summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt30
1 files changed, 30 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 702274b2f..2ad5792aa 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,17 @@
+Fri Jun 1 21:28:10 UTC 2018
+a/mcelog-158-x86_64-1.txz: Upgraded.
+a/pkgtools-15.0-noarch-15.txz: Rebuilt.
+ installpkg, upgradepkg: test tty -s before using tput. Thanks to aaazen.
+d/cmake-3.11.3-x86_64-1.txz: Upgraded.
+l/imagemagick-6.9.9_49-x86_64-1.txz: Upgraded.
+ Support OpenMP. This had been disabled years ago due to issues with perl
+ modules, but probably that's been fixed by now. Thanks to olear.
+l/pygobject3-3.28.3-x86_64-1.txz: Upgraded.
+x/xf86-input-evdev-2.10.6-x86_64-1.txz: Upgraded.
+x/xf86-input-synaptics-1.9.1-x86_64-1.txz: Upgraded.
+xap/fvwm-2.6.8-x86_64-1.txz: Upgraded.
+extra/xf86-video-fbdev/xf86-video-fbdev-0.5.0-x86_64-1.txz: Upgraded.
++--------------------------+
Thu May 31 04:55:33 UTC 2018
a/kernel-generic-4.14.47-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.47-x86_64-1.txz: Upgraded.
@@ -26,6 +40,22 @@ ap/slackpkg-2.83.0-noarch-1.txz: Upgraded.
mandoc lint fixes to slackpkg.8
Warn user if a -current mirror is selected (but only warn once)
d/git-2.17.1-x86_64-1.txz: Upgraded.
+ This update fixes security issues:
+ Submodule "names" come from the untrusted .gitmodules file, but we
+ blindly append them to $GIT_DIR/modules to create our on-disk repo
+ paths. This means you can do bad things by putting "../" into the
+ name. We now enforce some rules for submodule names which will cause
+ Git to ignore these malicious names (CVE-2018-11235).
+ Credit for finding this vulnerability and the proof of concept from
+ which the test script was adapted goes to Etienne Stalmans.
+ It was possible to trick the code that sanity-checks paths on NTFS
+ into reading random piece of memory (CVE-2018-11233).
+ Credit for fixing for these bugs goes to Jeff King, Johannes
+ Schindelin and others.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233
+ (* Security fix *)
d/kernel-headers-4.14.47-x86-1.txz: Upgraded.
d/rust-1.26.1-x86_64-1.txz: Upgraded.
k/kernel-source-4.14.47-noarch-1.txz: Upgraded.
generated by cgit v1.2.3 (git 2.26.2) at 2024-04-26 23:56:13 +0000