Thu Sep 21 19:32:42 UTC 2023
a/gettext-0.22.2-x86_64-1.txz:  Upgraded.
ap/cups-2.4.7-x86_64-1.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Fixed Heap-based buffer overflow when reading Postscript in PPD files.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4504
  (* Security fix *)
d/cmake-3.27.6-x86_64-1.txz:  Upgraded.
d/gettext-tools-0.22.2-x86_64-1.txz:  Upgraded.
l/dconf-editor-45.0.1-x86_64-1.txz:  Upgraded.
l/gst-plugins-bad-free-1.22.6-x86_64-1.txz:  Upgraded.
l/gst-plugins-base-1.22.6-x86_64-1.txz:  Upgraded.
l/gst-plugins-good-1.22.6-x86_64-1.txz:  Upgraded.
l/gst-plugins-libav-1.22.6-x86_64-1.txz:  Upgraded.
l/gstreamer-1.22.6-x86_64-1.txz:  Upgraded.
l/gtk4-4.12.2-x86_64-1.txz:  Upgraded.
l/imagemagick-7.1.1_17-x86_64-1.txz:  Upgraded.
n/bind-9.18.19-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
  Limit the amount of recursion that can be performed by isccc_cc_fromwire.
  Fix use-after-free error in TLS DNS code when sending data.
  For more information, see:
    https://kb.isc.org/docs/cve-2023-3341
    https://www.cve.org/CVERecord?id=CVE-2023-3341
    https://kb.isc.org/docs/cve-2023-4236
    https://www.cve.org/CVERecord?id=CVE-2023-4236
  (* Security fix *)
n/stunnel-5.71-x86_64-1.txz:  Upgraded.
x/mesa-23.1.8-x86_64-1.txz:  Upgraded.
x/xorg-server-xwayland-23.2.1-x86_64-1.txz:  Upgraded.
xap/freerdp-2.11.2-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-115.2.3-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.2.3/releasenotes/
xap/seamonkey-2.53.17.1-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.17.1
    https://www.cve.org/CVERecord?id=CVE-2023-4863
  (* Security fix *)

Wed Sep 20 08:08:08 UTC 2023
  Changes for AArch64 architecture:
  /sbin/probe: Updated reserved file system labels for Hardware Models with
  UEFI firmware.
  In 'list_mmc' MMC discovery function, prevent duplication of multi-path
  devices.
  /usr/lib/setup/SeTEFI: The Slackware Installer image has its own EFI boot
  partition named 'SLKins_efi' to support Hardware Models using UEFI firmware.
  This partition must be filtered out here to avoid it being incorrectly
  selected as the OS's EFI partition.
  Thanks to Stuart Winter.

Fri Sep 22 21:51:12 UTC 2023
kde/ktextaddons-1.5.1-x86_64-1.txz:  Upgraded.
n/ipset-7.19-x86_64-1.txz:  Upgraded.
x/mesa-23.1.8-x86_64-2.txz:  Rebuilt.
  Rebuilt with -Dvulkan-drivers=amd,intel,intel_hasvk,swrast.
  Thanks to biker_rat.

Sat Sep 23 20:59:44 UTC 2023
a/kernel-generic-6.1.55-x86_64-1.txz:  Upgraded.
a/kernel-huge-6.1.55-x86_64-1.txz:  Upgraded.
a/kernel-modules-6.1.55-x86_64-1.txz:  Upgraded.
a/minicom-2.9-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.1.55-x86-1.txz:  Upgraded.
k/kernel-source-6.1.55-noarch-1.txz:  Upgraded.
xap/xlockmore-5.73-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.

Mon Sep 25 19:19:27 UTC 2023
ap/man-db-2.12.0-x86_64-1.txz:  Upgraded.
ap/mpg123-1.32.1-x86_64-1.txz:  Upgraded.
d/llvm-17.0.1-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
d/lua-5.4.6-x86_64-4.txz:  Rebuilt.
  Fixed prefix and $LIBDIRSUFFIX in lua.pc. Thanks to ArTourter.
d/parallel-20230922-noarch-1.txz:  Upgraded.
kde/kdevelop-23.08.1-x86_64-2.txz:  Rebuilt.
  Recompiled against llvm-17.0.1.
l/imagemagick-7.1.1_18-x86_64-1.txz:  Upgraded.
l/libclc-17.0.1-x86_64-1.txz:  Upgraded.
l/qt5-5.15.10_20230923_6e8e373e-x86_64-1.txz:  Upgraded.
  Compiled against llvm-17.0.1.
l/spirv-llvm-translator-17.0.0-x86_64-1.txz:  Upgraded.
  Compiled against llvm-17.0.1.
x/mesa-23.2.0_rc4-x86_64-1.txz:  Upgraded.
  Compiled against llvm-17.0.1.

