Slackware-current ChangeLog (2016-03-03)
Thu Mar 3 20:05:41 UTC 2016
Packages
Rebuilt
- ap/mariadb-10.0.24-i586-2.txz
Recompiled with patched binutils. - d/binutils-2.26-i586-2.txz
Applied upstream patches for several bugs, including:
PR ld/19698
* elflink.c (bfd_elf_record_link_assignment): Set versioned if
symbol version is unknown.
Which was causing MariaDB to fail to start properly for Akonadi. - d/python-2.7.11-i586-2.txz
Recompiled to drop support for OpenSSL SSLv2.
Thanks to Matteo Bernardini.
Thu Mar 3 05:41:26 UTC 2016
Packages
Rebuilt
- a/sysvinit-scripts-2.0-noarch-30.txz
rc.M: Start D-Bus and NetworkManager right after rc.inet1. - ap/ksh93-2012_08_01-i586-2.txz
Removed broken locale files. Thanks to Didier Spaier. - l/qt-4.8.7-i586-4.txz
Recompiled to drop support for OpenSSL SSLv2. - n/curl-7.47.1-i586-2.txz
Recompiled to drop support for OpenSSL SSLv2. - n/fetchmail-6.3.26-i586-2.txz
Recompiled to drop support for OpenSSL SSLv2. - n/links-2.12-i586-2.txz
Recompiled to drop support for OpenSSL SSLv2. - n/mailx-12.5-i586-2.txz
Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues
that could allow a local attacker to cause mailx to execute arbitrary
shell commands through the use of a specially-crafted email address.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
(* Security fix *) - n/stunnel-5.30-i586-2.txz
Allow OpenSSL to use the default key size for DH in generate-stunnel-key.sh.
Thanks to Markus Reichelt. - n/wget-1.17.1-i586-2.txz
Recompiled to drop support for OpenSSL SSLv2. - isolinux/initrd.img
Another attempt to get /sbin/probe to reliably handle nvme partitions.
Thanks to w9cf and Grant Coady. - usb-and-pxe-installers/usbboot.img
Another attempt to get /sbin/probe to reliably handle nvme partitions.
Thanks to w9cf and Grant Coady.
Upgraded
- d/ruby-2.2.4-i586-1.txz
l/libssh2-1.7.0-i586-1.txz: Moved.
Moved from N → L series to be consistent with libssh. - n/openssl-1.0.2g-i586-1.txz
This update fixes the following security issues:
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Double-free in DSA code (CVE-2016-0705)
Memory leak in SRP database lookups (CVE-2016-0798)
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
Fix memory issues in BIO_*printf functions (CVE-2016-0799)
Side channel attack on modular exponentiation (CVE-2016-0702)
Note that this package drops all support for SSLv2, which breaks the ABI for
any binaries that make use of SSLv2_client_method.
For more information, see:
https://www.openssl.org/news/secadv/20160301.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
(* Security fix *) - n/php-5.6.18-i586-1.txz
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.18
(* Security fix *)