l/libbluray-1.2.1-x86_64-1.txz: Upgraded.
n/libassuan-2.5.4-x86_64-1.txz: Upgraded.
n/nfs-utils-2.5.2-x86_64-2.txz: Rebuilt.
Comment out debugging lines from exportfs.c, probably left in by mistake.
Thanks to upnort.
x/libva-2.9.1-x86_64-1.txz: Upgraded.
a/aaa_terminfo-6.2_20201024-x86_64-1.txz: Upgraded.
a/libpwquality-1.4.4-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
a/util-linux-2.36-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
ap/hplip-3.20.6-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
ap/inxi-20201016_e45c6960-noarch-1.txz: Upgraded.
ap/linuxdoc-tools-0.9.73-x86_64-7.txz: Rebuilt.
ap/lxc-2.0.11_fad08f383-x86_64-5.txz: Rebuilt.
Recompiled against python3-3.9.0.
ap/neofetch-20201016_f0b16b6-noarch-1.txz: Upgraded.
ap/rpm-4.16.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
ap/undervolt-20201024_13fa33d-x86_64-1.txz: Upgraded.
Compiled against python3-3.9.0.
d/Cython-0.29.21-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
d/distcc-3.3.3-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.9.0.
d/gdb-10.1-x86_64-1.txz: Upgraded.
Compiled against python3-3.9.0.
d/gyp-20200512_caa60026-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
d/llvm-11.0.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
d/mercurial-5.5.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
d/meson-0.55.3-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
d/python-pip-20.2.4-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
d/python-setuptools-50.3.2-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
d/python3-3.9.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
This update is a bit painful in that it will require most third-party
packages using python3 to be recompiled. But, we needed to get this out
of the way before moving on to bigger and better things. :-)
d/scons-4.0.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
kde/pykde4-4.14.3-x86_64-11.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/M2Crypto-0.36.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/Mako-1.1.3-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/PyQt-4.12.3-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/PyQt5-5.15.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/QScintilla-2.11.5-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/boost-1.74.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/brotli-1.0.9-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/dbus-python-1.2.16-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/gexiv2-0.12.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/gobject-introspection-1.64.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/libcaca-0.99.beta19-x86_64-7.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/libcap-ng-0.8-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/libimobiledevice-20200615_4791a82-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/libproxy-0.4.15-x86_64-5.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/libwebp-1.1.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/libxml2-2.9.10-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/ncurses-6.2_20201024-x86_64-1.txz: Upgraded.
l/newt-0.52.21-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/pycairo-1.20.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/pycups-2.0.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/pycurl-7.43.0.6-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/pygobject-2.28.7-x86_64-6.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/pygobject3-3.36.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/pyparsing-2.4.7-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-appdirs-1.4.4-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-certifi-2020.6.20-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-chardet-3.0.4-x86_64-6.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-distro-1.5.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-docutils-0.16-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-future-0.18.2-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-idna-2.10-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-notify2-0.3.1-x86_64-6.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-packaging-20.4-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-pillow-8.0.1-x86_64-1.txz: Upgraded.
Compiled against python3-3.9.0.
l/python-ply-3.11-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-pygments-2.7.2-x86_64-1.txz: Upgraded.
Compiled against python3-3.9.0.
l/python-requests-2.24.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-sane-2.8.3-x86_64-6.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-six-1.15.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/python-urllib3-1.25.11-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/sip-4.19.23-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/system-config-printer-1.5.12-x86_64-5.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/talloc-2.3.1-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/tdb-1.4.3-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.9.0.
l/tevent-0.10.2-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.9.0.
n/bind-9.16.8-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
n/epic5-2.1.2-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.9.0.
n/fetchmail-6.4.12-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
n/getmail-6.03-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
n/gpgme-1.14.0-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
n/libgcrypt-1.8.7-x86_64-1.txz: Upgraded.
n/net-snmp-5.9-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
n/obexftp-0.24.2-x86_64-6.txz: Rebuilt.
Recompiled against python3-3.9.0.
n/pssh-2.3.4-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
n/samba-4.13.0-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
x/pyxdg-0.27-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
x/xcb-proto-1.14.1-x86_64-2.txz: Rebuilt.
Recompiled against python3-3.9.0.
xap/blueman-2.1.3-x86_64-3.txz: Rebuilt.
Recompiled against python3-3.9.0.
xap/hexchat-2.14.3-x86_64-4.txz: Rebuilt.
Recompiled against python3-3.9.0.
a/aaa_elflibs-15.0-x86_64-24.txz: Rebuilt.
Don't skip this one as it contains the libnsl-2.30.so built by glibc that
it's likely many third-party packages will be linking to for some time.
Upgraded: libcap.so.2.44, libelf-0.181.so, libpopt.so.0.0.1,
libcurl.so.4.7.0, libexpat.so.1.6.12, libglib-2.0.so.0.6600.2,
libgmodule-2.0.so.0.6600.2, libgobject-2.0.so.0.6600.2,
libgthread-2.0.so.0.6600.2, libidn.so.12.6.1, liblber-2.4.so.2.11.2,
libldap-2.4.so.2.11.2, libmpc.so.3.2.0, libmpfr.so.6.1.0, libpsl.so.5.3.3.
Added: libnsl-2.30.so, libnsl.so.2.0.1.
Removed: libdvdread.so.4.2.0, libicudata.so.65.1, libicui18n.so.65.1,
libicuio.so.65.1, libicutest.so.65.1, libicutu.so.65.1, libicuuc.so.65.1.
a/glibc-solibs-2.30-x86_64-2.txz: Rebuilt.
a/pam-1.4.0-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
a/quota-4.05-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
a/xfsprogs-5.9.0-x86_64-1.txz: Upgraded.
ap/linuxdoc-tools-0.9.73-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
ap/vorbis-tools-1.4.0-x86_64-5.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
d/cvs-1.11.23-x86_64-5.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
d/git-2.29.0-x86_64-1.txz: Upgraded.
d/perl-5.32.0-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
d/python2-2.7.18-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
d/python3-3.8.6-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
d/rcs-5.10.0-x86_64-1.txz: Upgraded.
d/subversion-1.14.0-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
kde/kdelibs-4.14.38-x86_64-7.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
kde/kopete-4.14.3-x86_64-9.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
kde/perlkde-4.14.3-x86_64-10.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
kde/perlqt-4.14.3-x86_64-11.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
l/freetype-2.10.4-x86_64-1.txz: Upgraded.
Fix heap buffer overflow in embedded PNG bitmap handling.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
(* Security fix *)
l/glibc-2.30-x86_64-2.txz: Rebuilt.
Rebuilt without the --enable-obsolete-nsl and --enable-obsolete-rpc options.
This change has been somewhat overdue, but since glibc was providing these
options we just continued to use them here - however, newer versions of
glibc have dropped this code entirely and it is expected to be provided in
standalone packages. So we'll do that to make things easier moving forward.
Please note that libnss_nisplus has been unmaintained upstream for quite
some time, is considered obsolete, and no longer compiles. As a result it
will no longer be provided... but there are better options these days.
l/glibc-i18n-2.30-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.30-x86_64-2.txz: Rebuilt.
l/gmime-3.2.7-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
l/libasyncns-0.8-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
l/libnsl-1.3.0-x86_64-1.txz: Added.
This provides the standalone libnsl.
Shared library .so-version bump.
l/libnss_nis-3.1-x86_64-1.txz: Added.
l/loudmouth-1.5.3-x86_64-5.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
l/rpcsvc-proto-1.4.2-x86_64-1.txz: Added.
n/autofs-5.1.6-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/epic5-2.1.2-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/irssi-1.2.2-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/net-snmp-5.9-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/netatalk-3.1.12-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/ntp-4.2.8p15-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/openldap-2.4.54-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/openssh-8.4p1-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/openvpn-2.4.9-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/postfix-3.5.7-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/ppp-2.4.8-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/procmail-3.22-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/proftpd-1.3.7a-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/rpcbind-1.2.5-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/samba-4.13.0-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/socat-1.7.3.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/stunnel-5.57-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/tcp_wrappers-7.6-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/tftp-hpa-5.2-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/uucp-1.07-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/vsftpd-3.0.3-x86_64-7.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
n/yptools-4.2.3-x86_64-1.txz: Upgraded.
Compiled against libnsl-1.3.0.
xap/gftp-2.0.19-x86_64-9.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
xap/pidgin-2.14.1-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
xap/rxvt-unicode-9.22-x86_64-9.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
xap/xine-lib-1.2.10-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
xap/xine-ui-0.99.12-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
extra/pure-alsa-system/xine-lib-1.2.10-x86_64-3_alsa.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
extra/sendmail/sendmail-8.16.1-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-1.3.0.
extra/sendmail/sendmail-cf-8.16.1-noarch-3.txz: Rebuilt.
d/rust-1.46.0-x86_64-2.txz: Rebuilt.
Recompiled against llvm-11.0.0.
