| Commit message (Expand) | Author | Age | Files | Lines |
* | Wed Jul 19 20:36:46 UTC 2023...a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.html
https://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2
https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.html
https://www.samba.org/samba/security/CVE-2023-3347.html
https://www.samba.org/samba/security/CVE-2023-34966.html
https://www.samba.org/samba/security/CVE-2023-34967.html
https://www.samba.org/samba/security/CVE-2023-34968.html
https://www.cve.org/CVERecord?id=CVE-2022-2127
https://www.cve.org/CVERecord?id=CVE-2023-3347
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://www.cve.org/CVERecord?id=CVE-2023-34967
https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20230719203646 | Patrick J Volkerding | 2023-07-19 | 1 | -2/+2 |
* | Wed Jul 5 21:02:14 UTC 2023...a/kernel-generic-6.1.38-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.38-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.38-x86_64-1.txz: Upgraded.
a/upower-1.90.1-x86_64-1.txz: Upgraded.
a/util-linux-2.39.1-x86_64-3.txz: Rebuilt.
Use --disable-libmount-mountfd-support for now to avoid breaking overlayfs.
d/kernel-headers-6.1.38-x86-1.txz: Upgraded.
k/kernel-source-6.1.38-noarch-1.txz: Upgraded.
l/nodejs-20.4.0-x86_64-1.txz: Upgraded.
n/samba-4.18.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20230705210214 | Patrick J Volkerding | 2023-07-05 | 1 | -2/+2 |
* | Fri Jun 2 20:56:35 UTC 2023...a/hwdata-0.371-noarch-1.txz: Upgraded.
ap/cups-2.4.3-x86_64-1.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
d/git-2.41.0-x86_64-1.txz: Upgraded.
d/llvm-16.0.5-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-29.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kimageformats-5.106.0-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kio-extras-23.04.1-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/krita-5.1.5-x86_64-9.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/Imath-3.1.9-x86_64-1.txz: Upgraded.
Evidently the shared library .so-version bump in Imath-3.1.8 should not have
happened, so this update reverts it to the previous value.
l/gst-plugins-bad-free-1.22.3-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/imagemagick-7.1.1_11-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/mozjs102-102.12.0esr-x86_64-1.txz: Upgraded.
l/openexr-3.1.7-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/serf-1.3.10-x86_64-1.txz: Upgraded.
l/vte-0.72.2-x86_64-1.txz: Upgraded.
n/nettle-3.9.1-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p16-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551
https://www.cve.org/CVERecord?id=CVE-2023-26552
https://www.cve.org/CVERecord?id=CVE-2023-26553
https://www.cve.org/CVERecord?id=CVE-2023-26554
https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
n/samba-4.18.3-x86_64-1.txz: Upgraded.
tcl/tclx-8.6.2-x86_64-1.txz: Upgraded.
x/ibus-libpinyin-1.15.3-x86_64-1.txz: Upgraded.
x/libX11-1.8.5-x86_64-1.txz: Upgraded.
xap/gimp-2.10.34-x86_64-4.txz: Rebuilt.
Recompiled against Imath-3.1.9.
xfce/xfce4-pulseaudio-plugin-0.4.7-x86_64-1.txz: Upgraded.
20230602205635 | Patrick J Volkerding | 2023-06-02 | 1 | -2/+2 |
* | Wed Apr 19 19:17:14 UTC 2023...d/cargo-vendor-filterer-0.5.9-x86_64-1.txz: Upgraded.
l/libqalculate-4.6.1-x86_64-1.txz: Upgraded.
l/libwmf-0.2.13-x86_64-1.txz: Upgraded.
l/nodejs-20.0.0-x86_64-1.txz: Upgraded.
n/bind-9.18.14-x86_64-1.txz: Upgraded.
This is a bugfix release.
n/samba-4.18.2-x86_64-1.txz: Upgraded.
20230419191714 | Patrick J Volkerding | 2023-04-19 | 1 | -2/+2 |
* | Fri Mar 31 18:01:09 UTC 2023...a/kernel-generic-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.22-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-32.txz: Rebuilt.
Add /lib/firmware directory to _initrd-tree.tar.gz. Thanks to walecha.
d/cmake-3.26.2-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.22-x86-1.txz: Upgraded.
d/llvm-16.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to Heinz Wiesinger for the assistance.
Compiled with -DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON
-DCLANG_LINK_CLANG_DYLIB=ON.
I think we'll get 16.0.1 next week if we need to make any adjustments.
d/ruby-3.2.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
ReDoS vulnerability in URI.
ReDoS vulnerability in Time.
For more information, see:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
https://www.cve.org/CVERecord?id=CVE-2023-28755
https://www.cve.org/CVERecord?id=CVE-2023-28756
(* Security fix *)
k/kernel-source-6.1.22-noarch-1.txz: Upgraded.
kde/kdevelop-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0.
l/openexr-3.1.7-x86_64-1.txz: Upgraded.
l/qt5-5.15.8_20230325_c1a3e988-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
l/spirv-llvm-translator-16.0.0-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
Thanks to Heinz Wiesinger for finding the fix for -DBUILD_SHARED_LIBS=ON.
n/pssh-2.3.5-x86_64-1.txz: Upgraded.
n/samba-4.18.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
An incomplete access check on dnsHostName allows authenticated but otherwise
unprivileged users to delete this attribute from any object in the directory.
The Samba AD DC administration tool, when operating against a remote LDAP
server, will by default send new or reset passwords over a signed-only
connection.
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential
attribute disclosure via LDAP filters was insufficient and an attacker may
be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should assume they have
been obtained and need replacing.
For more information, see:
https://www.samba.org/samba/security/CVE-2023-0225.html
https://www.samba.org/samba/security/CVE-2023-0922.html
https://www.samba.org/samba/security/CVE-2023-0614.html
https://www.cve.org/CVERecord?id=CVE-2023-0225
https://www.cve.org/CVERecord?id=CVE-2023-0922
https://www.cve.org/CVERecord?id=CVE-2023-0614
(* Security fix *)
x/mesa-23.0.1-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0 and spirv-llvm-translator-16.0.0.
xap/seamonkey-2.53.16-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.16
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.68.2-x86_64-2.txz: Rebuilt.
Use the bundled LLVM rather than the system LLVM.
This version of Rust actually does compile with llvm-16.0.0, but since it
bundles LLVM 15 let's let it use that for now.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20230331180109 | Patrick J Volkerding | 2023-03-31 | 1 | -2/+2 |
* | Wed Mar 8 20:26:54 UTC 2023...Hey folks, just some more updates on the road to an eventual beta. :-)
At this point nothing remains linked with openssl-1.1.1 except for python2 and
modules, and vsftpd. I think nobody cares about trying to force python2 to use
openssl3... it's EOL but still a zombie, unfortunately. I have seen some
patches for vsftpd and intend to take a look at them. We've bumped PHP to 8.2
and just gone ahead and killed 8.0 and 8.1. Like 7.4, 8.0 is not compatible
with openssl3 and it doesn't seem worthwhile to try to patch it. And with 8.2
already out for several revisions, 8.1 does not seem particularly valuable.
If you make use of PHP you should be used to it being a moving target by now.
Enjoy, and let me know if anything isn't working right. Cheers!
a/aaa_libraries-15.1-x86_64-19.txz: Rebuilt.
