Slackwarearm-current ChangeLog (2020-05-24)
Sun May 24 08:08:08 UTC 2020
Hello! With this update, PAM has been merged into the main tree.
When updating, be sure to install the new pam, cracklib, and
libpwquality packages or you may find yourself locked out of your machine.
Otherwise, these changes should be completely transparent and you shouldn't
notice any obvious operational differences. Be careful if you make any changes
in /etc/pam.d/ - leaving an extra console logged in while testing PAM config
changes is a recommended standard procedure. Thanks again to Robby Workman,
Vincent Batts, Phantom X, and ivandi for help implementing this.
It's expected that there will be some more fine-tuning of the config files, but
for now it's good to go!
Packages
Added
- a/cracklib-2.9.7-arm-1.txz
- a/libpwquality-1.4.2-arm-1.txz
- a/pam-1.3.1-arm-1.txz
- n/nss-pam-ldapd-0.9.11-arm-1.txz
- n/pam-krb5-4.9-arm-1.txz
- x/xisxwayland-1-arm-1.txz
Upgraded
- a/kernel-firmware-20200519_8ba6fa6-noarch-1.txz
- a/utempter-1.2.0-arm-1.txz
- a/util-linux-2.35.2-arm-1.txz
Rebuilt to add PAM support. - ap/soma-3.3.0-noarch-1.txz
Thanks to David Woodfall. - ap/vim-8.2.0788-arm-1.txz
- d/Cython-0.29.19-arm-1.txz
- d/bison-3.6.2-arm-1.txz
- d/meson-0.54.2-arm-1.txz
- d/python-pip-20.1.1-arm-1.txz
- d/python-setuptools-46.4.0-arm-1.txz
- d/vala-0.48.6-arm-1.txz
- l/ffmpeg-4.2.3-arm-1.txz
- l/glib2-2.64.3-arm-1.txz
- l/icu4c-67.1-arm-1.txz
Shared library .so-version bump. - l/imagemagick-7.0.10_13-arm-1.txz
- l/iso-codes-4.5.0-arm-1.txz
- l/libarchive-3.4.3-arm-1.txz
- l/libexif-0.6.22-arm-1.txz
This update fixes bugs and security issues:
CVE-2018-20030: Fix for recursion DoS
CVE-2020-13114: Time consumption DoS when parsing canon array markers
CVE-2020-13113: Potential use of uninitialized memory
CVE-2020-13112: Various buffer overread fixes due to integer overflows
in maker notes
CVE-2020-0093: read overflow
CVE-2019-9278: replaced integer overflow checks the compiler could
optimize away by safer constructs
CVE-2020-12767: fixed division by zero
CVE-2016-6328: fixed integer overflow when parsing maker notes
CVE-2017-7544: fixed buffer overread
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
(* Security fix *) - l/libuv-1.38.0-arm-1.txz
- l/mozilla-nss-3.52.1-arm-1.txz
- l/python-packaging-20.4-arm-1.txz
- l/python-six-1.15.0-arm-1.txz
- l/v4l-utils-1.20.0-arm-1.txz
- l/zstd-1.4.5-arm-1.txz
- n/bind-9.16.3-arm-1.txz
This update fixes a security issue:
A malicious actor who intentionally exploits the lack of effective
limitation on the number of fetches performed when processing referrals
can, through the use of specially crafted referrals, cause a recursing
server to issue a very large number of fetches in an attempt to process
the referral. This has at least two potential effects: The performance of
the recursing server can potentially be degraded by the additional work
required to perform these fetches, and the attacker can exploit this
behavior to use the recursing server as a reflector in a reflection attack
with a high amplification factor.
For more information, see:
https://kb.isc.org/docs/cve-2020-8616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616
(* Security fix *) - n/dovecot-2.3.10.1-arm-1.txz
Rebuilt to add PAM support.
Compiled against icu4c-67.1.
This update fixes several denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10967
(* Security fix *) - n/mutt-1.14.1-arm-1.txz
- n/postfix-3.5.2-arm-1.txz
Compiled against icu4c-67.1. - n/samba-4.12.3-arm-1.txz
Rebuilt to add PAM support.
Recompiled against icu4c-67.1. - x/fontconfig-2.13.92-arm-1.txz
- x/vulkan-sdk-1.2.135.0-arm-1.txz
- x/xf86-input-libinput-0.30.0-arm-1.txz
- xap/mozilla-thunderbird-68.8.1-arm-1.txz
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.8.1/releasenotes/ - xap/sane-1.0.30-arm-1.txz
This update fixes several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864
(* Security fix *) - xap/vim-gvim-8.2.0788-arm-1.txz
Rebuilt
- a/libcgroup-0.41-arm-7.txz
Rebuilt to add PAM support. - a/shadow-4.8.1-arm-8.txz
Rebuilt to add PAM support.
