| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
d/cmake-3.29.3-x86_64-1.txz: Upgraded.
l/adwaita-icon-theme-46.0-noarch-2.txz: Rebuilt.
Restore icons that went missing after adwaita-icon-theme-41.0.
l/glib2-2.80.2-x86_64-1.txz: Upgraded.
l/libgnt-2.14.4_dev-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.100-x86_64-1.txz: Upgraded.
n/samba-4.20.1-x86_64-1.txz: Upgraded.
x/mesa-24.0.7-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/btrfs-progs-6.8-x86_64-1.txz: Upgraded.
a/gpm-1.20.7-x86_64-10.txz: Rebuilt.
Clean up the compile fix patch omitting the Emacs Lisp file.
Clean up and apply the weak-wgetch patch.
Build using the option --without-curses.
Thanks to qunying.
a/util-linux-2.40-x86_64-1.txz: Upgraded.
This release fixes a vulnerability where the wall command did not filter
escape sequences from command line arguments, allowing unprivileged users
to put arbitrary text on other users terminals.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28085
(* Security fix *)
d/rust-1.77.1-x86_64-1.txz: Upgraded.
l/fluidsynth-2.3.5-x86_64-1.txz: Upgraded.
l/protobuf-26.1-x86_64-1.txz: Upgraded.
l/python-build-1.2.1-x86_64-1.txz: Upgraded.
n/samba-4.20.0-x86_64-1.txz: Upgraded.
x/mesa-24.0.4-x86_64-1.txz: Upgraded.
xap/seamonkey-2.53.18.2-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.2
(* Security fix *)
|
| |
|
|
|
|
|
| |
l/giflib-5.2.2-x86_64-1.txz: Upgraded.
l/libwnck3-43.0-x86_64-2.txz: Rebuilt.
Fixed crash bug. Thanks to fulalas.
n/samba-4.19.5-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
a/procps-ng-3.3.17-x86_64-3.txz: Rebuilt.
Add /etc/default/sysctl to support custom options for sysctl in rc.S.
Thanks to lostintime.
a/sysvinit-scripts-15.1-noarch-12.txz: Rebuilt.
rc.S: support /etc/default/sysctl for custom options.
Thanks to lostintime.
l/imagemagick-7.1.1_26-x86_64-1.txz: Upgraded.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-1.txz: Upgraded.
n/samba-4.19.4-x86_64-1.txz: Upgraded.
x/imake-1.0.10-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
l/libqalculate-4.9.0-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.95-x86_64-1.txz: Upgraded.
l/v4l-utils-1.26.0-x86_64-2.txz: Rebuilt.
Do not overwrite gconv-modules from glibc - instead, install it to
gconv-modules.d/v4l-utils.conf.
If your /usr/lib{,64}/gconv/gconv-modules was overwritten causing character
conversion errors, reinstall the glibc package to fix this.
Thanks to glennmcc.
n/php-8.3.0-x86_64-1.txz: Upgraded.
n/samba-4.19.3-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defect:
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted objects
in the LDAP store. Upgrading to this package will not prevent this
information leak - if you are using Samba as an Active Directory Domain
Controller, you will need to follow the instructions in the samba.org link
given below.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-14628.html
https://www.cve.org/CVERecord?id=CVE-2018-14628
(* Security fix *)
x/libwacom-2.9.0-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/util-linux-2.39.2-x86_64-2.txz: Rebuilt.
Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's
'-h' option, used (for example) by telnetd. If -h is used without
/etc/pam.d/remote, pam will not be configured properly, and /etc/securetty
will be ignored, possibly allowing root to login from a tty that is not
considered secure. Of course, the usual disclaimers about the security of
telnet/telnetd apply.
Thanks to HytronBG and Petri Kaukasoina.
(* Security fix *)
ap/qpdf-11.6.3-x86_64-1.txz: Upgraded.
d/llvm-17.0.3-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-3.0.1-x86_64-1.txz: Upgraded.
l/tevent-0.16.0-x86_64-1.txz: Upgraded.
n/samba-4.19.2-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-5568
(* Security fix *)
x/OpenCC-1.1.7-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.2-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-6.1.57-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.57-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.57-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.57-x86-1.txz: Upgraded.
k/kernel-source-6.1.57-noarch-1.txz: Upgraded.
n/c-ares-1.20.1-x86_64-1.txz: Upgraded.
n/curl-8.4.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
Cookie injection with none file.
SOCKS5 heap buffer overflow.
For more information, see:
https://curl.se/docs/CVE-2023-38546.html
https://curl.se/docs/CVE-2023-38545.html
https://www.cve.org/CVERecord?id=CVE-2023-38546
https://www.cve.org/CVERecord?id=CVE-2023-38545
(* Security fix *)
n/nghttp2-1.57.0-x86_64-1.txz: Upgraded.
This release has a fix to mitigate the HTTP/2 Rapid Reset vulnerability.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg
https://www.cve.org/CVERecord?id=CVE-2023-44487
(* Security fix *)
n/samba-4.19.1-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
Unsanitized pipe names allow SMB clients to connect as root to existing
unix domain sockets on the file system.
SMB client can truncate files to 0 bytes by opening files with OVERWRITE
disposition when using the acl_xattr Samba VFS module with the smb.conf
setting "acl_xattr:ignore system acls = yes"
An RODC and a user with the GET_CHANGES right can view all attributes,
including secrets and passwords. Additionally, the access check fails
open on error conditions.
Calls to the rpcecho server on the AD DC can request that the server block
for a user-defined amount of time, denying service.
Samba can be made to start multiple incompatible RPC listeners, disrupting
service on the AD DC.
For more information, see:
https://www.samba.org/samba/security/CVE-2023-3961.html
https://www.samba.org/samba/security/CVE-2023-4091.html
https://www.samba.org/samba/security/CVE-2023-4154.html
https://www.samba.org/samba/security/CVE-2023-42669.html
https://www.samba.org/samba/security/CVE-2023-42670.html
https://www.cve.org/CVERecord?id=CVE-2023-3961
https://www.cve.org/CVERecord?id=CVE-2023-4091
https://www.cve.org/CVERecord?id=CVE-2023-4154
https://www.cve.org/CVERecord?id=CVE-2023-42669
https://www.cve.org/CVERecord?id=CVE-2023-42670
(* Security fix *)
xap/mozilla-thunderbird-115.3.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.3.2/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
| |
ap/vim-9.0.1863-x86_64-1.txz: Upgraded.
Compiled with --enable-luainterp=dynamic.
l/gtk4-4.12.1-x86_64-1.txz: Upgraded.
n/nghttp2-1.56.0-x86_64-1.txz: Upgraded.
n/samba-4.19.0-x86_64-1.txz: Upgraded.
xap/freerdp-2.11.1-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1863-x86_64-1.txz: Upgraded.
