https://www.sya54m.eu Latest 20 entries in the Slackwarearm-current ChangeLog https://www.sya54m.eu/immagini/s256.png https://www.sya54m.eu en Wed, 20 May 2026 10:08:08 +0200 Wed, 20 May 2026 18:30:06 +0200 www.sya54m.eu https://www.sya54m.eu Wed, 20 May 2026 10:08:08 +0200 1779264488 a/bash-5.3.009-aarch64-2.txz:  Rebuilt.
  Retain the default BASH_LOADABLES_PATH, adjusted for ${LIBDIRSUFFIX}.
  Thanks to duncan_roe.
a/dcron-4.5-aarch64-14.txz:  Rebuilt.
  /etc/default/crond: Set the same minimal PATH that's provided by sysvinit at
  boot time to keep things consistent when using rc.crond restart. This PATH
  will be used both at boot and with a restart through rc.crond. Feel free to
  adjust it if needed.
  Thanks to Ken Zalewski.
a/haveged-1.9.21-aarch64-1.txz:  Upgraded.
  This update fixes a security issue:
  Missing exit out of permission check could lead to root exploit.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-41054
  (* Security fix *)
a/kernel_armv8-6.18.32-aarch64-1.txz:  Upgraded.
  Kernel config changes:
  CONFIG_VIDEO_MESON_GE2D=m
  CONFIG_DRM_MESON=m
  CONFIG_DRM_MESON_DW_HDMI=m
  CONFIG_DRM_MESON_DW_MIPI_DSI=m
  Thanks to warmbit.
a/util-linux-2.42.1-aarch64-1.txz:  Upgraded.
ap/ghostscript-10.07.1-aarch64-1.txz:  Upgraded.
ap/mariadb-11.8.7-aarch64-1.txz:  Upgraded.
ap/sox-14.8.0-aarch64-1.txz:  Upgraded.
ap/vim-9.2.0500-aarch64-1.txz:  Upgraded.
d/kernel-headers-6.18.32-aarch64-1.txz:  Upgraded.
d/llvm-22.1.6-aarch64-1.txz:  Upgraded.
d/tree-sitter-0.26.9-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.32-aarch64-1.txz:  Upgraded.
l/imagemagick-7.1.2_23-aarch64-1.txz:  Upgraded.
l/libclc-22.1.6-aarch64-1.txz:  Upgraded.
l/libsigc++-2.12.2-aarch64-1.txz:  Upgraded.
l/libsigc++3-3.8.1-aarch64-1.txz:  Upgraded.
l/libusb-1.0.30-aarch64-1.txz:  Upgraded.
l/libusb-compat-0.1.9-aarch64-1.txz:  Upgraded.
l/libxmlb-0.3.27-aarch64-1.txz:  Upgraded.
l/mozilla-nss-3.124-aarch64-1.txz:  Upgraded.
l/mozjs140-140.11.0esr-aarch64-1.txz:  Upgraded.
l/python-lxml-6.1.1-aarch64-1.txz:  Upgraded.
l/python-numpy-2.4.6-aarch64-1.txz:  Upgraded.
l/python-setuptools-gettext-0.1.18-aarch64-1.txz:  Upgraded.
x/libXi-1.8.3-aarch64-1.txz:  Upgraded.
x/mesa-26.1.1-aarch64-1.txz:  Upgraded.
x/xev-1.2.7-aarch64-1.txz:  Upgraded.
xap/mozilla-firefox-140.11.0esr-aarch64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-48
    https://www.cve.org/CVERecord?id=CVE-2026-8946
    https://www.cve.org/CVERecord?id=CVE-2026-8388
    https://www.cve.org/CVERecord?id=CVE-2026-8947
    https://www.cve.org/CVERecord?id=CVE-2026-8391
    https://www.cve.org/CVERecord?id=CVE-2026-8401
    https://www.cve.org/CVERecord?id=CVE-2026-8949
    https://www.cve.org/CVERecord?id=CVE-2026-8950
    https://www.cve.org/CVERecord?id=CVE-2026-8953
    https://www.cve.org/CVERecord?id=CVE-2026-8954
    https://www.cve.org/CVERecord?id=CVE-2026-8955
    https://www.cve.org/CVERecord?id=CVE-2026-8956
    https://www.cve.org/CVERecord?id=CVE-2026-8957
    https://www.cve.org/CVERecord?id=CVE-2026-8958
    https://www.cve.org/CVERecord?id=CVE-2026-8959
    https://www.cve.org/CVERecord?id=CVE-2026-8961
    https://www.cve.org/CVERecord?id=CVE-2026-8962
    https://www.cve.org/CVERecord?id=CVE-2026-8968
    https://www.cve.org/CVERecord?id=CVE-2026-8970
    https://www.cve.org/CVERecord?id=CVE-2026-8974
    https://www.cve.org/CVERecord?id=CVE-2026-8975
  (* Security fix *)
xap/mozilla-thunderbird-140.11.0esr-aarch64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.11.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/
    https://www.cve.org/CVERecord?id=CVE-2026-8946
    https://www.cve.org/CVERecord?id=CVE-2026-8388
    https://www.cve.org/CVERecord?id=CVE-2026-8947
    https://www.cve.org/CVERecord?id=CVE-2026-8391
    https://www.cve.org/CVERecord?id=CVE-2026-8401
    https://www.cve.org/CVERecord?id=CVE-2026-8949
    https://www.cve.org/CVERecord?id=CVE-2026-8950
    https://www.cve.org/CVERecord?id=CVE-2026-8953
    https://www.cve.org/CVERecord?id=CVE-2026-8954
    https://www.cve.org/CVERecord?id=CVE-2026-8955
    https://www.cve.org/CVERecord?id=CVE-2026-8956
    https://www.cve.org/CVERecord?id=CVE-2026-8957
    https://www.cve.org/CVERecord?id=CVE-2026-8958
    https://www.cve.org/CVERecord?id=CVE-2026-8959
    https://www.cve.org/CVERecord?id=CVE-2026-8961
    https://www.cve.org/CVERecord?id=CVE-2026-8962
    https://www.cve.org/CVERecord?id=CVE-2026-8968
    https://www.cve.org/CVERecord?id=CVE-2026-8970
    https://www.cve.org/CVERecord?id=CVE-2026-8974
    https://www.cve.org/CVERecord?id=CVE-2026-8975
  (* Security fix *)
xap/vim-gvim-9.2.0500-aarch64-1.txz:  Upgraded.
installer/*:  Rebuilt.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Sun, 17 May 2026 10:08:08 +0200 1779005288 a/kernel_armv8-6.18.31-aarch64-1.txz:  Upgraded.
d/kernel-headers-6.18.31-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.31-aarch64-1.txz:  Upgraded.
l/SDL2_net-2.4.0-aarch64-1.txz:  Upgraded.
l/hyphen-2.8.9-aarch64-1.txz:  Upgraded.
l/libpaper-2.2.8-aarch64-1.txz:  Upgraded.
l/python-numpy-2.4.5-aarch64-1.txz:  Upgraded.
n/postfix-3.11.3-aarch64-1.txz:  Upgraded.
installer/*:  Rebuilt.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Sat, 16 May 2026 10:08:08 +0200 1778918888 a/kernel_armv8-6.18.30-aarch64-1.txz:  Upgraded.
  This update fixes a security issue:
  ptrace: slightly saner 'get_dumpable()' logic.
  For more information, see:
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
    https://www.cve.org/CVERecord?id=CVE-2026-46333
  (* Security fix *)
a/lvm2-2.03.41-aarch64-1.txz:  Upgraded.
ap/slackpkg-15.0.10-noarch-8.txz:  Rebuilt.
  Removed defunct mirror sites.
d/kernel-headers-6.18.30-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.30-aarch64-1.txz:  Upgraded.
l/aom-3.14.0-aarch64-1.txz:  Upgraded.
l/librsvg-2.62.2-aarch64-1.txz:  Upgraded.
n/dnsmasq-2.92rel2-aarch64-1.txz:  Upgraded.
  This update fixes security issues.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-2291
    https://www.cve.org/CVERecord?id=CVE-2026-4890
    https://www.cve.org/CVERecord?id=CVE-2026-4891
    https://www.cve.org/CVERecord?id=CVE-2026-4892
    https://www.cve.org/CVERecord?id=CVE-2026-4893
    https://www.cve.org/CVERecord?id=CVE-2026-5172
  (* Security fix *)
tcl/tcl-8.6.18-aarch64-1.txz:  Upgraded.
