ap/lsof-4.96.5-x86_64-1.txz: Upgraded.
ap/sqlite-3.40.1-x86_64-1.txz: Upgraded.
kde/bluedevil-5.26.5-x86_64-1.txz: Upgraded.
kde/breeze-5.26.5-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.26.5-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.26.5-x86_64-1.txz: Upgraded.
kde/digikam-7.9.0-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.7.0.
kde/drkonqi-5.26.5-x86_64-1.txz: Upgraded.
kde/kactivitymanagerd-5.26.5-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.26.5-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.26.5-x86_64-1.txz: Upgraded.
kde/kdecoration-5.26.5-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.26.5-x86_64-1.txz: Upgraded.
kde/kgamma5-5.26.5-x86_64-1.txz: Upgraded.
kde/khotkeys-5.26.5-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.26.5-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.26.5-x86_64-1.txz: Upgraded.
kde/kpipewire-5.26.5-x86_64-1.txz: Upgraded.
kde/kscreen-5.26.5-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.26.5-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.26.5-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.26.5-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.26.5-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.26.5-x86_64-1.txz: Upgraded.
kde/kwin-5.26.5-x86_64-1.txz: Upgraded.
kde/kwrited-5.26.5-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.26.5-x86_64-1.txz: Upgraded.
kde/libkscreen-5.26.5-x86_64-1.txz: Upgraded.
kde/libksysguard-5.26.5-x86_64-1.txz: Upgraded.
kde/milou-5.26.5-x86_64-1.txz: Upgraded.
kde/oxygen-5.26.5-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-browser-integration-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.26.5-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.26.5-x86_64-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.26.5-x86_64-1.txz: Upgraded.
kde/powerdevil-5.26.5-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.26.5-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.26.5-x86_64-1.txz: Upgraded.
kde/systemsettings-5.26.5-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.26.5-x86_64-1.txz: Upgraded.
l/SDL2-2.26.2-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.20.5-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.7.0.
l/imagemagick-7.1.0_57-x86_64-1.txz: Upgraded.
l/libpcap-1.10.2-x86_64-1.txz: Upgraded.
l/libpsl-0.21.2-x86_64-1.txz: Upgraded.
l/librevenge-0.0.5-x86_64-1.txz: Upgraded.
l/libsndfile-1.2.0-x86_64-1.txz: Upgraded.
l/libtiff-4.4.0-x86_64-2.txz: Rebuilt.
Patched various security bugs.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-2056https://www.cve.org/CVERecord?id=CVE-2022-2057https://www.cve.org/CVERecord?id=CVE-2022-2058https://www.cve.org/CVERecord?id=CVE-2022-3970https://www.cve.org/CVERecord?id=CVE-2022-34526
(* Security fix *)
l/netpbm-11.01.00-x86_64-1.txz: Upgraded.
l/opencv-4.7.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/poppler-23.01.0-x86_64-1.txz: Upgraded.
n/getmail-6.18.11-x86_64-1.txz: Upgraded.
n/tcpdump-4.99.2-x86_64-1.txz: Upgraded.
n/whois-5.5.15-x86_64-1.txz: Upgraded.
Updated the .bd, .nz and .tv TLD servers.
Added the .llyw.cymru, .gov.scot and .gov.wales SLD servers.
Updated the .ac.uk and .gov.uk SLD servers.
Recursion has been enabled for whois.nic.tv.
Updated the list of new gTLDs with four generic TLDs assigned in October 2013
which were missing due to a bug.
Removed 4 new gTLDs which are no longer active.
Added the Georgian translation, contributed by Temuri Doghonadze.
Updated the Finnish translation, contributed by Lauri Nurmi.
xap/pidgin-2.14.12-x86_64-1.txz: Upgraded.
xap/rxvt-unicode-9.26-x86_64-4.txz: Rebuilt.
When the "background" extension was loaded, an attacker able to control the
data written to the terminal would be able to execute arbitrary code as the
terminal's user. Thanks to David Leadbeater and Ben Collver.