Recompiled against openssl-3.0.8: libcups.so.2, libcurl.so.4.8.0,
libldap.so.2.0.200, libssh2.so.1.0.1.
a/cryptsetup-2.6.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/kmod-30-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/openssl-solibs-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
a/openssl11-solibs-1.1.1t-x86_64-1.txz: Added.
ap/cups-2.4.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/hplip-3.20.5-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/lxc-4.0.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/mariadb-10.6.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/qpdf-11.3.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/sudo-1.9.13p3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cargo-vendor-filterer-0.5.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cvs-1.11.23-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/git-2.39.2-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/perl-5.36.0-x86_64-5.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/python3-3.9.16-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/ruby-3.2.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/rust-1.66.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/scons-4.5.1-x86_64-1.txz: Upgraded.
kde/falkon-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
kde/kitinerary-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/M2Crypto-0.38.0-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/SDL2-2.26.4-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libarchive-3.6.2-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libevent-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libimobiledevice-20211124_2c6121d-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libssh2-1.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libvncserver-0.9.14-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/mlt-7.14.0-x86_64-1.txz: Upgraded.
l/neon-0.32.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/nodejs-19.7.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/opusfile-0.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pipewire-0.3.66-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pulseaudio-16.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pycurl-7.44.1-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qca-2.3.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qt5-5.15.8_20230304_d8b881f0-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
l/serf-1.3.9-x86_64-8.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/alpine-2.26-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/bind-9.18.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/curl-7.88.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/cyrus-sasl-2.1.28-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/dovecot-2.3.20-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/epic5-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/fetchmail-6.4.37-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/htdig-3.2.0b6-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/httpd-2.4.56-x86_64-1.txz: Upgraded.
This update fixes two security issues:
HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.56
https://www.cve.org/CVERecord?id=CVE-2023-27522
https://www.cve.org/CVERecord?id=CVE-2023-25690
(* Security fix *)
NOTE: This package is compiled against openssl-3.0.8.
n/irssi-1.4.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/krb5-1.20.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lftp-4.9.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/links-2.28-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lynx-2.9.0dev.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/mutt-2.2.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/net-snmp-5.9.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/netatalk-3.1.14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/nmap-7.93-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ntp-4.2.8p15-x86_64-12.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openldap-2.6.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssh-9.2p1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssl-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/openssl11-1.1.1t-x86_64-1.txz: Added.
n/openvpn-2.6.0-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/php-8.2.3-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
n/pidentd-3.0.19-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/popa3d-1.0.3-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/postfix-3.7.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ppp-2.4.9-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/proftpd-1.3.8-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/rsync-3.2.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/s-nail-14.9.24-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/samba-4.18.0-x86_64-1.txz: Upgraded.
Build with the bundled Heimdal instead of the system MIT Kerberos.
Thanks again to rpenny.
n/slrn-1.0.3a-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/snownews-1.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/socat-1.7.4.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/stunnel-5.69-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/tcpdump-4.99.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wget-1.21.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wpa_supplicant-2.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/freerdp-2.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gftp-2.9.1b-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gkrellm-2.3.11-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/hexchat-2.16.1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/sane-1.0.32-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/x3270-4.0ga14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/xine-lib-1.2.13-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
y/bsd-games-2.17-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/php80/php80-8.0.28-x86_64-1.txz: Removed.
extra/php81/php81-8.1.16-x86_64-1.txz: Removed.
extra/rust-for-mozilla/rust-1.60.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-8.17.1-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-cf-8.17.1-noarch-7.txz: Rebuilt.
testing/packages/rust-1.67.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
testing/packages/samba-4.17.5-x86_64-2.txz: Removed.
20230308202654 | Patrick J Volkerding | 2023-03-08 | 1 | -2/+2 |
* | Fri Jan 27 20:08:12 UTC 2023...n/samba-4.17.5-x86_64-1.txz: Upgraded.
BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
based SChannel on NETLOGON (additional changes).
For more information, see:
https://www.samba.org/samba/security/CVE-2022-38023.html
https://www.cve.org/CVERecord?id=CVE-2022-38023
(* Security fix *)
x/mesa-22.3.4-x86_64-1.txz: Upgraded.
x/xf86-video-vmware-13.4.0-x86_64-1.txz: Upgraded.
20230127200812 | Patrick J Volkerding | 2023-01-27 | 1 | -2/+2 |
* | Sat Dec 17 21:14:11 UTC 2022...a/xz-5.4.0-x86_64-1.txz: Upgraded.
l/harfbuzz-6.0.0-x86_64-1.txz: Upgraded.
l/libmpc-1.3.1-x86_64-1.txz: Upgraded.
n/NetworkManager-1.40.8-x86_64-1.txz: Upgraded.
n/samba-4.17.4-x86_64-1.txz: Upgraded.
This update fixes security issues:
This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for
use between modern clients and servers despite all modern Kerberos
implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy'
would force rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
This is the Samba CVE for the Windows Kerberos Elevation of Privilege
Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission
could forge a more powerful ticket than the one it was presented with.
The "RC4" protection of the NetLogon Secure channel uses the same
algorithms as rc4-hmac cryptography in Kerberos, and so must also be
assumed to be weak.
Note that there are several important behavior changes included in this
release, which may cause compatibility problems interacting with system
still expecting the former behavior.
Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
CVE-2022-38023 carefully!
For more information, see:
https://www.samba.org/samba/security/CVE-2022-37966.html
https://www.samba.org/samba/security/CVE-2022-37967.html
https://www.samba.org/samba/security/CVE-2022-38023.html
https://www.cve.org/CVERecord?id=CVE-2022-37966
https://www.cve.org/CVERecord?id=CVE-2022-37967
https://www.cve.org/CVERecord?id=CVE-2022-38023
(* Security fix *)
xfce/exo-4.18.0-x86_64-1.txz: Upgraded.
xfce/garcon-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4ui-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4util-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-volman-4.18.0-x86_64-1.txz: Upgraded.
xfce/tumbler-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-appfinder-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-dev-tools-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.6.5-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-power-manager-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-session-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-settings-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-weather-plugin-0.11.0-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfdesktop-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfwm4-4.18.0-x86_64-1.txz: Upgraded.
20221217211411 | Patrick J Volkerding | 2022-12-17 | 1 | -2/+2 |
* | Tue Oct 25 18:38:58 UTC 2022...ap/alsa-utils-1.2.8-x86_64-1.txz: Upgraded.
l/alsa-lib-1.2.8-x86_64-1.txz: Upgraded.
l/expat-2.5.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fix heap use-after-free after overeager destruction of a shared DTD in
function XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially arbitrary code
execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680
(* Security fix *)
n/samba-4.17.2-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
There is a limited write heap buffer overflow in the GSSAPI unwrap_des()
and unwrap_des3() routines of Heimdal (included in Samba).
A malicious client can use a symlink to escape the exported directory.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-3437.html
https://www.samba.org/samba/security/CVE-2022-3592.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592
(* Security fix *)
20221025183858 | Patrick J Volkerding | 2022-10-26 | 1 | -2/+2 |
* | Wed Oct 19 20:06:33 UTC 2022...a/aaa_libraries-15.1-x86_64-11.txz: Rebuilt.
Upgraded: libcap.so.2.66, liblzma.so.5.2.7, libpopt.so.0.0.2,
libexpat.so.1.8.9, libglib-2.0.so.0.7200.4, libgmodule-2.0.so.0.7200.4,
libgobject-2.0.so.0.7200.4, libgthread-2.0.so.0.7200.4, libhistory.so.8.2,
libreadline.so.8.2.
Added: libunistring.so.2.1.0, libunistring.so.5.0.0.
Removed: libffi.so.7.1.0.
a/gettext-0.21.1-x86_64-2.txz: Rebuilt.
ap/lsof-4.96.4-x86_64-1.txz: Upgraded.
ap/man-pages-6.01-noarch-1.txz: Upgraded.
d/clisp-2.50_20220927_acb1266ee-x86_64-1.txz: Upgraded.