Compiled with --enable-luainterp=dynamic.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/util-linux-2.39.2-x86_64-1.txz: Upgraded.
ap/screen-4.9.1-x86_64-1.txz: Upgraded.
d/cmake-3.27.3-x86_64-1.txz: Upgraded.
kde/attica-5.109.0-x86_64-1.txz: Upgraded.
kde/baloo-5.109.0-x86_64-1.txz: Upgraded.
kde/bluez-qt-5.109.0-x86_64-1.txz: Upgraded.
kde/breeze-icons-5.109.0-noarch-1.txz: Upgraded.
kde/extra-cmake-modules-5.109.0-x86_64-1.txz: Upgraded.
kde/frameworkintegration-5.109.0-x86_64-1.txz: Upgraded.
kde/kactivities-5.109.0-x86_64-1.txz: Upgraded.
kde/kactivities-stats-5.109.0-x86_64-1.txz: Upgraded.
kde/kapidox-5.109.0-x86_64-1.txz: Upgraded.
kde/karchive-5.109.0-x86_64-1.txz: Upgraded.
kde/kauth-5.109.0-x86_64-1.txz: Upgraded.
kde/kbookmarks-5.109.0-x86_64-1.txz: Upgraded.
kde/kcalendarcore-5.109.0-x86_64-1.txz: Upgraded.
kde/kcmutils-5.109.0-x86_64-1.txz: Upgraded.
kde/kcodecs-5.109.0-x86_64-1.txz: Upgraded.
kde/kcompletion-5.109.0-x86_64-1.txz: Upgraded.
kde/kconfig-5.109.0-x86_64-1.txz: Upgraded.
kde/kconfigwidgets-5.109.0-x86_64-1.txz: Upgraded.
kde/kcontacts-5.109.0-x86_64-1.txz: Upgraded.
kde/kcoreaddons-5.109.0-x86_64-1.txz: Upgraded.
kde/kcrash-5.109.0-x86_64-1.txz: Upgraded.
kde/kdav-5.109.0-x86_64-1.txz: Upgraded.
kde/kdbusaddons-5.109.0-x86_64-1.txz: Upgraded.
kde/kdeclarative-5.109.0-x86_64-1.txz: Upgraded.
kde/kded-5.109.0-x86_64-1.txz: Upgraded.
kde/kdelibs4support-5.109.0-x86_64-1.txz: Upgraded.
kde/kdesignerplugin-5.109.0-x86_64-1.txz: Upgraded.
kde/kdesu-5.109.0-x86_64-1.txz: Upgraded.
kde/kdewebkit-5.109.0-x86_64-1.txz: Upgraded.
kde/kdnssd-5.109.0-x86_64-1.txz: Upgraded.
kde/kdoctools-5.109.0-x86_64-1.txz: Upgraded.
kde/kemoticons-5.109.0-x86_64-1.txz: Upgraded.
kde/kfilemetadata-5.109.0-x86_64-1.txz: Upgraded.
kde/kglobalaccel-5.109.0-x86_64-1.txz: Upgraded.
kde/kguiaddons-5.109.0-x86_64-1.txz: Upgraded.
kde/kholidays-5.109.0-x86_64-1.txz: Upgraded.
kde/khtml-5.109.0-x86_64-1.txz: Upgraded.
kde/ki18n-5.109.0-x86_64-1.txz: Upgraded.
kde/kiconthemes-5.109.0-x86_64-1.txz: Upgraded.
kde/kidletime-5.109.0-x86_64-1.txz: Upgraded.
kde/kimageformats-5.109.0-x86_64-1.txz: Upgraded.
kde/kinit-5.109.0-x86_64-1.txz: Upgraded.
kde/kio-5.109.0-x86_64-1.txz: Upgraded.
kde/kirigami2-5.109.0-x86_64-1.txz: Upgraded.
kde/kitemmodels-5.109.0-x86_64-1.txz: Upgraded.
kde/kitemviews-5.109.0-x86_64-1.txz: Upgraded.
kde/kjobwidgets-5.109.0-x86_64-1.txz: Upgraded.
kde/kjs-5.109.0-x86_64-1.txz: Upgraded.
kde/kjsembed-5.109.0-x86_64-1.txz: Upgraded.
kde/kmediaplayer-5.109.0-x86_64-1.txz: Upgraded.
kde/knewstuff-5.109.0-x86_64-1.txz: Upgraded.
kde/knotifications-5.109.0-x86_64-1.txz: Upgraded.
kde/knotifyconfig-5.109.0-x86_64-1.txz: Upgraded.
kde/kpackage-5.109.0-x86_64-1.txz: Upgraded.
kde/kparts-5.109.0-x86_64-1.txz: Upgraded.
kde/kpeople-5.109.0-x86_64-1.txz: Upgraded.
kde/kplotting-5.109.0-x86_64-1.txz: Upgraded.
kde/kpty-5.109.0-x86_64-1.txz: Upgraded.
kde/kquickcharts-5.109.0-x86_64-1.txz: Upgraded.
kde/kross-5.109.0-x86_64-1.txz: Upgraded.
kde/krunner-5.109.0-x86_64-1.txz: Upgraded.
kde/kservice-5.109.0-x86_64-1.txz: Upgraded.
kde/ktexteditor-5.109.0-x86_64-1.txz: Upgraded.
kde/ktextwidgets-5.109.0-x86_64-1.txz: Upgraded.
kde/kunitconversion-5.109.0-x86_64-1.txz: Upgraded.
kde/kwallet-5.109.0-x86_64-1.txz: Upgraded.
kde/kwayland-5.109.0-x86_64-1.txz: Upgraded.
kde/kwidgetsaddons-5.109.0-x86_64-1.txz: Upgraded.
kde/kwindowsystem-5.109.0-x86_64-1.txz: Upgraded.
kde/kxmlgui-5.109.0-x86_64-1.txz: Upgraded.
kde/kxmlrpcclient-5.109.0-x86_64-1.txz: Upgraded.
kde/modemmanager-qt-5.109.0-x86_64-1.txz: Upgraded.
kde/networkmanager-qt-5.109.0-x86_64-1.txz: Upgraded.
kde/oxygen-icons5-5.109.0-noarch-1.txz: Upgraded.
kde/plasma-framework-5.109.0-x86_64-1.txz: Upgraded.
kde/prison-5.109.0-x86_64-1.txz: Upgraded.
kde/purpose-5.109.0-x86_64-1.txz: Upgraded.
kde/qqc2-desktop-style-5.109.0-x86_64-1.txz: Upgraded.
kde/solid-5.109.0-x86_64-1.txz: Upgraded.
kde/sonnet-5.109.0-x86_64-1.txz: Upgraded.
kde/syndication-5.109.0-x86_64-1.txz: Upgraded.
kde/syntax-highlighting-5.109.0-x86_64-1.txz: Upgraded.
kde/threadweaver-5.109.0-x86_64-1.txz: Upgraded.
n/samba-4.18.6-x86_64-1.txz: Upgraded.
x/libxcb-1.16-x86_64-1.txz: Upgraded.
x/xcb-proto-1.16.0-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.html
https://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2
https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.html
https://www.samba.org/samba/security/CVE-2023-3347.html
https://www.samba.org/samba/security/CVE-2023-34966.html
https://www.samba.org/samba/security/CVE-2023-34967.html
https://www.samba.org/samba/security/CVE-2023-34968.html
https://www.cve.org/CVERecord?id=CVE-2022-2127
https://www.cve.org/CVERecord?id=CVE-2023-3347
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://www.cve.org/CVERecord?id=CVE-2023-34967
https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-6.1.38-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.38-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.38-x86_64-1.txz: Upgraded.
a/upower-1.90.1-x86_64-1.txz: Upgraded.
a/util-linux-2.39.1-x86_64-3.txz: Rebuilt.
