| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ap/sudo-1.9.11p1-x86_64-1.txz: Upgraded.
kde/digikam-7.6.0-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.6.0.
l/gst-plugins-bad-free-1.20.2-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.6.0.
l/opencv-4.6.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/NetworkManager-1.36.6-x86_64-1.txz: Upgraded.
n/epic5-2.1.11-x86_64-1.txz: Upgraded.
n/httpd-2.4.54-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
Information Disclosure in mod_lua with websockets.
mod_sed denial of service.
Denial of service in mod_lua r:parsebody.
Read beyond bounds in ap_strcmp_match().
Read beyond bounds via ap_rwrite().
Read beyond bounds in mod_isapi.
mod_proxy_ajp: Possible request smuggling.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.54
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
(* Security fix *)
n/libnftnl-1.2.2-x86_64-1.txz: Upgraded.
n/nftables-1.0.4-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
l/gst-plugins-bad-free-1.20.1-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.20.1-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.20.1-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.20.1-x86_64-1.txz: Upgraded.
l/gstreamer-1.20.1-x86_64-1.txz: Upgraded.
n/httpd-2.4.53-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
mod_sed: Read/write beyond bounds
core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody
HTTP request smuggling vulnerability
mod_lua: Use of uninitialized value in r:parsebody
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.53
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719
(* Security fix *)
xap/mozilla-firefox-98.0.1-x86_64-1.txz: Upgraded.
This release makes the following change:
Yandex and Mail.ru have been removed as optional search providers in the
drop-down search menu in Firefox.
For more information, see:
https://www.mozilla.org/en-US/firefox/98.0.1/releasenotes/
(* Security fix *)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/pkgtools-15.0-noarch-42.txz: Rebuilt.
setup.services: list rc.nfsd. Suggested by alienBOB.
l/expat-2.4.2-x86_64-1.txz: Upgraded.
l/gegl-0.4.34-x86_64-1.txz: Upgraded.
n/httpd-2.4.52-x86_64-1.txz: Upgraded.
SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: ae 1/4*a-o(R)e 1/4
TengMA(@Te3t123)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
(* Security fix *)
xap/gimp-2.10.30-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.4.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.4.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
(* Security fix *)
xap/xlockmore-5.68-x86_64-1.txz: Upgraded.
xap/xsnow-3.4.2-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
n/httpd-2.4.51-x86_64-1.txz: Upgraded.
SECURITY: CVE-2021-42013: Path Traversal and Remote Code
Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
fix of CVE-2021-41773) (cve.mitre.org)
It was found that the fix for CVE-2021-41773 in Apache HTTP
Server 2.4.50 was insufficient. An attacker could use a path
traversal attack to map URLs to files outside the directories
configured by Alias-like directives.
If files outside of these directories are not protected by the
usual default configuration "require all denied", these requests
can succeed. If CGI scripts are also enabled for these aliased
pathes, this could allow for remote code execution.
This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
earlier versions.
Credits: Reported by Juan Escobar from Dreamlab Technologies,
Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
(* Security fix *)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/util-linux-2.37.2-x86_64-3.txz: Rebuilt.
Removed broken /usr/bin/raw symlink. Thanks to marav.
d/gdb-11.1-x86_64-2.txz: Rebuilt.
Don't ship .la files.
d/vala-0.54.2-x86_64-1.txz: Upgraded.
kde/artikulate-21.08.1-x86_64-3.txz: Rebuilt.
Fixed broken COPYING{,.DOC} symlinks. Thanks to marav.
kde/kservice-5.86.0-x86_64-4.txz: Rebuilt.
In /etc/profile.d/kde.{csh,sh}:
Fixed test for kf5 directory. Thanks to LuckyCyborg.
Make adding /etc/kde/xdg to $XDG_CONFIG_DIRS conditional on the existence
of that directory.
l/imagemagick-7.1.0_9-x86_64-1.txz: Upgraded.
n/bind-9.16.21-x86_64-4.txz: Rebuilt.
Removed broken symlink. Thanks to marav.
n/httpd-2.4.50-x86_64-1.txz: Upgraded.
x/cldr-emoji-annotation-37.0_13.0_0_2-noarch-4.txz: Rebuilt.
