Slackware-current ChangeLog
Tue May 3 19:33:50 UTC 2022
Packages
Upgraded
Mon May 2 20:02:49 UTC 2022
Packages
Upgraded
- l/libxml2-2.9.14-i586-1.txz
This update fixes bugs and the following security issues:
Fix integer overflow in xmlBuf and xmlBuffer.
Fix potential double-free in xmlXPtrStringRangeFunction.
Fix memory leak in xmlFindCharEncodingHandler.
Normalize XPath strings in-place.
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars().
Fix leak of xmlElementContent.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
(* Security fix *) - l/poppler-22.04.0-i586-1.txz
Shared library .so-version bump. - n/samba-4.16.1-i586-1.txz
This is a bugfix release.
For more information, see:
https://www.samba.org/samba/history/samba-4.16.1.html - xap/mozilla-firefox-100.0-i686-1.txz
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/100.0/releasenotes/
Rebuilt
- kde/calligra-3.2.1-i586-17.txz
Recompiled against poppler-22.04.0. - kde/cantor-22.04.0-i586-2.txz
Recompiled against poppler-22.04.0. - kde/kfilemetadata-5.93.0-i586-2.txz
Recompiled against poppler-22.04.0. - kde/kile-2.9.93-i586-16.txz
Recompiled against poppler-22.04.0. - kde/kitinerary-22.04.0-i586-2.txz
Recompiled against poppler-22.04.0. - kde/krita-5.0.6-i586-3.txz
Recompiled against poppler-22.04.0. - kde/okular-22.04.0-i586-2.txz
Recompiled against poppler-22.04.0.
Sun May 1 23:17:58 UTC 2022
Packages
Rebuilt
- kde/calligra-3.2.1-i586-16.txz
Recompiled against openexr-3.1.5.
Thanks to Heinz Wiesinger for the link to the patch. - kde/kimageformats-5.93.0-i586-2.txz
Recompiled against openexr-3.1.5. - kde/kio-extras-22.04.0-i586-2.txz
Recompiled against Imath-3.1.5 and openexr-3.1.5. - kde/krita-5.0.6-i586-2.txz
Recompiled against Imath-3.1.5 and openexr-3.1.5. - kde/umbrello-22.04.0-i586-2.txz
Recompiled against kdevelop-22.04.0. - l/SDL2-2.0.22-i586-2.txz
Recompiled with -DSDL_STATIC=OFF. Thanks to jkh2cpu. - l/gegl-0.4.36-i586-2.txz
Recompiled against openexr-3.1.5. - l/gst-plugins-bad-free-1.20.1-i586-2.txz
Recompiled against Imath-3.1.5 and openexr-3.1.5. - l/opencv-4.5.5-i586-2.txz
Recompiled against openexr-3.1.5. - xap/gimp-2.10.30-i586-3.txz
Recompiled against Imath-3.1.5 and openexr-3.1.5.
Upgraded
- l/imagemagick-7.1.0_32-i586-1.txz
Compiled against Imath-3.1.5 and openexr-3.1.5.
Added
- l/Imath-3.1.5-i586-1.txz
This library was split out from OpenEXR.
Sat Apr 30 21:35:21 UTC 2022
Packages
Upgraded
- xap/pidgin-2.14.9-i586-1.txz
Mitigate the potential for a man in the middle attack via DNS spoofing by
removing the code that supported the _xmppconnect DNS TXT record.
For more information, see:
https://www.pidgin.im/about/security/advisories/cve-2022-26491/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26491
(* Security fix *)
Added
Thu Apr 28 18:50:52 UTC 2022
Packages
Upgraded
Wed Apr 27 21:43:51 UTC 2022
Packages
Upgraded
- d/libtool-2.4.7-i586-1.txz
This also updates the embedded GCC version number. - k/kernel-source-5.17.5_smp-noarch-1.txz
CC_VERSION_TEXT “gcc (GCC) 11.2.0” → “gcc (GCC) 11.3.0”
GCC_VERSION 110200 → 110300
+CC_HAS_SLS y - n/curl-7.83.0-i586-1.txz
This update fixes security issues:
OAUTH2 bearer bypass in connection re-use.
Credential leak on redirect.
Bad local IPv6 connection reuse.
Auth/cookie leak on redirect.
For more information, see:
https://curl.se/docs/CVE-2022-22576.html
https://curl.se/docs/CVE-2022-27774.html
https://curl.se/docs/CVE-2022-27775.html
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
(* Security fix *)
Rebuilt
Tue Apr 26 19:45:46 UTC 2022
Packages
Rebuilt
- a/mkinitrd-1.4.11-i586-29.txz
Support mounting additional partitions from the initrd - useful for anyone
still stuck with a separated /usr.
Thanks to PiterPunk.
Ensure that the target directory exists before trying to copy a module into
it (workaround for coreutils 9.1 behavior change).
Upgraded
Mon Apr 25 20:55:17 UTC 2022
Packages
Upgraded
- xap/freerdp-2.7.0-i586-1.txz
This update is a security and maintenance release.
For more information, see:
https://github.com/FreeRDP/FreeRDP/blob/2.7.0/ChangeLog
(* Security fix *)
Added
Fri Apr 22 21:20:18 UTC 2022
Packages
Upgraded
Removed
Added
Thu Apr 21 19:11:10 UTC 2022
Packages
Upgraded
- xap/mozilla-thunderbird-91.8.1-i686-1.txz
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.8.1/releasenotes/
Rebuilt
- l/pipewire-0.3.50-i586-2.txz
Build in FFmpeg and Vulkan support. Thanks to Klaatu.
Mon Apr 18 19:58:04 UTC 2022
Packages
Upgraded
- l/quazip-1.3-i586-1.txz
Shared library .so-version bump.
Rebuilt
- kde/krita-5.0.5-i586-3.txz
Recompiled against quazip-1.3.
Fri Apr 15 20:01:44 UTC 2022
Packages
Rebuilt
- a/aaa_libraries-15.1-i586-4.txz
Upgraded: libaio.so.1.0.2.