Dropped back to the previous version of Rust, since the Mozilla things
evidently aren't ready for the latest one.
n/ca-certificates-20201016-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/ethtool-5.9-x86_64-1.txz: Upgraded.
n/iproute2-5.9.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-78.3.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/78.3.3/releasenotes/
ap/nano-5.2-x86_64-1.txz: Upgraded.
d/doxygen-1.8.20-x86_64-1.txz: Upgraded.
d/nasm-2.15.03-x86_64-1.txz: Upgraded.
Reverted to previous nasm since the new version has problems with some of
the assembly included in Firefox.
d/parallel-20200822-noarch-1.txz: Upgraded.
l/libcap-ng-0.7.11-x86_64-1.txz: Upgraded.
n/libgpg-error-1.39-x86_64-1.txz: Upgraded.
n/libqmi-1.26.4-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-78.2.0esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/78.2.0/releasenotes/
(* Security fix *)
xap/sane-1.0.31-x86_64-1.txz: Upgraded.
ap/hplip-3.20.6-x86_64-2.txz: Rebuilt.
Recompiled against net-snmp-5.9.
ap/pamixer-1.4-x86_64-6.txz: Rebuilt.
Recompiled against boost-1.74.0.
ap/sqlite-3.33.0-x86_64-1.txz: Upgraded.
kde/calligra-2.9.11-x86_64-37.txz: Rebuilt.
Recompiled against boost-1.74.0.
l/akonadi-1.13.0-x86_64-16.txz: Rebuilt.
Recompiled against boost-1.74.0.
l/boost-1.74.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libcroco-0.6.13-x86_64-1.txz: Removed.
n/getmail-6.02-x86_64-1.txz: Upgraded.
This is a new version that uses Python 3. The ChangeLog warns that it "loses
some backward compatibility"... please report any bugs.
n/net-snmp-5.9-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/ntp-4.2.8p15-x86_64-2.txz: Rebuilt.
Recompiled against net-snmp-5.9.
n/php-7.4.9-x86_64-2.txz: Rebuilt.
Recompiled against net-snmp-5.9.
xap/sane-1.0.30-x86_64-2.txz: Rebuilt.
Recompiled against net-snmp-5.9.
xap/ssr-0.4.2-x86_64-1.txz: Added.
ap/vim-8.2.1361-x86_64-1.txz: Upgraded.
d/mercurial-5.5-x86_64-1.txz: Upgraded.
d/python-pip-20.2.1-x86_64-1.txz: Upgraded.
l/gegl-0.4.26-x86_64-1.txz: Upgraded.
n/php-7.4.9-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Phar: Use of freed hash key in the phar_parse_zipfile function.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068
(* Security fix *)
xap/vim-gvim-8.2.1361-x86_64-1.txz: Upgraded.
a/cryptsetup-2.3.3-x86_64-2.txz: Rebuilt.
Recompiled against json-c-0.15_20200726.
l/imagemagick-7.0.10_25-x86_64-1.txz: Upgraded.
l/json-c-0.15_20200726-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/urwid-1.0.3-x86_64-5.txz: Removed.
This is an ancient version that was only used by wicd.
n/bind-9.16.5-x86_64-2.txz: Rebuilt.
Recompiled against json-c-0.15_20200726.
x/libmypaint-1.6.1-x86_64-2.txz: Rebuilt.
Recompiled against json-c-0.15_20200726.
xap/gimp-2.10.20-x86_64-2.txz: Rebuilt.
Recompiled against json-c-0.15_20200726.
extra/wicd/wicd-1.7.4-x86_64-3.txz: Removed.
This is unmaintained, possibly insecure, and doesn't work with Python
versions newer than 2.7.18. NetworkManager is a better choice these days.
a/kernel-firmware-20200721_2b823fc-noarch-1.txz: Upgraded.
d/python3-3.8.5-x86_64-1.txz: Upgraded.
d/re2c-2.0-x86_64-1.txz: Upgraded.
l/farstream-0.2.9-x86_64-1.txz: Added.
Needed by pidgin-2.14.1.
l/libnice-0.1.17-x86_64-1.txz: Added.
Needed by farstream-0.2.9.
n/iptraf-ng-1.2.1-x86_64-1.txz: Upgraded.
n/proftpd-1.3.7a-x86_64-1.txz: Upgraded.
xap/pidgin-2.14.1-x86_64-1.txz: Upgraded.
This update adds support for voice and video via Farstream.
a/kernel-generic-5.4.51-x86_64-1.txz: Upgraded.
+EFI_CUSTOM_SSDT_OVERLAYS y
a/kernel-huge-5.4.51-x86_64-1.txz: Upgraded.
SPEAKUP y -> m
SPEAKUP_SYNTH_ACNTPC y -> m
SPEAKUP_SYNTH_ACNTSA y -> m
SPEAKUP_SYNTH_APOLLO y -> m
SPEAKUP_SYNTH_AUDPTR y -> m
SPEAKUP_SYNTH_BNS y -> m
SPEAKUP_SYNTH_DECEXT y -> m
SPEAKUP_SYNTH_DECTLK y -> m
SPEAKUP_SYNTH_DTLK y -> m
SPEAKUP_SYNTH_DUMMY y -> m
SPEAKUP_SYNTH_KEYPC y -> m
SPEAKUP_SYNTH_LTLK y -> m
SPEAKUP_SYNTH_SOFT y -> m
SPEAKUP_SYNTH_SPKOUT y -> m
SPEAKUP_SYNTH_TXPRT y -> m
+EFI_CUSTOM_SSDT_OVERLAYS y
a/kernel-modules-5.4.51-x86_64-1.txz: Upgraded.
ap/vim-8.2.1167-x86_64-1.txz: Upgraded.
d/Cython-0.29.21-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.51-x86-1.txz: Upgraded.
k/kernel-source-5.4.51-noarch-1.txz: Upgraded.
+EFI_CUSTOM_SSDT_OVERLAYS y
n/gnupg2-2.2.21-x86_64-1.txz: Upgraded.
x/mesa-20.1.3-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-78.0.2esr-x86_64-1.txz: Upgraded.
This release contains a security fix and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/78.0.2/releasenotes/https://www.mozilla.org/security/advisories/mfsa2020-28/
(* Security fix *)
xap/vim-gvim-8.2.1167-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
Speakup is included as modules which will need to be loaded manually,
for now at least.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Speakup is included as modules which will need to be loaded manually,
for now at least.
d/mercurial-5.4.2-x86_64-1.txz: Upgraded.
d/nasm-2.15.02-x86_64-1.txz: Upgraded.
l/glib2-2.64.4-x86_64-1.txz: Upgraded.
n/samba-4.12.5-x86_64-1.txz: Upgraded.
x/libXaw3dXft-1.6.2g-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-68.10.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.10.0/releasenotes/
a/kernel-firmware-20200629_1a0c0c2-noarch-1.txz: Upgraded.
ap/mariadb-10.5.4-x86_64-2.txz: Rebuilt.
rc.mysqld: stop the database by PID to avoid improperly stopping other
instances that were not started by this script. Thanks to denydias.
d/vala-0.48.7-x86_64-1.txz: Upgraded.
l/opusfile-0.12-x86_64-1.txz: Upgraded.
n/ca-certificates-20200630-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
x/libwacom-1.4.1-x86_64-1.txz: Upgraded.
ap/mariadb-10.5.4-x86_64-1.txz: Upgraded.
d/guile-3.0.4-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Looks like the previous bump was a mistake:
This release fixes the SONAME of libguile-3.0.so, which was erroneously
bumped in 3.0.3 compared to 3.0.2. Distributions are strongly
encouraged to use 3.0.4 instead of 3.0.3.
d/make-4.2.1-x86_64-7.txz: Rebuilt.
Recompiled against guile-3.0.4.
l/libjpeg-turbo-2.0.5-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Fixed an issue in the PPM reader that caused a buffer overrun in cjpeg,
TJBench, or the `tjLoadImage()` function if one of the values in a binary
PPM/PGM input file exceeded the maximum value defined in the file's header
and that maximum value was less than 255.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790
(* Security fix *)
n/ModemManager-1.14.0-x86_64-1.txz: Upgraded.
n/curl-7.71.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
curl overwrite local file with -J [111]
Partial password leak over DNS on HTTP redirect [48]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169
(* Security fix *)
n/gnutls-3.6.14-x86_64-3.txz: Rebuilt.
Recompiled against guile-3.0.4.
n/mutt-1.14.5-x86_64-1.txz: Upgraded.
x/libwacom-1.4-x86_64-1.txz: Upgraded.
ap/man-db-2.9.3-x86_64-1.txz: Upgraded.
ap/mariadb-10.4.13-x86_64-3.txz: Rebuilt.
Recompiled to pick up lz4 support. Thanks to Heinz Wiesinger.
ap/squashfs-tools-4.4-x86_64-2.txz: Rebuilt.
