diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-02-15 19:48:10 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-02-16 13:30:35 +0100 |
commit | 9b5b70af5be71074990c96cde8c7b0ac38318721 (patch) | |
tree | 2021f08dec1ef919c38406d49477958c15112680 | |
parent | ad9ea8bf781935db257f79f0efd1e0744c8e02c2 (diff) | |
download | current-9b5b70af5be71074990c96cde8c7b0ac38318721.tar.gz current-9b5b70af5be71074990c96cde8c7b0ac38318721.tar.xz |
Wed Feb 15 19:48:10 UTC 202320230215194810_15.0
patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP multi-header compression denial of service.
HSTS amnesia with --parallel.
HSTS ignored on multiple requests.
For more information, see:
https://curl.se/docs/CVE-2023-23916.html
https://curl.se/docs/CVE-2023-23915.html
https://curl.se/docs/CVE-2023-23914.html
https://www.cve.org/CVERecord?id=CVE-2023-23916
https://www.cve.org/CVERecord?id=CVE-2023-23915
https://www.cve.org/CVERecord?id=CVE-2023-23914
(* Security fix *)
patches/packages/git-2.35.7-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link.
These two may be combined to include arbitrary files based on known
paths on the victim's filesystem within the malicious repository's
working copy, allowing for data exfiltration in a similar manner as
CVE-2022-39253.
By feeding a crafted input to "git apply", a path outside the
working tree can be overwritten as the user who is running "git
apply".
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22490
https://www.cve.org/CVERecord?id=CVE-2023-23946
(* Security fix *)
-rw-r--r-- | ChangeLog.rss | 45 | ||||
-rw-r--r-- | ChangeLog.txt | 33 | ||||
-rw-r--r-- | FILELIST.TXT | 52 | ||||
-rwxr-xr-x | extra/source/php80/fetch-php.sh | 4 | ||||
-rwxr-xr-x | extra/source/php81/fetch-php.sh | 4 | ||||
-rw-r--r-- | patches/packages/curl-7.88.0-x86_64-1_slack15.0.txt (renamed from patches/packages/curl-7.87.0-x86_64-1_slack15.0.txt) | 0 | ||||
-rw-r--r-- | patches/packages/git-2.35.7-x86_64-1_slack15.0.txt (renamed from patches/packages/git-2.35.6-x86_64-1_slack15.0.txt) | 0 |
7 files changed, 106 insertions, 32 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index f96a5a1ee..26b92444b 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,51 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Wed, 15 Feb 2023 03:05:40 GMT</pubDate> - <lastBuildDate>Thu, 16 Feb 2023 00:30:23 GMT</lastBuildDate> + <pubDate>Wed, 15 Feb 2023 19:48:10 GMT</pubDate> + <lastBuildDate>Thu, 16 Feb 2023 12:30:22 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Wed, 15 Feb 2023 19:48:10 GMT</title> + <pubDate>Wed, 15 Feb 2023 19:48:10 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20230215194810</link> + <guid isPermaLink="false">20230215194810</guid> + <description> + <![CDATA[<pre> +patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz: Upgraded. + This update fixes security issues: + HTTP multi-header compression denial of service. + HSTS amnesia with --parallel. + HSTS ignored on multiple requests. + For more information, see: + https://curl.se/docs/CVE-2023-23916.html + https://curl.se/docs/CVE-2023-23915.html + https://curl.se/docs/CVE-2023-23914.html + https://www.cve.org/CVERecord?id=CVE-2023-23916 + https://www.cve.org/CVERecord?id=CVE-2023-23915 + https://www.cve.org/CVERecord?id=CVE-2023-23914 + (* Security fix *) +patches/packages/git-2.35.7-x86_64-1_slack15.0.txz: Upgraded. + This update fixes security issues: + Using a specially-crafted repository, Git can be tricked into using + its local clone optimization even when using a non-local transport. + Though Git will abort local clones whose source $GIT_DIR/objects + directory contains symbolic links (c.f., CVE-2022-39253), the objects + directory itself may still be a symbolic link. + These two may be combined to include arbitrary files based on known + paths on the victim's filesystem within the malicious repository's + working copy, allowing for data exfiltration in a similar manner as + CVE-2022-39253. + By feeding a crafted input to "git apply", a path outside the + working tree can be overwritten as the user who is running "git + apply". + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-22490 + https://www.cve.org/CVERecord?id=CVE-2023-23946 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Wed, 15 Feb 2023 03:05:40 GMT</title> <pubDate>Wed, 15 Feb 2023 03:05:40 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20230215030540</link> diff --git a/ChangeLog.txt b/ChangeLog.txt index bad42d626..c4a8ccf42 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,36 @@ +Wed Feb 15 19:48:10 UTC 2023 +patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz: Upgraded. + This update fixes security issues: + HTTP multi-header compression denial of service. + HSTS amnesia with --parallel. + HSTS ignored on multiple requests. + For more information, see: + https://curl.se/docs/CVE-2023-23916.html + https://curl.se/docs/CVE-2023-23915.html + https://curl.se/docs/CVE-2023-23914.html + https://www.cve.org/CVERecord?id=CVE-2023-23916 + https://www.cve.org/CVERecord?id=CVE-2023-23915 + https://www.cve.org/CVERecord?id=CVE-2023-23914 + (* Security fix *) +patches/packages/git-2.35.7-x86_64-1_slack15.0.txz: Upgraded. + This update fixes security issues: + Using a specially-crafted repository, Git can be tricked into using + its local clone optimization even when using a non-local transport. + Though Git will abort local clones whose source $GIT_DIR/objects + directory contains symbolic links (c.f., CVE-2022-39253), the objects + directory itself may still be a symbolic link. + These two may be combined to include arbitrary files based on known + paths on the victim's filesystem within the malicious repository's + working copy, allowing for data exfiltration in a similar manner as + CVE-2022-39253. + By feeding a crafted input to "git apply", a path outside the + working tree can be overwritten as the user who is running "git + apply". + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-22490 + https://www.cve.org/CVERecord?id=CVE-2023-23946 + (* Security fix *) ++--------------------------+ Wed Feb 15 03:05:40 UTC 2023 extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: diff --git a/FILELIST.TXT b/FILELIST.TXT index 85c5470d4..b344fc34d 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Wed Feb 15 03:10:48 UTC 2023 +Wed Feb 15 19:53:19 UTC 2023 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2023-02-15 03:05 . +drwxr-xr-x 12 root root 4096 2023-02-15 19:48 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1172029 2023-02-10 20:11 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2023-02-10 20:11 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1172757 2023-02-15 03:11 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2023-02-15 03:11 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 1989338 2023-02-15 03:05 ./ChangeLog.txt +-rw-r--r-- 1 root root 1990907 2023-02-15 19:48 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1528427 2023-02-10 20:11 ./FILELIST.TXT +-rw-r--r-- 1 root root 1529385 2023-02-15 03:10 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY -rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT @@ -738,13 +738,13 @@ drwxr-xr-x 2 root root 4096 2008-05-07 05:21 ./pasture/source/php/pear -rwxr-xr-x 1 root root 9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild -rw-r--r-- 1 root root 775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz -rw-r--r-- 1 root root 830 2005-12-09 05:18 ./pasture/source/php/slack-desc -drwxr-xr-x 4 root root 4096 2023-02-15 03:10 ./patches --rw-r--r-- 1 root root 66680 2023-02-15 03:10 ./patches/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2023-02-15 03:10 ./patches/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 90442 2023-02-15 03:10 ./patches/FILE_LIST --rw-r--r-- 1 root root 11960187 2023-02-15 03:10 ./patches/MANIFEST.bz2 --rw-r--r-- 1 root root 47976 2023-02-15 03:10 ./patches/PACKAGES.TXT -drwxr-xr-x 3 root root 20480 2023-02-15 03:10 ./patches/packages +drwxr-xr-x 4 root root 4096 2023-02-15 19:53 ./patches +-rw-r--r-- 1 root root 66680 2023-02-15 19:53 ./patches/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2023-02-15 19:53 ./patches/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 90442 2023-02-15 19:53 ./patches/FILE_LIST +-rw-r--r-- 1 root root 11966722 2023-02-15 19:53 ./patches/MANIFEST.bz2 +-rw-r--r-- 1 root root 47976 2023-02-15 19:53 ./patches/PACKAGES.TXT +drwxr-xr-x 3 root root 20480 2023-02-15 19:53 ./patches/packages -rw-r--r-- 1 root root 327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt -rw-r--r-- 1 root root 10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz -rw-r--r-- 1 root root 163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc @@ -772,9 +772,9 @@ drwxr-xr-x 3 root root 