Compiled against libunistring-1.1.
d/gettext-tools-0.21.1-x86_64-2.txz: Rebuilt.
Recompiled against libunistring-1.1.
d/guile-3.0.8-x86_64-3.txz: Rebuilt.
Recompiled against libunistring-1.1.
kde/kguiaddons-5.99.0-x86_64-2.txz: Rebuilt.
[PATCH] systemclipboard: Don't signal data source cancellation.
Thanks to marav.
l/libidn2-2.3.3-x86_64-2.txz: Rebuilt.
l/libpsl-0.21.1-x86_64-5.txz: Rebuilt.
Recompiled against libunistring-1.1.
l/libunistring-1.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/bind-9.18.8-x86_64-1.txz: Upgraded.
n/gnutls-3.7.8-x86_64-2.txz: Rebuilt.
Recompiled against libunistring-1.1.
n/samba-4.17.1-x86_64-1.txz: Upgraded.
This update fixes the following security issue:
Bad password count not incremented atomically.
For more information, see:
https://bugzilla.samba.org/show_bug.cgi?id=14611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20251
(* Security fix *)
n/wget-1.21.3-x86_64-2.txz: Rebuilt.
Recompiled against libunistring-1.1.
x/imake-1.0.9-x86_64-1.txz: Upgraded.
x/xcb-util-errors-1.0.1-x86_64-1.txz: Upgraded.
x/xcb-util-image-0.4.1-x86_64-1.txz: Upgraded.
x/xcb-util-keysyms-0.4.1-x86_64-1.txz: Upgraded.
x/xcb-util-renderutil-0.3.10-x86_64-1.txz: Upgraded.
x/xcb-util-wm-0.4.2-x86_64-1.txz: Upgraded.
| Patrick J Volkerding | 2022-10-20 | 1 | -2/+2 |
* | Wed Sep 14 04:53:53 UTC 2022...a/btrfs-progs-5.19.1-x86_64-1.txz: Upgraded.
a/file-5.43-x86_64-1.txz: Upgraded.
a/kernel-firmware-20220913_f09bebf-noarch-1.txz: Upgraded.
d/cmake-3.24.2-x86_64-1.txz: Upgraded.
kde/krita-5.1.1-x86_64-1.txz: Upgraded.
l/kdsoap-2.1.0-x86_64-1.txz: Upgraded.
n/krb5-1.20-x86_64-2.txz: Rebuilt.
n/samba-4.17.0-x86_64-1.txz: Upgraded.
x/libXp-1.0.4-x86_64-1.txz: Upgraded.
20220914045353 | Patrick J Volkerding | 2022-09-14 | 1 | -2/+2 |
* | Thu Sep 8 01:33:19 UTC 2022...a/hdparm-9.65-x86_64-1.txz: Upgraded.
n/samba-4.16.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.2.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.2.2/releasenotes/
20220908013319 | Patrick J Volkerding | 2022-09-08 | 1 | -2/+2 |
* | Wed Jul 27 19:17:38 UTC 2022...l/tevent-0.13.0-x86_64-1.txz: Upgraded.
n/samba-4.16.4-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Samba AD users can bypass certain restrictions associated with changing
passwords.
Samba AD users can forge password change requests for any user.
Samba AD users can crash the server process with an LDAP add or modify
request.
Samba AD users can induce a use-after-free in the server process with an
LDAP add or modify request.
Server memory information leak via SMB1.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2031.html
https://www.samba.org/samba/security/CVE-2022-32744.html
https://www.samba.org/samba/security/CVE-2022-32745.html
https://www.samba.org/samba/security/CVE-2022-32746.html
https://www.samba.org/samba/security/CVE-2022-32742.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742
(* Security fix *)
20220727191738 | Patrick J Volkerding | 2022-07-28 | 1 | -2/+2 |
* | Wed Jul 20 18:59:12 UTC 2022...a/aaa_libraries-15.1-x86_64-6.txz: Rebuilt.
Upgraded: libcap.so.2.65, libglib-2.0.so.0.7200.3, libgmodule-2.0.so.0.7200.3,
libgobject-2.0.so.0.7200.3, libgthread-2.0.so.0.7200.3, libidn2.so.0.3.8.
Removed: libboost_*.so.1.78.0.
a/kernel-firmware-20220719_4421586-noarch-1.txz: Upgraded.
d/python-setuptools-63.2.0-x86_64-1.txz: Upgraded.
d/rust-1.62.1-x86_64-1.txz: Upgraded.
kde/kio-5.96.0-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
l/libcap-2.65-x86_64-1.txz: Upgraded.
l/netpbm-10.99.01-x86_64-1.txz: Upgraded.
l/pipewire-0.3.56-x86_64-1.txz: Upgraded.
l/qt5-5.15.5_20220705_ea4efc06-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
n/alpine-2.26-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/bind-9.18.5-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
n/curl-7.84.0-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/fetchmail-6.4.31-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/krb5-1.19.3-x86_64-2.txz: Rebuilt.
Since Samba still won't link against krb5-1.20, I think it's best to drop
back to this version until it does. Perhaps it would be better to just use
the internal Heimdal libraries instead, but I don't really know if that has
all the same functionality or not. Hints welcome if you'd like to drop them
in the "regression on -current with samba (new krb5)" thread.
Also, just to be 100% sure the krb5 revert doesn't cause any ABI issues,
we'll recompile everything that we've linked to krb5 while krb5-1.20 was
in -current.
Thanks to nobodino.
n/php-7.4.30-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/samba-4.16.3-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
xap/gnuplot-5.4.4-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.0.3/releasenotes/
extra/php80/php80-8.0.21-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
extra/php81/php81-8.1.8-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
20220720185912 | Patrick J Volkerding | 2022-07-21 | 1 | -2/+2 |
* | Wed Jun 15 18:29:59 UTC 2022...a/kernel-generic-5.18.4-x86_64-1.txz: Upgraded.
a/kernel-huge-5.18.4-x86_64-1.txz: Upgraded.
a/kernel-modules-5.18.4-x86_64-1.txz: Upgraded.
ap/inxi-3.3.18_1-noarch-1.txz: Upgraded.
ap/sudo-1.9.11p2-x86_64-1.txz: Upgraded.
ap/tmux-3.3a-x86_64-1.txz: Upgraded.
d/kernel-headers-5.18.4-x86-1.txz: Upgraded.
k/kernel-source-5.18.4-noarch-1.txz: Upgraded.
kde/bluedevil-5.25.0-x86_64-1.txz: Upgraded.
kde/breeze-5.25.0-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.25.0-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.25.0-x86_64-1.txz: Upgraded.
kde/drkonqi-5.25.0-x86_64-1.txz: Upgraded.
kde/kactivitymanagerd-5.25.0-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.25.0-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.25.0-x86_64-1.txz: Upgraded.
kde/kdecoration-5.25.0-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.25.0-x86_64-1.txz: Upgraded.
kde/kgamma5-5.25.0-x86_64-1.txz: Upgraded.
kde/khotkeys-5.25.0-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.25.0-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.25.0-x86_64-1.txz: Upgraded.
kde/kscreen-5.25.0-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.25.0-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.25.0-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.25.0-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.25.0-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.25.0-x86_64-1.txz: Upgraded.
kde/kwayland-server-5.24.5-x86_64-1.txz: Removed.
kde/kwin-5.25.0-x86_64-1.txz: Upgraded.
kde/kwrited-5.25.0-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.25.0-x86_64-1.txz: Upgraded.
kde/libkscreen-5.25.0-x86_64-1.txz: Upgraded.
kde/libksysguard-5.25.0-x86_64-1.txz: Upgraded.
kde/milou-5.25.0-x86_64-1.txz: Upgraded.
kde/oxygen-5.25.0-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.25.0-x86_64-1.txz: Added.
kde/plasma-browser-integration-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-framework-5.95.0-x86_64-2.txz: Rebuilt.
