n/dhcp-4.4.2_P1-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Corrected a buffer overwrite possible when parsing hexadecimal
literals with more than 1024 octets. Reported by Jon Franklin from Dell,
and also by Pawel Wieczorkiewicz from Amazon Web Services. [Gitlab #182]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25217
(* Security fix *)
a/xfsprogs-5.12.0-x86_64-1.txz: Upgraded.
l/libcap-2.50-x86_64-1.txz: Upgraded.
l/libqalculate-3.19.0-x86_64-1.txz: Upgraded.
n/gnutls-3.6.16-x86_64-1.txz: Upgraded.
Fixed potential miscalculation of ECDSA/EdDSA code backported from Nettle.
In GnuTLS, as long as it is built and linked against the fixed version of
Nettle, this only affects GOST curves. [CVE-2021-20305]
Fixed potential use-after-free in sending "key_share" and "pre_shared_key"
extensions. When sending those extensions, the client may dereference a
pointer no longer valid after realloc. This happens only when the client
sends a large Client Hello message, e.g., when HRR is sent in a resumed
session previously negotiated large FFDHE parameters, because the initial
allocation of the buffer is large enough without having to call realloc
(#1151). [GNUTLS-SA-2021-03-10, CVSS: low]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305
(* Security fix *)
n/libnftnl-1.2.0-x86_64-1.txz: Upgraded.
n/links-2.23-x86_64-1.txz: Upgraded.
a/mcelog-176-x86_64-2.txz: Rebuilt.
Fixed size syntax in logrotate config file. Thanks to ecd102.
d/parallel-20210522-noarch-1.txz: Upgraded.
d/python-pip-21.1.2-x86_64-1.txz: Upgraded.
d/python-setuptools-57.0.0-x86_64-1.txz: Upgraded.
l/elfutils-0.185-x86_64-1.txz: Upgraded.
l/expat-2.4.1-x86_64-1.txz: Upgraded.
This update provides new mitigations against the "billion laughs" denial
of service attack.
For more information, see:
https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changeshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0340
(* Security fix *)
l/imagemagick-7.0.11_13-x86_64-2.txz: Rebuilt.
Recompiled against perl-5.34.0.
n/httpd-2.4.46-x86_64-4.txz: Rebuilt.
Fixed size syntax in logrotate config file. Thanks to ecd102.
a/exfatprogs-1.1.2-x86_64-1.txz: Upgraded.
a/kmod-29-x86_64-1.txz: Upgraded.
a/logrotate-3.18.1-x86_64-1.txz: Upgraded.
a/pkgtools-15.0-noarch-41.txz: Rebuilt.
installpkg, upgradepkg: skip the install script when doing upgradepkg's
pre-install. In cases where the script operations are expensive this can
nearly double the speed of upgrading a package. Thanks to Stuart Winter.
ap/texinfo-6.7-x86_64-5.txz: Rebuilt.
Recompiled against perl-5.34.0.
ap/vim-8.2.2876-x86_64-1.txz: Upgraded.
Compiled against perl-5.34.0.
d/perl-5.34.0-x86_64-1.txz: Upgraded.
d/sassc-3.6.2-x86_64-1.txz: Upgraded.
d/subversion-1.14.1-x86_64-3.txz: Rebuilt.
Recompiled against perl-5.34.0.
l/libsass-3.6.5-x86_64-1.txz: Upgraded.
l/libsigc++3-3.0.7-x86_64-1.txz: Upgraded.
n/bind-9.16.16-x86_64-1.txz: Upgraded.
n/epic5-2.1.4-x86_64-2.txz: Rebuilt.
Recompiled against perl-5.34.0.
n/irssi-1.2.3-x86_64-2.txz: Rebuilt.
Recompiled against perl-5.34.0.
n/libndp-1.8-x86_64-1.txz: Upgraded.
n/net-snmp-5.9-x86_64-6.txz: Rebuilt.
