summaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFilesLines
* Tue Apr 14 22:07:31 UTC 2026•••l/jemalloc-5.3.1-x86_64-1.txz: Upgraded. l/libexif-0.6.26-x86_64-1.txz: Upgraded. This update fixes security issues: An unsigned integer underflow in Fuji and Olympus makernote handling. An unsigned integer overflow on 32bit systems in Nikon makernote handling. A buffer overwrite via integer underflow in makernote handling. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-40386 https://www.cve.org/CVERecord?id=CVE-2026-40385 https://www.cve.org/CVERecord?id=CVE-2026-32775 (* Security fix *) l/libxmlb-0.3.26-x86_64-1.txz: Upgraded. Add bounds check to prevent OOB read in token index lookup (Richard Hughes). Prevent stack overflow from unbounded recursion in export (Richard Hughes). (* Security fix *) l/mozilla-nss-3.122.1-x86_64-1.txz: Upgraded. l/openexr-3.4.9-x86_64-2.txz: Rebuilt. Recompiled against openjph-0.27.0. l/openjph-0.27.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/python-editables-0.6-x86_64-1.txz: Upgraded. n/iproute2-7.0.0-x86_64-1.txz: Upgraded. x/xorg-server-21.1.22-x86_64-1.txz: Upgraded. This update fixes security issues: XKB Integer Underflow in XkbSetCompatMap(). XKB Out-of-bounds Read in CheckSetGeom(). XSYNC Use-after-free in miSyncTriggerFence(). XKB Out-of-bounds read in CheckModifierMap(). XKB Buffer overflow in CheckKeyTypes(). For more information, see: https://lists.x.org/archives/xorg-devel/2026-April/059446.html https://www.cve.org/CVERecord?id=CVE-2026-33999 https://www.cve.org/CVERecord?id=CVE-2026-34000 https://www.cve.org/CVERecord?id=CVE-2026-34001 https://www.cve.org/CVERecord?id=CVE-2026-34002 https://www.cve.org/CVERecord?id=CVE-2026-34003 (* Security fix *) x/xorg-server-xephyr-21.1.22-x86_64-1.txz: Upgraded. x/xorg-server-xnest-21.1.22-x86_64-1.txz: Upgraded. x/xorg-server-xvfb-21.1.22-x86_64-1.txz: Upgraded. x/xorg-server-xwayland-24.1.10-x86_64-1.txz: Upgraded. This update fixes security issues: XKB Integer Underflow in XkbSetCompatMap(). XKB Out-of-bounds Read in CheckSetGeom(). XSYNC Use-after-free in miSyncTriggerFence(). XKB Out-of-bounds read in CheckModifierMap(). XKB Buffer overflow in CheckKeyTypes(). For more information, see: https://lists.x.org/archives/xorg-devel/2026-April/059446.html https://www.cve.org/CVERecord?id=CVE-2026-33999 https://www.cve.org/CVERecord?id=CVE-2026-34000 https://www.cve.org/CVERecord?id=CVE-2026-34001 https://www.cve.org/CVERecord?id=CVE-2026-34002 https://www.cve.org/CVERecord?id=CVE-2026-34003 (* Security fix *) x/xterm-409-x86_64-1.txz: Upgraded. HEAD20260414220731master Patrick J Volkerding21 hours12-117/+237
* Mon Apr 13 21:39:25 UTC 2026•••d/meson-1.11.0-x86_64-1.txz: Upgraded. d/mold-2.41.0-x86_64-1.txz: Upgraded. l/frei0r-plugins-3.1.2-x86_64-1.txz: Upgraded. l/imagemagick-7.1.2_19-x86_64-1.txz: Upgraded. l/libarchive-3.8.7-x86_64-1.txz: Upgraded. Libarchive 3.8.7 is a security and bugfix release. Notable fixes: CAB: fix NULL pointer dereference during skip (#2900) CAB: Fix Heap OOB Write in CAB LZX decoder (#2919) cpio: various fixes and improvements (#2899, #2908, #2910, #2939) contrib/untar: fix out-of-bounds read (#2903) iso9660: fix undefined behavior (#2897) iso9660: fix posibble heap buffer overflow on 32-bit systems (#2934) libarchive: fix handling of option failures (#2871) libarchive: do not continue with truncated numbers (#2911) libarchive: lzop and grzip filter support (#2947) RAR: fix LZSS window size mismatch after PPMd block (#2898) (* Security fix *) n/ca-certificates-20260413-noarch-1.txz: Upgraded. This update provides the latest CA certificates to check for the authenticity of SSL connections. x/intel-media-driver-26.1.6-x86_64-1.txz: Upgraded. x/xterm-408-x86_64-1.txz: Upgraded. 20260413213925 Patrick J Volkerding46 hours8-2076/+152
