Slackwarearm-current ChangeLog (2019-10-22)
Tue Oct 22 08:08:08 UTC 2019
The mini root filesystem has been updated:
ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-devtools/minirootfs/slack-current-miniroot_21Oct19.tar.xz
Packages
Removed
a/getty-ps-2.1.0b-arm-4.txz
Removed due to commercial use restrictionsa/lha-114i-arm-3.txz
Removed due to vague licensing terms.xap/xfractint-20.04p13-arm-3.txz
Removed due to commercial use restrictionsxap/xv-3.10a-arm-4.txz
Removed due to non-commercial use shareware license.
Added
- a/lhasa-0.3.1-arm-1.txz
This is an extraction-only LHA utility with an OSI approved license.
Rebuilt
- a/shadow-4.7-arm-3.txz
Added /etc/environment.new to fix “sudo -i” noise.
Upgraded
- ap/lm_sensors-3.6.0-arm-1.txz
- ap/vim-8.1.2174-arm-1.txz
- d/python-2.7.17-arm-1.txz
This update fixes bugs and security issues:
Update vendorized expat library version to 2.2.8.
Disallow URL paths with embedded whitespace or control characters into the
underlying http client request. Such potentially malicious header injection
URLs now cause an httplib.InvalidURL exception to be raised.
Avoid file reading by disallowing ``local-file:`` and ``local_file:``
URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
:meth:`urllib.URLopener.retrieve`.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
(* Security fix *) - d/python-pip-19.3.1-arm-1.txz
- l/mozilla-nss-3.47-arm-1.txz
Upgraded to nss-3.47 and nspr-4.23. - l/netpbm-10.88.00-arm-1.txz
- n/ca-certificates-20191018-noarch-1.txz
- n/proftpd-1.3.6b-arm-1.txz
- n/samba-4.11.1-arm-1.txz
- xap/vim-gvim-8.1.2174-arm-1.txz