a/coreutils-9.3-x86_64-2.txz: Rebuilt.
Don't support AVX2 instructions for wc. Since it's possible to enable a
kernel option that causes the kernel to advertise AVX2 as available, but
leads to an illegal instruction if there's an attempt to actually use
AVX2 when old microcode is in use, this isn't reliable. Furthermore, wc
is used by the pkgtools and this sort of failure could lead to corruption
of the filesystem and/or package database. So, we'll disable this to be on
the safe side. Thanks to lancsuk for noticing this issue.
a/kernel-generic-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.48-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.48-x86-1.txz: Upgraded.
k/kernel-source-6.1.48-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/sysvinit-3.08-x86_64-1.txz: Upgraded.
ap/vim-9.0.1736-x86_64-1.txz: Upgraded.
l/zlib-1.3-x86_64-1.txz: Upgraded.
n/krb5-1.21.2-x86_64-1.txz: Upgraded.
Fix double-free in KDC TGS processing. An authenticated attacker could use
this to cause a denial-of-service.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39975
(* Security fix *)
n/mutt-2.2.11-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1736-x86_64-1.txz: Upgraded.
a/kernel-firmware-20230814_0e048b0-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.46-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.46-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.46-x86_64-1.txz: Upgraded.
ap/inxi-3.3.29_1-noarch-1.txz: Upgraded.
d/kernel-headers-6.1.46-x86-1.txz: Upgraded.
k/kernel-source-6.1.46-noarch-1.txz: Upgraded.
-ACPI_TINY_POWER_BUTTON n
ACPI_AC m -> y
ACPI_BATTERY m -> y
ACPI_BUTTON m -> y
ACPI_FAN m -> y
ACPI_THERMAL m -> y
kde/kirigami-addons-0.11.0-x86_64-1.txz: Upgraded.
n/bind-9.18.18-x86_64-1.txz: Upgraded.
n/httpd-2.4.57-x86_64-2.txz: Rebuilt.
rc.httpd: wait using pwait after stopping, fix usage to show force-restart.
Thanks to metaed.
n/net-snmp-5.9.4-x86_64-1.txz: Upgraded.
n/openvpn-2.6.6-x86_64-1.txz: Upgraded.
n/php-8.2.9-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Security issue with external entity loading in XML without enabling it.
Buffer mismanagement in phar_dir_read().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824
(* Security fix *)
x/xorg-server-xwayland-23.2.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.1.1/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/libcgroup-0.41-x86_64-11.txz: Rebuilt.
rc.cgconfig: set and use $CONFIG_DIR (/etc/cgconfig.d). Thanks to ZlatkO.
a/openssl-solibs-3.1.2-x86_64-2.txz: Rebuilt.
ap/vim-9.0.1697-x86_64-1.txz: Upgraded.
d/cmake-3.27.2-x86_64-1.txz: Upgraded.
l/fmt-10.1.0-x86_64-1.txz: Upgraded.
n/openssl-3.1.2-x86_64-2.txz: Rebuilt.
certwatch: use a persistent $STATEDIR. Thanks to ZlatkO.
xap/vim-gvim-9.0.1697-x86_64-1.txz: Upgraded.
a/aaa_libraries-15.1-x86_64-21.txz: Rebuilt.
Upgraded: libcap.so.2.69, liblzma.so.5.4.4, libboost*.so.1.82.0,
libglib-2.0.so.0.7600.4, libgmodule-2.0.so.0.7600.4, libgmp.so.10.5.0,
libgmpxx.so.4.7.0, libgobject-2.0.so.0.7600.4, libgthread-2.0.so.0.7600.4,
libjpeg.so.62.4.0, libpng16.so.16.40.0, libstdc++.so.6.0.32,
libtdb.so.1.4.9, libturbojpeg.so.0.3.0.
a/kernel-firmware-20230809_789aa81-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.45-x86_64-1.txz: Upgraded.
ap/pamixer-1.5-x86_64-7.txz: Rebuilt.
Recompiled against boost-1.83.0.
d/kernel-headers-6.1.45-x86-1.txz: Upgraded.
k/kernel-source-6.1.45-noarch-1.txz: Upgraded.
kde/kig-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/kopeninghours-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/krita-5.1.5-x86_64-12.txz: Rebuilt.
