a/sysvinit-scripts-15.1-noarch-10.txz: Rebuilt.
rc.M: Fix the name of the LDAP name service daemon (rc.nss-pam-ldap).
Thanks to 0XBF.
d/subversion-1.14.3-x86_64-1.txz: Upgraded.
l/libvisual-0.4.2-x86_64-1.txz: Upgraded.
l/libvisual-plugins-0.4.2-x86_64-1.txz: Upgraded.
l/netpbm-11.05.01-x86_64-1.txz: Upgraded.
xfce/thunar-4.18.9-x86_64-1.txz: Upgraded.
testing/packages/grub-2.12-x86_64-1.txz: Added.
a/glibc-zoneinfo-2023d-noarch-1.txz: Upgraded.
This package provides the latest timezone updates.
l/libsass-3.6.6-x86_64-1.txz: Upgraded.
n/postfix-3.8.4-x86_64-1.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
l/QScintilla-2.14.1-x86_64-2.txz: Rebuilt.
Fixed install section of the build script.
Thanks to Petri Kaukasoina.
l/libxml2-2.12.3-x86_64-3.txz: Rebuilt.
Apply --with-legacy and --with-ftp to both builds.
Thanks to Stuart Winter.
l/vte-0.74.2-x86_64-1.txz: Upgraded.
l/libxml2-2.12.3-x86_64-2.txz: Rebuilt.
Rebuilt using the --with-legacy option (maximum ABI compatibility) and
--with-ftp option (functionality included by default in libxml2 2.9).
n/bluez-5.71-x86_64-1.txz: Upgraded.
This update fixes a security issue:
It may have been possible for an attacker within Bluetooth range to inject
keystrokes (and possibly execute commands) while devices were discoverable.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-45866
(* Security fix *)
x/compiz-0.8.18-x86_64-4.txz: Rebuilt.
Patched to work properly with libxml2-2.12.3.
Thanks to saxa.
We've gone ahead and moved the 6.6 kernel into the main tree. As previously
mentioned when this branch first appeared in /testing, on the 32-bit side
there are no longer any -smp labeled kernel packages, so if you were using
those previously, you'll need to switch to using to kernel-generic or
kernel-huge kernel, including the changes needed to your bootloader setup to
load this instead of the -smp labeled kernel. Also, if you happen to be using
a first generation Pentium M chip, you will need to append forcepae to your
kernel command-line options. Enjoy! :-)
a/kernel-firmware-20231211_f2e52a1-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.6-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.6-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.6-x86_64-1.txz: Upgraded.
ap/qpdf-11.6.4-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.6-x86-1.txz: Upgraded.
k/kernel-source-6.6.6-noarch-1.txz: Upgraded.
l/imagemagick-7.1.1_23-x86_64-1.txz: Upgraded.
l/libsecret-0.21.2-x86_64-1.txz: Upgraded.
Thanks to reddog83 and saxa.
l/zxing-cpp-2.2.1-x86_64-1.txz: Upgraded.
n/postfix-3.8.3-x86_64-2.txz: Rebuilt.
OpenSSL upstream says that major versions are ABI/API compatible, so stop
warning in the logs that they might not be.
Thanks to gildbg and Markus Wiesner.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/python-psutil-5.9.6-x86_64-1.txz: Added.
This is needed by xfce4-panel-profiles. Thanks to stormtracknole.
extra/fltk/fltk-1.3.9-x86_64-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.12.0-x86_64-1.txz: Upgraded.
l/libxslt-1.1.39-x86_64-1.txz: Upgraded.
l/zxing-cpp-2.2.0-x86_64-1.txz: Upgraded.
xap/seamonkey-2.53.18-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18
testing/packages/libxml2-2.12.2-x86_64-1.txz: Upgraded.
Hey folks, I'm in need of a bit of assistance here. I've had libxml2 on the
back burner for quite some time now in spite of yet-another variation of
the old "billion laughs" resource exhaustion attack that's been supposedly
fixed. The issue I'm running into with newer versions of libxml2 is that
the rewrite rules for mapping external entities to files on the system no
longer work, and I'm not sure why that is. For a quick demonstration,
upgrade to this libxml2 package and then try to build glib2. You'll see
xsltproc called to generate documentation such as the man pages, but it isn't
able to find the entity locally and fails due to --nonet.
I'll be keeping an eye on LQ if anyone has any hints. Thanks!
a/aaa_libraries-15.1-x86_64-23.txz: Rebuilt.
Upgraded: libelf-0.190.so, libcares.so.2.9.0, libglib-2.0.so.0.7800.2,
libgmodule-2.0.so.0.7800.2, libgobject-2.0.so.0.7800.2,
libgthread-2.0.so.0.7800.2.