tcl/tk-8.6.18-aarch64-1.txz:  Upgraded.
x/libei-1.6.0-aarch64-1.txz:  Upgraded.
installer/*:  Rebuilt.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Fri, 15 May 2026 10:08:08 +0200 1778832488 a/kernel-firmware-20260514_5b2bc2e-noarch-1.txz:  Upgraded.
a/kernel_armv8-6.18.30-aarch64-1.txz:  Upgraded.
d/kernel-headers-6.18.30-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.30-aarch64-1.txz:  Upgraded.
l/gexiv2-0.16.0-aarch64-2.txz:  Rebuilt.
  [PATCH] gexiv2: fix package name in gir file to have -0.16 suffix.
  Thanks to reddog83.
l/libedit-20260512_3.1-aarch64-1.txz:  Upgraded.
l/openjph-0.27.3-aarch64-1.txz:  Upgraded.
l/pipewire-1.6.5-aarch64-1.txz:  Upgraded.
l/python-idna-3.15-aarch64-1.txz:  Upgraded.
l/python-requests-2.34.2-aarch64-1.txz:  Upgraded.
n/NetworkManager-1.56.1-aarch64-1.txz:  Upgraded.
n/gnupg2-2.5.20-aarch64-1.txz:  Upgraded.
n/netatalk-4.4.3-aarch64-1.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-44047
    https://www.cve.org/CVERecord?id=CVE-2026-44048
    https://www.cve.org/CVERecord?id=CVE-2026-44049
    https://www.cve.org/CVERecord?id=CVE-2026-44050
    https://www.cve.org/CVERecord?id=CVE-2026-44051
    https://www.cve.org/CVERecord?id=CVE-2026-44052
    https://www.cve.org/CVERecord?id=CVE-2026-44054
    https://www.cve.org/CVERecord?id=CVE-2026-44055
    https://www.cve.org/CVERecord?id=CVE-2026-44057
    https://www.cve.org/CVERecord?id=CVE-2026-44060
    https://www.cve.org/CVERecord?id=CVE-2026-44062
    https://www.cve.org/CVERecord?id=CVE-2026-44064
    https://www.cve.org/CVERecord?id=CVE-2026-44066
    https://www.cve.org/CVERecord?id=CVE-2026-44068
    https://www.cve.org/CVERecord?id=CVE-2026-44076
    https://www.cve.org/CVERecord?id=CVE-2026-45354
    https://www.cve.org/CVERecord?id=CVE-2026-45355
    https://www.cve.org/CVERecord?id=CVE-2026-45356
    https://www.cve.org/CVERecord?id=CVE-2026-45698
    https://www.cve.org/CVERecord?id=CVE-2026-45699
  (* Security fix *)
x/libinput-1.31.2-aarch64-1.txz:  Upgraded.
x/mesa-26.0.7-aarch64-1.txz:  Upgraded.
y/bsd-games-2.17-aarch64-9.txz:  Rebuilt.
  Patched to fix 'countmail'. Thanks to andygoth.
installer/*:  Rebuilt.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Wed, 13 May 2026 10:08:08 +0200 1778659688 a/elogind-255.25-aarch64-1.txz:  Upgraded.
ap/xfsdump-3.3.0-aarch64-1.txz:  Upgraded.
d/ruby-4.0.4-aarch64-1.txz:  Upgraded.
l/gst-plugins-bad-free-1.28.3-aarch64-1.txz:  Upgraded.
l/gst-plugins-base-1.28.3-aarch64-1.txz:  Upgraded.
l/gst-plugins-good-1.28.3-aarch64-1.txz:  Upgraded.
l/gst-plugins-libav-1.28.3-aarch64-1.txz:  Upgraded.
l/gstreamer-1.28.3-aarch64-1.txz:  Upgraded.
l/imagemagick-7.1.2_22-aarch64-1.txz:  Upgraded.
l/openal-soft-1.25.2-aarch64-1.txz:  Upgraded.
n/samba-4.24.2-aarch64-1.txz:  Upgraded.
x/ibus-m17n-1.4.39-aarch64-1.txz:  Upgraded.
x/ibus-table-1.17.19-aarch64-1.txz:  Upgraded.
y/bsd-games-2.17-aarch64-8.txz:  Rebuilt.
  Apply a few patches from the Debian repo.
  Thanks to GazL.
]]> https://www.sya54m.eu Tue, 12 May 2026 10:08:08 +0200 1778573288 a/bcachefs-tools-1.38.3-aarch64-1.txz:  Upgraded.
a/btrfs-progs-7.0-aarch64-1.txz:  Upgraded.
a/elogind-255.24-aarch64-1.txz:  Upgraded.
a/kernel_armv8-6.18.29-aarch64-1.txz:  Upgraded.
  This update fixes a security issue:
  rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present.
  This fixes the second "Dirty Frag" vulnerability.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away you may blacklist or remove the kernel module rxrpc.ko (CVE-2026-43500).
  Also remove the module from the kernel if it has been loaded:
    rmmod rxrpc
  And, drop the file caches in case in-memory program copies have already
  been compromised. Make sure possibly affected programs do not have any
  open sessions first:
    sh -c "echo 3 > /proc/sys/vm/drop_caches"
  For more information, see:
    https://github.com/V4bel/dirtyfrag
    https://www.cve.org/CVERecord?id=CVE-2026-43500
  (* Security fix *)
ap/vim-9.2.0475-aarch64-1.txz:  Upgraded.
d/gdb-17.2-aarch64-1.txz:  Upgraded.
d/kernel-headers-6.18.29-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.29-aarch64-1.txz:  Upgraded.
kde/wcslib-8.7-aarch64-1.txz:  Upgraded.
l/SDL2_mixer-2.8.2-aarch64-1.txz:  Upgraded.
l/expat-2.8.1-aarch64-1.txz:  Upgraded.
  This update fixes a security issue:
  Fix quadratic runtime from attribute name collision checks that allowed
  denial of service attacks through moderately sized crafted XML input
  (CWE-407). Please note that a layer of compression around XML can
  significantly reduce the minimum attack payload size.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-45186
  (* Security fix *)
l/libedit-20260508_3.1-aarch64-1.txz:  Upgraded.
l/openjph-0.27.2-aarch64-1.txz:  Upgraded.
l/pygobject3-3.56.3-aarch64-1.txz:  Upgraded.
l/python-idna-3.14-aarch64-1.txz:  Upgraded.
l/python-installer-1.0.1-aarch64-1.txz:  Upgraded.
l/python-requests-2.34.0-aarch64-1.txz:  Upgraded.
x/OpenCC-1.3.1-aarch64-1.txz:  Upgraded.
xap/vim-gvim-9.2.0475-aarch64-1.txz:  Upgraded.
installer/*:  Rebuilt.
  Added console font 'ter-932b.psf.gz' for systems with a 4K framebuffer display.
  /root/.profile: Moved font selection into /etc/rc.d/rc.font. I'm not sure why I
  put it in here in the first place - probably to avoid patching.
  /etc/rc.d/rc.font: Automatically select font based on the framebuffer's screen
  resolution.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Sat, 09 May 2026 10:08:08 +0200 1778314088 a/dbus-1.16.2-aarch64-3.txz:  Rebuilt.
d/google-go-lang-1.26.3-aarch64-1.txz:  Upgraded.
l/pycurl-7.46.0-aarch64-1.txz:  Upgraded.
l/python-trove-classifiers-2026.5.7.17-aarch64-1.txz:  Upgraded.
n/fetchmail-6.6.4-aarch64-1.txz:  Upgraded.
xap/mozilla-thunderbird-140.10.2esr-aarch64-1.txz:  Upgraded.
y/nethack-5.0.0-aarch64-3.txz:  Rebuilt.
  Another fix for the HACK= sed substitution. Should be good now! :-)
  Thanks to zapwai.
]]> https://www.sya54m.eu Fri, 08 May 2026 10:08:08 +0200 1778227688 This batch brings a number of kernel and installer updates. The first pass of
SD card decoupling on the Raspberry Pi is now complete -- allowing the OS to
boot directly from a USB-connected SSD (or whatever block storage you're using)
without an SD card present. This has been tested and confirmed working.
Install-time instructions will follow in the coming weeks.