* Sun Apr 12 23:48:44 UTC 2026•••d/ccache-4.13.3-x86_64-1.txz: Upgraded. l/at-spi2-core-2.60.1-x86_64-1.txz: Upgraded. l/frei0r-plugins-3.1.0-x86_64-1.txz: Upgraded. l/graphviz-14.1.5-x86_64-1.txz: Upgraded. l/python-lxml-6.0.4-x86_64-1.txz: Upgraded. 20260412234844 Patrick J Volkerding3 days8-57/+79
* Sat Apr 11 21:06:31 UTC 2026•••a/kernel-firmware-20260410_dc85cce-noarch-1.txz: Upgraded. a/kernel-generic-6.18.22-x86_64-1.txz: Upgraded. ap/sqlite-3.53.0-x86_64-1.txz: Upgraded. ap/vim-9.2.0338-x86_64-1.txz: Upgraded. d/kernel-headers-6.18.22-x86-1.txz: Upgraded. k/kernel-source-6.18.22-noarch-1.txz: Upgraded. kde/krita-6.0.1.1-x86_64-2.txz: Rebuilt. Recompiled against libunibreak-7.0. l/babl-0.1.126-x86_64-1.txz: Upgraded. l/frei0r-plugins-3.0.1-x86_64-1.txz: Upgraded. l/libass-0.17.4-x86_64-2.txz: Rebuilt. Recompiled against libunibreak-7.0. l/libsodium-1.0.22-x86_64-1.txz: Upgraded. l/libunibreak-7.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/polkit-qt-1-0.201.1-x86_64-1.txz: Upgraded. l/python-build-1.4.3-x86_64-1.txz: Upgraded. xap/vim-gvim-9.2.0338-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. 20260411210631 Patrick J Volkerding4 days22-162/+205
* Thu Apr 9 23:10:26 UTC 2026•••a/openssl-solibs-3.5.6-x86_64-2.txz: Rebuilt. ap/htop-3.5.0-x86_64-1.txz: Upgraded. ap/joe-4.7-x86_64-1.txz: Upgraded. ap/xorriso-1.5.8.pl01-x86_64-1.txz: Upgraded. l/frei0r-plugins-3.0.0-x86_64-1.txz: Upgraded. l/libcap-ng-0.9.3-x86_64-1.txz: Upgraded. l/libpng-1.6.57-x86_64-1.txz: Upgraded. Fixed a medium severity security issue: Use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` leading to corrupted chunk data and potential heap information disclosure. Also hardened the append-style setters (`png_set_text`, `png_set_sPLT`, `png_set_unknown_chunks`) against a theoretical variant of the same aliasing pattern. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-34757 (* Security fix *) l/parted-3.7-x86_64-1.txz: Upgraded. l/pipewire-1.6.3-x86_64-1.txz: Upgraded. l/python-lxml-6.0.3-x86_64-1.txz: Upgraded. l/qt6-6.10.3_20260330_6417867c-x86_64-3.txz: Rebuilt. [PATCH] QDBusMetaObject: ensure custom types are normalized. Thanks to Willy Sudiarto Raharjo. n/openssl-3.5.6-x86_64-2.txz: Rebuilt. Rebuilt with option enable-ktls. Thanks to qunying. n/php-8.4.20-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.php.net/ChangeLog-8.php#8.4.20 n/stunnel-5.78-x86_64-1.txz: Upgraded. x/xdg-desktop-portal-1.20.4-x86_64-1.txz: Upgraded. x/xdg-user-dirs-0.20-x86_64-1.txz: Upgraded. testing/packages/php-8.5.5-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.php.net/ChangeLog-8.php#8.5.5 20260409231026 Patrick J Volkerding6 days18-147/+288
* Wed Apr 8 22:26:28 UTC 2026•••a/bcachefs-tools-1.37.5-x86_64-1.txz: Upgraded. a/nut-2.8.5-x86_64-1.txz: Upgraded. a/openssl-solibs-3.5.6-x86_64-1.txz: Upgraded. ap/nano-9.0-x86_64-1.txz: Upgraded. ap/sox-14.7.1.2-x86_64-1.txz: Upgraded. d/llvm-22.1.3-x86_64-1.txz: Upgraded. kde/krita-6.0.1.1-x86_64-1.txz: Upgraded. l/gst-plugins-bad-free-1.28.2-x86_64-1.txz: Upgraded. l/gst-plugins-base-1.28.2-x86_64-1.txz: Upgraded. l/gst-plugins-good-1.28.2-x86_64-1.txz: Upgraded. l/gst-plugins-libav-1.28.2-x86_64-1.txz: Upgraded. l/gstreamer-1.28.2-x86_64-1.txz: Upgraded. l/libclc-22.1.3-x86_64-1.txz: Upgraded. l/mozjs140-140.9.1esr-x86_64-1.txz: Upgraded. n/openssl-3.5.6-x86_64-1.txz: Upgraded. This update fixes security issues: Potential Use-after-free in DANE Client Code. NULL Pointer Dereference When Processing a Delta CRL. Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo. Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo. Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Heap Buffer Overflow in Hexadecimal Conversion. Incorrect Failure Handling in RSA KEM RSASVE Encapsulation. For more information, see: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387 https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388 https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389 https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390 https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789 https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790 https://www.cve.org/CVERecord?id=CVE-2026-28387 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://www.cve.org/CVERecord?id=CVE-2026-31790 (* Security fix *) xap/mozilla-firefox-140.9.1esr-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/140.9.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2026-27/ https://www.cve.org/CVERecord?id=CVE-2026-5732 https://www.cve.org/CVERecord?id=CVE-2026-5731 https://www.cve.org/CVERecord?id=CVE-2026-5734 (* Security fix *) xap/mozilla-thunderbird-140.9.1esr-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/140.9.1esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/ https://www.cve.org/CVERecord?id=CVE-2026-5732 https://www.cve.org/CVERecord?id=CVE-2026-5731 https://www.cve.org/CVERecord?id=CVE-2026-5734 (* Security fix *) extra/brltty/brltty-6.9.1-x86_64-1.txz: Upgraded. 20260408222628 Patrick J Volkerding7 days18-160/+288
* Mon Apr 6 20:14:15 UTC 2026•••a/pciutils-3.15.0-x86_64-1.txz: Upgraded. ap/screen-5.0.1-x86_64-3.txz: Rebuilt. Keep UTF-8 combining sequences on UTF-8 displays. Thanks to r1w1s1. kde/kstars-3.8.2-x86_64-1.txz: Upgraded. l/libcap-2.78-x86_64-1.txz: Upgraded. 20260406201415 Patrick J Volkerding9 days7-57/+100
* Sun Apr 5 22:07:15 UTC 2026•••l/SDL2_image-2.8.10-x86_64-1.txz: Upgraded. l/accountsservice-26.13.3-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/libwmf-0.2.15-x86_64-1.txz: Upgraded. l/qt6-6.10.3_20260330_6417867c-x86_64-2.txz: Rebuilt. Patched to get qdoc building with LLVM22. Thanks to Brent Spillner. n/nfs-utils-2.9.1-x86_64-1.txz: Upgraded. xfce/xfce4-whiskermenu-plugin-2.10.1-x86_64-2.txz: Rebuilt. Recompiled against accountsservice-26.13.3. 20260405220715 Patrick J Volkerding10 days9-63/+1811
* Sat Apr 4 23:32:32 UTC 2026•••l/SDL3-3.4.4-x86_64-1.txz: Upgraded. l/harfbuzz-14.1.0-x86_64-1.txz: Upgraded. l/openexr-3.4.9-x86_64-1.txz: Upgraded. This release addresses several security vulnerabilities: DWA Lossy Decoder Heap Out-of-Bounds Write. Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write. Signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression. Misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression). Signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34589 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34588 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34380 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34379 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34378 (* Security fix *) l/python-charset-normalizer-3.4.7-x86_64-1.txz: Upgraded. n/postfix-3.11.1-x86_64-2.txz: Rebuilt. Added support for LMDB. Thanks to Thom1b. x/gtk-layer-shell-0.10.1-x86_64-1.txz: Upgraded. 20260404233232 Patrick J Volkerding11 days7-60/+121
* Fri Apr 3 23:48:17 UTC 2026•••a/cryptsetup-2.8.6-x86_64-1.txz: Upgraded. a/hwdata-0.406-noarch-1.txz: Upgraded. a/infozip-6.0-x86_64-8.txz: Rebuilt. This update fixes security issues: Improper handling of Unicode strings can lead to a null pointer dereference. The conversion of a wide string to a local string leads to an of out-of-bounds write. Thanks to pbslxw for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4217 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0529 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0530 (* Security fix *) a/kernel-firmware-20260402_583d336-noarch-1.txz: Upgraded. a/kernel-generic-6.18.21-x86_64-1.txz: Upgraded. ap/screen-5.0.1-x86_64-2.txz: Rebuilt. Build using --enable-utmp. Rename --with-sys-screenrc to --with-system-screenrc. Remove obsolete configure options. Thanks to opty. ap/xorriso-1.5.8-x86_64-1.txz: Upgraded. d/kernel-headers-6.18.21-x86-1.txz: Upgraded. d/mercurial-7.2.1-x86_64-1.txz: Upgraded. d/perl-5.42.2-x86_64-2.txz: Rebuilt. Upgraded: XML-Parser-2.47. This seems to be the last working version... not sure why. Thanks to fulalas. k/kernel-source-6.18.21-noarch-1.txz: Upgraded. l/aom-3.13.3-x86_64-1.txz: Upgraded. l/libburn-1.5.8-x86_64-1.txz: Upgraded. l/qt6-6.10.3_20260330_6417867c-x86_64-1.txz: Upgraded. n/bind-9.20.22-x86_64-1.txz: Upgraded. This update fixes a security issue: Fix crash when reconfiguring zone update policy during active updates. Fixed a crash that could occur when running rndc reconfig to change a zone's update policy (e.g., from allow-update to update-policy) while DNS UPDATE requests were being processed for that zone. ISC would like to thank Vitaly Simonovich for bringing this issue to our attention. (* Security fix *) n/fetchmail-6.6.3-x86_64-1.txz: Upgraded. n/openssh-10.3p1-x86_64-1.txz: Upgraded. x/libinput-1.31.1-x86_64-1.txz: Upgraded. x/wayland-protocols-1.48-noarch-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. 20260403234817 Patrick J Volkerding12 days35-468/+577
* Wed Apr 1 21:20:05 UTC 2026•••a/upower-1.91.2-x86_64-1.txz: Upgraded. a/util-linux-2.42-x86_64-1.txz: Upgraded. ap/vim-9.2.0280-x86_64-1.txz: Upgraded. kde/libindi-2.2.0-x86_64-1.txz: Upgraded. l/gtk4-4.22.2-x86_64-1.txz: Upgraded. l/harfbuzz-14.0.0-x86_64-1.txz: Upgraded. l/python-pillow-12.2.0-x86_64-1.txz: Upgraded. l/python-pybind11-3.0.3-x86_64-1.txz: Upgraded. l/spirv-llvm-translator-22.1.1-x86_64-1.txz: Upgraded. x/mesa-26.0.4-x86_64-1.txz: Upgraded. x/noto-fonts-ttf-2026.04.01-noarch-1.txz: Upgraded. xap/vim-gvim-9.2.0280-x86_64-1.txz: Upgraded. Comment everything out in the default /usr/share/vim/vimrc. Thanks to jtsn. xap/xscreensaver-6.15-x86_64-1.txz: Upgraded. 20260401212005 Patrick J Volkerding14 days11-115/+219
* Wed Apr 1 05:05:28 UTC 2026•••+--------------------------+ Tue Mar 31 21:58:54 UTC 2026 a/shadow-4.19.4-x86_64-2.txz: Rebuilt. /usr/sbin/adduser: add 'kvm' to the default list of additional groups. Thanks to gsl. a/xz-5.8.3-x86_64-1.txz: Upgraded. This update fixes security issues: Fix a buffer overflow in lzma_index_append(). Fix invalid memory access in --files and --files0. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34743 (* Security fix *) d/tree-sitter-0.26.8-x86_64-1.txz: Upgraded. l/SDL3-3.4.2-x86_64-2.txz: Rebuilt. Recompiled with: -DSDL_WAYLAND_LIBDECOR=ON -DSDL_WAYLAND_LIBDECOR_SHARED=ON l/gdk-pixbuf2-2.44.6-x86_64-1.txz: Upgraded. l/netpbm-11.14.00-x86_64-1.txz: Upgraded. l/opensc-0.27.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/python-setuptools_scm-10.0.5-x86_64-1.txz: Upgraded. l/python-vcs_versioning-1.1.1-x86_64-1.txz: Added. Needed by python-setuptools_scm-10.0.5. n/openvpn-2.7.1-x86_64-1.txz: Upgraded. x/igt-gpu-tools-2.4-x86_64-1.txz: Upgraded. x/libdecor-0.2.5-x86_64-1.txz: Added. Thanks to gbschenkel. x/xorg-server-xwayland-24.1.9-x86_64-3.txz: Rebuilt. Recompiled against libdecor-0.2.5. 20260401050528 Patrick J Volkerding2026-04-013-8/+20
* Tue Mar 31 21:58:54 UTC 2026•••a/shadow-4.19.4-x86_64-2.txz: Rebuilt. /usr/sbin/adduser: add 'kvm' to the default list of additional groups. Thanks to gsl. a/xz-5.8.3-x86_64-1.txz: Upgraded. This update fixes security issues: Fix a buffer overflow in lzma_index_append(). Fix invalid memory access in --files and --files0. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34743 (* Security fix *) d/tree-sitter-0.26.8-x86_64-1.txz: Upgraded. l/SDL3-3.4.2-x86_64-2.txz: Rebuilt. Recompiled with: -DSDL_WAYLAND_LIBDECOR=ON -DSDL_WAYLAND_LIBDECOR_SHARED=ON l/gdk-pixbuf2-2.44.6-x86_64-1.txz: Upgraded. l/netpbm-11.14.00-x86_64-1.txz: Upgraded. l/opensc-0.27.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/python-setuptools_scm-10.0.5-x86_64-1.txz: Upgraded. l/python-vcs_versioning-1.1.1-x86_64-1.txz: Added. Needed by python-setuptools_scm-10.0.5. n/openvpn-2.7.1-x86_64-1.txz: Upgraded. x/igt-gpu-tools-2.4-x86_64-1.txz: Upgraded. x/libdecor-0.2.5-x86_64-1.txz: Added. Thanks to gbschenkel. x/xorg-server-xwayland-24.1.9-x86_64-3.txz: Rebuilt. Recompiled against libdecor-0.2.5. 20260331215854 Patrick J Volkerding2026-04-0125-148/+476