Recompiled against perl-5.34.0.
n/ntp-4.2.8p15-x86_64-8.txz: Rebuilt.
Recompiled against perl-5.34.0.
n/openldap-2.4.58-x86_64-2.txz: Rebuilt.
Recompiled against perl-5.34.0.
x/mesa-21.1.1-x86_64-1.txz: Upgraded.
xap/hexchat-2.14.3-x86_64-8.txz: Rebuilt.
Recompiled against perl-5.34.0.
xap/rxvt-unicode-9.26-x86_64-2.txz: Rebuilt.
Recompiled against perl-5.34.0.
xap/vim-gvim-8.2.2876-x86_64-1.txz: Upgraded.
Compiled against perl-5.34.0.
a/kernel-firmware-20210503_3f23f51-noarch-1.txz: Upgraded.
ap/mariadb-10.5.9-x86_64-1.txz: Upgraded.
Reverted to the latest stable release.
d/mercurial-5.8-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-8.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/cantor-21.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/kfilemetadata-5.81.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/kile-2.9.93-x86_64-8.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/kitinerary-21.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/krita-4.4.3-x86_64-4.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/okular-21.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.05.0.
l/isl-0.24-x86_64-1.txz: Upgraded.
l/poppler-21.05.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-pygments-2.9.0-x86_64-1.txz: Upgraded.
n/ethtool-5.12-x86_64-1.txz: Upgraded.
n/httpd-2.4.47-x86_64-2.txz: Rebuilt.
Recompiled against the mariadb-10.5.9 shared libraries.
n/postfix-3.6.0-x86_64-2.txz: Rebuilt.
Recompiled against the mariadb-10.5.9 shared libraries.
xap/gparted-1.3.0-x86_64-1.txz: Upgraded.
testing/packages/mariadb-10.6.0-x86_64-1.txz: Upgraded.
Since this is still considered alpha and not production ready, we'll put it
in /testing for now. Unless you're using an Atom (or other 32-bit processor
affected by the illegal instruction issue) it's probably best to stick with
mariadb-10.5.9.
a/less-581.2-x86_64-1.txz: Upgraded.
ap/nano-5.7-x86_64-1.txz: Upgraded.
d/cmake-3.20.2-x86_64-1.txz: Upgraded.
n/httpd-2.4.47-x86_64-1.txz: Upgraded.
n/samba-4.14.4-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defect:
Negative idmap cache entries can cause incorrect group entries in the
Samba file server process token.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20254https://www.samba.org/samba/security/CVE-2021-20254.html
(* Security fix *)
extra/php8/php8-8.0.5-x86_64-1.txz: Upgraded.
d/gdb-10.2-x86_64-1.txz: Upgraded.
d/python-pip-21.1-x86_64-1.txz: Upgraded.
n/dnsmasq-2.85-x86_64-2.txz: Rebuilt.
rc.dnsmasq: display stop message. Thanks to vineetmehta.
rc.dnsmasq: kill by .pid file (or at least within the current namespace).
Thanks to Petri Kaukasoina.
n/wireguard-tools-1.0.20210424-x86_64-1.txz: Upgraded.
x/fcitx-qt5-1.2.6-x86_64-1.txz: Upgraded.
ap/tmux-3.2-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.11_7-x86_64-1.txz: Upgraded.
l/librsvg-2.50.4-x86_64-1.txz: Upgraded.
n/cifs-utils-6.13-x86_64-1.txz: Upgraded.
n/snownews-1.7-x86_64-1.txz: Upgraded.
x/xorg-server-1.20.11-x86_64-1.txz: Upgraded.
Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory
accesses in the X server. These issues can lead to privilege
escalation for authorized clients on systems where the X server
is running privileged.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472
(* Security fix *)
x/xorg-server-xephyr-1.20.11-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-1.20.11-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-1.20.11-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-1.20.11-x86_64-1.txz: Upgraded.
a/kernel-generic-5.10.28-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.28-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.28-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.28-x86-1.txz: Upgraded.
k/kernel-source-5.10.28-noarch-1.txz: Upgraded.