If you appreciate what we're doing with Slackware Linux on ARM, please consider
making a donation to support the project. Contributions go directly toward
maintaining essential build hardware, covering electricity costs, and keeping
this long-running labour of love alive and moving forward.
Every bit helps and is genuinely appreciated.

You can find out how to contribute here:
  https://arm.slackware.com/sponsor/

Thank you for your continued support!

  Stuart Winter <mozes@slackware>
  Brent Earl <el0226@slackware>

a/kernel-firmware-20260507_b3d71e9-noarch-1.txz:  Upgraded.
a/kernel_armv8-6.18.28-aarch64-1.txz:  Upgraded.
  This kernel update addresses a security vulnerability in the ESP (Encapsulating
  Security Payload) subsystem. When MSG_SPLICE_PAGES is used to attach pipe-backed
  pages directly to an skb, IPv4/IPv6 UDP datagram paths were not marking those
  frags as SKBFL_SHARED_FRAG, unlike the equivalent TCP path. This caused ESP
  input to take an unsafe fast path and decrypt in-place over memory not privately
  owned by the skb -- potentially corrupting shared pipe pages or allowing
  unintended data exposure in ESP-in-UDP configurations.
  The fix aligns UDP splice frag handling with TCP by setting SKBFL_SHARED_FRAG
  appropriately, and adds a guard in ESP input to fall back to skb_cow_data()
  when shared frags are present.
  No CVE assigned at time of release.
  For more information, see:
    https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4
  (* Security fix *)

  /boot/platform/aarch64/helper/pkg-kernel-rpi: Use a new variable exported from
  the parent /install/doinst.sh to reference the OS file system path, allowing
  Raspberry Pi bootware to be installed into a bootware file system that resides
  on a separate device from the Slackware ARM Installer SD card (for the install
  path where the Installer SD card isn't repurposed as the RPi bootware file
  system).
  Without this, the DTBs aren't copied into place and the system won't boot.

  /boot/initrd/[/load_kernel_modules.scr/platform/aarch64/rockchip]: Set the
  "lima" module as one of the core modules to be loaded on the RockChip
  platform.  This is required on the PineBook Pro.
  Thanks to jloco.

a/xfsprogs-7.0.0-aarch64-1.txz:  Upgraded.
d/AMF-headers-1.5.2-noarch-1.txz:  Upgraded.
d/kernel-headers-6.18.28-aarch64-1.txz:  Upgraded.
d/llvm-22.1.5-aarch64-1.txz:  Upgraded.
d/mercurial-7.2.2-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.28-aarch64-1.txz:  Upgraded.
kde/okteta-0.26.27-aarch64-1.txz:  Upgraded.
l/djvulibre-3.5.30-aarch64-1.txz:  Upgraded.
l/lcms2-2.19.1-aarch64-1.txz:  Upgraded.
l/libclc-22.1.5-aarch64-1.txz:  Upgraded.
l/mozjs140-140.10.2esr-aarch64-1.txz:  Upgraded.
l/openjph-0.27.1-aarch64-1.txz:  Upgraded.
l/python-urllib3-2.7.0-aarch64-1.txz:  Upgraded.
n/libgpg-error-1.61-aarch64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
   Fix possible stack overflow in es_printf for %.100f format.
   Fix out-of-bounds read in vfnameconcat.
  (* Security fix *)
n/php-8.4.21-aarch64-1.txz:  Upgraded.
  This update fixes security issues:
  DOM: Fixed Dom\XMLDocument::C14N() emits duplicate xmlns declarations after
  setAttributeNS().
  FPM: Fixed XSS within status endpoint.
  MBString: Fixed Null pointer dereference in php_mb_check_encoding()
  via mb_ereg_search_init().
  MBString: Fixed Out-of-bounds access in mbfl_name2encoding_ex().
  PDO_Firebird: Fixed SQL injection via NUL bytes in quoted strings.
  SOAP: Fixed Stale SOAP_GLOBAL(ref_map) pointer with Apache Map.
  SOAP: Fixed Use-after-free after header parsing failure with
  SOAP_PERSISTENCE_SESSION.
  SOAP: Fixed Broken Apache map value NULL check.
  Standard: Fixed Signed integer overflow of char array offset.
  Standard: Fixed Consistently pass unsigned char to ctype.h functions.
  URI: Fixed uriparser before 1.0.1 has numeric truncation in text range comparison.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.4.21
    https://www.cve.org/CVERecord?id=CVE-2026-7263
    https://www.cve.org/CVERecord?id=CVE-2026-6735
    https://www.cve.org/CVERecord?id=CVE-2026-7259
    https://www.cve.org/CVERecord?id=CVE-2026-6104
    https://www.cve.org/CVERecord?id=CVE-2025-14179
    https://www.cve.org/CVERecord?id=CVE-2026-6722
    https://www.cve.org/CVERecord?id=CVE-2026-7261
    https://www.cve.org/CVERecord?id=CVE-2026-7262
    https://www.cve.org/CVERecord?id=CVE-2026-7568
    https://www.cve.org/CVERecord?id=CVE-2026-7258
    https://www.cve.org/CVERecord?id=CVE-2026-42371
  (* Security fix *)
x/mesa-26.1.0-aarch64-1.txz:  Upgraded.
xap/mozilla-firefox-140.10.2esr-aarch64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.10.2/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-41
    https://www.cve.org/CVERecord?id=CVE-2026-8090
    https://www.cve.org/CVERecord?id=CVE-2026-8094
    https://www.cve.org/CVERecord?id=CVE-2026-8092
  (* Security fix *)
y/nethack-5.0.0-aarch64-2.txz:  Rebuilt.
  Fixed some paths / perms.
  Thanks to zapwai.
installer/*:  Rebuilt.
  /usr/lib/setup/armedslack-SeTpartitions: For Hardware Models where the SD card
  is not coupled to the OS (i.e. /boot resides on separate block storage), the
  SD card's filesystem label is cleared post-installation. This prevents the
  label persisting as a source of confusion during future device enumeration.

