a/hostname-3.24-x86_64-1.txz: Upgraded.
a/kernel-firmware-20241010_c410e4c-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.14-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-39.txz: Rebuilt.
Symlink /boot/remove-orphaned-initrds into /usr/sbin to get it in the $PATH.
a/pkgtools-15.1-noarch-14.txz: Rebuilt.
Renamed kernel-backup to make-kernel-backup.
We'll leave it in /boot where it's more likely to be noticed, but also
add a symlink in /usr/sbin so that it's in the $PATH.
Support /etc/default/make-kernel-backup.
Test to see if $KERNEL_FILE is actually a Linux kernel.
d/kernel-headers-6.10.14-x86-1.txz: Upgraded.
k/kernel-source-6.10.14-noarch-1.txz: Upgraded.
l/python-sphinx-8.1.0-x86_64-1.txz: Upgraded.
l/python-sphinx_rtd_theme-3.0.1-x86_64-1.txz: Upgraded.
n/c-ares-1.34.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.3.1esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.3.1esr/releasenotes/
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.11.3-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.11.3-x86-1.txz: Upgraded.
testing/packages/kernel-source-6.11.3-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
a/kernel-firmware-20241001_95bfe08-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.12-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-12.txz: Rebuilt.
makepkg: when looking for ELF objects with --remove-rpaths or
--remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
of the directory or filename.
Also warn about /tmp rpaths after the package is built.
ap/cups-2.4.11-x86_64-1.txz: Upgraded.
ap/cups-browsed-2.0.1-x86_64-2.txz: Rebuilt.
Mitigate security issue that could lead to a denial of service or
the execution of arbitrary code.
Rebuilt with --with-browseremoteprotocols=none to disable incoming
connections, since this daemon has been shown to be insecure. If you
actually use cups-browsed, be sure to install the new
/etc/cups/cups-browsed.conf.new containing this line:
BrowseRemoteProtocols none
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
(* Security fix *)
d/kernel-headers-6.10.12-x86-1.txz: Upgraded.
d/llvm-18.1.8-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
d/luajit-2.1.1727621189-x86_64-1.txz: Upgraded.
d/ruby-3.3.5-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
k/kernel-source-6.10.12-noarch-1.txz: Upgraded.
kde/kimageformats-5.116.0-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/kio-extras-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/krita-5.2.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/libindi-2.1.0-x86_64-1.txz: Upgraded.
l/cryfs-0.10.3-x86_64-13.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/espeak-ng-1.51.1-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/ffmpeg-7.1-x86_64-1.txz: Upgraded.
l/gegl-0.4.48-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/gst-plugins-bad-free-1.24.8-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/imagemagick-7.1.1_38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/libgsf-1.14.53-x86_64-1.txz: Upgraded.
l/librsvg-2.58.5-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/mozjs128-128.3.0esr-x86_64-1.txz: Upgraded.
l/netpbm-11.08.00-x86_64-1.txz: Upgraded.
l/opencv-4.10.0-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/openexr-3.3.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-glad2-2.0.8-x86_64-1.txz: Upgraded.
l/python-pyproject-hooks-1.2.0-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-18.1.4-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/woff2-20231106_0f4d304-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
n/openobex-1.7.2-x86_64-6.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
x/marisa-0.2.6-x86_64-11.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
xap/gimp-2.10.38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
xap/mozilla-firefox-128.3.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2024-47https://www.cve.org/CVERecord?id=CVE-2024-9392https://www.cve.org/CVERecord?id=CVE-2024-9393https://www.cve.org/CVERecord?id=CVE-2024-9394https://www.cve.org/CVERecord?id=CVE-2024-8900https://www.cve.org/CVERecord?id=CVE-2024-9396https://www.cve.org/CVERecord?id=CVE-2024-9397https://www.cve.org/CVERecord?id=CVE-2024-9398https://www.cve.org/CVERecord?id=CVE-2024-9399https://www.cve.org/CVERecord?id=CVE-2024-9400https://www.cve.org/CVERecord?id=CVE-2024-9401https://www.cve.org/CVERecord?id=CVE-2024-9402
(* Security fix *)
xap/xlockmore-5.80-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.11.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.11.1-x86-1.txz: Upgraded.
testing/packages/kernel-source-6.11.1-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20240913_6c88d9b-noarch-1.txz: Upgraded.
a/os-prober-1.83-x86_64-2.txz: Rebuilt.
I have seen the reports that os-prober can take an excessive amount of time,
but haven't had it take more than a minute and a half here on my most
populated (and fairly slow) machine. But I've found and applied a patch that
might help... let's see if this speeds things up on affected machines.
d/git-2.46.1-x86_64-1.txz: Upgraded.
d/python-setuptools-75.0.0-x86_64-1.txz: Upgraded.
l/at-spi2-core-2.54.0-x86_64-1.txz: Upgraded.
l/gsettings-desktop-schemas-47-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-3.0.4-x86_64-1.txz: Upgraded.
l/python-pysol_cards-0.18.0-x86_64-1.txz: Upgraded.
l/vte-0.78.0-x86_64-1.txz: Upgraded.
testing/packages/kernel-generic-6.11.0-x86_64-1.txz: Added.
testing/packages/kernel-headers-6.11.0-x86-1.txz: Added.
testing/packages/kernel-source-6.11.0-noarch-1.txz: Added.
