Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackwarearm-current ChangeLog (2018-08-30) ====== ====== Thu Aug 30 08:08:08 UTC 2018 ====== > \\ The mini root filesystem for -current has been updated: \\ ftp://ftp.arm.slackware.com/slackwarearm/slackwarearm-devtools/minirootfs/ \\ ===== Packages ===== ==== Upgraded ==== * [[slackwarearm.current>a/e2fsprogs-1.44.4-arm-1.txz]] * [[slackwarearm.current>a/findutils-4.6.0-arm-1.txz]] * [[slackwarearm.current>a/kernel-firmware-20180825_fea76a0-noarch-1.txz]] * [[slackwarearm.current>a/kernel-modules-armv7-4.18.5_armv7-arm-1.txz]] * [[slackwarearm.current>a/kernel_armv7-4.18.5-arm-1.txz]] * [[slackwarearm.current>ap/cups-filters-1.21.0-arm-1.txz]] \\ Compiled against poppler-0.68.0. * [[slackwarearm.current>ap/hplip-3.18.7-arm-1.txz]] * [[slackwarearm.current>ap/mariadb-10.3.9-arm-1.txz]] \\ This update fixes bugs and security issues. \\ For more information, see: \\ https://mariadb.com/kb/en/mariadb-1039-release-notes/ \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3060 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066 \\ (* Security fix *) * [[slackwarearm.current>ap/qpdf-8.2.1-arm-1.txz]] * [[slackwarearm.current>ap/sudo-1.8.24-arm-1.txz]] * [[slackwarearm.current>ap/vim-8.1.0328-arm-1.txz]] * [[slackwarearm.current>d/bison-3.1-arm-1.txz]] * [[slackwarearm.current>d/icecream-20180808-arm-1.txz]] \\ Use sources from git, which avoids timeouts and hangs that have been \\ observed with version 1.1, and adds additional support for clang. * [[slackwarearm.current>d/kernel-headers-4.18.5-arm-1.txz]] * [[slackwarearm.current>d/meson-0.47.2-arm-1.txz]] * [[slackwarearm.current>d/parallel-20180822-noarch-1.txz]] * [[slackwarearm.current>d/python-setuptools-40.2.0-arm-1.txz]] * [[slackwarearm.current>k/kernel-source-4.18.5-arm-1.txz]] * [[slackwarearm.current>l/babl-0.1.56-arm-1.txz]] * [[slackwarearm.current>l/expat-2.2.6-arm-1.txz]] * [[slackwarearm.current>l/gdbm-1.18-arm-1.txz]] * [[slackwarearm.current>l/gegl-0.4.8-arm-1.txz]] * [[slackwarearm.current>l/glib2-2.56.2-arm-1.txz]] * [[slackwarearm.current>l/pango-1.42.4-arm-1.txz]] * [[slackwarearm.current>l/poppler-0.68.0-arm-1.txz]] \\ Shared library .so-version bump. * [[slackwarearm.current>l/python-certifi-2018.8.24-arm-1.txz]] * [[slackwarearm.current>l/python-idna-2.7-arm-1.txz]] * [[slackwarearm.current>l/python-packaging-17.1-arm-1.txz]] * [[slackwarearm.current>l/python-pillow-5.2.0-arm-1.txz]] * [[slackwarearm.current>l/python-requests-2.19.1-arm-1.txz]] * [[slackwarearm.current>l/python-urllib3-1.23-arm-1.txz]] * [[slackwarearm.current>l/talloc-2.1.14-arm-1.txz]] * [[slackwarearm.current>l/tdb-1.3.16-arm-1.txz]] * [[slackwarearm.current>l/tevent-0.9.37-arm-1.txz]] * [[slackwarearm.current>n/dhcpcd-7.0.8-arm-1.txz]] * [[slackwarearm.current>n/ethtool-4.18-arm-1.txz]] * [[slackwarearm.current>n/ntp-4.2.8p12-arm-1.txz]] \\ This release improves on one security fix in ntpd: \\ LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack \\ While fixed in ntp-4.2.8p7 and with significant additional protections for \\ this issue in 4.2.8p11, ntp-4.2.8p12 includes a fix for an edge case in \\ the new noepeer support. Originally reported by Matt Van Gundy of Cisco. \\ Edge-case hole reported by Martin Burnicki of Meinberg. \\ And fixes another security issue in ntpq and ntpdc: \\ LOW: Sec 3505: The openhost() function used during command-line hostname \\ processing by ntpq and ntpdc can write beyond its buffer limit, which \\ could allow an attacker to achieve code execution or escalate to higher \\ privileges via a long string as the argument for an IPv4 or IPv6 \\ command-line parameter. NOTE: It is unclear whether there are any common \\ situations in which ntpq or ntpdc is used with a command line from an \\ untrusted source. Reported by Fakhri Zulkifli. \\ For more information, see: \\ http://support.ntp.org/bin/view/Main/SecurityNotice#August_2018_ntp_4_2_8p12_NTP_Rel \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12327 \\ (* Security fix *) * [[slackwarearm.current>n/openssh-7.8p1-arm-1.txz]] * [[slackwarearm.current>n/php-7.2.9-arm-1.txz]] * [[slackwarearm.current>n/samba-4.8.5-arm-1.txz]] \\ This is a security update in order to patch the following defects: \\ Weak authentication protocol allowed. \\ Denial of Service Attack on DNS and LDAP server. \\ Insufficient input validation on client directory listing in libsmbclient. \\ Denial of Service Attack on AD DC DRSUAPI server. \\ Confidential attribute disclosure from the AD LDAP server. \\ For more information, see: \\ https://www.samba.org/samba/security/CVE-2018-1139.html \\ https://www.samba.org/samba/security/CVE-2018-1140.html \\ https://www.samba.org/samba/security/CVE-2018-10858.html \\ https://www.samba.org/samba/security/CVE-2018-10918.html \\ https://www.samba.org/samba/security/CVE-2018-10919.html \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1139 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1140 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10918 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919 \\ (* Security fix *) * [[slackwarearm.current>t/texlive-2018.180822-arm-1.txz]] \\ Added some patches that had been dropped by x86 Slackware. \\ Don't clobber /usr/bin/man. \\ Thanks to Johannes Schoepfer. \\ Compiled against poppler-0.68.0. \\ texdoc fixed - a cache file was missing \\ synctex header was missing (for building third-party apps) \\ xindy was broken - recompiled from source \\ Thanks to Johannes Schoepfer. * [[slackwarearm.current>x/libX11-1.6.6-arm-1.txz]] \\ This update fixes some security issues: \\ Fixed crash on invalid reply (CVE-2018-14598). \\ Fixed off-by-one writes (CVE-2018-14599). \\ Fixed out of boundary write (CVE-2018-14600). \\ For more information, see: \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14598 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14599 \\ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14600 \\ (* Security fix *) * [[slackwarearm.current>x/mesa-18.1.7-arm-1.txz]] * [[slackwarearm.current>x/xf86-video-v4l-0.3.0-arm-1.txz]] * [[slackwarearm.current>x/xterm-335-arm-1.txz]] * [[slackwarearm.current>xap/gimp-2.10.6-arm-1.txz]] * [[slackwarearm.current>xap/gparted-0.32.0-arm-1.txz]] * [[slackwarearm.current>xap/vim-gvim-8.1.0328-arm-1.txz]] * [[slackwarearm.current>kernels/*]] ==== Rebuilt ==== * [[slackwarearm.current>a/openssl-solibs-1.1.0i-arm-2.txz]] * [[slackwarearm.current>a/sysvinit-scripts-2.1-noarch-15.txz]] \\ rc.cpufreq: for CPUs that use intel_pstate, default to the performance \\ governor. The performance governor provides power savings while avoiding \\ the ramp-up lag caused by using "ondemand", which defaults to "powersave" \\ on these systems. Thanks to EdGr. * [[slackwarearm.current>ap/jove-4.16.0.73-arm-5.txz]] \\ Avoid a namespace conflict with glibc's getline() function. \\ Increase some hardcoded buffer sizes. \\ Thanks to TTK. \\ Fixed getline() namespace collision patch. * [[slackwarearm.current>ap/man-db-2.8.4-arm-2.txz]] \\ Rebuilt to get it on the slackpkg upgrade list since the previous texlive \\ package clobbered /usr/bin/man and we need to fix that. * [[slackwarearm.current>kde/calligra-2.9.11-arm-22.txz]] \\ Recompiled against poppler-0.68.0. * [[slackwarearm.current>n/openssl-1.1.0i-arm-2.txz]] \\ Fixed c_rehash script. * [[slackwarearm.current>x/xauth-1.0.10-arm-3.txz]] \\ Patched to fix a bug where changing the hostname caused X access to be lost. \\ Thanks to TurboBlaze. * [[slackwarearm.current>xfce/tumbler-0.2.1-arm-6.txz]] \\ Recompiled against poppler-0.68.0. * [[slackwarearm.current>isolinux/*]] ==== Added ==== * [[slackwarearm.current>l/jmtpfs-0.5-arm-1.txz]] {{tag>slackware changelog slackwarearm-current 2018/08}} news/2018/08/30/slackwarearm-current-changelog.txt Last modified: 6 years agoby Giuseppe Di Terlizzi Log In