: Upgraded.
x/xf86-video-voodoo-1.2.5-x86_64-14.txz: Removed.
x/xorg-server-21.1.4-x86_64-1.txz: Upgraded.
x/xorg-server-xephyr-21.1.4-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.4-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.4-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-22.1.3-x86_64-1.txz: Upgraded.
x/xorgproto-2022.1-x86_64-1.txz: Upgraded.
xap/geeqie-2.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-103.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/103.0.2/releasenotes/
xap/vim-gvim-9.0.0174-x86_64-1.txz: Upgraded.
extra/xf86-video-fbdev/xf86-video-fbdev-0.5.0-x86_64-2.txz: Rebuilt.
a/aaa_libraries-15.1-x86_64-8.txz: Rebuilt.
Upgraded: libffi.so.8.1.0.
a/mcelog-185-x86_64-1.txz: Upgraded.
l/libffi-3.4.2-x86_64-2.txz: Rebuilt.
Recompiled with --disable-exec-static-tramp to work around issues with
gobject-introspection. Thanks to chrisVV.
x/ibus-table-1.16.11-x86_64-1.txz: Upgraded.
a/etc-15.1-x86_64-1.txz: Upgraded.
Fixed install script to avoid a warning from chown that "." should be ":".
a/kernel-firmware-20220725_150864a-noarch-1.txz: Upgraded.
a/tar-1.34-x86_64-2.txz: Rebuilt.
Sergey Poznyakoff added options to GNU tar back in 2013 to make it possible
to use it in the pkgtools, and with help from gnashley and ruario we
switched to using the latest version of tar in makepkg over 4 years ago.
Still, we kept the old tar-1.13 around. It's finally time to let go of this
old artifact. Farewell tar-1.13, thanks for everything. :-)
l/gnome-keyring-42.1-x86_64-1.txz: Upgraded.
l/harfbuzz-5.0.1-x86_64-1.txz: Upgraded.
l/iso-codes-4.11.0-noarch-1.txz: Upgraded.
n/mobile-broadband-provider-info-20220725-x86_64-1.txz: Upgraded.
a/aaa_libraries-15.1-x86_64-6.txz: Rebuilt.
Upgraded: libcap.so.2.65, libglib-2.0.so.0.7200.3, libgmodule-2.0.so.0.7200.3,
libgobject-2.0.so.0.7200.3, libgthread-2.0.so.0.7200.3, libidn2.so.0.3.8.
Removed: libboost_*.so.1.78.0.
a/kernel-firmware-20220719_4421586-noarch-1.txz: Upgraded.
d/python-setuptools-63.2.0-x86_64-1.txz: Upgraded.
d/rust-1.62.1-x86_64-1.txz: Upgraded.
kde/kio-5.96.0-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
l/libcap-2.65-x86_64-1.txz: Upgraded.
l/netpbm-10.99.01-x86_64-1.txz: Upgraded.
l/pipewire-0.3.56-x86_64-1.txz: Upgraded.
l/qt5-5.15.5_20220705_ea4efc06-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
n/alpine-2.26-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/bind-9.18.5-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
n/curl-7.84.0-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/fetchmail-6.4.31-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/krb5-1.19.3-x86_64-2.txz: Rebuilt.
Since Samba still won't link against krb5-1.20, I think it's best to drop
back to this version until it does. Perhaps it would be better to just use
the internal Heimdal libraries instead, but I don't really know if that has
all the same functionality or not. Hints welcome if you'd like to drop them
in the "regression on -current with samba (new krb5)" thread.
Also, just to be 100% sure the krb5 revert doesn't cause any ABI issues,
we'll recompile everything that we've linked to krb5 while krb5-1.20 was
in -current.
