Slackwarearm-current ChangeLog (2020-02-07)
Fri Feb 07 08:08:08 UTC 2020
The mini root filesystem has been updated:
ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-devtools/minirootfs/slack-current-miniroot_06Feb20.tar.xz
Packages
Rebuilt
- a/aaa_elflibs-15.0-arm-18.txz
Upgraded: libcap.so.2.31, libgmp.so.10.4.0, libgmpxx.so.4.6.0.
Added: libgssapi_krb5.so.2.2, libk5crypto.so.3.1, libkrb5.so.3.3,
libkrb5support.so.0.1.
Upgraded: libisl.so.22.0.1.
Added: libkeyutils.so.1.9. - a/pkgtools-15.0-noarch-22.txz
removepkg: prevent upgradepkg noise when a directory turns into a symlink.
setup.vi-ex: don't make symlinks if the targets don't exist. - ap/linuxdoc-tools-0.9.73-arm-5.txz
gnome-doc-tools: Make '/usr/bin/xml2po' and its accompanying Python module
build against Python3.
Thanks to bassmadrigal and ponce on LQ for the report and the patch. - d/distcc-3.3.3-arm-3.txz
Move symlink tree into /usr/lib/distcc/, and make a link in /usr/lib64/ if
needed. Seems like this is how everyone else sets it up. Thanks to hpfeil.
Recompiled against krb5-1.17.1 (–with-auth). - d/llvm-9.0.1-arm-3.txz
Added polly-9.0.1 (polyhedral optimizations for LLVM). - n/libtirpc-1.2.5-arm-2.txz
Recompiled against krb5-1.17.1 (–enable-gssapi). - n/nfs-utils-2.4.2-arm-3.txz
Added /etc/exports.d directory.
Removed the bogus sanity checks. Sure, we could try to “fix” them, but this
seems to be the path of least resistance.
Recompiled against krb5-1.17.1 (–enable-gss=yes –enable-svcgss=yes
–enable-nfsv4=yes). NFSv4 support in rc.nfsd still pending. - xap/xsane-0.999-arm-4.txz
Added plugin symlink for GIMP. Thanks to Markus Wiesner. - isolinux/*
Upgraded
- a/aaa_terminfo-6.1_20200118-arm-1.txz
- a/cryptsetup-2.3.0-arm-1.txz
- a/hwdata-0.332-arm-1.txz
- a/inotify-tools-3.20.2.2-arm-1.txz
- a/kernel-firmware-20200204_b791e15-noarch-1.txz
- a/kernel-modules-armv7-5.4.18_armv7-arm-1.txz
- a/kernel_armv7-5.4.18-arm-1.txz
- a/pciutils-3.6.4-arm-1.txz
- a/shadow-4.8.1-arm-1.txz
- a/util-linux-2.35.1-arm-1.txz
- ap/cups-filters-1.27.0-arm-1.txz
- ap/mariadb-10.4.12-arm-1.txz
This fixes a potential denial-of-service vulnerability.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2574
(* Security fix *) - ap/mc-4.8.24-arm-1.txz
- ap/qpdf-9.1.1-arm-1.txz
- ap/sqlite-3.31.1-arm-1.txz
- ap/sudo-1.8.31-arm-1.txz
This update fixes a security issue:
In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can
trigger a stack-based buffer overflow in the privileged sudo process.