Tue Sep 26 19:30:21 UTC 2023
ap/inxi-3.3.30_1-noarch-1.txz:  Upgraded.
ap/mpg123-1.31.3-x86_64-1.txz:  Upgraded.
  Revert to this version for now since it appears that a function name was
  accidentally changed in the latest one.
d/Cython-0.29.36-x86_64-1.txz:  Upgraded.
l/enchant-2.6.1-x86_64-1.txz:  Upgraded.
l/netpbm-11.03.06-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-115.3.0esr-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.3.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/
    https://www.cve.org/CVERecord?id=CVE-2023-5168
    https://www.cve.org/CVERecord?id=CVE-2023-5169
    https://www.cve.org/CVERecord?id=CVE-2023-5171
    https://www.cve.org/CVERecord?id=CVE-2023-5174
    https://www.cve.org/CVERecord?id=CVE-2023-5176
  (* Security fix *)

Wed Sep 27 23:51:07 UTC 2023
kde/ktextaddons-1.5.2-x86_64-1.txz:  Upgraded.
l/fluidsynth-2.3.4-x86_64-1.txz:  Upgraded.
l/opencv-4.8.1-x86_64-1.txz:  Upgraded.
l/openexr-3.2.1-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-115.3.0-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.0/releasenotes/

Thu Sep 28 21:37:06 UTC 2023
ap/mpg123-1.32.2-x86_64-1.txz:  Upgraded.
l/cairo-1.18.0-x86_64-1.txz:  Upgraded.
l/gtk4-4.12.3-x86_64-1.txz:  Upgraded.
x/fonttosfnt-1.2.3-x86_64-1.txz:  Upgraded.
xap/geeqie-2.1-x86_64-2.txz:  Rebuilt.
  Patched and recompiled against lua-5.4.6.
xap/mozilla-firefox-115.3.1esr-x86_64-1.txz:  Upgraded.
  This update contains a security fix.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
xfce/xfce4-panel-4.18.5-x86_64-1.txz:  Upgraded.
testing/packages/aaa_glibc-solibs-2.38-x86_64-1.txz:  Added.
testing/packages/glibc-2.38-x86_64-1.txz:  Added.
  Instead of building the deprecated glibc crypt library, bundle
  libxcrypt-4.4.36 (both .so.1 compat version and .so.2 new API version).
testing/packages/glibc-i18n-2.38-x86_64-1.txz:  Added.
testing/packages/glibc-profile-2.38-x86_64-1.txz:  Added.

Fri Sep 29 19:45:18 UTC 2023
d/meson-1.2.2-x86_64-1.txz:  Upgraded.
l/nodejs-20.8.0-x86_64-1.txz:  Upgraded.
l/sof-firmware-2023.09-noarch-1.txz:  Upgraded.
n/bluez-5.70-x86_64-1.txz:  Upgraded.
n/php-8.2.11-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.2.11
x/mesa-23.2.1-x86_64-1.txz:  Upgraded.
x/xman-1.1.6-x86_64-1.txz:  Upgraded.
xfce/xfce4-clipman-plugin-1.6.5-x86_64-1.txz:  Upgraded.

Sat Sep 30 21:33:49 UTC 2023
a/kmod-31-x86_64-1.txz:  Upgraded.
l/libvpx-1.13.1-x86_64-1.txz:  Upgraded.
  This release contains two security related fixes -- one each for VP8 and VP9.
  For more information, see:
    https://crbug.com/1486441
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
n/conntrack-tools-1.4.8-x86_64-1.txz:  Upgraded.
x/libime-1.1.2-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-115.3.1-x86_64-1.txz:  Upgraded.
  This release contains a security fix for a critical heap buffer overflow in
  the libvpx VP8 encoder.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)

Sun Oct  1 19:08:38 UTC 2023
l/cairo-1.18.0-x86_64-2.txz:  Rebuilt.
  Rebuilt with -Dsymbol-lookup=disabled to avoid linking to libbfd.
l/imagemagick-7.1.1_19-x86_64-1.txz:  Upgraded.

