Sat Aug 4 07:38:34 UTC 2018
a/dbus-1.12.10-x86_64-1.txz: Upgraded.
a/kernel-generic-4.14.60-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.60-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.60-x86_64-1.txz: Upgraded.
d/kernel-headers-4.14.60-x86-1.txz: Upgraded.
d/mercurial-4.7-x86_64-1.txz: Upgraded.
d/rust-1.28.0-x86_64-1.txz: Upgraded.
k/kernel-source-4.14.60-noarch-1.txz: Upgraded.
xap/blueman-2.0.6-x86_64-2.txz: Rebuilt.
Allow users in the netdev group to make changes.
Thanks to voleg, kgha, and zakame.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/glibc-2.28-x86_64-2.txz: Rebuilt.
Fixed compile issues when linking with libpthread.
testing/packages/glibc-i18n-2.28-x86_64-2.txz: Rebuilt.
testing/packages/glibc-profile-2.28-x86_64-2.txz: Rebuilt.
testing/packages/glibc-solibs-2.28-x86_64-2.txz: Rebuilt.
usb-and-pxe-installers/usbboot.img: Rebuilt.
+--------------------------+
Thu Aug 2 20:12:10 UTC 2018
ap/hplip-3.18.7-x86_64-1.txz: Upgraded.
l/harfbuzz-1.8.5-x86_64-1.txz: Upgraded.
n/lftp-4.8.4-x86_64-1.txz: Upgraded.
It has been discovered that lftp up to and including version 4.8.3 does
not properly sanitize remote file names, leading to a loss of integrity
on the local system when reverse mirroring is used. A remote attacker
may trick a user to use reverse mirroring on an attacker controlled FTP
server, resulting in the removal of all files in the current working
directory of the victim's system.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
(* Security fix *)
x/fonttosfnt-1.0.5-x86_64-1.txz: Upgraded.
+--------------------------+
Wed Aug 1 22:38:53 UTC 2018
ap/man-db-2.8.4-x86_64-1.txz: Upgraded.
d/gdb-8.1.1-x86_64-1.txz: Upgraded.
d/python-pip-18.0-x86_64-1.txz: Upgraded.
d/python-setuptools-40.0.0-x86_64-1.txz: Upgraded.
d/python3-3.6.6-x86_64-1.txz: Upgraded.
l/libpcap-1.9.0-x86_64-1.txz: Upgraded.
l/pango-1.42.3-x86_64-1.txz: Upgraded.
x/libdrm-2.4.93-x86_64-1.txz: Upgraded.
xap/blueman-2.0.6-x86_64-1.txz: Upgraded.
This update fixes an issue where blueman-mechanism did not enforce the
polkit action 'org.blueman.network.setup' for which a polkit policy is
shipped. This meant that any user with access to the D-Bus system bus was
able to access the related API without authentication. The result was an
unspecified impact on the networking stack.
Thanks to Matthias Gerstner for discovering this issue.
(* Security fix *)
testing/packages/glibc-2.28-x86_64-1.txz: Added.
These packages are in /testing pending FTBFS analysis. They seem to work
fine here, but with a few header file deprecations and some other
possible API changes and incompatibilities (see the NEWS file), I expect
there will be some changes required to various packages. Feel free to
test them out though. Because of changes to the way glibc is built and
installed that started with the glibc-2.27 packages, you can upgrade to
these packages and also (if you wish) downgrade back to glibc-2.27 using
upgradepkg.
testing/packages/glibc-i18n-2.28-x86_64-1.txz: Added.
testing/packages/glibc-profile-2.28-x86_64-1.txz: Added.
testing/packages/glibc-solibs-2.28-x86_64-1.txz: Added.
+--------------------------+
Tue Jul 31 05:53:40 UTC 2018
a/kernel-firmware-20180730_7b5835f-noarch-1.txz: Upgraded.
l/fuse-2.9.8-x86_64-1.txz: Upgraded.
l/gdbm-1.17-x86_64-1.txz: Upgraded.
l/seamonkey-solibs-2.49.4-x86_64-1.txz: Upgraded.
l/utf8proc-2.2.0-x86_64-1.txz: Upgraded.
xap/seamonkey-2.49.4-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.seamonkey-project.org/releases/seamonkey2.49.4
(* Security fix *)
+--------------------------+
Sun Jul 29 08:27:12 UTC 2018
a/kernel-generic-4.14.59-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.59-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.59-x86_64-1.txz: Upgraded.
d/kernel-headers-4.14.59-x86-1.txz: Upgraded.
k/kernel-source-4.14.59-noarch-1.txz: Upgraded.
x/mesa-18.1.5-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.