l/qt5-5.15.3_20220318_e507d3e5-x86_64-1.txz: Upgraded.
Pulled from git again to fix missing liblocationlabsplugin.so.
Fixed syntax error in qt5.csh. Thanks to rkomar.
ap/man-db-2.10.2-x86_64-1.txz: Upgraded.
d/python3-3.9.11-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
libexpat upgraded from 2.4.1 to 2.4.7
bundled pip upgraded from 21.2.4 to 22.0.4
authorization bypass fixed in urllib.request
REDoS avoided in importlib.metadata
For more information, see:
https://pythoninsider.blogspot.com/2022/03/python-3103-3911-3813-and-3713-are-now.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363
(* Security fix *)
l/nodejs-16.14.2-x86_64-1.txz: Upgraded.
n/gnutls-3.7.4-x86_64-1.txz: Upgraded.
extra/php80/php80-8.0.17-x86_64-1.txz: Upgraded.
extra/php81/php81-8.1.4-x86_64-1.txz: Upgraded.
Have a great day, everyone! Off to enjoy a couple Guinness. :-)
a/kernel-generic-5.16.15-x86_64-1.txz: Upgraded.
a/kernel-huge-5.16.15-x86_64-1.txz: Upgraded.
a/kernel-modules-5.16.15-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1n-x86_64-1.txz: Upgraded.
d/kernel-headers-5.16.15-x86-1.txz: Upgraded.
d/meson-0.61.3-x86_64-1.txz: Upgraded.
k/kernel-source-5.16.15-noarch-1.txz: Upgraded.
kde/kstars-3.5.8-x86_64-1.txz: Upgraded.
l/nodejs-16.14.1-x86_64-1.txz: Upgraded.
n/bind-9.18.1-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
An assertion could occur in resume_dslookup() if the fetch had been shut
down earlier.
Lookups involving a DNAME could trigger an INSIST when "synth-from-dnssec"
was enabled.
A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer()
to be called recursively, which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when out-of-order processing was
disabled.
The rules for acceptance of records into the cache have been tightened to
prevent the possibility of poisoning if forwarders send records outside
the configured bailiwick.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0667https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0635https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220
(* Security fix *)
n/bluez-5.64-x86_64-1.txz: Upgraded.
n/mobile-broadband-provider-info-20220316-x86_64-1.txz: Upgraded.
n/openssl-1.1.1n-x86_64-1.txz: Upgraded.
This update fixes a high severity security issue:
The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli.
For more information, see:
https://www.openssl.org/news/secadv/20220315.txthttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
(* Security fix *)
n/openvpn-2.5.6-x86_64-1.txz: Upgraded.
x/ibus-1.5.26-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/jasper-3.0.3-x86_64-1.txz: Upgraded.
l/qt5-5.15.3_20220312_33a3f16f-x86_64-1.txz: Upgraded.
If a 32-bit userspace is detected, then:
export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
This works around crashes occuring with 32-bit QtWebEngine applications.
Thanks to alienBOB.
n/krb5-1.19.3-x86_64-1.txz: Upgraded.
n/samba-4.15.6-x86_64-1.txz: Upgraded.
n/stunnel-5.63-x86_64-1.txz: Upgraded.
a/kernel-generic-5.16.14-x86_64-1.txz: Upgraded.
a/kernel-huge-5.16.14-x86_64-1.txz: Upgraded.
a/kernel-modules-5.16.14-x86_64-1.txz: Upgraded.
ap/qpdf-10.6.3-x86_64-1.txz: Upgraded.
ap/sqlite-3.38.1-x86_64-1.txz: Upgraded.
d/kernel-headers-5.16.14-x86-1.txz: Upgraded.
k/kernel-source-5.16.14-noarch-1.txz: Upgraded.
l/harfbuzz-4.0.1-x86_64-1.txz: Upgraded.
l/librsvg-2.52.7-x86_64-1.txz: Upgraded.
l/polkit-0.120-x86_64-3.txz: Rebuilt.
Patched to fix a security issue where an unprivileged user could cause a
denial of service due to process file descriptor exhaustion.
Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115
(* Security fix *)
xap/NetworkManager-openvpn-1.8.18-x86_64-1.txz: Upgraded.
xap/xlockmore-5.69-x86_64-1.txz: Upgraded.
xfce/xfce4-screenshooter-1.9.10-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/boost-1.78.0-x86_64-3.txz: Rebuilt.
This update has been patched to fix a regression:
Boost.Build silently skips installation of library headers and binaries in
some cases.
Thanks to Willy Sudiarto Raharjo.
a/lrzip-0.650-x86_64-1.txz: Upgraded.
d/mercurial-6.1-x86_64-1.txz: Upgraded.
l/nodejs-16.14.0-x86_64-1.txz: Added.
Thanks to Audrius Kažukauskas, Ryan P.C. McQuen, and Willy Sudiarto Raharjo
for the slackbuilds.org version of the build script.
a/dbus-1.12.22-x86_64-1.txz: Upgraded.
a/kernel-firmware-20220228_ee0667a-noarch-1.txz: Upgraded.
ap/sysstat-12.5.6-x86_64-1.txz: Upgraded.
d/ccache-4.6-x86_64-1.txz: Upgraded.
d/rcs-5.10.1-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-2.1.3-x86_64-1.txz: Upgraded.
l/libxml2-2.9.13-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Use-after-free of ID and IDREF attributes
(Thanks to Shinji Sato for the report)
Use-after-free in xmlXIncludeCopyRange (David Kilzer)
Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
Fix memory leak in xmlXPathCompNodeTest
Fix null pointer deref in xmlStringGetNodeList
Fix several memory leaks found by Coverity (David King)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
(* Security fix *)
l/libxslt-1.1.35-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Fix use-after-free in xsltApplyTemplates
Fix memory leak in xsltDocumentElem (David King)
Fix memory leak in xsltCompileIdKeyPattern (David King)
Fix double-free with stylesheets containing entity nodes
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560
(* Security fix *)
n/wget-1.21.3-x86_64-1.txz: Upgraded.
x/xterm-371-x86_64-1.txz: Upgraded.
xap/xscreensaver-6.03-x86_64-1.txz: Upgraded.
ap/inxi-3.3.13_1-noarch-1.txz: Upgraded.
d/parallel-20220222-noarch-1.txz: Upgraded.
d/patchelf-0.14.5-x86_64-1.txz: Upgraded.
d/rust-1.59.0-x86_64-1.txz: Upgraded.
n/cyrus-sasl-2.1.28-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
(* Security fix *)
n/nftables-1.0.2-x86_64-1.txz: Upgraded.
n/nghttp2-1.47.0-x86_64-1.txz: Upgraded.
n/openssh-8.9p1-x86_64-1.txz: Upgraded.
n/whois-5.5.12-x86_64-1.txz: Upgraded.
x/mesa-21.3.7-x86_64-1.txz: Upgraded.
x/xf86-video-amdgpu-22.0.0-x86_64-1.txz: Upgraded.
xap/freerdp-2.6.0-x86_64-1.txz: Upgraded.
xap/gftp-2.9.1b-x86_64-1.txz: Upgraded.
extra/xv/xv-3.10a-x86_64-10.txz: Rebuilt.
Drop JasPer support until xv can be ported to the new JasPer library (or
preferably to openjpeg).
a/aaa_glibc-solibs-2.35-x86_64-2.txz: Rebuilt.
l/glibc-2.35-x86_64-2.txz: Rebuilt.
Disable clone3() unless built with -DSLACKWARE_USE_CLONE3, since this is
causing sandbox failures with applications using Electron (and others).
Thanks to Sam James of Gentoo for the patch.
Unfortunately, this doesn't solve the issues with kmail/falkon/konqueror,
but we'll keep testing glibc-2.35 for now.
l/glibc-i18n-2.35-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.35-x86_64-2.txz: Rebuilt.
a/btrfs-progs-5.16.2-x86_64-1.txz: Upgraded.
a/kernel-generic-5.16.10-x86_64-1.txz: Upgraded.
a/kernel-huge-5.16.10-x86_64-1.txz: Upgraded.
a/kernel-modules-5.16.10-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.12-x86_64-1.txz: Upgraded.
ap/qpdf-10.6.2-x86_64-1.txz: Upgraded.
d/kernel-headers-5.16.10-x86-1.txz: Upgraded.
k/kernel-source-5.16.10-noarch-1.txz: Upgraded.
