Slackware64-current ChangeLog (2019-12-21)
Sat Dec 21 21:02:24 UTC 2019
Packages
Upgraded
Rebuilt
- a/procps-ng-3.3.16-x86_64-2.txz
Patched to hardcode the pgrep command string buffer size to 4096 as was done
in the previous release. This avoids an allocation error when the stack size
is unlimited. Thanks to Jeroslaw Siebert.
Sat Dec 21 01:04:26 UTC 2019
Packages
Rebuilt
- a/aaa_elflibs-15.0-x86_64-17.txz
Upgraded: libcap.so.2.28, libelf-0.178.so, libglib-2.0.so.0.6200.4,
libgmodule-2.0.so.0.6200.4, libgobject-2.0.so.0.6200.4,
libgthread-2.0.so.0.6200.4, libidn2.so.0.3.7, libpcre2-8.so.0.9.0,
libtdb.so.1.4.3.
Added: libffi.so.6.0.4, libffi.so.7.1.0. - a/file-5.38-x86_64-2.txz
Patched to fix ELF shared libraries misidentified as “statically linked.” - d/guile-2.2.6-x86_64-2.txz
Recompiled against libffi-3.3. - d/python-2.7.17-x86_64-2.txz
Recompiled against libffi-3.3. - d/ruby-2.6.5-x86_64-2.txz
Recompiled against libffi-3.3. - l/glib2-2.62.4-x86_64-2.txz
Recompiled against libffi-3.3. - l/pygobject-2.28.7-x86_64-4.txz
Recompiled against libffi-3.3. - l/pygobject3-3.34.0-x86_64-2.txz
Recompiled against libffi-3.3. - n/p11-kit-0.23.18.1-x86_64-2.txz
Recompiled against libffi-3.3.
Upgraded
- a/openssl10-solibs-1.0.2u-x86_64-1.txz
(* Security fix *) - d/llvm-9.0.1-x86_64-1.txz
Compiled against libffi-3.3. - d/python3-3.7.6-x86_64-1.txz
Compiled against libffi-3.3. - l/libffi-3.3-x86_64-1.txz
Shared library .so-version bump. - n/openssl10-1.0.2u-x86_64-1.txz
This update fixes a low severity security issue:
Fixed an an overflow bug in the x86_64 Montgomery squaring procedure used in
exponentiation with 512-bit moduli.
For more information, see:
https://www.openssl.org/news/secadv/20191206.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551
(* Security fix *) - extra/tigervnc/tigervnc-1.10.1-x86_64-1.txz
From tigervnc.org: “This is a security release to fix a number of issues
that were found by Kaspersky Lab. These issues affect both the client and
server and could theoretically allow a malicious peer to take control
over the software on the other side. No working exploit is known at this
time, and the issues require the peer to first be authenticated. We still
urge users to upgrade when possible.”
(* Security fix *)