Slackwarearm-current ChangeLog (2019-04-20)
Sat Apr 20 08:07:06 GMT 2019
Packages
Upgraded
- a/gawk-5.0.0-arm-1.txz
- ap/ksh93-20190416_7d7bba3e-arm-1.txz
- ap/nano-4.1-arm-1.txz
- ap/sqlite-3.28.0-arm-1.txz
- ap/sysstat-12.1.4-arm-1.txz
- ap/vim-8.1.1157-arm-1.txz
- d/Cython-0.29.7-arm-1.txz
- d/cmake-3.14.2-arm-1.txz
- d/meson-0.50.1-arm-1.txz
- d/ruby-2.6.3-arm-1.txz
- d/rust-1.34.0-arm-1.txz
- e/emacs-26.2-arm-1.txz
- l/Mako-1.0.9-arm-1.txz
- l/boost-1.70.0-arm-1.txz
Shared library .so-version bump.
Note: Boost now provides its own BoostConfig.cmake config file, and it may
not work with all existing code (here, calligra stumbled over it). At this
point it's not clear if the included cmake config files are buggy, or if
affected projects need to change something in order to use them, but there's
an easy workaround to use cmake's FindBoost.cmake (as was used previously).
Add this to the call to cmake from any affected project (if cmake fails with
an error: “No suitable build variant has been found.”):
-DBoost_NO_BOOST_CMAKE=ON - l/glib2-2.60.1-arm-1.txz
- l/gtk+3-3.24.8-arm-1.txz
- l/icu4c-64.2-arm-1.txz
- l/imagemagick-6.9.10_40-arm-1.txz
- l/libcap-2.27-arm-1.txz
- l/libcdio-2.1.0-arm-1.txz
Shared library .so-version bump. - l/libpng-1.6.37-arm-1.txz
This update fixes security issues:
Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
Fixed a memory leak in pngtest.c.
Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
contrib/pngminus; refactor.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317
(* Security fix *) - l/libpsl-0.21.0-arm-1.txz
- l/opus-1.3.1-arm-1.txz
- l/orc-0.4.29-arm-1.txz
- l/pcre2-10.33-arm-1.txz
- l/pyparsing-2.4.0-arm-1.txz
- l/zstd-1.4.0-arm-1.txz
- n/dhcpcd-7.2.0-arm-1.txz
- n/dovecot-2.3.5.2-arm-1.txz
This update fixes a security issue:
Trying to login with 8bit username containing invalid UTF8 input causes
auth process to crash if auth policy is enabled. This could be used rather
easily to cause a DoS. Similar crash also happens during mail delivery
when using invalid UTF8 in From or Subject header when OX push
notification driver is used.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
(* Security fix *) - n/libmbim-1.18.2-arm-1.txz
- n/libqmi-1.22.4-arm-1.txz
- n/nghttp2-1.38.0-arm-1.txz
- n/openssh-8.0p1-arm-1.txz
This release contains a mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
(* Security fix *) - n/stunnel-5.53-arm-1.txz
- x/libwacom-0.33-arm-1.txz
- x/mesa-19.0.2-arm-1.txz
- xap/MPlayer-1.3_20190418-arm-1.txz
Compiled against libcdio-2.1.0. - xap/vim-gvim-8.1.1157-arm-1.txz
Rebuilt
- ap/pamixer-1.4-arm-2.txz
Recompiled against boost-1.70.0. - kde/calligra-2.9.11-arm-28.txz
Recompiled against boost-1.70.0. - l/akonadi-1.13.0-arm-12.txz
Recompiled against boost-1.70.0. - l/giflib-5.1.9-arm-2.txz
Restore GifQuantizeBuffer and other deprecated functions to the shared
library. Thanks to Skaendo. - l/gvfs-1.40.1-arm-2.txz
Recompiled against libcdio-2.1.0. - l/libcddb-1.3.2-arm-4.txz
Recompiled against libcdio-2.1.0. - l/libcdio-paranoia-10.2+2.0.0-arm-2.txz
Recompiled against libcdio-2.1.0. - n/nfs-utils-2.3.3-arm-3.txz
rc.nfsd: don't try to create the nfsv4recoverydir - the build script will
determine the directory to use and include it in the package.
rc.nfsd: drop 2.4 kernel support, and use better code for mounting the nfsd
filesystem.
Thanks to shasta. - xap/audacious-plugins-3.10.1-arm-2.txz
Recompiled against libcdio-2.1.0.