a/kernel-modules-armv7-4.11.11_armv7-arm-1.txz

a/kernel_armv7-4.11.11-arm-1.txz

a/openssl-solibs-1.0.2l-arm-1.txz

a/util-linux-2.30.1-arm-1.txz

ap/gutenprint-5.2.13-arm-1.txz

d/cmake-3.9.0-arm-1.txz

d/kernel-headers-4.11.11-arm-1.txz

k/kernel-source-4.11.11-arm-1.txz

kde/kdelibs-4.14.34-arm-1.txz

l/exiv2-0.26-arm-1.txz
Shared library .so-version bump.

l/expat-2.2.2-arm-1.txz
Fixes security issues including:
External entity infinite loop DoS
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
https://libexpat.github.io/doc/cve-2017-9233/
(* Security fix *)

l/gd-2.2.4-arm-1.txz
Linked against libwebp-0.6.0.
Fixes security issues:
gdImageCreate() doesn't check for oversized images and as such is prone to
DoS vulnerabilities. (CVE-2016-9317)
double-free in gdImageWebPtr() (CVE-2016-6912)
potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
Signed Integer Overflow gd_io.c (CVE-2016-10168)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168
(* Security fix *)

l/gdk-pixbuf2-2.36.7-arm-1.txz

l/gtk+3-3.22.17-arm-1.txz

l/harfbuzz-1.4.7-arm-1.txz

l/imagemagick-6.9.9_0-arm-1.txz
Linked against libwebp-0.6.0.
Shared library .so-version bump.

l/lcms2-2.8-arm-1.txz

l/libpng-1.6.30-arm-1.txz

l/librsvg-2.40.18-arm-1.txz

l/orc-0.4.27-arm-1.txz

l/pango-1.40.7-arm-1.txz

n/bluez-5.46-arm-1.txz

n/libgcrypt-1.8.0-arm-1.txz

n/libtirpc-1.0.2-arm-1.txz

n/openssl-1.0.2l-arm-1.txz

n/stunnel-5.42-arm-1.txz

x/libinput-1.8.1-arm-1.txz

xap/xlockmore-5.54-arm-1.txz
Linked against imagemagick-6.9.9-0.

xfce/xfce4-terminal-0.8.6-arm-1.txz

kernels/*

a/mkinitrd-1.4.11-arm-4.txz
Support btrfs and ocfs2 volume ids in busybox. Thanks to bam80.
Handle rootflags in init script. Thanks to davjohn.

e/emacs-25.2-arm-2.txz
Linked against imagemagick-6.9.9-0.

kde/calligra-2.9.11-arm-10.txz
Linked against exiv2-0.26.

kde/gwenview-4.14.3-arm-3.txz
Linked against exiv2-0.26.

kde/kfilemetadata-4.14.3-arm-2.txz
Linked against exiv2-0.26.

kde/libkexiv2-4.14.3-arm-2.txz
Linked against exiv2-0.26.

kde/nepomuk-core-4.14.3-arm-2.txz
Linked against exiv2-0.26.

l/SDL2_image-2.0.1-arm-2.txz
Linked against libwebp-0.6.0.

l/ffmpeg-3.3.2-arm-2.txz
Linked against libwebp-0.6.0.

l/strigi-0.7.8-arm-2.txz
Linked against exiv2-0.26.

l/virtuoso-ose-6.1.8-arm-4.txz
Linked against imagemagick-6.9.9-0.

n/nfs-utils-1.3.4-arm-2.txz
Added /etc/default/nfs config file for setting additional options.
Thanks to shasta and Robby Workman.

n/openssh-7.5p1-arm-2.txz
Added /etc/default/sshd config file for setting additional options.
Thanks to shasta and Robby Workman.

n/rpcbind-0.2.4-arm-2.txz
Fixed a bug in a previous patch where a svc_freeargs() call ended up freeing
a static pointer causing rpcbind to crash. Thanks to Jonathan Woithe,
Rafael Jorge Csura Szendrodi, and Robby Workman for identifying the problem
and helping to test a fix.
Added /etc/default/rpc config file (useful for setting static port
assignments). Thanks to shasta and Robby Workman.

n/yptools-2.14-arm-2.txz
Added /etc/default/yp config file for setting additional options.
Thanks to shasta and Robby Workman.

xap/geeqie-1.3-arm-2.txz
Linked against exiv2-0.26.

xap/xine-lib-1.2.8-arm-2.txz
Linked against imagemagick-6.9.9-0.

isolinux/*

l/libwebp-0.6.0-arm-1.txz
Thanks to powtrix.