For more information, see:
https://www.openwall.com/lists/oss-security/2022/12/05/1https://www.cve.org/CVERecord?id=CVE-2022-4170
(* Security fix *)
Hey folks, Merry Christmas and Hanukkah Sameach! Figured it was about time to
get some kind of kernel activity going again, but it most definitely belongs
in /testing for now. I've been trying to shape this up for weeks, but there
are still issues, and maybe someone out there can help. The biggest problem
is that the 32-bit kernels crash on boot. Initially there's some sort of
Intel ME failure (this is on a Thinkpad X1E). If those modules are
blacklisted, then the kernel will go on to crash loading the snd_hda_intel
module. The other issue is that I've got a 4K panel in this machine, and
have always appended the kernel option video=1920x1080@60 to put the console
in HD instead, and then loaded a Terminus console font to make the text even
larger. With these kernels, that option is completely ignored. I've tried some
other syntax I've seen online to no avail. And when the Terminus font is
loaded the text gets *even smaller* for some reason.
So be careful of these kernels (especially the 32-bit ones), but I welcome
any hints about what's going on here or if there are config changes that
might get this working properly. Is anyone out there running a 6.x kernel on
bare metal 32-bit x86?
Cheers!
ap/vim-9.0.1091-x86_64-1.txz: Upgraded.
d/meson-1.0.0-x86_64-1.txz: Upgraded.
d/ruby-3.2.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/subversion-1.14.2-x86_64-3.txz: Rebuilt.
Recompiled against ruby-3.2.0.
l/glib2-2.74.4-x86_64-1.txz: Upgraded.
l/netpbm-11.00.03-x86_64-1.txz: Upgraded.
l/rubygem-asciidoctor-2.0.18-x86_64-1.txz: Upgraded.
Compiled against ruby-3.2.0.
n/epic5-2.1.12-x86_64-2.txz: Rebuilt.
Recompiled against ruby-3.2.0.
x/marisa-0.2.6-x86_64-6.txz: Rebuilt.
Recompiled against ruby-3.2.0.
xap/vim-gvim-9.0.1091-x86_64-1.txz: Upgraded.
testing/packages/linux-6.1.x/kernel-generic-6.1.1-x86_64-1.txz: Added.
testing/packages/linux-6.1.x/kernel-headers-6.1.1-x86-1.txz: Added.
testing/packages/linux-6.1.x/kernel-huge-6.1.1-x86_64-1.txz: Added.
testing/packages/linux-6.1.x/kernel-modules-6.1.1-x86_64-1.txz: Added.
testing/packages/linux-6.1.x/kernel-source-6.1.1-noarch-1.txz: Added.
a/sysvinit-scripts-15.1-noarch-3.txz: Rebuilt.
rc.6: support an optional rc.firewall_shutdown script. Most firewall scripts
don't need a formal shutdown, but in some cases it can be useful. If your
rc.firewall script supports a stop parameter, the shutdown script should just
contain "/etc/rc.d/rc.firewall stop", or rc.firewall_shutdown could also be
a symlink to the rc.firewall script in that case. But how the script works
is (like the rc.firewall script support) completely up to the admin.
Thanks to metaed for the suggestion.
Please note that contrary to the request, I placed this *after* the network
is shut down to avoid removing firewall protection while the interfaces are
still active. Whether it'll work in this place for metaed's (or anyone
else's) needs, I'm not sure. It's a start. Feel free to weigh in on the LQ
thread if you have any ideas for improvement, but the goal here is to keep
this support as simple and flexible as possible.
d/nasm-2.16-x86_64-1.txz: Upgraded.
d/parallel-20221222-noarch-1.txz: Upgraded.
n/bind-9.18.10-x86_64-1.txz: Upgraded.
n/curl-7.87.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.6.1-x86_64-1.txz: Upgraded.
This release contains a security fix and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.6.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2022-54/https://www.cve.org/CVERecord?id=CVE-2022-46874
(* Security fix *)
xfce/xfce4-screenshooter-1.10.0-x86_64-1.txz: Upgraded.
d/p2c-2.02-x86_64-1.txz: Upgraded.
kde/dolphin-22.12.0-x86_64-2.txz: Rebuilt.
