Slackwarearm-current ChangeLog (2021-01-28)

Thu Jan 28 08:08:08 UTC 2021


If you follow Slackware-current on x86/64, you may have been expecting a world
rebuild. I've planned to sidestep that on ARM, as there'll be another coming
in February for the glibc-2.33 upgrade. That said, there will be a number of
package upgrades in the next couple of weeks, as I update the cross compiler
toolchain and ensure that the build system modifications required for AArch64
continue to work on ARM.

MoZes.
  • a/btrfs-progs-5.10-arm-1.txz
  • a/dialog-1.3_20210117-arm-1.txz
  • a/glibc-solibs-2.32-arm-1.txz
  • a/glibc-zoneinfo-2021a-noarch-1.txz
    This package provides the latest timezone updates.
  • a/kernel-firmware-20210119_0578970-noarch-1.txz
  • a/kernel-modules-armv7-5.10.11_armv7-arm-1.txz
  • a/kernel_armv7-5.10.11-arm-1.txz
  • a/libbytesize-2.5-arm-1.txz
  • a/os-prober-1.78-arm-1.txz
  • ap/inxi-20210113_1e2d470c-noarch-1.txz
  • ap/mc-4.8.26-arm-1.txz
  • ap/sqlite-3.34.1-arm-1.txz
  • ap/sudo-1.9.5p2-arm-1.txz
    When invoked as sudoedit, the same set of command line options
    are now accepted as for “sudo -e”. The -H and -P options are
    now rejected for sudoedit and “sudo -e” which matches the sudo
    1.7 behavior. This is part of the fix for CVE-2021-3156.
    Fixed a potential buffer overflow when unescaping backslashes
    in the command's arguments. Normally, sudo escapes special
    characters when running a command via a shell (sudo -s or sudo
    -i). However, it was also possible to run sudoedit with the -s
    or -i flags in which case no escaping had actually been done,
    making a buffer overflow possible. This fixes CVE-2021-3156.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
    (* Security fix *)
  • ap/vim-8.2.2394-arm-1.txz
  • ap/vorbis-tools-1.4.2-arm-1.txz
  • d/binutils-2.36-arm-1.txz
    Revert commit d1bcae833b32f1408485ce69f844dcd7ded093a8:
    [PATCH] ELF: Don't generate unused section symbols
    This fixes building the kernel.
  • d/bison-3.7.5-arm-1.txz
  • d/help2man-1.47.17-arm-1.txz
  • d/kernel-headers-5.10.11-arm-1.txz
  • d/make-4.3-arm-1.txz
    We'll upgrade to make-4.3 again (with a few patches from Fedora) since this
    is now working with all the sources that we ship.
  • d/parallel-20210122-noarch-1.txz
  • d/perl-5.32.1-arm-1.txz
  • d/python-pip-21.0-arm-1.txz
  • d/python-setuptools-52.0.0-arm-1.txz
  • d/rust-1.49.0-arm-1.txz
  • k/kernel-source-5.10.11-arm-1.txz
  • kde/krita-4.4.2-arm-1.txz
  • l/glibc-2.32-arm-1.txz
  • l/glibc-i18n-2.32-arm-1.txz
  • l/glibc-profile-2.32-arm-1.txz
  • l/gtk+2-2.24.33-arm-1.txz
  • l/imagemagick-7.0.10_60-arm-1.txz
  • l/libcap-2.47-arm-1.txz
  • l/libsamplerate-0.2.1-arm-1.txz
  • l/libsndfile-1.0.31-arm-1.txz
  • l/loudmouth-1.5.4-arm-1.txz
  • l/mozilla-nss-3.61-arm-1.txz
  • l/mozjs78-78.7.0esr-arm-1.txz
  • l/pango-1.48.1-arm-1.txz
  • l/pipewire-0.3.20-arm-1.txz
  • l/python-urllib3-1.26.3-arm-1.txz
  • l/talloc-2.3.2-arm-1.txz
  • l/vte-0.62.2-arm-1.txz
  • n/autofs-5.1.7-arm-1.txz
  • n/bind-9.16.11-arm-1.txz
  • n/dnsmasq-2.84-arm-1.txz
    This update fixes bugs and remotely exploitable security issues:
    Use the values of –min-port and –max-port in outgoing
    TCP connections to upstream DNS servers.
    Fix a remote buffer overflow problem in the DNSSEC code. Any
    dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
    referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
    CVE-2020-25687.
    Be sure to only accept UDP DNS query replies at the address
    from which the query was originated. This keeps as much entropy
    in the {query-ID, random-port} tuple as possible, to help defeat
    cache poisoning attacks. Refer: CVE-2020-25684.
