Slackwarearm-current ChangeLog (2019-04-20)

Sat Apr 20 08:07:06 GMT 2019

  • a/gawk-5.0.0-arm-1.txz
  • ap/ksh93-20190416_7d7bba3e-arm-1.txz
  • ap/nano-4.1-arm-1.txz
  • ap/sqlite-3.28.0-arm-1.txz
  • ap/sysstat-12.1.4-arm-1.txz
  • ap/vim-8.1.1157-arm-1.txz
  • d/Cython-0.29.7-arm-1.txz
  • d/cmake-3.14.2-arm-1.txz
  • d/meson-0.50.1-arm-1.txz
  • d/ruby-2.6.3-arm-1.txz
  • d/rust-1.34.0-arm-1.txz
  • e/emacs-26.2-arm-1.txz
  • l/Mako-1.0.9-arm-1.txz
  • l/boost-1.70.0-arm-1.txz
    Shared library .so-version bump.
    Note: Boost now provides its own BoostConfig.cmake config file, and it may
    not work with all existing code (here, calligra stumbled over it). At this
    point it's not clear if the included cmake config files are buggy, or if
    affected projects need to change something in order to use them, but there's
    an easy workaround to use cmake's FindBoost.cmake (as was used previously).
    Add this to the call to cmake from any affected project (if cmake fails with
    an error: “No suitable build variant has been found.”):
    -DBoost_NO_BOOST_CMAKE=ON
  • l/glib2-2.60.1-arm-1.txz
  • l/gtk+3-3.24.8-arm-1.txz
  • l/icu4c-64.2-arm-1.txz
  • l/imagemagick-6.9.10_40-arm-1.txz
  • l/libcap-2.27-arm-1.txz
  • l/libcdio-2.1.0-arm-1.txz
    Shared library .so-version bump.
  • l/libpng-1.6.37-arm-1.txz
    This update fixes security issues:
    Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
    Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
    Fixed a memory leak in pngtest.c.
    Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
    contrib/pngminus; refactor.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317
    (* Security fix *)
  • l/libpsl-0.21.0-arm-1.txz
  • l/opus-1.3.1-arm-1.txz
  • l/orc-0.4.29-arm-1.txz
  • l/pcre2-10.33-arm-1.txz
  • l/pyparsing-2.4.0-arm-1.txz
  • l/zstd-1.4.0-arm-1.txz
  • n/dhcpcd-7.2.0-arm-1.txz
  • n/dovecot-2.3.5.2-arm-1.txz
    This update fixes a security issue:
    Trying to login with 8bit username containing invalid UTF8 input causes
    auth process to crash if auth policy is enabled. This could be used rather
    easily to cause a DoS. Similar crash also happens during mail delivery
    when using invalid UTF8 in From or Subject header when OX push
    notification driver is used.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
    (* Security fix *)
  • n/libmbim-1.18.2-arm-1.txz
  • n/libqmi-1.22.4-arm-1.txz
  • n/nghttp2-1.38.0-arm-1.txz
  • n/openssh-8.0p1-arm-1.txz
    This release contains a mitigation for a weakness in the scp(1) tool
    and protocol (CVE-2019-6111): when copying files from a remote system
    to a local directory, scp(1) did not verify that the filenames that
    the server sent matched those requested by the client. This could
    allow a hostile server to create or clobber unexpected local files
    with attacker-controlled content.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
    (* Security fix *)
  • n/stunnel-5.53-arm-1.txz
  • x/libwacom-0.33-arm-1.txz
  • x/mesa-19.0.2-arm-1.txz
  • xap/MPlayer-1.3_20190418-arm-1.txz
    Compiled against libcdio-2.1.0.
  • xap/vim-gvim-8.1.1157-arm-1.txz
  • ap/pamixer-1.4-arm-2.txz
    Recompiled against boost-1.70.0.
  • kde/calligra-2.9.11-arm-28.txz
    Recompiled against boost-1.70.0.
  • l/akonadi-1.13.0-arm-12.txz
    Recompiled against boost-1.70.0.
  • l/giflib-5.1.9-arm-2.txz
    Restore GifQuantizeBuffer and other deprecated functions to the shared
    library. Thanks to Skaendo.
  • l/gvfs-1.40.1-arm-2.txz
    Recompiled against libcdio-2.1.0.
  • l/libcddb-1.3.2-arm-4.txz
    Recompiled against libcdio-2.1.0.
  • l/libcdio-paranoia-10.2+2.0.0-arm-2.txz
    Recompiled against libcdio-2.1.0.
  • n/nfs-utils-2.3.3-arm-3.txz
    rc.nfsd: don't try to create the nfsv4recoverydir - the build script will
    determine the directory to use and include it in the package.
    rc.nfsd: drop 2.4 kernel support, and use better code for mounting the nfsd
    filesystem.
    Thanks to shasta.
  • xap/audacious-plugins-3.10.1-arm-2.txz
    Recompiled against libcdio-2.1.0.
  • news/2019/04/20/slackwarearm-current-changelog.txt
  • Last modified: 16 months ago
  • by Giuseppe Di Terlizzi