[PATCH] Revert "portalize drag urls"
Thanks to marav.
l/gst-plugins-bad-free-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.20.5-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.20.5-x86_64-1.txz: Upgraded.
l/gstreamer-1.20.5-x86_64-1.txz: Upgraded.
l/libqalculate-4.5.0-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-1.txz: Upgraded.
l/sdl-1.2.15-x86_64-14.txz: Rebuilt.
This update fixes a heap overflow problem in video/SDL_pixels.c in SDL.
By crafting a malicious .BMP file, an attacker can cause the application
using this library to crash, denial of service, or code execution.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33657
(* Security fix *)
n/gnupg2-2.2.41-x86_64-1.txz: Upgraded.
n/libksba-1.6.3-x86_64-1.txz: Upgraded.
Fix another integer overflow in the CRL's signature parser.
(* Security fix *)
x/libSM-1.2.4-x86_64-1.txz: Upgraded.
x/xcb-util-0.4.1-x86_64-1.txz: Upgraded.
x/xdriinfo-1.0.7-x86_64-1.txz: Upgraded.
a/logrotate-3.21.0-x86_64-1.txz: Upgraded.
kde/gwenview-22.12.0-x86_64-2.txz: Rebuilt.
Recompiled against cfitsio-4.2.0.
kde/kstars-3.6.2-x86_64-2.txz: Rebuilt.
Recompiled against cfitsio-4.2.0.
l/cfitsio-4.2.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/gsettings-desktop-schemas-43.0-x86_64-1.txz: Upgraded.
l/gtk4-4.8.2-x86_64-1.txz: Upgraded.
x/xorg-server-21.1.6-x86_64-1.txz: Upgraded.
This release fixes an invalid event type mask in XTestSwapFakeInput which
was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix
for CVE-2022-46340.
x/xorg-server-xephyr-21.1.6-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.6-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.6-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-22.1.7-x86_64-1.txz: Upgraded.
This release fixes an invalid event type mask in XTestSwapFakeInput which
was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix
for CVE-2022-46340.
testing/packages/rust-1.66.0-x86_64-1.txz: Added.
l/imagemagick-7.1.0_55-x86_64-2.txz: Rebuilt.
Rebuilt to fix dng.so module that was mistakenly compiled against the new
LibRaw that we don't yet include.
a/xz-5.4.0-x86_64-1.txz: Upgraded.
l/harfbuzz-6.0.0-x86_64-1.txz: Upgraded.
l/libmpc-1.3.1-x86_64-1.txz: Upgraded.
n/NetworkManager-1.40.8-x86_64-1.txz: Upgraded.
n/samba-4.17.4-x86_64-1.txz: Upgraded.
This update fixes security issues:
This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for
use between modern clients and servers despite all modern Kerberos
implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy'
would force rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
This is the Samba CVE for the Windows Kerberos Elevation of Privilege
Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission
could forge a more powerful ticket than the one it was presented with.
The "RC4" protection of the NetLogon Secure channel uses the same
algorithms as rc4-hmac cryptography in Kerberos, and so must also be
assumed to be weak.
Note that there are several important behavior changes included in this
release, which may cause compatibility problems interacting with system
still expecting the former behavior.
Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
CVE-2022-38023 carefully!
For more information, see:
https://www.samba.org/samba/security/CVE-2022-37966.htmlhttps://www.samba.org/samba/security/CVE-2022-37967.htmlhttps://www.samba.org/samba/security/CVE-2022-38023.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-37966https://www.cve.org/CVERecord?id=CVE-2022-37967https://www.cve.org/CVERecord?id=CVE-2022-38023
(* Security fix *)
xfce/exo-4.18.0-x86_64-1.txz: Upgraded.
xfce/garcon-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4ui-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4util-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-volman-4.18.0-x86_64-1.txz: Upgraded.
xfce/tumbler-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-appfinder-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-dev-tools-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.6.5-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-power-manager-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-session-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-settings-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-weather-plugin-0.11.0-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfdesktop-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfwm4-4.18.0-x86_64-1.txz: Upgraded.
a/usbutils-015-x86_64-1.txz: Upgraded.
l/adwaita-icon-theme-43-noarch-1.txz: Upgraded.
l/gtk+3-3.24.35-x86_64-1.txz: Upgraded.
l/libarchive-3.6.2-x86_64-1.txz: Upgraded.