AMD_PTDMA n -> m
Thanks to walecha.
l/imagemagick-7.1.0_25-x86_64-1.txz: Upgraded.
l/librsvg-2.52.6-x86_64-1.txz: Upgraded.
l/pipewire-0.3.46-x86_64-1.txz: Upgraded.
n/php-7.4.28-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
x/libdrm-2.4.110-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-97.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/97.0.1/releasenotes/
xap/mozilla-thunderbird-91.6.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.6.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0566
(* Security fix *)
extra/php80/php80-8.0.16-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
extra/php81/php81-8.1.3-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_base-15.1-x86_64-2.txz: Rebuilt.
If root's mailbox did not already exist, it would be created with insecure
permissions leading to possible local information disclosure. This update
ensures that a new mailbox will be created with proper permissions and
ownership, and corrects the permissions on an existing mailbox if they are
found to be incorrect. Thanks to Martin for the bug report.
(* Security fix *)
d/help2man-1.49.1-x86_64-1.txz: Upgraded.
kde/bluedevil-5.24.1-x86_64-1.txz: Upgraded.
kde/breeze-5.24.1-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.24.1-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.24.1-x86_64-1.txz: Upgraded.
kde/drkonqi-5.24.1-x86_64-1.txz: Upgraded.
kde/kactivitymanagerd-5.24.1-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.24.1-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.24.1-x86_64-1.txz: Upgraded.
kde/kdecoration-5.24.1-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.24.1-x86_64-1.txz: Upgraded.
kde/kgamma5-5.24.1-x86_64-1.txz: Upgraded.
kde/khotkeys-5.24.1-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.24.1-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.24.1-x86_64-1.txz: Upgraded.
kde/kscreen-5.24.1-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.24.1-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.24.1-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.24.1-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.24.1-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.24.1-x86_64-1.txz: Upgraded.
kde/kwayland-server-5.24.1-x86_64-1.txz: Upgraded.
kde/kwin-5.24.1-x86_64-1.txz: Upgraded.
kde/kwrited-5.24.1-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.24.1-x86_64-1.txz: Upgraded.
kde/libkscreen-5.24.1-x86_64-1.txz: Upgraded.
kde/libksysguard-5.24.1-x86_64-1.txz: Upgraded.
kde/milou-5.24.1-x86_64-1.txz: Upgraded.
kde/oxygen-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-browser-integration-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.24.1-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.24.1-x86_64-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.24.1-x86_64-1.txz: Upgraded.
kde/powerdevil-5.24.1-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.24.1-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.24.1-x86_64-1.txz: Upgraded.
kde/systemsettings-5.24.1-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.24.1-x86_64-1.txz: Upgraded.
x/xkeyboard-config-2.35.1-noarch-2.txz: Rebuilt.
Perhaps upstream didn't mean to move these files (or perhaps we should have
recompiled everything that looks for these), but they did switch to meson,
and the 'xkb-base' option to set the data directory doesn't work. Anyway,
I've placed a symlink at /etc/X11/xkb and that fixes the problem.
Thanks to Petri Kaukasoina and LuckyCyborg.
Slackware 15.0 x86_64 stable is released!
Another too-long development cycle is behind us after we bit off more than
we could chew and then had to shine it up to a high-gloss finish. Hopefully
we've managed to get the tricky parts out of the way so that we'll be able
to see a 15.1 incremental update after a far shorter development cycle.
Certainly the development infrastructure has been streamlined here and things
should be easier moving forward. My thanks to the rest of the Slackware team,
all the upstream developers who have given us such great building materials,
the folks on LinuxQuestions.org and elsewhere for all the help with testing,
great suggestions, and countless bug fixes, and to everyone who helped
support this project so that the release could finally see the light of day.
I couldn't have done any of this without your help, and I'm grateful to all
of you. Thanks!
