Slackwarearm-current ChangeLog (2020-04-08)
Wed Apr 08 08:08:08 UTC 2020
The mini root filesystem has been updated:
ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-devtools/minirootfs/slack-current-miniroot_05Apr20.tar.xz
Packages
Upgraded
- a/dialog-1.3_20200327-arm-1.txz
- a/hwdata-0.334-arm-1.txz
- a/kernel-modules-armv7-5.4.30_armv7-arm-1.txz
- a/kernel_armv7-5.4.30-arm-1.txz
- a/lvm2-2.03.09-arm-1.txz
- a/openssl-solibs-1.1.1f-arm-1.txz
- ap/nano-4.9.1-arm-1.txz
- ap/sc-im-20200210_862c273-arm-1.txz
Switched to pulling from git to fix various crashes. - ap/vim-8.2.0521-arm-1.txz
- d/Cython-0.29.16-arm-1.txz
- d/bison-3.5.4-arm-1.txz
- d/ccache-3.7.9-arm-1.txz
- d/guile-3.0.2-arm-1.txz
- d/kernel-headers-5.4.30-arm-1.txz
- d/llvm-10.0.0-arm-1.txz
Shared library .so-version bump.
Ensure that lit-cpuid is built and installed. Thanks to jkh2cpu. - d/mercurial-5.3.2-arm-1.txz
- d/meson-0.54.0-arm-1.txz
- d/ruby-2.7.1-arm-1.txz
This update fixes security issues:
Unsafe Object Creation Vulnerability in JSON (Additional fix).
Heap exposure vulnerability in the socket library.
For more information, see:
https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10933
(* Security fix *) - d/vala-0.48.3-arm-1.txz
- k/kernel-source-5.4.30-arm-1.txz
- l/atk-2.36.0-arm-1.txz
- l/elfutils-0.179-arm-1.txz
- l/glib-networking-2.64.1-arm-1.txz
- l/gobject-introspection-1.64.1-arm-1.txz
- l/graphite2-1.3.14-arm-1.txz
- l/gtk+3-3.24.17-arm-1.txz
- l/gvfs-1.44.1-arm-1.txz
- l/imagemagick-7.0.10_5-arm-1.txz
- l/libdvdread-6.1.1-arm-1.txz
Shared library .so-version bump. - l/libgsf-1.14.47-arm-1.txz
- l/librsvg-2.48.2-arm-1.txz
- l/libunwind-1.4.0-arm-1.txz
- l/neon-0.31.0-arm-1.txz
- l/netpbm-10.90.00-arm-1.txz
- l/utf8proc-2.5.0-arm-1.txz
- l/vte-0.60.1-arm-1.txz
- n/conntrack-tools-1.4.6-arm-1.txz
- n/dhcpcd-8.1.7-arm-1.txz
- n/fetchmail-6.4.3-arm-1.txz
- n/gnutls-3.6.13-arm-1.txz
This update fixes a security issue:
libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support),
since 3.6.3. The DTLS client would not contribute any randomness to the
DTLS negotiation, breaking the security guarantees of the DTLS protocol.
[GNUTLS-SA-2020-03-31, CVSS: high]
(* Security fix *) - n/httpd-2.4.43-arm-1.txz
- n/iproute2-5.6.0-arm-1.txz
- n/libnetfilter_conntrack-1.0.8-arm-1.txz
- n/libnftnl-1.1.6-arm-1.txz
- n/mutt-1.13.5-arm-1.txz
- n/nftables-0.9.4-arm-1.txz
- n/openssl-1.1.1f-arm-1.txz
- tcl/tclx-8.4.4-arm-1.txz
- x/compiz-0.8.18-arm-1.txz
- x/glew-2.2.0-arm-1.txz
Shared library .so-version bump. - x/libdrm-2.4.101-arm-1.txz
- x/libva-2.7.0-arm-1.txz
- x/libva-utils-2.7.1-arm-1.txz
- x/libwacom-1.3-arm-1.txz
- x/mesa-20.0.4-arm-1.txz
Recompiled against glew-2.2.0.