This is a bugfix and security release.
Relevant bugfixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
Security fixes:
various small fixes for issues found by CodeQL
(* Security fix *)
l/mozilla-nss-3.86-x86_64-1.txz: Upgraded.
l/pipewire-0.3.62-x86_64-1.txz: Upgraded.
x/OpenCC-1.1.6-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.7-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
d/cbindgen-0.24.3-x86_64-1.txz: Added.
d/python3-3.9.16-x86_64-1.txz: Upgraded.
This update fixes security issues:
gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680
(heap use-after-free).
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio
related name resolution functions no longer involves a quadratic algorithm
to fix CVE-2022-45061. This prevents a potential CPU denial of service if an
out-of-spec excessive length hostname involving bidirectional characters were
decoded. Some protocols such as urllib http 3xx redirects potentially allow
for an attacker to supply such a name.
gh-100001: python -m http.server no longer allows terminal control characters
sent within a garbage request to be printed to the stderr server log.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the
gc module.
gh-97514: On Linux the multiprocessing module returns to using filesystem
backed unix domain sockets for communication with the forkserver process
instead of the Linux abstract socket namespace. Only code that chooses to use
the "forkserver" start method is affected. This prevents Linux CVE-2022-42919
(potential privilege escalation) as abstract sockets have no permissions and
could allow any user on the system in the same network namespace (often the
whole system) to inject code into the multiprocessing forkserver process.
Filesystem based socket permissions restrict this to the forkserver process
user as was the default in Python 3.8 and earlier.
gh-98517: Port XKCP's fix for the buffer overflows in SHA-3 to fix
CVE-2022-37454.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text
(filenames, MIME types, parameters) into shell commands to address
CVE-2015-20107. Instead of using such text, it will warn and act as if a
match was not found (or for test commands, as if the test failed).
For more information, see:
https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-43680https://www.cve.org/CVERecord?id=CVE-2022-45061https://www.cve.org/CVERecord?id=CVE-2022-42919https://www.cve.org/CVERecord?id=CVE-2022-37454https://www.cve.org/CVERecord?id=CVE-2015-20107
(* Security fix *)
d/rust-bindgen-0.63.0-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
l/pcre2-10.41-x86_64-1.txz: Upgraded.
n/proftpd-1.3.8-x86_64-1.txz: Upgraded.
x/mesa-22.3.0-x86_64-1.txz: Upgraded.
Compiled with Rusticl support. Thanks to Heinz Wiesinger.
x/xdm-1.1.14-x86_64-1.txz: Upgraded.
a/glibc-zoneinfo-2022g-noarch-1.txz: Upgraded.
This package provides the latest timezone updates.
ap/texinfo-7.0.1-x86_64-2.txz: Rebuilt.
Rebuilt without the --disable-perl-xs option to fix a2ps failing to build
from source. The option was added during the 15.0 development cycle to fix
glibc failing to build from source, but that issue has been resolved.
Thanks to nobodino and marav.
n/ca-certificates-20221205-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/dnsmasq-2.88-x86_64-1.txz: Upgraded.
a/gptfdisk-1.0.9-x86_64-2.txz: Rebuilt.
