Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-current ChangeLog (2019-04-20) ====== ====== Sat Apr 20 08:07:06 GMT 2019 ====== ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.current>a/gawk-5.0.0-arm-1.txz]] * [[slackwarearm.current>ap/ksh93-20190416_7d7bba3e-arm-1.txz]] * [[slackwarearm.current>ap/nano-4.1-arm-1.txz]] * [[slackwarearm.current>ap/sqlite-3.28.0-arm-1.txz]] * [[slackwarearm.current>ap/sysstat-12.1.4-arm-1.txz]] * [[slackwarearm.current>ap/vim-8.1.1157-arm-1.txz]] * [[slackwarearm.current>d/Cython-0.29.7-arm-1.txz]] * [[slackwarearm.current>d/cmake-3.14.2-arm-1.txz]] * [[slackwarearm.current>d/meson-0.50.1-arm-1.txz]] * [[slackwarearm.current>d/ruby-2.6.3-arm-1.txz]] * [[slackwarearm.current>d/rust-1.34.0-arm-1.txz]] * [[slackwarearm.current>e/emacs-26.2-arm-1.txz]] * [[slackwarearm.current>l/Mako-1.0.9-arm-1.txz]] * [[slackwarearm.current>l/boost-1.70.0-arm-1.txz]] \\ Shared library .so-version bump. \\ Note: Boost now provides its own BoostConfig.cmake config file, and it may \\ not work with all existing code (here, calligra stumbled over it). At this \\ point it's not clear if the included cmake config files are buggy, or if \\ affected projects need to change something in order to use them, but there's \\ an easy workaround to use cmake's FindBoost.cmake (as was used previously). \\ Add this to the call to cmake from any affected project (if cmake fails with \\ an error: "No suitable build variant has been found."): \\ -DBoost_NO_BOOST_CMAKE=ON * [[slackwarearm.current>l/glib2-2.60.1-arm-1.txz]] * [[slackwarearm.current>l/gtk+3-3.24.8-arm-1.txz]] * [[slackwarearm.current>l/icu4c-64.2-arm-1.txz]] * [[slackwarearm.current>l/imagemagick-6.9.10_40-arm-1.txz]] * [[slackwarearm.current>l/libcap-2.27-arm-1.txz]] * [[slackwarearm.current>l/libcdio-2.1.0-arm-1.txz]] \\ Shared library .so-version bump. * [[slackwarearm.current>l/libpng-1.6.37-arm-1.txz]] \\ This update fixes security issues: \\ Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free. \\ Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. \\ Fixed a memory leak in pngtest.c. \\ Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in \\ contrib/pngminus; refactor. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317 \\ (* Security fix *) * [[slackwarearm.current>l/libpsl-0.21.0-arm-1.txz]] * [[slackwarearm.current>l/opus-1.3.1-arm-1.txz]] * [[slackwarearm.current>l/orc-0.4.29-arm-1.txz]] * [[slackwarearm.current>l/pcre2-10.33-arm-1.txz]] * [[slackwarearm.current>l/pyparsing-2.4.0-arm-1.txz]] * [[slackwarearm.current>l/zstd-1.4.0-arm-1.txz]] * [[slackwarearm.current>n/dhcpcd-7.2.0-arm-1.txz]] * [[slackwarearm.current>n/dovecot-2.3.5.2-arm-1.txz]] \\ This update fixes a security issue: \\ Trying to login with 8bit username containing invalid UTF8 input causes \\ auth process to crash if auth policy is enabled. This could be used rather \\ easily to cause a DoS. Similar crash also happens during mail delivery \\ when using invalid UTF8 in From or Subject header when OX push \\ notification driver is used. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691 \\ (* Security fix *) * [[slackwarearm.current>n/libmbim-1.18.2-arm-1.txz]] * [[slackwarearm.current>n/libqmi-1.22.4-arm-1.txz]] * [[slackwarearm.current>n/nghttp2-1.38.0-arm-1.txz]] * [[slackwarearm.current>n/openssh-8.0p1-arm-1.txz]] \\ This release contains a mitigation for a weakness in the scp(1) tool \\ and protocol (CVE-2019-6111): when copying files from a remote system \\ to a local directory, scp(1) did not verify that the filenames that \\ the server sent matched those requested by the client. This could \\ allow a hostile server to create or clobber unexpected local files \\ with attacker-controlled content. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 \\ (* Security fix *) * [[slackwarearm.current>n/stunnel-5.53-arm-1.txz]] * [[slackwarearm.current>x/libwacom-0.33-arm-1.txz]] * [[slackwarearm.current>x/mesa-19.0.2-arm-1.txz]] * [[slackwarearm.current>xap/MPlayer-1.3_20190418-arm-1.txz]] \\ Compiled against libcdio-2.1.0. * [[slackwarearm.current>xap/vim-gvim-8.1.1157-arm-1.txz]] ==== Rebuilt ==== * [[slackwarearm.current>ap/pamixer-1.4-arm-2.txz]] \\ Recompiled against boost-1.70.0. * [[slackwarearm.current>kde/calligra-2.9.11-arm-28.txz]] \\ Recompiled against boost-1.70.0. * [[slackwarearm.current>l/akonadi-1.13.0-arm-12.txz]] \\ Recompiled against boost-1.70.0. * [[slackwarearm.current>l/giflib-5.1.9-arm-2.txz]] \\ Restore GifQuantizeBuffer and other deprecated functions to the shared \\ library. Thanks to Skaendo. * [[slackwarearm.current>l/gvfs-1.40.1-arm-2.txz]] \\ Recompiled against libcdio-2.1.0. * [[slackwarearm.current>l/libcddb-1.3.2-arm-4.txz]] \\ Recompiled against libcdio-2.1.0. * [[slackwarearm.current>l/libcdio-paranoia-10.2+2.0.0-arm-2.txz]] \\ Recompiled against libcdio-2.1.0. * [[slackwarearm.current>n/nfs-utils-2.3.3-arm-3.txz]] \\ rc.nfsd: don't try to create the nfsv4recoverydir - the build script will \\ determine the directory to use and include it in the package. \\ rc.nfsd: drop 2.4 kernel support, and use better code for mounting the nfsd \\ filesystem. \\ Thanks to shasta. * [[slackwarearm.current>xap/audacious-plugins-3.10.1-arm-2.txz]] \\ Recompiled against libcdio-2.1.0. {{tag>slackware changelog slackwarearm-current 2019/04}} news/2019/04/20/slackwarearm-current-changelog.txt Last modified: 5 years agoby Giuseppe Di Terlizzi Log In