Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-current ChangeLog (2021-01-28) ====== ====== Thu Jan 28 08:08:08 UTC 2021 ====== > \\ If you follow Slackware-current on x86/64, you may have been expecting a world \\ rebuild. I've planned to sidestep that on ARM, as there'll be another coming \\ in February for the glibc-2.33 upgrade. That said, there will be a number of \\ package upgrades in the next couple of weeks, as I update the cross compiler \\ toolchain and ensure that the build system modifications required for AArch64 \\ continue to work on ARM. \\ \\ MoZes. \\ ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.current>a/btrfs-progs-5.10-arm-1.txz]] * [[slackwarearm.current>a/dialog-1.3_20210117-arm-1.txz]] * [[slackwarearm.current>a/glibc-solibs-2.32-arm-1.txz]] * [[slackwarearm.current>a/glibc-zoneinfo-2021a-noarch-1.txz]] \\ This package provides the latest timezone updates. * [[slackwarearm.current>a/kernel-firmware-20210119_0578970-noarch-1.txz]] * [[slackwarearm.current>a/kernel-modules-armv7-5.10.11_armv7-arm-1.txz]] * [[slackwarearm.current>a/kernel_armv7-5.10.11-arm-1.txz]] * [[slackwarearm.current>a/libbytesize-2.5-arm-1.txz]] * [[slackwarearm.current>a/os-prober-1.78-arm-1.txz]] * [[slackwarearm.current>ap/inxi-20210113_1e2d470c-noarch-1.txz]] * [[slackwarearm.current>ap/mc-4.8.26-arm-1.txz]] * [[slackwarearm.current>ap/sqlite-3.34.1-arm-1.txz]] * [[slackwarearm.current>ap/sudo-1.9.5p2-arm-1.txz]] \\ When invoked as sudoedit, the same set of command line options \\ are now accepted as for "sudo -e". The -H and -P options are \\ now rejected for sudoedit and "sudo -e" which matches the sudo \\ 1.7 behavior. This is part of the fix for CVE-2021-3156. \\ Fixed a potential buffer overflow when unescaping backslashes \\ in the command's arguments. Normally, sudo escapes special \\ characters when running a command via a shell (sudo -s or sudo \\ -i). However, it was also possible to run sudoedit with the -s \\ or -i flags in which case no escaping had actually been done, \\ making a buffer overflow possible. This fixes CVE-2021-3156. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156 \\ (* Security fix *) * [[slackwarearm.current>ap/vim-8.2.2394-arm-1.txz]] * [[slackwarearm.current>ap/vorbis-tools-1.4.2-arm-1.txz]] * [[slackwarearm.current>d/binutils-2.36-arm-1.txz]] \\ Revert commit d1bcae833b32f1408485ce69f844dcd7ded093a8: \\ [PATCH] ELF: Don't generate unused section symbols \\ This fixes building the kernel. * [[slackwarearm.current>d/bison-3.7.5-arm-1.txz]] * [[slackwarearm.current>d/help2man-1.47.17-arm-1.txz]] * [[slackwarearm.current>d/kernel-headers-5.10.11-arm-1.txz]] * [[slackwarearm.current>d/make-4.3-arm-1.txz]] \\ We'll upgrade to make-4.3 again (with a few patches from Fedora) since this \\ is now working with all the sources that we