Recompiled against llvm-10.0.0. - x/xorg-server-1.20.8-arm-1.txz
- x/xorg-server-xephyr-1.20.8-arm-1.txz
- x/xorg-server-xnest-1.20.8-arm-1.txz
- x/xorg-server-xvfb-1.20.8-arm-1.txz
- x/xorg-server-xwayland-1.20.8-arm-1.txz
- xap/MPlayer-1.3_20200103-arm-1.txz
Recompiled against libdvdread-6.1.1. - xap/audacious-4.0.1-arm-1.txz
Also support GTK+ interface, including a .desktop file for it. - xap/audacious-plugins-4.0.1-arm-1.txz
Rebuilt with –enable-gtk. - xap/mozilla-firefox-68.6.1esr-arm-1.txz
This release contains critical security fixes and improvements.
“Under certain conditions, when running the nsDocShell destructor, a race
condition can cause a use-after-free. We are aware of targeted attacks in
the wild abusing this flaw.”
“Under certain conditions, when handling a ReadableStream, a race condition
can cause a use-after-free. We are aware of targeted attacks in the wild
abusing this flaw.”
For more information, see:
https://www.mozilla.org/en-US/firefox/68.6.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6820
(* Security fix *) - xap/vim-gvim-8.2.0521-arm-1.txz
- xap/windowmaker-0.95.9-arm-1.txz
- xfce/thunar-1.8.14-arm-1.txz
- extra/brltty/brltty-6.1-arm-1.txz
- kernels/*
Rebuilt
- a/e2fsprogs-1.45.6-arm-2.txz
Fixed RELEASE-NOTES dangling symlink. - a/pkgtools-15.0-noarch-23.txz
removepkg: add –skip-douninst option to skip running the uninstall script.
Support an uninstall script. See removepkg(8).
Save removed douninst.sh in /var/log/pkgtools/removed_uninstall_scripts.
installpkg: handle the uninstall script packaged as /install/douninst.sh. - ap/groff-1.22.4-arm-3.txz
Fixed docdir. Thanks to Xsane. - ap/lsof-4.93.2-arm-3.txz
Fixed the manpage. Thanks to kaott. - d/gcc-9.3.0-arm-2.txz
- d/gcc-g++-9.3.0-arm-2.txz
- d/gcc-gdc-9.3.0-arm-2.txz
- d/gcc-gfortran-9.3.0-arm-2.txz
Patched a compiler bug concerning assumed-shape vs. deferred-shape arrays.
Thanks to Lockywolf. - d/gcc-gnat-9.3.0-arm-2.txz
- d/gcc-go-9.3.0-arm-2.txz
- d/gcc-objc-9.3.0-arm-2.txz
- d/rust-1.42.0-arm-2.txz
Recompiled against llvm-10.0.0. - d/scons-3.1.2-arm-3.txz
Fixed shebangs for python3, removed useless .bat files.
Thanks to teeemcee and ponce. - kde/calligra-2.9.11-arm-33.txz
Recompiled against glew-2.2.0.
The libGLEW.so.2.2 .soname (rather than libGLEW.so.2) gets me every time.
Thanks to marrowsuck for the bug report. - kde/k3b-2.0.3-arm-5.txz
Recompiled against libdvdread-6.1.1. - l/libdvdnav-6.1.0-arm-2.txz
Recompiled against libdvdread-6.1.1. - l/qt5-5.13.2-arm-2.txz
Recompiled against llvm-10.0.0. - n/nfs-utils-2.4.3-arm-2.txz
Rebuilt with –with-pluginpath=/usr/lib${LIBDIRSUFFIX}/libnfsidmap.
Thanks to lecho. - x/xf86-video-armsoc-1.4.1-arm-24.txz
- x/xf86-video-armsoc_omap5-1.ca78c01-arm-10.txz
- x/xf86-video-fbdev-116.4730f13-arm-4.txz
- x/xf86-video-fbturbo-199.f9a6ed7-arm-25.txz
- x/xf86-video-opentegra-0.7.0-arm-22.txz
- xap/network-manager-applet-1.16.0-arm-2.txz
Rebuilt using meson. Thanks to bassmadrigal. - xap/xine-lib-1.2.10-arm-2.txz
Recompiled against libdvdread-6.1.1. - isolinux/*
Added
- ap/sc-7.16-arm-1.txz
Brought back the classic SC. Thanks to dive.