Use --disable-libmount-mountfd-support for now to avoid breaking overlayfs.
d/kernel-headers-6.1.38-x86-1.txz: Upgraded.
k/kernel-source-6.1.38-noarch-1.txz: Upgraded.
l/nodejs-20.4.0-x86_64-1.txz: Upgraded.
n/samba-4.18.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/hwdata-0.371-noarch-1.txz: Upgraded.
ap/cups-2.4.3-x86_64-1.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
d/git-2.41.0-x86_64-1.txz: Upgraded.
d/llvm-16.0.5-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-29.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kimageformats-5.106.0-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kio-extras-23.04.1-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/krita-5.1.5-x86_64-9.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/Imath-3.1.9-x86_64-1.txz: Upgraded.
Evidently the shared library .so-version bump in Imath-3.1.8 should not have
happened, so this update reverts it to the previous value.
l/gst-plugins-bad-free-1.22.3-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/imagemagick-7.1.1_11-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/mozjs102-102.12.0esr-x86_64-1.txz: Upgraded.
l/openexr-3.1.7-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/serf-1.3.10-x86_64-1.txz: Upgraded.
l/vte-0.72.2-x86_64-1.txz: Upgraded.
n/nettle-3.9.1-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p16-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551
https://www.cve.org/CVERecord?id=CVE-2023-26552
https://www.cve.org/CVERecord?id=CVE-2023-26553
https://www.cve.org/CVERecord?id=CVE-2023-26554
https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
n/samba-4.18.3-x86_64-1.txz: Upgraded.
tcl/tclx-8.6.2-x86_64-1.txz: Upgraded.
x/ibus-libpinyin-1.15.3-x86_64-1.txz: Upgraded.
x/libX11-1.8.5-x86_64-1.txz: Upgraded.
xap/gimp-2.10.34-x86_64-4.txz: Rebuilt.
Recompiled against Imath-3.1.9.
xfce/xfce4-pulseaudio-plugin-0.4.7-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
| |
d/cargo-vendor-filterer-0.5.9-x86_64-1.txz: Upgraded.
l/libqalculate-4.6.1-x86_64-1.txz: Upgraded.
l/libwmf-0.2.13-x86_64-1.txz: Upgraded.
l/nodejs-20.0.0-x86_64-1.txz: Upgraded.
n/bind-9.18.14-x86_64-1.txz: Upgraded.
This is a bugfix release.
n/samba-4.18.2-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.22-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-32.txz: Rebuilt.
Add /lib/firmware directory to _initrd-tree.tar.gz. Thanks to walecha.
d/cmake-3.26.2-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.22-x86-1.txz: Upgraded.
d/llvm-16.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to Heinz Wiesinger for the assistance.
Compiled with -DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON
-DCLANG_LINK_CLANG_DYLIB=ON.
I think we'll get 16.0.1 next week if we need to make any adjustments.
d/ruby-3.2.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
ReDoS vulnerability in URI.
ReDoS vulnerability in Time.
For more information, see:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
https://www.cve.org/CVERecord?id=CVE-2023-28755
https://www.cve.org/CVERecord?id=CVE-2023-28756
(* Security fix *)
k/kernel-source-6.1.22-noarch-1.txz: Upgraded.
kde/kdevelop-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0.
l/openexr-3.1.7-x86_64-1.txz: Upgraded.
l/qt5-5.15.8_20230325_c1a3e988-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
l/spirv-llvm-translator-16.0.0-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
Thanks to Heinz Wiesinger for finding the fix for -DBUILD_SHARED_LIBS=ON.
n/pssh-2.3.5-x86_64-1.txz: Upgraded.
n/samba-4.18.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
An incomplete access check on dnsHostName allows authenticated but otherwise
unprivileged users to delete this attribute from any object in the directory.
The Samba AD DC administration tool, when operating against a remote LDAP
server, will by default send new or reset passwords over a signed-only
connection.
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential
attribute disclosure via LDAP filters was insufficient and an attacker may
be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should assume they have
been obtained and need replacing.
For more information, see:
https://www.samba.org/samba/security/CVE-2023-0225.html
https://www.samba.org/samba/security/CVE-2023-0922.html
https://www.samba.org/samba/security/CVE-2023-0614.html
https://www.cve.org/CVERecord?id=CVE-2023-0225
https://www.cve.org/CVERecord?id=CVE-2023-0922
https://www.cve.org/CVERecord?id=CVE-2023-0614
(* Security fix *)
x/mesa-23.0.1-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0 and spirv-llvm-translator-16.0.0.
xap/seamonkey-2.53.16-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.16
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.68.2-x86_64-2.txz: Rebuilt.
Use the bundled LLVM rather than the system LLVM.
This version of Rust actually does compile with llvm-16.0.0, but since it
bundles LLVM 15 let's let it use that for now.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hey folks, just some more updates on the road to an eventual beta. :-)
At this point nothing remains linked with openssl-1.1.1 except for python2 and
modules, and vsftpd. I think nobody cares about trying to force python2 to use
openssl3... it's EOL but still a zombie, unfortunately. I have seen some
patches for vsftpd and intend to take a look at them. We've bumped PHP to 8.2
and just gone ahead and killed 8.0 and 8.1. Like 7.4, 8.0 is not compatible
with openssl3 and it doesn't seem worthwhile to try to patch it. And with 8.2
already out for several revisions, 8.1 does not seem particularly valuable.
If you make use of PHP you should be used to it being a moving target by now.
Enjoy, and let me know if anything isn't working right. Cheers!
a/aaa_libraries-15.1-x86_64-19.txz: Rebuilt.
Recompiled against openssl-3.0.8: libcups.so.2, libcurl.so.4.8.0,
libldap.so.2.0.200, libssh2.so.1.0.1.
a/cryptsetup-2.6.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/kmod-30-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/openssl-solibs-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
a/openssl11-solibs-1.1.1t-x86_64-1.txz: Added.
ap/cups-2.4.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/hplip-3.20.5-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/lxc-4.0.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/mariadb-10.6.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/qpdf-11.3.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/sudo-1.9.13p3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cargo-vendor-filterer-0.5.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cvs-1.11.23-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/git-2.39.2-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/perl-5.36.0-x86_64-5.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/python3-3.9.16-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/ruby-3.2.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/rust-1.66.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/scons-4.5.1-x86_64-1.txz: Upgraded.
kde/falkon-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
kde/kitinerary-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/M2Crypto-0.38.0-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/SDL2-2.26.4-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libarchive-3.6.2-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libevent-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libimobiledevice-20211124_2c6121d-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libssh2-1.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libvncserver-0.9.14-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/mlt-7.14.0-x86_64-1.txz: Upgraded.
l/neon-0.32.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/nodejs-19.7.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/opusfile-0.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pipewire-0.3.66-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pulseaudio-16.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pycurl-7.44.1-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qca-2.3.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qt5-5.15.8_20230304_d8b881f0-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
l/serf-1.3.9-x86_64-8.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/alpine-2.26-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/bind-9.18.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/curl-7.88.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/cyrus-sasl-2.1.28-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/dovecot-2.3.20-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/epic5-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/fetchmail-6.4.37-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/htdig-3.2.0b6-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/httpd-2.4.56-x86_64-1.txz: Upgraded.
