summaryrefslogtreecommitdiffstats
path: root/ChangeLog.rss
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2021-06-07 18:53:49 +0000
committer Eric Hameleers <alien@slackware.com>2021-06-07 23:59:59 +0200
commit3e486d66d253cd7a7436d1771c2f7403a5e87240 (patch)
treeae9a1fad7e5bd3eb0ab7092bcc8e363e38e97673 /ChangeLog.rss
parent603621fccbcad6b15c25e6ffb1657d3618e79c20 (diff)
downloadcurrent-3e486d66d253cd7a7436d1771c2f7403a5e87240.tar.gz
current-3e486d66d253cd7a7436d1771c2f7403a5e87240.tar.xz
Mon Jun 7 18:53:49 UTC 202120210607185349
Hey folks! Sorry about the delay in getting this batch out but I had other distractions going on here last week that prevented getting this one wrapped up. Anyway, probably the highlight of this update set is that we've decided to abandon the 5.10 LTS kernel in favor of following the latest one. We've never really had a policy that required LTS in a stable release although that is how it has been done for years, but based on comments from the Slackware community it seems like 5.10 LTS isn't getting a lot of love and lacks hardware support that people need now. Conversely, the reports on 5.12 have been almost entirely positive, so we're going to provide what we think is the best available kernel. It's unlikely that we'll see another LTS prior to release, so the plan for maintenance is to keep following the latest kernels as needed for security purposes. If that means we have to jump to a new branch while supporting the stable release, we'll start the kernel out in testing first until we've had some feedback that it's safe to move it to the patches directory. Sooner or later we will end up on an LTS kernel again, and at that point we'll just roll with that one. Feel free to comment (or complain) about this plan on LQ... I'll be curious to see what people think. Anyway, enjoy! a/hwdata-0.348-noarch-1.txz: Upgraded. a/kernel-generic-5.12.9-x86_64-1.txz: Upgraded. a/kernel-huge-5.12.9-x86_64-1.txz: Upgraded. a/kernel-modules-5.12.9-x86_64-1.txz: Upgraded. ap/ispell-3.4.04-x86_64-1.txz: Upgraded. ap/mpg123-1.28.0-x86_64-1.txz: Upgraded. ap/slackpkg-15.0.5-noarch-1.txz: Upgraded. Add "--" option to "command cd" in bash completion file. (akinomyoga) shell-completions/slackpkg.bash: add "show-changelog". Import bash-completion file from upstream project. Added the new-config actions for specific files. (Piter PUNK) Harden slackpkg with respect to obtaining GPG key. (CRTS) d/clisp-2.50_20191103_c26de7873-x86_64-5.txz: Rebuilt. Upgraded to libffcall-2.3. d/git-2.32.0-x86_64-1.txz: Upgraded. d/kernel-headers-5.12.9-x86-1.txz: Upgraded. d/poke-1.3-x86_64-1.txz: Upgraded. d/vala-0.52.4-x86_64-1.txz: Upgraded. k/kernel-source-5.12.9-noarch-1.txz: Upgraded. kde/calligra-3.2.1-x86_64-9.txz: Rebuilt. Recompiled against poppler-21.06.1. kde/cantor-21.04.1-x86_64-2.txz: Rebuilt. Recompiled against poppler-21.06.1. kde/digikam-7.2.0-x86_64-3.txz: Rebuilt. Recompiled against imagemagick-7.0.11_14. kde/kfilemetadata-5.82.0-x86_64-2.txz: Rebuilt. Recompiled against poppler-21.06.1. kde/kile-2.9.93-x86_64-9.txz: Rebuilt. Recompiled against poppler-21.06.1. kde/kitinerary-21.04.1-x86_64-2.txz: Rebuilt. Recompiled against poppler-21.06.1. kde/krita-4.4.3-x86_64-5.txz: Rebuilt. Recompiled against poppler-21.06.1. kde/okular-21.04.1-x86_64-2.txz: Rebuilt. Recompiled against poppler-21.06.1. l/alsa-lib-1.2.5-x86_64-2.txz: Rebuilt. Account for unexpected packing of the conf file tarballs. We'll see if this is enough to make things work well again. l/at-spi2-core-2.40.2-x86_64-1.txz: Upgraded. l/dvdauthor-0.7.2-x86_64-5.txz: Rebuilt. Recompiled against imagemagick-7.0.11_14. l/libogg-1.3.5-x86_64-1.txz: Upgraded. l/librsvg-2.50.7-x86_64-1.txz: Upgraded. l/pipewire-0.3.29-x86_64-1.txz: Upgraded. l/polkit-0.119-x86_64-1.txz: Upgraded. This update includes a mitigation for local privilege escalation using polkit_system_bus_name_get_creds_sync(). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560 (* Security fix *) l/poppler-21.06.