Fixed broken COPYING symlink. Thanks to marav.
xap/x3270-4.0ga14-x86_64-2.txz: Rebuilt.
Fixed symlinks in html directory. Thanks to marav.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/cryptsetup-2.4.1-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.0-noarch-5.txz: Rebuilt.
Stop D-Bus after NFS partitions are unmounted to avoid a hang.
Thanks to vulcan59 and bassmadrigal.
ap/sudo-1.9.8p1-x86_64-1.txz: Upgraded.
l/fftw-3.3.10-x86_64-1.txz: Upgraded.
l/libxkbcommon-1.3.1-x86_64-1.txz: Upgraded.
l/pipewire-0.3.36-x86_64-1.txz: Upgraded.
n/dhcpcd-9.4.0-x86_64-2.txz: Rebuilt.
Applied upstream patch:
DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
Thanks to marav.
n/httpd-2.4.49-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
core: ap_escape_quotes buffer overflow
mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
core: null pointer dereference on malformed request
mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
(* Security fix *)
x/ibus-libpinyin-1.12.1-x86_64-1.txz: Upgraded.
x/libpinyin-2.6.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.1.1/releasenotes/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hey folks! Sorry about the delay in getting this batch out but I had other
distractions going on here last week that prevented getting this one wrapped
up. Anyway, probably the highlight of this update set is that we've decided
to abandon the 5.10 LTS kernel in favor of following the latest one. We've
never really had a policy that required LTS in a stable release although that
is how it has been done for years, but based on comments from the Slackware
community it seems like 5.10 LTS isn't getting a lot of love and lacks
hardware support that people need now. Conversely, the reports on 5.12 have
been almost entirely positive, so we're going to provide what we think is the
best available kernel. It's unlikely that we'll see another LTS prior to
release, so the plan for maintenance is to keep following the latest kernels
as needed for security purposes. If that means we have to jump to a new branch
while supporting the stable release, we'll start the kernel out in testing
first until we've had some feedback that it's safe to move it to the patches
directory. Sooner or later we will end up on an LTS kernel again, and at that
point we'll just roll with that one. Feel free to comment (or complain) about
this plan on LQ... I'll be curious to see what people think. Anyway, enjoy!
a/hwdata-0.348-noarch-1.txz: Upgraded.
a/kernel-generic-5.12.9-x86_64-1.txz: Upgraded.
a/kernel-huge-5.12.9-x86_64-1.txz: Upgraded.
a/kernel-modules-5.12.9-x86_64-1.txz: Upgraded.
ap/ispell-3.4.04-x86_64-1.txz: Upgraded.
ap/mpg123-1.28.0-x86_64-1.txz: Upgraded.
ap/slackpkg-15.0.5-noarch-1.txz: Upgraded.
Add "--" option to "command cd" in bash completion file. (akinomyoga)
shell-completions/slackpkg.bash: add "show-changelog".
Import bash-completion file from upstream project.
Added the new-config actions for specific files. (Piter PUNK)
Harden slackpkg with respect to obtaining GPG key. (CRTS)
d/clisp-2.50_20191103_c26de7873-x86_64-5.txz: Rebuilt.
Upgraded to libffcall-2.3.
d/git-2.32.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.12.9-x86-1.txz: Upgraded.
d/poke-1.3-x86_64-1.txz: Upgraded.
d/vala-0.52.4-x86_64-1.txz: Upgraded.
k/kernel-source-5.12.9-noarch-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-9.txz: Rebuilt.
Recompiled against poppler-21.06.1.
kde/cantor-21.04.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.06.1.
kde/digikam-7.2.0-x86_64-3.txz: Rebuilt.
Recompiled against imagemagick-7.0.11_14.
kde/kfilemetadata-5.82.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.06.1.
kde/kile-2.9.93-x86_64-9.txz: Rebuilt.
Recompiled against poppler-21.06.1.
kde/kitinerary-21.04.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.06.1.
kde/krita-4.4.3-x86_64-5.txz: Rebuilt.
Recompiled against poppler-21.06.1.
kde/okular-21.04.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.06.1.
l/alsa-lib-1.2.5-x86_64-2.txz: Rebuilt.