Added lz4 support. Thanks to Heinz Wiesinger.
d/ccache-3.7.10-x86_64-1.txz: Upgraded.
d/parallel-20200622-noarch-1.txz: Upgraded.
d/subversion-1.14.0-x86_64-2.txz: Rebuilt.
Use the system lz4 library. Thanks to Heinz Wiesinger.
l/imagemagick-7.0.10_21-x86_64-1.txz: Upgraded.
l/libarchive-3.4.3-x86_64-2.txz: Rebuilt.
Recompiled to pick up lz4 support. Thanks to Heinz Wiesinger.
l/lz4-1.9.2-x86_64-1.txz: Added.
This is a new dependency for dovecot, libarchive, mariadb, rsync,
squashfs-tools, subversion, and zstd. Thanks to Heinz Wiesinger.
l/xxHash-0.7.3-x86_64-1.txz: Added.
This is a new dependency for rsync.
l/zstd-1.4.5-x86_64-2.txz: Rebuilt.
Recompiled to pick up lz4 support. Thanks to Heinz Wiesinger.
n/dovecot-2.3.10.1-x86_64-2.txz: Rebuilt.
Recompiled to pick up lz4 support. Thanks to Heinz Wiesinger.
n/libmbim-1.24.0-x86_64-1.txz: Upgraded.
n/nfs-utils-2.5.1-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p15-x86_64-1.txz: Upgraded.
This release fixes one vulnerability: Associations that use CMAC
authentication between ntpd from versions 4.2.8p11/4.3.97 and
4.2.8p14/4.3.100 will leak a small amount of memory for each packet.
Eventually, ntpd will run out of memory and abort.
(* Security fix *)
n/rsync-3.2.1-x86_64-1.txz: Upgraded.
Please note that this update requires the new packages xxHash and lz4.
t/texlive-2020.200608-x86_64-1.txz: Upgraded.
Thanks to Johannes Schoepfer.
xap/blueman-2.1.3-x86_64-2.txz: Rebuilt.
As a matter of policy and since the rule already exists in
/usr/share/polkit-1/rules.d/, we should not install a rules file in /etc.
Note that since the file was installed as a .new, upgrading the package
will not remove it and it will need to be removed manually. It's harmless
if it remains, though.
Thanks to Robby Workman.
xap/network-manager-applet-1.18.0-x86_64-1.txz: Upgraded.
a/pam-1.4.0-x86_64-1.txz: Upgraded.
IMPORTANT NOTE: This update removes the pam_cracklib and pam_tally2 modules.
None of our current configuration files in /etc/pam.d/ use either of those,
but if the configuration files on your machine do you'll need to comment out
or remove those lines, otherwise you may experience login failures.
a/shadow-4.8.1-x86_64-9.txz: Rebuilt.
/etc/pam.d/system-auth: prefix lines that call pam_gnome_keyring.so with '-'
to avoid spamming the logs about failures.
a/sysvinit-scripts-2.1-noarch-32.txz: Rebuilt.
rc.S: create /var/run/faillock directory for pam_faillock(8).
a/util-linux-2.35.2-x86_64-2.txz: Rebuilt.
/etc/pam.d/login: change the example for locking an account for too many
failed login attempts to use pam_faillock instead of pam_tally2.
l/imagemagick-7.0.10_19-x86_64-1.txz: Upgraded.
l/libzip-1.7.1-x86_64-1.txz: Upgraded.
n/openssh-8.3p1-x86_64-2.txz: Rebuilt.
/etc/pam.d/sshd: change the example for locking an account for too many
failed login attempts to use pam_faillock instead of pam_tally2.
a/hwdata-0.336-noarch-1.txz: Upgraded.
ap/man-db-2.9.2-x86_64-1.txz: Upgraded.
d/git-2.27.0-x86_64-1.txz: Upgraded.
d/perl-5.30.3-x86_64-1.txz: Upgraded.
Upgraded to IO-Socket-SSL-2.068.
d/strace-5.7-x86_64-1.txz: Upgraded.
l/libyaml-0.2.5-x86_64-1.txz: Upgraded.
n/ca-certificates-20200602-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/nghttp2-1.41.0-x86_64-1.txz: Upgraded.
This update fixes a security issue where an overly large HTTP/2 SETTINGS
frame payload causes a denial of service.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xrhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080
(* Security fix *)
n/proftpd-1.3.6d-x86_64-1.txz: Upgraded.
This is a bugfix release:
Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
x/intel-vaapi-driver-2.4.1-x86_64-1.txz: Upgraded.
Greetings! After three months in /testing, the PAM merge into the main tree
is now complete. When updating, be sure to install the new pam, cracklib, and
libpwquality packages or you may find yourself locked out of your machine.
Otherwise, these changes should be completely transparent and you shouldn't
notice any obvious operational differences. Be careful if you make any changes
in /etc/pam.d/ - leaving an extra console logged in while testing PAM config
changes is a recommended standard procedure. Thanks again to Robby Workman,
Vincent Batts, Phantom X, and ivandi for help implementing this. It's not
done yet and there will be more fine-tuning of the config files, but now we
can move on to build some other updates. Enjoy!
a/cracklib-2.9.7-x86_64-1.txz: Added.
a/kernel-firmware-20200517_f8d32e4-noarch-1.txz: Upgraded.
a/libcgroup-0.41-x86_64-7.txz: Rebuilt.
Rebuilt to add PAM support.
a/libpwquality-1.4.2-x86_64-1.txz: Added.
a/lilo-24.2-x86_64-9.txz: Rebuilt.
Enable the "compact" option by default.
liloconfig: correctly set the root partition.
a/pam-1.3.1-x86_64-1.txz: Added.
a/shadow-4.8.1-x86_64-7.txz: Rebuilt.
Rebuilt to add PAM support.
a/utempter-1.2.0-x86_64-1.txz: Upgraded.
a/util-linux-2.35.1-x86_64-6.txz: Rebuilt.
Rebuilt to add PAM support.
a/xfsprogs-5.6.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
ap/at-3.2.1-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/cups-2.3.3-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/hplip-3.20.5-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/mariadb-10.4.13-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/screen-4.8.0-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/soma-3.3.0-noarch-1.txz: Upgraded.
Thanks to David Woodfall.
ap/sqlite-3.31.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
ap/sudo-1.9.0-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/vim-8.2.0788-x86_64-1.txz: Upgraded.
d/bison-3.6.2-x86_64-1.txz: Upgraded.
d/meson-0.54.2-x86_64-1.txz: Upgraded.
d/python-setuptools-46.4.0-x86_64-1.txz: Upgraded.
d/vala-0.48.6-x86_64-1.txz: Upgraded.
kde/calligra-2.9.11-x86_64-36.txz: Rebuilt.
Recompiled against icu4c-67.1.
kde/kde-workspace-4.11.22-x86_64-7.txz: Rebuilt.
Rebuilt to add PAM support.
l/ConsoleKit2-1.2.1-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
l/boost-1.73.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/gnome-keyring-3.36.0-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
l/harfbuzz-2.6.6-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/icu4c-67.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/imagemagick-7.0.10_13-x86_64-1.txz: Upgraded.
l/libcap-2.34-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
l/libical-3.0.8-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/libuv-1.38.0-x86_64-1.txz: Upgraded.
l/libvisio-0.1.7-x86_64-3.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/polkit-0.116-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
l/qt-4.8.7-x86_64-16.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/qt5-5.13.2-x86_64-4.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/qt5-webkit-5.212.0_alpha4-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/raptor2-2.0.15-x86_64-9.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/system-config-printer-1.5.12-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
l/vte-0.60.2-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
n/cifs-utils-6.10-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
n/cyrus-sasl-2.1.27-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
n/dovecot-2.3.10.1-x86_64-1.txz: Upgraded.
Rebuilt to add PAM support.
Compiled against icu4c-67.1.
This update fixes several denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10957https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10958https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10967
(* Security fix *)
n/mutt-1.14.1-x86_64-1.txz: Upgraded.
n/netatalk-3.1.12-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
n/netkit-rsh-0.17-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
n/nss-pam-ldapd-0.9.11-x86_64-1.txz: Added.
n/openssh-8.2p1-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
n/openvpn-2.4.9-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
n/pam-krb5-4.9-x86_64-1.txz: Added.
n/php-7.4.6-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
n/popa3d-1.0.3-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
n/postfix-3.5.2-x86_64-1.txz: Upgraded.
Compiled against icu4c-67.1.
n/ppp-2.4.8-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
n/proftpd-1.3.6c-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
n/samba-4.12.2-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
Recompiled against icu4c-67.1.
n/tin-2.4.4-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
n/vsftpd-3.0.3-x86_64-6.txz: Rebuilt.
Rebuilt to add PAM support.
t/texlive-2019.190626-x86_64-4.txz: Rebuilt.