Added: libboost_atomic.so.1.78.0, libboost_chrono.so.1.78.0,
libboost_container.so.1.78.0, libboost_context.so.1.78.0,
libboost_contract.so.1.78.0, libboost_coroutine.so.1.78.0,
libboost_date_time.so.1.78.0, libboost_fiber.so.1.78.0,
libboost_filesystem.so.1.78.0, libboost_graph.so.1.78.0,
libboost_iostreams.so.1.78.0, libboost_json.so.1.78.0,
libboost_locale.so.1.78.0, libboost_log.so.1.78.0,
libboost_log_setup.so.1.78.0, libboost_math_c99.so.1.78.0,
libboost_math_c99f.so.1.78.0, libboost_math_c99l.so.1.78.0,
libboost_math_tr1.so.1.78.0, libboost_math_tr1f.so.1.78.0,
libboost_math_tr1l.so.1.78.0, libboost_nowide.so.1.78.0,
libboost_prg_exec_monitor.so.1.78.0, libboost_program_options.so.1.78.0,
libboost_python27.so.1.78.0, libboost_python39.so.1.78.0,
libboost_random.so.1.78.0, libboost_regex.so.1.78.0,
libboost_serialization.so.1.78.0, libboost_stacktrace_addr2line.so.1.78.0,
libboost_stacktrace_basic.so.1.78.0, libboost_stacktrace_noop.so.1.78.0,
libboost_system.so.1.78.0, libboost_thread.so.1.78.0,
libboost_timer.so.1.78.0, libboost_type_erasure.so.1.78.0,
libboost_unit_test_framework.so.1.78.0, libboost_wave.so.1.78.0,
libboost_wserialization.so.1.78.0.
The boost libraries are from the previous package (for temporary
compatibility) and will be removed in a month or so. - ap/pamixer-1.5-i586-3.txz
Recompiled against boost-1.79.0. - kde/kig-21.12.3-i586-2.txz
Recompiled against boost-1.79.0. - kde/kopeninghours-21.12.3-i586-2.txz
Recompiled against boost-1.79.0. - kde/krita-5.0.5-i586-2.txz
Recompiled against boost-1.79.0. - l/cryfs-0.10.3-i586-5.txz
Recompiled against boost-1.79.0. - l/openexr-2.5.7-i586-6.txz
Recompiled against boost-1.79.0.
Upgraded
- l/boost-1.79.0-i586-1.txz
Shared library .so-version bump.
Thu Apr 14 21:14:21 UTC 2022
Packages
Upgraded
- d/git-2.35.3-i586-1.txz
This update fixes a security issue where a Git worktree created by another
user might be able to execute arbitrary code.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
(* Security fix *)
Rebuilt
- a/xz-5.2.5-i586-4.txz
This update fixes a security issue:
xzgrep applied to a crafted file name with two or more newlines can no
longer overwrite an arbitrary, attacker-selected file.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
(* Security fix *)
Wed Apr 13 20:51:01 UTC 2022
Packages
Upgraded
- d/ruby-3.1.2-i586-1.txz
This update fixes bugs and security issues:
Double free in Regexp compilation.
Buffer overrun in String-to-Float conversion.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739
(* Security fix *)
Rebuilt
Tue Apr 12 21:56:14 UTC 2022
Packages
Upgraded
- xap/mozilla-firefox-99.0.1-i686-1.txz
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/99.0.1/releasenotes/
Mon Apr 11 20:49:27 UTC 2022
Packages
Rebuilt
- a/aaa_libraries-15.1-i586-3.txz
Upgraded: libz.so.1.2.12, libexpat.so.1.8.8, libcap.so.2.64,
libicudata.so.70.1, libicui18n.so.70.1, libicuio.so.70.1,
libicutest.so.70.1, libicutu.so.70.1, libicuuc.so.70.1.
The icu4c libraries are from the previous package (for temporary
compatibility) and will be removed in a month or so.
Removed: liblber-2.4.so.2.11.7, libldap-2.4.so.2.11.7. - a/sysvinit-scripts-15.0-noarch-11.txz
rc.S, rc.6: use a temporary umask and more syncing to avoid any races when
creating the random seed directory and files. Use the poolsize rather than
a hardcoded 512 bytes when creating a non-creditable seed in the fallback
scripts. Thanks to Jason A. Donenfeld. - a/xfsprogs-5.13.0-i586-3.txz
Recompiled against icu4c-71.1. - ap/sqlite-3.38.2-i586-2.txz
Recompiled against icu4c-71.1. - l/boost-1.78.0-i586-4.txz
Recompiled against icu4c-71.1. - l/harfbuzz-4.2.0-i586-2.txz
Recompiled against icu4c-71.1. - l/libical-3.0.14-i586-3.txz
Recompiled against icu4c-71.1. - l/libqalculate-4.1.1-i586-2.txz
Recompiled against icu4c-71.1. - l/libvisio-0.1.7-i586-9.txz
Recompiled against icu4c-71.1. - l/nodejs-16.14.2-i586-2.txz
Recompiled against icu4c-71.1. - l/qt5-webkit-5.212.0_alpha4-i586-9.txz
Recompiled against icu4c-71.1. - l/vte-0.66.2-i586-3.txz
Recompiled against icu4c-71.1. - n/dovecot-2.3.18-i586-4.txz
Recompiled against icu4c-71.1. - n/php-7.4.28-i586-4.txz
Recompiled against icu4c-71.1. - n/postfix-3.7.0-i586-4.txz
Recompiled against icu4c-71.1. - n/samba-4.16.0-i586-2.txz
Recompiled against icu4c-71.1. - n/tin-2.6.1-i586-3.txz
Recompiled against icu4c-71.1. - t/texlive-2021.210418-i586-4.txz
Recompiled against icu4c-71.1. - extra/brltty/brltty-6.4-i586-5.txz
Recompiled against icu4c-71.1. - extra/php80/php80-8.0.17-i586-2.txz
Recompiled against icu4c-71.1. - extra/php81/php81-8.1.4-i586-2.txz
Recompiled against icu4c-71.1. - extra/sendmail/sendmail-8.17.1-i586-3.txz
Recompiled against icu4c-71.1.
Upgraded
- a/haveged-1.9.18-i586-1.txz
I've decided to turn this back on by default in light of comments in
README.md. It doesn't hurt to have an additional source of entropy
(especially in early boot), and the overhead from running this daemon is
negligible. - l/icu4c-71.1-i586-1.txz
Shared library .so-version bump. - l/qt5-5.15.3_20220407_9b1efa0e-i586-1.txz
Compiled against icu4c-71.1. - n/openssh-9.0p1-i586-1.txz
This update contains some potentially incompatible changes regarding the
scp utility. For more information, see:
https://www.openssh.com/releasenotes.html#9.0
Fri Apr 8 20:03:36 UTC 2022
Packages
Upgraded
- l/libarchive-3.6.1-i586-1.txz
This is a bugfix and security release.
Security fixes:
7zip reader: fix PPMD read beyond boundary.
ZIP reader: fix possible out of bounds read.
ISO reader: fix possible heap buffer overflow in read_children().
RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in
libarchive 3.6.0).
Fix heap use after free in archive_read_format_rar_read_data().
Fix null dereference in read_data_compressed().
Fix heap user after free in run_filters().