    Use the SHA-256 hash function to verify that DNS answers
    received are for the questions originally asked. This replaces
    the slightly insecure SHA-1 (when compiled with DNSSEC) or
    the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.
    Handle multiple identical near simultaneous DNS queries better.
    Previously, such queries would all be forwarded
    independently. This is, in theory, inefficent but in practise
    not a problem, _except_ that is means that an answer for any
    of the forwarded queries will be accepted and cached.
    An attacker can send a query multiple times, and for each repeat,
    another {port, ID} becomes capable of accepting the answer he is
    sending in the blind, to random IDs and ports. The chance of a
    succesful attack is therefore multiplied by the number of repeats
    of the query. The new behaviour detects repeated queries and
    merely stores the clients sending repeats so that when the
    first query completes, the answer can be sent to all the
    clients who asked. Refer: CVE-2020-25686.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25681
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25682
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25683
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25684
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25685
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25686
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25687
    (* Security fix *)
  • n/libgcrypt-1.9.0-arm-1.txz
    Use blinding for ECDSA signing to mitigate a novel side-channel attack.
    Add mitigation against ECC timing attack.
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13626
    (* Security fix *)
  • n/libmbim-1.24.6-arm-1.txz
  • n/mutt-2.0.5-arm-1.txz
  • n/openldap-2.4.57-arm-1.txz
  • n/pinentry-1.1.1-arm-1.txz
  • n/ppp-2.4.9-arm-1.txz
  • n/s-nail-14.9.21-arm-1.txz
  • n/samba-4.13.4-arm-1.txz
  • n/tin-2.4.5-arm-1.txz
  • x/ibus-libpinyin-1.12.0-arm-1.txz
  • x/ibus-table-1.12.4-arm-1.txz
  • x/libXt-1.2.1-arm-1.txz
  • x/libpinyin-2.6.0-arm-1.txz
  • x/util-macros-1.19.3-arm-1.txz
  • x/wayland-1.19.0-arm-1.txz
  • x/xf86-video-nouveau-1.0.17-arm-1.txz
  • xap/gparted-1.2.0-arm-1.txz
  • xap/mozilla-firefox-78.7.0esr-arm-1.txz
    This release contains security fixes and improvements.
    For more information, see:
    https://www.mozilla.org/en-US/firefox/78.7.0/releasenotes/
    (* Security fix *)
  • xap/vim-gvim-8.2.2394-arm-1.txz
  • xap/xaos-4.2.1-arm-1.txz
  • xap/xsnow-3.2.2-arm-1.txz
  • xfce/xfce4-panel-4.16.1-arm-1.txz
  • xfce/xfce4-whiskermenu-plugin-2.5.3-arm-1.txz
  • kernels/*
  • a/coreutils-8.32-arm-2.txz
    Rebuilt to test with FTBFS patch for aarch64.
  • a/lzip-1.22-arm-2.tgz
  • a/pam-1.5.1-arm-2.txz
  • a/tar-1.33-arm-2.tgz
  • a/xz-5.2.5-arm-2.tgz
  • d/gcc-10.2.0-arm-2.txz
  • d/gcc-g++-10.2.0-arm-2.txz
  • d/gcc-gdc-10.2.0-arm-2.txz
  • d/gcc-gfortran-10.2.0-arm-2.txz
  • d/gcc-gnat-10.2.0-arm-2.txz
  • d/gcc-go-10.2.0-arm-2.txz
  • d/gcc-objc-10.2.0-arm-2.txz
  • d/oprofile-1.4.0-arm-3.txz
  • l/libvisual-0.4.0-arm-3.txz
  • l/libvisual-plugins-0.4.0-arm-4.txz
    Drop actor_gstreamer.so (requires gstreamer0).
  • n/NetworkManager-1.28.0-arm-3.txz
    Rebuilt for ppp-2.4.9.
  • n/inetd-1.79s-arm-6.txz
  • n/postfix-3.5.9-arm-2.txz
    Correct the permissions on /var/spool/postfix/maildrop
    Thanks to andy25225 for the report.
  • n/rp-pppoe-3.14-arm-2.txz
    Rebuilt for ppp-2.4.9.
  • n/telnet-0.17-arm-4.txz
  • isolinux/*
  • l/gst-plugins-base0-0.10.36-arm-3.txz
  • l/gst-plugins-good0-0.10.31-arm-3.txz
  • l/gstreamer0-0.10.36-arm-3.txz
  • news/2021/01/28/slackwarearm-current-changelog.txt
  • Last modified: 2 months ago
  • by Giuseppe Di Terlizzi