This update fixes two security issues:
HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.56
https://www.cve.org/CVERecord?id=CVE-2023-27522
https://www.cve.org/CVERecord?id=CVE-2023-25690
(* Security fix *)
NOTE: This package is compiled against openssl-3.0.8.
n/irssi-1.4.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/krb5-1.20.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lftp-4.9.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/links-2.28-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lynx-2.9.0dev.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/mutt-2.2.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/net-snmp-5.9.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/netatalk-3.1.14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/nmap-7.93-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ntp-4.2.8p15-x86_64-12.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openldap-2.6.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssh-9.2p1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssl-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/openssl11-1.1.1t-x86_64-1.txz: Added.
n/openvpn-2.6.0-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/php-8.2.3-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
n/pidentd-3.0.19-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/popa3d-1.0.3-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/postfix-3.7.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ppp-2.4.9-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/proftpd-1.3.8-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/rsync-3.2.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/s-nail-14.9.24-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/samba-4.18.0-x86_64-1.txz: Upgraded.
Build with the bundled Heimdal instead of the system MIT Kerberos.
Thanks again to rpenny.
n/slrn-1.0.3a-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/snownews-1.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/socat-1.7.4.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/stunnel-5.69-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/tcpdump-4.99.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wget-1.21.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wpa_supplicant-2.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/freerdp-2.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gftp-2.9.1b-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gkrellm-2.3.11-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/hexchat-2.16.1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/sane-1.0.32-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/x3270-4.0ga14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/xine-lib-1.2.13-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
y/bsd-games-2.17-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/php80/php80-8.0.28-x86_64-1.txz: Removed.
extra/php81/php81-8.1.16-x86_64-1.txz: Removed.
extra/rust-for-mozilla/rust-1.60.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-8.17.1-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-cf-8.17.1-noarch-7.txz: Rebuilt.
testing/packages/rust-1.67.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
testing/packages/samba-4.17.5-x86_64-2.txz: Removed.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
n/samba-4.17.5-x86_64-1.txz: Upgraded.
BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
based SChannel on NETLOGON (additional changes).
For more information, see:
https://www.samba.org/samba/security/CVE-2022-38023.html
https://www.cve.org/CVERecord?id=CVE-2022-38023
(* Security fix *)
x/mesa-22.3.4-x86_64-1.txz: Upgraded.
x/xf86-video-vmware-13.4.0-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/xz-5.4.0-x86_64-1.txz: Upgraded.
l/harfbuzz-6.0.0-x86_64-1.txz: Upgraded.
l/libmpc-1.3.1-x86_64-1.txz: Upgraded.
n/NetworkManager-1.40.8-x86_64-1.txz: Upgraded.
n/samba-4.17.4-x86_64-1.txz: Upgraded.
This update fixes security issues:
This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for
use between modern clients and servers despite all modern Kerberos
implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy'
would force rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
This is the Samba CVE for the Windows Kerberos Elevation of Privilege
Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission
could forge a more powerful ticket than the one it was presented with.
The "RC4" protection of the NetLogon Secure channel uses the same
algorithms as rc4-hmac cryptography in Kerberos, and so must also be
assumed to be weak.
Note that there are several important behavior changes included in this
release, which may cause compatibility problems interacting with system
still expecting the former behavior.
Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
CVE-2022-38023 carefully!
For more information, see:
https://www.samba.org/samba/security/CVE-2022-37966.html
https://www.samba.org/samba/security/CVE-2022-37967.html
https://www.samba.org/samba/security/CVE-2022-38023.html
https://www.cve.org/CVERecord?id=CVE-2022-37966
https://www.cve.org/CVERecord?id=CVE-2022-37967
https://www.cve.org/CVERecord?id=CVE-2022-38023
(* Security fix *)
xfce/exo-4.18.0-x86_64-1.txz: Upgraded.
xfce/garcon-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4ui-4.18.0-x86_64-1.txz: Upgraded.
xfce/libxfce4util-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-4.18.0-x86_64-1.txz: Upgraded.
xfce/thunar-volman-4.18.0-x86_64-1.txz: Upgraded.
xfce/tumbler-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-appfinder-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-dev-tools-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.6.5-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-power-manager-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-session-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-settings-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfce4-weather-plugin-0.11.0-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfdesktop-4.18.0-x86_64-1.txz: Upgraded.
xfce/xfwm4-4.18.0-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ap/alsa-utils-1.2.8-x86_64-1.txz: Upgraded.
l/alsa-lib-1.2.8-x86_64-1.txz: Upgraded.
l/expat-2.5.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fix heap use-after-free after overeager destruction of a shared DTD in
function XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially arbitrary code
execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680
(* Security fix *)
n/samba-4.17.2-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
There is a limited write heap buffer overflow in the GSSAPI unwrap_des()
and unwrap_des3() routines of Heimdal (included in Samba).
A malicious client can use a symlink to escape the exported directory.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-3437.html
https://www.samba.org/samba/security/CVE-2022-3592.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592
(* Security fix *)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/aaa_libraries-15.1-x86_64-11.txz: Rebuilt.
Upgraded: libcap.so.2.66, liblzma.so.5.2.7, libpopt.so.0.0.2,
libexpat.so.1.8.9, libglib-2.0.so.0.7200.4, libgmodule-2.0.so.0.7200.4,
libgobject-2.0.so.0.7200.4, libgthread-2.0.so.0.7200.4, libhistory.so.8.2,
libreadline.so.8.2.
Added: libunistring.so.2.1.0, libunistring.so.5.0.0.
Removed: libffi.so.7.1.0.
a/gettext-0.21.1-x86_64-2.txz: Rebuilt.
ap/lsof-4.96.4-x86_64-1.txz: Upgraded.
ap/man-pages-6.01-noarch-1.txz: Upgraded.
d/clisp-2.50_20220927_acb1266ee-x86_64-1.txz: Upgraded.
Compiled against libunistring-1.1.
d/gettext-tools-0.21.1-x86_64-2.txz: Rebuilt.
Recompiled against libunistring-1.1.
d/guile-3.0.8-x86_64-3.txz: Rebuilt.
Recompiled against libunistring-1.1.
kde/kguiaddons-5.99.0-x86_64-2.txz: Rebuilt.
[PATCH] systemclipboard: Don't signal data source cancellation.
Thanks to marav.
l/libidn2-2.3.3-x86_64-2.txz: Rebuilt.
l/libpsl-0.21.1-x86_64-5.txz: Rebuilt.
Recompiled against libunistring-1.1.
l/libunistring-1.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/bind-9.18.8-x86_64-1.txz: Upgraded.
n/gnutls-3.7.8-x86_64-2.txz: Rebuilt.