(* Security fix *)
Rebuilt
Thu Apr 7 22:11:23 UTC 2022
Packages
Upgraded
Wed Apr 6 20:23:46 UTC 2022
Packages
Rebuilt
- a/haveged-1.9.17-i586-2.txz
Install /etc/rc.d/rc.haveged as non-executable. For existing installations
running a recent kernel, it is safe to turn this off.
Back when we added the haveged package we were using the 4.4 kernel, but
since Linux 5.4 this same entropy generating algorithm has been built into
the kernel, so there's no reason to also run it in userspace. We'll keep
the package around (for now, anyway) in case someone might be running an
old kernel. Thanks to Jason A. Donenfeld. - a/sysvinit-scripts-15.0-noarch-10.txz
rc.S, rc.6: use the seedrng utility to seed and initialize the kernel
random number generator and generate a new seed.
If seedrng is missing, we'll attempt to do these things with scripting.
Thanks to Jason A. Donenfeld for hints about how to make a modest
improvement in that regard (blame me for any problems with my own changes),
but because you can't force the kernel RNG to initialize with a script
(it needs an ioctl), you won't get the same guarantees that you do when
using the new seedrng utility. - a/util-linux-2.38-i586-2.txz
Added seedrng utility, used to seed and initialize the kernel random number
generator and to generate new seeds for carrying entropy across reboots.
Thanks to Jason A. Donenfeld.
Upgraded
- xap/mozilla-thunderbird-91.8.0-i686-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289
(* Security fix *)
Tue Apr 5 19:16:30 UTC 2022
Packages
Upgraded
- xap/mozilla-firefox-99.0-i686-1.txz
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/99.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-13/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28288
(* Security fix *)
Sun Apr 3 19:57:16 UTC 2022
Packages
Upgraded
- n/ca-certificates-20220403-noarch-1.txz
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
Sat Apr 2 18:52:59 UTC 2022
Packages
Upgraded
Wed Mar 30 22:37:05 UTC 2022
Packages
Upgraded
- ap/vim-8.2.4649-i586-1.txz
Fixes a use-after-free in utf_ptr2char in vim/vim prior to 8.2.4646.
This vulnerability is capable of crashing software, bypassing protection
mechanisms, modifying memory, and possibly execution of arbitrary code.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1154
https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5
(* Security fix *)
Tue Mar 29 20:16:24 UTC 2022
Packages
Upgraded
Rebuilt
- a/sysvinit-scripts-15.0-noarch-9.txz
rc.M: Fix cosmetic mistake where a couple of paths were relative instead of
absolute. Thanks to babydr.
Mon Mar 28 19:33:46 UTC 2022
Packages
Upgraded
- l/zlib-1.2.12-i586-1.txz
This update fixes memory corruption when deflating (i.e., when compressing)
if the input has many distant matches. Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
(* Security fix *)
Rebuilt
Mon Mar 28 01:02:12 UTC 2022
Packages
Upgraded
Fri Mar 25 19:18:41 UTC 2022
Packages
Upgraded
- xap/seamonkey-2.53.11.1-i686-1.txz
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.11.1
(* Security fix *)
Thu Mar 24 20:59:09 UTC 2022
Packages
Upgraded
- d/python3-3.9.12-i586-1.txz
This is a bugfix release.
For more information, see:
https://pythoninsider.blogspot.com/2022/03/python-3104-and-3912-are-now-available.html - usb-and-pxe-installers/usbimg2disk.sh
Calculate the space requirement by checking the size of the packages in the
Slackware directory tree.
Wed Mar 23 17:25:36 UTC 2022
Packages
Upgraded
- l/rubygem-asciidoctor-2.0.17-i586-1.txz
Upgraded and built for Ruby 3.1.1. Thanks to marrowsuck. - xap/mozilla-firefox-98.0.2-i686-1.txz
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/98.0.2/releasenotes/
Mon Mar 21 16:41:26 UTC 2022
Packages
Upgraded
Rebuilt
Mon Mar 21 07:31:06 UTC 2022
Packages
Upgraded
- l/qt5-5.15.3_20220318_e507d3e5-i586-1.txz
Pulled from git again to fix missing liblocationlabsplugin.so.
Fixed syntax error in qt5.csh. Thanks to rkomar.
Sat Mar 19 20:28:16 UTC 2022
Packages
Upgraded
Rebuilt
Fri Mar 18 20:16:12 UTC 2022
Packages
Upgraded
- d/python3-3.9.11-i586-1.txz
This update fixes bugs and security issues:
libexpat upgraded from 2.4.1 to 2.4.7
bundled pip upgraded from 21.2.4 to 22.0.4
authorization bypass fixed in urllib.request
REDoS avoided in importlib.metadata
For more information, see:
https://pythoninsider.blogspot.com/2022/03/python-3103-3911-3813-and-3713-are-now.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363
(* Security fix *)
Thu Mar 17 19:46:28 UTC 2022
Have a great day, everyone! Off to enjoy a couple Guinness.
Packages
Upgraded
- n/bind-9.18.1-i586-1.txz
This update fixes bugs and the following security issues:
An assertion could occur in resume_dslookup() if the fetch had been shut
down earlier.
Lookups involving a DNAME could trigger an INSIST when “synth-from-dnssec”
was enabled.
A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer()
to be called recursively, which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when out-of-order processing was
disabled.
The rules for acceptance of records into the cache have been tightened to
prevent the possibility of poisoning if forwarders send records outside
the configured bailiwick.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0667
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220
(* Security fix *) - n/openssl-1.1.1n-i586-1.txz
This update fixes a high severity security issue:
The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli.
For more information, see:
https://www.openssl.org/news/secadv/20220315.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
(* Security fix *)
Rebuilt
Wed Mar 16 01:46:29 UTC 2022
Packages
Upgraded
- l/qt5-5.15.3_20220312_33a3f16f-i586-1.txz
If a 32-bit userspace is detected, then:
export QTWEBENGINE_CHROMIUM_FLAGS=“–disable-seccomp-filter-sandbox”
This works around crashes occuring with 32-bit QtWebEngine applications.
Thanks to alienBOB.
Tue Mar 15 00:13:59 UTC 2022
Packages
Upgraded
- n/httpd-2.4.53-i586-1.txz
This update fixes bugs and the following security issues:
mod_sed: Read/write beyond bounds
core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody
HTTP request smuggling vulnerability
mod_lua: Use of uninitialized value in r:parsebody
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.53
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719
(* Security fix *) - xap/mozilla-firefox-98.0.1-i686-1.txz
This release makes the following change:
Yandex and Mail.ru have been removed as optional search providers in the
drop-down search menu in Firefox.