  Raspberry Pi: The RPi bootware filesystem can now reside on block storage
  other than MMC (SD card). To activate this, create a FAT32 partition as the
  first partition on your block device (USB, SSD, NVMe etc.) and label it
  'SLKhwm_bw'. The installer will detect it automatically and configure it
  instead of the SD card.

  A setup tool is provided to prepare the device from scratch:
    /tools/rpi-partition-bootware
  This will present a list of available block devices, wipe the partition table,
  and create and label the FAT32 bootware partition. Additional partitions (root,
  swap etc.) can then be added to the device as usual.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Wed, 06 May 2026 10:08:08 +0200 1778054888 a/hwdata-0.407-aarch64-1.txz:  Upgraded.
a/pam-1.7.2-aarch64-2.txz:  Rebuilt.
  Harden perms on /sbin/unix_chkpwd.
ap/sqlite-3.53.1-aarch64-1.txz:  Upgraded.
l/ffmpeg-7.1.4-aarch64-1.txz:  Upgraded.
l/hunspell-1.7.3-aarch64-1.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://github.com/hunspell/hunspell/releases/tag/v1.7.3
  (* Security fix *)
n/procmail-3.24-aarch64-4.txz:  Rebuilt.
  Harden perms on /usr/sbin/procmail.
]]> https://www.sya54m.eu Tue, 05 May 2026 10:08:08 +0200 1777968488 a/util-linux-2.42-aarch64-2.txz:  Rebuilt.
  Harden perms on /bin/mount and /bin/umount.
ap/lxc-7.0.0-aarch64-2.txz:  Rebuilt.
  Harden perms on /usr/libexec/lxc/lxc-user-nic.
d/ccache-4.13.6-aarch64-1.txz:  Upgraded.
d/python-pip-26.1.1-aarch64-1.txz:  Upgraded.
l/fuse-2.9.9-aarch64-6.txz:  Rebuilt.
  Harden perms on /bin/fusermount.
l/fuse3-3.16.2-aarch64-2.txz:  Rebuilt.
  Harden perms on /usr/bin/fusermount3.
l/libgtop-2.41.3-aarch64-2.txz:  Rebuilt.
  Harden perms on /usr/lib64/libgtop/libgtop_server2.
l/polkit-127-aarch64-2.txz:  Rebuilt.
n/httpd-2.4.67-aarch64-1.txz:  Upgraded.
  This release fixes bugs and the following security issues:
  mod_proxy_ajp: Heap Over-Read and memory disclosure in  ajp_parse_data().
  mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check.
  Off-by-one OOB reads in AJP getter functions.
  HTTP response splitting forwarding malicious status line.
  mod_authn_socache crash.
  mod_auth_digest timing attack.
  mod_md unrestricted OCSP response.
  buffer overflow in mod_proxy_ajp via ajp_msg_check_header().
  mod_rewrite elevation of privileges via ap_expr.
  http2: double free and possible RCE on early reset.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.67
    https://www.cve.org/CVERecord?id=CVE-2026-34059
    https://www.cve.org/CVERecord?id=CVE-2026-34032
    https://www.cve.org/CVERecord?id=CVE-2026-33857
    https://www.cve.org/CVERecord?id=CVE-2026-33523
    https://www.cve.org/CVERecord?id=CVE-2026-33007
    https://www.cve.org/CVERecord?id=CVE-2026-33006
    https://www.cve.org/CVERecord?id=CVE-2026-29169
    https://www.cve.org/CVERecord?id=CVE-2026-29168
    https://www.cve.org/CVERecord?id=CVE-2026-28780
    https://www.cve.org/CVERecord?id=CVE-2026-24072
    https://www.cve.org/CVERecord?id=CVE-2026-23918
  (* Security fix *)
n/krb5-1.22.2-aarch64-2.txz:  Rebuilt.
  Harden perms on /usr/bin/ksu.
x/xorg-server-21.1.22-aarch64-3.txz:  Rebuilt.
  Harden perms on /usr/libexec/Xorg.wrap.
x/xorg-server-xephyr-21.1.22-aarch64-3.txz:  Rebuilt.
x/xorg-server-xnest-21.1.22-aarch64-3.txz:  Rebuilt.
x/xorg-server-xvfb-21.1.22-aarch64-3.txz:  Rebuilt.
xap/xscreensaver-6.15-aarch64-2.txz:  Rebuilt.
  Harden perms on /usr/libexec/xscreensaver/sonar and
  /usr/libexec/xscreensaver/xscreensaver-auth.
y/nethack-5.0.0-aarch64-1.txz:  Upgraded.
  Thanks to zapwai.
]]> https://www.sya54m.eu Mon, 04 May 2026 10:08:08 +0200 1777882088 a/bcachefs-tools-1.38.2-aarch64-1.txz:  Upgraded.
l/gexiv2-0.16.0-aarch64-1.txz:  Upgraded.
  Shared library .so-version bump.
  Thanks to saxa.
xap/gimp-3.2.4-aarch64-2.txz:  Rebuilt.
  Patched to build with gexiv2-0.16.0.
  Thanks to USUARIONUEVO.
]]> https://www.sya54m.eu Sun, 03 May 2026 10:08:08 +0200 1777795688 a/dracut-111-aarch64-1.txz:  Upgraded.
a/elogind-255.23-aarch64-1.txz:  Upgraded.
a/haveged-1.9.20-aarch64-1.txz:  Upgraded.
a/kernel-firmware-20260429_56a13f9-noarch-1.txz:  Upgraded.
a/kernel_armv8-6.18.26-aarch64-1.txz:  Upgraded.
  This update fixes a critical security issue:
  An out-of-bounds write in the userspace interface for AEAD cipher algorithms
  may be leveraged to get a root shell through a setuid binary. While the