Added: libtiff.so.6.0.2, libtiffxx.so.6.0.2.
a/util-linux-2.39.3-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
ap/ghostscript-10.02.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
ap/rpm-4.19.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
e/emacs-29.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/bluedevil-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.27.10-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/drkonqi-5.27.10-x86_64-1.txz: Upgraded.
kde/gwenview-23.08.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/kactivitymanagerd-5.27.10-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.27.10-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.27.10-x86_64-1.txz: Upgraded.
kde/kdecoration-5.27.10-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.27.10-x86_64-1.txz: Upgraded.
kde/kgamma5-5.27.10-x86_64-1.txz: Upgraded.
kde/khotkeys-5.27.10-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.27.10-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.27.10-x86_64-1.txz: Upgraded.
kde/kpipewire-5.27.10-x86_64-1.txz: Upgraded.
kde/krita-5.2.1-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/kscreen-5.27.10-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.27.10-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.27.10-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.27.10-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.27.10-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/kwin-5.27.10-x86_64-1.txz: Upgraded.
kde/kwrited-5.27.10-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.27.10-x86_64-1.txz: Upgraded.
kde/libkscreen-5.27.10-x86_64-1.txz: Upgraded.
kde/libksysguard-5.27.10-x86_64-1.txz: Upgraded.
kde/milou-5.27.10-x86_64-1.txz: Upgraded.
kde/okular-23.08.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/oxygen-5.27.10-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-browser-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.27.10-noarch-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.27.10-x86_64-1.txz: Upgraded.
kde/powerdevil-5.27.10-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.27.10-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.27.10-x86_64-1.txz: Upgraded.
kde/systemsettings-5.27.10-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.27.10-x86_64-1.txz: Upgraded.
l/SDL2_image-2.6.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/djvulibre-3.5.28-x86_64-4.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gd-2.3.3-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gdk-pixbuf2-2.42.10-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gegl-0.4.46-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/glib2-2.78.2-x86_64-1.txz: Upgraded.
l/gtk4-4.12.4-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/imagemagick-7.1.1_22-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/lcms-1.19-x86_64-7.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/lcms2-2.16-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/libtiff-4.6.0-x86_64-1.txz: Upgraded.
Probably best to get this one out of the way...
From the release announcement:
Pay attention to the following warning:
This version removes a big number of utilities that have suffered from lack
of maintenance over the years and were the source of various reported
security issues. See "Removed functionality" below for the list of removed
utilities. Starting with libtiff v4.6.0, their source code, at this time,
will still be available in the source distribution, but they will no longer
be built by default, and issues related to them will no longer be accepted
in the libtiff bug tracker. The only remaining supported TIFF tools are
tiffinfo, tiffdump, tiffcp, tiffset and tiffsplit.
Shared library .so-version bump.
l/libwebp-1.3.2-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/netpbm-11.04.04-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/opencv-4.8.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/poppler-23.12.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/python-pillow-8.4.0-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/qt5-5.15.11_20231125_4765fa1d-x86_64-1.txz: Upgraded.
Compiled against libtiff-4.6.0.
l/sdl-1.2.15-x86_64-15.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
n/links-2.29-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
t/xfig-3.2.9-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/geeqie-2.1-x86_64-4.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/gimp-2.10.36-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/sane-1.2.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/windowmaker-0.96.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/xpaint-3.1.4-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/xsane-0.999-x86_64-6.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/libqalculate-4.9.0-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.95-x86_64-1.txz: Upgraded.
l/v4l-utils-1.26.0-x86_64-2.txz: Rebuilt.
Do not overwrite gconv-modules from glibc - instead, install it to
gconv-modules.d/v4l-utils.conf.
If your /usr/lib{,64}/gconv/gconv-modules was overwritten causing character
conversion errors, reinstall the glibc package to fix this.
Thanks to glennmcc.
n/php-8.3.0-x86_64-1.txz: Upgraded.
n/samba-4.19.3-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defect:
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted objects
in the LDAP store. Upgrading to this package will not prevent this
information leak - if you are using Samba as an Active Directory Domain
Controller, you will need to follow the instructions in the samba.org link
given below.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-14628.htmlhttps://www.cve.org/CVERecord?id=CVE-2018-14628
(* Security fix *)
x/libwacom-2.9.0-x86_64-1.txz: Upgraded.
d/perl-5.38.1-x86_64-1.txz: Upgraded.
Upgraded: Authen-SASL-2.1700, IO-Socket-SSL-2.084, URI-5.21.
l/pipewire-1.0.0-x86_64-1.txz: Upgraded.
l/python-toml-0.10.2-x86_64-1.txz: Removed.
I'm told gi-docgen was ported to python-tomli earlier this year, so we don't
need this after all. Out it goes.