For more information, see:
https://www.mozilla.org/en-US/firefox/98.0.1/releasenotes/
(* Security fix *)
Mon Mar 14 01:55:37 UTC 2022
Packages
Upgraded
- d/perl-5.34.1-i586-1.txz
Upgraded: IO-Socket-SSL-2.074, Net-SSLeay-1.92, Path-Tiny-0.122,
Template-Toolkit-3.010, URI-5.10.
Rebuilt
- n/gpgme-1.17.1-i586-2.txz
Also use -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 in $CXXFLAGS.
Sat Mar 12 20:57:35 UTC 2022
Packages
Upgraded
Rebuilt
- l/polkit-0.120-i586-3.txz
Patched to fix a security issue where an unprivileged user could cause a
denial of service due to process file descriptor exhaustion.
Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115
(* Security fix *)
Thu Mar 10 20:12:48 UTC 2022
Packages
Upgraded
Thu Mar 10 02:30:54 UTC 2022
Packages
Upgraded
- n/ca-certificates-20220309-noarch-1.txz
This update provides the latest CA certificates to check for the
authenticity of SSL connections. - xap/mozilla-thunderbird-91.7.0-i686-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386
(* Security fix *)
Wed Mar 9 04:14:08 UTC 2022
Packages
Upgraded
Rebuilt
Tue Mar 8 19:30:56 UTC 2022
Packages
Upgraded
Tue Mar 8 04:39:53 UTC 2022
Packages
Rebuilt
- l/boost-1.78.0-i586-3.txz
This update has been patched to fix a regression:
Boost.Build silently skips installation of library headers and binaries in
some cases.
Thanks to Willy Sudiarto Raharjo.
Tue Mar 8 00:52:43 UTC 2022
Packages
Rebuilt
- kde/akonadi-contacts-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/akonadi-import-wizard-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/akonadiconsole-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/akregator-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/grantlee-editor-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/kdepim-addons-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/kget-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/kleopatra-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/kmail-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/kmail-account-wizard-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/libkleo-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/mailcommon-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/mbox-importer-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/messagelib-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1. - kde/pim-data-exporter-21.12.3-i586-2.txz
Recompiled against gpgme-1.17.1.
Upgraded
- n/gpgme-1.17.1-i586-1.txz
Shared library .so-version bump. - xap/mozilla-firefox-98.0-i686-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/98.0/releasenotes/
(* Security fix *)
Mon Mar 7 01:57:45 UTC 2022
Packages
Rebuilt
- a/aaa_libraries-15.1-i586-2.txz
Upgraded: libexpat.so.1.8.7.
Added: liblber.so.2.0.200, libldap.so.2.0.200.
Removed: libvpx.so.6.4.0. - a/quota-4.06-i586-4.txz
Recompiled against openldap-2.6.1. - ap/cups-filters-1.28.12-i586-2.txz
Recompiled against openldap-2.6.1. - d/subversion-1.14.1-i586-5.txz
Recompiled against ruby-3.1.1. - kde/kldap-21.12.3-i586-2.txz
Recompiled against openldap-2.6.1. - l/GConf-3.2.6-i586-8.txz
Recompiled against openldap-2.6.1. - l/apr-util-1.6.1-i586-11.txz
Recompiled against openldap-2.6.1. - l/serf-1.3.9-i586-7.txz
Recompiled against openldap-2.6.1. - n/alpine-2.25-i586-2.txz
Recompiled against openldap-2.6.1. - n/autofs-5.1.8-i586-2.txz
Recompiled against openldap-2.6.1. - n/curl-7.82.0-i586-2.txz
Recompiled against openldap-2.6.1. - n/cyrus-sasl-2.1.28-i586-2.txz
Recompiled against openldap-2.6.1. - n/dovecot-2.3.18-i586-3.txz
Recompiled against openldap-2.6.1. - n/epic5-2.1.6-i586-4.txz
Recompiled against ruby-3.1.1. - n/gnupg-1.4.23-i586-5.txz
Recompiled against openldap-2.6.1. - n/gnupg2-2.2.34-i586-2.txz
Recompiled against openldap-2.6.1. - n/httpd-2.4.52-i586-2.txz
Recompiled against openldap-2.6.1. - n/krb5-1.19.2-i586-3.txz
Recompiled against openldap-2.6.1. - n/netatalk-3.1.12-i586-8.txz
Recompiled against openldap-2.6.1. - n/nss-pam-ldapd-0.9.12-i586-2.txz
Recompiled against openldap-2.6.1. - n/php-7.4.28-i586-3.txz
Recompiled against openldap-2.6.1. - n/postfix-3.7.0-i586-3.txz
Recompiled against openldap-2.6.1. - n/samba-4.15.5-i586-3.txz
Recompiled against openldap-2.6.1. - x/marisa-0.2.6-i586-5.txz
Recompiled against ruby-3.1.1. - extra/php80/php80-8.0.16-i586-3.txz
Recompiled against openldap-2.6.1. - extra/php81/php81-8.1.3-i586-3.txz
Recompiled against openldap-2.6.1.
Upgraded
- ap/vim-8.2.4522-i586-1.txz
Recompiled against ruby-3.1.1. - d/ruby-3.1.1-i586-1.txz
Shared library .so-version bump. - n/nfs-utils-2.6.1-i586-1.txz
Compiled against openldap-2.6.1. - n/openldap-2.6.1-i586-1.txz
Shared library .so-version bump. - x/vulkan-sdk-1.3.204.0-i586-1.txz
Huge thanks to Heinz Wiesinger for updating the fetch_sources.sh script and
rewriting the SlackBuild to work with the latest upstream release. - xap/vim-gvim-8.2.4522-i586-1.txz
Recompiled against ruby-3.1.1.
Sat Mar 5 19:56:26 UTC 2022
Packages
Upgraded
- l/expat-2.4.7-i586-1.txz
This is a bugfix release:
Relax fix to CVE-2022-25236 (introduced with release 2.4.5) with regard to
all valid URI characters (RFC 3986). - xap/mozilla-firefox-97.0.2-i686-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/97.0.2/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-09/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26486
(* Security fix *) - xap/mozilla-thunderbird-91.6.2-i686-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.6.2/releasenotes/
(* Security fix *)
Fri Mar 4 06:31:06 UTC 2022
Packages
Upgraded
Rebuilt
- l/LibRaw-0.20.2-i586-5.txz
Recompiled against jasper-3.0.2.
Wed Mar 2 21:39:57 UTC 2022
Packages
Upgraded
- xap/seamonkey-2.53.11-i686-1.txz
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.11
(* Security fix *)
Rebuilt
Wed Mar 2 01:54:23 UTC 2022
Packages
Upgraded
Added
- l/nodejs-16.14.0-i586-1.txz
Thanks to Audrius Kažukauskas, Ryan P.C. McQuen, and Willy Sudiarto Raharjo
for the slackbuilds.org version of the build script.