Applied upstream patches to fix a crash and partition corruption caused by
the popt upgrade:
[PATCH] Updated guid.cc to deal with minor change in libuuid
[PATCH] Fix failure & crash of sgdisk when compiled with latest popt
[PATCH] Fix NULL dereference when duplicating string argument
Thanks to jloco.
d/cmake-3.25.1-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-24.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/cantor-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kfilemetadata-5.100.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kile-2.9.93-x86_64-22.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kitinerary-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/krita-5.1.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/okular-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
l/glib2-2.74.3-x86_64-1.txz: Upgraded.
l/poppler-22.12.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/NetworkManager-1.40.6-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-1.txz: Upgraded.
xap/libnma-1.10.4-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.30.0-x86_64-1.txz: Upgraded.
a/bash-5.2.012-x86_64-1.txz: Upgraded.
a/less-612-x86_64-1.txz: Upgraded.
a/tcsh-6.24.02-x86_64-1.txz: Upgraded.
ap/vim-9.0.0942-x86_64-1.txz: Upgraded.
d/make-4.4-x86_64-2.txz: Rebuilt.
[SV 63307] Spawn children with the default disposition of sigpipe.
Thanks to nobodino.
d/ruby-3.1.3-x86_64-1.txz: Upgraded.
This release includes a security fix:
HTTP response splitting in CGI.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33621
(* Security fix *)
l/pipewire-0.3.61-x86_64-1.txz: Upgraded.
n/ipset-7.16-x86_64-1.txz: Upgraded.
x/fcitx5-5.0.21-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.0942-x86_64-1.txz: Upgraded.
a/gawk-5.2.1-x86_64-1.txz: Upgraded.
a/rpm2tgz-1.2.2-x86_64-7.txz: Rebuilt.
Take rpmoffset fixes from Gentoo.
Thanks to allend.
d/ccache-4.7.4-x86_64-1.txz: Upgraded.
d/meson-0.64.1-x86_64-1.txz: Upgraded.
d/parallel-20221122-noarch-1.txz: Upgraded.
kde/fcitx5-configtool-5.0.16-x86_64-1.txz: Upgraded.
l/SDL2-2.26.0-x86_64-1.txz: Upgraded.
l/glib2-2.74.1-x86_64-2.txz: Rebuilt.
[PATCH 1/2] Revert "Handling collision between standard i/o file descriptors
and newly created ones."
[PATCH 2/2] glib-unix: Add test to make sure g_unix_open_pipe will intrude
standard range.
Thanks to marav.
l/newt-0.52.22-x86_64-1.txz: Upgraded.
l/pipewire-0.3.60-x86_64-2.txz: Rebuilt.
[PATCH] alsa: force playback start when buffer is full.
Thanks to marav.
tcl/tcl-8.6.13-x86_64-1.txz: Upgraded.
tcl/tk-8.6.13-x86_64-1.txz: Upgraded.
x/libglvnd-1.6.0-x86_64-1.txz: Upgraded.
x/wayland-protocols-1.30-noarch-1.txz: Upgraded.
xap/blueman-2.3.5-x86_64-1.txz: Upgraded.
ap/texinfo-7.0-x86_64-1.txz: Upgraded.
l/iso-codes-4.12.0-noarch-1.txz: Upgraded.
l/lcms2-2.14-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.85-x86_64-1.txz: Upgraded.
l/pipewire-0.3.60-x86_64-1.txz: Upgraded.
n/php-7.4.33-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
x/ibus-table-1.16.14-x86_64-1.txz: Upgraded.
a/btrfs-progs-6.0.1-x86_64-1.txz: Upgraded.
ap/sysstat-12.7.1-x86_64-1.txz: Upgraded.
On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1,
allocate_structures contains a size_t overflow in sa_common.c. The
allocate_structures function insufficiently checks bounds before arithmetic
multiplication, allowing for an overflow in the size allocated for the
buffer representing system activities.
This issue may lead to Remote Code Execution (RCE).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-39377
(* Security fix *)
kde/bluedevil-5.26.3.1-x86_64-1.txz: Upgraded.
kde/breeze-5.26.3.1-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.26.3.1-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.10-x86_64-1.txz: Upgraded.
l/orc-0.4.33-x86_64-1.txz: Upgraded.
n/mobile-broadband-provider-info-20221107-x86_64-1.txz: Upgraded.
xfce/xfce4-settings-4.16.4-x86_64-1.txz: Upgraded.