Backported upstream patch:
Revert "Use QT_FEATURE_foo to detect opengl* support, and TARGET for glesv2"
This fixes the taskbar thumbnails.
Thanks to LuckyCyborg, ctrlaltca, and Heinz Wiesinger.
kde/plasma-integration-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.25.0-x86_64-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.25.0-x86_64-1.txz: Upgraded.
kde/powerdevil-5.25.0-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.25.0-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.25.0-x86_64-1.txz: Upgraded.
kde/systemsettings-5.25.0-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.25.0-x86_64-1.txz: Upgraded.
l/libzip-1.9.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.52-x86_64-1.txz: Upgraded.
l/qt5-5.15.4_20220611_cc851c42-x86_64-1.txz: Upgraded.
Thanks to ctrlaltca for the link to the gcc12 patch.
l/talloc-2.3.4-x86_64-1.txz: Upgraded.
l/tdb-1.4.7-x86_64-1.txz: Upgraded.
l/tevent-0.12.1-x86_64-1.txz: Upgraded.
n/bind-9.18.4-x86_64-1.txz: Upgraded.
n/dovecot-2.3.19.1-x86_64-1.txz: Upgraded.
n/ethtool-5.18-x86_64-1.txz: Upgraded.
n/samba-4.16.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
Added liblz4 for fsck.f2fs. Thanks to Brent Earl.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Added liblz4 for fsck.f2fs. Thanks to Brent Earl.
20220615182959 | Patrick J Volkerding | 2022-06-16 | 1 | -2/+2 |
* | Mon May 2 20:02:49 UTC 2022...a/hwdata-0.359-noarch-1.txz: Upgraded.
a/kernel-firmware-20220502_c3624eb-noarch-1.txz: Upgraded.
ap/htop-3.2.0-x86_64-1.txz: Upgraded.
d/gdb-12.1-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-17.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/cantor-22.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/kfilemetadata-5.93.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/kile-2.9.93-x86_64-16.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/kitinerary-22.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/krita-5.0.6-x86_64-3.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/okular-22.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.04.0.
l/fuse3-3.11.0-x86_64-1.txz: Upgraded.
l/libxml2-2.9.14-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Fix integer overflow in xmlBuf and xmlBuffer.
Fix potential double-free in xmlXPtrStringRangeFunction.
Fix memory leak in xmlFindCharEncodingHandler.
Normalize XPath strings in-place.
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars().
Fix leak of xmlElementContent.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
(* Security fix *)
l/poppler-22.04.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/samba-4.16.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.samba.org/samba/history/samba-4.16.1.html
xap/mozilla-firefox-100.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/100.0/releasenotes/
20220502200249 | Patrick J Volkerding | 2022-05-03 | 1 | -2/+2 |
* | Wed Mar 23 17:25:36 UTC 2022...ap/dash-0.5.11.5-x86_64-1.txz: Upgraded.
d/parallel-20220322-noarch-1.txz: Upgraded.
l/adwaita-icon-theme-42.0-noarch-1.txz: Upgraded.
l/gsettings-desktop-schemas-42.0-x86_64-1.txz: Upgraded.
l/harfbuzz-4.1.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_28-x86_64-1.txz: Upgraded.
l/libqalculate-4.1.0-x86_64-1.txz: Upgraded.
l/rubygem-asciidoctor-2.0.17-x86_64-1.txz: Upgraded.
Upgraded and built for Ruby 3.1.1. Thanks to marrowsuck.
n/NetworkManager-1.36.4-x86_64-1.txz: Upgraded.
n/fetchmail-6.4.29-x86_64-1.txz: Upgraded.
n/iproute2-5.17.0-x86_64-1.txz: Upgraded.
n/samba-4.16.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-98.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/98.0.2/releasenotes/
xap/network-manager-applet-1.26.0-x86_64-1.txz: Upgraded.
20220323172536 | Patrick J Volkerding | 2022-03-24 | 1 | -2/+2 |
* | Wed Mar 16 01:46:29 UTC 2022...l/jasper-3.0.3-x86_64-1.txz: Upgraded.
l/qt5-5.15.3_20220312_33a3f16f-x86_64-1.txz: Upgraded.
If a 32-bit userspace is detected, then:
export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
This works around crashes occuring with 32-bit QtWebEngine applications.
Thanks to alienBOB.
n/krb5-1.19.3-x86_64-1.txz: Upgraded.
n/samba-4.15.6-x86_64-1.txz: Upgraded.
n/stunnel-5.63-x86_64-1.txz: Upgraded.
20220316014629 | Patrick J Volkerding | 2022-03-16 | 1 | -2/+2 |
* | Tue Feb 1 04:37:04 UTC 2022...The sepulchral voice intones, "The cave is now closed."
kde/falkon-3.2.0-x86_64-1.txz: Upgraded.
kde/ktexteditor-5.90.0-x86_64-2.txz: Rebuilt.
[PATCH] only start programs in user's path.
[PATCH] only execute diff in path.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
(* Security fix *)
l/libcanberra-0.30-x86_64-9.txz: Rebuilt.
Fix a bug crashing some applications in Wayland desktops.
Thanks to 01micko.
n/samba-4.15.5-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
UNIX extensions in SMB1 disclose whether the outside target of a symlink
exists.
Out-of-Bound Read/Write on Samba vfs_fruit module. This vulnerability
allows remote attackers to execute arbitrary code as root on affected Samba
installations that use the VFS module vfs_fruit.
Re-adding an SPN skips subsequent SPN conflict checks. An attacker who has
the ability to write to an account can exploit this to perform a
denial-of-service attack by adding an SPN that matches an existing service.
Additionally, an attacker who can intercept traffic can impersonate existing
services, resulting in a loss of confidentiality and integrity.
For more information, see:
https://www.samba.org/samba/security/CVE-2021-44141.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141
https://www.samba.org/samba/security/CVE-2021-44142.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142
https://www.samba.org/samba/security/CVE-2022-0336.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336
(* Security fix *)
x/xterm-370-x86_64-7.txz: Rebuilt.
Rebuilt with --disable-sixel-graphics to fix a buffer overflow.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24130
(* Security fix *)
testing/source/linux-5.16.4-configs/*: Added.
Sample config files to build 5.16.4 Linux kernels.
20220201043704 | Patrick J Volkerding | 2022-02-01 | 1 | -2/+2 |
* | Wed Jan 19 18:18:02 UTC 2022...ap/inxi-3.3.12_1-noarch-1.txz: Upgraded.
ap/man-db-2.9.4-x86_64-3.txz: Rebuilt.
Don't use --no-purge in the daily cron job to update the databases.
l/gst-plugins-bad-free-1.18.5-x86_64-4.txz: Rebuilt.
Link against neon-0.32.2. Thanks to marav.
n/bind-9.16.25-x86_64-1.txz: Upgraded.
n/ethtool-5.16-x86_64-1.txz: Upgraded.
n/samba-4.15.4-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.10-x86_64-1.txz: Upgraded.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant
before 2.10 are vulnerable to side-channel attacks as a result of cache
access patterns.
NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304
(* Security fix *)
x/xterm-370-x86_64-6.txz: Rebuilt.
XTerm-console: improve the font settings. Thanks to GazL.