Recompiled against boost-1.83.0.
l/boost-1.83.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
The shared libraries from the previous version will stick around in
the aaa_libraries package for at least a month.
l/cryfs-0.10.3-x86_64-9.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/fcitx5-chinese-addons-5.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/libime-1.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Thanks to Heinz Wiesinger for these added python packages to implement
PEP 427 and PEP 517! Python modules are phasing out setup.py in favor of
building wheels, and then using python-installer to install them. These
are the bits needed to make that happen.
l/python-build-0.10.0-x86_64-1.txz: Added.
l/python-flit-core-3.9.0-x86_64-1.txz: Added.
l/python-glad2-2.0.4-x86_64-1.txz: Added.
l/python-installer-0.7.0-x86_64-1.txz: Added.
l/python-lxml-4.9.3-x86_64-1.txz: Added.
l/python-pyproject-hooks-1.0.0-x86_64-1.txz: Added.
l/python-tomli-w-1.0.0-x86_64-1.txz: Added.
l/python-wheel-0.41.1-x86_64-1.txz: Added.
n/nftables-1.0.8-x86_64-2.txz: Rebuilt.
Correctly generate nftables Python module using PEP 427/517 method.
Thanks to marav.
n/openssh-9.4p1-x86_64-1.txz: Upgraded.
a/sdparm-1.12-x86_64-3.txz: Rebuilt.
Recompiled against sg3_utils-1.48.
a/udisks-1.0.5-x86_64-11.txz: Rebuilt.
Recompiled against sg3_utils-1.48. Does anything still need this?
ap/vim-9.0.1678-x86_64-1.txz: Upgraded.
Applied the last patch from Bram Moolenaar.
RIP Bram, and thanks for your great work on VIM and your kindness to the
orphan children in Uganda.
If you'd like to honor Bram with a donation to his charity, please visit:
https://iccf-holland.org/
d/mercurial-6.5.1-x86_64-1.txz: Upgraded.
d/vala-0.56.10-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.27.7.1-x86_64-1.txz: Upgraded.
kde/sddm-0.20.0-x86_64-2.txz: Rebuilt.
Eliminate duplicate log messages polluting the first virtual console.
l/gtk4-4.10.5-x86_64-1.txz: Upgraded.
l/gvfs-1.50.6-x86_64-1.txz: Upgraded.
l/libgpod-0.8.3-x86_64-12.txz: Rebuilt.
Recompiled against sg3_utils-1.48.
l/netpbm-11.03.02-x86_64-1.txz: Upgraded.
l/sg3_utils-1.48-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/speech-dispatcher-0.11.5-x86_64-1.txz: Upgraded.
n/gnutls-3.8.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.3-x86_64-2.txz: Rebuilt.
Move 99-nfs.rules to the proper directory. Thanks to Petri Kaukasoina.
xap/vim-gvim-9.0.1678-x86_64-1.txz: Upgraded.
d/binutils-2.41-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-12.txz: Rebuilt.
Recompiled against binutils-2.41.
d/tree-sitter-0.20.8-x86_64-1.txz: Added.
This is a dependency for an interesting new feature of emacs-29.1.
e/emacs-29.1-x86_64-1.txz: Upgraded.
Compiled against tree-sitter-0.20.8. Grammar libraries for this can be
downloaded and installed from within Emacs - see the NEWS file for details.
l/gmp-6.3.0-x86_64-1.txz: Upgraded.
l/libarchive-3.7.1-x86_64-1.txz: Upgraded.
l/polkit-123-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-6.txz: Rebuilt.
makepkg: fix chown to avoid warning. Not sure how this one got missed for so
long. Thanks to lucabon.
d/cmake-3.27.1-x86_64-1.txz: Upgraded.
l/cfitsio-4.3.0-x86_64-1.txz: Upgraded.
n/curl-8.2.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
x/m17n-lib-1.8.3-x86_64-1.txz: Upgraded.
a/kernel-firmware-20230724_59fbffa-noarch-1.txz: Upgraded.
AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
From Tavis Ormandy's annoucement of the issue:
"The practical result here is that you can spy on the registers of other
processes. No system calls or privileges are required.
It works across virtual machines and affects all operating systems.
I have written a poc for this issue that's fast enough to reconstruct
keys and passwords as users log in."
For more information, see:
https://seclists.org/oss-sec/2023/q3/59https://www.cve.org/CVERecord?id=CVE-2023-20593
(* Security fix *)
a/kernel-generic-6.1.41-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.41-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.41-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.41-x86-1.txz: Upgraded.
k/kernel-source-6.1.41-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/tmux-3.3a-x86_64-2.txz: Rebuilt.
Patched to fix a crash when copying text. Thanks to nullptr, gnw, and Daedra.
d/parallel-20230722-noarch-1.txz: Upgraded.
l/libarchive-3.7.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.75-x86_64-2.txz: Rebuilt.
