Manjaro-specific packages which need an update

xfconf-gtk3 needs rebuilding against new perl version.

1 Like

Firefox 67.0.2 has been released with a few linux build bug fixes and improvements according to softpedia

Kind of the opposite ... folks are saying unstable kernel 5.1.9 was released too early?

Security vulnerabilities fixed in Thunderbird 60.7.1

Announced: June 13, 2019

Impact - high

#CVE-2019-11703: Heap buffer overflow in icalparser.c

Reporter

Luis Merino of X41 D-Sec

Impact

high

Description

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash.

References

#CVE-2019-11704: Heap buffer overflow in icalvalue.c

Reporter

Luis Merino of X41 D-Sec

Impact

high

Description

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash.

References

#CVE-2019-11705: Stack buffer overflow in icalrecur.c

Reporter

Luis Merino of X41 D-Sec

Impact

high

Description

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash.

References

#CVE-2019-11706: Type confusion in icalproperty.c

Reporter

Luis Merino of X41 D-Sec

Impact

low

Description

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.

References

auracle?

pacaur -Ss auracle
extra/auracle r202.225d9b9-1 [installed]
    A flexible client for the AUR
aur/auracle-git r258.ab0e8d9-1 (37, 6.94215)
    A flexible client for the AUR

@Ste74

A post was merged into an existing topic: Non-Manjaro packages which have been flagged as needing an update

2 posts were merged into an existing topic: Non-Manjaro packages which have been flagged as needing an update

Just a reminder :wink:

manjaro:~ >>> pacman -Dkk
error: missing 'snapd-glib' dependency for 'discover-snap'
error: missing 'linux-hardened' dependency for 'usbctl'
error: missing 'taglib-extras' dependency for 'amarok'
error: missing 'python2-wnck' dependency for 'dockbarx'
error: missing 'python2-gconf' dependency for 'dockbarx'
error: missing 'python2-wnck' dependency for 'dockbarx-gtk3'
error: missing 'python2-gconf' dependency for 'dockbarx-gtk3'
error: missing 'linux419-rt-rtl8723bu' dependency for 'linux-rt-lts-manjaro-rtl8723bu'
error: missing 'linux418-rt-nvidia-304xx' dependency for 'linux-rt-manjaro-nvidia-304xx'
error: missing 'catalyst-utils=15.201.1151' dependency for 'linux50-rt-catalyst'
error: missing 'pamac-dev<7.4.0' dependency for 'manjaro-application-utility-dev'
error: missing 'gnome-shell-extension-taskbar' dependency for 'manjaro-gnome-assets-dev'
error: missing 'breeze-kde4' dependency for 'plasma5-themes-menda'
error: missing 'sni-qt' dependency for 'lib32-sni-qt'

It looks like dockbarx and dockbarx-gtk3 need some love @Ste74

spectre-meltdown-checker has had a couple updates since it was mentioned last in this thread:


Since it's only a standalone bash script, maybe it's not necessary?

Reminder about fancontrol-gui that's broken:

2 Likes

I did away with the meltdown-checker package. I don't remember where I got it, but this little script downloads the latest version and runs it. I keep it in my ~/bin directory...I call it meltcheck.

meltcheck.sh
#! /bin/bash
# Spectre & Meltdown downloader & Checker
# Downloads and runs latest version of the Spectre & Meltdown checker
# GPLv2 Sharing is Caring
# Jerry Bezencon 2018

# Variables
CHKR="spectre-meltdown-checker.sh"
SCRIPT="Spectre & Meltdown Checker"
DISTROID=`lsb_release -i`
DISTROREL=`lsb_release -r`
KERNEL=`uname -a`

bold=$(tput bold)
normal=$(tput sgr0)

clear

# Title
echo "============================================================"
echo "Spectre & Meltdown downloader & Checker for Linux"
echo "Downloads the latest version of spectre-meltdown-checker.sh"
echo "Created by Jerry Bezencon of the Linux Lite Project"
echo "============================================================"
echo " "

# Display System information
echo "${bold}$DISTROID${normal}"
echo "${bold}$DISTROREL${normal}"
echo "${bold}Kernel Version: $KERNEL${normal}"
echo " "

# Download Spectre & Meltdown Checker
echo "Stage 1:"
echo " "
echo "Downloading latest $SCRIPT..."; echo " "
test -f  ["$CHKR"] || rm -rf $CHKR
sleep 2

wget https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/$CHKR
chmod +x $CHKR

# Check to see if Spectre & Meltdown Checker was downloaded
if [ -f $CHKR ]
then
    echo "======================================================="; echo " "; echo "$SCRIPT downloaded successfully."; echo " "; echo "======================================================="; echo " "
else
    clear; echo "Something went wrong, try again."; echo " "; exit
fi

sed -i '3i clear' $CHKR

# Run Spectre & Meltdown checker

read -n 1 -s -r -p "Press any key to continue..."
clear
echo "Stage 2:"
echo " "
echo "Running $SCRIPT."; echo "Please enter your password:"; echo " "
sudo sh $CHKR

echo " "
read -n 1 -s -r -p "Spectre and Meltdown scan complete. Press any key to exit."
echo " "

exit

Give it a whirl.

3 Likes

@oberon, I noticed conky got a version bump a couple days ago to 1.11.4 -- can you possibly rebuild conky-lua-nv?

Greetings!
here I go again complaining about Amarok package being broken in the community repo
thanks in advance = )

:: The following package cannot be upgraded due to unresolvable dependencies:
      amarok

:: unable to satisfy dependency 'taglib-extras' required by amarok

Amarok itself is an AUR package!!!(https://aur.archlinux.org/packages/amarok/)

$ pacman -Ss taglib-extras
community/taglib-extras 1.0.1-7.0
    Additional taglib plugins

It's in unstable, and I'd assume in testing too.

3 Likes

On Manjaro, it is available in community.

https://osmirror.org/manjaro/stable/community/x86_64/

(Search for amarok.)

1 Like

@oberon Cinnamon 4.2.0 released by upstream.

3 Likes

@Chrysostomus
rofi-scripts needs a rebuild, because rofi 1.5.3 introduced a theme naming change. I've already made the needed commit to rofimenu on github.

1 Like

Thanks, I'll rebuild it.

2 Likes

@oberon
appimagelauncher is now at 1.3.1.

1 Like

Thanks. Updated both on unstable branch and in the AUR :wink:

1 Like

Forum kindly sponsored by Bytemark