Thanks to Heinz Wiesinger.
l/v4l-utils-1.26.0-x86_64-1.txz: Upgraded.
xfce/xfce4-whiskermenu-plugin-2.8.2-x86_64-1.txz: Upgraded.
a/shadow-4.14.2-x86_64-2.txz: Rebuilt.
adduser: fixed chown syntax to silence warnings. Thanks to Stuart Winter.
l/gi-docgen-2023.3-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
l/python-smartypants-2.0.1-x86_64-1.txz: Added.
Needed for gi-docgen. Thanks to Heinz Wiesinger.
l/python-toml-0.10.2-x86_64-1.txz: Added.
Needed for gi-docgen. Thanks to Heinz Wiesinger.
l/python-typogrify-2.0.7-x86_64-1.txz: Added.
Needed for gi-docgen. Thanks to Heinz Wiesinger.
x/xdg-desktop-portal-1.18.2-x86_64-1.txz: Upgraded.
Thanks to 0XBF.
testing/packages/php-8.3.0-x86_64-1.txz: Added.
a/lvm2-2.03.23-x86_64-1.txz: Upgraded.
l/nodejs-20.10.0-x86_64-1.txz: Upgraded.
n/php-8.2.13-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.2.13
We have fresh 6.6 kernels in /testing! You may notice that on the 32-bit side
we have done away with the -smp labeled kernel packages, but it's actually the
other kernels that were retired -- the non-SMP, non-PAE ones. If you were
previously using kernel-generic-smp or kernel-huge-smp, you'll need to make
some adjustments to your bootloader setup to load kernel-generic or kernel-huge
instead. About the only non-obsolete CPUs that may have an issue with this are
the first generation Pentium M chips, which supported PAE but unfortunately did
not advertise this in the CPU flags. But these will support PAE if the kernel
option "forcepae" is appended at boot time. Enjoy! :-)
a/gettext-0.22.4-x86_64-1.txz: Upgraded.
a/kbd-2.6.3-x86_64-3.txz: Rebuilt.
Installed extra console fonts.
a/kernel-firmware-20231120_9552083-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.63-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-34.txz: Rebuilt.
Fix tests for including jfs/xfs repair tools. Thanks to regdub.
a/pkgtools-15.1-noarch-8.txz: Rebuilt.
Make vim the default vi choice.
ap/vim-9.0.2116-x86_64-1.txz: Upgraded.
d/gettext-tools-0.22.4-x86_64-1.txz: Upgraded.
d/git-2.43.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.63-x86-1.txz: Upgraded.
d/mercurial-6.6-x86_64-1.txz: Upgraded.
d/meson-1.3.0-x86_64-1.txz: Upgraded.
d/scons-4.6.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.63-noarch-1.txz: Upgraded.
l/readline-8.2.007-x86_64-1.txz: Upgraded.
n/c-ares-1.22.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.4-x86_64-1.txz: Upgraded.
x/libdrm-2.4.118-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-115.5.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
Thanks to zuriel for the taskbar icon fix on Wayland. :-)
For more information, see:
https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2023-50/https://www.cve.org/CVERecord?id=CVE-2023-6204https://www.cve.org/CVERecord?id=CVE-2023-6205https://www.cve.org/CVERecord?id=CVE-2023-6206https://www.cve.org/CVERecord?id=CVE-2023-6207https://www.cve.org/CVERecord?id=CVE-2023-6208https://www.cve.org/CVERecord?id=CVE-2023-6209https://www.cve.org/CVERecord?id=CVE-2023-6212
(* Security fix *)
xap/vim-gvim-9.0.2116-x86_64-1.txz: Upgraded.
xap/xsnow-3.7.6-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-headers-6.6.2-x86-1.txz: Added.
testing/packages/kernel-huge-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-modules-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-source-6.6.2-noarch-1.txz: Added.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20231117_7124ce3-noarch-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.12-x86_64-1.txz: Upgraded.
kde/wcslib-8.2.1-x86_64-1.txz: Upgraded.
l/gtk4-4.12.4-x86_64-1.txz: Upgraded.
n/ca-certificates-20231117-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/openvpn-2.6.8-x86_64-1.txz: Upgraded.
n/socat-1.8.0.0-x86_64-1.txz: Upgraded.
x/ibus-1.5.29-x86_64-1.txz: Upgraded.
a/pam-1.5.3-x86_64-2.txz: Rebuilt.
Relocated pkgconfig files.
a/userspace-rcu-0.14.0-x86_64-2.txz: Rebuilt.
Relocated pkgconfig files.
ap/mariadb-10.11.6-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Vulnerability allows high privileged attacker with network access via
multiple protocols to compromise the server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
(* Security fix *)
d/llvm-17.0.5-x86_64-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.11.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.3-x86_64-3.txz: Rebuilt.
Only move the udev rule to /lib, don't grab libraries or pkgconfig files
from under /usr.