20220119181802 | Patrick J Volkerding | 2022-01-20 | 1 | -2/+2 |
* | Wed Dec 8 20:42:30 UTC 2021...a/kernel-generic-5.15.7-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.7-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.7-x86_64-1.txz: Upgraded.
d/kernel-headers-5.15.7-x86-1.txz: Upgraded.
k/kernel-source-5.15.7-noarch-1.txz: Upgraded.
n/samba-4.15.3-x86_64-1.txz: Upgraded.
This release fixes bugs and these regressions in the 4.15.2 release:
CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
PLEASE [RE-]READ!
The instructions have been updated and some workarounds initially advised
for 4.15.2 are no longer required and should be reverted in most cases.
BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable. While this release should fix this bug, it is advised to have
a look at the bug report for more detailed information, see:
https://bugzilla.samba.org/show_bug.cgi?id=14902
For more information, see:
https://www.samba.org/samba/security/CVE-2020-25717.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717
(* Security fix *)
x/libX11-1.7.3-x86_64-1.txz: Upgraded.
x/xscope-1.4.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.4.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.4.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528
(* Security fix *)
xfce/exo-4.16.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20211208204230 | Patrick J Volkerding | 2021-12-09 | 1 | -2/+2 |
* | Wed Nov 10 20:32:37 UTC 2021...d/python3-3.9.8-x86_64-1.txz: Upgraded.
l/libtasn1-4.18.0-x86_64-1.txz: Upgraded.
n/curl-7.80.0-x86_64-1.txz: Upgraded.
n/ethtool-5.15-x86_64-1.txz: Upgraded.
n/samba-4.15.2-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
SMB1 client connections can be downgraded to plaintext authentication.
A user on the domain can become root on domain members.
Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC.
Samba AD DC did not always rely on the SID and PAC in Kerberos tickets.
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid).
Samba AD DC did not do suffienct access and conformance checking of data
stored.
Use after free in Samba AD DC RPC server.
Subsequent DCE/RPC fragment injection vulnerability.
For more information, see:
https://www.samba.org/samba/security/CVE-2016-2124.html
https://www.samba.org/samba/security/CVE-2020-25717.html
^^ (PLEASE READ! There are important behaviour changes described)
https://www.samba.org/samba/security/CVE-2020-25718.html
https://www.samba.org/samba/security/CVE-2020-25719.html
https://www.samba.org/samba/security/CVE-2020-25721.html
https://www.samba.org/samba/security/CVE-2020-25722.html
https://www.samba.org/samba/security/CVE-2021-3738.html
https://www.samba.org/samba/security/CVE-2021-23192.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192
(* Security fix *)
x/xorg-server-xwayland-21.1.3-x86_64-1.txz: Upgraded.
20211110203237 | Patrick J Volkerding | 2021-11-11 | 1 | -2/+2 |
* | Thu Oct 28 01:11:07 UTC 2021...a/kernel-generic-5.14.15-x86_64-1.txz: Upgraded.
a/kernel-huge-5.14.15-x86_64-1.txz: Upgraded.
a/kernel-modules-5.14.15-x86_64-1.txz: Upgraded.
d/cmake-3.21.4-x86_64-1.txz: Upgraded.
d/kernel-headers-5.14.15-x86-1.txz: Upgraded.
k/kernel-source-5.14.15-noarch-1.txz: Upgraded.
We're going to go ahead and take both of those changes that were considered
in /testing. GazL almost had me talked out of the autogroup change, but it's
easy to disable if traditional "nice" behavior is important to someone.
-DRM_I810 n
-INLINE_READ_UNLOCK y
-INLINE_READ_UNLOCK_IRQ y
-INLINE_SPIN_UNLOCK_IRQ y
-INLINE_WRITE_UNLOCK y
-INLINE_WRITE_UNLOCK_IRQ y
PREEMPT n -> y
PREEMPT_VOLUNTARY y -> n
SCHED_AUTOGROUP n -> y
+CEC_GPIO n
+DEBUG_PREEMPT y
+PREEMPTION y
+PREEMPT_COUNT y
+PREEMPT_DYNAMIC y
+PREEMPT_RCU y
+PREEMPT_TRACER n
+RCU_BOOST n
+TASKS_RCU y
+UNINLINE_SPIN_UNLOCK y
kde/plasma-desktop-5.23.2.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_12-x86_64-1.txz: Upgraded.
l/librsvg-2.52.3-x86_64-1.txz: Upgraded.
n/bind-9.16.22-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issue:
The "lame-ttl" option is now forcibly set to 0. This effectively disables
the lame server cache, as it could previously be abused by an attacker to
significantly degrade resolver performance.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219
(* Security fix *)
n/c-ares-1.18.1-x86_64-1.txz: Upgraded.
n/samba-4.15.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20211028011107 | Patrick J Volkerding | 2021-10-28 | 1 | -2/+2 |
* | Mon Sep 20 18:49:19 UTC 2021...a/acpid-2.0.33-x86_64-1.txz: Upgraded.
n/nghttp2-1.45.0-x86_64-1.txz: Upgraded.
n/samba-4.15.0-x86_64-1.txz: Upgraded.
x/libXi-1.8-x86_64-1.txz: Upgraded.
x/libva-2.13.0-x86_64-1.txz: Upgraded.
Build with enable_va_messaging=false to avoid console spam. Thanks to GazL.
x/wayland-protocols-1.23-noarch-1.txz: Upgraded.
x/xf86-input-libinput-1.2.0-x86_64-1.txz: Upgraded.
x/xorgproto-2021.5-x86_64-1.txz: Upgraded.
xap/pan-0.147-x86_64-1.txz: Upgraded.
20210920184919 | Patrick J Volkerding | 2021-09-21 | 1 | -2/+2 |
* | Tue Aug 24 19:40:54 UTC 2021...a/openssl-solibs-1.1.1l-x86_64-1.txz: Upgraded.
kde/krita-4.4.8-x86_64-1.txz: Upgraded.
l/json-glib-1.6.6-x86_64-1.txz: Upgraded.
l/libarchive-3.5.2-x86_64-1.txz: Upgraded.
n/bluez-5.61-x86_64-1.txz: Upgraded.
n/openssl-1.1.1l-x86_64-1.txz: Upgraded.
Fixed an SM2 Decryption Buffer Overflow.
Fixed various read buffer overruns processing ASN.1 strings.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
(* Security fix *)
n/samba-4.14.7-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-91.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.0.2/releasenotes/
20210824194054 | Patrick J Volkerding | 2021-08-25 | 1 | -2/+2 |
* | Tue Jul 13 20:51:28 UTC 2021...xap/seamonkey-2.53.8-x86_64-2.txz: Rebuilt.
Fixed desktop files changing Terminal=0 to Terminal=false. Thanks to marav.
20210713205128 | Patrick J Volkerding | 2021-07-14 | 1 | -2/+2 |
* | Tue Jun 1 18:41:29 UTC 2021...l/gsl-2.7-x86_64-1.txz: Upgraded.
l/mozjs78-78.11.0esr-x86_64-1.txz: Upgraded.
n/samba-4.14.5-x86_64-1.txz: Upgraded.
20210601184129 | Patrick J Volkerding | 2021-06-02 | 1 | -2/+2 |
* | Thu Apr 29 18:49:00 UTC 2021...a/less-581.2-x86_64-1.txz: Upgraded.
ap/nano-5.7-x86_64-1.txz: Upgraded.
d/cmake-3.20.2-x86_64-1.txz: Upgraded.
n/httpd-2.4.47-x86_64-1.txz: Upgraded.
n/samba-4.14.4-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defect:
Negative idmap cache entries can cause incorrect group entries in the
Samba file server process token.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20254
https://www.samba.org/samba/security/CVE-2021-20254.html
(* Security fix *)
extra/php8/php8-8.0.5-x86_64-1.txz: Upgraded.