DEVKMEM y -> n
Thanks to Jonathan Woithe for the suggestion.
l/pipewire-0.3.25-x86_64-1.txz: Upgraded.
n/libksba-1.5.1-x86_64-1.txz: Upgraded.
x/ibus-m17n-1.4.5-x86_64-1.txz: Upgraded.
x/libdrm-2.4.105-x86_64-1.txz: Upgraded.
x/mesa-21.0.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/linux-5.11.x/kernel-generic-5.11.12-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-headers-5.11.12-x86-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-huge-5.11.12-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-modules-5.11.12-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-source-5.11.12-noarch-1.txz: Upgraded.
DEVKMEM y -> n
Thanks to Jonathan Woithe for the suggestion.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/sqlite-3.35.3-x86_64-1.txz: Upgraded.
d/git-2.31.1-x86_64-1.txz: Upgraded.
d/re2c-2.1-x86_64-1.txz: Upgraded.
l/ffmpeg-4.3.2-x86_64-2.txz: Rebuilt.
libvpx-1.10.0 seems to have a changed ABI, so recompile against it.
l/gst-plugins-good-1.18.4-x86_64-2.txz: Rebuilt.
libvpx-1.10.0 seems to have a changed ABI, so recompile against it.
l/pango-1.48.4-x86_64-1.txz: Upgraded.
l/qt5-5.15.2-x86_64-7.txz: Rebuilt.
n/epic5-2.1.3-x86_64-1.txz: Upgraded.
x/libXaw-1.0.14-x86_64-1.txz: Upgraded.
x/xterm-367-x86_64-1.txz: Upgraded.
This update fixes a security issue:
xterm before Patch #366 allows remote attackers to execute arbitrary code or
cause a denial of service (segmentation fault) via a crafted UTF-8 combining
character sequence.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135
(* Security fix *)
xap/xine-lib-1.2.11-x86_64-5.txz: Rebuilt.
libvpx-1.10.0 seems to have a changed ABI, so recompile against it.
xap/xpaint-3.1.3-x86_64-1.txz: Upgraded.
xap/xsnow-3.2.3-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-20.txz: Rebuilt.
mkinitrd_command_generator.sh: account for the mmc_block module having an
internal name of "mmcblk". Thanks to Andypoo.
ap/cups-filters-1.28.8-x86_64-1.txz: Upgraded.
l/expat-2.3.0-x86_64-1.txz: Upgraded.
l/libvpx-1.10.0-x86_64-1.txz: Upgraded.
l/netpbm-10.93.03-x86_64-1.txz: Upgraded.
n/pam-krb5-4.10-x86_64-1.txz: Upgraded.
a/btrfs-progs-5.11.1-x86_64-1.txz: Upgraded.
a/dialog-1.3_20210324-x86_64-1.txz: Upgraded.
a/kernel-generic-5.10.26-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.26-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.26-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1k-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.26-x86-1.txz: Upgraded.
d/rust-1.51.0-x86_64-1.txz: Upgraded.
e/emacs-27.2-x86_64-1.txz: Upgraded.
k/kernel-source-5.10.26-noarch-1.txz: Upgraded.
-ADI_AXI_ADC m
AD9467 m -> n
FONT_TER16x32 n -> y
n/openssl-1.1.1k-x86_64-1.txz: Upgraded.
This update fixes security issues:
Fixed a problem with verifying a certificate chain when using the
X509_V_FLAG_X509_STRICT flag.
Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
crafted renegotiation ClientHello message from a client.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
(* Security fix *)
n/samba-4.14.2-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
Heap corruption via crafted DN strings.
Out of bounds read in AD DC LDAP server.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27840https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277
(* Security fix *)
x/mesa-21.0.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/linux-5.11.x/kernel-generic-5.11.10-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-headers-5.11.10-x86-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-huge-5.11.10-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-modules-5.11.10-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-source-5.11.10-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/slackpkg-15.0.1-noarch-1.txz: Upgraded.