Recompiled against icu4c-67.1.
x/vulkan-sdk-1.2.135.0-x86_64-1.txz: Upgraded.
x/xdm-1.1.11-x86_64-10.txz: Rebuilt.
Rebuilt to add PAM support.
x/xisxwayland-1-x86_64-1.txz: Added.
xap/sane-1.0.30-x86_64-1.txz: Upgraded.
This update fixes several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864
(* Security fix *)
xap/vim-gvim-8.2.0788-x86_64-1.txz: Upgraded.
xap/xlockmore-5.63-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
xap/xscreensaver-5.44-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
extra/brltty/brltty-6.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
extra/pure-alsa-system/qt5-5.13.2-x86_64-4_alsa.txz: Rebuilt.
Recompiled against icu4c-67.1.
isolinux/initrd.img: Rebuilt.
Added PAM libraries, security modules, and config files.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Added PAM libraries, security modules, and config files.
Hey folks, just a heads-up that PAM is about to be merged into the main tree.
We can't have it blocking other upgrades any longer. The config files could be
improved (adding support for pam_krb5 and pam_ldap, for example), but they'll
do for now. Have a good weekend, and enjoy these updates! :-)
a/aaa_elflibs-15.0-x86_64-23.txz: Rebuilt.
Upgraded: libcap.so.2.34, libelf-0.179.so, liblzma.so.5.2.5,
libglib-2.0.so.0.6400.2, libgmodule-2.0.so.0.6400.2,
libgobject-2.0.so.0.6400.2, libgthread-2.0.so.0.6400.2,
liblber-2.4.so.2.10.13, libldap-2.4.so.2.10.13, libpcre2-8.so.0.10.0.
Added temporarily in preparation for upgrading icu4c: libicudata.so.65.1,
libicui18n.so.65.1, libicuio.so.65.1, libicutest.so.65.1, libicutu.so.65.1,
libicuuc.so.65.1.
a/etc-15.0-x86_64-11.txz: Rebuilt.
/etc/passwd: Added ldap (UID 330).
/etc/group: Added ldap (GID 330).
a/kernel-generic-5.4.41-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.41-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.41-x86_64-1.txz: Upgraded.
a/pkgtools-15.0-noarch-33.txz: Rebuilt.
setup.services: added support for rc.openldap and rc.openvpn.
ap/hplip-3.20.5-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.41-x86-1.txz: Upgraded.
d/python-setuptools-46.3.0-x86_64-1.txz: Upgraded.
d/python3-3.8.3-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.41-noarch-1.txz: Upgraded.
n/openldap-2.4.50-x86_64-1.txz: Added.
This is a complete OpenLDAP package with both client and server support.
Thanks to Giuseppe Di Terlizzi for help with the server parts.
n/openldap-client-2.4.50-x86_64-1.txz: Removed.
x/mesa-20.0.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/hplip-3.20.5-x86_64-1_pam.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/gawk-5.1.0-x86_64-1.txz: Upgraded.
a/gettext-0.20.2-x86_64-1.txz: Upgraded.
d/gettext-tools-0.20.2-x86_64-1.txz: Upgraded.
d/git-2.26.1-x86_64-1.txz: Upgraded.
This update fixes a security issue:
With a crafted URL that contains a newline in it, the credential helper
machinery can be fooled to give credential information for a wrong host.
The attack has been made impossible by forbidding a newline character in
any value passed via the credential protocol. Credit for finding the
vulnerability goes to Felix Wilhelm of Google Project Zero.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260
(* Security fix *)
l/glib-networking-2.64.2-x86_64-1.txz: Upgraded.
l/libsecret-0.20.3-x86_64-1.txz: Upgraded.
n/php-7.4.5-x86_64-1.txz: Upgraded.
x/xorgproto-2020.1-x86_64-1.txz: Upgraded.
xap/audacious-4.0.2-x86_64-1.txz: Upgraded.
xap/audacious-plugins-4.0.2-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/audacious-plugins-4.0.2-x86_64-1_alsa.txz: Upgraded.
d/bison-3.5.4-x86_64-1.txz: Upgraded.
kde/k3b-2.0.3-x86_64-7.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
l/gobject-introspection-1.64.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.10_4-x86_64-1.txz: Upgraded.
l/libdvdnav-6.1.0-x86_64-2.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
Who bumps an .soname and only boosts the version number by 0.0.1?
Anyway, sorry to drop the ball a second time. I'll try to avoid this.
Thanks to gmgf for the bug report.
n/fetchmail-6.4.3-x86_64-1.txz: Upgraded.
tcl/tclx-8.4.4-x86_64-1.txz: Upgraded.
xap/MPlayer-20200103-x86_64-2.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
xap/windowmaker-0.95.9-x86_64-1.txz: Upgraded.
xap/xine-lib-1.2.10-x86_64-2.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
extra/pure-alsa-system/MPlayer-20200103-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
extra/pure-alsa-system/xine-lib-1.2.10-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
ap/lsof-4.93.2-x86_64-2.txz: Rebuilt.
Fixed the manpage. Thanks to kaott.
ap/sc-7.16-x86_64-7.txz: Rebuilt.
Brought back the classic SC. Thanks to dive.
d/Cython-0.29.16-x86_64-1.txz: Upgraded.
d/mercurial-5.3.2-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.17-x86_64-1.txz: Upgraded.
n/dhcpcd-8.1.7-x86_64-1.txz: Upgraded.
n/iproute2-5.6.0-x86_64-1.txz: Upgraded.
x/libdrm-2.4.101-x86_64-1.txz: Upgraded.
x/mesa-20.0.4-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.6.1esr-x86_64-1.txz: Upgraded.
This release contains critical security fixes and improvements.
"Under certain conditions, when running the nsDocShell destructor, a race
condition can cause a use-after-free. We are aware of targeted attacks in
the wild abusing this flaw."
"Under certain conditions, when handling a ReadableStream, a race condition
can cause a use-after-free. We are aware of targeted attacks in the wild
abusing this flaw."
For more information, see:
https://www.mozilla.org/en-US/firefox/68.6.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6819https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6820
(* Security fix *)
a/dialog-1.3_20200327-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1f-x86_64-1.txz: Upgraded.
ap/nano-4.9.1-x86_64-1.txz: Upgraded.
l/elfutils-0.179-x86_64-1.txz: Upgraded.
n/gnutls-3.6.13-x86_64-1.txz: Upgraded.
This update fixes a security issue:
libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support),
since 3.6.3. The DTLS client would not contribute any randomness to the
DTLS negotiation, breaking the security guarantees of the DTLS protocol.
[GNUTLS-SA-2020-03-31, CVSS: high]
(* Security fix *)
n/httpd-2.4.43-x86_64-1.txz: Upgraded.
n/openssl-1.1.1f-x86_64-1.txz: Upgraded.
n/curl-7.69.1-x86_64-3.txz: Rebuilt.
Removed --with-ca-bundle=/usr/share/curl/ca-bundle.crt and
added --without-ca-bundle. Thanks to drgibbon and Willy Sudiarto Raharjo.
Don't bother with 5.4.26 folks, just wait for the next one. Trust me.
a/tcsh-6.22.02-x86_64-2.txz: Rebuilt.
Fixed merging history from multiple shells. Thanks to jmccue.
a/xz-5.2.5-x86_64-1.txz: Upgraded.
d/git-2.25.2-x86_64-1.txz: Upgraded.
l/glibmm-2.64.1-x86_64-1.txz: Upgraded.
n/bind-9.16.1-x86_64-1.txz: Upgraded.
n/dovecot-2.3.10-x86_64-2.txz: Rebuilt.
x/libinput-1.15.4-x86_64-1.txz: Upgraded.
x/mesa-20.0.2-x86_64-1.txz: Upgraded.
testing/packages/PAM/dovecot-2.3.10-x86_64-2_pam.txz: Rebuilt.
Recompiled using --with-pam. Thanks to HQuest.
l/gobject-introspection-1.64.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.10_0-x86_64-1.txz: Upgraded.
l/libical-3.0.8-x86_64-1.txz: Upgraded.
l/librsvg-2.48.0-x86_64-1.txz: Upgraded.
l/libsoup-2.70.0-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.51-x86_64-1.txz: Upgraded.
xap/libnma-1.8.28-x86_64-1.txz: Added.
This is the NetworkManager GUI client library, which was previously
provided by network-manager-applet. It's now a standalone project, and
is required by network-manager-applet and other NetworkManager frontends.
xap/network-manager-applet-1.16.0-x86_64-1.txz: Upgraded.
This requires the new libnma package.
a/cryptsetup-2.3.0-x86_64-2.txz: Rebuilt.
Include some additional documentation. Thanks to regdub.
a/sdparm-1.11-x86_64-1.txz: Upgraded.
ap/moc-2.5.2-x86_64-6.txz: Rebuilt.
