LinuxQuestions.org - Latest changelog for slackware-current

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - Latest changelog for slackware-current (https://www.linuxquestions.org/questions/slackware-14/latest-changelog-for-slackware-current-4175698890/)

15 updates (x86_64) : 12 upgraded, 3 rebuilt

Code:

Wed Nov 23 19:51:17 UTC 2022

a/gawk-5.2.1-x86_64-1.txz:  Upgraded.

a/rpm2tgz-1.2.2-x86_64-7.txz:  Rebuilt.

  Take rpmoffset fixes from Gentoo.

  Thanks to allend.

d/ccache-4.7.4-x86_64-1.txz:  Upgraded.

d/meson-0.64.1-x86_64-1.txz:  Upgraded.

d/parallel-20221122-noarch-1.txz:  Upgraded.

kde/fcitx5-configtool-5.0.16-x86_64-1.txz:  Upgraded.

l/SDL2-2.26.0-x86_64-1.txz:  Upgraded.

l/glib2-2.74.1-x86_64-2.txz:  Rebuilt.

  [PATCH 1/2] Revert "Handling collision between standard i/o file descriptors

  and newly created ones."

  [PATCH 2/2] glib-unix: Add test to make sure g_unix_open_pipe will intrude

  standard range.

  Thanks to marav.

l/newt-0.52.22-x86_64-1.txz:  Upgraded.

l/pipewire-0.3.60-x86_64-2.txz:  Rebuilt.

  [PATCH] alsa: force playback start when buffer is full.

  Thanks to marav.

tcl/tcl-8.6.13-x86_64-1.txz:  Upgraded.

tcl/tk-8.6.13-x86_64-1.txz:  Upgraded.

x/libglvnd-1.6.0-x86_64-1.txz:  Upgraded.

x/wayland-protocols-1.30-noarch-1.txz:  Upgraded.

xap/blueman-2.3.5-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

10 updates (x86_64). Including a (* Security fix *)! : 9 upgraded, 1 rebuilt

Code:

Thu Nov 24 20:55:37 UTC 2022

a/bash-5.2.012-x86_64-1.txz:  Upgraded.

a/less-612-x86_64-1.txz:  Upgraded.

a/tcsh-6.24.02-x86_64-1.txz:  Upgraded.

ap/vim-9.0.0942-x86_64-1.txz:  Upgraded.

d/make-4.4-x86_64-2.txz:  Rebuilt.

  [SV 63307] Spawn children with the default disposition of sigpipe.

  Thanks to nobodino.

d/ruby-3.1.3-x86_64-1.txz:  Upgraded.

  This release includes a security fix:

  HTTP response splitting in CGI.

  For more information, see:

    https://www.cve.org/CVERecord?id=CVE-2021-33621

  (* Security fix *)

l/pipewire-0.3.61-x86_64-1.txz:  Upgraded.

n/ipset-7.16-x86_64-1.txz:  Upgraded.

x/fcitx5-5.0.21-x86_64-1.txz:  Upgraded.

xap/vim-gvim-9.0.0942-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

Quote:

Originally Posted by marav (Post 6393957)

15 updates (x86_64) : 12 upgraded, 3 rebuilt

Code:

Wed Nov 23 19:51:17 UTC 2022

l/glib2-2.74.1-x86_64-2.txz:  Rebuilt.

  [PATCH 1/2] Revert "Handling collision between standard i/o file descriptors

  and newly created ones."

  [PATCH 2/2] glib-unix: Add test to make sure g_unix_open_pipe will intrude

  standard range.

  Thanks to marav.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

Just to render to Caesar what belongs to Caesar
This was first reported by reddog83
https://www.linuxquestions.org/quest...0/#post6393270

Thank you for the acknowledgement marav.
But for me this report goes to jloco, slackernetuk and me. This was found during our testing of Gnome 43.1 with updated software.

3 updates (x86_64) : 3 upgraded

Code:

Fri Nov 25 20:37:16 UTC 2022

a/btrfs-progs-6.0.2-x86_64-1.txz:  Upgraded.

l/glib2-2.74.2-x86_64-1.txz:  Upgraded.

x/fcitx5-gtk-5.0.21-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

56 updates (x86_64) : 55 upgraded, 1 rebuilt

Code:

Tue Nov 29 20:56:03 UTC 2022

a/cryptsetup-2.6.0-x86_64-1.txz:  Upgraded.

a/kernel-firmware-20221123_cdf9499-noarch-1.txz:  Upgraded.

kde/bluedevil-5.26.4-x86_64-1.txz:  Upgraded.