ship. * [[slackwarearm.current>d/parallel-20210122-noarch-1.txz]] * [[slackwarearm.current>d/perl-5.32.1-arm-1.txz]] * [[slackwarearm.current>d/python-pip-21.0-arm-1.txz]] * [[slackwarearm.current>d/python-setuptools-52.0.0-arm-1.txz]] * [[slackwarearm.current>d/rust-1.49.0-arm-1.txz]] * [[slackwarearm.current>k/kernel-source-5.10.11-arm-1.txz]] * [[slackwarearm.current>kde/krita-4.4.2-arm-1.txz]] * [[slackwarearm.current>l/glibc-2.32-arm-1.txz]] * [[slackwarearm.current>l/glibc-i18n-2.32-arm-1.txz]] * [[slackwarearm.current>l/glibc-profile-2.32-arm-1.txz]] * [[slackwarearm.current>l/gtk+2-2.24.33-arm-1.txz]] * [[slackwarearm.current>l/imagemagick-7.0.10_60-arm-1.txz]] * [[slackwarearm.current>l/libcap-2.47-arm-1.txz]] * [[slackwarearm.current>l/libsamplerate-0.2.1-arm-1.txz]] * [[slackwarearm.current>l/libsndfile-1.0.31-arm-1.txz]] * [[slackwarearm.current>l/loudmouth-1.5.4-arm-1.txz]] * [[slackwarearm.current>l/mozilla-nss-3.61-arm-1.txz]] * [[slackwarearm.current>l/mozjs78-78.7.0esr-arm-1.txz]] * [[slackwarearm.current>l/pango-1.48.1-arm-1.txz]] * [[slackwarearm.current>l/pipewire-0.3.20-arm-1.txz]] * [[slackwarearm.current>l/python-urllib3-1.26.3-arm-1.txz]] * [[slackwarearm.current>l/talloc-2.3.2-arm-1.txz]] * [[slackwarearm.current>l/vte-0.62.2-arm-1.txz]] * [[slackwarearm.current>n/autofs-5.1.7-arm-1.txz]] * [[slackwarearm.current>n/bind-9.16.11-arm-1.txz]] * [[slackwarearm.current>n/dnsmasq-2.84-arm-1.txz]] \\ This update fixes bugs and remotely exploitable security issues: \\ Use the values of --min-port and --max-port in outgoing \\ TCP connections to upstream DNS servers. \\ Fix a remote buffer overflow problem in the DNSSEC code. Any \\ dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, \\ referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 \\ CVE-2020-25687. \\ Be sure to only accept UDP DNS query replies at the address \\ from which the query was originated. This keeps as much entropy \\ in the {query-ID, random-port} tuple as possible, to help defeat \\ cache poisoning attacks. Refer: CVE-2020-25684. \\ Use the SHA-256 hash function to verify that DNS answers \\ received are for the questions originally asked. This replaces \\ the slightly insecure SHA-1 (when compiled with DNSSEC) or \\ the very insecure CRC32 (otherwise). Refer: CVE-2020-25685. \\ Handle multiple identical near simultaneous DNS queries better. \\ Previously, such queries would all be forwarded \\ independently. This is, in theory, inefficent but in practise \\ not a problem, _except_ that is means that an answer for any \\ of the forwarded queries will be accepted and cached. \\ An attacker can send a query multiple times, and for each repeat, \\ another {port, ID} becomes capable of accepting the answer he is \\ sending in the blind, to random IDs and ports. The chance of a \\ succesful attack is therefore multiplied by the number of repeats \\ of the query. The new behaviour detects repeated queries and \\ merely stores the clients sending repeats so that when the \\ first query completes, the answer can be sent to all the \\ clients who asked. Refer: CVE-2020-25686. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25681 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25682 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25683 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25684 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25685 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25686 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25687 \\ (* Security fix *) * [[slackwarearm.current>n/libgcrypt-1.9.0-arm-1.txz]] \\ Use blinding for ECDSA signing to mitigate a novel side-channel attack. \\ Add mitigation against ECC timing