20210429184900 | Patrick J Volkerding | 2021-04-30 | 1 | -2/+2 |
* | Tue Apr 20 19:44:02 UTC 2021...ap/slackpkg-15.0.2-noarch-1.txz: Upgraded.
Fix break error messages (dive)
Remove now pointless if/then/else (dive)
Safer config sourcing (dive)
files/slackpkg: replace #!/bin/sh with #!/bin/bash (Eugen Wissner)
Don't create blacklist when running update (dive)
Add show-changelog & help to non-root commands (dive)
Improve search blacklisting (dive)
Fix package duplicate bug (PiterPunk)
Thanks to Robby Workman.
ap/sqlite-3.35.5-x86_64-1.txz: Upgraded.
kde/kwin-5.21.4-x86_64-2.txz: Rebuilt.
Delay closing Wayland streams. Thanks to LuckyCyborg.
kde/okteta-0.26.6-x86_64-1.txz: Upgraded.
l/libtiff-4.3.0-x86_64-1.txz: Upgraded.
n/libgcrypt-1.9.3-x86_64-1.txz: Upgraded.
n/samba-4.14.3-x86_64-1.txz: Upgraded.
x/xorg-cf-files-1.0.6-x86_64-6.txz: Rebuilt.
Patched to fix an incompatibility introduced by binutils-2.36.
Thanks to BenCollver.
xap/seamonkey-2.53.7.1-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.7.1
(* Security fix *)
20210420194402 | Patrick J Volkerding | 2021-04-21 | 1 | -2/+2 |
* | Wed Mar 10 20:32:52 UTC 2021...ap/vim-8.2.2585-x86_64-1.txz: Upgraded.
d/git-2.30.2-x86_64-1.txz: Upgraded.
l/python-dnspython-2.1.0-x86_64-1.txz: Added.
This is needed by samba-4.14.0.
l/python-markdown-3.3.4-x86_64-1.txz: Added.
This is needed by samba-4.14.0.
n/samba-4.14.0-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.2.2585-x86_64-1.txz: Upgraded.
xfce/elementary-xfce-0.15.2-x86_64-1.txz: Upgraded.
20210310203252 | Patrick J Volkerding | 2021-03-11 | 1 | -2/+2 |
* | Wed Mar 10 01:30:34 UTC 2021...a/kernel-generic-5.10.22-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.22-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.22-x86_64-1.txz: Upgraded.
a/sysklogd-2.2.2-x86_64-1.txz: Upgraded.
d/bison-3.7.6-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.22-x86-1.txz: Upgraded.
d/mercurial-5.7.1-x86_64-1.txz: Upgraded.
k/kernel-source-5.10.22-noarch-1.txz: Upgraded.
l/netpbm-10.93.01-x86_64-1.txz: Upgraded.
n/samba-4.13.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-78.8.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/78.8.1/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/linux-5.11.x/kernel-generic-5.11.5-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-headers-5.11.5-x86-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-huge-5.11.5-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-modules-5.11.5-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-source-5.11.5-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20210310013034 | Patrick J Volkerding | 2021-03-10 | 1 | -2/+2 |
* | Wed Jan 27 20:44:08 UTC 2021...a/kernel-generic-5.10.11-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.11-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.11-x86_64-1.txz: Upgraded.
a/libbytesize-2.5-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.11-x86-1.txz: Upgraded.
k/kernel-source-5.10.11-noarch-1.txz: Upgraded.
l/imagemagick-7.0.10_60-x86_64-1.txz: Upgraded.
l/python-urllib3-1.26.3-x86_64-1.txz: Upgraded.
n/samba-4.13.4-x86_64-1.txz: Upgraded.
x/wayland-1.19.0-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.16.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20210127204408 | Patrick J Volkerding | 2021-01-28 | 1 | -2/+2 |
* | Tue Dec 15 20:39:53 UTC 2020...d/python-pip-20.3.3-x86_64-1.txz: Upgraded.
kde/sddm-0.19.0-x86_64-3.txz: Rebuilt.
In SDDM's Xsession script, don't source $HOME/.xsession as this may launch
the wrong session type or cause dbus-run-session to start twice breaking
logout.
l/orc-0.4.32-x86_64-1.txz: Upgraded.
l/pipewire-0.3.18-x86_64-1.txz: Upgraded.
l/python-chardet-4.0.0-x86_64-1.txz: Upgraded.
l/python-packaging-20.8-x86_64-1.txz: Upgraded.
n/samba-4.13.3-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-78.6.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/78.6.0/releasenotes/
xfce/mousepad-0.5.0-x86_64-1.txz: Upgraded.
20201215203953 | Patrick J Volkerding | 2020-12-16 | 1 | -2/+2 |
* | Wed Nov 4 19:33:47 UTC 2020...ap/mariadb-10.5.7-x86_64-1.txz: Upgraded.
l/libcap-2.45-x86_64-1.txz: Upgraded.
l/poppler-data-0.4.10-noarch-1.txz: Upgraded.
n/samba-4.13.2-x86_64-1.txz: Upgraded.
x/libdrm-2.4.103-x86_64-1.txz: Upgraded.
testing/packages/vtown/kde/sddm-0.18.1-x86_64-1_vtown_2.txz: Rebuilt.
Fixed installation of pam.d files. Thanks to alienBOB.
20201104193347 | Patrick J Volkerding | 2020-11-05 | 1 | -2/+2 |
* | Thu Oct 29 21:55:56 UTC 2020...a/aaa_elflibs-15.0-x86_64-26.txz: Rebuilt.
Upgraded: liblber-2.4.so.2.11.3, libldap-2.4.so.2.11.3, libmpc.so.3.2.1.
Added temporarily to allow for third-party packages to be recompiled:
libHalf.so.12.0.0, libIex-2_2.so.12.0.0, libIexMath-2_2.so.12.0.0,
libIlmImf-2_2.so.22.0.0, libIlmImfUtil-2_2.so.22.0.0,
libIlmThread-2_2.so.12.0.0, libImath-2_2.so.12.0.0,
libpoppler-qt4.so.4.11.0, libpoppler.so.79.0.0.
a/kernel-generic-5.4.73-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.73-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.73-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.73-x86-1.txz: Upgraded.
k/kernel-source-5.4.73-noarch-1.txz: Upgraded.
l/LibRaw-0.20.2-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/exiv2-0.27.3-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/gegl-0.4.26-x86_64-2.txz: Rebuilt.
Recompiled against openexr-2.5.3.
l/gexiv2-0.12.1-x86_64-1.txz: Upgraded.
Compiled against exiv2-0.27.3.
l/graphene-1.10.2-x86_64-1.txz: Added.
l/gst-plugins-base-1.18.1-x86_64-2.txz: Rebuilt.
Recompiled against system libgraphene.
l/ilmbase-2.2.0-x86_64-2.txz: Removed.
These libraries are now part of openexr.
l/imagemagick-7.0.10_34-x86_64-2.txz: Rebuilt.
Recompiled against LibRaw-0.20.2 and openexr-2.5.3.
l/openexr-2.5.3-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/poppler-20.10.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Qt4 support dropped.
n/samba-4.13.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
Missing handle permissions check in SMB1/2/3 ChangeNotify.
Denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383
(* Security fix *)
xap/geeqie-1.5.1-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.27.3.
xap/gimp-2.10.22-x86_64-2.txz: Rebuilt.