Thanks to nobodino.
n/php-7.4.30-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/samba-4.16.3-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
xap/gnuplot-5.4.4-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.0.3/releasenotes/
extra/php80/php80-8.0.21-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
extra/php81/php81-8.1.8-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
a/hwdata-0.361-noarch-1.txz: Upgraded.
a/kernel-firmware-20220705_f5f02da-noarch-1.txz: Upgraded.
a/kmod-30-x86_64-1.txz: Upgraded.
a/mcelog-184-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1q-x86_64-1.txz: Upgraded.
ap/vim-9.0.0041-x86_64-1.txz: Upgraded.
d/llvm-14.0.6-x86_64-2.txz: Rebuilt.
Shared library .so-version bump.
We gave the DYLIB options a try and the resulting compilers are unable to
compile Firefox or Thunderbird, so we're back to using BUILD_SHARED_LIBS
(which works fine). I'm in no real hurry to revisit this, but I'll look at
any hints you might have for me if you post them on LQ.
d/meson-0.63.0-x86_64-1.txz: Upgraded.
d/rust-1.62.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_40-x86_64-1.txz: Upgraded.
l/isl-0.25-x86_64-1.txz: Upgraded.
l/libdmtx-0.7.7-x86_64-1.txz: Upgraded.
l/libgphoto2-2.5.30-x86_64-1.txz: Upgraded.
l/libmtp-1.1.20-x86_64-1.txz: Upgraded.
l/libvpx-1.12.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.53-x86_64-1.txz: Upgraded.
l/poppler-22.07.0-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-14.0.0-x86_64-2.txz: Rebuilt.
Recompiled against llvm-14.0.6-2.
n/openssl-1.1.1q-x86_64-1.txz: Upgraded.
This update fixes security issues:
Heap memory corruption with RSA private key operation.
AES OCB fails to encrypt some bytes.
For more information, see:
https://www.openssl.org/news/secadv/20220705.txthttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2274https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
(* Security fix *)
n/wget2-2.0.1-x86_64-1.txz: Upgraded.
x/libva-2.15.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.15.0-x86_64-1.txz: Upgraded.
x/mesa-21.3.8-x86_64-3.txz: Rebuilt.
Recompiled against llvm-14.0.6-2.
xap/mozilla-firefox-102.0.1-x86_64-1.txz: Upgraded.
This update contains security fixes (possibly) and improvements.
At this time, the link below only says "We're still preparing the notes for
this release, and will post them here when they are ready. Please check back
later."
For more information, see:
https://www.mozilla.org/en-US/firefox/102.0.1/releasenotes/
(* Security fix *)
xap/vim-gvim-9.0.0041-x86_64-1.txz: Upgraded.
extra/rust-for-mozilla/rust-1.60.0-x86_64-1.txz: Upgraded.
a/kernel-generic-5.18.6-x86_64-1.txz: Upgraded.
a/kernel-huge-5.18.6-x86_64-1.txz: Upgraded.
a/kernel-modules-5.18.6-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1p-x86_64-1.txz: Upgraded.
ap/sudo-1.9.11p3-x86_64-1.txz: Upgraded.
d/kernel-headers-5.18.6-x86-1.txz: Upgraded.
k/kernel-source-5.18.6-noarch-1.txz: Upgraded.
l/espeak-ng-1.51.1-x86_64-1.txz: Upgraded.
l/libidn-1.40-x86_64-1.txz: Upgraded.
l/mlt-7.8.0-x86_64-1.txz: Upgraded.
l/openal-soft-1.22.1-x86_64-1.txz: Upgraded.
l/pulseaudio-16.1-x86_64-1.txz: Upgraded.
l/speex-1.2.1-x86_64-1.txz: Upgraded.
l/speexdsp-1.2.1-x86_64-1.txz: Upgraded.
n/ca-certificates-20220622-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/openssl-1.1.1p-x86_64-1.txz: Upgraded.
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
For more information, see:
https://www.openssl.org/news/secadv/20220621.txthttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
(* Security fix *)
x/ibus-table-1.16.9-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.