Slackwarearm-current ChangeLog (2017-11-30)

Thu Nov 30 08:08:08 UTC 2017

  • a/coreutils-8.28-arm-2.txz
    Removed ancient (1992) aliases “dir, vdir, d, v” from the profile scripts.
  • ap/hplip-3.17.11-arm-2.txz
    Fixed a few Python scripts that did not have a proper python3 shebang.
    Thanks to dugan.
  • l/ffmpeg-3.4-arm-2.txz
    Recompiled against libva.so.2.0.0.
  • n/cyrus-sasl-2.1.26-arm-3.txz
    Use /dev/urandom rather than /dev/random to avoid entropy starvation.
    Thanks to mr.spuratic.
  • n/dhcpcd-6.11.5-arm-2.txz
    Use hostname_short in dhcpcd.conf. Thanks to KewlCat.
  • n/network-scripts-15.0-noarch-2.txz
    Script cleanups from Jakub Jankowski:
    netconfig: Add comment to netconfig-generated rc.inet1.conf
    rc.inet1: Check for iface in /sys/class/net, not /proc/net/dev
    rc.inet1: Remove unnecessary unset num
    rc.inet1: Factor DEBUG_ETH_UP logging to a separate function
    rc.inet1: Use ${array[*]} not ${array[@]} to produce a string
    rc.inet1: Avoid de-/configuring ifaces with indexes >=MAXNICS
    rc.inet1: Avoid code duplication by combining case/esac
    rc.inet1: Add missing 'dev' keyword
    rc.inet1: Remove unnecessary $(echo)
    rc.inet1*: Simplify virtif_* code, add note to example config
    rc.inet1: Test for loopback being “state UNKNOWN” too.
    rc.inet1: Use simple test (-n/-z) for non-empty/empty
    rc.inet1: Replace [ test1 -a test2 ] with [ test1 ] && [ test2 ]
  • x/xf86-video-armsoc-1.4.1-arm-10.txz
  • x/xf86-video-fbdev-110.e0bce0d-arm-8.txz
  • x/xf86-video-fbturbo-199.f9a6ed7-arm-11.txz
  • x/xf86-video-opentegra-0.7.0-arm-10.txz
  • xap/xine-lib-1.2.8-arm-4.txz
    Recompiled against libva.so.2.0.0.
  • a/eudev-3.2.5-arm-1.txz
  • a/usbutils-009-arm-1.txz
  • ap/lxc-2.0.9-arm-1.txz
  • ap/man-pages-4.14-noarch-1.txz
    Don't ship a whatis database, since man-db doesn't need one.
  • ap/mariadb-10.2.11-arm-1.txz
  • ap/mc-4.8.20-arm-1.txz
  • ap/nano-2.9.1-arm-1.txz
  • d/git-2.15.1-arm-1.txz
  • d/python-setuptools-38.2.3-arm-1.txz
  • kde/konsole-4.14.3-arm-1.txz
    Fixed scrollUp behavior. Thanks to Andrzej Telszewski.
  • l/QScintilla-2.10.2-arm-1.txz
  • l/sip-4.19.6-arm-1.txz
  • n/curl-7.57.0-arm-1.txz
    This update fixes security issues:
    SSL out of buffer access
    FTP wildcard out of bounds read
    NTLM buffer overflow via integer overflow
    For more information, see:
    https://curl.haxx.se/docs/adv_2017-af0a.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8818
    https://curl.haxx.se/docs/adv_2017-ae72.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817
    https://curl.haxx.se/docs/adv_2017-12e7.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816
    (* Security fix *)
  • n/openldap-client-2.4.45-arm-1.txz
  • n/samba-4.7.3-arm-1.txz
    This is a security release in order to address the following defects:
    CVE-2017-14746 (Use-after-free vulnerability.)
    All versions of Samba from 4.0.0 onwards are vulnerable to a use after
    free vulnerability, where a malicious SMB1 request can be used to
    control the contents of heap memory via a deallocated heap pointer. It
    is possible this may be used to compromise the SMB server.
    CVE-2017-15275 (Server heap memory information leak.)
    All versions of Samba from 3.6.0 onwards are vulnerable to a heap
    memory information leak, where server allocated heap memory may be
    returned to the client without being cleared.
    For more information, see:
    https://www.samba.org/samba/security/CVE-2017-14746.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746
    https://www.samba.org/samba/security/CVE-2017-15275.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
    (* Security fix *)
  • x/libXcursor-1.1.15-arm-1.txz
    Fix heap overflows when parsing malicious files. (CVE-2017-16612)
    It is possible to trigger heap overflows due to an integer overflow
    while parsing images and a signedness issue while parsing comments.
    The integer overflow occurs because the chosen limit 0x10000 for
    dimensions is too large for 32 bit systems, because each pixel takes
    4 bytes. Properly chosen values allow an overflow which in turn will
    lead to less allocated memory than needed for subsequent reads.
    The signedness bug is triggered by reading the length of a comment
    as unsigned int, but casting it to int when calling the function
    XcursorCommentCreate. Turning length into a negative value allows the
    check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
    addition of sizeof (XcursorComment) + 1 makes it possible to allocate
    less memory than needed for subsequent reads.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
    (* Security fix *)
  • x/libXfont2-2.0.3-arm-1.txz
    Open files with O_NOFOLLOW. (CVE-2017-16611)
    A non-privileged X client can instruct X server running under root
    to open any file by creating own directory with “fonts.dir”,
    “fonts.alias” or any font file being a symbolic link to any other
    file in the system. X server will then open it. This can be issue
    with special files such as /dev/watchdog (which could then reboot
    the system).
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16611
    (* Security fix *)
  • x/libva-2.0.0-arm-1.txz
    Shared library .so-version bump.
  • x/mesa-17.2.6-arm-1.txz
  • x/xfs-1.2.0-arm-1.txz
  • x/xkeyboard-config-2.22-arm-1.txz
  • xap/gparted-0.30.0-arm-1.txz
  • xfce/Thunar-1.6.13-arm-1.txz
  • l/talloc-2.1.10-arm-1.txz
  • l/tdb-1.3.15-arm-1.txz
  • l/tevent-0.9.34-arm-1.txz
  • x/libva-utils-2.0.0-arm-1.txz
  • news/2017/11/30/slackwarearm-current-changelog.txt
  • Last modified: 3 years ago
  • by Giuseppe Di Terlizzi