Mon Oct  2 19:12:58 UTC 2023
kde/kwin-5.27.8-x86_64-2.txz:  Rebuilt.
  [PATCH] fix segfault in EglGbmBackend::textureForOutput.
  Thanks to marav.
l/SDL2-2.28.4-x86_64-1.txz:  Upgraded.
l/mlt-7.20.0-x86_64-1.txz:  Upgraded.
l/netpbm-11.04.02-x86_64-1.txz:  Upgraded.
x/xterm-385-x86_64-1.txz:  Upgraded.
xfce/xfce4-pulseaudio-plugin-0.4.8-x86_64-1.txz:  Upgraded.

Tue Oct  3 22:19:10 UTC 2023
a/aaa_glibc-solibs-2.37-x86_64-3.txz:  Rebuilt.
a/dialog-1.3_20231002-x86_64-1.txz:  Upgraded.
ap/mpg123-1.32.3-x86_64-1.txz:  Upgraded.
d/llvm-17.0.2-x86_64-1.txz:  Upgraded.
d/meson-1.2.2-x86_64-2.txz:  Rebuilt.
  [PATCH] Revert rust: apply global, project, and environment C args to bindgen.
  This fixes building Mesa.
  Thanks to lucabon and marav.
kde/calligra-3.2.1-x86_64-34.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/cantor-23.08.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/kfilemetadata-5.110.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/kile-2.9.93-x86_64-28.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/kitinerary-23.08.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/krita-5.1.5-x86_64-15.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
kde/okular-23.08.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-23.10.0.
l/glibc-2.37-x86_64-3.txz:  Rebuilt.
  Patched to fix the "Looney Tunables" vulnerability, a local privilege
  escalation in ld.so. This vulnerability was introduced in April 2021
  (glibc 2.34) by commit 2ed18c.
  Thanks to Qualys Research Labs for reporting this issue.
  For more information, see:
    https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
    https://www.cve.org/CVERecord?id=CVE-2023-4911
  (* Security fix *)
l/glibc-i18n-2.37-x86_64-3.txz:  Rebuilt.
l/glibc-profile-2.37-x86_64-3.txz:  Rebuilt.
l/mozilla-nss-3.94-x86_64-1.txz:  Upgraded.
l/poppler-23.10.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
n/NetworkManager-1.44.2-x86_64-1.txz:  Upgraded.
n/irssi-1.4.5-x86_64-1.txz:  Upgraded.
x/fcitx5-5.1.1-x86_64-1.txz:  Upgraded.
x/fcitx5-anthy-5.1.1-x86_64-1.txz:  Upgraded.
x/fcitx5-chinese-addons-5.1.1-x86_64-1.txz:  Upgraded.
x/fcitx5-gtk-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-hangul-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-kkc-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-m17n-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-qt-5.1.1-x86_64-1.txz:  Upgraded.
x/fcitx5-sayura-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-table-extra-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-table-other-5.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-unikey-5.1.1-x86_64-1.txz:  Upgraded.
x/libX11-1.8.7-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  libX11: out-of-bounds memory access in _XkbReadKeySyms().
  libX11: stack exhaustion from infinite recursion in PutSubImage().
  libX11: integer overflow in XCreateImage() leading to a heap overflow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43785
    https://www.cve.org/CVERecord?id=CVE-2023-43786
    https://www.cve.org/CVERecord?id=CVE-2023-43787
  (* Security fix *)
x/libXpm-3.5.17-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
  libXpm: out of bounds read on XPM with corrupted colormap.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43788
    https://www.cve.org/CVERecord?id=CVE-2023-43789
  (* Security fix *)
testing/packages/aaa_glibc-solibs-2.38-x86_64-2.txz:  Rebuilt.
testing/packages/glibc-2.38-x86_64-2.txz:  Rebuilt.
  Patched to fix the "Looney Tunables" vulnerability, a local privilege
  escalation in ld.so. This vulnerability was introduced in April 2021
  (glibc 2.34) by commit 2ed18c.
  Thanks to Qualys Research Labs for reporting this issue.
  For more information, see:
    https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
    https://www.cve.org/CVERecord?id=CVE-2023-4911
  (* Security fix *)
testing/packages/glibc-i18n-2.38-x86_64-2.txz:  Rebuilt.
testing/packages/glibc-profile-2.38-x86_64-2.txz:  Rebuilt.