[PATCH] pipewire: add missing stdbool.h include to version.h.in.
Thanks to marav.
n/network-scripts-15.1-noarch-1.txz: Upgraded.
Added netconfig.8 manpage. Thanks to metaed.
extra/brltty/brltty-6.6-x86_64-1.txz: Upgraded.
a/kernel-generic-6.1.40-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.40-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.40-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.40-x86-1.txz: Upgraded.
k/kernel-source-6.1.40-noarch-1.txz: Upgraded.
l/imagemagick-7.1.1_14-x86_64-1.txz: Upgraded.
n/whois-5.5.18-x86_64-1.txz: Upgraded.
Updated the .ga TLD server.
Added new recovered IPv4 allocations.
Removed the delegation of 43.0.0.0/8 to JPNIC.
Removed 12 new gTLDs which are no longer active.
Improved the man page source, courtesy of Bjarni Ingi Gislason.
Added the .edu.za SLD server.
Updated the .alt.za SLD server.
Added the -ru and -su NIC handles servers.
x/glu-9.0.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
l/librsvg-2.56.3-x86_64-1.txz: Upgraded.
l/nodejs-20.5.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.75-x86_64-1.txz: Upgraded.
l/talloc-2.4.1-x86_64-1.txz: Upgraded.
l/tdb-1.4.9-x86_64-1.txz: Upgraded.
l/tevent-0.15.0-x86_64-1.txz: Upgraded.
l/xxHash-0.8.2-x86_64-1.txz: Upgraded.
n/ca-certificates-20230721-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.htmlhttps://www.samba.org/samba/security/CVE-2023-3347.htmlhttps://www.samba.org/samba/security/CVE-2023-34966.htmlhttps://www.samba.org/samba/security/CVE-2023-34967.htmlhttps://www.samba.org/samba/security/CVE-2023-34968.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-2127https://www.cve.org/CVERecord?id=CVE-2023-3347https://www.cve.org/CVERecord?id=CVE-2023-34966https://www.cve.org/CVERecord?id=CVE-2023-34967https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/tar-1.35-x86_64-1.txz: Upgraded.
x/mesa-23.2.0_rc1-x86_64-1.txz: Upgraded.
OK, usually I won't use rc versions even in -current, but in this case I'm
going to. Some time ago my desktop machine with RS880 / Radeon HD 4290
graphics on the motherboard began acting up with the screen going black
for a few seconds before returning. This after an hour or so of uptime,
usually, then becoming more frequent with more uptime. Eventually I'd lose
mouse and/or keyboard too, and have to reboot. Here's a couple of errors
from dmesg:
[ 9942.677675] [drm:r600_ib_test [radeon]] *ERROR* radeon: fence wait
timed out.
[ 9942.677741] [drm:radeon_ib_ring_tests [radeon]] *ERROR* radeon: failed
testing IB on GFX ring (-110).
I also noticed that the backtrace started with ttm_bo_release, and seeing
this in recent kernel patches had been chalking this up to a kernel bug.
I *still* think it could be, and there are a bunch of kernel patches coming
soon to -stable from Alex Deucher that could address the underlying causes
(not for 6.1.39 though, unfortunately). Anyway, I'd recently figured out
that reverting Mesa sufficiently made the issue go away. And now it seems
this 23.2.0 release candidate also fixes the issue.
Yes, I could go search for the commits to cherry-pick, but we'll be moving
to mesa-23.2.0 when it's released, so we might as well start testing now.
ap/sudo-1.9.14p2-x86_64-1.txz: Upgraded.
This is a bugfix release.
d/meson-1.2.0-x86_64-1.txz: Upgraded.
xap/sane-1.2.1-x86_64-1.txz: Upgraded.
extra/xv/xv-4.2.0-x86_64-1.txz: Upgraded.
Hey folks! It's time to acknowledge another one of those milestones... 30 (!)
years since I made the post linked below announcing Slackware's first stable
release after months of beta testing. Thanks to all of our dedicated
contributors, loyal users, and those who have helped us to keep the lights on
here. It's really been a remarkable journey that I couldn't have anticipated
starting out back in 1993. Cheers! :-)
https://www.slackware.com/announce/1.0.php
kde/sddm-0.20.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_13-x86_64-1.txz: Upgraded.
n/nghttp2-1.55.1-x86_64-1.txz: Upgraded.
xap/xlockmore-5.72-x86_64-1.txz: Upgraded.