slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-26 09:58:59 +01:00

History

Patrick J Volkerding 1e755d579a Tue Oct 1 18:01:38 UTC 2024 Several ELF objects were found to have rpaths pointing into /tmp, a world writable directory. This could have allowed a local attacker to launch denial of service attacks or execute arbitrary code when the affected binaries are run by placing crafted ELF objects in the /tmp rpath location. All rpaths with an embedded /tmp path have been scrubbed from the binaries, and makepkg has gained a lint feature to detect these so that they won't creep back in. a/kernel-firmware-20241001_95bfe08-noarch-1.txz: Upgraded. a/kernel-generic-6.10.12-x86_64-1.txz: Upgraded. a/pkgtools-15.1-noarch-12.txz: Rebuilt. makepkg: when looking for ELF objects with --remove-rpaths or --remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part of the directory or filename. Also warn about /tmp rpaths after the package is built. ap/cups-2.4.11-x86_64-1.txz: Upgraded. ap/cups-browsed-2.0.1-x86_64-2.txz: Rebuilt. Mitigate security issue that could lead to a denial of service or the execution of arbitrary code. Rebuilt with --with-browseremoteprotocols=none to disable incoming connections, since this daemon has been shown to be insecure. If you actually use cups-browsed, be sure to install the new /etc/cups/cups-browsed.conf.new containing this line: BrowseRemoteProtocols none For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 (* Security fix ) d/kernel-headers-6.10.12-x86-1.txz: Upgraded. d/llvm-18.1.8-x86_64-3.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) d/luajit-2.1.1727621189-x86_64-1.txz: Upgraded. d/ruby-3.3.5-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) k/kernel-source-6.10.12-noarch-1.txz: Upgraded. kde/kimageformats-5.116.0-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. kde/kio-extras-23.08.5-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. kde/krita-5.2.5-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. kde/libindi-2.1.0-x86_64-1.txz: Upgraded. l/cryfs-0.10.3-x86_64-13.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) l/espeak-ng-1.51.1-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) l/ffmpeg-7.1-x86_64-1.txz: Upgraded. l/gegl-0.4.48-x86_64-3.txz: Rebuilt. Recompiled against openexr-3.3.0. l/gst-plugins-bad-free-1.24.8-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. l/imagemagick-7.1.1_38-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. l/libgsf-1.14.53-x86_64-1.txz: Upgraded. l/librsvg-2.58.5-x86_64-1.txz: Upgraded. l/libvncserver-0.9.14-x86_64-3.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) l/mozjs128-128.3.0esr-x86_64-1.txz: Upgraded. l/netpbm-11.08.00-x86_64-1.txz: Upgraded. l/opencv-4.10.0-x86_64-3.txz: Rebuilt. Recompiled against openexr-3.3.0. l/openexr-3.3.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/python-glad2-2.0.8-x86_64-1.txz: Upgraded. l/python-pyproject-hooks-1.2.0-x86_64-1.txz: Upgraded. l/spirv-llvm-translator-18.1.4-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) l/woff2-20231106_0f4d304-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) n/openobex-1.7.2-x86_64-6.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) x/marisa-0.2.6-x86_64-11.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) xap/gimp-2.10.38-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. xap/mozilla-firefox-128.3.0esr-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-47 https://www.cve.org/CVERecord?id=CVE-2024-9392 https://www.cve.org/CVERecord?id=CVE-2024-9393 https://www.cve.org/CVERecord?id=CVE-2024-9394 https://www.cve.org/CVERecord?id=CVE-2024-8900 https://www.cve.org/CVERecord?id=CVE-2024-9396 https://www.cve.org/CVERecord?id=CVE-2024-9397 https://www.cve.org/CVERecord?id=CVE-2024-9398 https://www.cve.org/CVERecord?id=CVE-2024-9399 https://www.cve.org/CVERecord?id=CVE-2024-9400 https://www.cve.org/CVERecord?id=CVE-2024-9401 https://www.cve.org/CVERecord?id=CVE-2024-9402 ( Security fix ) xap/xlockmore-5.80-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/: Upgraded. testing/packages/kernel-generic-6.11.1-x86_64-1.txz: Upgraded. testing/packages/kernel-headers-6.11.1-x86-1.txz: Upgraded. testing/packages/kernel-source-6.11.1-noarch-1.txz: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.		2024-10-01 22:04:37 +02:00
..
