Slackwarearm-current ChangeLog (2021-08-20)

Fri Aug 20 08:08:08 UTC 2021


The mini root filesystem has been updated:
ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-devtools/minirootfs/
Added package ap/nvme-cli
  • a/aaa_glibc-solibs-2.33-arm-3.txz
  • d/libtool-2.4.6-arm-19.txz
    Recompiled to update embedded GCC version number.
  • l/cryfs-0.10.3-arm-3.txz
    Patched for gcc11 and recompiled against boost-1.77.0.
  • l/glibc-2.33-arm-3.txz
    Since glibc-2.34 makes a potentially risky change of moving all functions
    into the main library, and another inconvenient (for us) change of renaming
    the library files, we'll stick with glibc-2.33 for Slackware 15.0 and test
    the newer glibc in the next release cycle. But we'll backport the security
    fixes from glibc-2.34 with this update:
    The nameserver caching daemon (nscd), when processing a request for netgroup
    lookup, may crash due to a double-free, potentially resulting in degraded
    service or Denial of Service on the local system. Reported by Chris Schanzle.
    The mq_notify function has a potential use-after-free issue when using a
    notification type of SIGEV_THREAD and a thread attribute with a non-default
    affinity mask.
    The wordexp function may overflow the positional parameter number when
    processing the expansion resulting in a crash. Reported by Philippe Antoine.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942
    (* Security fix *)
    In librt, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain
    NOTIFY_REMOVED data, leading to a NULL pointer dereference.
    NOTE: this vulnerability was introduced as a side effect of the
    CVE-2021-33574 fix.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38604
    (* Security fix *)
  • l/glibc-i18n-2.33-arm-3.txz
  • l/glibc-profile-2.33-arm-3.txz
  • l/ocl-icd-2.3.0-arm-2.txz
    Patched to support the latest Khronos headers.
  • l/openexr-2.5.7-arm-2.txz
    Recompiled against boost-1.77.0.
  • l/pulseaudio-15.0-arm-2.txz
    Ensure that start-pulseaudio-x11 is generated properly when pulseaudio is
    built using meson. Thanks to davjohn.
  • l/qt5-5.15.2-arm-2.txz
    Patched to compile with gcc11 (such as adding #include <limits> to some of
    the header files shipped in the package).
  • n/php-7.4.22-arm-2.txz
    Recompiled against tidy-html5-5.8.0.
  • x/vulkan-sdk-1.2.176.1-arm-2.txz
  • isolinux/*
  • a/grep-3.7-arm-1.txz
  • a/kernel-firmware-20210818_c46b8c3-noarch-1.txz
  • a/kernel-modules-armv7-5.13.11_armv7-arm-1.txz
  • a/kernel_armv7-5.13.11-arm-1.txz
  • a/libgudev-237-arm-1.txz
  • a/lvm2-2.03.13-arm-1.txz
  • a/udisks2-2.9.3-arm-1.txz
  • a/usbutils-014-arm-1.txz
  • a/util-linux-2.37.2-arm-1.txz
  • ap/linuxdoc-tools-0.9.82-arm-1.txz
  • ap/mariadb-10.5.12-arm-1.txz
    Looks like we're still hitting a few regressions in the 10.6 branch. The
    most obvious one where the version reported by MariaDB is the library
    version rather than the server version (as previously reported) could be
    reverted, but this could lead to future problems as fixes for this
    change land in other projects. It seems that the safest approach at this
    time is to switch back to the most recent release from the 10.5 branch
    and keep an eye on the situation.
    Thanks to richarson and Heinz Wiesinger.
  • ap/mc-4.8.27-arm-1.txz
  • ap/nvme-cli-1.15-arm-1.txz
  • ap/pamixer-1.4-arm-1.txz
    Recompiled against boost-1.77.0.
  • ap/slackpkg-15.0.7-noarch-1.txz
    Allow “slackpkg help” to work after slackpkg is upgraded (JK Wood).
    Thanks to Robby Workman.