Tue Mar 1 05:05:48 UTC 2022
Packages
Upgraded
- l/libxml2-2.9.13-i586-1.txz
This update fixes bugs and the following security issues:
Use-after-free of ID and IDREF attributes
(Thanks to Shinji Sato for the report)
Use-after-free in xmlXIncludeCopyRange (David Kilzer)
Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
Fix memory leak in xmlXPathCompNodeTest
Fix null pointer deref in xmlStringGetNodeList
Fix several memory leaks found by Coverity (David King)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
(* Security fix *) - l/libxslt-1.1.35-i586-1.txz
This update fixes bugs and the following security issues:
Fix use-after-free in xsltApplyTemplates
Fix memory leak in xsltDocumentElem (David King)
Fix memory leak in xsltCompileIdKeyPattern (David King)
Fix double-free with stylesheets containing entity nodes
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560
(* Security fix *)
Fri Feb 25 00:03:28 UTC 2022
Packages
Upgraded
- n/cyrus-sasl-2.1.28-i586-1.txz
This update fixes bugs and security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
(* Security fix *)
Rebuilt
- extra/xv/xv-3.10a-i586-10.txz
Drop JasPer support until xv can be ported to the new JasPer library (or
preferably to openjpeg).
Thu Feb 24 05:50:40 UTC 2022
Packages
Upgraded
- a/aaa_libraries-15.1-i586-1.txz
Upgraded: libnsl-2.35.so, libexpat.so.1.8.6, libglib-2.0.so.0.7000.4,
libgmodule-2.0.so.0.7000.4, libgthread-2.0.so.0.7000.4.
Added: libicudata.so.69.1, libicui18n.so.69.1, libicuio.so.69.1,
libicutest.so.69.1, libicutu.so.69.1, libicuuc.so.69.1. - ap/sqlite-3.38.0-i586-1.txz
Compiled against icu4c-70.1. - l/icu4c-70.1-i586-1.txz
Shared library .so-version bump. - l/qt5-5.15.3_20220222_08720135-i586-1.txz
Compiled against icu4c-70.1.
Thanks to Heinz Wiesinger for updating the fetch_sources.sh script to make
sure that the QtWebEngine version matches the rest of Qt, which got the
latest git pull compiling again.
Rebuilt
- a/xfsprogs-5.13.0-i586-2.txz
Recompiled against icu4c-70.1. - l/boost-1.78.0-i586-2.txz
Recompiled against icu4c-70.1. - l/harfbuzz-3.4.0-i586-2.txz
Recompiled against icu4c-70.1. - l/libical-3.0.14-i586-2.txz
Recompiled against icu4c-70.1. - l/libqalculate-4.0.0-i586-2.txz
Recompiled against icu4c-70.1. - l/libvisio-0.1.7-i586-8.txz
Recompiled against icu4c-70.1. - l/qt5-webkit-5.212.0_alpha4-i586-8.txz
Recompiled against icu4c-70.1. - l/vte-0.66.2-i586-2.txz
Recompiled against icu4c-70.1. - n/dovecot-2.3.18-i586-2.txz
Recompiled against icu4c-70.1. - n/php-7.4.28-i586-2.txz
Recompiled against icu4c-70.1. - n/postfix-3.7.0-i586-2.txz
Recompiled against icu4c-70.1. - n/samba-4.15.5-i586-2.txz
Recompiled against icu4c-70.1. - n/tin-2.6.1-i586-2.txz
Recompiled against icu4c-70.1. - t/texlive-2021.210418-i586-3.txz
Recompiled against icu4c-70.1. - extra/php80/php80-8.0.16-i586-2.txz
Recompiled against icu4c-70.1. - extra/php81/php81-8.1.3-i586-2.txz
Recompiled against icu4c-70.1.
Tue Feb 22 21:24:29 UTC 2022
Packages
Rebuilt
- l/glibc-2.35-i586-2.txz
Disable clone3() unless built with -DSLACKWARE_USE_CLONE3, since this is
causing sandbox failures with applications using Electron (and others).
Thanks to Sam James of Gentoo for the patch.
Unfortunately, this doesn't solve the issues with kmail/falkon/konqueror,
but we'll keep testing glibc-2.35 for now.
Mon Feb 21 20:21:38 UTC 2022
Packages
Upgraded
- ap/flac-1.3.4-i586-1.txz
This update fixes overflow issues with encoding and decoding.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561
(* Security fix *) - ap/vim-8.2.4428-i586-1.txz
Patched ctags for glibc-2.35. Thanks to nobodino. - l/gobject-introspection-1.71.0-i586-1.txz
This update was needed to solve failing tests with the new meson. - l/jasper-3.0.2-i586-1.txz
Shared library .so-version bump. - x/libwacom-2.1.0-i586-1.txz
Shared library .so-version bump.
Rebuilt
- ap/mariadb-10.6.7-i586-2.txz
Removed dangling symlink. - d/binutils-2.38-i586-2.txz
Fixed the SlackBuild to not run autoconf in the libiberty and intl
subdirectories. It doesn't work with the latest autoconf, and there
doesn't seem to be any need for it anyway. - d/rcs-5.10.0-i586-4.txz
Patched for glibc-2.35. Thanks to nobodino. - e/emacs-27.2-i586-2.txz
Patched for glibc-2.35. Thanks to nobodino. - kde/digikam-7.5.0-i586-2.txz
Recompiled against jasper-3.0.2. - l/LibRaw-0.20.2-i586-4.txz
Recompiled against jasper-3.0.2. - l/dconf-editor-3.38.3-i586-2.txz
Fixed build errors with meson. - l/fuse-2.9.9-i586-4.txz
Patched for glibc-2.35. Thanks to nobodino. - l/gcr-3.40.0-i586-2.txz
Fixed build errors with meson. - l/gdk-pixbuf2-2.42.6-i586-2.txz
Fixed meson options. - l/gdk-pixbuf2-xlib-2.40.2-i586-4.txz
Fixed meson options. - l/gegl-0.4.34-i586-3.txz
Recompiled against jasper-3.0.2. - l/gtk+2-2.24.33-i586-3.txz
Changed build/host to $ARCH-slackware-linux-gnu. - l/gtk4-4.4.1-i586-2.txz
Fixed meson options. - l/gvfs-1.48.1-i586-2.txz
Fixed build errors with meson. - l/json-glib-1.6.6-i586-2.txz
Fixed meson options. - l/qt5-5.15.3_20211130_014c375b-i586-3.txz
Patched for glibc-2.35. Thanks to nobodino.