Recompiled against libunistring-1.1.
n/samba-4.17.1-x86_64-1.txz: Upgraded.
This update fixes the following security issue:
Bad password count not incremented atomically.
For more information, see:
https://bugzilla.samba.org/show_bug.cgi?id=14611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20251
(* Security fix *)
n/wget-1.21.3-x86_64-2.txz: Rebuilt.
Recompiled against libunistring-1.1.
x/imake-1.0.9-x86_64-1.txz: Upgraded.
x/xcb-util-errors-1.0.1-x86_64-1.txz: Upgraded.
x/xcb-util-image-0.4.1-x86_64-1.txz: Upgraded.
x/xcb-util-keysyms-0.4.1-x86_64-1.txz: Upgraded.
x/xcb-util-renderutil-0.3.10-x86_64-1.txz: Upgraded.
x/xcb-util-wm-0.4.2-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
a/btrfs-progs-5.19.1-x86_64-1.txz: Upgraded.
a/file-5.43-x86_64-1.txz: Upgraded.
a/kernel-firmware-20220913_f09bebf-noarch-1.txz: Upgraded.
d/cmake-3.24.2-x86_64-1.txz: Upgraded.
kde/krita-5.1.1-x86_64-1.txz: Upgraded.
l/kdsoap-2.1.0-x86_64-1.txz: Upgraded.
n/krb5-1.20-x86_64-2.txz: Rebuilt.
n/samba-4.17.0-x86_64-1.txz: Upgraded.
x/libXp-1.0.4-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
| |
a/hdparm-9.65-x86_64-1.txz: Upgraded.
n/samba-4.16.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.2.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.2.2/releasenotes/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
l/tevent-0.13.0-x86_64-1.txz: Upgraded.
n/samba-4.16.4-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Samba AD users can bypass certain restrictions associated with changing
passwords.
Samba AD users can forge password change requests for any user.
Samba AD users can crash the server process with an LDAP add or modify
request.
Samba AD users can induce a use-after-free in the server process with an
LDAP add or modify request.
Server memory information leak via SMB1.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2031.html
https://www.samba.org/samba/security/CVE-2022-32744.html
https://www.samba.org/samba/security/CVE-2022-32745.html
https://www.samba.org/samba/security/CVE-2022-32746.html
https://www.samba.org/samba/security/CVE-2022-32742.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742
(* Security fix *)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/aaa_libraries-15.1-x86_64-6.txz: Rebuilt.
Upgraded: libcap.so.2.65, libglib-2.0.so.0.7200.3, libgmodule-2.0.so.0.7200.3,
libgobject-2.0.so.0.7200.3, libgthread-2.0.so.0.7200.3, libidn2.so.0.3.8.
Removed: libboost_*.so.1.78.0.
a/kernel-firmware-20220719_4421586-noarch-1.txz: Upgraded.
d/python-setuptools-63.2.0-x86_64-1.txz: Upgraded.
d/rust-1.62.1-x86_64-1.txz: Upgraded.
kde/kio-5.96.0-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
l/libcap-2.65-x86_64-1.txz: Upgraded.
l/netpbm-10.99.01-x86_64-1.txz: Upgraded.
l/pipewire-0.3.56-x86_64-1.txz: Upgraded.
l/qt5-5.15.5_20220705_ea4efc06-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
n/alpine-2.26-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/bind-9.18.5-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
n/curl-7.84.0-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/fetchmail-6.4.31-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/krb5-1.19.3-x86_64-2.txz: Rebuilt.
Since Samba still won't link against krb5-1.20, I think it's best to drop
back to this version until it does. Perhaps it would be better to just use
the internal Heimdal libraries instead, but I don't really know if that has
all the same functionality or not. Hints welcome if you'd like to drop them
in the "regression on -current with samba (new krb5)" thread.
Also, just to be 100% sure the krb5 revert doesn't cause any ABI issues,
we'll recompile everything that we've linked to krb5 while krb5-1.20 was
in -current.
Thanks to nobodino.
n/php-7.4.30-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
n/samba-4.16.3-x86_64-1.txz: Upgraded.
Compiled against krb5-1.19.3.
xap/gnuplot-5.4.4-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.0.3/releasenotes/
extra/php80/php80-8.0.21-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
extra/php81/php81-8.1.8-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.19.3.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-5.18.4-x86_64-1.txz: Upgraded.
a/kernel-huge-5.18.4-x86_64-1.txz: Upgraded.
a/kernel-modules-5.18.4-x86_64-1.txz: Upgraded.
ap/inxi-3.3.18_1-noarch-1.txz: Upgraded.
ap/sudo-1.9.11p2-x86_64-1.txz: Upgraded.
ap/tmux-3.3a-x86_64-1.txz: Upgraded.
d/kernel-headers-5.18.4-x86-1.txz: Upgraded.
k/kernel-source-5.18.4-noarch-1.txz: Upgraded.
kde/bluedevil-5.25.0-x86_64-1.txz: Upgraded.
kde/breeze-5.25.0-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.25.0-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.25.0-x86_64-1.txz: Upgraded.
kde/drkonqi-5.25.0-x86_64-1.txz: Upgraded.
kde/kactivitymanagerd-5.25.0-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.25.0-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.25.0-x86_64-1.txz: Upgraded.
kde/kdecoration-5.25.0-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.25.0-x86_64-1.txz: Upgraded.
kde/kgamma5-5.25.0-x86_64-1.txz: Upgraded.
kde/khotkeys-5.25.0-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.25.0-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.25.0-x86_64-1.txz: Upgraded.
kde/kscreen-5.25.0-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.25.0-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.25.0-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.25.0-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.25.0-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.25.0-x86_64-1.txz: Upgraded.
kde/kwayland-server-5.24.5-x86_64-1.txz: Removed.
kde/kwin-5.25.0-x86_64-1.txz: Upgraded.
kde/kwrited-5.25.0-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.25.0-x86_64-1.txz: Upgraded.
kde/libkscreen-5.25.0-x86_64-1.txz: Upgraded.
kde/libksysguard-5.25.0-x86_64-1.txz: Upgraded.
kde/milou-5.25.0-x86_64-1.txz: Upgraded.
kde/oxygen-5.25.0-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.25.0-x86_64-1.txz: Added.
kde/plasma-browser-integration-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-framework-5.95.0-x86_64-2.txz: Rebuilt.
Backported upstream patch:
Revert "Use QT_FEATURE_foo to detect opengl* support, and TARGET for glesv2"
This fixes the taskbar thumbnails.
Thanks to LuckyCyborg, ctrlaltca, and Heinz Wiesinger.
kde/plasma-integration-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.25.0-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.25.0-x86_64-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.25.0-x86_64-1.txz: Upgraded.
kde/powerdevil-5.25.0-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.25.0-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.25.0-x86_64-1.txz: Upgraded.
kde/systemsettings-5.25.0-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.25.0-x86_64-1.txz: Upgraded.
l/libzip-1.9.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.52-x86_64-1.txz: Upgraded.
l/qt5-5.15.4_20220611_cc851c42-x86_64-1.txz: Upgraded.