Recompiled against openexr-2.5.3.
xap/xlockmore-5.66-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20201029215556 | Patrick J Volkerding | 2020-10-30 | 1 | -2/+2 |
* | Thu Jul 2 19:18:33 UTC 2020...d/mercurial-5.4.2-x86_64-1.txz: Upgraded.
d/nasm-2.15.02-x86_64-1.txz: Upgraded.
l/glib2-2.64.4-x86_64-1.txz: Upgraded.
n/samba-4.12.5-x86_64-1.txz: Upgraded.
x/libXaw3dXft-1.6.2g-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-68.10.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.10.0/releasenotes/
20200702191833 | Patrick J Volkerding | 2020-07-03 | 1 | -2/+2 |
* | Wed May 20 23:53:44 UTC 2020...a/kernel-firmware-20200519_8ba6fa6-noarch-1.txz: Upgraded.
a/kernel-generic-5.4.42-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.42-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.42-x86_64-1.txz: Upgraded.
a/util-linux-2.35.2-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.42-x86-1.txz: Upgraded.
d/python-pip-20.1.1-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.42-noarch-1.txz: Upgraded.
l/glib2-2.64.3-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.52.1-x86_64-1.txz: Upgraded.
n/samba-4.12.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20200520235344 | Patrick J Volkerding | 2020-05-21 | 1 | -2/+2 |
* | Tue Apr 28 20:18:40 UTC 2020...ap/cups-2.3.3-x86_64-1.txz: Upgraded.
This update fixes two security issues:
The ppdOpen function did not handle invalid UI constraint.
ppdcSource::get_resolution function did not handle invalid resolution strings.
The ippReadIO function may under-read an extension.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842
(* Security fix *)
l/imagemagick-7.0.10_10-x86_64-1.txz: Upgraded.
n/samba-4.12.2-x86_64-1.txz: Upgraded.
This update fixes two security issues:
A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a
use-after-free in Samba's AD DC LDAP server.
A deeply nested filter in an un-authenticated LDAP search can exhaust the
LDAP server's stack memory causing a SIGSEGV.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704
(* Security fix *)
testing/packages/PAM/cups-2.3.3-x86_64-1_pam.txz: Upgraded.
This update fixes two security issues:
The ppdOpen function did not handle invalid UI constraint.
ppdcSource::get_resolution function did not handle invalid resolution strings.
The ippReadIO function may under-read an extension.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842
(* Security fix *)
testing/packages/PAM/samba-4.12.2-x86_64-1_pam.txz: Upgraded.
This update fixes two security issues:
A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a
use-after-free in Samba's AD DC LDAP server.
A deeply nested filter in an un-authenticated LDAP search can exhaust the
LDAP server's stack memory causing a SIGSEGV.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704
(* Security fix *)
20200428201840 | Patrick J Volkerding | 2020-04-29 | 1 | -2/+2 |
* | Tue Apr 7 22:23:02 UTC 2020...testing/packages/PAM/samba-4.12.1-x86_64-1_pam.txz: Upgraded.
20200407222302 | Patrick J Volkerding | 2020-04-08 | 1 | -2/+2 |
* | Wed Mar 4 01:39:54 UTC 2020...xap/seamonkey-2.53.1-x86_64-2.txz: Rebuilt.
Fixed $LIBDIRSUFFIX for 32-bit. Thanks to ljb643.
20200304013954 | Patrick J Volkerding | 2020-03-04 | 1 | -2/+2 |
* | Tue Jan 28 21:39:57 UTC 2020...ap/mariadb-10.4.12-x86_64-1.txz: Upgraded.
This fixes a potential denial-of-service vulnerability.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2574
(* Security fix *)
l/imagemagick-7.0.9_20-x86_64-1.txz: Upgraded.
n/dhcpcd-8.1.6-x86_64-1.txz: Upgraded.
n/samba-4.11.6-x86_64-1.txz: Upgraded.
x/mesa-19.3.3-x86_64-1.txz: Upgraded.
20200128213957 | Patrick J Volkerding | 2020-01-29 | 1 | -2/+2 |
* | Tue Jan 21 21:23:01 UTC 2020...a/aaa_elflibs-15.0-x86_64-19.txz: Rebuilt.
Upgraded: libcap.so.2.31, libgmp.so.10.4.0, libgmpxx.so.4.6.0.
Added: libgssapi_krb5.so.2.2, libk5crypto.so.3.1, libkrb5.so.3.3,
libkrb5support.so.0.1.
a/util-linux-2.35-x86_64-1.txz: Upgraded.
d/python-pip-20.0.1-x86_64-1.txz: Upgraded.
l/Mako-1.1.1-x86_64-1.txz: Upgraded.
l/keyutils-1.6.1-x86_64-1.txz: Upgraded.
n/krb5-1.17-x86_64-1.txz: Added.
Nothing links to this yet, but we'll need it soon enough. :-)
n/php-7.4.2-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Standard: OOB read in php_strip_tags_ex
Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
(* Security fix *)
n/samba-4.11.5-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Replication of ACLs set to inherit down a subtree on AD Directory
not automatic.
Crash after failed character conversion at log level 3 or above.
Use after free during DNS zone scavenging in Samba AD DC.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344
(* Security fix *)
xap/gparted-1.1.0-x86_64-1.txz: Upgraded.
20200121212301 | Patrick J Volkerding | 2020-01-21 | 1 | -2/+2 |
* | Mon Dec 16 23:13:10 UTC 2019...a/usb_modeswitch-2.5.2-x86_64-2.txz: Rebuilt.
Seems there's a regression in usb_modeswitch-2.6.0, so let's revert to
usb_modeswitch-2.5.2 but keep the latest usb-modeswitch-data-20191128.
Thanks to Lockywolf.
l/fuse3-3.9.0-x86_64-2.txz: Rebuilt.
Install fuse.conf as fuse.conf.new. This won't prevent an existing config
file from being overwritten with this upgrade, but it will prevent that
from happening again moving forward. Thanks to chrisVV.
20191216231310 | Patrick J Volkerding | 2019-12-17 | 1 | -2/+2 |
* | Tue Dec 10 18:52:42 UTC 2019...l/dconf-0.34.0-x86_64-2.txz: Rebuilt.
Rebuilt using the sed replacements suggested by LFS. This fixes a
subsequent build of dconf-editor.
l/glib-networking-2.62.2-x86_64-1.txz: Upgraded.
n/samba-4.11.3-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Samba AD DC zone-named record Denial of Service in DNS management server.
DelegationNotAllowed was not enforced in protocol transition on Samba AD DC.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870
(* Security fix *)
x/vulkan-sdk-1.1.126.0-x86_64-1.txz: Upgraded.
20191210185242 | Patrick J Volkerding | 2019-12-11 | 1 | -2/+2 |
* | Tue Oct 29 20:09:01 UTC 2019...a/aaa_elflibs-15.0-x86_64-14.txz: Rebuilt.
Upgraded: libglib-2.0.so.0.6200.2, libgmodule-2.0.so.0.6200.2,
libgobject-2.0.so.0.6200.2, libgthread-2.0.so.0.6200.2.
Added: libgomp.so.1.0.0.
a/kernel-firmware-20191029_4065643-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.81-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.81-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.81-x86_64-1.txz: Upgraded.
ap/sudo-1.8.29-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.81-x86-1.txz: Upgraded.
d/python-setuptools-41.6.0-x86_64-1.txz: Upgraded.
k/kernel-source-4.19.81-noarch-1.txz: Upgraded.
l/harfbuzz-2.6.3-x86_64-1.txz: Upgraded.
n/samba-4.11.2-x86_64-1.txz: Upgraded.