kde/breeze-5.26.4-x86_64-1.txz:  Upgraded.

kde/breeze-grub-5.26.4-x86_64-1.txz:  Upgraded.

kde/breeze-gtk-5.26.4-x86_64-1.txz:  Upgraded.

kde/drkonqi-5.26.4-x86_64-1.txz:  Upgraded.

kde/kactivitymanagerd-5.26.4-x86_64-1.txz:  Upgraded.

kde/kde-cli-tools-5.26.4-x86_64-1.txz:  Upgraded.

kde/kde-gtk-config-5.26.4-x86_64-1.txz:  Upgraded.

kde/kdecoration-5.26.4-x86_64-1.txz:  Upgraded.

kde/kdeplasma-addons-5.26.4-x86_64-1.txz:  Upgraded.

kde/kgamma5-5.26.4-x86_64-1.txz:  Upgraded.

kde/khotkeys-5.26.4-x86_64-1.txz:  Upgraded.

kde/kinfocenter-5.26.4-x86_64-1.txz:  Upgraded.

kde/kmenuedit-5.26.4-x86_64-1.txz:  Upgraded.

kde/kpipewire-5.26.4-x86_64-1.txz:  Upgraded.

kde/kscreen-5.26.4-x86_64-1.txz:  Upgraded.

kde/kscreenlocker-5.26.4-x86_64-1.txz:  Upgraded.

kde/ksshaskpass-5.26.4-x86_64-1.txz:  Upgraded.

kde/ksystemstats-5.26.4-x86_64-1.txz:  Upgraded.

kde/kwallet-pam-5.26.4-x86_64-1.txz:  Upgraded.

kde/kwayland-integration-5.26.4-x86_64-1.txz:  Upgraded.

kde/kwin-5.26.4-x86_64-1.txz:  Upgraded.

kde/kwrited-5.26.4-x86_64-1.txz:  Upgraded.

kde/layer-shell-qt-5.26.4-x86_64-1.txz:  Upgraded.

kde/libkscreen-5.26.4-x86_64-1.txz:  Upgraded.

kde/libksysguard-5.26.4-x86_64-1.txz:  Upgraded.

kde/milou-5.26.4-x86_64-1.txz:  Upgraded.

kde/oxygen-5.26.4-x86_64-1.txz:  Upgraded.

kde/oxygen-sounds-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-browser-integration-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-desktop-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-disks-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-firewall-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-integration-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-nm-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-pa-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-sdk-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-systemmonitor-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-vault-5.26.4-x86_64-1.txz:  Upgraded.

kde/plasma-workspace-5.26.4.1-x86_64-1.txz:  Upgraded.

kde/plasma-workspace-wallpapers-5.26.4-x86_64-1.txz:  Upgraded.

kde/polkit-kde-agent-1-5.26.4-x86_64-1.txz:  Upgraded.

kde/powerdevil-5.26.4-x86_64-1.txz:  Upgraded.

kde/qqc2-breeze-style-5.26.4-x86_64-1.txz:  Upgraded.

kde/sddm-kcm-5.26.4-x86_64-1.txz:  Upgraded.

kde/systemsettings-5.26.4-x86_64-1.txz:  Upgraded.

kde/xdg-desktop-portal-kde-5.26.4-x86_64-1.txz:  Upgraded.

l/glib2-2.74.2-x86_64-2.txz:  Rebuilt.

  Patched to fix C++ API.

  Thanks to 0XBF.

l/wavpack-5.6.0-x86_64-1.txz:  Upgraded.

n/iputils-20221126-x86_64-1.txz:  Upgraded.

n/libmbim-1.28.2-x86_64-1.txz:  Upgraded.

x/libime-1.0.16-x86_64-1.txz:  Upgraded.

x/xterm-377-x86_64-1.txz:  Upgraded.

xap/mozilla-firefox-107.0.1-x86_64-1.txz:  Upgraded.

  This is a bugfix release.

  For more information, see:

    https://www.mozilla.org/en-US/firefox/107.0.1/releasenotes/

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

7 updates (x86_64) : 7 upgraded

Code:

Wed Nov 30 21:39:29 UTC 2022

kde/kstars-3.6.2-x86_64-1.txz:  Upgraded.

l/libbluray-1.3.4-x86_64-1.txz:  Upgraded.

l/newt-0.52.23-x86_64-1.txz:  Upgraded.

l/nodejs-19.2.0-x86_64-1.txz:  Upgraded.

x/wayland-protocols-1.31-noarch-1.txz:  Upgraded.

extra/php80/php80-8.0.26-x86_64-1.txz:  Upgraded.

extra/php81/php81-8.1.13-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

15 updates (x86_64) : 7 upgraded, 8 rebuilt

Code:

Fri Dec  2 06:58:38 UTC 2022

a/gptfdisk-1.0.9-x86_64-2.txz:  Rebuilt.

