| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Tue Oct 31 18:49:18 UTC 2023...extra/php81/php81-8.1.25-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.25
20231031184918_15.0 |   Patrick J Volkerding | 2023-11-01 | 1 | -2/+2 |
| * | Thu Sep 28 21:37:06 UTC 2023...extra/php81/php81-8.1.24-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.24
patches/packages/mozilla-firefox-115.3.1esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains a security fix.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
20230928213706_15.0 | Patrick J Volkerding | 2023-09-29 | 1 | -2/+2 |
| * | Fri Sep 1 20:16:14 UTC 2023...extra/php81/php81-8.1.23-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.23
20230901201614_15.0 | Patrick J Volkerding | 2023-09-02 | 1 | -2/+2 |
| * | Fri Aug 4 20:17:36 UTC 2023...extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
loading in XML without enabling it).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-3823
(* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded.
Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added.
We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
https://www.cve.org/CVERecord?id=CVE-2023-4045
https://www.cve.org/CVERecord?id=CVE-2023-4046
https://www.cve.org/CVERecord?id=CVE-2023-4047
https://www.cve.org/CVERecord?id=CVE-2023-4048
https://www.cve.org/CVERecord?id=CVE-2023-4049
https://www.cve.org/CVERecord?id=CVE-2023-4050
https://www.cve.org/CVERecord?id=CVE-2023-4052
https://www.cve.org/CVERecord?id=CVE-2023-4054
https://www.cve.org/CVERecord?id=CVE-2023-4055
https://www.cve.org/CVERecord?id=CVE-2023-4056
https://www.cve.org/CVERecord?id=CVE-2023-4057
(* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded.
PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
branch because Windows has made changes that break Samba 4.15.x. The last
4.15.x will be retained in /pasture as a fallback. There may be some
required configuration changes with this, but we've kept using MIT Kerberos
to try to have the behavior change as little as possible. Upgrade carefully.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.html
https://www.samba.org/samba/security/CVE-2023-3347.html
https://www.samba.org/samba/security/CVE-2023-34966.html
https://www.samba.org/samba/security/CVE-2023-34967.html
https://www.samba.org/samba/security/CVE-2023-34968.html
https://www.cve.org/CVERecord?id=CVE-2022-2127
https://www.cve.org/CVERecord?id=CVE-2023-3347
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://www.cve.org/CVERecord?id=CVE-2023-34967
https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
20230804201736_15.0 | Patrick J Volkerding | 2023-08-05 | 1 | -2/+2 |
| * | Fri Jun 9 01:06:21 UTC 2023...extra/php81/php81-8.1.20-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.20
(* Security fix *)
patches/packages/mozilla-thunderbird-102.12.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.12.0/releasenotes/
(* Security fix *)
patches/packages/python3-3.9.17-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
urllib.parse.urlsplit() now strips leading C0 control and space characters
following the specification for URLs defined by WHATWG.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24329
(* Security fix *)
20230609010621_15.0 | Patrick J Volkerding | 2023-06-09 | 1 | -2/+2 |
| * | Sun May 14 17:03:16 UTC 2023...extra/php80/php80-8.0.28-x86_64-2_slack15.0.txz: Rebuilt.
This update removes extension=xmlrpc from the php.ini files.
extra/php81/php81-8.1.19-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.19
20230514170316_15.0 | Patrick J Volkerding | 2023-05-15 | 1 | -2/+2 |
| * | Thu Apr 13 22:25:18 UTC 2023...extra/php81/php81-8.1.17-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.17
20230413222518_15.0 | Patrick J Volkerding | 2023-04-14 | 1 | -2/+2 |
| * | Wed Feb 15 19:48:10 UTC 2023...patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP multi-header compression denial of service.
HSTS amnesia with --parallel.
HSTS ignored on multiple requests.
For more information, see:
https://curl.se/docs/CVE-2023-23916.html
https://curl.se/docs/CVE-2023-23915.html
https://curl.se/docs/CVE-2023-23914.html
https://www.cve.org/CVERecord?id=CVE-2023-23916
https://www.cve.org/CVERecord?id=CVE-2023-23915
https://www.cve.org/CVERecord?id=CVE-2023-23914
(* Security fix *)
patches/packages/git-2.35.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link.
