diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 794c037f0..594a0220f 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,72 @@ +Fri Mar 31 18:01:09 UTC 2023 +a/kernel-generic-6.1.22-x86_64-1.txz: Upgraded. +a/kernel-huge-6.1.22-x86_64-1.txz: Upgraded. +a/kernel-modules-6.1.22-x86_64-1.txz: Upgraded. +a/mkinitrd-1.4.11-x86_64-32.txz: Rebuilt. + Add /lib/firmware directory to _initrd-tree.tar.gz. Thanks to walecha. +d/cmake-3.26.2-x86_64-1.txz: Upgraded. +d/kernel-headers-6.1.22-x86-1.txz: Upgraded. +d/llvm-16.0.0-x86_64-1.txz: Upgraded. + Shared library .so-version bump. + Thanks to Heinz Wiesinger for the assistance. + Compiled with -DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON + -DCLANG_LINK_CLANG_DYLIB=ON. + I think we'll get 16.0.1 next week if we need to make any adjustments. +d/ruby-3.2.2-x86_64-1.txz: Upgraded. + This update fixes security issues: + ReDoS vulnerability in URI. + ReDoS vulnerability in Time. + For more information, see: + https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ + https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ + https://www.cve.org/CVERecord?id=CVE-2023-28755 + https://www.cve.org/CVERecord?id=CVE-2023-28756 + (* Security fix *) +k/kernel-source-6.1.22-noarch-1.txz: Upgraded. +kde/kdevelop-22.12.3-x86_64-2.txz: Rebuilt. + Recompiled against llvm-16.0.0. +l/openexr-3.1.7-x86_64-1.txz: Upgraded. +l/qt5-5.15.8_20230325_c1a3e988-x86_64-1.txz: Upgraded. + Compiled against llvm-16.0.0. +l/spirv-llvm-translator-16.0.0-x86_64-1.txz: Upgraded. + Compiled against llvm-16.0.0. + Thanks to Heinz Wiesinger for finding the fix for -DBUILD_SHARED_LIBS=ON. +n/pssh-2.3.5-x86_64-1.txz: Upgraded. +n/samba-4.18.1-x86_64-1.txz: Upgraded. + This update fixes security issues: + An incomplete access check on dnsHostName allows authenticated but otherwise + unprivileged users to delete this attribute from any object in the directory. + The Samba AD DC administration tool, when operating against a remote LDAP + server, will by default send new or reset passwords over a signed-only + connection. + The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential + attribute disclosure via LDAP filters was insufficient and an attacker may + be able to obtain confidential BitLocker recovery keys from a Samba AD DC. + Installations with such secrets in their Samba AD should assume they have + been obtained and need replacing. + For more information, see: + https://www.samba.org/samba/security/CVE-2023-0225.html + https://www.samba.org/samba/security/CVE-2023-0922.html + https://www.samba.org/samba/security/CVE-2023-0614.html + https://www.cve.org/CVERecord?id=CVE-2023-0225 + https://www.cve.org/CVERecord?id=CVE-2023-0922 + https://www.cve.org/CVERecord?id=CVE-2023-0614 + (* Security fix *) +x/mesa-23.0.1-x86_64-2.txz: Rebuilt. + Recompiled against llvm-16.0.0 and spirv-llvm-translator-16.0.0. +xap/seamonkey-2.53.16-x86_64-1.txz: Upgraded. + This update contains security fixes and improvements. + For more information, see: + https://www.seamonkey-project.org/releases/seamonkey2.53.16 + (* Security fix *) +isolinux/initrd.img: Rebuilt. +kernels/*: Upgraded. +testing/packages/rust-1.68.2-x86_64-2.txz: Rebuilt. + Use the bundled LLVM rather than the system LLVM. + This version of Rust actually does compile with llvm-16.0.0, but since it + bundles LLVM 15 let's let it use that for now. +usb-and-pxe-installers/usbboot.img: Rebuilt. ++--------------------------+ Wed Mar 29 20:56:21 UTC 2023 a/glibc-zoneinfo-2023c-noarch-1.txz: Upgraded. This package provides the latest timezone updates. |