Thanks to ctrlaltca for the link to the gcc12 patch.
l/talloc-2.3.4-x86_64-1.txz: Upgraded.
l/tdb-1.4.7-x86_64-1.txz: Upgraded.
l/tevent-0.12.1-x86_64-1.txz: Upgraded.
n/bind-9.18.4-x86_64-1.txz: Upgraded.
n/dovecot-2.3.19.1-x86_64-1.txz: Upgraded.
n/ethtool-5.18-x86_64-1.txz: Upgraded.
n/samba-4.16.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
Added liblz4 for fsck.f2fs. Thanks to Brent Earl.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Added liblz4 for fsck.f2fs. Thanks to Brent Earl.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/hwdata-0.359-noarch-1.txz: Upgraded.
a/kernel-firmware-20220502_c3624eb-noarch-1.txz: Upgraded.
ap/htop-3.2.0-x86_64-1.txz: Upgraded.
d/gdb-12.1-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-17.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/cantor-22.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/kfilemetadata-5.93.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/kile-2.9.93-x86_64-16.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/kitinerary-22.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/krita-5.0.6-x86_64-3.txz: Rebuilt.
Recompiled against poppler-22.04.0.
kde/okular-22.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.04.0.
l/fuse3-3.11.0-x86_64-1.txz: Upgraded.
l/libxml2-2.9.14-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Fix integer overflow in xmlBuf and xmlBuffer.
Fix potential double-free in xmlXPtrStringRangeFunction.
Fix memory leak in xmlFindCharEncodingHandler.
Normalize XPath strings in-place.
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars().
Fix leak of xmlElementContent.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
(* Security fix *)
l/poppler-22.04.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/samba-4.16.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.samba.org/samba/history/samba-4.16.1.html
xap/mozilla-firefox-100.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/100.0/releasenotes/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ap/dash-0.5.11.5-x86_64-1.txz: Upgraded.
d/parallel-20220322-noarch-1.txz: Upgraded.
l/adwaita-icon-theme-42.0-noarch-1.txz: Upgraded.
l/gsettings-desktop-schemas-42.0-x86_64-1.txz: Upgraded.
l/harfbuzz-4.1.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_28-x86_64-1.txz: Upgraded.
l/libqalculate-4.1.0-x86_64-1.txz: Upgraded.
l/rubygem-asciidoctor-2.0.17-x86_64-1.txz: Upgraded.
Upgraded and built for Ruby 3.1.1. Thanks to marrowsuck.
n/NetworkManager-1.36.4-x86_64-1.txz: Upgraded.
n/fetchmail-6.4.29-x86_64-1.txz: Upgraded.
n/iproute2-5.17.0-x86_64-1.txz: Upgraded.
n/samba-4.16.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-98.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/98.0.2/releasenotes/
xap/network-manager-applet-1.26.0-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
l/jasper-3.0.3-x86_64-1.txz: Upgraded.
l/qt5-5.15.3_20220312_33a3f16f-x86_64-1.txz: Upgraded.
If a 32-bit userspace is detected, then:
export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
This works around crashes occuring with 32-bit QtWebEngine applications.
Thanks to alienBOB.
n/krb5-1.19.3-x86_64-1.txz: Upgraded.
n/samba-4.15.6-x86_64-1.txz: Upgraded.
n/stunnel-5.63-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sepulchral voice intones, "The cave is now closed."
kde/falkon-3.2.0-x86_64-1.txz: Upgraded.
kde/ktexteditor-5.90.0-x86_64-2.txz: Rebuilt.
[PATCH] only start programs in user's path.
[PATCH] only execute diff in path.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
(* Security fix *)
l/libcanberra-0.30-x86_64-9.txz: Rebuilt.
Fix a bug crashing some applications in Wayland desktops.
Thanks to 01micko.
n/samba-4.15.5-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
UNIX extensions in SMB1 disclose whether the outside target of a symlink
exists.
Out-of-Bound Read/Write on Samba vfs_fruit module. This vulnerability
allows remote attackers to execute arbitrary code as root on affected Samba
installations that use the VFS module vfs_fruit.
Re-adding an SPN skips subsequent SPN conflict checks. An attacker who has
the ability to write to an account can exploit this to perform a
denial-of-service attack by adding an SPN that matches an existing service.
Additionally, an attacker who can intercept traffic can impersonate existing
services, resulting in a loss of confidentiality and integrity.
For more information, see:
https://www.samba.org/samba/security/CVE-2021-44141.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141
https://www.samba.org/samba/security/CVE-2021-44142.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142
https://www.samba.org/samba/security/CVE-2022-0336.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336
(* Security fix *)
x/xterm-370-x86_64-7.txz: Rebuilt.
Rebuilt with --disable-sixel-graphics to fix a buffer overflow.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24130
(* Security fix *)
testing/source/linux-5.16.4-configs/*: Added.
Sample config files to build 5.16.4 Linux kernels.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ap/inxi-3.3.12_1-noarch-1.txz: Upgraded.
ap/man-db-2.9.4-x86_64-3.txz: Rebuilt.
Don't use --no-purge in the daily cron job to update the databases.
l/gst-plugins-bad-free-1.18.5-x86_64-4.txz: Rebuilt.
Link against neon-0.32.2. Thanks to marav.
n/bind-9.16.25-x86_64-1.txz: Upgraded.
n/ethtool-5.16-x86_64-1.txz: Upgraded.
n/samba-4.15.4-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.10-x86_64-1.txz: Upgraded.
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant
before 2.10 are vulnerable to side-channel attacks as a result of cache
access patterns.
NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304
(* Security fix *)
x/xterm-370-x86_64-6.txz: Rebuilt.
XTerm-console: improve the font settings. Thanks to GazL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-5.15.7-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.7-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.7-x86_64-1.txz: Upgraded.
d/kernel-headers-5.15.7-x86-1.txz: Upgraded.
k/kernel-source-5.15.7-noarch-1.txz: Upgraded.
n/samba-4.15.3-x86_64-1.txz: Upgraded.
This release fixes bugs and these regressions in the 4.15.2 release:
CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
PLEASE [RE-]READ!
The instructions have been updated and some workarounds initially advised
for 4.15.2 are no longer required and should be reverted in most cases.
BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable. While this release should fix this bug, it is advised to have
a look at the bug report for more detailed information, see:
https://bugzilla.samba.org/show_bug.cgi?id=14902
For more information, see:
https://www.samba.org/samba/security/CVE-2020-25717.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717
(* Security fix *)
x/libX11-1.7.3-x86_64-1.txz: Upgraded.
x/xscope-1.4.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.4.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.4.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528
(* Security fix *)
xfce/exo-4.16.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
d/python3-3.9.8-x86_64-1.txz: Upgraded.
l/libtasn1-4.18.0-x86_64-1.txz: Upgraded.
n/curl-7.80.0-x86_64-1.txz: Upgraded.
n/ethtool-5.15-x86_64-1.txz: Upgraded.
n/samba-4.15.2-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
SMB1 client connections can be downgraded to plaintext authentication.
A user on the domain can become root on domain members.
Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC.
Samba AD DC did not always rely on the SID and PAC in Kerberos tickets.
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid).
Samba AD DC did not do suffienct access and conformance checking of data
stored.