These two may be combined to include arbitrary files based on known
paths on the victim's filesystem within the malicious repository's
working copy, allowing for data exfiltration in a similar manner as
CVE-2022-39253.
By feeding a crafted input to "git apply", a path outside the
working tree can be overwritten as the user who is running "git
apply".
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22490
https://www.cve.org/CVERecord?id=CVE-2023-23946
(* Security fix *)
20230215194810_15.0 | Patrick J Volkerding | 2023-02-16 | 1 | -2/+2 |
| * | Sat Jan 7 01:50:00 UTC 2023...extra/php80/php80-8.0.27-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
extra/php81/php81-8.1.14-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz: Upgraded.
Fixed memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures.
For more information, see:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
https://www.cve.org/CVERecord?id=CVE-2021-43527
(* Security fix *)
patches/packages/php-7.4.33-x86_64-2_slack15.0.txz: Rebuilt.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
20230107015000_15.0 | Patrick J Volkerding | 2023-01-07 | 1 | -2/+2 |
| * | Mon Oct 31 23:31:36 UTC 2022...extra/php80/php80-8.0.25-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630
https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
extra/php81/php81-8.1.12-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31630
https://www.cve.org/CVERecord?id=CVE-2022-37454
(* Security fix *)
patches/packages/mozilla-thunderbird-102.4.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.4.1/releasenotes/
patches/packages/vim-9.0.0814-x86_64-1_slack15.0.txz: Upgraded.
A vulnerability was found in vim and classified as problematic. Affected by
this issue is the function qf_update_buffer of the file quickfix.c of the
component autocmd Handler. The manipulation leads to use after free. The
attack may be launched remotely. Upgrading to version 9.0.0805 is able to
address this issue.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-3705
(* Security fix *)
patches/packages/vim-gvim-9.0.0814-x86_64-1_slack15.0.txz: Upgraded.
20221031233136_15.0 | Patrick J Volkerding | 2022-11-01 | 1 | -2/+2 |
| * | Fri Sep 30 17:52:21 UTC 2022...extra/php80/php80-8.0.24-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
phar wrapper: DOS when using quine gzip file.
Don't mangle HTTP variable names that clash with ones that have a specific
semantic meaning.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
(* Security fix *)
extra/php81/php81-8.1.11-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
phar wrapper: DOS when using quine gzip file.
Don't mangle HTTP variable names that clash with ones that have a specific
semantic meaning.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
(* Security fix *)
patches/packages/mozilla-thunderbird-102.3.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.3.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39236
(* Security fix *)
patches/packages/php-7.4.32-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
phar wrapper: DOS when using quine gzip file.
Don't mangle HTTP variable names that clash with ones that have a specific
semantic meaning.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
(* Security fix *)
patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.14
(* Security fix *)
patches/packages/vim-9.0.0623-x86_64-1_slack15.0.txz: Upgraded.
Fixed use-after-free and stack-based buffer overflow.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3324
(* Security fix *)
patches/packages/vim-gvim-9.0.0623-x86_64-1_slack15.0.txz: Upgraded.
20220930175221_15.0 | Patrick J Volkerding | 2022-10-01 | 1 | -2/+2 |
| * | Thu Jul 7 23:03:01 UTC 2022...patches/packages/gnupg2-2.2.36-x86_64-1_slack15.0.txz: Upgraded.
g10: Fix possibly garbled status messages in NOTATION_DATA. This bug could
trick GPGME and other parsers to accept faked status lines.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903
(* Security fix *)
extra/php81/php81-8.1.8-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
Fileinfo: Fixed bug #81723 (Heap buffer overflow in finfo_buffer).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627
(* Security fix *)
20220707230301_15.0 | Patrick J Volkerding | 2022-07-08 | 1 | -2/+2 |
| * | Mon Jun 13 21:02:58 UTC 2022...patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
mysqlnd/pdo password buffer overflow.
Uninitialized array in pg_query_params().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
(* Security fix *)
extra/php80/php80-8.0.20-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
mysqlnd/pdo password buffer overflow.