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/pycairo-1.20.1-x86_64-1.txz: Upgraded. l/qca-2.3.3-x86_64-1.txz: Upgraded. l/vte-0.64.2-x86_64-1.txz: Upgraded. n/epic5-2.1.5-x86_64-1.txz: Upgraded. n/httpd-2.4.48-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. mod_http2: Fix a potential NULL pointer dereference. Unexpected <Location> section matching with 'MergeSlashes OFF'. mod_auth_digest: possible stack overflow by one nul byte while validating the Digest nonce. mod_session: Fix possible crash due to NULL pointer dereference, which could be used to cause a Denial of Service with a malicious backend server and SessionHeader. mod_session: Fix possible crash due to NULL pointer dereference, which could be used to cause a Denial of Service. mod_proxy_http: Fix possible crash due to NULL pointer dereference, which could be used to cause a Denial of Service. mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end negotiation. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567 (* Security fix *) n/libmbim-1.24.8-x86_64-1.txz: Upgraded. n/libqmi-1.28.6-x86_64-1.txz: Upgraded. n/nettle-3.7.3-x86_64-1.txz: Upgraded. n/openldap-2.4.59-x86_64-1.txz: Upgraded. n/p11-kit-0.24.0-x86_64-1.txz: Upgraded. n/php-7.4.20-x86_64-1.txz: Upgraded. n/vsftpd-3.0.4-x86_64-1.txz: Upgraded. n/whois-5.5.10-x86_64-1.txz: Upgraded. x/libX11-1.7.2-x86_64-1.txz: Upgraded. This is a bug fix release, correcting a regression introduced by and improving the checks from the fix for CVE-2021-31535. x/libinput-1.18.0-x86_64-1.txz: Upgraded. x/mesa-21.1.2-x86_64-1.txz: Upgraded. xap/blueman-2.2.1-x86_64-1.txz: Upgraded. xap/gnuplot-5.4.2-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-78.11.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/78.11.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29964 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967 (* Security fix *) xap/pidgin-2.14.5-x86_64-1.txz: Upgraded. xap/xine-lib-1.2.11-x86_64-6.txz: Rebuilt. Recompiled against poppler-21.06.1. extra/bash-completion/bash-completion-2.11-noarch-2.txz: Rebuilt. Removed the slackpkg completion file. extra/php8/php8-8.0.7-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r--ChangeLog.rss144
1 files changed, 142 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index 8fb98497d..f5da7a578 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,149 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Tue, 1 Jun 2021 18:41:29 GMT</pubDate>
- <lastBuildDate>Wed, 2 Jun 2021 06:59:48 GMT</lastBuildDate>
+ <pubDate>Mon, 7 Jun 2021 18:53:49 GMT</pubDate>
+ <lastBuildDate>Mon, 7 Jun 2021 21:59:50 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.12</generator>
<item>
+ <title>Mon, 7 Jun 2021 18:53:49 GMT</title>
+ <pubDate>Mon, 7 Jun 2021 18:53:49 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20210607185349</link>
+ <guid isPermaLink="false">20210607185349</guid>
+ <description>
+ <![CDATA[<pre>
+Hey folks! Sorry about the delay in getting this batch out but I had other
+distractions going on here last week that prevented getting this one wrapped
+up. Anyway, probably the highlight of this update set is that we've decided
+to abandon the 5.10 LTS kernel in favor of following the latest one. We've
+never really had a policy that required LTS in a stable release although that
+is how it has been done for years, but based on comments from the Slackware
+community it seems like 5.10 LTS isn't getting a lot of love and lacks
+hardware support that people need now. Conversely, the reports on 5.12 have
+been almost entirely positive, so we're going to provide what we think is the
+best available kernel. It's unlikely that we'll see another LTS prior to
+release, so the plan for maintenance is to keep following the latest kernels
+as needed for security purposes. If that means we have to jump to a new branch
+while supporting the stable release, we'll start the kernel out in testing
+first until we've had some feedback that it's safe to move it to the patches
+directory. Sooner or later we will end up on an LTS kernel again, and at that
+point we'll just roll with that one. Feel free to comment (or complain) about
+this plan on LQ... I'll be curious to see what people think. Anyway, enjoy!
