Slackware64-14.2 ChangeLog (2016-03-03)
Thu Mar 3 20:05:41 UTC 2016
Packages
Rebuilt
- ap/mariadb-10.0.24-x86_64-2.txz
Recompiled with patched binutils. - d/binutils-2.26-x86_64-2.txz
Applied upstream patches for several bugs, including:
PR ld/19698
* elflink.c (bfd_elf_record_link_assignment): Set versioned if
symbol version is unknown.
Which was causing MariaDB to fail to start properly for Akonadi. - d/python-2.7.11-x86_64-2.txz
Recompiled to drop support for OpenSSL SSLv2.
Thanks to Matteo Bernardini. - l/neon-0.30.1-x86_64-2.txz
Recompiled to drop support for OpenSSL SSLv2.
Thanks to Matteo Bernardini.
Thu Mar 3 05:41:26 UTC 2016
Packages
Rebuilt
- a/aaa_elflibs-14.2-x86_64-10.txz
- a/sysvinit-scripts-2.0-noarch-30.txz
rc.M: Start D-Bus and NetworkManager right after rc.inet1. - ap/ksh93-2012_08_01-x86_64-2.txz
Removed broken locale files. Thanks to Didier Spaier. - l/qt-4.8.7-x86_64-4.txz
Recompiled to drop support for OpenSSL SSLv2. - n/curl-7.47.1-x86_64-2.txz
Recompiled to drop support for OpenSSL SSLv2. - n/fetchmail-6.3.26-x86_64-2.txz
Recompiled to drop support for OpenSSL SSLv2. - n/links-2.12-x86_64-2.txz
Recompiled to drop support for OpenSSL SSLv2. - n/mailx-12.5-x86_64-2.txz
Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues
that could allow a local attacker to cause mailx to execute arbitrary
shell commands through the use of a specially-crafted email address.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
(* Security fix *) - n/stunnel-5.30-x86_64-2.txz
Allow OpenSSL to use the default key size for DH in generate-stunnel-key.sh.
Thanks to Markus Reichelt.
Recompiled to drop support for OpenSSL SSLv2. - n/wget-1.17.1-x86_64-2.txz
Recompiled to drop support for OpenSSL SSLv2. - xap/xpdf-3.04-x86_64-2.txz
- isolinux/initrd.img
Another attempt to get /sbin/probe to reliably handle nvme partitions.
Thanks to w9cf and Grant Coady. - usb-and-pxe-installers/usbboot.img
Another attempt to get /sbin/probe to reliably handle nvme partitions.
Thanks to w9cf and Grant Coady.
Upgraded
- a/kernel-firmware-20160302git-noarch-1.txz
- a/openssl-solibs-1.0.2g-x86_64-1.txz
- ap/nano-2.5.3-x86_64-1.txz
- ap/sqlite-3.11.0-x86_64-1.txz
- ap/vim-7.4.1424-x86_64-1.txz
- d/ruby-2.2.4-x86_64-1.txz
l/libssh2-1.7.0-x86_64-1.txz: Moved.
Moved from N → L series to be consistent with libssh. - l/poppler-0.41.0-x86_64-1.txz
- l/qca-2.1.1-x86_64-1.txz
- n/httpd-2.4.18-x86_64-1.txz
- n/openssl-1.0.2g-x86_64-1.txz
This update fixes the following security issues:
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Double-free in DSA code (CVE-2016-0705)
Memory leak in SRP database lookups (CVE-2016-0798)
BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
Fix memory issues in BIO_*printf functions (CVE-2016-0799)
Side channel attack on modular exponentiation (CVE-2016-0702)
Note that this package drops all support for SSLv2, which breaks the ABI for
any binaries that make use of SSLv2_client_method.
For more information, see:
https://www.openssl.org/news/secadv/20160301.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
(* Security fix *) - n/php-5.6.18-x86_64-1.txz
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.18
(* Security fix *) - n/samba-4.3.5-x86_64-1.txz
- tcl/expect-5.45-x86_64-1.txz
- tcl/tcl-8.6.5-x86_64-1.txz
- tcl/tk-8.6.5-x86_64-1.txz
- x/xf86-video-intel-git_20160229_d167280-x86_64-1.txz
- x/xrandr-1.5.0-x86_64-1.txz
- xap/vim-gvim-7.4.1424-x86_64-1.txz
Removed
l/qca-cyrus-sasl-2.0.0_beta3-x86_64-2.txzl/qca-gnupg-2.0.0_beta3-x86_64-1.txzl/qca-ossl-2.0.0_beta3-x86_64-3.txz