From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Thu, 21 Mar 2024 00:17:21 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p10/branch packages: +11 (18757) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Mar 2024 00:17:25 -0000 Archived-At: List-Archive: 11 UPDATED packages bolt - Thunderbolt device manager * Tue Mar 12 2024 L.A. Kostis 0.9.7-alt1 - 0.9.7. * Mon Sep 25 2023 L.A. Kostis 0.9.6-alt1 - 0.9.6. * Thu Jan 26 2023 L.A. Kostis 0.9.5-alt1 dropbear - A smallish SSH server and client * Sun Feb 11 2024 Vitaly Chikunov 2022.83-alt2 - Backport the fix for the Terrapin attack (fixes CVE-2023-48795). - Undo static linking (ALT#49349). * Mon Oct 16 2023 Vitaly Chikunov 2022.83-alt1 - Update to DROPBEAR_2022.83 (2022-11-14). - Experimentally build static executables (glibc based). - spec: Run upstream testsuite in %check. * Sun Jun 19 2022 Vitaly Chikunov 2022.82-alt1 - Update to DROPBEAR_2022.82 (2022-04-01). (Fixes: CVE-2018-15599, CVE-2018-5399, CVE-2018-20685, CVE-2019-12953, CVE-2020-15833, CVE-2020-36254). - Disable DSS keys. - Allow password auth. - Undo authkey_fp patch (as it does not apply to the new codebase). - Use bundled libtom{crypt,math} maintained by the authors of Dropbear. - Doc and client packages are merged into main package. - Add systemd services. - Correct sftp-server path (to openssh-server binary). * Fri Jan 12 2018 Aleksei Nikiforov 2017.75-alt2 kernel-image-rt - The Linux kernel with PREEMPT_RT patches (Real-Time Linux) * Tue Mar 19 2024 Kernel Bot 5.10.212-alt1.rt104 - v5.10.212-rt104 (2024-03-19). * Tue Mar 12 2024 Kernel Bot 5.10.211-alt1.rt103 kicad - An open source software for the creation of electronic schematic diagrams [56M] * Sat Mar 16 2024 Anton Midyukov 1:8.0.1-alt0.p10 - backport to p10 * Sat Mar 16 2024 Anton Midyukov 1:8.0.1-alt1 - new version 8.0.1 * Mon Mar 04 2024 Anton Midyukov 1:8.0.0-alt0.p10 kicad-doc - Documentation and tutorials for kicad [81M] * Sat Mar 16 2024 Anton Midyukov 1:8.0.1-alt1 - new version (8.0.1) with rpmgs script * Sun Mar 03 2024 Anton Midyukov 1:8.0.0-alt1 kicad-footprints - Footprint Libraries for kicad (creation of electronic schematic diagrams) [24M] * Sat Mar 16 2024 Anton Midyukov 8.0.1-alt1 - new version (8.0.1) with rpmgs script * Sun Mar 03 2024 Anton Midyukov 8.0.0-alt1 kicad-symbols - schematic symbol libraries for kicad (creation of electronic schematic diagrams) * Sat Mar 16 2024 Anton Midyukov 8.0.1-alt1 - new version (8.0.1) with rpmgs script * Sun Mar 03 2024 Anton Midyukov 8.0.0-alt1 rpm-build-vm - RPM helper to run tests in virtualised environment * Mon Mar 11 2024 Vitaly Chikunov 1.65-alt2 - Fix rebuild with gcc-10. - Remove BR:busybox for non-sisyphus branches. * Mon Feb 26 2024 Vitaly Chikunov 1.65-alt1 - i586: Avoid 'mce: Unable to init MCE device' warning. * Fri Feb 02 2024 Vitaly Chikunov 1.64-alt1 - vm-run: Limit memory below RLIMIT_AS. Add --maxmem and --maxcpu to workaround potential problems with it. * Thu Nov 23 2023 Vitaly Chikunov 1.63-alt1 - microvm: Detect CONFIG_SERCON=n. * Sat Nov 18 2023 Vitaly Chikunov 1.62-alt1 - Slightly improve microvm boot and qemu option passing thru. - initrd: Install tools symlinks for busybox. * Tue Nov 14 2023 Vitaly Chikunov 1.61-alt1 - Add 'exact command' mode (when there is more than single argument). * Sat Nov 11 2023 Vitaly Chikunov 1.60-alt3 - spec: checkinstall: Remove BR:busybox for unsupported architectures. - spec: checkinstall: Add tests for unsupported architectures. * Sat Nov 11 2023 Michael Shigorin 1.60-alt2 - E2K: no busybox in e2k-alt-linux so far (and no %checkinstall either). * Sun Nov 05 2023 Vitaly Chikunov 1.60-alt1 - Experimental support for --initrd mode (run script in initrd using busybox). * Tue Oct 10 2023 Vitaly Chikunov 1.59-alt1 - Improve rdshell environment usability. - Improve busybox/toybox compatibility for rdshell. - Add --heredoc option (run script from here-document). - Allow adding out-of-tree modules and arbitrary files to initrd. * Sat Oct 07 2023 Vitaly Chikunov 1.58-alt1 - Fix booting ext4 on kernels where it isn't built-in (ovz-el7). - Do not ignore initrd generation errors. - Allow adding arbitrary files into initrd (such as toybox). - initrd: Add support