  Applied upstream patches to fix a crash and partition corruption caused by

  the popt upgrade:

  [PATCH] Updated guid.cc to deal with minor change in libuuid

  [PATCH] Fix failure & crash of sgdisk when compiled with latest popt

  [PATCH] Fix NULL dereference when duplicating string argument

  Thanks to jloco.

d/cmake-3.25.1-x86_64-1.txz:  Upgraded.

kde/calligra-3.2.1-x86_64-24.txz:  Rebuilt.

  Recompiled against poppler-22.12.0.

kde/cantor-22.08.3-x86_64-2.txz:  Rebuilt.

  Recompiled against poppler-22.12.0.

kde/kfilemetadata-5.100.0-x86_64-2.txz:  Rebuilt.

  Recompiled against poppler-22.12.0.

kde/kile-2.9.93-x86_64-22.txz:  Rebuilt.

  Recompiled against poppler-22.12.0.

kde/kitinerary-22.08.3-x86_64-2.txz:  Rebuilt.

  Recompiled against poppler-22.12.0.

kde/krita-5.1.3-x86_64-2.txz:  Rebuilt.

  Recompiled against poppler-22.12.0.

kde/okular-22.08.3-x86_64-2.txz:  Rebuilt.

  Recompiled against poppler-22.12.0.

l/glib2-2.74.3-x86_64-1.txz:  Upgraded.

l/poppler-22.12.0-x86_64-1.txz:  Upgraded.

  Shared library .so-version bump.

n/NetworkManager-1.40.6-x86_64-1.txz:  Upgraded.

xap/NetworkManager-openvpn-1.10.2-x86_64-1.txz:  Upgraded.

xap/libnma-1.10.4-x86_64-1.txz:  Upgraded.

xap/network-manager-applet-1.30.0-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

4 updates (x86_64). Including a (* Security fix *)! : 4 upgraded

Code:

Fri Dec  2 20:58:24 UTC 2022

a/hwdata-0.365-noarch-1.txz:  Upgraded.

a/xz-5.2.9-x86_64-1.txz:  Upgraded.

kde/latte-dock-0.10.9-x86_64-1.txz:  Upgraded.

xap/mozilla-thunderbird-102.5.1-x86_64-1.txz:  Upgraded.

  This release contains security fixes and improvements.

  For more information, see:

    https://www.mozilla.org/en-US/thunderbird/102.5.1/releasenotes/

    https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/

    https://www.cve.org/CVERecord?id=CVE-2022-45414

  (* Security fix *)

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

5 updates (x86_64) : 5 upgraded

Code:

Sat Dec  3 21:07:32 UTC 2022

a/tcsh-6.24.04-x86_64-1.txz:  Upgraded.

ap/texinfo-7.0.1-x86_64-1.txz:  Upgraded.

l/vte-0.70.2-x86_64-1.txz:  Upgraded.

x/transset-1.0.3-x86_64-1.txz:  Upgraded.

x/xcursorgen-1.0.8-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

14 updates (x86_64) : 13 upgraded, 1 rebuilt

Code:

Sun Dec  4 20:19:03 UTC 2022

a/tcsh-6.24.05-x86_64-1.txz:  Upgraded.

kde/digikam-7.9.0-x86_64-1.txz:  Upgraded.

l/imagemagick-7.1.0_53-x86_64-1.txz:  Upgraded.

x/libICE-1.1.0-x86_64-1.txz:  Upgraded.

x/xfd-1.1.4-x86_64-1.txz:  Upgraded.

x/xgamma-1.0.7-x86_64-1.txz:  Upgraded.

x/xinit-1.4.2-x86_64-1.txz:  Upgraded.

x/xprop-1.2.6-x86_64-1.txz:  Upgraded.

x/xrandr-1.5.2-x86_64-1.txz:  Upgraded.

x/xset-1.2.5-x86_64-1.txz:  Upgraded.

x/xstdcmap-1.0.5-x86_64-1.txz:  Upgraded.

x/xvinfo-1.1.5-x86_64-1.txz:  Upgraded.

xap/libnma-1.10.4-x86_64-2.txz:  Rebuilt.

  Patched to fix nm-connection-editor.