Fixed docs permissions. Thanks to regdub.
l/glib-networking-2.64.0-x86_64-1.txz: Upgraded.
l/glib2-2.64.0-x86_64-1.txz: Upgraded.
l/gvfs-1.44.0-x86_64-1.txz: Upgraded.
l/libnl-1.1.4-x86_64-3.txz: Rebuilt.
Fixed docs permissions. Thanks to regdub.
l/tdb-1.4.3-x86_64-3.txz: Rebuilt.
Fixed docs permissions. Thanks to regdub.
l/tevent-0.10.2-x86_64-3.txz: Rebuilt.
Fixed docs permissions. Thanks to regdub.
n/bind-9.16.0-x86_64-3.txz: Rebuilt.
Applied upstream patch to fix a discrepancy in the quota code that can
result in a situation where the count is not properly decremented in
some cases.
n/dovecot-2.3.10-x86_64-1.txz: Upgraded.
n/rp-pppoe-3.13-x86_64-2.txz: Rebuilt.
This needed a rebuild for ppp-2.4.8. Thanks to regdub.
x/libinput-1.15.3-x86_64-1.txz: Upgraded.
testing/packages/PAM/dovecot-2.3.10-x86_64-1_pam.txz: Upgraded.
a/sdparm-1.10-x86_64-3.txz: Rebuilt.
Recompiled against sg3_utils-1.45.
a/udisks-1.0.5-x86_64-5.txz: Rebuilt.
Recompiled against sg3_utils-1.45.
d/cmake-3.16.5-x86_64-1.txz: Upgraded.
l/libgpod-0.8.3-x86_64-6.txz: Rebuilt.
Recompiled against sg3_utils-1.45.
n/curl-7.69.0-x86_64-1.txz: Upgraded.
n/cyrus-sasl-2.1.27-x86_64-3.txz: Rebuilt.
Added SQL support via MariaDB. Thanks to niksoggia.
n/ntp-4.2.8p14-x86_64-1.txz: Upgraded.
n/ppp-2.4.8-x86_64-1.txz: Upgraded.
This update fixes a security issue:
By sending an unsolicited EAP packet to a vulnerable ppp client or server,
an unauthenticated remote attacker could cause memory corruption in the
pppd process, which may allow for arbitrary code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597
(* Security fix *)
testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-3_pam.txz: Rebuilt.
Added SQL support via MariaDB. Thanks to niksoggia.
testing/packages/PAM/ppp-2.4.8-x86_64-1_pam.txz: Upgraded.
This update fixes a security issue:
By sending an unsolicited EAP packet to a vulnerable ppp client or server,
an unauthenticated remote attacker could cause memory corruption in the
pppd process, which may allow for arbitrary code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597
(* Security fix *)
a/dialog-1.3_20200228-x86_64-1.txz: Upgraded.
l/Mako-1.1.2-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.9_27-x86_64-1.txz: Upgraded.
l/libcap-2.33-x86_64-1.txz: Upgraded.
n/bind-9.16.0-x86_64-2.txz: Rebuilt.
rc.bind: ensure /var/run/named exists before starting named. Thanks to MarcT.
rc.bind: when stopping named, only kill processes in the current namespace.
x/libevdev-1.9.0-x86_64-1.txz: Upgraded.
x/wayland-protocols-1.20-noarch-1.txz: Upgraded.
xap/seamonkey-2.53.1-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.1
(* Security fix *)
testing/packages/PAM/libcap-2.33-x86_64-1_pam.txz: Upgraded.
a/ed-1.16-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.14-x86_64-3.txz: Rebuilt.
Rebuilt to add wayland backend.
l/libuv-1.34.2-x86_64-1.txz: Added.
This is needed by bind-9.16.0.
l/qt5-5.13.2-x86_64-2.txz: Rebuilt.
Rebuilt to add wayland support.
Use the system ffmpeg, not the bundled one.
n/bind-9.16.0-x86_64-1.txz: Upgraded.
rc.bind: don't change file ownerships in /var/named. Thanks to voegelas.
n/proftpd-1.3.6c-x86_64-1.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security fix *)
x/libinput-1.15.2-x86_64-1.txz: Upgraded.
x/xkbcomp-1.4.3-x86_64-1.txz: Upgraded.
testing/packages/PAM/proftpd-1.3.6c-x86_64-1_pam.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security fix *)
a/gptfdisk-1.0.5-x86_64-1.txz: Upgraded.
a/kernel-firmware-20200219_2277987-noarch-1.txz: Upgraded.
a/kernel-generic-5.4.21-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.21-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.21-x86_64-1.txz: Upgraded.
a/shadow-4.8.1-x86_64-5.txz: Rebuilt.
a/util-linux-2.35.1-x86_64-4.txz: Rebuilt.
ap/cdparanoia-III_10.2-x86_64-3.txz: Rebuilt.
Moved man page from /usr/man/jp/man1/ to /usr/man/ja/man1/. Thanks to Xsane.
Don't ship the static libraries.
d/kernel-headers-5.4.21-x86-1.txz: Upgraded.
k/kernel-source-5.4.21-noarch-1.txz: Upgraded.
SND_SOC n -> m
SPI n -> y
VFIO_PCI_VGA n -> y
+ADE7854_SPI m
+ADT7316_SPI m
+BMC150_ACCEL_SPI m
+BMG160_SPI m
+BMP280_SPI m
+FXAS21002C_SPI m
+HTS221_SPI m
+IIO_ST_ACCEL_SPI_3AXIS m
+IIO_ST_GYRO_SPI_3AXIS m
+IIO_ST_MAGN_SPI_3AXIS m
+IIO_ST_PRESS_SPI m
+IIO_ST_SENSORS_SPI m
+INPUT_AD714X_SPI m
+INPUT_ADXL34X_SPI m
+KXSD9_SPI m
+REGMAP_SPI m
+SND_COMPRESS_OFFLOAD m
+SND_DESIGNWARE_I2S m
+SND_DESIGNWARE_PCM y
+SND_DMAENGINE_PCM m
+SND_HDA_EXT_CORE m
+SND_I2S_HI6210_I2S m
+SND_PCM_ELD y
+SND_PCM_IEC958 y
+SND_SIMPLE_CARD m
+SND_SIMPLE_CARD_UTILS m
+SND_SOC_AC97_BUS y
+SND_SOC_AC97_CODEC m
+SND_SOC_ACPI m
+SND_SOC_ACPI_INTEL_MATCH m
+SND_SOC_ADAU1761 m
+SND_SOC_ADAU1761_I2C m
+SND_SOC_ADAU1761_SPI m
+SND_SOC_ADAU17X1 m
+SND_SOC_ADAU7002 m
+SND_SOC_ADAU_UTILS m
+SND_SOC_AMD_ACP m
+SND_SOC_AMD_ACP3x m
+SND_SOC_AMD_CZ_DA7219MX98357_MACH m
+SND_SOC_AMD_CZ_RT5645_MACH m
+SND_SOC_BD28623 m
+SND_SOC_COMPRESS y
+SND_SOC_CROS_EC_CODEC m
+SND_SOC_CS35L34 m
+SND_SOC_CS35L35 m
+SND_SOC_CS35L36 m
+SND_SOC_CS42L42 m
+SND_SOC_CS43130 m
+SND_SOC_CX2072X m
+SND_SOC_DA7213 m
+SND_SOC_DA7219 m
+SND_SOC_DMIC m
+SND_SOC_ES7134 m
+SND_SOC_ES7241 m
+SND_SOC_ES8316 m
+SND_SOC_ES8328 m
+SND_SOC_ES8328_I2C m
+SND_SOC_ES8328_SPI m
+SND_SOC_GENERIC_DMAENGINE_PCM y
+SND_SOC_HDAC_HDA m
+SND_SOC_HDAC_HDMI m
+SND_SOC_HDMI_CODEC m
+SND_SOC_I2C_AND_SPI m
+SND_SOC_INTEL_APL m
+SND_SOC_INTEL_BDW_RT5677_MACH m
+SND_SOC_INTEL_BROADWELL_MACH m
+SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH m
+SND_SOC_INTEL_BXT_RT298_MACH m
+SND_SOC_INTEL_BYTCR_RT5640_MACH m
+SND_SOC_INTEL_BYTCR_RT5651_MACH m
+SND_SOC_INTEL_BYT_CHT_CX2072X_MACH m
+SND_SOC_INTEL_BYT_CHT_DA7213_MACH m
+SND_SOC_INTEL_BYT_CHT_ES8316_MACH m
+SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH m