for rdshell and rddebug. * Mon Sep 25 2023 Vitaly Chikunov 1.57-alt1 - Enhance and document --loglevel= (for boot debugging). - Run (eval) command in a subshell with 'set -ex' by default. - armh: Fix 'architecture armv7l is unknown' error. * Fri Sep 15 2023 Vitaly Chikunov 1.56-alt1 - Add --stub-exit= option for vm-run stub (ALT#47599). * Sat Jul 15 2023 Vitaly Chikunov 1.55-alt1 - Add vm-initrd tool (minimalistic initramfs creator). * Thu Jun 22 2023 Vitaly Chikunov 1.54-alt1 - Add experimental '--stdout' option. - spec: checkinstall: Delete test disk images. * Mon May 22 2023 Vitaly Chikunov 1.53-alt1 - Prevent SIGTTOU when running rpmbuild in hsh-shell. * Thu May 11 2023 Vitaly Chikunov 1.52-alt1 simplescreenrecorder - Simple Screen Recording with OpenGL capture * Thu Mar 14 2024 Leontiy Volodin 0.4.4-alt5 - Simplified backporting to p10 branch. - Updated russian translations. * Thu Nov 02 2023 Ivan A. Melnikov 0.4.4-alt4.1 - Introduce with/without glinject knob; - Disable glinject on loongarch64 and riscv64. * Tue Sep 19 2023 Leontiy Volodin 0.4.4-alt4 - Fixed build with ffmpeg 6.0. * Tue Aug 02 2022 Leontiy Volodin 0.4.4-alt3 thunderbird - Thunderbird is Mozilla's e-mail client [538M] * Tue Mar 12 2024 Pavel Vasenkov 115.8.1-alt1 - New version. - Security fixes: + CVE-2024-1936 Leaking of encrypted email subjects to other conversations * Mon Mar 11 2024 Andrey Cherepanov 115.8.0-alt3 - Use maximize icon for mail window too (ALT #49606). * Thu Mar 07 2024 Andrey Cherepanov 115.8.0-alt2 - Use maximize icon for CSD restore button missing in some themes (ALT #49606). * Sat Feb 24 2024 Pavel Vasenkov 115.8.0-alt1 - New version. - Security fixes: + CVE-2024-1546 Out-of-bounds memory read in networking channels + CVE-2024-1547 Alert dialog could have been spoofed on another site + CVE-2024-1548 Fullscreen Notification could have been hidden by select element + CVE-2024-1549 Custom cursor could obscure the permission dialog + CVE-2024-1550 Mouse cursor re-positioned unexpectedly could have led to unintended permission grants + CVE-2024-1551 Multipart HTTP Responses would accept the Set-Cookie header in response parts + CVE-2024-1552 Incorrect code generation on 32-bit ARM devices + CVE-2024-1553 Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 * Sun Feb 04 2024 Pavel Vasenkov 115.7.0-alt1 - New version. - Security fixes: + CVE-2024-0741 Out of bounds write in ANGLE + CVE-2024-0742 Failure to update user input timestamp + CVE-2024-0746 Crash when listing printers on Linux + CVE-2024-0747 Bypass of Content Security Policy when directive unsafe-inline was set + CVE-2024-0749 Phishing site popup could show local origin in address bar + CVE-2024-0750 Potential permissions request bypass via clickjacking + CVE-2024-0751 Privilege escalation through devtools + CVE-2024-0753 HSTS policy on subdomain could bypass policy of upper domain + CVE-2024-0755 Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 * Sun Feb 04 2024 Grigory Ustinov 115.6.0-alt2 - Fixed building with python3.12. * Thu Dec 21 2023 Pavel Vasenkov 115.6.0-alt1 - New version. - Security fixes: + CVE-2023-50762 Truncated signed text was shown with a valid OpenPGP signature + CVE-2023-50761 S/MIME signature accepted despite mismatching message date + CVE-2023-6856 Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver + CVE-2023-6857 Symlinks may resolve to smaller than expected buffers + CVE-2023-6858 Heap buffer overflow in nsTextFragment + CVE-2023-6859 Use-after-free in PR_GetIdentitiesLayer + CVE-2023-6860 Potential sandbox escape due to VideoBridge lack of texture validation + CVE-2023-6861 Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode + CVE-2023-6862 Use-after-free in nsDNSService + CVE-2023-6863 Undefined behavior in ShutdownObserver() * Thu Nov 23 2023 Pavel Vasenkov 115.5.0-alt1 - New version. - Security fixes: + CVE-2023-6204 Out-of-bound memory access in WebGL2 blitFramebuffer + CVE-2023-6205 Use-after-free in MessagePort::Entangled + CVE-2023-6206 Clickjacking permission prompts using the fullscreen transition + CVE-2023-6207 Use-after-free in ReadableByteStreamQueueEntry::Buffer + CVE-2023-6208 Using Selection API would copy contents into X11 primary