  Thanks to Lanius and reddog83.

xap/xsnow-3.6.0-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

8 updates (x86_64) : 8 upgraded

Code:

Mon Dec  5 02:40:12 UTC 2022

x/OpenCC-1.1.5-x86_64-1.txz:  Upgraded.

x/libXScrnSaver-1.2.4-x86_64-1.txz:  Upgraded.

x/libXcomposite-0.4.6-x86_64-1.txz:  Upgraded.

x/libXdamage-1.1.6-x86_64-1.txz:  Upgraded.

x/libXres-1.2.2-x86_64-1.txz:  Upgraded.

x/libXv-1.0.12-x86_64-1.txz:  Upgraded.

x/libXxf86dga-1.1.6-x86_64-1.txz:  Upgraded.

x/lndir-1.0.4-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

4 updates (x86_64) : 3 upgraded, 1 rebuilt

Code:

Mon Dec  5 21:00:46 UTC 2022

a/glibc-zoneinfo-2022g-noarch-1.txz:  Upgraded.

  This package provides the latest timezone updates.

ap/texinfo-7.0.1-x86_64-2.txz:  Rebuilt.

  Rebuilt without the --disable-perl-xs option to fix a2ps failing to build

  from source. The option was added during the 15.0 development cycle to fix

  glibc failing to build from source, but that issue has been resolved.

  Thanks to nobodino and marav.

n/ca-certificates-20221205-noarch-1.txz:  Upgraded.

  This update provides the latest CA certificates to check for the

  authenticity of SSL connections.

n/dnsmasq-2.88-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt

8 updates (x86_64). Including a (* Security fix *)! : 5 upgraded, 3 added

Code:

Wed Dec  7 18:48:07 UTC 2022

d/cargo-vendor-filterer-0.5.7-x86_64-1.txz:  Added.

  Thanks to Heinz Wiesinger.

d/cbindgen-0.24.3-x86_64-1.txz:  Added.

d/python3-3.9.16-x86_64-1.txz:  Upgraded.

  This update fixes security issues:

  gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680

  (heap use-after-free).

  gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio

  related name resolution functions no longer involves a quadratic algorithm

  to fix CVE-2022-45061. This prevents a potential CPU denial of service if an

  out-of-spec excessive length hostname involving bidirectional characters were

  decoded. Some protocols such as urllib http 3xx redirects potentially allow

  for an attacker to supply such a name.

  gh-100001: python -m http.server no longer allows terminal control characters

  sent within a garbage request to be printed to the stderr server log.

  gh-87604: Avoid publishing list of active per-interpreter audit hooks via the

  gc module.

  gh-97514: On Linux the multiprocessing module returns to using filesystem

  backed unix domain sockets for communication with the forkserver process

  instead of the Linux abstract socket namespace. Only code that chooses to use

  the "forkserver" start method is affected. This prevents Linux CVE-2022-42919

  (potential privilege escalation) as abstract sockets have no permissions and

  could allow any user on the system in the same network namespace (often the

  whole system) to inject code into the multiprocessing forkserver process.

  Filesystem based socket permissions restrict this to the forkserver process

  user as was the default in Python 3.8 and earlier.

  gh-98517: Port XKCP's fix for the buffer overflows in SHA-3 to fix

  CVE-2022-37454.

  gh-68966: The deprecated mailcap module now refuses to inject unsafe text

  (filenames, MIME types, parameters) into shell commands to address

  CVE-2015-20107. Instead of using such text, it will warn and act as if a

  match was not found (or for test commands, as if the test failed).

  For more information, see:

    https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.html

    https://www.cve.org/CVERecord?id=CVE-2022-43680

    https://www.cve.org/CVERecord?id=CVE-2022-45061

    https://www.cve.org/CVERecord?id=CVE-2022-42919

    https://www.cve.org/CVERecord?id=CVE-2022-37454

    https://www.cve.org/CVERecord?id=CVE-2015-20107

  (* Security fix *)

d/rust-bindgen-0.63.0-x86_64-1.txz:  Added.

  Thanks to Heinz Wiesinger.

l/pcre2-10.41-x86_64-1.txz:  Upgraded.

n/proftpd-1.3.8-x86_64-1.txz:  Upgraded.

x/mesa-22.3.0-x86_64-1.txz:  Upgraded.

  Compiled with Rusticl support. Thanks to Heinz Wiesinger.

x/xdm-1.1.14-x86_64-1.txz:  Upgraded.

Provided by http://marav8.free.fr/report/slack-current-x86_64.txt