Slackware changelog Current arm
Mon Mar 07 08:08:08 UTC 2022

Development on 32bit Slackware ARM has ceased.
Slackware 32bit ARM 15.0 will be maintained for the foreseeable future.

Moving forward, development of Slackware on the ARM will target only
the AArch64 64bit architecture.

See this post for more details:
https://www.linuxquestions.org/questions/slackware-arm-108/the-future-of-32bit-slackware-arm-4175708932/

If you're using the tree 'slackwarearm-current' to receive updates, you
need to change it to 'slackwarearm-15.0' since '-current' will be removed
shortly.

a/kernel-modules-armv7-5.15.26_armv7-arm-1.txz: Upgraded.
a/kernel_armv7-5.15.26-arm-1.txz: Upgraded.
d/kernel-headers-5.15.26-arm-1.txz: Upgraded.
k/kernel-source-5.15.26-arm-1.txz: Upgraded.
l/expat-2.4.7-arm-1.txz: Upgraded.
This is a bugfix release:
Relax fix to CVE-2022-25236 (introduced with release 2.4.5) with regard to
all valid URI characters (RFC 3986).
isolinux/*: Rebuilt.
kernels/*: Upgraded.
+--------------------------+
Tue Mar 01 08:08:08 UTC 2022
l/libxml2-2.9.13-arm-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Use-after-free of ID and IDREF attributes
(Thanks to Shinji Sato for the report)
Use-after-free in xmlXIncludeCopyRange (David Kilzer)
Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
Fix memory leak in xmlXPathCompNodeTest
Fix null pointer deref in xmlStringGetNodeList
Fix several memory leaks found by Coverity (David King)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
(* Security fix *)
l/libxslt-1.1.35-arm-1.txz: Upgraded.
This update fixes bugs and the following security issues:
Fix use-after-free in xsltApplyTemplates
Fix memory leak in xsltDocumentElem (David King)
Fix memory leak in xsltCompileIdKeyPattern (David King)
Fix double-free with stylesheets containing entity nodes
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560
(* Security fix *)
+--------------------------+
Fri Feb 25 08:08:08 UTC 2022
n/cyrus-sasl-2.1.28-arm-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
(* Security fix *)
+--------------------------+
Tue Feb 22 08:08:08 UTC 2022
ap/flac-1.3.4-arm-1.txz: Upgraded.
This update fixes overflow issues with encoding and decoding.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561
(* Security fix *)
ap/mariadb-10.5.15-arm-2.txz: Rebuilt.
Removed dangling symlink.
l/expat-2.4.6-arm-1.txz: Upgraded.
Fixed a regression introduced by the fix for CVE-2022-25313 that affects
applications that (1) call function XML_SetElementDeclHandler and (2) are
parsing XML that contains nested element declarations:
(e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
+--------------------------+
Mon Feb 21 08:08:08 UTC 2022
l/expat-2.4.5-arm-1.txz: Upgraded.
Fixed security issues that could lead to denial of service or potentially
arbitrary code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315
(* Security fix *)
+--------------------------+
Fri Feb 18 08:08:08 UTC 2022
n/php-7.4.28-arm-1.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
extra/php80/php80-8.0.16-arm-1.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
extra/php81/php81-8.1.3-arm-1.txz: Upgraded.
This update fixes bugs and a security issue:
UAF due to php_filter_float() failing for ints.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708
(* Security fix *)
+--------------------------+
Wed Feb 16 08:08:08 UTC 2022
a/aaa_base-15.0-arm-3.txz: Rebuilt.
If root's mailbox did not already exist, it would be created with insecure
permissions leading to possible local information disclosure. This update
ensures that a new mailbox will be created with proper permissions and
ownership, and corrects the permissions on an existing mailbox if they are
found to be incorrect. Thanks to Martin for the bug report.
(* Security fix *)
a/util-linux-2.37.4-arm-1.txz: Upgraded.
This release fixes a security issue in chsh(1) and chfn(8):
By default, these utilities had been linked with libreadline, which allows
the INPUTRC environment variable to be abused to produce an error message
containing data from an arbitrary file. So, don't link these utilities with
libreadline as it does not use secure_getenv() (or a similar concept), or
sanitize the config file path to avoid vulnerabilities that could occur in
set-user-ID or set-group-ID programs.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563
(* Security fix *)
+--------------------------+
Tue Feb 15 08:08:08 UTC 2022

-current will resume in the next few weeks, then we'll move
to Linux 5.16 and I'll begin road-testing the new glibc.