Account for unexpected packing of the conf file tarballs. We'll see if this
is enough to make things work well again.
l/at-spi2-core-2.40.2-x86_64-1.txz: Upgraded.
l/dvdauthor-0.7.2-x86_64-5.txz: Rebuilt.
Recompiled against imagemagick-7.0.11_14.
l/libogg-1.3.5-x86_64-1.txz: Upgraded.
l/librsvg-2.50.7-x86_64-1.txz: Upgraded.
l/pipewire-0.3.29-x86_64-1.txz: Upgraded.
l/polkit-0.119-x86_64-1.txz: Upgraded.
This update includes a mitigation for local privilege escalation using
polkit_system_bus_name_get_creds_sync().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560
(* Security fix *)
l/poppler-21.06.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/pycairo-1.20.1-x86_64-1.txz: Upgraded.
l/qca-2.3.3-x86_64-1.txz: Upgraded.
l/vte-0.64.2-x86_64-1.txz: Upgraded.
n/epic5-2.1.5-x86_64-1.txz: Upgraded.
n/httpd-2.4.48-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
mod_http2: Fix a potential NULL pointer dereference.
Unexpected <Location> section matching with 'MergeSlashes OFF'.
mod_auth_digest: possible stack overflow by one nul byte while validating
the Digest nonce.
mod_session: Fix possible crash due to NULL pointer dereference, which
could be used to cause a Denial of Service with a malicious backend
server and SessionHeader.
mod_session: Fix possible crash due to NULL pointer dereference, which
could be used to cause a Denial of Service.
mod_proxy_http: Fix possible crash due to NULL pointer dereference, which
could be used to cause a Denial of Service.
mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end
negotiation.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
(* Security fix *)
n/libmbim-1.24.8-x86_64-1.txz: Upgraded.
n/libqmi-1.28.6-x86_64-1.txz: Upgraded.
n/nettle-3.7.3-x86_64-1.txz: Upgraded.
n/openldap-2.4.59-x86_64-1.txz: Upgraded.
n/p11-kit-0.24.0-x86_64-1.txz: Upgraded.
n/php-7.4.20-x86_64-1.txz: Upgraded.
n/vsftpd-3.0.4-x86_64-1.txz: Upgraded.
n/whois-5.5.10-x86_64-1.txz: Upgraded.
x/libX11-1.7.2-x86_64-1.txz: Upgraded.
This is a bug fix release, correcting a regression introduced by and
improving the checks from the fix for CVE-2021-31535.
x/libinput-1.18.0-x86_64-1.txz: Upgraded.
x/mesa-21.1.2-x86_64-1.txz: Upgraded.
xap/blueman-2.2.1-x86_64-1.txz: Upgraded.
xap/gnuplot-5.4.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-78.11.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/78.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967
(* Security fix *)
xap/pidgin-2.14.5-x86_64-1.txz: Upgraded.
xap/xine-lib-1.2.11-x86_64-6.txz: Rebuilt.
Recompiled against poppler-21.06.1.
extra/bash-completion/bash-completion-2.11-noarch-2.txz: Rebuilt.
Removed the slackpkg completion file.
extra/php8/php8-8.0.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-5.10.35-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.35-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.35-x86_64-1.txz: Upgraded.
a/lvm2-2.03.12-x86_64-1.txz: Upgraded.
ap/mariadb-10.5.10-x86_64-1.txz: Upgraded.
ap/mpg123-1.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.35-x86-1.txz: Upgraded.
k/kernel-source-5.10.35-noarch-1.txz: Upgraded.
n/httpd-2.4.46-x86_64-3.txz: Rebuilt.
Reverted to httpd-2.4.46. Apparently 2.4.47 isn't actually released yet.