+SND_SOC_INTEL_CFL m
+SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH m
+SND_SOC_INTEL_CHT_BSW_NAU8824_MACH m
+SND_SOC_INTEL_CHT_BSW_RT5645_MACH m
+SND_SOC_INTEL_CHT_BSW_RT5672_MACH m
+SND_SOC_INTEL_CML_H m
+SND_SOC_INTEL_CML_LP m
+SND_SOC_INTEL_CNL m
+SND_SOC_INTEL_DA7219_MAX98357A_GENERIC m
+SND_SOC_INTEL_GLK m
+SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH m
+SND_SOC_INTEL_HASWELL m
+SND_SOC_INTEL_HASWELL_MACH m
+SND_SOC_INTEL_KBL m
+SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH m
+SND_SOC_INTEL_KBL_DA7219_MAX98927_MACH m
+SND_SOC_INTEL_KBL_RT5660_MACH m
+SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH m
+SND_SOC_INTEL_MACH y
+SND_SOC_INTEL_SKL m
+SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH m
+SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH m
+SND_SOC_INTEL_SKL_RT286_MACH m
+SND_SOC_INTEL_SKYLAKE m
+SND_SOC_INTEL_SKYLAKE_COMMON m
+SND_SOC_INTEL_SKYLAKE_FAMILY m
+SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC y
+SND_SOC_INTEL_SKYLAKE_SSP_CLK m
+SND_SOC_INTEL_SST m
+SND_SOC_INTEL_SST_ACPI m
+SND_SOC_INTEL_SST_FIRMWARE m
+SND_SOC_INTEL_SST_TOPLEVEL y
+SND_SOC_MAX9759 m
+SND_SOC_MAX98088 m
+SND_SOC_MAX98090 m
+SND_SOC_MAX98357A m
+SND_SOC_MAX98373 m
+SND_SOC_MAX9867 m
+SND_SOC_MAX98927 m
+SND_SOC_NAU8540 m
+SND_SOC_NAU8824 m
+SND_SOC_NAU8825 m
+SND_SOC_PCM1789 m
+SND_SOC_PCM1789_I2C m
+SND_SOC_PCM186X m
+SND_SOC_PCM186X_I2C m
+SND_SOC_PCM186X_SPI m
+SND_SOC_PCM3060 m
+SND_SOC_PCM3060_I2C m
+SND_SOC_PCM3060_SPI m
+SND_SOC_RL6231 m
+SND_SOC_RL6347A m
+SND_SOC_RT286 m
+SND_SOC_RT298 m
+SND_SOC_RT5640 m
+SND_SOC_RT5645 m
+SND_SOC_RT5651 m
+SND_SOC_RT5660 m
+SND_SOC_RT5663 m
+SND_SOC_RT5670 m
+SND_SOC_RT5677 m
+SND_SOC_RT5677_SPI m
+SND_SOC_RT5682 m
+SND_SOC_SIGMADSP m
+SND_SOC_SIGMADSP_REGMAP m
+SND_SOC_SIMPLE_AMPLIFIER m
+SND_SOC_SOF m
+SND_SOC_SOF_ACPI m
+SND_SOC_SOF_APOLLOLAKE m
+SND_SOC_SOF_APOLLOLAKE_SUPPORT y
+SND_SOC_SOF_BAYTRAIL m
+SND_SOC_SOF_BAYTRAIL_SUPPORT y
+SND_SOC_SOF_CANNONLAKE m
+SND_SOC_SOF_CANNONLAKE_SUPPORT y
+SND_SOC_SOF_COFFEELAKE m
+SND_SOC_SOF_COFFEELAKE_SUPPORT y
+SND_SOC_SOF_COMETLAKE_H m
+SND_SOC_SOF_COMETLAKE_H_SUPPORT y
+SND_SOC_SOF_COMETLAKE_LP m
+SND_SOC_SOF_COMETLAKE_LP_SUPPORT y
+SND_SOC_SOF_ELKHARTLAKE m
+SND_SOC_SOF_ELKHARTLAKE_SUPPORT y
+SND_SOC_SOF_GEMINILAKE m
+SND_SOC_SOF_GEMINILAKE_SUPPORT y
+SND_SOC_SOF_HDA m
+SND_SOC_SOF_HDA_AUDIO_CODEC y
+SND_SOC_SOF_HDA_COMMON m
+SND_SOC_SOF_HDA_LINK y
+SND_SOC_SOF_HDA_LINK_BASELINE m
+SND_SOC_SOF_ICELAKE m
+SND_SOC_SOF_ICELAKE_SUPPORT y
+SND_SOC_SOF_INTEL_ACPI m
+SND_SOC_SOF_INTEL_ATOM_HIFI_EP m
+SND_SOC_SOF_INTEL_COMMON m
+SND_SOC_SOF_INTEL_HIFI_EP_IPC m
+SND_SOC_SOF_INTEL_PCI m
+SND_SOC_SOF_INTEL_TOPLEVEL y
+SND_SOC_SOF_MERRIFIELD m
+SND_SOC_SOF_MERRIFIELD_SUPPORT y
+SND_SOC_SOF_OPTIONS m
+SND_SOC_SOF_PCI m
+SND_SOC_SOF_PROBE_WORK_QUEUE y
+SND_SOC_SOF_TIGERLAKE m
+SND_SOC_SOF_TIGERLAKE_SUPPORT y
+SND_SOC_SOF_TOPLEVEL y
+SND_SOC_SOF_XTENSA m
+SND_SOC_SPDIF m
+SND_SOC_SSM4567 m
+SND_SOC_TAS6424 m
+SND_SOC_TDA7419 m
+SND_SOC_TLV320AIC32X4 m
+SND_SOC_TLV320AIC32X4_I2C m
+SND_SOC_TLV320AIC32X4_SPI m
+SND_SOC_TOPOLOGY y
+SND_SOC_TS3A227E m
+SND_SOC_TSCS42XX m
+SND_SOC_WM8524 m
+SND_SPI y
+SND_SST_ATOM_HIFI2_PLATFORM m
+SND_SST_ATOM_HIFI2_PLATFORM_ACPI m
+SND_SST_ATOM_HIFI2_PLATFORM_PCI m
+SND_SST_IPC m
+SND_SST_IPC_ACPI m
+SND_SST_IPC_PCI m
+SPI_MASTER y
+ST_UVIS25_SPI m
l/gegl-0.4.22-x86_64-1.txz: Upgraded.
l/glib2-2.62.5-x86_64-1.txz: Upgraded.
l/python-requests-2.23.0-x86_64-1.txz: Upgraded.
n/NetworkManager-1.22.8-x86_64-1.txz: Upgraded.
n/openssh-8.2p1-x86_64-2.txz: Rebuilt.
n/php-7.4.3-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Phar: Files added to tar with Phar::buildFromIterator have
all-access permissions.
Phar: heap-buffer-overflow in phar_extract_file.
Session: Null Pointer Dereference in PHP Session Upload Progress.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7063https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7061https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062
(* Security fix *)
x/mesa-20.0.0-x86_64-1.txz: Upgraded.
Added Wayland platform support.
x/wayland-1.18.0-x86_64-1.txz: Added.
x/wayland-protocols-1.18-noarch-1.txz: Added.
x/xorg-server-1.20.7-x86_64-2.txz: Rebuilt.
x/xorg-server-xephyr-1.20.7-x86_64-2.txz: Rebuilt.
x/xorg-server-xnest-1.20.7-x86_64-2.txz: Rebuilt.
x/xorg-server-xvfb-1.20.7-x86_64-2.txz: Rebuilt.
x/xorg-server-xwayland-1.20.7-x86_64-2.txz: Added.
xap/gimp-2.10.16-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/openssh-8.2p1-x86_64-2_pam.txz: Rebuilt.
/etc/pam.d/sshd: add commented out pam_tally2 example.
testing/packages/PAM/shadow-4.8.1-x86_64-5_pam.txz: Rebuilt.
/etc/pam.d/system-auth: add support for pam_group, remove pam_tally2.
Thanks to ivandi.
/etc/pam.d/*: Don't use tabs.
testing/packages/PAM/util-linux-2.35.1-x86_64-4_pam.txz: Rebuilt.
/etc/pam.d/login: add commented out pam_tally2 example.
/etc/pam.d/*: Don't use tabs.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/gtk+3-3.24.14-x86_64-2.txz: Rebuilt.
Rebuilt with -DG_ENABLE_DEBUG. Thanks to Bindestreck.
Also built with -DG_DISABLE_CAST_CHECKS and -Dbroadway_backend=true.
l/imagemagick-7.0.9_24-x86_64-1.txz: Upgraded.
n/bind-9.14.10-x86_64-2.txz: Rebuilt.
rc.bind: make sure it works with a non-root user specified in $NAMED_OPTIONS.
Thanks to Luigi Trovato.
n/tin-2.4.4-x86_64-1.txz: Upgraded.
xap/blackbox-0.76-x86_64-1.txz: Upgraded.
testing/packages/PAM/libcap-2.32-x86_64-1_pam.txz: Upgraded.
ap/ksh93-20200131_e4fea8c5-x86_64-1.txz: Upgraded.
ap/zsh-5.8-x86_64-1.txz: Upgraded.
l/brotli-1.0.7-x86_64-1.txz: Added.
l/gmime-3.2.6-x86_64-1.txz: Upgraded.
l/hyphen-2.8.8-x86_64-1.txz: Added.
l/openal-soft-1.20.1-x86_64-1.txz: Upgraded.