For more information, check out the RELEASE_NOTES, CHANGES_AND_HINTS.TXT,
and ANNOUNCE.15.0.
Have fun! :-)
fortune -m "I will be finished tomorrow" fortunes2
a/kernel-generic-5.15.19-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.19-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.19-x86_64-1.txz: Upgraded.
ap/screen-4.9.0-x86_64-1.txz: Upgraded.
Patched possible denial of service via a crafted UTF-8 character sequence.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26937
(* Security fix *)
d/kernel-headers-5.15.19-x86-1.txz: Upgraded.
k/kernel-source-5.15.19-noarch-1.txz: Upgraded.
RTC_INTF_DEV_UIE_EMUL y -> n
RTC_SYSTOHC n -> y
+RTC_SYSTOHC_DEVICE "rtc0"
l/lcms2-2.13-x86_64-2.txz: Rebuilt.
[PATCH] Fix for optimization error on grayscale.
Thanks to Aaron Boxer for reporting this issue.
Thanks to gmgf.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/source/linux-5.16.5-configs/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
The sepulchral voice intones, "The cave is now closed."
kde/falkon-3.2.0-x86_64-1.txz: Upgraded.
kde/ktexteditor-5.90.0-x86_64-2.txz: Rebuilt.
[PATCH] only start programs in user's path.
[PATCH] only execute diff in path.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
(* Security fix *)
l/libcanberra-0.30-x86_64-9.txz: Rebuilt.
Fix a bug crashing some applications in Wayland desktops.
Thanks to 01micko.
n/samba-4.15.5-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
UNIX extensions in SMB1 disclose whether the outside target of a symlink
exists.
Out-of-Bound Read/Write on Samba vfs_fruit module. This vulnerability
allows remote attackers to execute arbitrary code as root on affected Samba
installations that use the VFS module vfs_fruit.
Re-adding an SPN skips subsequent SPN conflict checks. An attacker who has
the ability to write to an account can exploit this to perform a
denial-of-service attack by adding an SPN that matches an existing service.
Additionally, an attacker who can intercept traffic can impersonate existing
services, resulting in a loss of confidentiality and integrity.
For more information, see:
https://www.samba.org/samba/security/CVE-2021-44141.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141https://www.samba.org/samba/security/CVE-2021-44142.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142https://www.samba.org/samba/security/CVE-2022-0336.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336
(* Security fix *)
x/xterm-370-x86_64-7.txz: Rebuilt.
Rebuilt with --disable-sixel-graphics to fix a buffer overflow.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24130
(* Security fix *)
testing/source/linux-5.16.4-configs/*: Added.
Sample config files to build 5.16.4 Linux kernels.
a/rpm2tgz-1.2.2-x86_64-5.txz: Rebuilt.
rpm2targz: when extracting the cpio archive from inside the RPM, use
--no-absolute-filenames to protect against a poorly made RPM scribbling all
over system files/directories. Thanks to Sl4ck3ver.
Support -i option to ignore non-zero exit value from rpm2cpio.
This allows repackaging some malformed RPMs.
Thanks to ricky_cardo for the sample malformed RPM.
a/aaa_libraries-15.0-x86_64-18.txz: Rebuilt.
Rebuilt to pick up the patched libexpat.so.1.8.3.
a/kernel-generic-5.15.17-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.17-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.17-x86_64-1.txz: Upgraded.
a/lzlib-1.13-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.0-noarch-8.txz: Rebuilt.
rc.S: clear /var/lock/subsys before starting libcgroup services.
Thanks to pyllyukko.
ap/pamixer-1.5-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
d/kernel-headers-5.15.17-x86-1.txz: Upgraded.
k/kernel-source-5.15.17-noarch-1.txz: Upgraded.
kde/kig-21.12.1-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
kde/kopeninghours-21.12.1-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
kde/krita-5.0.2-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
l/boost-1.78.0-x86_64-1.txz: Upgraded.
I hadn't planned to update this at such a late stage, but POV-Ray needs it
and everything we ship builds fine against it. Thanks to bender647.
Shared library .so-version bump.
l/cryfs-0.10.3-x86_64-4.txz: Rebuilt.