* Mon Mar 30 23:25:18 UTC 2026•••a/bcachefs-tools-1.37.4-x86_64-1.txz: Upgraded. d/parallel-20260322-noarch-1.txz: Upgraded. d/perl-5.42.2-x86_64-1.txz: Upgraded. Added: File-ShareDir-1.118, File-ShareDir-Install-0.14. Upgraded: IO-Tty-1.24, JSON-4.11, Net-SSLeay-1.96, XML-Parser-2.54. d/vala-0.56.19-x86_64-1.txz: Upgraded. kde/krita-6.0.1-x86_64-1.txz: Upgraded. l/libqalculate-5.10.0-x86_64-1.txz: Upgraded. l/python-requests-2.33.1-x86_64-1.txz: Upgraded. xap/qalculate-gtk-5.10.0-x86_64-1.txz: Upgraded. xap/qalculate-qt-5.10.0-x86_64-1.txz: Upgraded. 20260330232518 Patrick J Volkerding2026-03-319-92/+159
* Sun Mar 29 21:45:48 UTC 2026•••ap/mariadb-11.8.6-x86_64-2.txz: Rebuilt. Patched to fix akonadiserver crash. Thanks to Heinz Wiesinger. kde/wcslib-8.6-x86_64-1.txz: Upgraded. l/bstring-1.1.0-x86_64-1.txz: Upgraded. l/python-installer-1.0.0-x86_64-1.txz: Upgraded. l/python-numpy-2.4.4-x86_64-1.txz: Upgraded. l/python-pygments-2.20.0-x86_64-1.txz: Upgraded. n/ngtcp2-1.22.0-x86_64-1.txz: Upgraded. x/setxkbmap-1.3.5-x86_64-1.txz: Upgraded. xfce/thunar-4.20.8-x86_64-1.txz: Upgraded. 20260329214548 Patrick J Volkerding2026-03-309-87/+153
* Sat Mar 28 20:26:46 UTC 2026•••a/tree-2.3.1-x86_64-1.txz: Upgraded. d/cmake-4.3.1-x86_64-1.txz: Upgraded. d/re2c-4.5.1-x86_64-1.txz: Upgraded. xap/gimp-3.2.2-x86_64-1.txz: Upgraded. Disable Lua bindings as recommended by upstream. Thanks to kgha. 20260328202646 Patrick J Volkerding2026-03-286-48/+70
* Fri Mar 27 21:52:40 UTC 2026•••a/kernel-firmware-20260327_85786b4-noarch-1.txz: Upgraded. a/sysvinit-3.18-x86_64-1.txz: Upgraded. l/libjpeg-turbo-3.1.4.1-x86_64-1.txz: Upgraded. xfce/xfdesktop-4.20.2-x86_64-1.txz: Upgraded. 20260327215240 Patrick J Volkerding2026-03-277-55/+74
* Fri Mar 27 04:09:20 UTC 2026•••ap/vim-9.2.0260-x86_64-1.txz: Upgraded. d/tree-sitter-0.26.7-x86_64-1.txz: Upgraded. l/libpng-1.6.56-x86_64-1.txz: Upgraded. This update fixes security issues: Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE. Out-of-bounds read/write in the palette expansion on ARM Neon. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-33416 https://www.cve.org/CVERecord?id=CVE-2026-33636 (* Security fix *) l/openexr-3.4.8-x86_64-1.txz: Upgraded. xap/vim-gvim-9.2.0260-x86_64-1.txz: Upgraded. extra/tigervnc/tigervnc-1.16.2-x86_64-1.txz: Upgraded. Fixed missing security fixes in the 1.16.1 release. (* Security fix *) testing/packages/rust-1.94.1-x86_64-1.txz: Upgraded. 20260327040920 Patrick J Volkerding2026-03-279-93/+137
* Thu Mar 26 00:36:00 UTC 2026•••a/kernel-firmware-20260323_51d2775-noarch-1.txz: Upgraded. a/kernel-generic-6.18.20-x86_64-1.txz: Upgraded. a/sysvinit-3.17-x86_64-1.txz: Upgraded. d/kernel-headers-6.18.20-x86-1.txz: Upgraded. d/llvm-22.1.2-x86_64-1.txz: Upgraded. k/kernel-source-6.18.20-noarch-1.txz: Upgraded. MAC80211_HWSIM n -> m WWAN_HWSIM n -> m Thanks to USUARIONUEVO. l/libcap-ng-0.9.2-x86_64-1.txz: Upgraded. l/libclc-22.1.2-x86_64-1.txz: Upgraded. l/nodejs-24.14.1-x86_64-1.txz: Upgraded. l/pygobject3-3.56.2-x86_64-1.txz: Upgraded. l/python-build-1.4.2-x86_64-1.txz: Upgraded. l/python-requests-2.33.0-x86_64-1.txz: Upgraded. l/wireplumber-0.5.14-x86_64-1.txz: Upgraded. n/bind-9.20.21-x86_64-1.txz: Upgraded. This update fixes security issues: Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. Fix