(pwfeedback is a default setting in some Linux distributions; however, it
is not the default for upstream or in Slackware, and would exist only if
enabled by an administrator.) The attacker needs to deliver a long string
to the stdin of getln() in tgetpass.c.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634
(* Security fix *) - ap/vim-8.2.0131-arm-1.txz
- ap/xfsdump-3.1.9-arm-1.txz
- d/bison-3.5.1-arm-1.txz
- d/check-0.14.0-arm-1.txz
- d/cmake-3.16.4-arm-1.txz
- d/icecream-1.3.1-arm-1.txz
- d/kernel-headers-5.4.18-arm-1.txz
- d/mercurial-5.3-arm-1.txz
- d/meson-0.53.1-arm-1.txz
- d/ninja-1.10.0-arm-1.txz
- d/parallel-20200122-noarch-1.txz
- d/python-pip-20.0.2-arm-1.txz
- d/python-setuptools-45.1.0-arm-1.txz
- d/rust-1.41.0-arm-1.txz
- k/kernel-source-5.4.18-arm-1.txz
- l/Mako-1.1.1-arm-1.txz
- l/gegl-0.4.20-arm-1.txz
- l/gmp-6.2.0-arm-1.txz
- l/imagemagick-7.0.9_21-arm-1.txz
- l/isl-0.22.1-arm-1.txz
- l/keyutils-1.6.1-arm-1.txz
- l/libmtp-1.1.17-arm-1.txz
- l/libtasn1-4.16.0-arm-1.txz
- l/libzip-1.6.1-arm-1.txz
- l/mozilla-nss-3.49.2-arm-1.txz
- l/ncurses-6.1_20200118-arm-1.txz
- l/netpbm-10.89.01-arm-1.txz
- l/python-packaging-20.1-arm-1.txz
- l/python-urllib3-1.25.8-arm-1.txz
- l/sip-4.19.21-arm-1.txz
- n/NetworkManager-1.22.6-arm-1.txz
- n/alpine-2.22-arm-1.txz
- n/bind-9.14.10-arm-1.txz
This is a bugfix release:
With some libmaxminddb versions, named could erroneously match an IP address
not belonging to any subnet defined in a given GeoIP2 database to one of the
existing entries in that database. [GL #1552]
Fix line spacing in `rndc secroots`. Thanks to Tony Finch. [GL #2478]
Recompiled against krb5-1.17.1 (–with-gssapi). - n/dhcp-4.4.2-arm-1.txz
- n/dhcpcd-8.1.6-arm-1.txz
- n/gnutls-3.6.12-arm-1.txz
- n/iproute2-5.5.0-arm-1.txz
- n/openldap-client-2.4.49-arm-1.txz
- n/p11-kit-0.23.20-arm-1.txz
- n/php-7.4.2-arm-1.txz
This update fixes bugs and security issues:
Standard: OOB read in php_strip_tags_ex
Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7060
(* Security fix *)
Patched for c-client library API change. Thanks to ecd102.
Recompiled against krb5-1.17.1 (–with-kerberos).
php.ini: Added extension=gd and extension=zip. Thanks to avian. - n/postfix-3.4.9-arm-1.txz
- n/s-nail-14.9.17-arm-1.txz
- n/samba-4.11.6-arm-1.txz
This update fixes the following security issues:
Replication of ACLs set to inherit down a subtree on AD Directory
not automatic.
Crash after failed character conversion at log level 3 or above.
Use after free during DNS zone scavenging in Samba AD DC.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344
(* Security fix *) - n/whois-5.5.5-arm-1.txz
- x/libinput-1.15.1-arm-1.txz
- x/libva-2.6.1-arm-1.txz
- x/mesa-19.3.3-arm-1.txz
- x/mtdev-1.1.6-arm-1.txz
- x/vulkan-sdk-1.2.131.1-arm-1.txz
- x/xkeyboard-config-2.29-arm-1.txz
- x/xterm-353-arm-1.txz
- xap/blueman-2.1.2-arm-1.txz
- xap/gparted-1.1.0-arm-1.txz
- xap/mozilla-firefox-68.4.2esr-arm-1.txz
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.4.2/releasenotes/
https://bugzilla.mozilla.org/show_bug.cgi?id=1602726 - xap/mozilla-thunderbird-68.4.2-arm-1.txz
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.4.2/releasenotes/
https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *) - xap/sane-1.0.29-arm-1.txz
Added plugin symlink for GIMP. Thanks to Markus Wiesner. - xap/vim-gvim-8.2.0131-arm-1.txz
- xap/xlockmore-5.62-arm-1.txz
- kernels/*
Added
- a/zerofree-1.1.1-arm-1.txz
Thanks to bifferos. - n/krb5-1.17.1-arm-1.txz
- xfce/thunar-1.8.12-arm-1.txz
Changed package name from “Thunar” to “thunar” to follow upstream's naming.
Removed
xfce/Thunar-1.8.11-arm-1.txz