It seems that /etc/suauth is not supported when PAM is in use, so
the man pages for it have been removed.
Use 'sudo' as a replacement. - a/xfsprogs-5.6.0-arm-2.txz
Recompiled against icu4c-67.1. - ap/at-3.2.1-arm-2.txz
Rebuilt to add PAM support. - ap/cups-2.3.3-arm-2.txz
Rebuilt to add PAM support. - ap/hplip-3.20.5-arm-2.txz
Rebuilt to add PAM support. - ap/mariadb-10.4.13-arm-2.txz
Rebuilt to add PAM support. - ap/screen-4.8.0-arm-2.txz
Rebuilt to add PAM support. - ap/sqlite-3.31.1-arm-2.txz
Recompiled against icu4c-67.1. - ap/sudo-1.9.0-arm-2.txz
Rebuilt to add PAM support. - kde/calligra-2.9.11-arm-35.txz
Recompiled against icu4c-67.1. - kde/kde-workspace-4.11.22-arm-7.txz
Rebuilt to add PAM support.
Added /etc/pam.d/kde-np to fix KDM autologin.
Thanks to USUARIONUEVO for the bug report.
kde-np: by default, do not restrict passwordless login for UIDs below 1000,
but keep the option to do so in the file commented out. - l/ConsoleKit2-1.2.1-arm-4.txz
Rebuilt to add PAM support. - l/boost-1.73.0-arm-2.txz
Recompiled against icu4c-67.1. - l/gnome-keyring-3.36.0-arm-2.txz
Rebuilt to add PAM support. - l/harfbuzz-2.6.6-arm-2.txz
Recompiled against icu4c-67.1. - l/libcap-2.34-arm-2.txz
Rebuilt to add PAM support. - l/libical-3.0.8-arm-2.txz
Recompiled against icu4c-67.1. - l/libvisio-0.1.7-arm-3.txz
Recompiled against icu4c-67.1. - l/oniguruma-6.9.5_rev1-arm-2.txz
Rebuilt with –enable-posix-api. Thanks to MisterL. - l/polkit-0.116-arm-3.txz
Rebuilt to add PAM support. - l/qt-4.8.7-arm-10.txz
Recompiled against icu4c-67.1. - l/qt5-5.13.2-arm-3.txz
Recompiled against icu4c-67.1. - l/qt5-webkit-5.212.0_alpha4-arm-2.txz
Recompiled against icu4c-67.1. - l/raptor2-2.0.15-arm-8.txz
Recompiled against icu4c-67.1. - l/system-config-printer-1.5.12-arm-4.txz
Rebuilt to add PAM support. - l/vte-0.60.2-arm-2.txz
Recompiled against icu4c-67.1. - n/cifs-utils-6.10-arm-4.txz
Rebuilt to add PAM support. - n/cyrus-sasl-2.1.27-arm-5.txz
Rebuilt to add PAM support. - n/netatalk-3.1.12-arm-3.txz
Rebuilt to add PAM support. - n/netkit-rsh-0.17-arm-4.txz
Rebuilt to add PAM support. - n/openssh-8.2p1-arm-2.txz
Rebuilt to add PAM support. - n/openvpn-2.4.9-arm-2.txz
Rebuilt to add PAM support. - n/php-7.4.6-arm-2.txz
Recompiled against icu4c-67.1. - n/popa3d-1.0.3-arm-5.txz
Rebuilt to add PAM support. - n/ppp-2.4.8-arm-2.txz
Rebuilt to add PAM support. - n/proftpd-1.3.6c-arm-2.txz
Rebuilt to add PAM support. - n/tin-2.4.4-arm-2.txz
Recompiled against icu4c-67.1. - n/vsftpd-3.0.3-arm-5.txz
Rebuilt to add PAM support. - t/texlive-2019.190626-arm-5.txz
Recompiled against icu4c-67.1. - x/xdm-1.1.11-arm-4.txz
Rebuilt to add PAM support. - xap/xlockmore-5.63-arm-2.txz
Rebuilt to add PAM support. - xap/xscreensaver-5.44-arm-2.txz
Rebuilt to add PAM support. - extra/brltty/brltty-6.1-arm-2.txz
Recompiled against icu4c-67.1.
Giuseppe Di Terlizzi