  proof of concepts for this have so far targeted different program versions
  than Slackware uses, there's nothing preventing anyone from targeting one
  a setuid binary that we use.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
  the algif_aead.ko kernel module to prevent the exploit.
  For more information, see:
    https://copy.fail/
    https://www.cve.org/CVERecord?id=CVE-2026-31431
  (* Security fix *)
a/lvm2-2.03.40-aarch64-1.txz:  Upgraded.
ap/htop-3.5.1-aarch64-1.txz:  Upgraded.
ap/joe-4.8-aarch64-1.txz:  Upgraded.
ap/lxc-7.0.0-aarch64-1.txz:  Upgraded.
ap/vim-9.2.0433-aarch64-1.txz:  Upgraded.
d/doxygen-1.17.0-aarch64-1.txz:  Upgraded.
d/kernel-headers-6.18.26-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.26-aarch64-1.txz:  Upgraded.
kde/xsimd-14.2.0-aarch64-1.txz:  Upgraded.
l/SDL2_image-2.8.12-aarch64-1.txz:  Upgraded.
l/SDL3-3.4.8-aarch64-1.txz:  Upgraded.
l/at-spi2-core-2.60.3-aarch64-1.txz:  Upgraded.
l/cfitsio-4.6.4-aarch64-1.txz:  Upgraded.
l/enchant-2.8.16-aarch64-1.txz:  Upgraded.
l/glib2-2.88.1-aarch64-1.txz:  Upgraded.
l/gtk4-4.22.4-aarch64-1.txz:  Upgraded.
l/libgsf-1.14.58-aarch64-1.txz:  Upgraded.
l/mozjs140-140.10.1esr-aarch64-1.txz:  Upgraded.
l/openexr-3.4.11-aarch64-1.txz:  Upgraded.
  Patch release that addresses the following security vulnerabilities:
  Shift exponent overflow in readVariableLengthInteger().
  Out-of-bounds read in IDManifest::init() during prefix expansion.
  Integer overflow in ImageChannel::resize leads to heap OOB write via
  OpenEXRUtil public API.
  Heap-buffer-overflow in DwaCompressor_uncompress.
  Null-dereference READ in Imf_3_3::prefixFromLayerName.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-42217
    https://www.cve.org/CVERecord?id=CVE-2026-42216
    https://www.cve.org/CVERecord?id=CVE-2026-41142
  (* Security fix *)
l/python-build-1.5.0-aarch64-1.txz:  Upgraded.
l/python-trove-classifiers-2026.4.28.13-aarch64-1.txz:  Upgraded.
l/qtkeychain-0.16.0-aarch64-1.txz:  Upgraded.
l/spirv-llvm-translator-22.1.2-aarch64-1.txz:  Upgraded.
n/curl-8.20.0-aarch64-1.txz:  Upgraded.
n/dhcpcd-10.3.2-aarch64-1.txz:  Upgraded.
n/ethtool-7.0-aarch64-1.txz:  Upgraded.
n/gnutls-3.8.13-aarch64-1.txz:  Upgraded.
  This update fixes a security issue:
  Add more checks to DTLS reassembly. Previously, gnutls didn't check that
  DTLS fragments claimed a consistent message_length value. Additionally,
  a crucial array size check was missing, enabling an attacker to cause a
  heap overwrite. Reject fragments with mismatching length and add a missing
  boundary check. Independently reported by Haruto Kimura (Stella), Oscar
  Reparaz and Zou Dikai.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-33846
  (* Security fix *)
n/openvpn-2.7.4-aarch64-1.txz:  Upgraded.
n/postfix-3.11.2-aarch64-1.txz:  Upgraded.
n/rsync-3.4.2-aarch64-1.txz:  Upgraded.
x/ibus-1.5.34-aarch64-1.txz:  Upgraded.
x/ibus-table-1.17.18-aarch64-1.txz:  Upgraded.
x/libdrm-2.4.133-aarch64-1.txz:  Upgraded.
x/mesa-26.0.6-aarch64-1.txz:  Upgraded.
x/noto-fonts-ttf-2026.05.01-noarch-1.txz:  Upgraded.
x/xterm-410-aarch64-1.txz:  Upgraded.
xap/mozilla-firefox-140.10.1esr-aarch64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.10.1/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-36
    https://www.cve.org/CVERecord?id=CVE-2026-7320
    https://www.cve.org/CVERecord?id=CVE-2026-7321
    https://www.cve.org/CVERecord?id=CVE-2026-7322
    https://www.cve.org/CVERecord?id=CVE-2026-7323
  (* Security fix *)
xap/mozilla-thunderbird-140.10.1esr-aarch64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.10.1esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/
    https://www.cve.org/CVERecord?id=CVE-2026-7320
    https://www.cve.org/CVERecord?id=CVE-2026-7321
    https://www.cve.org/CVERecord?id=CVE-2026-7322
    https://www.cve.org/CVERecord?id=CVE-2026-7323
  (* Security fix *)
xap/vim-gvim-9.2.0433-aarch64-1.txz:  Upgraded.
testing/packages/rust-1.95.0-aarch64-1.txz:  Upgraded.
installer/*:  Rebuilt.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Fri, 01 May 2026 10:08:08 +0200 1777622888 a/hwm-bw-raspberrypi-2026.04.30-aarch64-1.txz:  Upgraded.
  Upgraded to RPi EEPROM firmware version: 2026.04.30
  Upgraded to RPi boot firmware version..: 2026.04.21

  To update the firmware on your RPi's EEPROM, as root:

  $ rpi-eeprom-update -d

  This will report if there's newer firmware available.