Well folks, we have some more interesting stuff in /testing now.
Our good friend LuckyCyborg posted a while back about our trials with
GRUB2, and that we were banging our heads against a wall for no reason
trying to bend GRUB2 with our 09_slackware_linux grub.d script instead
of changing our kernel/initrd naming scheme to vmlinux-6.10.1-generic
and initrd-6.10.1-generic.img. And, as is often the case, our friend is
exactly correct. Once we stopped trying to swim against the current, GRUB2
started behaving as it should.
The updates in /testing change the kernel naming scheme thusly, and modify
the geninitrd script in the mkinitrd package to also use this naming
scheme. And, of course, 09_slackware_linux is removed from GRUB2, and the
10_linux script is only lightly modified.
Because lilo and elilo work with the symlinks to the kernel and initrd,
they shouldn't care anout this change.
We've probably got 6.9.11 coming tomorrow. Unless I hear that I should stop
the presses on this change, it's likely that those kernels will be updated
using the new naming scheme and the mkinitrd and grub updates will be moved
into the main tree from /testing.
We'll stick with 6.9 in the main tree for now because I'm still encountering
suspend failure with the 6.10 kernel here.
Enjoy! :-)
a/kernel-firmware-20240723_b37d247-noarch-1.txz: Upgraded.
ap/mpg123-1.32.6-x86_64-2.txz: Rebuilt.
l/libxml2-2.13.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fix XXE protection in downstream code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-40896
(* Security fix *)
l/mozilla-nss-3.102.1-x86_64-1.txz: Upgraded.
l/nodejs-20.16.0-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-8.2.0-x86_64-1.txz: Upgraded.
l/v4l-utils-1.28.1-x86_64-1.txz: Upgraded.
n/c-ares-1.32.3-x86_64-1.txz: Upgraded.
n/curl-8.9.0-x86_64-1.txz: Upgraded.
n/htdig-3.2.0b6-x86_64-10.txz: Rebuilt.
Patch XSS vulnerability. Thanks to jayjwa.
Get this out of cgi-bin. Thanks to LuckyCyborg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2007-6110
(* Security fix *)
n/libtirpc-1.3.5-x86_64-1.txz: Upgraded.
extra/fltk/fltk-1.3.9-x86_64-2.txz: Rebuilt.
extra/tigervnc/tigervnc-1.13.1-x86_64-6.txz: Rebuilt.
Not sure why 1.14.0 isn't compiling, but we'll rebuild this for now.
testing/packages/grub-2.12-x86_64-12.txz: Upgraded.
Remove 09_slackware_linux.
10_linux: don't rename Slackware ;-)
This should configure the renamed kernel/initrd perfectly.
Perhaps 10_linux should no longer accept initrd.gz as a valid name?
For now it is accepted to avoid disrupting existing workflows.
testing/packages/kernel-generic-6.10.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.10.1-x86-1.txz: Upgraded.
testing/packages/kernel-huge-6.10.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-modules-6.10.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-source-6.10.1-noarch-1.txz: Upgraded.
testing/packages/mkinitrd-1.4.11-x86_64-35.txz: Upgraded.
geninitrd: create initrd with initrd-version-name.img filename.
Make compat symlinks by default.
Always add LVM (I've seen it mistakenly skipped... if we can get to the
bottom of that then we'll stop always adding it)
Add /etc/default/geninitrd for configuration.
testing/packages/kernel-generic-5.4.0_rc8-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-5.4.0_rc8-x86-1.txz: Upgraded.
testing/packages/kernel-huge-5.4.0_rc8-x86_64-1.txz: Upgraded.
testing/packages/kernel-modules-5.4.0_rc8-x86_64-1.txz: Upgraded.
testing/packages/kernel-source-5.4.0_rc8-noarch-1.txz: Upgraded.
-VBOXSF_FS m
+X86_INTEL_TSX_MODE_AUTO n
+X86_INTEL_TSX_MODE_OFF y
+X86_INTEL_TSX_MODE_ON n
ap/alsa-utils-1.2.1-x86_64-1.txz: Upgraded.
l/alsa-lib-1.2.1-x86_64-1.txz: Upgraded.
l/alsa-plugins-1.2.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.9_4-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/alsa-lib-1.2.1-x86_64-1_alsa.txz: Upgraded.
extra/pure-alsa-system/alsa-plugins-1.2.1-x86_64-1_alsa.txz: Upgraded.
testing/packages/kernel-generic-5.4.0_rc7-x86_64-2.txz: Rebuilt.
testing/packages/kernel-headers-5.4.0_rc7-x86-2.txz: Rebuilt.
testing/packages/kernel-huge-5.4.0_rc7-x86_64-2.txz: Rebuilt.
testing/packages/kernel-modules-5.4.0_rc7-x86_64-2.txz: Rebuilt.
testing/packages/kernel-source-5.4.0_rc7-noarch-2.txz: Rebuilt.
CRYPTO_CRC32C_INTEL m -> y
Make modules before cleaning up the source tree. This does some magic in
Module.symvers that fixes building the NVIDIA kernel modules.