Recompiled against boost-1.78.0.
l/expat-2.4.3-x86_64-3.txz: Rebuilt.
Prevent integer overflow in doProlog.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990
(* Security fix *)
l/netpbm-10.97.03-x86_64-1.txz: Upgraded.
l/openexr-2.5.7-x86_64-5.txz: Rebuilt.
Recompiled against boost-1.78.0.
l/pipewire-0.3.44-x86_64-1.txz: Upgraded.
n/fetchmail-6.4.27-x86_64-1.txz: Upgraded.
n/libgpg-error-1.44-x86_64-1.txz: Upgraded.
x/mesa-21.3.5-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-91.5.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.5.1/releasenotes/
(* Security fix *)
extra/rust-for-mozilla/rust-1.54.0-x86_64-4.txz: Rebuilt.
Removed duplicated libLLVM shared library.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
It may look like we're currently experiencing more stuckness, but this will
lead us to Quality. We'll have this release in the can before you know it.
a/aaa_glibc-solibs-2.33-x86_64-5.txz: Rebuilt.
a/aaa_libraries-15.0-x86_64-16.txz: Rebuilt.
Rebuilt to pick up the patched libexpat.so.1.8.3.
a/kernel-firmware-20220124_eb8ea1b-noarch-1.txz: Upgraded.
a/kernel-generic-5.15.16-x86_64-2.txz: Upgraded.
a/kernel-huge-5.15.16-x86_64-2.txz: Upgraded.
-9P_FSCACHE n
9P_FS m -> y
Thanks to peake.
a/kernel-modules-5.15.16-x86_64-2.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-27.txz: Rebuilt.
mkinitrd_command_generator.sh: properly detect partitions of a RAID device.
Thanks to perrin4869.
a/util-linux-2.37.3-x86_64-1.txz: Upgraded.
This release fixes two security mount(8) and umount(8) issues:
An issue related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
Improper UID check in libmount allows an unprivileged user to unmount
FUSE filesystems of users with similar UID.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
(* Security fix *)
ap/vim-8.2.4212-x86_64-1.txz: Upgraded.
d/git-2.35.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.15.16-x86-2.txz: Upgraded.
k/kernel-source-5.15.16-noarch-2.txz: Upgraded.
l/expat-2.4.3-x86_64-2.txz: Rebuilt.
Fix signed integer overflow in function XML_GetBuffer for when
XML_CONTEXT_BYTES is defined to >0 (which is both common and
default). Impact is denial of service or other undefined behavior.
While we're here, also patch a memory leak on output file opening error.
Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852
(* Security fix *)
l/fluidsynth-2.2.5-x86_64-1.txz: Upgraded.
l/glibc-2.33-x86_64-5.txz: Rebuilt.
This update patches two security issues:
Unexpected return value from glibc's realpath().
Off-by-one buffer overflow/underflow in glibc's getcwd().
Thanks to Qualys Research Labs for reporting these issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
(* Security fix *)
l/glibc-i18n-2.33-x86_64-5.txz: Rebuilt.
l/glibc-profile-2.33-x86_64-5.txz: Rebuilt.
l/tdb-1.4.6-x86_64-1.txz: Upgraded.
x/xf86-input-libinput-1.2.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.5.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.5.1/releasenotes/
xap/vim-gvim-8.2.4212-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/inxi-3.3.12_1-noarch-1.txz: Upgraded.
ap/man-db-2.9.4-x86_64-3.txz: Rebuilt.
Don't use --no-purge in the daily cron job to update the databases.
l/gst-plugins-bad-free-1.18.5-x86_64-4.txz: Rebuilt.
Link against neon-0.32.2. Thanks to marav.
n/bind-9.16.25-x86_64-1.txz: Upgraded.
n/ethtool-5.16-x86_64-1.txz: Upgraded.
n/samba-4.15.4-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.10-x86_64-1.txz: Upgraded.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant
before 2.10 are vulnerable to side-channel attacks as a result of cache
access patterns.
NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304
(* Security fix *)
x/xterm-370-x86_64-6.txz: Rebuilt.
XTerm-console: improve the font settings. Thanks to GazL.