Fixed an argument injection vulnerability in xfce4-mime-helper.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45062
(* Security fix *)
ap/sudo-1.9.12p1-x86_64-1.txz: Upgraded.
Fixed a potential out-of-bounds write for passwords smaller than 8
characters when passwd authentication is enabled.
This does not affect configurations that use other authentication
methods such as PAM, AIX authentication or BSD authentication.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-43995
(* Security fix *)
l/nodejs-19.0.1-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-106.0.5-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/106.0.5/releasenotes/
a/exfatprogs-1.2.0-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1s-x86_64-1.txz: Upgraded.
n/openssl-1.1.1s-x86_64-1.txz: Upgraded.
xap/fvwm-2.7.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.4.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.4.2/releasenotes/
a/ntfs-3g-2022.10.3-x86_64-1.txz: Upgraded.
ap/mpg123-1.31.0-x86_64-1.txz: Upgraded.
ap/vim-9.0.0814-x86_64-1.txz: Upgraded.
A vulnerability was found in vim and classified as problematic. Affected by
this issue is the function qf_update_buffer of the file quickfix.c of the
component autocmd Handler. The manipulation leads to use after free. The
attack may be launched remotely. Upgrading to version 9.0.0805 is able to
address this issue.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-3705
(* Security fix *)
d/ccache-4.7.2-x86_64-1.txz: Upgraded.
d/make-4.4-x86_64-1.txz: Upgraded.
d/patchelf-0.16.1-x86_64-1.txz: Upgraded.
d/strace-6.0-x86_64-1.txz: Upgraded.
kde/kwin-5.26.2.1-x86_64-2.txz: Rebuilt.
[PATCH] x11window: revert more from 3a28c02f.
Thanks to Heinz Wiesinger.
[PATCH] x11: Don't force QT_NO_GLIB=1.
[PATCH] x11: Don't force QT_QPA_PLATFORM=xcb.
Thanks to marav.
l/libedit-20221030_3.1-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-5.0.0-x86_64-1.txz: Upgraded.
l/taglib-1.13-x86_64-1.txz: Upgraded.
l/utf8proc-2.8.0-x86_64-1.txz: Upgraded.
n/openvpn-2.5.8-x86_64-1.txz: Upgraded.
n/socat-1.7.4.4-x86_64-1.txz: Upgraded.
x/libXext-1.3.5-x86_64-1.txz: Upgraded.
x/libXinerama-1.1.5-x86_64-1.txz: Upgraded.
x/makedepend-1.0.7-x86_64-1.txz: Upgraded.
x/rgb-1.1.0-x86_64-1.txz: Upgraded.
x/sessreg-1.1.3-x86_64-1.txz: Upgraded.
x/x11perf-1.6.2-x86_64-1.txz: Upgraded.
x/xsetroot-1.1.3-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-106.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/106.0.3/releasenotes/
xap/mozilla-thunderbird-102.4.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.4.1/releasenotes/
xap/vim-gvim-9.0.0814-x86_64-1.txz: Upgraded.
extra/php80/php80-8.0.25-x86_64-1.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
extra/php81/php81-8.1.12-x86_64-1.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
a/tree-2.0.4-x86_64-1.txz: Upgraded.
l/freecell-solver-6.8.0-x86_64-1.txz: Upgraded.
l/speech-dispatcher-0.11.3-x86_64-1.txz: Upgraded.
n/rsync-3.2.7-x86_64-1.txz: Upgraded.
This is a bugfix release.
Notably, this addresses some regressions caused by the file-list validation
fix in rsync-3.2.5.
Thanks to llgar.
l/harfbuzz-5.3.1-x86_64-1.txz: Upgraded.
l/qca-2.3.5-x86_64-1.txz: Upgraded.
x/mesa-22.2.2-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-22.1.4-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-106.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/106.0.1/releasenotes/
xap/mozilla-thunderbird-102.4.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.4.0/releasenotes/