Thanks to Skaendo and Willy Sudiarto Raharjo.
l/qt5-webkit-5.212.0_alpha3-x86_64-1.txz: Added.
Thanks to alienBOB.
l/woff2-20180531_a0d0ed7-x86_64-1.txz: Added.
n/bluez-5.53-x86_64-1.txz: Upgraded.
n/mutt-1.13.4-x86_64-1.txz: Upgraded.
n/samba-4.11.6-x86_64-3.txz: Rebuilt.
n/socat-1.7.3.4-x86_64-1.txz: Added.
n/whois-5.5.6-x86_64-1.txz: Upgraded.
testing/packages/PAM/samba-4.11.6-x86_64-3_pam.txz: Rebuilt.
Added patches to fix joining a DC when using krb5. Looks like the patches are
already upstreamed in the latest 4.12.0-rc. Thanks to camerabambai.
a/libcgroup-0.41-x86_64-6.txz: Rebuilt.
ap/mariadb-10.4.12-x86_64-2.txz: Rebuilt.
d/Cython-0.29.15-x86_64-1.txz: Upgraded.
d/cmake-3.16.4-x86_64-2.txz: Rebuilt.
Recompiled against qt5-5.13.2.
d/doxygen-1.8.17-x86_64-2.txz: Rebuilt.
Recompiled against qt5-5.13.2.
l/ConsoleKit2-1.2.1-x86_64-3.txz: Rebuilt.
l/gnome-keyring-3.34.0-x86_64-2.txz: Rebuilt.
l/imagemagick-7.0.9_23-x86_64-1.txz: Upgraded.
l/polkit-0.116-x86_64-2.txz: Rebuilt.
l/python-future-0.18.2-x86_64-1.txz: Added.
This is needed by fetchmailconf and will probably see additional use as
projects jump off of the sinking Python 2 ship.
l/v4l-utils-1.18.0-x86_64-2.txz: Rebuilt.
Recompiled against qt5-5.13.2.
n/cifs-utils-6.10-x86_64-3.txz: Rebuilt.
n/fetchmail-6.4.2-x86_64-1.txz: Upgraded.
n/pinentry-1.1.0-x86_64-3.txz: Rebuilt.
Recompiled against qt5-5.13.2.
n/samba-4.11.6-x86_64-2.txz: Rebuilt.
n/wpa_supplicant-2.9-x86_64-2.txz: Rebuilt.
Recompiled against qt5-5.13.2.
xap/xpdf-4.02-x86_64-3.txz: Rebuilt.
Recompiled against qt5-5.13.2.
testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-3_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
Remove .la files in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/cifs-utils-6.10-x86_64-3_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/gnome-keyring-3.34.0-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
Remove .la files in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/libcgroup-0.41-x86_64-6_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
Remove .la files in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/libpwquality-1.4.2-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
Remove .la files in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/mariadb-10.4.12-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/pam-1.3.1-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security to support
multilib. Thanks to GazL.
testing/packages/PAM/polkit-0.116-x86_64-2_pam.txz: Rebuilt.
Rebuilt using --with-pam-module-dir=/lib${LIBDIRSUFFIX}/security.
testing/packages/PAM/samba-4.11.6-x86_64-2_pam.txz: Rebuilt.
Put the pam security modules in /lib${LIBDIRSUFFIX}/security.
a/kernel-generic-5.4.20-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.20-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.20-x86_64-1.txz: Upgraded.
a/shadow-4.8.1-x86_64-3.txz: Rebuilt.
a/util-linux-2.35.1-x86_64-3.txz: Rebuilt.
d/kernel-headers-5.4.20-x86-1.txz: Upgraded.
k/kernel-source-5.4.20-noarch-1.txz: Upgraded.
l/ConsoleKit2-1.2.1-x86_64-2.txz: Rebuilt.
l/dconf-editor-3.34.4-x86_64-1.txz: Upgraded.
l/libxkbcommon-0.10.0-x86_64-1.txz: Added.
l/openal-soft-1.19.1-x86_64-1.txz: Added.
l/qt5-5.13.2-x86_64-1.txz: Added.
Thanks to alienBOB.
n/openssh-8.2p1-x86_64-1.txz: Upgraded.
Potentially incompatible changes:
* ssh(1), sshd(8): the removal of "ssh-rsa" from the accepted
CASignatureAlgorithms list.
* ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
from the default key exchange proposal for both the client and
server.
* ssh-keygen(1): the command-line options related to the generation
and screening of safe prime numbers used by the
diffie-hellman-group-exchange-* key exchange algorithms have
changed. Most options have been folded under the -O flag.
* sshd(8): the sshd listener process title visible to ps(1) has
changed to include information about the number of connections that
are currently attempting authentication and the limits configured
by MaxStartups.
x/mesa-19.3.4-x86_64-2.txz: Rebuilt.
Reverted "[PATCH] swr: Fix GCC 4.9 checks." which makes X fail to start with
an illegal instruction on some hardware.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-2_pam.txz: Rebuilt.
Rebuilt with --disable-libcgmanager to fix setting limits on PAM.
Thanks to gattocarlo.
testing/packages/PAM/openssh-8.2p1-x86_64-1_pam.txz: Upgraded.
testing/packages/PAM/shadow-4.8.1-x86_64-3_pam.txz: Rebuilt.
Moved some of the /etc/pam.d/ file to the util-linux package where they
more properly belong.
testing/packages/PAM/util-linux-2.35.1-x86_64-3_pam.txz: Rebuilt.
Added some /etc/pam.d/ files previously in the shadow package.
Changed /etc/pam.d/{chfn,chsh} and made chfn/chsh setuid root to fix them.
Added /etc/pam.d/{runuser,runuser-l}.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Hey folks! PAM has finally landed in /testing. Some here wanted it to go
right into the main tree immediately, and in a more normal development cycle
I'd have been inclined to agree (it is -current, after all). But it's
probably better for it to appear in /testing first, to make sure we didn't
miss any bugs and also to serve as a warning shot that we'll be shaking up
the tree pretty good over the next few weeks. I'd like to see this merged
into the main tree in a day or two, so any testing is greatly appreciated.
Switching to the PAM packages (or reverting from them) is as easy as
installing all of them with upgradepkg --install-new, and if reverting then
remove the three leftover _pam packages. After reverting, a bit of residue
will remain in /etc/pam.d/ and /etc/security/ which can either be manually
deleted or simply ignored. While there are many more features available in
PAM compared with plain shadow, out of the box about the only noticable
change is the use of cracklib and libpwquality to check the quality of a
user-supplied password. Hopefully having PAM and krb5 will get us on track
to having proper Active Directory integration as well as using code paths
that are likely better audited these days. The attack surface *might* be
bigger, but it's also a lot better scrutinized.
Thanks to Robby Workman and Vincent Batts who did most of the initial heavy
lifting on the core PAM packages as a side project for many years. Thanks
also to Phantom X whose PAM related SlackBuilds were a valuable reference.
And thanks as well to ivandi - I learned a lot from the SlackMATE build
scripts and was even occasionally thankful for the amusing ways you would
kick my ass on LQ. ;-) You're more than welcome to let us know where we've
messed up this time.
The binutils and glibc packages in /testing were removed and are off the
table for now. I'm not seeing much upside to heading down that rabbit hole
at the moment. Next we need to be looking at Xfce 4.14 and Plasma 5.18 LTS
and some other things that have been held back since KDE4 couldn't use them.
Cheers! :-)
a/kernel-generic-5.4.19-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.19-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.19-x86_64-1.txz: Upgraded.
a/lvm2-2.03.08-x86_64-1.txz: Upgraded.
a/shadow-4.8.1-x86_64-2.txz: Rebuilt.
Automatically backup /etc/login.defs and install the new version if
incompatible PAM options are detected.
d/kernel-headers-5.4.19-x86-1.txz: Upgraded.
k/kernel-source-5.4.19-noarch-1.txz: Upgraded.