attack. \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13626 \\ (* Security fix *) * [[slackwarearm.current>n/libmbim-1.24.6-arm-1.txz]] * [[slackwarearm.current>n/mutt-2.0.5-arm-1.txz]] * [[slackwarearm.current>n/openldap-2.4.57-arm-1.txz]] * [[slackwarearm.current>n/pinentry-1.1.1-arm-1.txz]] * [[slackwarearm.current>n/ppp-2.4.9-arm-1.txz]] * [[slackwarearm.current>n/s-nail-14.9.21-arm-1.txz]] * [[slackwarearm.current>n/samba-4.13.4-arm-1.txz]] * [[slackwarearm.current>n/tin-2.4.5-arm-1.txz]] * [[slackwarearm.current>x/ibus-libpinyin-1.12.0-arm-1.txz]] * [[slackwarearm.current>x/ibus-table-1.12.4-arm-1.txz]] * [[slackwarearm.current>x/libXt-1.2.1-arm-1.txz]] * [[slackwarearm.current>x/libpinyin-2.6.0-arm-1.txz]] * [[slackwarearm.current>x/util-macros-1.19.3-arm-1.txz]] * [[slackwarearm.current>x/wayland-1.19.0-arm-1.txz]] * [[slackwarearm.current>x/xf86-video-nouveau-1.0.17-arm-1.txz]] * [[slackwarearm.current>xap/gparted-1.2.0-arm-1.txz]] * [[slackwarearm.current>xap/mozilla-firefox-78.7.0esr-arm-1.txz]] \\ This release contains security fixes and improvements. \\ For more information, see: \\ https://www.mozilla.org/en-US/firefox/78.7.0/releasenotes/ \\ (* Security fix *) * [[slackwarearm.current>xap/vim-gvim-8.2.2394-arm-1.txz]] * [[slackwarearm.current>xap/xaos-4.2.1-arm-1.txz]] * [[slackwarearm.current>xap/xsnow-3.2.2-arm-1.txz]] * [[slackwarearm.current>xfce/xfce4-panel-4.16.1-arm-1.txz]] * [[slackwarearm.current>xfce/xfce4-whiskermenu-plugin-2.5.3-arm-1.txz]] * [[slackwarearm.current>kernels/*]] ==== Rebuilt ==== * [[slackwarearm.current>a/coreutils-8.32-arm-2.txz]] \\ Rebuilt to test with FTBFS patch for aarch64. * [[slackwarearm.current>a/lzip-1.22-arm-2.tgz]] * [[slackwarearm.current>a/pam-1.5.1-arm-2.txz]] * [[slackwarearm.current>a/tar-1.33-arm-2.tgz]] * [[slackwarearm.current>a/xz-5.2.5-arm-2.tgz]] * [[slackwarearm.current>d/gcc-10.2.0-arm-2.txz]] * [[slackwarearm.current>d/gcc-g++-10.2.0-arm-2.txz]] * [[slackwarearm.current>d/gcc-gdc-10.2.0-arm-2.txz]] * [[slackwarearm.current>d/gcc-gfortran-10.2.0-arm-2.txz]] * [[slackwarearm.current>d/gcc-gnat-10.2.0-arm-2.txz]] * [[slackwarearm.current>d/gcc-go-10.2.0-arm-2.txz]] * [[slackwarearm.current>d/gcc-objc-10.2.0-arm-2.txz]] * [[slackwarearm.current>d/oprofile-1.4.0-arm-3.txz]] * [[slackwarearm.current>l/libvisual-0.4.0-arm-3.txz]] * [[slackwarearm.current>l/libvisual-plugins-0.4.0-arm-4.txz]] \\ Drop actor_gstreamer.so (requires gstreamer0). * [[slackwarearm.current>n/NetworkManager-1.28.0-arm-3.txz]] \\ Rebuilt for ppp-2.4.9. * [[slackwarearm.current>n/inetd-1.79s-arm-6.txz]] * [[slackwarearm.current>n/postfix-3.5.9-arm-2.txz]] \\ Correct the permissions on /var/spool/postfix/maildrop \\ Thanks to andy25225 for the report. * [[slackwarearm.current>n/rp-pppoe-3.14-arm-2.txz]] \\ Rebuilt for ppp-2.4.9. * [[slackwarearm.current>n/telnet-0.17-arm-4.txz]] * [[slackwarearm.current>isolinux/*]] ==== Removed ==== * <del>[[slackwarearm.current>l/gst-plugins-base0-0.10.36-arm-3.txz]]</del> * <del>[[slackwarearm.current>l/gst-plugins-good0-0.10.31-arm-3.txz]]</del> * <del>[[slackwarearm.current>l/gstreamer0-0.10.36-arm-3.txz]]</del> {{tag>slackware changelog slackwarearm-current 2021-01}} news/2021/01/28/slackwarearm-current-changelog.txt Last modified: 3 years agoby Giuseppe Di Terlizzi Log In