Uninitialized array in pg_query_params().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
(* Security fix *)
extra/php81/php81-8.1.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
mysqlnd/pdo password buffer overflow.
Uninitialized array in pg_query_params().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31625
(* Security fix *)
20220613210258_15.0 | Patrick J Volkerding | 2022-06-14 | 1 | -2/+2 |
| * | Fri Feb 18 05:29:00 UTC 2022...patches/packages/mozilla-thunderbird-91.6.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.6.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0566
(* Security fix *)
patches/packages/php-7.4.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
extra/php80/php80-8.0.16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
extra/php81/php81-8.1.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
20220218052900_15.0 | Patrick J Volkerding | 2022-02-19 | 1 | -2/+2 |
| * | Fri Jan 21 05:47:49 UTC 2022...a/aaa_libraries-15.0-x86_64-15.txz: Rebuilt.
Upgraded: libzstd.so.1.5.2.
a/kernel-firmware-20220119_0c6a7b3-noarch-1.txz: Upgraded.
a/kernel-generic-5.15.16-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.16-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.16-x86_64-1.txz: Upgraded.
ap/vim-8.2.4166-x86_64-1.txz: Upgraded.
d/kernel-headers-5.15.16-x86-1.txz: Upgraded.
d/rust-1.58.1-x86_64-1.txz: Upgraded.
k/kernel-source-5.15.16-noarch-1.txz: Upgraded.
l/qt5-5.15.3_20211130_014c375b-x86_64-2.txz: Rebuilt.
Applied upstream patch:
[PATCH] Move the wayland socket polling to a separate event thread.
Thanks to LuckyCyborg.
l/svgalib-1.9.25-x86_64-7.txz: Rebuilt.
Don't try to use the (broken) assembly. Thanks to nobodino.
l/zstd-1.5.2-x86_64-1.txz: Upgraded.
x/ibus-m17n-1.4.9-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.2.4166-x86_64-1.txz: Upgraded.
extra/php80/php80-8.0.15-x86_64-1.txz: Upgraded.
extra/php81/php81-8.1.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20220121054749 | Patrick J Volkerding | 2022-01-21 | 1 | -2/+2 |
| * | Fri Dec 17 20:47:13 UTC 2021...a/kernel-generic-5.15.10-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.10-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.10-x86_64-1.txz: Upgraded.
ap/inxi-3.3.11_1-noarch-1.txz: Upgraded.
ap/ksh93-1.0_20211217_ce3e080c-x86_64-1.txz: Upgraded.
ap/neofetch-20211210_ccd5d9f5-noarch-1.txz: Upgraded.
d/Cython-0.29.26-x86_64-1.txz: Upgraded.
d/kernel-headers-5.15.10-x86-1.txz: Upgraded.
k/kernel-source-5.15.10-noarch-1.txz: Upgraded.
l/utf8proc-2.7.0-x86_64-1.txz: Upgraded.
n/ca-certificates-20211216-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
xap/xine-ui-0.99.13-x86_64-1.txz: Upgraded.
extra/php80/php80-8.0.14-x86_64-1.txz: Upgraded.
extra/php81/php81-8.1.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20211217204713 | Patrick J Volkerding | 2021-12-18 | 1 | -2/+2 |
| * | Fri Dec 3 20:07:20 UTC 2021...ap/rpm-4.16.1.3-x86_64-4.txz: Rebuilt.
Patched to handle non-compliant RPMs created by install4j. Thanks to alienBOB.
d/poke-1.4-x86_64-1.txz: Upgraded.
l/enchant-2.3.2-x86_64-1.txz: Upgraded.
l/freetype-2.11.1-x86_64-1.txz: Upgraded.
l/glib2-2.70.2-x86_64-1.txz: Upgraded.
n/lynx-2.9.0dev.10-x86_64-1.txz: Upgraded.
extra/php8/php8-8.1.0-x86_64-1.txz: Removed.
extra/php80/php80-8.0.13-x86_64-1.txz: Added.
extra/php81/php81-8.1.0-x86_64-1.txz: Added.
20211203200720 | Patrick J Volkerding | 2021-12-04 | 1 | -0/+2 |
Patrick J Volkerding