Tweak default blacklist file's help text (thanks, dive).
Fix display of blacklisted packages.
Tweaks to slack-desc.
Note that kernel-headers should not be blacklisted.
Added Lithuania mirrors (Totoro-kun on LQ).
Fix exit code for pending updates (dive).
Avoid matching txz/tgz etc extension when blacklisting (dive).
Use https for all slackpkg homepage links.
Update mirror files (14.2 -> 15.0).
Add blacklist to search option.
Move applyblacklist to end of makelist().
Clarify how to blacklist duplicate packages.
Fix new-config dialog.
Reduce false positives in DOUBLEFILES detection.
Remove spaces in awk..
More blacklisting fixups (see full commit msg).
Escape plus signs in blacklist regex.
Convert ${ROOT}/${WORKDIR} > ${WORKDIR} (dive).
Convert ${ROOT}/${CONF} -> ${CONF} and tweak blacklists (dive).
Further fixup/enhancement to blacklisting issues.
Fix "slackpkg blacklist" so that it shows blacklist again.
Fixup internal blacklist handling.
Use ERE for sanity_check() function (David Woodfall).
Remove "slackpkg blacklist" from manual pages.
Fix aaa_elflibs --> aaa_libraries in sample blacklist file (mozes).
Split aarch64 and arm mirrors into separate files (mozes).
Allow new-config after slackpkg upgrade itself (PiterPUNK).
Modify blacklist regex line ending.
Thanks to Robby Workman.
ap/sqlite-3.35.2-x86_64-1.txz: Upgraded.
kde/kid3-3.8.6-x86_64-1.txz: Upgraded.
l/glib2-2.66.8-x86_64-1.txz: Upgraded.
l/pango-1.48.3-x86_64-2.txz: Rebuilt.
Eliminate dangling symlink. Thanks to upnort.
n/bind-9.16.13-x86_64-1.txz: Upgraded.
n/links-2.22-x86_64-1.txz: Upgraded.
n/network-scripts-15.0-noarch-14.txz: Rebuilt.
Fix discrepancies between rc.inet1.conf versions.
Move configuration of SLACC before DHCP.
Don't bring up a bridge interface if it will be brought up later by IP config.
Fix a typo in br_open when configuring IFOPTS: i->1.
Add SLAAC security and privacy options.
Fix typo of 'default'.
Added debugging output around new SLAAC enhancements.
Move enabling RA before SLAAC security section. Thanks to davjohn on LQ.
Fix domain name validation checks. Thanks to xbeastx74 on LQ for the report.
Thanks to Darren "Tadgy" Austin and Robby Workman.
n/wireless_tools-30.pre9-x86_64-5.txz: Rebuilt.
rc.wireless: don't leave interfaces in up state as it prevents SLAAC.
Take interface down at exit from rc.wireless. Thanks to davjohn.
x/libgee-0.20.4-x86_64-1.txz: Upgraded.
ap/vim-8.2.2585-x86_64-1.txz: Upgraded.
d/git-2.30.2-x86_64-1.txz: Upgraded.
l/python-dnspython-2.1.0-x86_64-1.txz: Added.
This is needed by samba-4.14.0.
l/python-markdown-3.3.4-x86_64-1.txz: Added.
This is needed by samba-4.14.0.
n/samba-4.14.0-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.2.2585-x86_64-1.txz: Upgraded.
xfce/elementary-xfce-0.15.2-x86_64-1.txz: Upgraded.
a/lrzip-0.641-x86_64-1.txz: Upgraded.
This update fixes the poor compression ratio reported by Toutatis.
a/smartmontools-7.2-x86_64-4.txz: Rebuilt.
Add support for /etc/default/smartd. Thanks to upnort.
a/sysvinit-2.99-x86_64-1.txz: Upgraded.
l/iso-codes-4.6.0-noarch-1.txz: Upgraded.
n/ca-certificates-20210308-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/fetchmail-6.4.17-x86_64-1.txz: Upgraded.
xfce/thunar-4.16.5-x86_64-1.txz: Upgraded.
a/e2fsprogs-1.46.2-x86_64-1.txz: Upgraded.
a/etc-15.0-x86_64-14.txz: Rebuilt.
