From c29dcfa2dd2e7467ea3b6b757880348884d8790d Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Fri, 3 Dec 2021 20:07:20 +0000
Subject: Fri Dec  3 20:07:20 UTC 2021

ap/rpm-4.16.1.3-x86_64-4.txz:  Rebuilt.
  Patched to handle non-compliant RPMs created by install4j. Thanks to alienBOB.
d/poke-1.4-x86_64-1.txz:  Upgraded.
l/enchant-2.3.2-x86_64-1.txz:  Upgraded.
l/freetype-2.11.1-x86_64-1.txz:  Upgraded.
l/glib2-2.70.2-x86_64-1.txz:  Upgraded.
n/lynx-2.9.0dev.10-x86_64-1.txz:  Upgraded.
extra/php8/php8-8.1.0-x86_64-1.txz:  Removed.
extra/php80/php80-8.0.13-x86_64-1.txz:  Added.
extra/php81/php81-8.1.0-x86_64-1.txz:  Added.
---
 ChangeLog.txt | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'ChangeLog.txt')

diff --git a/ChangeLog.txt b/ChangeLog.txt
index e4da27e68..fee49f098 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,7 +1,34 @@
+Fri Dec  3 20:07:20 UTC 2021
+ap/rpm-4.16.1.3-x86_64-4.txz:  Rebuilt.
+  Patched to handle non-compliant RPMs created by install4j. Thanks to alienBOB.
+d/poke-1.4-x86_64-1.txz:  Upgraded.
+l/enchant-2.3.2-x86_64-1.txz:  Upgraded.
+l/freetype-2.11.1-x86_64-1.txz:  Upgraded.
+l/glib2-2.70.2-x86_64-1.txz:  Upgraded.
+n/lynx-2.9.0dev.10-x86_64-1.txz:  Upgraded.
+extra/php8/php8-8.1.0-x86_64-1.txz:  Removed.
+extra/php80/php80-8.0.13-x86_64-1.txz:  Added.
+extra/php81/php81-8.1.0-x86_64-1.txz:  Added.
++--------------------------+
 Thu Dec  2 19:14:20 UTC 2021
 d/strace-5.15-x86_64-1.txz:  Upgraded.
 l/mozilla-nss-3.73-x86_64-1.txz:  Upgraded.
   Everything linked to NSS/NSPR was rebuild tested here.
+  This update fixes a critical security issue:
+  NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are
+  vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS
+  signatures. Applications using NSS for handling signatures encoded within
+  CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications
+  using NSS for certificate validation or other TLS, X.509, OCSP or CRL
+  functionality may be impacted, depending on how they configure NSS.
+  Note: This vulnerability does NOT impact Mozilla Firefox. However, email
+  clients and PDF viewers that use NSS for signature verification, such as
+  Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted.
+  Thanks to Tavis Ormandy of Google Project Zero.
+  For more information, see:
+    https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527
+  (* Security fix *)
 l/qt5-5.15.3_20211130_014c375b-x86_64-1.txz:  Upgraded.
 +--------------------------+
 Wed Dec  1 19:44:13 UTC 2021
-- 
cgit v1.2.3