Sorry for any problems this caused.
xfce/thunar-4.16.8-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/linux-5.12.x/kernel-generic-5.12.2-x86_64-1.txz: Upgraded.
testing/packages/linux-5.12.x/kernel-headers-5.12.2-x86-1.txz: Upgraded.
testing/packages/linux-5.12.x/kernel-huge-5.12.2-x86_64-1.txz: Upgraded.
testing/packages/linux-5.12.x/kernel-modules-5.12.2-x86_64-1.txz: Upgraded.
testing/packages/linux-5.12.x/kernel-source-5.12.2-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/less-581.2-x86_64-1.txz: Upgraded.
ap/nano-5.7-x86_64-1.txz: Upgraded.
d/cmake-3.20.2-x86_64-1.txz: Upgraded.
n/httpd-2.4.47-x86_64-1.txz: Upgraded.
n/samba-4.14.4-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defect:
Negative idmap cache entries can cause incorrect group entries in the
Samba file server process token.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20254
https://www.samba.org/samba/security/CVE-2021-20254.html
(* Security fix *)
extra/php8/php8-8.0.5-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
| |
a/aaa_terminfo-6.2_20200801-x86_64-1.txz: Upgraded.
a/hwdata-0.338-noarch-1.txz: Upgraded.
l/ncurses-6.2_20200801-x86_64-1.txz: Upgraded.
n/ethtool-5.8-x86_64-1.txz: Upgraded.
n/httpd-2.4.46-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/dialog-1.3_20200327-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1f-x86_64-1.txz: Upgraded.
ap/nano-4.9.1-x86_64-1.txz: Upgraded.
l/elfutils-0.179-x86_64-1.txz: Upgraded.
n/gnutls-3.6.13-x86_64-1.txz: Upgraded.
This update fixes a security issue:
libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support),
since 3.6.3. The DTLS client would not contribute any randomness to the
DTLS negotiation, breaking the security guarantees of the DTLS protocol.
[GNUTLS-SA-2020-03-31, CVSS: high]
(* Security fix *)
n/httpd-2.4.43-x86_64-1.txz: Upgraded.
n/openssl-1.1.1f-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-firmware-20190815_07b925b-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.67-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.67-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.67-x86_64-1.txz: Upgraded.
ap/cups-2.2.12-x86_64-1.txz: Upgraded.
ap/sysstat-12.1.6-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.67-x86-1.txz: Upgraded.
d/rust-1.37.0-x86_64-1.txz: Upgraded.
d/slacktrack-2.20-x86_64-1.txz: Upgraded.
Thanks to Stuart Winter.
k/kernel-source-4.19.67-noarch-1.txz: Upgraded.
FANOTIFY_ACCESS_PERMISSIONS n -> y
n/httpd-2.4.41-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
| |
a/quota-4.05-x86_64-1.txz: Upgraded.
d/cmake-3.14.1-x86_64-1.txz: Upgraded.
d/patchelf-0.10-x86_64-1.txz: Upgraded.
l/harfbuzz-2.4.0-x86_64-1.txz: Upgraded.
l/utf8proc-2.3.0-x86_64-1.txz: Upgraded.
n/httpd-2.4.39-x86_64-1.txz: Upgraded.
n/iputils-20190324-x86_64-1.txz: Upgraded.
n/postfix-3.4.5-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-4.19.17-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.17-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.17-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.17-x86-1.txz: Upgraded.
d/scons-3.0.4-x86_64-1.txz: Upgraded.
d/vala-0.42.5-x86_64-1.txz: Upgraded.
k/kernel-source-4.19.17-noarch-1.txz: Upgraded.
n/httpd-2.4.38-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190
(* Security fix *)
x/libdrm-2.4.97-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
d/strace-20181024_43700247-x86_64-1.txz: Upgraded.
l/alsa-plugins-1.1.7-x86_64-4.txz: Rebuilt.
Applied upstream fix for double free. Thanks to Jean-Philippe Guillemin.
n/httpd-2.4.37-x86_64-1.txz: Upgraded.
n/mcabber-1.1.0-x86_64-1.txz: Upgraded.
x/libepoxy-1.5.3-x86_64-1.txz: Upgraded.
xap/pan-0.145-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/alsa-plugins-1.1.7-x86_64-4_alsa.txz: Rebuilt.