  To update the firmware:
  $ rpi-eeprom-update -da

  If the firmware was successfully updated, reboot:
  $ reboot

  Note: On the Raspberry Pi 4, you may need to power cycle the machine in order
  for the update to apply.
]]> https://www.sya54m.eu Tue, 28 Apr 2026 10:08:08 +0200 1777363688 a/aaa_libraries-15.1-aarch64-48.txz:  Rebuilt.
  Upgraded: libcap.so.2.78, libelf-0.195.so, libgpg-error.so.0.42.0,
  liblzma.so.5.8.3, libexpat.so.1.12.0, libglib-2.0.so.0.8800.0,
  libgmodule-2.0.so.0.8800.0, libgobject-2.0.so.0.8800.0,
  libgthread-2.0.so.0.8800.0, libpng16.so.16.58.0.
  Added (temporarily): libboost_*.so.1.90.0.
a/kernel_armv8-6.18.25-aarch64-1.txz:  Upgraded.
a/libblockdev-3.5.0-aarch64-1.txz:  Upgraded.
ap/cups-2.4.19-aarch64-1.txz:  Upgraded.
  Fixed a regression in shared printing from non-local accounts (Issue #1557).
ap/mpg123-1.33.5-aarch64-1.txz:  Upgraded.
  mpg123: Fix generic control mode for largefile-sensitive builds, where 32 bit
  off_t was used with mpg123 API calls expecting 64 bit off_t.
  I am appalled that it took a user on 32 bit ARM and a specific https stream
  to notice this (bug 385, regression since 1.32.0).
  The security impact of this could be serious, with memory corruption
  including segfault being observed.
  mpg123-id3dump, out123: Enable 64 bit offset usage on largefile-sensitive
  platforms (regression since 1.32.0).
  (* Security fix *)
d/ccache-4.13.5-aarch64-1.txz:  Upgraded.
d/kernel-headers-6.18.25-aarch64-1.txz:  Upgraded.
d/python-pip-26.1-aarch64-1.txz:  Upgraded.
d/strace-7.0-aarch64-1.txz:  Upgraded.
d/universal-ctags-6.2.1-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.25-aarch64-1.txz:  Upgraded.
kde/kig-23.08.5-aarch64-12.txz:  Rebuilt.
  Recompiled against boost-1.91.0.
kde/kopeninghours-23.08.5-aarch64-12.txz:  Rebuilt.
  Recompiled against boost-1.91.0.
kde/libindi-2.2.1.1-aarch64-1.txz:  Upgraded.
l/Imath-3.2.2-aarch64-3.txz:  Rebuilt.
  Recompiled against boost-1.91.0.
l/at-spi2-core-2.60.2-aarch64-1.txz:  Upgraded.
l/boost-1.91.0-aarch64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/cryfs-0.10.3-aarch64-18.txz:  Rebuilt.
  Recompiled against boost-1.91.0.
l/expat-2.8.0-aarch64-1.txz:  Upgraded.
l/lcms2-2.19-aarch64-1.txz:  Upgraded.
l/mozilla-nss-3.123.1-aarch64-1.txz:  Upgraded.
l/python-build-1.4.4-aarch64-1.txz:  Upgraded.
l/python-packaging-26.2-aarch64-1.txz:  Upgraded.
l/python-pathspec-1.1.1-aarch64-1.txz:  Upgraded.
n/gnupg2-2.5.19-aarch64-1.txz:  Upgraded.
n/libgpg-error-1.60-aarch64-1.txz:  Upgraded.
n/mutt-2.3.2-aarch64-1.txz:  Upgraded.
n/openvpn-2.7.3-aarch64-1.txz:  Upgraded.
n/proftpd-1.3.9a-aarch64-1.txz:  Upgraded.
  Fix for an SQL injection that may lead to authentication bypass, privilege
  escalation, and arbitrary code execution. Slackware does not build mol_sql,
  but this may be an important upgrade for those rebuilding proftpd in order
  to add this module.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-42167
  (* Security fix *)
n/wireless-regdb-2026.03.18-aarch64-1.txz:  Upgraded.
x/editres-1.1.1-aarch64-1.txz:  Upgraded.
x/font-util-1.4.2-aarch64-1.txz:  Upgraded.
x/xbitmaps-1.1.4-aarch64-1.txz:  Upgraded.
x/xorg-server-xwayland-24.1.11-aarch64-1.txz:  Upgraded.
x/xrandr-1.5.4-aarch64-1.txz:  Upgraded.
installer/*:  Rebuilt.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Mon, 27 Apr 2026 10:08:08 +0200 1777277288 a/kernel_armv8-6.18.24-aarch64-1.txz:  Upgraded.
  Kernel configuration changes:
  +CONFIG_ZSWAP=y
  +CONFIG_ZSWAP_SHRINKER_DEFAULT_ON=y
  +CONFIG_ZSWAP_COMPRESSOR_DEFAULT_LZO=y
  Thanks to SCerovec for the suggestion.
d/kernel-headers-6.18.24-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.24-aarch64-1.txz:  Upgraded.
installer/*:  Rebuilt.
  /usr/share/hwm-configure/platform/aarch64/installer/assets/bootloader/rpi/
    Moved these template files from the RPi Slackware Installer image's fat
    bootware partition into the Installer.  This is the first step towards being
    able to decouple the SD card from the Slackware OS on the RPi:
      config.txt
      slk_config.txt
      slkos.cmdline.txt
/hwm-configure/platform/aarch64/installer/helper.scr/002-rpi_bl-configure:
   Install boot loader template files contained within the Installer file
   system.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Sat, 25 Apr 2026 10:08:08 +0200 1777104488 a/glibc-zoneinfo-2026b-noarch-1.txz:  Upgraded.
  This package provides the latest timezone updates.
a/ntfs-3g-2026.2.25-aarch64-1.txz:  Upgraded.
a/sed-4.10-aarch64-1.txz:  Upgraded.
ap/cups-2.4.18-aarch64-1.txz:  Upgraded.
  Fixed cupsd crash if user does not exist (Issue #1555).
ap/man-pages-6.18-noarch-1.txz:  Upgraded.
ap/qemu-11.0.0-aarch64-1.txz:  Upgraded.
ap/qemu-guest-agent-11.0.0-aarch64-1.txz:  Upgraded.
d/google-go-lang-1.26.2-aarch64-1.txz:  Upgraded.
d/parallel-20260422-noarch-1.txz:  Upgraded.
l/fftw-3.3.11-aarch64-1.txz:  Upgraded.
l/imagemagick-7.1.2_21-aarch64-1.txz:  Upgraded.
l/mozjs140-140.10.0esr-aarch64-1.txz:  Upgraded.
l/openblas-0.3.33-aarch64-1.txz:  Upgraded.
l/pipewire-1.6.4-aarch64-1.txz:  Upgraded.
l/python-certifi-2026.4.22-aarch64-1.txz:  Upgraded.
l/python-idna-3.13-aarch64-1.txz:  Upgraded.
l/python-pathspec-1.1.0-aarch64-1.txz:  Upgraded.
l/python-wheel-0.47.0-aarch64-1.txz:  Upgraded.
l/simdutf-9.0.0-aarch64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/vte-0.84.0-aarch64-2.txz:  Rebuilt.
  Recompiled against simdutf-9.0.0.
n/openvpn-2.7.2-aarch64-1.txz:  Upgraded.
]]> https://www.sya54m.eu Wed, 22 Apr 2026 10:08:08 +0200 1776845288 a/bcachefs-tools-1.38.0-aarch64-1.txz:  Upgraded.
a/coreutils-9.11-aarch64-1.txz:  Upgraded.
ap/vim-9.2.0382-aarch64-1.txz:  Upgraded.
d/cmake-4.3.2-aarch64-1.txz:  Upgraded.
d/git-2.54.0-aarch64-1.txz:  Upgraded.
d/llvm-22.1.4-aarch64-1.txz:  Upgraded.
d/meson-1.11.1-aarch64-1.txz:  Upgraded.
d/ruby-4.0.3-aarch64-1.txz:  Upgraded.
  This update fixes a security issue:
  ERB @_init deserialization guard bypass via def_module / def_method /
  def_class. Any Ruby application that calls Marshal.load on untrusted data
  AND has both erb and activesupport loaded is vulnerable to arbitrary code
  execution.
  For more information, see:
    https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/
    https://www.cve.org/CVERecord?id=CVE-2026-41316
  (* Security fix *)
d/valgrind-3.27.0-aarch64-1.txz:  Upgraded.
l/harfbuzz-14.2.0-aarch64-1.txz:  Upgraded.
l/libclc-22.1.4-aarch64-1.txz:  Upgraded.