memory leaks in code preparing DNSSEC proofs of non-existence. Prevent a crash in code processing queries containing a TKEY record. Fix a stack use-after-return flaw in SIG(0) handling code. For more information, see: https://kb.isc.org/docs/cve-2026-1519 https://kb.isc.org/docs/cve-2026-3104 https://kb.isc.org/docs/cve-2026-3119 https://kb.isc.org/docs/cve-2026-3591 https://www.cve.org/CVERecord?id=CVE-2026-1519 https://www.cve.org/CVERecord?id=CVE-2026-3104 https://www.cve.org/CVERecord?id=CVE-2026-3119 https://www.cve.org/CVERecord?id=CVE-2026-3591 (* Security fix *) x/intel-gmmlib-22.10.0-x86_64-1.txz: Upgraded. extra/tigervnc/tigervnc-1.16.1-x86_64-1.txz: Upgraded. The bug fix release TigerVNC 1.16.1 is now available. This release is primarily a security release to fix an issue in x0vncserver, where other users can observe and manipulate the screen contents. Users of x0vncserver are advised to update immediately. The release also contains a fix for using the Plain security type with the new w0vncserver, as well as some translation updates. (* Security fix *) isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. 20260326003600 Patrick J Volkerding2026-03-2619-168/+268
* Wed Mar 25 01:42:21 UTC 2026•••d/re2c-4.5-x86_64-1.txz: Upgraded. kde/krita-6.0.0-x86_64-1.txz: Upgraded. kde/xsimd-14.1.0-noarch-1.txz: Added. Needed by krita-6.0.0. l/eigen3-3.4.1-x86_64-2.txz: Rebuilt. Rebuilt to update cmake_policy VERSION. l/frei0r-plugins-2.5.6-x86_64-1.txz: Upgraded. l/gegl-0.4.70-x86_64-1.txz: Upgraded. l/mozilla-nss-3.122-x86_64-1.txz: Upgraded. l/mozjs140-140.9.0esr-x86_64-1.txz: Upgraded. l/openblas-0.3.32-x86_64-1.txz: Upgraded. l/sip-6.15.3-x86_64-1.txz: Upgraded. x/intel-media-driver-26.1.5-x86_64-1.txz: Upgraded. xap/mozilla-firefox-140.9.0esr-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/140.9.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2026-22/ https://www.cve.org/CVERecord?id=CVE-2026-4684 https://www.cve.org/CVERecord?id=CVE-2026-4685 https://www.cve.org/CVERecord?id=CVE-2026-4686 https://www.cve.org/CVERecord?id=CVE-2026-4687 https://www.cve.org/CVERecord?id=CVE-2026-4688 https://www.cve.org/CVERecord?id=CVE-2026-4689 https://www.cve.org/CVERecord?id=CVE-2026-4690 https://www.cve.org/CVERecord?id=CVE-2026-4691 https://www.cve.org/CVERecord?id=CVE-2026-4692 https://www.cve.org/CVERecord?id=CVE-2026-4693 https://www.cve.org/CVERecord?id=CVE-2026-4694 https://www.cve.org/CVERecord?id=CVE-2026-4695 https://www.cve.org/CVERecord?id=CVE-2026-4696 https://www.cve.org/CVERecord?id=CVE-2026-4697 https://www.cve.org/CVERecord?id=CVE-2026-4698 https://www.cve.org/CVERecord?id=CVE-2026-4699 https://www.cve.org/CVERecord?id=CVE-2026-4700 https://www.cve.org/CVERecord?id=CVE-2026-4701 https://www.cve.org/CVERecord?id=CVE-2026-4702 https://www.cve.org/CVERecord?id=CVE-2026-4704 https://www.cve.org/CVERecord?id=CVE-2026-4705 https://www.cve.org/CVERecord?id=CVE-2026-4706 https://www.cve.org/CVERecord?id=CVE-2026-4707 https://www.cve.org/CVERecord?id=CVE-2026-4708 https://www.cve.org/CVERecord?id=CVE-2026-4709 https://www.cve.org/CVERecord?id=CVE-2026-4710 https://www.cve.org/CVERecord?id=CVE-2026-4711 https://www.cve.org/CVERecord?id=CVE-2026-4712 https://www.cve.org/CVERecord?id=CVE-2026-4713 https://www.cve.org/CVERecord?id=CVE-2026-4714 https://www.cve.org/CVERecord?id=CVE-2026-4715 https://www.cve.org/CVERecord?id=CVE-2026-4716 https://www.cve.org/CVERecord?id=CVE-2026-4717 https://www.cve.org/CVERecord?id=CVE-2025-59375 https://www.cve.org/CVERecord?id=CVE-2026-4718 https://www.cve.org/CVERecord?id=CVE-2026-4719 https://www.cve.org/CVERecord?id=CVE-2026-4720 https://www.cve.org/CVERecord?id=CVE-2026-4721 (* Security fix *) xap/mozilla-thunderbird-140.9.0esr-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/140.9.0esr/releasenotes/ (* Security fix *) 20260325014221 Patrick J Volkerding2026-03-2517-139/+414
