Slackware64-current ChangeLog

ChangeLog for: 2026-03-12 05:53:34

a/exfatprogs-1.3.2-x86_64-1.txz:  Upgraded.
d/ccache-4.13.1-x86_64-1.txz:  Upgraded.
d/llvm-22.1.1-x86_64-1.txz:  Upgraded.
d/perl-5.42.1-x86_64-1.txz:  Upgraded.
  Upgraded: Authen-SASL-2.2000, DBD-mysql-4.055, IO-Socket-SSL-2.098,
  Path-Tiny-0.150, Sub-Quote-2.006009, URI-5.34.
l/babl-0.1.124-x86_64-1.txz:  Upgraded.
l/gegl-0.4.68-x86_64-1.txz:  Upgraded.
l/harfbuzz-13.1.0-x86_64-1.txz:  Upgraded.
l/libarchive-3.8.6-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
  libarchive: fix incompatibility with Nettle 4.x (#2858)
  libarchive: fix NULL pointer dereference in
  archive_acl_from_text_w() (#2859)
  bsdunzip: fix ISO week year and Gregorian year confusion (#2860)
  7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation (#2864)
  7zip: fix out-of-bounds access on ELF 64-bit header (#2875)
  RAR5 reader: fix infinite loop in rar5 decompression (#2877)
  RAR5 reader: fix potential memory leak (#2892)
  RAR5: fix SIGSEGV when archive_read_support_format_rar5 is called
  twice (#2893)
  CAB reader: fix memory leak on repeated calls to
  archive_read_support_format_cab (#2895)
  mtree reader: Fix file descriptor leak in mtree parser
  cleanup (CWE-775, #2878)
  various small bugfixes in code and documentation
  (* Security fix *)
l/libclc-22.1.1-x86_64-1.txz:  Upgraded.
l/pipewire-1.6.1-x86_64-1.txz:  Upgraded.
l/pygobject3-3.56.1-x86_64-1.txz:  Upgraded.
l/spirv-llvm-translator-22.1.0-x86_64-1.txz:  Upgraded.
l/unicode-ucd-18.0.0-noarch-1.txz:  Upgraded.
n/curl-8.19.0-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  use after free in SMB connection reuse.
  wrong proxy connection reuse with credentials.
  token leak with redirect and netrc.
  bad reuse of HTTP Negotiate connection.
  For more information, see:
    https://curl.se/docs/CVE-2026-3805.html
    https://curl.se/docs/CVE-2026-3784.html
    https://curl.se/docs/CVE-2026-3783.html
    https://curl.se/docs/CVE-2026-1965.html
    https://www.cve.org/CVERecord?id=CVE-2026-3805
    https://www.cve.org/CVERecord?id=CVE-2026-3784
    https://www.cve.org/CVERecord?id=CVE-2026-3783
    https://www.cve.org/CVERecord?id=CVE-2026-1965
  (* Security fix *)
n/ngtcp2-1.21.0-x86_64-1.txz:  Added.
  Needed by curl-8.19.0.
n/openldap-2.6.13-x86_64-1.txz:  Upgraded.
n/postfix-3.11.1-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-140.8.1esr-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.8.1esr/releasenotes/