selection. + CVE-2023-6209 Incorrect parsing of relative URLs starting with "///" + CVE-2023-6212 Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 * Wed Nov 01 2023 Pavel Vasenkov 115.4.1-alt1 - New version. - Security fixes: + CVE-2023-5721 Queued up rendering could have allowed websites to clickjack + CVE-2023-5732 Address bar spoofing via bidirectional characters + CVE-2023-5724 Large WebGL draw could have led to a crash + CVE-2023-5725 WebExtensions could open arbitrary URLs + CVE-2023-5726 Full screen notification obscured by file open dialog on macOS + CVE-2023-5727 Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows + CVE-2023-5728 Improper object tracking during GC in the JavaScript engine could have led to a crash. + CVE-2023-5730 Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 * Mon Oct 16 2023 Pavel Vasenkov 115.3.1-alt2 - Fix check dependencies error for GLIBC_PRIVATE * Fri Oct 06 2023 Pavel Vasenkov 115.3.1-alt1 - New version. - Security fixes: + CVE-2023-5168 Out-of-bounds write in FilterNodeD2D1 + CVE-2023-5169 Out-of-bounds write in PathOps + CVE-2023-5171 Use-after-free in Ion Compiler + CVE-2023-5174 Double-free in process spawning on Windows + CVE-2023-5176 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 + CVE-2023-5217 Heap buffer overflow in libvpx * Wed Sep 27 2023 Alexey Sheplyakov 115.2.2-alt2 - Support LoongArch architecture (lp64d ABI). * Thu Sep 14 2023 Pavel Vasenkov 115.2.2-alt1 - New version. - Security fixes: + CVE-2023-3600 Use-after-free in workers + CVE-2023-3417 File Extension Spoofing using the Text Direction Override Character + CVE-2023-4045 Offscreen Canvas could have bypassed cross-origin restrictions + CVE-2023-4046 Incorrect value used during WASM compilation + CVE-2023-4047 Potential permissions request bypass via clickjacking + CVE-2023-4048 Crash in DOMParser due to out-of-memory conditions + CVE-2023-4049 Fix potential race conditions when releasing platform objects + CVE-2023-4050 Stack buffer overflow in StorageManager + CVE-2023-4052 File deletion and privilege escalation through Firefox uninstaller + CVE-2023-4054 Lack of warning when opening appref-ms files + CVE-2023-4055 Cookie jar overflow caused unexpected cookie jar state + CVE-2023-4056 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 + CVE-2023-4057 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 + CVE-2023-4573 Memory corruption in IPC CanvasTranslator + CVE-2023-4574 Memory corruption in IPC ColorPickerShownCallback + CVE-2023-4575 Memory corruption in IPC FilePickerShownCallback + CVE-2023-4576 Integer Overflow in RecordedSourceSurfaceCreation + CVE-2023-4577 Memory corruption in JIT UpdateRegExpStatics + CVE-2023-4051 Full screen notification obscured by file open dialog + CVE-2023-4578 Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception + CVE-2023-4053 Full screen notification obscured by external program + CVE-2023-4580 Push notifications saved to disk unencrypted + CVE-2023-4581 XLL file extensions were downloadable without warnings + CVE-2023-4582 Buffer Overflow in WebGL glGetProgramiv + CVE-2023-4583 Browsing Context potentially not cleared when closing Private Window + CVE-2023-4584 Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 + CVE-2023-4585 Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 + CVE-2023-4863 Heap buffer overflow in libwebp * Tue Jun 27 2023 Pavel Vasenkov 102.12.0-alt2 - Fixes: Unstable name collisions Build failure with GCC 13 * Wed Jun 14 2023 Pavel Vasenkov 102.12.0-alt1 - New version. - Security fixes: + CVE-2023-34414 Click-jacking certificate exceptions through rendering lag + CVE-2023-34416 Memory safety bugs fixed in Thunderbird 102.12 * Wed May 17 2023 Pavel Vasenkov 102.11.0-alt1 yggdrasil - End-to-end encrypted IPv6 networking * Thu Feb 08 2024 Anton Zhukharev 0.5.5-alt1 - Updated to 0.5.5. * Wed Dec 20 2023 Anton Zhukharev 0.5.4-alt1 - Updated to 0.5.4. * Tue Nov 07 2023 Anton Zhukharev 0.5.2-alt1 - Updated to 0.5.2. * Tue Oct 31 2023 Anton Zhukharev 0.5.1-alt1 - Updated to 0.5.1. * Tue Jan 17 2023 Anton Zhukharev 0.4.7-alt2 - package 'genkeys' util - clean up spec - add Vcs tag * Tue Nov 22 2022 Anton Zhukharev 0.4.7-alt1 Total 18757 source packages.