Recompiled against jasper-3.0.2. - l/shared-mime-info-2.1-i586-4.txz
Fixed build errors with meson. - n/ntp-4.2.8p15-i586-9.txz
Patched for glibc-2.35. Thanks to nobodino. - x/libinput-1.19.3-i586-2.txz
Recompiled against libwacom-2.1.0. - x/motif-2.3.8-i586-6.txz
Fixed build with LEXLIB=“-lfl”. - x/vulkan-sdk-1.2.176.1-i586-3.txz
Patched for glibc-2.35. Thanks to nobodino. - xap/network-manager-applet-1.24.0-i586-3.txz
Fixed build errors with meson.
Sun Feb 20 05:13:20 UTC 2022
Packages
Upgraded
- l/expat-2.4.5-i586-1.txz
Fixed security issues that could lead to denial of service or potentially
arbitrary code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315
(* Security fix *)
Fri Feb 18 05:29:00 UTC 2022
Packages
Upgraded
- n/php-7.4.28-i586-1.txz
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *) - xap/mozilla-firefox-97.0.1-i686-1.txz
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/97.0.1/releasenotes/ - xap/mozilla-thunderbird-91.6.1-i686-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.6.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0566
(* Security fix *) - extra/php80/php80-8.0.16-i586-1.txz
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *) - extra/php81/php81-8.1.3-i586-1.txz
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
Rebuilt
Tue Feb 15 20:00:48 UTC 2022
Packages
Rebuilt
- a/aaa_base-15.1-i586-2.txz
If root's mailbox did not already exist, it would be created with insecure
permissions leading to possible local information disclosure. This update
ensures that a new mailbox will be created with proper permissions and
ownership, and corrects the permissions on an existing mailbox if they are
found to be incorrect. Thanks to Martin for the bug report.
(* Security fix *)
Upgraded
Tue Feb 15 02:14:30 UTC 2022
Packages
Upgraded
Mon Feb 14 00:10:38 UTC 2022
Packages
Upgraded
- ap/mariadb-10.6.7-i586-1.txz
This update fixes potential denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46663
(* Security fix *)
Fri Feb 11 20:36:58 UTC 2022
Packages
Upgraded
Rebuilt
- d/oprofile-1.4.0-i586-9.txz
Recompiled against binutils-2.38. - x/xorg-server-1.20.14-i586-3.txz
Rebuilt using –with-xkb-path=/usr/share/X11/xkb. Thanks to TheRealGrogan.
Bump OS name: –with-os-name=“Slackware 15.1”. - x/xorg-server-xwayland-21.1.4-i586-2.txz
Rebuilt using -Dxkb_dir=/usr/share/X11/xkb.
Fri Feb 11 01:09:45 UTC 2022
Packages
Rebuilt
- x/xkeyboard-config-2.35.1-noarch-2.txz
Perhaps upstream didn't mean to move these files (or perhaps we should have
recompiled everything that looks for these), but they did switch to meson,
and the 'xkb-base' option to set the data directory doesn't work. Anyway,
I've placed a symlink at /etc/X11/xkb and that fixes the problem.
Thanks to Petri Kaukasoina and LuckyCyborg.
Thu Feb 10 19:30:37 UTC 2022
Packages
Upgraded
- x/xkeyboard-config-2.35.1-noarch-1.txz
This package moves the data files out of /etc.
Thu Feb 10 01:46:55 UTC 2022
Well here we are a week later… welcome back to -current with a bunch of new
updates. Had to give marav's script something to kick out. If it were April 1st
maybe I would have put a fake 15.1 release announcement here.
I'll probably take some time off eventually but there were too many updates
that I skipped during late RC, and I love doing this, so… enjoy!
Packages
Upgraded
- ap/at-3.2.3-i586-1.txz
Switched to at-3.2.3 since version 3.2.4 has a regression that causes
queued jobs to not always run on time when atd is run as a standalone
daemon. Thanks to Cesare. - k/kernel-source-5.16.8_smp-noarch-1.txz
+FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION y - xap/mozilla-firefox-97.0-i686-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/97.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-04/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0511
(* Security fix *) - xap/mozilla-thunderbird-91.6.0-i686-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.6.0/releasenotes/
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.6
(* Security fix *)
Rebuilt
Wed Feb 2 22:22:22 UTC 2022
Slackware 15.0 x86 stable is released!
Another too-long development cycle is behind us after we bit off more than
we could chew and then had to shine it up to a high-gloss finish. Hopefully
we've managed to get the tricky parts out of the way so that we'll be able
to see a 15.1 incremental update after a far shorter development cycle.
Certainly the development infrastructure has been streamlined here and things
should be easier moving forward. My thanks to the rest of the Slackware team,
all the upstream developers who have given us such great building materials,
the folks on LinuxQuestions.org and elsewhere for all the help with testing,
great suggestions, and countless bug fixes, and to everyone who helped
support this project so that the release could finally see the light of day.
I couldn't have done any of this without your help, and I'm grateful to all
of you. Thanks!
For more information, check out the RELEASE_NOTES, CHANGES_AND_HINTS.TXT,
and ANNOUNCE.15.0.
Have fun!
Tue Feb 1 08:27:47 UTC 2022
Packages
Rebuilt
- kde/kate-21.12.1-i586-2.txz
Fix missing validation of binaries executed via QProcess.
Thanks to Heinz Wiesinger.
For more information, see:
https://kde.org/info/security/advisory-20220131-1.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
(* Security fix *)
Tue Feb 1 05:35:21 UTC 2022
Hey, my shiny brass lamp is almost out of fuel!
Packages
Rebuilt
- a/rpm2tgz-1.2.2-i586-6.txz
Don't use –no-absolute-filenames, because inexplicably it also strips the
leading '/' from symlink targets, generally creating a broken symlink.
The problem we were attempting to fix is far less common than symlinks to
absolute filenames, so we'll revert this for further consideration.
Thanks to pghvlaans.
Tue Feb 1 04:37:04 UTC 2022
The sepulchral voice intones, “The cave is now closed.”
Packages
Upgraded
- n/samba-4.15.5-i586-1.txz
This is a security release in order to address the following defects:
UNIX extensions in SMB1 disclose whether the outside target of a symlink
exists.
Out-of-Bound Read/Write on Samba vfs_fruit module. This vulnerability
allows remote attackers to execute arbitrary code as root on affected Samba
installations that use the VFS module vfs_fruit.
Re-adding an SPN skips subsequent SPN conflict checks. An attacker who has
the ability to write to an account can exploit this to perform a
denial-of-service attack by adding an SPN that matches an existing service.