/etc/hosts: added IPv6 loopback addresses.
a/hwdata-0.345-noarch-1.txz: Upgraded.
ap/hplip-3.20.6-x86_64-7.txz: Rebuilt.
Fixed desktop file to show category and icon properly.
Thanks to upnort and ArTourter.
d/git-2.30.1-x86_64-3.txz: Rebuilt.
Make sure the bash-completion file is installed in the proper location.
Thanks to Robby Workman.
d/python-setuptools-54.0.0-x86_64-1.txz: Upgraded.
d/vala-0.50.4-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.11_2-x86_64-1.txz: Upgraded.
l/python-pillow-8.1.1-x86_64-1.txz: Upgraded.
n/network-scripts-15.0-noarch-13.txz: Rebuilt.
Well, apparently there was a newer branch of this than the one that was
sitting in my usual pending queue, so here it is. This also includes some
additional documentation on the new features. NOTE: In order to use SLAAC
to configure IPv6, you'll need to have USE_SLAAC[x]="yes" for the interface
in rc.inet1.conf. This is to ensure that nobody is surprised to find their
machine fully exposed to the internet - better safe than sorry.
Thanks to Darren "Tadgy" Austin and Robby Workman.
n/wireless_tools-30.pre9-x86_64-4.txz: Rebuilt.
This package contains some updates to rc.wireless and rc.wireless.conf.
Thanks to Darren "Tadgy" Austin.
xfce/mousepad-0.5.3-x86_64-1.txz: Upgraded.
a/kernel-generic-5.10.19-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.19-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.19-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.19-x86-1.txz: Upgraded.
d/poke-1.0-x86_64-1.txz: Added.
This looks useful enough to add upon the initial upstream release.
d/python-setuptools-53.1.0-x86_64-1.txz: Upgraded.
k/kernel-source-5.10.19-noarch-1.txz: Upgraded.
l/babl-0.1.86-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.26-x86_64-1.txz: Upgraded.
n/network-scripts-15.0-noarch-12.txz: Rebuilt.
This has been rewritten to add support for IPv6, VLANs and link aggregation
(bonding). Thanks very much to tadgy!
x/xorgproto-2021.3-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.16.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/linux-5.11.x/kernel-generic-5.11.2-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-headers-5.11.2-x86-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-huge-5.11.2-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-modules-5.11.2-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-source-5.11.2-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/sysvinit-scripts-2.1-noarch-40.txz: Rebuilt.
Drop old /sbin/rescan-scsi-bus as the most recent version is already present
in the sg3_utils package as /usr/bin/rescan-scsi-bus.sh.
d/meson-0.57.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.62-x86_64-1.txz: Upgraded.
l/sg3_utils-1.45-x86_64-4.txz: Rebuilt.
Make a symlink /sbin/rescan-scsi-bus -> /usr/bin/rescan-scsi-bus.sh in case
anyone depends on the old path / name from the sysvinit-scripts package.
n/ipset-7.11-x86_64-1.txz: Upgraded.
n/krb5-1.19.1-x86_64-1.txz: Upgraded.
n/s-nail-14.9.21-x86_64-4.txz: Rebuilt.
If there's no mail, exit. Thanks to ardya.
testing/packages/linux-5.11/kernel-generic-5.11.0-x86_64-1.txz: Added.
testing/packages/linux-5.11/kernel-headers-5.11.0-x86-1.txz: Added.
testing/packages/linux-5.11/kernel-huge-5.11.0-x86_64-1.txz: Added.
testing/packages/linux-5.11/kernel-modules-5.11.0-x86_64-1.txz: Added.
testing/packages/linux-5.11/kernel-source-5.11.0-noarch-1.txz: Added.