+a/hwdata-0.348-noarch-1.txz: Upgraded.
+a/kernel-generic-5.12.9-x86_64-1.txz: Upgraded.
+a/kernel-huge-5.12.9-x86_64-1.txz: Upgraded.
+a/kernel-modules-5.12.9-x86_64-1.txz: Upgraded.
+ap/ispell-3.4.04-x86_64-1.txz: Upgraded.
+ap/mpg123-1.28.0-x86_64-1.txz: Upgraded.
+ap/slackpkg-15.0.5-noarch-1.txz: Upgraded.
+ Add "--" option to "command cd" in bash completion file. (akinomyoga)
+ shell-completions/slackpkg.bash: add "show-changelog".
+ Import bash-completion file from upstream project.
+ Added the new-config actions for specific files. (Piter PUNK)
+ Harden slackpkg with respect to obtaining GPG key. (CRTS)
+d/clisp-2.50_20191103_c26de7873-x86_64-5.txz: Rebuilt.
+ Upgraded to libffcall-2.3.
+d/git-2.32.0-x86_64-1.txz: Upgraded.
+d/kernel-headers-5.12.9-x86-1.txz: Upgraded.
+d/poke-1.3-x86_64-1.txz: Upgraded.
+d/vala-0.52.4-x86_64-1.txz: Upgraded.
+k/kernel-source-5.12.9-noarch-1.txz: Upgraded.
+kde/calligra-3.2.1-x86_64-9.txz: Rebuilt.
+ Recompiled against poppler-21.06.1.
+kde/cantor-21.04.1-x86_64-2.txz: Rebuilt.
+ Recompiled against poppler-21.06.1.
+kde/digikam-7.2.0-x86_64-3.txz: Rebuilt.
+ Recompiled against imagemagick-7.0.11_14.
+kde/kfilemetadata-5.82.0-x86_64-2.txz: Rebuilt.
+ Recompiled against poppler-21.06.1.
+kde/kile-2.9.93-x86_64-9.txz: Rebuilt.
+ Recompiled against poppler-21.06.1.
+kde/kitinerary-21.04.1-x86_64-2.txz: Rebuilt.
+ Recompiled against poppler-21.06.1.
+kde/krita-4.4.3-x86_64-5.txz: Rebuilt.
+ Recompiled against poppler-21.06.1.
+kde/okular-21.04.1-x86_64-2.txz: Rebuilt.
+ Recompiled against poppler-21.06.1.
+l/alsa-lib-1.2.5-x86_64-2.txz: Rebuilt.
+ Account for unexpected packing of the conf file tarballs. We'll see if this
+ is enough to make things work well again.
+l/at-spi2-core-2.40.2-x86_64-1.txz: Upgraded.
+l/dvdauthor-0.7.2-x86_64-5.txz: Rebuilt.
+ Recompiled against imagemagick-7.0.11_14.
+l/libogg-1.3.5-x86_64-1.txz: Upgraded.
+l/librsvg-2.50.7-x86_64-1.txz: Upgraded.
+l/pipewire-0.3.29-x86_64-1.txz: Upgraded.
+l/polkit-0.119-x86_64-1.txz: Upgraded.