Use after free in Samba AD DC RPC server.
Subsequent DCE/RPC fragment injection vulnerability.
For more information, see:
https://www.samba.org/samba/security/CVE-2016-2124.html
https://www.samba.org/samba/security/CVE-2020-25717.html
^^ (PLEASE READ! There are important behaviour changes described)
https://www.samba.org/samba/security/CVE-2020-25718.html
https://www.samba.org/samba/security/CVE-2020-25719.html
https://www.samba.org/samba/security/CVE-2020-25721.html
https://www.samba.org/samba/security/CVE-2020-25722.html
https://www.samba.org/samba/security/CVE-2021-3738.html
https://www.samba.org/samba/security/CVE-2021-23192.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192
(* Security fix *)
x/xorg-server-xwayland-21.1.3-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-5.14.15-x86_64-1.txz: Upgraded.
a/kernel-huge-5.14.15-x86_64-1.txz: Upgraded.
a/kernel-modules-5.14.15-x86_64-1.txz: Upgraded.
d/cmake-3.21.4-x86_64-1.txz: Upgraded.
d/kernel-headers-5.14.15-x86-1.txz: Upgraded.
k/kernel-source-5.14.15-noarch-1.txz: Upgraded.
We're going to go ahead and take both of those changes that were considered
in /testing. GazL almost had me talked out of the autogroup change, but it's
easy to disable if traditional "nice" behavior is important to someone.
-DRM_I810 n
-INLINE_READ_UNLOCK y
-INLINE_READ_UNLOCK_IRQ y
-INLINE_SPIN_UNLOCK_IRQ y
-INLINE_WRITE_UNLOCK y
-INLINE_WRITE_UNLOCK_IRQ y
PREEMPT n -> y
PREEMPT_VOLUNTARY y -> n
SCHED_AUTOGROUP n -> y
+CEC_GPIO n
+DEBUG_PREEMPT y
+PREEMPTION y
+PREEMPT_COUNT y
+PREEMPT_DYNAMIC y
+PREEMPT_RCU y
+PREEMPT_TRACER n
+RCU_BOOST n
+TASKS_RCU y
+UNINLINE_SPIN_UNLOCK y
kde/plasma-desktop-5.23.2.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_12-x86_64-1.txz: Upgraded.
l/librsvg-2.52.3-x86_64-1.txz: Upgraded.
n/bind-9.16.22-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issue:
The "lame-ttl" option is now forcibly set to 0. This effectively disables
the lame server cache, as it could previously be abused by an attacker to
significantly degrade resolver performance.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219
(* Security fix *)
n/c-ares-1.18.1-x86_64-1.txz: Upgraded.
n/samba-4.15.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
a/acpid-2.0.33-x86_64-1.txz: Upgraded.
n/nghttp2-1.45.0-x86_64-1.txz: Upgraded.
n/samba-4.15.0-x86_64-1.txz: Upgraded.
x/libXi-1.8-x86_64-1.txz: Upgraded.
x/libva-2.13.0-x86_64-1.txz: Upgraded.
Build with enable_va_messaging=false to avoid console spam. Thanks to GazL.
x/wayland-protocols-1.23-noarch-1.txz: Upgraded.
x/xf86-input-libinput-1.2.0-x86_64-1.txz: Upgraded.
x/xorgproto-2021.5-x86_64-1.txz: Upgraded.
xap/pan-0.147-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/openssl-solibs-1.1.1l-x86_64-1.txz: Upgraded.
kde/krita-4.4.8-x86_64-1.txz: Upgraded.
l/json-glib-1.6.6-x86_64-1.txz: Upgraded.
l/libarchive-3.5.2-x86_64-1.txz: Upgraded.
n/bluez-5.61-x86_64-1.txz: Upgraded.
n/openssl-1.1.1l-x86_64-1.txz: Upgraded.
Fixed an SM2 Decryption Buffer Overflow.
Fixed various read buffer overruns processing ASN.1 strings.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
(* Security fix *)
n/samba-4.14.7-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-91.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.0.2/releasenotes/
|
| |
|
|
|
| |
xap/seamonkey-2.53.8-x86_64-2.txz: Rebuilt.
Fixed desktop files changing Terminal=0 to Terminal=false. Thanks to marav.
|
| |
|
|
|
|
| |
l/gsl-2.7-x86_64-1.txz: Upgraded.
l/mozjs78-78.11.0esr-x86_64-1.txz: Upgraded.
n/samba-4.14.5-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/less-581.2-x86_64-1.txz: Upgraded.
ap/nano-5.7-x86_64-1.txz: Upgraded.
d/cmake-3.20.2-x86_64-1.txz: Upgraded.
n/httpd-2.4.47-x86_64-1.txz: Upgraded.
n/samba-4.14.4-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defect:
Negative idmap cache entries can cause incorrect group entries in the
Samba file server process token.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20254
https://www.samba.org/samba/security/CVE-2021-20254.html
(* Security fix *)
extra/php8/php8-8.0.5-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ap/slackpkg-15.0.2-noarch-1.txz: Upgraded.
Fix break error messages (dive)
Remove now pointless if/then/else (dive)
Safer config sourcing (dive)
files/slackpkg: replace #!/bin/sh with #!/bin/bash (Eugen Wissner)
Don't create blacklist when running update (dive)
Add show-changelog & help to non-root commands (dive)
Improve search blacklisting (dive)
Fix package duplicate bug (PiterPunk)
Thanks to Robby Workman.
ap/sqlite-3.35.5-x86_64-1.txz: Upgraded.
kde/kwin-5.21.4-x86_64-2.txz: Rebuilt.
Delay closing Wayland streams. Thanks to LuckyCyborg.
kde/okteta-0.26.6-x86_64-1.txz: Upgraded.
l/libtiff-4.3.0-x86_64-1.txz: Upgraded.
n/libgcrypt-1.9.3-x86_64-1.txz: Upgraded.
n/samba-4.14.3-x86_64-1.txz: Upgraded.
x/xorg-cf-files-1.0.6-x86_64-6.txz: Rebuilt.
Patched to fix an incompatibility introduced by binutils-2.36.
Thanks to BenCollver.
xap/seamonkey-2.53.7.1-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.7.1
(* Security fix *)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ap/vim-8.2.2585-x86_64-1.txz: Upgraded.
d/git-2.30.2-x86_64-1.txz: Upgraded.
l/python-dnspython-2.1.0-x86_64-1.txz: Added.
This is needed by samba-4.14.0.
l/python-markdown-3.3.4-x86_64-1.txz: Added.