This update fixes bugs and these security issues:
Client code can return filenames containing path separators.
Samba AD DC check password script does not receive the full password.
User with "get changes" permission can crash AD DC LDAP server via dirsync.
For more information, see:
https://www.samba.org/samba/security/CVE-2019-10218.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10218
https://www.samba.org/samba/security/CVE-2019-14833.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14833
https://www.samba.org/samba/security/CVE-2019-14847.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14847
(* Security fix *)
x/libglvnd-1.2.0-x86_64-4.txz: Rebuilt.
Applied upstream patches to fix EGL/eglplatform.h.
x/xorg-server-1.20.5-x86_64-3.txz: Rebuilt.
#define EGL_NO_X11 to fix glamor build against libglvnd-1.2.0.
x/xorg-server-xephyr-1.20.5-x86_64-3.txz: Rebuilt.
x/xorg-server-xnest-1.20.5-x86_64-3.txz: Rebuilt.
x/xorg-server-xvfb-1.20.5-x86_64-3.txz: Rebuilt.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20191029200901 | Patrick J Volkerding | 2019-10-30 | 1 | -2/+2 |
* | Fri Oct 18 21:00:50 UTC 2019...a/getty-ps-2.1.0b-x86_64-4.txz: Removed.
a/lha-114i-x86_64-2.txz: Removed.
Removed due to vague licensing terms.
a/lhasa-0.3.1-x86_64-1.txz: Added.
This is an extraction-only LHA utility with an OSI approved license.
a/shadow-4.7-x86_64-2.txz: Rebuilt.
Added /etc/environment.new to fix "sudo -i" noise.
ap/lm_sensors-3.6.0-x86_64-1.txz: Upgraded.
ap/vim-8.1.2174-x86_64-1.txz: Upgraded.
l/netpbm-10.88.00-x86_64-1.txz: Upgraded.
n/ca-certificates-20191018-noarch-1.txz: Upgraded.
n/samba-4.11.1-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.2174-x86_64-1.txz: Upgraded.
xap/xfractint-20.04p13-x86_64-2.txz: Removed.
xap/xv-3.10a-x86_64-9.txz: Removed.
extra/getty-ps/getty-ps-2.1.0b-x86_64-4.txz: Rebuilt.
Moved here from the A series due to commercial use restrictions.
extra/xfractint/xfractint-20.04p14-x86_64-1.txz: Upgraded.
Moved here from the XAP series due to commercial use restrictions.
extra/xv/xv-3.10a-x86_64-9.txz: Rebuilt.
Moved here from the XAP series due to non-commercial use shareware license.
20191018210050 | Patrick J Volkerding | 2019-10-19 | 1 | -2/+2 |
* | Mon Oct 7 04:41:29 UTC 2019...a/aaa_elflibs-15.0-x86_64-12.txz: Rebuilt.
Upgraded: libexpat.so.1.6.11, libglib-2.0.so.0.6200.1,
libgmodule-2.0.so.0.6200.1, libgobject-2.0.so.0.6200.1,
libgthread-2.0.so.0.6200.1.
Added temporarily until third party packages have been recompiled:
libicudata.so.64.2, libicui18n.so.64.2, libicuio.so.64.2,
libicutest.so.64.2, libicutu.so.64.2, libicuuc.so.64.2.
a/xfsprogs-5.2.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-65.1.
ap/sqlite-3.30.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-65.1.
kde/calligra-2.9.11-x86_64-32.txz: Rebuilt.
Recompiled against icu4c-65.1.
l/boost-1.71.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-65.1.
l/harfbuzz-2.6.2-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-65.1.
l/icu4c-65.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libical-3.0.6-x86_64-3.txz: Rebuilt.
Recompiled against icu4c-65.1.
l/libvisio-0.1.7-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-65.1.
l/qt-4.8.7-x86_64-14.txz: Rebuilt.
Recompiled against icu4c-65.1.
l/raptor2-2.0.15-x86_64-8.txz: Rebuilt.
Recompiled against icu4c-65.1.
n/dovecot-2.3.7.2-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-65.1.
n/php-7.3.10-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-65.1.
n/postfix-3.4.7-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-65.1.
n/samba-4.11.0-x86_64-1.txz: Upgraded.
n/tin-2.4.3-x86_64-3.txz: Rebuilt.
Recompiled against icu4c-65.1.
t/texlive-2019.190626-x86_64-3.txz: Rebuilt.
Recompiled against icu4c-65.1.
20191007044129 | Patrick J Volkerding | 2019-10-07 | 1 | -2/+2 |
* | Tue Sep 3 19:30:54 UTC 2019...l/dbus-python-1.2.10-x86_64-1.txz: Upgraded.
l/glib2-2.60.7-x86_64-1.txz: Upgraded.
l/librsvg-2.44.15-x86_64-1.txz: Upgraded.
l/pyparsing-2.4.2-x86_64-1.txz: Upgraded.
n/samba-4.10.8-x86_64-1.txz: Upgraded.
This update addresses a security issue:
On a Samba SMB server for all versions of Samba from 4.9.0 clients are
able to escape outside the share root directory if certain
configuration parameters set in the smb.conf file.
For more information, see:
https://www.samba.org/samba/security/CVE-2019-10197.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10197
(* Security fix *)
20190903193054 | Patrick J Volkerding | 2019-09-04 | 1 | -2/+2 |
* | Thu Aug 22 18:57:26 UTC 2019...a/kernel-firmware-20190821_c0fb3d9-noarch-1.txz: Upgraded.
a/xfsprogs-5.2.1-x86_64-1.txz: Upgraded.
ap/cups-filters-1.25.3-x86_64-1.txz: Upgraded.
d/python-setuptools-41.2.0-x86_64-1.txz: Upgraded.
d/swig-4.0.1-x86_64-1.txz: Upgraded.
n/bind-9.14.5-x86_64-1.txz: Upgraded.
n/dhcpcd-8.0.3-x86_64-1.txz: Upgraded.
n/samba-4.10.7-x86_64-1.txz: Upgraded.
xap/geeqie-1.5.1-x86_64-1.txz: Upgraded.
20190822185726 | Patrick J Volkerding | 2019-08-23 | 1 | -2/+2 |
* | Wed Jul 10 23:56:13 UTC 2019...a/glibc-zoneinfo-2019b-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.58-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.58-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.58-x86_64-1.txz: Upgraded.
d/Cython-0.29.12-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.58-x86-1.txz: Upgraded.
d/mercurial-5.0.2-x86_64-1.txz: Upgraded.
d/python3-3.7.4-x86_64-1.txz: Upgraded.
k/kernel-source-4.19.58-noarch-1.txz: Upgraded.
l/glib2-2.60.5-x86_64-1.txz: Upgraded.
n/gnupg2-2.2.17-x86_64-1.txz: Upgraded.
n/iproute2-5.2.0-x86_64-1.txz: Upgraded.
n/samba-4.10.6-x86_64-1.txz: Upgraded.
x/libva-utils-2.5.0-x86_64-1.txz: Upgraded.
x/mesa-19.1.2-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.0esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements. Some of the patched
flaws are considered critical, and could be used to run attacker code and
install software, requiring no user interaction beyond normal browsing.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11709
(* Security fix *)
xap/mozilla-thunderbird-60.8.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/60.8.0/releasenotes/
xfce/garcon-0.6.3-x86_64-2.txz: Rebuilt.
Patched crash bug.
Installed gtk-doc HTML docs.
Thanks to Robby Workman.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/blueman-2.1.1-x86_64-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
20190710235613 | Patrick J Volkerding | 2019-07-11 | 1 | -2/+2 |