+ This update includes a mitigation for local privilege escalation using
+ polkit_system_bus_name_get_creds_sync().
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560
+ (* Security fix *)
+l/poppler-21.06.1-x86_64-1.txz: Upgraded.
+ Shared library .so-version bump.
+l/pycairo-1.20.1-x86_64-1.txz: Upgraded.
+l/qca-2.3.3-x86_64-1.txz: Upgraded.
+l/vte-0.64.2-x86_64-1.txz: Upgraded.
+n/epic5-2.1.5-x86_64-1.txz: Upgraded.
+n/httpd-2.4.48-x86_64-1.txz: Upgraded.
+ This release contains security fixes and improvements.
+ mod_http2: Fix a potential NULL pointer dereference.
+ Unexpected <Location> section matching with 'MergeSlashes OFF'.
+ mod_auth_digest: possible stack overflow by one nul byte while validating
+ the Digest nonce.
+ mod_session: Fix possible crash due to NULL pointer dereference, which
+ could be used to cause a Denial of Service with a malicious backend
+ server and SessionHeader.
+ mod_session: Fix possible crash due to NULL pointer dereference, which
+ could be used to cause a Denial of Service.
+ mod_proxy_http: Fix possible crash due to NULL pointer dereference, which
+ could be used to cause a Denial of Service.
+ mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end
+ negotiation.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
+ (* Security fix *)
+n/libmbim-1.24.8-x86_64-1.txz: Upgraded.
+n/libqmi-1.28.6-x86_64-1.txz: Upgraded.
+n/nettle-3.7.3-x86_64-1.txz: Upgraded.
+n/openldap-2.4.59-x86_64-1.txz: Upgraded.
+n/p11-kit-0.24.0-x86_64-1.txz: Upgraded.
+n/php-7.4.20-x86_64-1.txz: Upgraded.
+n/vsftpd-3.0.4-x86_64-1.txz: Upgraded.
+n/whois-5.5.10-x86_64-1.txz: Upgraded.
+x/libX11-1.7.2-x86_64-1.txz: Upgraded.
+ This is a bug fix release, correcting a regression introduced by and
+ improving the checks from the fix for CVE-2021-31535.
+x/libinput-1.18.0-x86_64-1.txz: Upgraded.
+x/mesa-21.1.2-x86_64-1.txz: Upgraded.
+xap/blueman-2.2.1-x86_64-1.txz: Upgraded.
+xap/gnuplot-5.4.2-x86_64-1.txz: Upgraded.
+xap/mozilla-thunderbird-78.11.0-x86_64-1.txz: Upgraded.
+ This release contains security fixes and improvements.
+ For more information, see:
+ https://www.mozilla.org/en-US/thunderbird/78.11.0/releasenotes/
+ https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29964
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967
+ (* Security fix *)
+xap/pidgin-2.14.5-x86_64-1.txz: Upgraded.
+xap/xine-lib-1.2.11-x86_64-6.txz: Rebuilt.
+ Recompiled against poppler-21.06.1.
+extra/bash-completion/bash-completion-2.11-noarch-2.txz: Rebuilt.
+ Removed the slackpkg completion file.
+extra/php8/php8-8.0.7-x86_64-1.txz: Upgraded.
+isolinux/initrd.img: Rebuilt.
+kernels/*: Upgraded.
+usb-and-pxe-installers/usbboot.img: Rebuilt.
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Tue, 1 Jun 2021 18:41:29 GMT</title>
<pubDate>Tue, 1 Jun 2021 18:41:29 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20210601184129</link>
@@ -40,6 +179,7 @@ d/m4-1.4.19-x86_64-1.txz: Upgraded.
l/alsa-lib-1.2.5-x86_64-1.txz: Upgraded.
l/alsa-plugins-1.2.5-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.11_14-x86_64-1.txz: Upgraded.
+ Shared library .so-version bump.
l/libedit-20210522_3.1-x86_64-1.txz: Upgraded.
l/python-certifi-2021.5.30-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-89.0-x86_64-1.txz: Upgraded.