This is needed by samba-4.14.0.
n/samba-4.14.0-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.2.2585-x86_64-1.txz: Upgraded.
xfce/elementary-xfce-0.15.2-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-5.10.22-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.22-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.22-x86_64-1.txz: Upgraded.
a/sysklogd-2.2.2-x86_64-1.txz: Upgraded.
d/bison-3.7.6-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.22-x86-1.txz: Upgraded.
d/mercurial-5.7.1-x86_64-1.txz: Upgraded.
k/kernel-source-5.10.22-noarch-1.txz: Upgraded.
l/netpbm-10.93.01-x86_64-1.txz: Upgraded.
n/samba-4.13.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-78.8.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/78.8.1/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/linux-5.11.x/kernel-generic-5.11.5-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-headers-5.11.5-x86-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-huge-5.11.5-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-modules-5.11.5-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-source-5.11.5-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-generic-5.10.11-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.11-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.11-x86_64-1.txz: Upgraded.
a/libbytesize-2.5-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.11-x86-1.txz: Upgraded.
k/kernel-source-5.10.11-noarch-1.txz: Upgraded.
l/imagemagick-7.0.10_60-x86_64-1.txz: Upgraded.
l/python-urllib3-1.26.3-x86_64-1.txz: Upgraded.
n/samba-4.13.4-x86_64-1.txz: Upgraded.
x/wayland-1.19.0-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.16.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
d/python-pip-20.3.3-x86_64-1.txz: Upgraded.
kde/sddm-0.19.0-x86_64-3.txz: Rebuilt.
In SDDM's Xsession script, don't source $HOME/.xsession as this may launch
the wrong session type or cause dbus-run-session to start twice breaking
logout.
l/orc-0.4.32-x86_64-1.txz: Upgraded.
l/pipewire-0.3.18-x86_64-1.txz: Upgraded.
l/python-chardet-4.0.0-x86_64-1.txz: Upgraded.
l/python-packaging-20.8-x86_64-1.txz: Upgraded.
n/samba-4.13.3-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-78.6.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/78.6.0/releasenotes/
xfce/mousepad-0.5.0-x86_64-1.txz: Upgraded.
|
| |
|
|
|
|
|
|
|
|
| |
ap/mariadb-10.5.7-x86_64-1.txz: Upgraded.
l/libcap-2.45-x86_64-1.txz: Upgraded.
l/poppler-data-0.4.10-noarch-1.txz: Upgraded.
n/samba-4.13.2-x86_64-1.txz: Upgraded.
x/libdrm-2.4.103-x86_64-1.txz: Upgraded.
testing/packages/vtown/kde/sddm-0.18.1-x86_64-1_vtown_2.txz: Rebuilt.
Fixed installation of pam.d files. Thanks to alienBOB.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/aaa_elflibs-15.0-x86_64-26.txz: Rebuilt.
Upgraded: liblber-2.4.so.2.11.3, libldap-2.4.so.2.11.3, libmpc.so.3.2.1.
Added temporarily to allow for third-party packages to be recompiled:
libHalf.so.12.0.0, libIex-2_2.so.12.0.0, libIexMath-2_2.so.12.0.0,
libIlmImf-2_2.so.22.0.0, libIlmImfUtil-2_2.so.22.0.0,
libIlmThread-2_2.so.12.0.0, libImath-2_2.so.12.0.0,
libpoppler-qt4.so.4.11.0, libpoppler.so.79.0.0.
a/kernel-generic-5.4.73-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.73-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.73-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.73-x86-1.txz: Upgraded.
k/kernel-source-5.4.73-noarch-1.txz: Upgraded.
l/LibRaw-0.20.2-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/exiv2-0.27.3-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/gegl-0.4.26-x86_64-2.txz: Rebuilt.
Recompiled against openexr-2.5.3.
l/gexiv2-0.12.1-x86_64-1.txz: Upgraded.
Compiled against exiv2-0.27.3.
l/graphene-1.10.2-x86_64-1.txz: Added.
l/gst-plugins-base-1.18.1-x86_64-2.txz: Rebuilt.
Recompiled against system libgraphene.
l/ilmbase-2.2.0-x86_64-2.txz: Removed.
These libraries are now part of openexr.
l/imagemagick-7.0.10_34-x86_64-2.txz: Rebuilt.
Recompiled against LibRaw-0.20.2 and openexr-2.5.3.
l/openexr-2.5.3-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/poppler-20.10.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Qt4 support dropped.
n/samba-4.13.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
Missing handle permissions check in SMB1/2/3 ChangeNotify.
Denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383
(* Security fix *)
xap/geeqie-1.5.1-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.27.3.
xap/gimp-2.10.22-x86_64-2.txz: Rebuilt.
Recompiled against openexr-2.5.3.
xap/xlockmore-5.66-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
d/mercurial-5.4.2-x86_64-1.txz: Upgraded.
d/nasm-2.15.02-x86_64-1.txz: Upgraded.
l/glib2-2.64.4-x86_64-1.txz: Upgraded.
n/samba-4.12.5-x86_64-1.txz: Upgraded.
x/libXaw3dXft-1.6.2g-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-68.10.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.10.0/releasenotes/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a/kernel-firmware-20200519_8ba6fa6-noarch-1.txz: Upgraded.
a/kernel-generic-5.4.42-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.42-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.42-x86_64-1.txz: Upgraded.
a/util-linux-2.35.2-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.42-x86-1.txz: Upgraded.
d/python-pip-20.1.1-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.42-noarch-1.txz: Upgraded.
l/glib2-2.64.3-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.52.1-x86_64-1.txz: Upgraded.
n/samba-4.12.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ap/cups-2.3.3-x86_64-1.txz: Upgraded.
This update fixes two security issues:
The ppdOpen function did not handle invalid UI constraint.
ppdcSource::get_resolution function did not handle invalid resolution strings.
The ippReadIO function may under-read an extension.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842
(* Security fix *)
l/imagemagick-7.0.10_10-x86_64-1.txz: Upgraded.
n/samba-4.12.2-x86_64-1.txz: Upgraded.
This update fixes two security issues:
A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a
use-after-free in Samba's AD DC LDAP server.
A deeply nested filter in an un-authenticated LDAP search can exhaust the
LDAP server's stack memory causing a SIGSEGV.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704
(* Security fix *)
testing/packages/PAM/cups-2.3.3-x86_64-1_pam.txz: Upgraded.
This update fixes two security issues:
The ppdOpen function did not handle invalid UI constraint.
ppdcSource::get_resolution function did not handle invalid resolution strings.
The ippReadIO function may under-read an extension.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842
(* Security fix *)
testing/packages/PAM/samba-4.12.2-x86_64-1_pam.txz: Upgraded.
This update fixes two security issues:
A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a
use-after-free in Samba's AD DC LDAP server.
A deeply nested filter in an un-authenticated LDAP search can exhaust the
LDAP server's stack memory causing a SIGSEGV.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704
(* Security fix *)
|
| |
|
|
| |
testing/packages/PAM/samba-4.12.1-x86_64-1_pam.txz: Upgraded.
|
| |
|
|
|
| |
xap/seamonkey-2.53.1-x86_64-2.txz: Rebuilt.
Fixed $LIBDIRSUFFIX for 32-bit. Thanks to ljb643.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ap/mariadb-10.4.12-x86_64-1.txz: Upgraded.
This fixes a potential denial-of-service vulnerability.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2574
(* Security fix *)
l/imagemagick-7.0.9_20-x86_64-1.txz: Upgraded.
n/dhcpcd-8.1.6-x86_64-1.txz: Upgraded.
n/samba-4.11.6-x86_64-1.txz: Upgraded.
x/mesa-19.3.3-x86_64-1.txz: Upgraded.
|
Patrick J Volkerding