Applied upstream fix for double free. Thanks to Jean-Philippe Guillemin.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
d/Cython-0.28.5-x86_64-1.txz: Upgraded.
d/help2man-1.47.7-x86_64-1.txz: Upgraded.
d/meson-0.48.0-x86_64-1.txz: Upgraded.
d/python-setuptools-40.4.3-x86_64-1.txz: Upgraded.
l/M2Crypto-0.30.1-x86_64-1.txz: Upgraded.
l/cairo-1.15.14-x86_64-1.txz: Upgraded.
l/librsvg-2.44.4-x86_64-1.txz: Upgraded.
l/pycairo-1.17.1-x86_64-1.txz: Upgraded.
l/pycurl-7.43.0.2-x86_64-1.txz: Upgraded.
l/pyparsing-2.2.1-x86_64-1.txz: Upgraded.
n/ModemManager-1.8.2-x86_64-1.txz: Upgraded.
n/bind-9.12.2_P2-x86_64-1.txz: Upgraded.
This update fixes security issues:
There was a long-existing flaw in the documentation for ms-self, krb5-self,
ms-subdomain, and krb5-subdomain rules in update-policy statements. Though
the policies worked as intended, operators who configured their servers
according to the misleading documentation may have thought zone updates were
more restricted than they were; users of these rule types are advised to
review the documentation and correct their configurations if necessary. New
rule types matching the previously documented behavior will be introduced in
a future maintenance release.
named could crash during recursive processing of DNAME records when
deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740
(* Security fix *)
n/httpd-2.4.35-x86_64-1.txz: Upgraded.
This release fixes bugs and regressions in httpd-2.4.34, adds an
apache2ctl -> apachectl symlink, and no longer automatically
overwrites rc.httpd when upgraded.
|
| |
|
|
|
|
|
|
|
|
|
| |
n/httpd-2.4.34-x86_64-1.txz: Upgraded.
This update fixes two denial of service issues:
mod_md: DoS via Coredumps on specially crafted requests
mod_http2: DoS for HTTP/2 connections by specially crafted requests
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333
(* Security fix *)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/pkgtools-15.0-noarch-13.txz: Rebuilt.
installpkg: default line length for --terselength is the number of columns.
removepkg: added --terse mode.
upgradepkg: default line length for --terselength is the number of columns.
upgradepkg: accept -option in addition to --option.
ap/vim-8.1.0026-x86_64-1.txz: Upgraded.
d/bison-3.0.5-x86_64-1.txz: Upgraded.
e/emacs-26.1-x86_64-1.txz: Upgraded.
kde/kopete-4.14.3-x86_64-8.txz: Rebuilt.
Recompiled against libidn-1.35.
n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded.
n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded.
n/libnftnl-1.1.0-x86_64-1.txz: Upgraded.
n/links-2.16-x86_64-2.txz: Rebuilt.
Rebuilt to enable X driver for -g mode.
n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded.
n/nftables-0.8.5-x86_64-1.txz: Upgraded.
n/p11-kit-0.23.11-x86_64-1.txz: Upgraded.
n/ulogd-2.0.7-x86_64-1.txz: Upgraded.
n/whois-5.3.1-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thu Jun 30 20:26:57 UTC 2016
Slackware 14.2 x86_64 stable is released!
The long development cycle (the Linux community has lately been living in
"interesting times", as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2. The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system. Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Have fun! :-)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mon Nov 4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!
It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system. Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Have fun! :-)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wed Sep 26 01:10:42 UTC 2012
Slackware 14.0 x86_64 stable is released!
We're perfectionists here at Slackware, so this release has been a long
time a-brewing. But we think you'll agree that it was worth the wait.
Slackware 14.0 combines modern components, ease of use, and flexible
configuration... our "KISS" philosophy demands it.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Thanks to everyone who helped make this happen. The Slackware team, the
upstream developers, and (of course) the awesome Slackware user
community.
Have fun! :-)
|
|
|
Mon Apr 25 13:37:00 UTC 2011
Slackware 13.37 x86_64 stable is released!
Thanks to everyone who pitched in on this release: the Slackware team,
the folks producing upstream code, and linuxquestions.org for providing
a great forum for collaboration and testing.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
As always, thanks to the Slackware community for testing, suggestions,
and feedback. :-)
Have fun!
|
Patrick J Volkerding