From ba74260aeb31600cdee80934088739a8e9869f21 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Tue, 1 Feb 2022 08:27:47 +0000
Subject: Tue Feb  1 08:27:47 UTC 2022

kde/kate-21.12.1-x86_64-2.txz:  Rebuilt.
  Fix missing validation of binaries executed via QProcess.
  Thanks to Heinz Wiesinger.
  For more information, see:
    https://kde.org/info/security/advisory-20220131-1.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
  (* Security fix *)
---
 ChangeLog.txt | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'ChangeLog.txt')

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 334fea06..7ef64dbd 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,21 @@
+Tue Feb  1 08:27:47 UTC 2022
+kde/kate-21.12.1-x86_64-2.txz:  Rebuilt.
+  Fix missing validation of binaries executed via QProcess.
+  Thanks to Heinz Wiesinger.
+  For more information, see:
+    https://kde.org/info/security/advisory-20220131-1.txt
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23853
+  (* Security fix *)
++--------------------------+
+Tue Feb  1 05:35:21 UTC 2022
+Hey, my shiny brass lamp is almost out of fuel!
+a/rpm2tgz-1.2.2-x86_64-6.txz:  Rebuilt.
+  Don't use --no-absolute-filenames, because inexplicably it also strips the
+  leading '/' from symlink targets, generally creating a broken symlink.
+  The problem we were attempting to fix is far less common than symlinks to
+  absolute filenames, so we'll revert this for further consideration.
+  Thanks to pghvlaans.
++--------------------------+
 Tue Feb  1 04:37:04 UTC 2022
 The sepulchral voice intones, "The cave is now closed."
 kde/falkon-3.2.0-x86_64-1.txz:  Upgraded.
-- 
cgit v1.2.3