  • ap/squashfs-tools-4.5-arm-1.txz
  • ap/vim-8.2.3352-arm-1.txz
  • d/gcc-11.2.0-arm-1.txz
  • d/gcc-g++-11.2.0-arm-1.txz
  • d/gcc-gdc-11.2.0-arm-1.txz
  • d/gcc-gfortran-11.2.0-arm-1.txz
  • d/gcc-gnat-11.2.0-arm-1.txz
  • d/gcc-go-11.2.0-arm-1.txz
  • d/gcc-objc-11.2.0-arm-1.txz
  • d/git-2.33.0-arm-1.txz
  • d/help2man-1.48.4-arm-1.txz
  • d/kernel-headers-5.13.11-arm-1.txz
  • d/meson-0.58.2-arm-1.txz
  • d/parallel-20210722-noarch-1.txz
  • d/patchelf-0.13-arm-1.txz
  • d/python-pip-21.2.4-arm-1.txz
  • d/slacktrack-2.21-arm-1.txz
  • d/vala-0.52.5-arm-1.txz
  • k/kernel-source-5.13.11-arm-1.txz
  • l/SDL2-2.0.16-arm-1.txz
  • l/atkmm-2.28.2-arm-1.txz
  • l/boost-1.77.0-arm-1.txz
    Shared library .so-version bump.
  • l/enchant-2.3.1-arm-1.txz
  • l/gexiv2-0.12.3-arm-1.txz
  • l/gjs-1.68.3-arm-1.txz
  • l/glib-networking-2.68.2-arm-1.txz
  • l/gtkmm3-3.24.5-arm-1.txz
  • l/libcap-2.53-arm-1.txz
  • l/libjpeg-turbo-2.1.1-arm-1.txz
  • l/libqalculate-3.20.1-arm-1.txz
    Shared library .so-version bump.
  • l/libwebp-1.2.1-arm-1.txz
  • l/mlt-7.0.1-arm-1.txz
    Shared library .so-version bump.
  • l/mozilla-nss-3.69-arm-1.txz
  • l/mozjs78-78.13.0esr-arm-1.txz
  • l/netpbm-10.95.01-arm-1.txz
  • l/pango-1.48.8-arm-1.txz
  • l/pcaudiolib-1.2-arm-1.txz
  • l/pipewire-0.3.33-arm-1.txz
  • l/python-pygments-2.10.0-arm-1.txz
  • l/python-pysol_cards-0.10.2-arm-1.txz
  • l/python2-module-collection-2.7.18-arm-1.txz
    Added dbus-python-1.2.16.
  • l/tidy-html5-5.8.0-arm-1.txz
    Shared library .so-version bump.
  • n/ModemManager-1.16.10-arm-1.txz
  • n/NetworkManager-1.32.8-arm-1.txz
  • n/bind-9.16.20-arm-1.txz
    This update fixes bugs and the following security issue:
    An assertion failure occurred when named attempted to send a UDP packet that
    exceeded the MTU size, if Response Rate Limiting (RRL) was enabled.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25218
    (* Security fix *)
  • n/c-ares-1.17.2-arm-1.txz
    This update fixes a security issue:
    Missing input validation on hostnames returned by DNS servers.
    For more information, see:
    https://c-ares.haxx.se/adv_20210810.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672
    (* Security fix *)
  • n/dhcpcd-9.4.0-arm-1.txz
  • n/dovecot-2.3.16-arm-1.txz
  • n/fetchmail-6.4.21-arm-1.txz
  • n/ipset-7.15-arm-1.txz
  • n/libqmi-1.30.0-arm-1.txz
  • n/mobile-broadband-provider-info-20210805-arm-1.txz
  • n/nmap-7.92-arm-1.txz
  • n/stunnel-5.60-arm-1.txz
  • x/ibus-m17n-1.4.7-arm-1.txz
  • x/libepoxy-1.5.9-arm-1.txz
  • x/mesa-21.1.7-arm-1.txz
  • x/xrdb-1.2.1-arm-1.txz
  • xap/blackbox-0.77-arm-1.txz
  • xap/blueman-2.2.2-arm-1.txz
  • xap/network-manager-applet-1.22.0-arm-1.txz
  • xap/vim-gvim-8.2.3352-arm-1.txz
  • kernels/*
  • l/gtk4-4.2.1-arm-1.txz
  • l/liburing-2.0-arm-1.txz
    This is needed by mariadb, and provides increased performance on high speed
    devices such as NVMe.
  • n/openresolv-3.12.0-arm-1.txz
    This is needed for wg-quick in the wireguard-tools package.
    Thanks to synbq Bucharest, Jeremy Hansen, and Daniel Wilkins.
  • news/2021/08/20/slackwarearm-current-changelog.txt
  • Last modified: 6 weeks ago
  • by Giuseppe Di Terlizzi