l/python-idna-3.12-aarch64-1.txz:  Upgraded.
x/labwc-0.9.7-aarch64-1.txz:  Upgraded.
x/libXpm-3.5.19-aarch64-1.txz:  Upgraded.
  This update fixes a security issue:
  Out-of-bounds read in xpmNextWord().
  For more information, see:
    https://lists.x.org/archives/xorg-devel/2026-April/059452.html
    https://www.cve.org/CVERecord?id=CVE-2026-4367
  (* Security fix *)
xap/mozilla-firefox-140.10.0esr-aarch64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.10.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-32/
    https://www.cve.org/CVERecord?id=CVE-2026-6746
    https://www.cve.org/CVERecord?id=CVE-2026-6747
    https://www.cve.org/CVERecord?id=CVE-2026-6748
    https://www.cve.org/CVERecord?id=CVE-2026-6749
    https://www.cve.org/CVERecord?id=CVE-2026-6750
    https://www.cve.org/CVERecord?id=CVE-2026-6751
    https://www.cve.org/CVERecord?id=CVE-2026-6752
    https://www.cve.org/CVERecord?id=CVE-2026-6753
    https://www.cve.org/CVERecord?id=CVE-2026-6754
    https://www.cve.org/CVERecord?id=CVE-2026-6757
    https://www.cve.org/CVERecord?id=CVE-2026-6759
    https://www.cve.org/CVERecord?id=CVE-2026-6761
    https://www.cve.org/CVERecord?id=CVE-2026-6762
    https://www.cve.org/CVERecord?id=CVE-2026-6763
    https://www.cve.org/CVERecord?id=CVE-2026-6764
    https://www.cve.org/CVERecord?id=CVE-2026-6765
    https://www.cve.org/CVERecord?id=CVE-2026-6766
    https://www.cve.org/CVERecord?id=CVE-2026-6767
    https://www.cve.org/CVERecord?id=CVE-2026-6769
    https://www.cve.org/CVERecord?id=CVE-2026-6770
    https://www.cve.org/CVERecord?id=CVE-2026-6771
    https://www.cve.org/CVERecord?id=CVE-2026-6772
    https://www.cve.org/CVERecord?id=CVE-2026-6776
    https://www.cve.org/CVERecord?id=CVE-2026-6785
    https://www.cve.org/CVERecord?id=CVE-2026-6786
  (* Security fix *)
xap/mozilla-thunderbird-140.10.0esr-aarch64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.10.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird140.10
  (* Security fix *)
xap/vim-gvim-9.2.0382-aarch64-1.txz:  Upgraded.
]]> https://www.sya54m.eu Mon, 20 Apr 2026 10:08:08 +0200 1776672488 a/kernel-firmware-20260417_3fc7117-noarch-1.txz:  Upgraded.
a/kernel_armv8-6.18.23-aarch64-1.txz:  Upgraded.
a/mkinitrd-1.4.11-aarch64-36.txz:  Rebuilt.
  Add -XFW option to support a list of firmware files to load into the initrd.
  Also add #EXTRAFW= example to mkinitrd.conf.sample.
  Thanks to ZhaoLin1547.
ap/cups-2.4.17-aarch64-1.txz:  Upgraded.
  This update fixes security issues:
  The scheduler treated local user and group names as case-insensitive.
  The RSS notifier could write outside the scheduler's RSS directory.
  The scheduler did not filter control characters from option values.
  The scheduler did not always allocate enough memory for a job's options
  string.
  The scheduler incorrectly allowed local certificates over the loopback
  interface.
  Fixed the range check for job password strings.
  Fixed a printer subscription bug in the scheduler.
  Fixed a SNMP string conversion bug in the backends.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-27447
    https://www.cve.org/CVERecord?id=CVE-2026-34978
    https://www.cve.org/CVERecord?id=CVE-2026-34980
    https://www.cve.org/CVERecord?id=CVE-2026-34979
    https://www.cve.org/CVERecord?id=CVE-2026-34990
    https://www.cve.org/CVERecord?id=CVE-2026-39314
    https://www.cve.org/CVERecord?id=CVE-2026-39316
  (* Security fix *)
d/ccache-4.13.4-aarch64-1.txz:  Upgraded.
d/kernel-headers-6.18.23-aarch64-1.txz:  Upgraded.
k/kernel-source-6.18.23-aarch64-1.txz:  Upgraded.
l/fast_float-8.2.5-aarch64-1.txz:  Upgraded.
l/fluidsynth-2.5.4-aarch64-1.txz:  Upgraded.
l/frei0r-plugins-3.1.3-aarch64-1.txz:  Upgraded.
l/gtk4-4.22.3-aarch64-1.txz:  Upgraded.
l/mozilla-nss-3.123-aarch64-1.txz:  Upgraded.
l/openexr-3.4.10-aarch64-1.txz:  Upgraded.
  HTJ2K Signed Integer Overflow in `ht_undo_impl()`
  Integer overflow in DWA `setupChannelData` `planarUncRle` pointer arithmetic
  (missed variant of CVE-2026-34589).
  Integer overflow in DWA decoder `outBufferEnd` pointer arithmetic
  (missed variant of CVE-2026-34589).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-39886
    https://www.cve.org/CVERecord?id=CVE-2026-40244
    https://www.cve.org/CVERecord?id=CVE-2026-40250
  (* Security fix *)
l/python-lxml-6.1.0-aarch64-1.txz:  Upgraded.
l/python-pybind11-3.0.4-aarch64-1.txz:  Upgraded.
n/netatalk-4.4.2-aarch64-1.txz:  Upgraded.
n/nghttp2-1.69.0-aarch64-1.txz:  Upgraded.
n/nmap-7.99-aarch64-1.txz:  Upgraded.
n/samba-4.24.1-aarch64-1.txz:  Upgraded.
x/OpenCC-1.3.0-aarch64-1.txz:  Upgraded.
  Shared library .so-version bump.
x/editres-1.1.0-aarch64-1.txz:  Upgraded.
x/fcitx5-chinese-addons-5.1.12-aarch64-2.txz:  Rebuilt.
  Recompiled against OpenCC-1.3.0.
x/fstobdf-1.0.8-aarch64-1.txz:  Upgraded.
x/ibus-libpinyin-1.16.5-aarch64-3.txz:  Rebuilt.
  Recompiled against OpenCC-1.3.0.
x/iceauth-1.0.11-aarch64-1.txz:  Upgraded.
x/ico-1.0.7-aarch64-1.txz:  Upgraded.
x/listres-1.0.7-aarch64-1.txz:  Upgraded.
x/mkcomposecache-1.2.3-aarch64-1.txz:  Upgraded.
x/mkfontscale-1.2.4-aarch64-1.txz:  Upgraded.
x/xbiff-1.0.6-aarch64-1.txz:  Upgraded.
x/xconsole-1.1.1-aarch64-1.txz:  Upgraded.
x/xorg-server-21.1.22-aarch64-2.txz:  Rebuilt.
  Patched to support TearFree with the modesetting driver.
x/xorg-server-xephyr-21.1.22-aarch64-2.txz:  Rebuilt.
x/xorg-server-xnest-21.1.22-aarch64-2.txz:  Rebuilt.
x/xorg-server-xvfb-21.1.22-aarch64-2.txz:  Rebuilt.
xap/gimp-3.2.4-aarch64-1.txz:  Upgraded.
extra/tigervnc/tigervnc-1.16.2-aarch64-2.txz:  Rebuilt.
  Rebuilt against xorg-server-21.1.22 with security fixes:
  XKB Integer Underflow in XkbSetCompatMap().
  XKB Out-of-bounds Read in CheckSetGeom().
  XSYNC Use-after-free in miSyncTriggerFence().
  XKB Out-of-bounds read in CheckModifierMap().
  XKB Buffer overflow in CheckKeyTypes().
  For more information, see:
    https://lists.x.org/archives/xorg-devel/2026-April/059446.html
    https://www.cve.org/CVERecord?id=CVE-2026-33999
    https://www.cve.org/CVERecord?id=CVE-2026-34000
    https://www.cve.org/CVERecord?id=CVE-2026-34001
    https://www.cve.org/CVERecord?id=CVE-2026-34002
    https://www.cve.org/CVERecord?id=CVE-2026-34003
  (* Security fix *)
installer/*:  Rebuilt.
  /usr/lib/setup/armedslack-SeTpartitions: For Hardware Models using the U-Boot
  boot loader, add support for decoupling the SD card from the OS /boot file
  system. This allows the system to boot independently of the SD card.