Additionally, an attacker who can intercept traffic can impersonate existing
services, resulting in a loss of confidentiality and integrity.
For more information, see:
https://www.samba.org/samba/security/CVE-2021-44141.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141
https://www.samba.org/samba/security/CVE-2021-44142.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142
https://www.samba.org/samba/security/CVE-2022-0336.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336
(* Security fix *)
Rebuilt
- kde/ktexteditor-5.90.0-i586-2.txz
[PATCH] only start programs in user's path.
[PATCH] only execute diff in path.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
(* Security fix *) - l/libcanberra-0.30-i586-9.txz
Fix a bug crashing some applications in Wayland desktops.
Thanks to 01micko. - x/xterm-370-i586-7.txz
Rebuilt with –disable-sixel-graphics to fix a buffer overflow.
Thanks to gmgf.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24130
(* Security fix *)
Added
- testing/source/linux-5.16.4-configs/*
Sample config files to build 5.16.4 Linux kernels.
Sun Jan 30 20:48:46 UTC 2022
Packages
Rebuilt
- a/aaa_libraries-15.0-i586-19.txz
Upgraded: libexpat.so.1.8.4, libjson-c.so.5.1.0 (thanks to peake).
Upgraded
- l/expat-2.4.4-i586-1.txz
This update merges the patches we previously applied to expat-2.4.3.
Sat Jan 29 19:23:50 UTC 2022
Packages
Upgraded
Rebuilt
Sat Jan 29 06:17:05 UTC 2022
Packages
Rebuilt
- a/rpm2tgz-1.2.2-i586-5.txz
rpm2targz: when extracting the cpio archive from inside the RPM, use
–no-absolute-filenames to protect against a poorly made RPM scribbling all
over system files/directories. Thanks to Sl4ck3ver.
Support -i option to ignore non-zero exit value from rpm2cpio.
This allows repackaging some malformed RPMs.
Thanks to ricky_cardo for the sample malformed RPM.
Fri Jan 28 21:01:03 UTC 2022
Packages
Upgraded
Rebuilt
- x/mesa-21.3.5-i586-2.txz
Include eglinfo utility. Thanks to LuckyCyborg.
Thu Jan 27 22:43:13 UTC 2022
Packages
Rebuilt
- a/aaa_libraries-15.0-i586-18.txz
Rebuilt to pick up the patched libexpat.so.1.8.3. - a/sysvinit-scripts-15.0-noarch-8.txz
rc.S: clear /var/lock/subsys before starting libcgroup services.
Thanks to pyllyukko. - ap/pamixer-1.5-i586-2.txz
Recompiled against boost-1.78.0. - kde/kig-21.12.1-i586-2.txz
Recompiled against boost-1.78.0. - kde/kopeninghours-21.12.1-i586-2.txz
Recompiled against boost-1.78.0. - kde/krita-5.0.2-i586-2.txz
Recompiled against boost-1.78.0. - l/cryfs-0.10.3-i586-4.txz
Recompiled against boost-1.78.0. - l/expat-2.4.3-i586-3.txz
Prevent integer overflow in doProlog.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990
(* Security fix *) - l/openexr-2.5.7-i586-5.txz
Recompiled against boost-1.78.0. - extra/rust-for-mozilla/rust-1.54.0-i686-4.txz
Removed duplicated libLLVM shared library.
Upgraded
- l/boost-1.78.0-i586-1.txz
I hadn't planned to update this at such a late stage, but POV-Ray needs it
and everything we ship builds fine against it. Thanks to bender647.
Shared library .so-version bump. - xap/mozilla-firefox-91.5.1esr-i686-1.txz
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.5.1/releasenotes/
(* Security fix *)
Wed Jan 26 20:46:44 UTC 2022
Packages
Rebuilt
- a/aaa_libraries-15.0-i586-17.txz
Upgraded: libcap.so.2.63, libglib-2.0.so.0.7000.3,
libgmodule-2.0.so.0.7000.3, libgobject-2.0.so.0.7000.3,
libgthread-2.0.so.0.7000.3, libtdb.so.1.4.6. - a/mkinitrd-1.4.11-i586-28.txz
Support kernel modules compressed with xz. Thanks to baldzhang. - n/bluez-5.63-i586-2.txz
rc.bluetooth: use #!/bin/bash shebang.
Filter commented and empty lines when parsing uart.conf.
Thanks to atelszewski.
Upgraded
Wed Jan 26 04:37:35 UTC 2022
Packages
Rebuilt
- l/polkit-0.120-i586-2.txz
[PATCH] pkexec: local privilege escalation.
Thanks to Qualys Research Labs for reporting this issue.
For more information, see:
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034
(* Security fix *)
Tue Jan 25 20:10:35 UTC 2022
Packages
Rebuilt
- d/icecream-1.3.1-i586-4.txz
rc.icecream.conf: generate an error message and avoid a hang when
“hostname -d” doesn't work, usually because the hostname in /etc/HOSTNAME
can't be resolved. Thanks to franzen.
Upgraded
Tue Jan 25 06:16:36 UTC 2022
It may look like we're currently experiencing more stuckness, but this will
lead us to Quality. We'll have this release in the can before you know it.
Packages
Rebuilt
- a/aaa_libraries-15.0-i586-16.txz
Rebuilt to pick up the patched libexpat.so.1.8.3. - a/mkinitrd-1.4.11-i586-27.txz
mkinitrd_command_generator.sh: properly detect partitions of a RAID device.
Thanks to perrin4869. - l/expat-2.4.3-i586-2.txz
Fix signed integer overflow in function XML_GetBuffer for when
XML_CONTEXT_BYTES is defined to >0 (which is both common and
default). Impact is denial of service or other undefined behavior.
While we're here, also patch a memory leak on output file opening error.
Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852
(* Security fix *) - l/glibc-2.33-i586-5.txz
This update patches two security issues:
Unexpected return value from glibc's realpath().
Off-by-one buffer overflow/underflow in glibc's getcwd().
Thanks to Qualys Research Labs for reporting these issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
(* Security fix *)
Upgraded
- a/util-linux-2.37.3-i586-1.txz
This release fixes two security mount(8) and umount(8) issues:
An issue related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
Improper UID check in libmount allows an unprivileged user to unmount
FUSE filesystems of users with similar UID.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
(* Security fix *) - xap/mozilla-thunderbird-91.5.1-i686-1.txz
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.5.1/releasenotes/
Sun Jan 23 19:36:54 UTC 2022
Packages
Upgraded
- l/imagemagick-7.1.0_20-i586-1.txz
Built using –with-fftw. Thanks to stormbr.