audacious	Fri Sep 27 21:10:23 UTC 2024	2024-09-28 00:02:43 +02:00
audacious-plugins	Fri Sep 27 21:10:23 UTC 2024	2024-09-28 00:02:43 +02:00
blackbox	Mon Oct 10 18:45:33 UTC 2022	2022-10-11 07:00:35 +02:00
blueman	Fri Jul 26 18:26:05 UTC 2024	2024-07-26 21:06:15 +02:00
ddd	Mon Aug 12 18:41:11 UTC 2024	2024-08-12 21:02:23 +02:00
easytag	Sun Nov 20 00:54:24 UTC 2022	2022-11-20 07:00:14 +01:00
electricsheep	Sun May 12 19:10:12 UTC 2024	2024-05-12 21:28:58 +02:00
ffmpegthumbnailer	Tue Aug 13 20:33:27 UTC 2024	2024-08-13 23:09:21 +02:00
fluxbox	Mon Jan 17 22:44:42 UTC 2022	2022-01-18 08:59:56 +01:00
freerdp	Tue Aug 13 20:33:27 UTC 2024	2024-08-13 23:09:21 +02:00
fvwm	Sun May 12 19:10:12 UTC 2024	2024-05-12 21:28:58 +02:00
geeqie	Mon Sep 23 20:01:35 UTC 2024	2024-09-23 22:28:56 +02:00
gftp	Sun May 12 19:10:12 UTC 2024	2024-05-12 21:28:58 +02:00
gimp	Tue Oct 1 18:01:38 UTC 2024	2024-10-01 22:04:37 +02:00
gkrellm	Wed Mar 8 20:26:54 UTC 2023	2023-03-08 22:40:50 +01:00
gnuchess	Sun May 12 19:10:12 UTC 2024	2024-05-12 21:28:58 +02:00
gnuplot	Sat Dec 30 19:53:07 UTC 2023	2023-12-30 21:30:31 +01:00
gparted	Wed Feb 28 18:36:48 UTC 2024	2024-02-28 20:34:19 +01:00
gucharmap	Mon Sep 16 19:58:49 UTC 2024	2024-09-16 23:01:19 +02:00
gv	Mon Feb 15 19:23:44 UTC 2021	2021-02-16 08:59:54 +01:00
hexchat	Mon Jun 10 19:23:44 UTC 2024	2024-06-10 22:00:40 +02:00
libnma	Mon Jan 9 20:10:55 UTC 2023	2023-01-09 21:34:48 +01:00
mozilla-firefox	Wed Aug 7 04:03:09 UTC 2024	2024-08-07 07:22:03 +02:00
mozilla-thunderbird	Wed Aug 7 04:03:09 UTC 2024	2024-08-07 07:22:03 +02:00
MPlayer	Tue Aug 13 20:33:27 UTC 2024	2024-08-13 23:09:21 +02:00
mpv	Tue Sep 24 18:42:58 UTC 2024	2024-09-24 21:36:52 +02:00
network-manager-applet	Thu Oct 5 21:44:34 UTC 2023	2023-10-06 00:40:57 +02:00
NetworkManager-openvpn	Mon Jun 24 21:17:14 UTC 2024	2024-06-24 23:59:55 +02:00
pan	Mon Aug 12 18:41:11 UTC 2024	2024-08-12 21:02:23 +02:00
pavucontrol	Mon Aug 5 21:58:24 UTC 2024	2024-08-06 01:03:55 +02:00
pidgin	Mon Jun 10 19:23:44 UTC 2024	2024-06-10 22:00:40 +02:00
rdesktop	Sun May 12 19:10:12 UTC 2024	2024-05-12 21:28:58 +02:00
rxvt-unicode	Mon Jun 10 19:23:44 UTC 2024	2024-06-10 22:00:40 +02:00
sane	Sun May 26 00:07:39 UTC 2024	2024-05-26 02:44:46 +02:00
seamonkey	Tue Sep 3 21:07:09 UTC 2024	2024-09-04 00:33:23 +02:00
seyon	Sun May 12 19:10:12 UTC 2024	2024-05-12 21:28:58 +02:00
ssr	Tue Aug 13 20:33:27 UTC 2024	2024-08-13 23:09:21 +02:00
windowmaker	Wed Dec 6 05:03:11 UTC 2023	2023-12-06 07:07:29 +01:00
x11-ssh-askpass	Mon Feb 15 19:23:44 UTC 2021	2021-02-16 08:59:54 +01:00
x3270	Mon Feb 26 20:09:43 UTC 2024	2024-02-26 22:05:23 +01:00
xaos	Tue Jul 23 18:54:25 UTC 2024	2024-07-23 22:50:05 +02:00
xgames	Sun May 12 19:10:12 UTC 2024	2024-05-12 21:28:58 +02:00
xine-lib	Tue Aug 13 20:33:27 UTC 2024	2024-08-13 23:09:21 +02:00
xine-ui	Sat May 4 17:37:11 UTC 2024	2024-05-04 20:01:05 +02:00
xlockmore	Sat Sep 14 18:15:34 UTC 2024	2024-09-14 20:58:45 +02:00
xmms	Sun May 12 19:10:12 UTC 2024	2024-05-12 21:28:58 +02:00
xpaint	Wed Dec 6 05:03:11 UTC 2023	2023-12-06 07:07:29 +01:00
xpdf	Fri Feb 9 21:48:09 UTC 2024	2024-02-09 23:28:55 +01:00
xsane	Sun May 12 19:10:12 UTC 2024	2024-05-12 21:28:58 +02:00
xscreensaver	Tue Aug 13 20:33:27 UTC 2024	2024-08-13 23:09:21 +02:00
xsnow	Sun May 26 00:07:39 UTC 2024	2024-05-26 02:44:46 +02:00
FTBFSlog	Mon Oct 10 18:45:33 UTC 2022	2022-10-11 07:00:35 +02:00
vim-gvim	Slackware 13.0	2018-05-31 22:41:17 +02:00