  This functionality is currently experimental and hidden behind a feature flag.
  To enable it from within the Installer, before launching setup, run:

  $ touch /.bootsel_alt
  I'm not sure whether to expose this as part of the regular work flow yet.
kernels/*:  Upgraded.
]]> https://www.sya54m.eu Fri, 17 Apr 2026 10:08:08 +0200 1776413288 a/time-1.10-aarch64-1.txz:  Upgraded.
ap/diffstat-1.69-aarch64-1.txz:  Upgraded.
l/editorconfig-core-c-0.12.11-aarch64-1.txz:  Upgraded.
l/elfutils-0.195-aarch64-1.txz:  Upgraded.
l/gsettings-desktop-schemas-50.1-aarch64-1.txz:  Upgraded.
l/libpng-1.6.58-aarch64-1.txz:  Upgraded.
  Fixed a regression introduced in version 1.6.56 that caused `png_get_PLTE`
  to return stale palette data after applying gamma and background transforms
  in-place.
l/libxml2-2.15.3-aarch64-1.txz:  Upgraded.
  This update fixes security issues:
  parser: Pass userData to SAX text callbacks in xmlParseReference
  (type-confusion).
  entities: copy children in xmlCopyEntity.
  c14n: Fix Type confusion in xmlC14NProcessAttrsAxis.
  python: Do not decref string after adding to the list
  (double-free / use-after-free).
  c14n: Reuse tmp_str, xmlStrcat reallocates *cur (double-free).
  (* Security fix *)
l/nodejs-24.15.0-aarch64-1.txz:  Upgraded.
l/python-packaging-26.1-aarch64-1.txz:  Upgraded.
n/libgcrypt-1.12.2-aarch64-1.txz:  Upgraded.
n/ngtcp2-1.22.1-aarch64-1.txz:  Upgraded.
x/mesa-26.0.5-aarch64-1.txz:  Upgraded.
]]> https://www.sya54m.eu Wed, 15 Apr 2026 10:08:08 +0200 1776240488 l/jemalloc-5.3.1-aarch64-1.txz:  Upgraded.
l/libexif-0.6.26-aarch64-1.txz:  Upgraded.
  This update fixes security issues:
  An unsigned integer underflow in Fuji and Olympus makernote handling.
  An unsigned integer overflow on 32bit systems in Nikon makernote handling.
  A buffer overwrite via integer underflow in makernote handling.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-40386
    https://www.cve.org/CVERecord?id=CVE-2026-40385
    https://www.cve.org/CVERecord?id=CVE-2026-32775
  (* Security fix *)
l/libxmlb-0.3.26-aarch64-1.txz:  Upgraded.
  Add bounds check to prevent OOB read in token index lookup (Richard Hughes).
  Prevent stack overflow from unbounded recursion in export (Richard Hughes).
  (* Security fix *)
l/mozilla-nss-3.122.1-aarch64-1.txz:  Upgraded.
l/openexr-3.4.9-aarch64-2.txz:  Rebuilt.
  Recompiled against openjph-0.27.0.
l/openjph-0.27.0-aarch64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/python-editables-0.6-aarch64-1.txz:  Upgraded.
n/iproute2-7.0.0-aarch64-1.txz:  Upgraded.
x/xf86-video-fbdev-0.5.1-aarch64-5.txz:  Rebuilt.
x/xorg-server-21.1.22-aarch64-1.txz:  Upgraded.
  This update fixes security issues:
  XKB Integer Underflow in XkbSetCompatMap().
  XKB Out-of-bounds Read in CheckSetGeom().
  XSYNC Use-after-free in miSyncTriggerFence().
  XKB Out-of-bounds read in CheckModifierMap().
  XKB Buffer overflow in CheckKeyTypes().
  For more information, see:
    https://lists.x.org/archives/xorg-devel/2026-April/059446.html
    https://www.cve.org/CVERecord?id=CVE-2026-33999
    https://www.cve.org/CVERecord?id=CVE-2026-34000
    https://www.cve.org/CVERecord?id=CVE-2026-34001
    https://www.cve.org/CVERecord?id=CVE-2026-34002
    https://www.cve.org/CVERecord?id=CVE-2026-34003
  (* Security fix *)
x/xorg-server-xephyr-21.1.22-aarch64-1.txz:  Upgraded.
x/xorg-server-xnest-21.1.22-aarch64-1.txz:  Upgraded.
x/xorg-server-xvfb-21.1.22-aarch64-1.txz:  Upgraded.
x/xorg-server-xwayland-24.1.10-aarch64-1.txz:  Upgraded.
  This update fixes security issues:
  XKB Integer Underflow in XkbSetCompatMap().
  XKB Out-of-bounds Read in CheckSetGeom().
  XSYNC Use-after-free in miSyncTriggerFence().
  XKB Out-of-bounds read in CheckModifierMap().
  XKB Buffer overflow in CheckKeyTypes().
  For more information, see:
    https://lists.x.org/archives/xorg-devel/2026-April/059446.html
    https://www.cve.org/CVERecord?id=CVE-2026-33999
    https://www.cve.org/CVERecord?id=CVE-2026-34000
    https://www.cve.org/CVERecord?id=CVE-2026-34001
    https://www.cve.org/CVERecord?id=CVE-2026-34002
    https://www.cve.org/CVERecord?id=CVE-2026-34003
  (* Security fix *)
x/xterm-409-aarch64-1.txz:  Upgraded.
]]>