Slackwarearm-current ChangeLog (2016-02-11)
Thu Feb 11 01:01:01 UTC 2016
This is Slackware ARM v14.2, beta 2.
The mini root filesystem for -current has also been updated:
ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-devtools/minirootfs/
Packages
Upgraded
- a/coreutils-8.25-arm-1.txz
- a/glibc-zoneinfo-2016a-arm-1.txz
- a/kernel-firmware-20160205git-noarch-1.txz
- a/openssl-solibs-1.0.2f-arm-1.txz
- ap/cups-2.1.3-arm-1.txz
- ap/dmidecode-3.0-arm-1.txz
- ap/hplip-3.16.2-arm-1.txz
- ap/soma-2.10.4-noarch-1.txz
- d/binutils-2.26-arm-1.txz
- d/cmake-3.4.3-arm-1.txz
- d/mercurial-3.6.3-arm-1.txz
- d/oprofile-1.1.0-arm-1.txz
- d/python-setuptools-19.6-arm-1.txz
- l/freetype-2.6.3-arm-1.txz
- l/gst-plugins-base-1.6.3-arm-1.txz
- l/gst-plugins-good-1.6.3-arm-1.txz
- l/gstreamer-1.6.3-arm-1.txz
- l/gtk+3-3.18.7-arm-1.txz
- l/harfbuzz-1.1.3-arm-1.txz
- l/librsvg-2.40.13-arm-1.txz
- l/libsndfile-1.0.26-arm-1.txz
This release fixes security issues which may allow attackers to cause
a denial of service, or possibly execute arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7805
(* Security fix *) - l/loudmouth-1.5.1-arm-1.txz
- l/pulseaudio-8.0-arm-1.txz
Set “flat-volumes = no” in daemon.conf.new by default. - n/curl-7.47.1-arm-1.txz
This update fixes a security issue where NTLM credentials are not checked
for proxy connection reuse. The effects of this flaw is that the application
could be reusing a proxy connection using the previously used credentials
and thus it could be given to or prevented access from resources that it
wasn't intended to. Thanks to Isaac Boukris.
For more information, see:
https://curl.haxx.se/docs/adv_20160127A.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755
(* Security fix *) - n/mcabber-1.0.1-arm-1.txz
- n/openssl-1.0.2f-arm-1.txz
This update fixes the following security issues:
DH small subgroups (CVE-2016-0701).
SSLv2 doesn't block disabled ciphers (CVE-2015-3197).
For more information, see:
https://openssl.org/news/secadv/20160128.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701
(* Security fix *) - n/php-5.6.17-arm-1.txz
This release fixes security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903
(* Security fix *) - n/proftpd-1.3.5a-arm-1.txz
- n/stunnel-5.30-arm-1.txz
- n/traceroute-2.0.21-arm-1.txz
- x/xterm-322-arm-1.txz
- xap/MPlayer-20160125-arm-1.txz
This is the latest MPlayer-1.2 branch, identical to the 1.2.1 stable release.
The bundled ffmpeg has been upgraded to 2.8.5, which fixes two security
issues by which a remote attacker may conduct a cross-origin attack and read
arbitrary files on the system.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1898
(* Security fix *) - xap/pidgin-2.10.12-arm-1.txz
- extra/wicd/wicd-1.7.4-arm-1.txz
Rebuilt
- a/mkinitrd-1.4.8-arm-4.txz
Blacklisted rules.d/60-openobex.rules to prevent error messages at boot.
Thanks to Eric Hameleers. - a/sysvinit-scripts-2.0-noarch-26.txz
rc.6: Change command variable to shutdown_command to avoid conflicting with
a same-named variable in rc.networkmanager. Thanks to Antonio Maretzek.
Added new script rc.cpufreq to set CPU frequency scaling.
If executable, it will be run from rc.M. - ap/ghostscript-9.07-arm-3.txz
Reverted back to ghostscript-9.07, since any newer version causes the GIMP
ps plugin to crash when attempting to import a .ps or .eps file. Whatever
is causing the problem happened between gs-9.07 and gs-9.09, and is probably
also dependent on the libraries in use and perhaps the compiler, since some
other distributions appear to be using the latest ghostscript without issues.
If anyone can figure it out, hints are welcome. Meanwhile this gets
everything working again. - ap/gutenprint-5.2.11-arm-2.txz
Run cups-genppdupdate after installing. Thanks to Lukasz Wieczorek. - ap/slackpkg-2.82.0-noarch-18.txz
Refreshed mirror list for ARM. - d/gcc-5.3.1-arm-3.txz
- d/gcc-g++-5.3.1-arm-3.txz
- d/gcc-gfortran-5.3.1-arm-3.txz
- d/gcc-gnat-5.3.1-arm-3.txz
- d/gcc-go-5.3.1-arm-3.txz
- d/gcc-java-5.3.1-arm-3.txz
- d/gcc-objc-5.3.1-arm-3.txz
- xap/xine-lib-1.2.6-arm-6.txz
Rebuilt against ffmpeg-2.8.5, which fixes two security issues by which a
remote attacker may conduct a cross-origin attack and read arbitrary files
on the system.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1898
(* Security fix *)
Added
- xap/gparted-0.25.0-arm-1.txz
Thanks to Erik W. Hanson. - xap/hexchat-2.10.2-arm-1.txz
This package replaces 'xchat'.
Removed
xap/xchat-2.8.8-arm-11.txz
Replaced with 'hexchat'.