"Gone fishing"

a/kernel-modules-armv7-5.15.23_armv7-arm-1.txz: Upgraded.
a/kernel_armv7-5.15.23-arm-1.txz: Upgraded.
/boot/initrd-armv7:
Added cryptsetup and dependencies required for LUKS.
Thanks to Brent Earl.
ap/at-3.2.3-arm-1.txz: Upgraded.
Switched to at-3.2.3 since version 3.2.4 has a regression that causes
queued jobs to not always run on time when atd is run as a standalone
daemon. Thanks to Cesare.
ap/mariadb-10.5.15-arm-1.txz: Upgraded.
This update fixes potential denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46663
(* Security fix *)
ap/sysstat-12.5.5-arm-2.txz: Rebuilt.
Fixed double-compressed man pages.
Thanks to gsl on LQ.
d/kernel-headers-5.15.23-arm-1.txz: Upgraded.
k/kernel-source-5.15.23-arm-1.txz: Upgraded.
isolinux/*: Rebuilt.
kernels/*: Upgraded.
+--------------------------+
Wed Feb 09 08:08:08 UTC 2022

Slackware 15.0 ARM 32bit is released!

Slackware ARM 15.0 is the 3rd official port of Slackware to the ARM architecture,
which I began in July 2016. The baseline architecture target is ARMv7-a,
boosting performance by offloading floating point operations into the hardware.
For this reason, you must check the UPGRADE.TXT notes to ensure that your
Hardware Model can support this new port. See:-

http://ftp.arm.slackware.com/slackwarearm/slackwarearm-15.0/UPGRADE.TXT

Slackware ARM 32bit has received the benefit of a huge amount of work over the
last year on the AArch64/ARM64 port: I've rewritten the Kernel module loader[1],
added a debug shell into it to help onboard new Hardware Models; there's a new
tool to manage the OS InitRD os-initrd-mgr(8) [2], enabling you to maintain
customisations seamlessly across Kernel package upgrades. There have been
improvements within the Installer and many bug fixes and improvements throughout
the entire OS.

This project is made possible entirely through your support. Last year saw a
vast amount of my 10-15 yr infrastructure hardware - an admixture of donated
and recycled disks, servers, network equipment etc. die in quick succession;
and with your support I was able to replace the components and add a couple of
UPSs to get the project up and running again.

So if you like what we're doing here, visit the sponsorship page:

https://arm.slackware.com/sponsor/

As always, the continued development of the ARM port of Slackware is dependent
upon Patrick Volkerding's Slackware, so please donate to that first as that's
his income source. You'll find the details for that at the URL above.

Thanks also to the core Slackware crew and the Slackware community for all of
the improvements, suggestions, bug fixes which make their way into the ARM port!

We've also been running the Slackware ARM podcast on YouTube to provide an
additional dimension into the project. The release also wraps up Season 2:

https://youtu.be/E0HBsmBbKIw

If you like what we're doing with the podcast, subscribe and set up
notifications. I'm thinking about the theme for Season 3 already, and if you
have any ideas, let us know in the LQ thread:
https://www.linuxquestions.org/questions/slackware-arm-108/slackware-arm-youtube-channel-4175688496/

For questions, support please use the LQ forum:
https://www.linuxquestions.org/questions/slackware-arm-108/

Enjoy!
Stuart Winter <mozes@slackware>

[1] https://www.youtube.com/watch?v=54jffeL_jeY
[2] https://www.youtube.com/watch?v=t3wKXMENTXk

a/kernel-modules-armv7-5.15.21_armv7-arm-1.txz: Upgraded.
a/kernel_armv7-5.15.21-arm-1.txz: Upgraded.
Config changes:
RTC_SYSTOHC y -> n
a/mtd-utils-040222-arm-1.txz: Upgraded.
a/u-boot-tools-2022.01-arm-1.txz: Upgraded.
d/kernel-headers-5.15.21-arm-2.txz: Rebuilt.
d/llvm-13.0.0-arm-3.txz: Rebuilt.
Build the LLVM linker 'lld'.
Thanks to Minime_2003 on LQ for the suggestion and testing.
k/kernel-source-5.15.21-arm-2.txz: Rebuilt.
isolinux/*: Rebuilt.
kernels/*: Upgraded.