Slackwarearm-current ChangeLog (2021-06-09)
Wed Jun 09 08:08:08 UTC 2021
Packages
Upgraded
- a/hwdata-0.348-arm-1.txz
- ap/ispell-3.4.04-arm-1.txz
- ap/mpg123-1.28.0-arm-1.txz
- ap/slackpkg-15.0.5-noarch-1.txz
Add “–” option to “command cd” in bash completion file. (akinomyoga)
shell-completions/slackpkg.bash: add “show-changelog”.
Import bash-completion file from upstream project.
Added the new-config actions for specific files. (Piter PUNK)
Harden slackpkg with respect to obtaining GPG key. (CRTS) - d/git-2.32.0-arm-1.txz
- d/poke-1.3-arm-1.txz
- d/vala-0.52.4-arm-1.txz
- l/at-spi2-core-2.40.2-arm-1.txz
- l/libogg-1.3.5-arm-1.txz
- l/librsvg-2.50.7-arm-1.txz
- l/pipewire-0.3.29-arm-1.txz
- l/polkit-0.119-arm-1.txz
This update includes a mitigation for local privilege escalation using
polkit_system_bus_name_get_creds_sync().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560
(* Security fix *) - l/poppler-21.06.1-arm-1.txz
Shared library .so-version bump. - l/pycairo-1.20.1-arm-1.txz
- l/qca-2.3.3-arm-1.txz
- l/vte-0.64.2-arm-1.txz
- n/epic5-2.1.5-arm-1.txz
- n/httpd-2.4.48-arm-1.txz
This release contains security fixes and improvements.
mod_http2: Fix a potential NULL pointer dereference.
Unexpected <Location> section matching with 'MergeSlashes OFF'.
mod_auth_digest: possible stack overflow by one nul byte while validating
the Digest nonce.
mod_session: Fix possible crash due to NULL pointer dereference, which
could be used to cause a Denial of Service with a malicious backend
server and SessionHeader.
mod_session: Fix possible crash due to NULL pointer dereference, which
could be used to cause a Denial of Service.
mod_proxy_http: Fix possible crash due to NULL pointer dereference, which
could be used to cause a Denial of Service.
mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end
negotiation.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
(* Security fix *) - n/libmbim-1.24.8-arm-1.txz
- n/libqmi-1.28.6-arm-1.txz
- n/nettle-3.7.3-arm-1.txz
- n/openldap-2.4.59-arm-1.txz
- n/p11-kit-0.24.0-arm-1.txz
- n/php-7.4.20-arm-1.txz
- n/vsftpd-3.0.4-arm-1.txz
- n/whois-5.5.10-arm-1.txz
- x/libX11-1.7.2-arm-1.txz
This is a bug fix release, correcting a regression introduced by and
improving the checks from the fix for CVE-2021-31535. - x/libinput-1.18.0-arm-1.txz
- x/mesa-21.1.2-arm-1.txz
- xap/blueman-2.2.1-arm-1.txz
- xap/gnuplot-5.4.2-arm-1.txz
- xap/pidgin-2.14.5-arm-1.txz
Rebuilt
- d/clisp-2.50_20191103_c26de7873-arm-4.txz
Upgraded to libffcall-2.3. - kde/calligra-3.2.1-arm-11.txz
Recompiled against poppler-21.06.1. - kde/cantor-21.04.1-arm-2.txz
Recompiled against poppler-21.06.1. - kde/digikam-7.2.0-arm-2.txz
Recompiled against imagemagick-7.0.11_14. - kde/kfilemetadata-5.82.0-arm-2.txz
Recompiled against poppler-21.06.1. - kde/kile-2.9.93-arm-10.txz
Recompiled against poppler-21.06.1. - kde/kitinerary-21.04.1-arm-2.txz
Recompiled against poppler-21.06.1. - kde/krita-4.4.3-arm-5.txz
Recompiled against poppler-21.06.1. - kde/okular-21.04.1-arm-2.txz
Recompiled against poppler-21.06.1. - l/alsa-lib-1.2.5-arm-2.txz
Account for unexpected packing of the conf file tarballs. We'll see if this
is enough to make things work well again. - l/dvdauthor-0.7.2-arm-4.txz
Recompiled against imagemagick-7.0.11_14. - n/network-scripts-15.0-noarch-14.txz
etc/rc.d/rc.inet1.conf.new: Set DHCP_NOIPV4LL[4]=“yes” by default to
restore the previous behaviour in Slackware ARM. - xap/xine-lib-1.2.11-arm-5.txz
Recompiled against poppler-21.06.1.