VALIDATE_FS_PARSER y -> n
xap/mozilla-thunderbird-68.5.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.5.0/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6793https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6794https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6795https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6797https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6798https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6792https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6800
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/at-3.2.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/cifs-utils-6.10-x86_64-2_pam.txz: Added.
testing/packages/PAM/cracklib-2.9.7-x86_64-1_pam.txz: Added.
testing/packages/PAM/cups-2.3.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-2_pam.txz: Added.
testing/packages/PAM/dovecot-2.3.9.2-x86_64-1_pam.txz: Added.
testing/packages/PAM/gnome-keyring-3.34.0-x86_64-1_pam.txz: Added.
testing/packages/PAM/hplip-3.19.12-x86_64-2_pam.txz: Added.
testing/packages/PAM/kde-workspace-4.11.22-x86_64-6_pam.txz: Added.
testing/packages/PAM/libcap-2.31-x86_64-1_pam.txz: Added.
testing/packages/PAM/libcgroup-0.41-x86_64-5_pam.txz: Added.
testing/packages/PAM/libpwquality-1.4.2-x86_64-1_pam.txz: Added.
testing/packages/PAM/mariadb-10.4.12-x86_64-1_pam.txz: Added.
testing/packages/PAM/netatalk-3.1.12-x86_64-2_pam.txz: Added.
testing/packages/PAM/netkit-rsh-0.17-x86_64-2_pam.txz: Added.
testing/packages/PAM/openssh-8.1p1-x86_64-1_pam.txz: Added.
testing/packages/PAM/openvpn-2.4.8-x86_64-1_pam.txz: Added.
testing/packages/PAM/pam-1.3.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/polkit-0.116-x86_64-1_pam.txz: Added.
testing/packages/PAM/popa3d-1.0.3-x86_64-3_pam.txz: Added.
testing/packages/PAM/ppp-2.4.7-x86_64-3_pam.txz: Added.
testing/packages/PAM/proftpd-1.3.6b-x86_64-1_pam.txz: Added.
testing/packages/PAM/samba-4.11.6-x86_64-1_pam.txz: Added.
testing/packages/PAM/screen-4.8.0-x86_64-1_pam.txz: Added.
testing/packages/PAM/shadow-4.8.1-x86_64-2_pam.txz: Added.
testing/packages/PAM/sudo-1.8.31-x86_64-1_pam.txz: Added.
testing/packages/PAM/system-config-printer-1.5.12-x86_64-2_pam.txz: Added.
testing/packages/PAM/util-linux-2.35.1-x86_64-1_pam.txz: Added.
testing/packages/PAM/vsftpd-3.0.3-x86_64-5_pam.txz: Added.
testing/packages/PAM/xdm-1.1.11-x86_64-9_pam.txz: Added.
testing/packages/PAM/xlockmore-5.62-x86_64-1_pam.txz: Added.
testing/packages/PAM/xscreensaver-5.43-x86_64-1_pam.txz: Added.
testing/packages/binutils-2.34-x86_64-1.txz: Removed.
testing/packages/glibc-2.31-x86_64-1.txz: Removed.
testing/packages/glibc-i18n-2.31-x86_64-1.txz: Removed.
testing/packages/glibc-profile-2.31-x86_64-1.txz: Removed.
testing/packages/glibc-solibs-2.31-x86_64-1.txz: Removed.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/man-pages-5.05-noarch-2.txz: Rebuilt.
Clean up /usr/man directory moving miscellaneous documentation to
/usr/doc/man-pages-5.05. Thanks to Xsane.
d/python-setuptools-45.2.0-x86_64-1.txz: Upgraded.
n/nfs-utils-2.4.3-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.5.0esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.5.0/releasenotes/
a/cryptsetup-2.3.0-x86_64-1.txz: Upgraded.
a/kernel-firmware-20200203_6d9f399-noarch-1.txz: Upgraded.
ap/xfsdump-3.1.9-x86_64-1.txz: Upgraded.
d/mercurial-5.3-x86_64-1.txz: Upgraded.
l/libzip-1.6.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.4.2-x86_64-3.txz: Rebuilt.
Added /etc/exports.d directory.
Removed the bogus sanity checks. Sure, we could try to "fix" them, but this
seems to be the path of least resistance.
n/postfix-3.4.9-x86_64-1.txz: Upgraded.
x/libinput-1.15.1-x86_64-1.txz: Upgraded.
x/vulkan-sdk-1.2.131.1-x86_64-1.txz: Upgraded.
xap/sane-1.0.29-x86_64-1.txz: Upgraded.
a/util-linux-2.35.1-x86_64-1.txz: Upgraded.
a/zerofree-1.1.1-x86_64-1.txz: Added.
Also queued up for the next installer build. Thanks to bifferos.
ap/sudo-1.8.31-x86_64-1.txz: Upgraded.
This update fixes a security issue:
In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
trigger a stack-based buffer overflow in the privileged sudo process.
(pwfeedback is a default setting in some Linux distributions; however, it
is not the default for upstream or in Slackware, and would exist only if
enabled by an administrator.) The attacker needs to deliver a long string
to the stdin of getln() in tgetpass.c.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
(* Security fix *)
n/NetworkManager-1.22.6-x86_64-1.txz: Upgraded.
n/openldap-client-2.4.49-x86_64-1.txz: Upgraded.
xfce/Thunar-1.8.11-x86_64-1.txz: Removed.
xfce/thunar-1.8.12-x86_64-1.txz: Added.
Changed package name from "Thunar" to "thunar" to follow upstream's naming.
a/aaa_elflibs-15.0-x86_64-21.txz: Rebuilt.
Upgraded: libisl.so.22.0.1.
Added: libkeyutils.so.1.9.
a/kernel-generic-5.4.15-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.15-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.15-x86_64-1.txz: Upgraded.
a/pciutils-3.6.4-x86_64-1.txz: Upgraded.
a/shadow-4.8.1-x86_64-1.txz: Upgraded.
d/check-0.14.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.15-x86-1.txz: Upgraded.
d/make-4.2.1-x86_64-5.txz: Rebuilt.
Drop back to make-4.2.1 since make-4.3 is breaking a few builds. We'll
revisit it later after sources have caught up to it or regressions have
been patched upstream.
d/python-pip-20.0.2-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.15-noarch-1.txz: Upgraded.
l/imagemagick-7.0.9_18-x86_64-1.txz: Upgraded.
l/python-packaging-20.1-x86_64-1.txz: Upgraded.
n/php-7.4.2-x86_64-3.txz: Rebuilt.
php.ini: Added extension=gd and extension=zip. Thanks to avian.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20200122_1eb2408-noarch-1.txz: Upgraded.
a/pciutils-3.6.3-x86_64-1.txz: Upgraded.
a/pkgtools-15.0-noarch-30.txz: Rebuilt.
removepkg: prevent upgradepkg noise when a directory turns into a symlink.
setup.vi-ex: don't make symlinks if the targets don't exist.
d/cmake-3.16.3-x86_64-1.txz: Upgraded.
d/distcc-3.3.3-x86_64-3.txz: Rebuilt.
Move symlink tree into /usr/lib/distcc/, and make a link in /usr/lib64/ if
needed. Seems like this is how everyone else sets it up. Thanks to hpfeil.
Recompiled against krb5-1.17.1 (--with-auth).
d/parallel-20200122-noarch-1.txz: Upgraded.
l/python-urllib3-1.25.8-x86_64-1.txz: Upgraded.
n/bind-9.14.10-x86_64-1.txz: Upgraded.
This is a bugfix release:
With some libmaxminddb versions, named could erroneously match an IP address
not belonging to any subnet defined in a given GeoIP2 database to one of the
existing entries in that database. [GL #1552]
Fix line spacing in `rndc secroots`. Thanks to Tony Finch. [GL #2478]
Recompiled against krb5-1.17.1 (--with-gssapi).
n/dhcp-4.4.2-x86_64-1.txz: Upgraded.
n/p11-kit-0.23.19-x86_64-1.txz: Upgraded.
n/php-7.4.2-x86_64-2.txz: Rebuilt.
Patched for c-client library API change. Thanks to ecd102.
Recompiled against krb5-1.17.1 (--with-kerberos).
a/aaa_elflibs-15.0-x86_64-19.txz: Rebuilt.
Upgraded: libcap.so.2.31, libgmp.so.10.4.0, libgmpxx.so.4.6.0.
Added: libgssapi_krb5.so.2.2, libk5crypto.so.3.1, libkrb5.so.3.3,
libkrb5support.so.0.1.
a/util-linux-2.35-x86_64-1.txz: Upgraded.
d/python-pip-20.0.1-x86_64-1.txz: Upgraded.
l/Mako-1.1.1-x86_64-1.txz: Upgraded.
l/keyutils-1.6.1-x86_64-1.txz: Upgraded.
n/krb5-1.17-x86_64-1.txz: Added.
Nothing links to this yet, but we'll need it soon enough. :-)
n/php-7.4.2-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Standard: OOB read in php_strip_tags_ex
Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
(* Security fix *)
n/samba-4.11.5-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Replication of ACLs set to inherit down a subtree on AD Directory
not automatic.
Crash after failed character conversion at log level 3 or above.
Use after free during DNS zone scavenging in Samba AD DC.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344
(* Security fix *)
xap/gparted-1.1.0-x86_64-1.txz: Upgraded.
a/aaa_terminfo-6.1_20200118-x86_64-1.txz: Upgraded.
d/make-4.3-x86_64-1.txz: Upgraded.
d/python-setuptools-45.1.0-x86_64-1.txz: Upgraded.
l/ncurses-6.1_20200118-x86_64-1.txz: Upgraded.
n/alpine-2.22-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.4.2esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.4.2/releasenotes/https://bugzilla.mozilla.org/show_bug.cgi?id=1602726