Sun Jan 23 01:17:39 UTC 2022
Packages
Upgraded
Rebuilt
- l/libimobiledevice-20211124_2c6121d-i586-2.txz
Don't include compatibility pkgconfig symlink. It's unlikely that
anything requires it. - l/libimobiledevice-glue-20211125_3cb687b-i586-2.txz
Removed broken pkgconfig symlink. Thanks to marav.
Fri Jan 21 19:58:34 UTC 2022
Packages
Upgraded
Fri Jan 21 05:47:49 UTC 2022
Packages
Rebuilt
- a/aaa_libraries-15.0-i586-15.txz
Upgraded: libzstd.so.1.5.2. - l/qt5-5.15.3_20211130_014c375b-i586-2.txz
Applied upstream patch:
[PATCH] Move the wayland socket polling to a separate event thread.
Thanks to LuckyCyborg. - l/svgalib-1.9.25-i586-7.txz
Don't try to use the (broken) assembly. Thanks to nobodino.
Upgraded
Wed Jan 19 18:18:02 UTC 2022
Packages
Upgraded
- n/wpa_supplicant-2.10-i586-1.txz
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant
before 2.10 are vulnerable to side-channel attacks as a result of cache
access patterns.
NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304
(* Security fix *)
Rebuilt
- ap/man-db-2.9.4-i586-3.txz
Don't use –no-purge in the daily cron job to update the databases. - l/gst-plugins-bad-free-1.18.5-i586-4.txz
Link against neon-0.32.2. Thanks to marav. - x/xterm-370-i586-6.txz
XTerm-console: improve the font settings. Thanks to GazL.
Tue Jan 18 20:39:39 UTC 2022
Packages
Upgraded
Rebuilt
- x/xterm-370-i586-5.txz
XTerm-console: don't include locale options by default. Fix typo in comment.
Thanks to GazL.
Mon Jan 17 22:44:42 UTC 2022
Things haven't quite settled down yet with more bugfixes and a couple of safe
upgrades, so not today folks. But enjoy Slackware's half-birthday anyway!
Packages
Upgraded
- ap/slackpkg-15.0.10-noarch-1.txz
Fix mirrors.ucr.ac.cr link address (Emmet Ford)
Remove wroc.pl mirrors (Emmet Ford)
Remove kddilabs.jp from mirrors (Emmet Ford)
Unattended usage improvements (PiterPUNK)
Create file to flag if the system needs restart (PiterPUNK)
Thanks to Robby Workman.
Rebuilt
- kde/plasma-workspace-5.23.5-i586-3.txz
[PATCH 1/2] Revert “Drop setupX11 from startplasma-waylandsession.”
[PATCH 2/2] Revert “Drop X11 root properties for KDE full session.”
Thanks to LuckyCyborg. - x/xterm-370-i586-4.txz
Fixed XTerm-console (previously XTerm.linux.console).
Renamed XTerm.upstream.default to XTerm-upstream.
Thanks to GazL. - xap/fluxbox-1.3.7-i586-6.txz
[PATCH] replace FbRootWindow::depth with maxDepth.
Thanks to OldHolborn.
Sun Jan 16 21:33:27 UTC 2022
Packages
Rebuilt
- a/aaa_libraries-15.0-i586-14.txz
Upgraded: libexpat.so.1.8.3. - kde/kwayland-server-5.23.5-i586-2.txz
Applied upstream patch:
[PATCH] Store surface object in tablet cursor using QPointer.
Thanks to ZhaoLin1457. - x/xterm-370-i586-3.txz
Ship a sample XTerm.linux.console app-defaults file. Thanks to GazL.
Upgraded
- l/expat-2.4.3-i586-1.txz
Fix issues with left shifts by >=29 places resulting in:
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
Fix integer overflow on variable m_groupSize in function doProlog leading
to realloc acting as free. Impact is denial of service or other undefined
behavior.
Prevent integer overflows near memory allocation at multiple places.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827
(* Security fix *)
Sun Jan 16 07:23:29 UTC 2022
Packages
Rebuilt
- a/aaa_base-15.0-i586-3.txz
In initial email to root, use the new /var/lib/pkgtools/ paths to the files
for packages and scripts. Thanks to franzen. - kde/kglobalaccel-5.90.0-i586-2.txz
Applied patch:
[PATCH] Prevent kglobalaccel5 getting activated on non-Plasma systems.
Although this patch was later reverted, I'm on board with the need for it.
If it causes any problems, please let me know soon.
Thanks to Lockywolf. - kde/sddm-0.19.0-i586-10.txz
Allow the init program to properly supervise sddm when entering runlevel 4.
Thanks to mumahendras3. - x/xterm-370-i586-2.txz
Use upstream app-defaults again. Thanks to OldHolborn.
Upgraded
Fri Jan 14 05:24:07 UTC 2022
Packages
Upgraded
- a/cryptsetup-2.4.3-i586-1.txz
This update addresses a multi-step attack on LUKS2 format by orchestrating
LUKS2 reencryption metadata in existing LUKS2 header. An attacker is able to
trigger permanent data decryption (ciphertext→plaintext transformation) on
part of data device on next LUKS2 device activation. Attacker does _not_
have to know passphrase or decrypted volume encryption key.
cryptsetup versions older than 2.2.0 are not affected by this, because they
do not support online LUKS2 reencryption.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4122
(* Security fix *)
Wed Jan 12 22:04:33 UTC 2022
Good hello, and welcome to the third and final release candidate for Slackware
15.0. We're 99% frozen at this point and are mostly looking for regression or
other bug reports that might be able to be addressed before this goes stable.
Of course, the management here reserves the right to make exceptions… that
5.15.15 kernel version has a nice ring to it. If your requests didn't make it
into this iteration, perhaps we will revisit them for the next -current cycle.
Some were just a little too late but will more than likely be needed next time
(I'm looking at Didier's grubconfig), while others are just out of scope for
the main tree where I like to abide by YAGNI as much as possible.
Anyway, let's get some testing done and we'll be there soon. Enjoy!
Packages
Rebuilt
- a/aaa_base-15.0-i586-2.txz
The Linux Counter has shut down, so remove the registration email.
Update the welcome email for Slackware 15.0. - a/aaa_libraries-15.0-i586-13.txz
Upgraded: libsigsegv.so.2.0.7. - kde/plasma-workspace-5.23.5-i586-2.txz
[PATCH] [libtaskmanager] Increase buffer for pipewire format negotiation.
Thanks to ZhaoLin1457.
[PATCH] runners/shell: Port from KToolInvocation::invokeTerminal
to KTerminalLauncherJob.
Thanks to gmgf. - n/metamail-2.7-i586-10.txz
Fixed misnamed mimencode man page. Thanks to mbeninca.