* Mon Mar 23 21:41:39 UTC 2026•••l/gtk+3-3.24.52-x86_64-1.txz: Upgraded. l/imagemagick-7.1.2_18-x86_64-1.txz: Upgraded. l/pango-1.57.1-x86_64-1.txz: Upgraded. 20260323214139 Patrick J Volkerding2026-03-235-40/+59
* Sun Mar 22 22:59:59 UTC 2026•••a/file-5.47-x86_64-2.txz: Rebuilt. Package the ChangeLog. Thanks to slakmagik. ap/qemu-10.2.2-x86_64-3.txz: Rebuilt. Added additional targets: loongarch64-softmmu, loongarch64-linux-user, riscv32-softmmu, riscv32-linux-user, riscv64-softmmu, and riscv64-linux-user. Thanks to ZhaoLin1547. ap/qemu-guest-agent-10.2.2-x86_64-3.txz: Rebuilt. d/ccache-4.13.2-x86_64-1.txz: Upgraded. l/accountsservice-26.12.8-x86_64-1.txz: Upgraded. l/freetype-2.14.3-x86_64-1.txz: Upgraded. l/openjph-0.26.3-x86_64-2.txz: Rebuilt. Fixed slack-desc typo. Thanks to slakmagik. 20260322225959 Patrick J Volkerding2026-03-2313-132/+186
* Sat Mar 21 23:17:52 UTC 2026•••a/sysvinit-3.16-x86_64-1.txz: Upgraded. ap/qemu-10.2.2-x86_64-2.txz: Rebuilt. Recompiled against libcacard-2.8.2, libslirp-4.9.1, spice-0.16.0, and usbredir-0.15.0. Thanks to Daedra. ap/qemu-guest-agent-10.2.2-x86_64-2.txz: Rebuilt. l/graphviz-14.1.4-x86_64-1.txz: Upgraded. l/libcacard-2.8.2-x86_64-1.txz: Added. Needed by qemu-10.2.2. Thanks to Matteo Bernardini. l/usbredir-0.15.0-x86_64-1.txz: Added. Needed by qemu-10.2.2. Thanks to Matteo Bernardini. n/libslirp-4.9.1-x86_64-1.txz: Added. Needed by qemu-10.2.2. Thanks to Vijay Marcel. n/spice-0.16.0-x86_64-1.txz: Added. Needed by qemu-10.2.2. Thanks to Matteo Bernardini. n/spice-protocol-0.14.5-noarch-1.txz: Added. Needed by spice-0.16.0. Thanks to Matteo Bernardini. 20260321231752 Patrick J Volkerding2026-03-2232-180/+1048
* Sat Mar 21 03:35:15 UTC 2026•••d/autoconf-2.73-noarch-1.txz: Upgraded. kde/marble-23.08.5-x86_64-13.txz: Rebuilt. Recompiled against protobuf-34.1. l/aom-3.13.2-x86_64-1.txz: Upgraded. l/protobuf-34.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. (Or, at least, we've been told to always expect ABI breakage) l/qt6-6.10.2_20260125_abfb3788-x86_64-4.txz: Rebuilt. Recompiled against protobuf-34.1. n/getmail-6.19.12-x86_64-1.txz: Upgraded. n/mosh-1.4.0-x86_64-19.txz: Rebuilt. Recompiled against protobuf-34.1. n/mutt-2.3.1-x86_64-1.txz: Upgraded. x/wlroots-0.19.3-x86_64-1.txz: Upgraded. 20260321033515 Patrick J Volkerding2026-03-2113-180/+126
* Thu Mar 19 22:57:21 UTC 2026•••a/btrfs-progs-6.19.1-x86_64-1.txz: Upgraded. a/kernel-firmware-20260318_217ca6e-noarch-1.txz: Upgraded. a/kernel-generic-6.18.19-x86_64-1.txz: Upgraded. d/kernel-headers-6.18.19-x86-1.txz: Upgraded. k/kernel-source-6.18.19-noarch-1.txz: Upgraded. l/harfbuzz-13.2.1-x86_64-1.txz: Upgraded. l/python-attrs-26.1.0-x86_64-1.txz: Upgraded. x/mesa-26.0.3-x86_64-1.txz: Upgraded. x/wayland-1.25.0-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. 20260319225721 Patrick J Volkerding2026-03-2014-107/+142
* Wed Mar 18 23:23:04 UTC 2026•••a/eudev-3.2.14-x86_64-3.txz: Rebuilt. watchdog.conf: blacklist some additional watchdog modules: intel_oc_wdt, lenovo_se30_wdt, max77620_wdt, nct6694_wdt. Thanks to rworkman. Change perms on kvm and vhost-net from 666 to 660 as recommended for QEMU. a/lzip-1.26-x86_64-1.txz: Upgraded. a/xfsprogs-6.19.0-x86_64-1.txz: Upgraded. ap/qemu-10.2.2-x86_64-1.txz: Upgraded. Support passing a custom TARGET_LIST. Thanks to henca. Drop 65-kvm.rules. Add sparc and sparc64 targets. Thanks to jayjwa. Add aarch64 targets. Thanks to jtsn. I'll look into the other suggestions for additional QEMU deps. ap/qemu-guest-agent-10.2.2-x86_64-1.txz: Upgraded. ap/sqlite-3.51.3-x86_64-1.txz: Upgraded. d/cmake-4.3.0-x86_64-1.txz: Upgraded. l/expat-2.7.5-x86_64-1.txz: Upgraded. This update fixes security issues: Fix NULL function pointer dereference for empty external parameter entities; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. Protect from XML_TOK_INSTANCE_START infinite loop in function entityValueProcessor; it takes use of both functions XML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an application to be vulnerable. Fix NULL dereference in function setContext on retry after an earlier ouf-of-memory condition; it takes use of function XML_ParserCreateNS or XML_ParserCreate_MM for an application to be vulnerable. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-32776 https://www.cve.org/CVERecord?id=CVE-2026-32777 https://www.cve.org/CVERecord?id=CVE-2026-32778 (* Security fix *) l/glibmm2-2.88.0-x86_64-1.txz: Upgraded. l/icu4c-78.3-x86_64-1.txz: Upgraded. l/librsvg-2.62.1-x86_64-1.txz: Upgraded. n/nghttp2-1.68.1-x86_64-1.txz: Upgraded. n/samba-4.24.0-x86_64-1.txz: Upgraded. x/fcitx5-5.1.19-x86_64-1.txz: Upgraded. x/fcitx5-anthy-5.1.10-x86_64-1.txz: Upgraded. x/fcitx5-chinese-addons-5.1.12-x86_64-1.txz: Upgraded. x/fcitx5-gtk-5.1.6-x86_64-1.txz: Upgraded. x/fcitx5-hangul-5.1.9-x86_64-1.txz: Upgraded. x/fcitx5-kkc-5.1.10-x86_64-1.txz: Upgraded. x/fcitx5-m17n-5.1.6-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.13-x86_64-1.txz: Upgraded. x/fcitx5-sayura-5.1.6-x86_64-1.txz: Upgraded. x/fcitx5-table-extra-5.1.11-x86_64-1.txz: Upgraded. x/fcitx5-table-other-5.1.6-x86_64-1.txz: Upgraded. x/fcitx5-unikey-5.1.10-x86_64-1.txz: Upgraded. x/libime-1.1.14-x86_64-1.txz: Upgraded. xap/gparted-1.8.1-x86_64-1.txz: Upgraded. testing/packages/ffmpeg-8.1-x86_64-1.txz: Upgraded. 20260318232304 Patrick J Volkerding2026-03-1941-9967/+10101
* Tue Mar 17 23:53:28 UTC 2026•••Happy Saint Patrick's Day folks! :-) a/sysvinit-scripts-15.1-noarch-36.txz: Rebuilt. ap/ghostscript-10.07.0-x86_64-1.txz: Upgraded. ap/qemu-10.2.1-x86_64-1.txz: Added. Thanks to alienBOB. ap/qemu-guest-agent-10.2.1-x86_64-1.txz: Added. Thanks to alienBOB. d/ruby-4.0.2-x86_64-1.txz: Upgraded. l/adwaita-icon-theme-50.0-noarch-1.txz: Upgraded. l/dtc-1.7.2-x86_64-1.txz: Added. Needed by qemu-10.2.1. Thanks to alienBOB. l/gspell-1.14.3-x86_64-1.txz: Upgraded. l/libgsf-1.14.56-x86_64-1.txz: Upgraded. l/vde2-2.3.3-x86_64-1.txz: Added. Needed by qemu-10.2.1. Thanks to alienBOB. x/virglrenderer-1.3.0-x86_64-1.txz: Added. Needed by qemu-10.2.1. Thanks to alienBOB. 20260317235328 Patrick J Volkerding2026-03-1839-9906/+11479
* Mon Mar 16 21:55:57 UTC 2026•••a/mdadm-4.6-x86_64-1.txz: Upgraded. a/ndctl-84-x86_64-1.txz: Upgraded. l/glib2-2.88.0-x86_64-1.txz: Upgraded. l/gnome-keyring-50.0-x86_64-1.txz: Upgraded. l/imagemagick-7.1.2_17-x86_64-1.txz: Upgraded. l/librsvg-2.62.0-x86_64-1.txz: Upgraded. l/openexr-3.4.7-x86_64-1.txz: Upgraded. l/pipewire-1.6.2-x86_64-1.txz: Upgraded. l/unicode-ucd-17.0.0-noarch-1.txz: Upgraded. Revert to unicode-ucd-17.0.0 for now. n/dhcpcd-10.3.1-x86_64-1.txz: Upgraded. xap/gucharmap-17.0.2-x86_64-1.txz: Upgraded. 20260316215557 Patrick J Volkerding2026-03-168-92/+128
* Sun Mar 15 21:11:26 UTC 2026•••a/plzip-1.13-x86_64-1.txz: Upgraded. d/meson-1.10.2-x86_64-1.txz: Upgraded. l/fast_float-8.2.4-x86_64-1.txz: Added. Needed by vte-0.84.0. l/gsettings-desktop-schemas-50.0-x86_64-1.txz: Upgraded. l/neon-0.37.1-x86_64-1.txz: Upgraded. l/simdutf-8.2.0-x86_64-1.txz: Added. Needed by vte-0.84.0. l/vte-0.84.0-x86_64-1.txz: Upgraded. x/labwc-0.9.6-x86_64-1.txz: Upgraded. 20260315211126 Patrick J Volkerding2026-03-1517-105/+435
* Sat Mar 14 21:23:17 UTC 2026•••ap/groff-1.24.1-x86_64-1.txz: Upgraded. l/at-spi2-core-2.60.0-x86_64-1.txz: Upgraded. l/gjs-1.88.0-x86_64-1.txz: Upgraded. x/libpciaccess-0.19-x86_64-1.txz: Upgraded. x/mypaint-brushes-2.0.2-noarch-1.txz: Upgraded. xap/gimp-3.2.0-x86_64-1.txz: Upgraded. 20260314212317 Patrick J Volkerding2026-03-148-122/+396
generated by cgit v1.2.3-87-g23bc (git 2.50.0) at 2026-04-15 19:54:16 +0000