20480 2023-02-15 03:10 ./patches/packages -rw-r--r-- 1 root root 642 2022-09-21 19:13 ./patches/packages/cups-2.4.2-x86_64-3_slack15.0.txt -rw-r--r-- 1 root root 1589324 2022-09-21 19:13 ./patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz -rw-r--r-- 1 root root 163 2022-09-21 19:13 ./patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz.asc --rw-r--r-- 1 root root 552 2022-12-21 19:03 ./patches/packages/curl-7.87.0-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 1331096 2022-12-21 19:03 ./patches/packages/curl-7.87.0-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2022-12-21 19:03 ./patches/packages/curl-7.87.0-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 552 2023-02-15 19:17 ./patches/packages/curl-7.88.0-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 1336424 2023-02-15 19:17 ./patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2023-02-15 19:17 ./patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 373 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 993108 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz.asc @@ -796,9 +796,9 @@ drwxr-xr-x 3 root root 20480 2023-02-15 03:10 ./patches/packages -rw-r--r-- 1 root root 278 2022-11-17 19:39 ./patches/packages/freerdp-2.9.0-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 1649516 2022-11-17 19:39 ./patches/packages/freerdp-2.9.0-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-11-17 19:39 ./patches/packages/freerdp-2.9.0-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 397 2023-01-18 06:04 ./patches/packages/git-2.35.6-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 6652332 2023-01-18 06:04 ./patches/packages/git-2.35.6-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2023-01-18 06:04 ./patches/packages/git-2.35.6-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 397 2023-02-15 19:29 ./patches/packages/git-2.35.7-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 6653480 2023-02-15 19:29 ./patches/packages/git-2.35.7-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2023-02-15 19:29 ./patches/packages/git-2.35.7-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 503 2022-12-05 20:52 ./patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txt -rw-r--r-- 1 root root 204900 2022-12-05 20:52 ./patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-12-05 20:52 ./patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txz.asc @@ -974,7 +974,7 @@ drwxr-xr-x 2 root root 4096 2022-11-29 21:00 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 388 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 105356 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz.asc -drwxr-xr-x 68 root root 4096 2023-02-15 00:42 ./patches/source +drwxr-xr-x 68 root root 4096 2023-02-15 19:45 ./patches/source drwxr-xr-x 2 root root 4096 2022-01-16 05:07 ./patches/source/aaa_base -rw-r--r-- 1 root root 11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz -rwxr-xr-x 1 root root 3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild @@ -1057,9 +1057,9 @@ drwxr-xr-x 2 root root 4096 2022-09-21 19:12 ./patches/source/cups -rw-r--r-- 1 root root 46 2021-06-29 19:51 ./patches/source/cups/cups.url -rw-r--r-- 1 root root 454 2021-04-26 18:11 ./patches/source/cups/doinst.sh.gz -rw-r--r-- 1 root root 1094 2018-11-29 19:15 ./patches/source/cups/slack-desc -drwxr-xr-x 2 root root 4096 2022-12-21 19:00 ./patches/source/curl --rw-r--r-- 1 root root 2547932 2022-12-21 07:06 ./patches/source/curl/curl-7.87.0.tar.xz --rw-r--r-- 1 root root 488 2022-12-21 07:06 ./patches/source/curl/curl-7.87.0.tar.xz.asc +drwxr-xr-x 2 root root 4096 2023-02-15 19:16 ./patches/source/curl +-rw-r--r-- 1 root root 2571564 2023-02-15 07:21 ./patches/source/curl/curl-7.88.0.tar.xz +-rw-r--r-- 1 root root 488 2023-02-15 07:21 ./patches/source/curl/curl-7.88.0.tar.xz.asc -rwxr-xr-x 1 root root 4861 2022-04-27 18:34 ./patches/source/curl/curl.SlackBuild -rw-r--r-- 1 root root 30 2018-04-20 16:49 ./patches/source/curl/curl.url -rw-r--r-- 1 root root 1004 2019-02-06 21:57 ./patches/source/curl/slack-desc @@ -1114,9 +1114,9 @@ drwxr-xr-x 2 root root 4096 2022-11-17 19:38 ./patches/source/freerdp -rwxr-xr-x 1 root root 4654 2022-10-13 01:12 ./patches/source/freerdp/freerdp.SlackBuild -rw-r--r-- 1 root root 34 2021-09-23 18:07 ./patches/source/freerdp/freerdp.url -rw-r--r-- 1 root root 765 2021-09-23 18:18 ./patches/source/freerdp/slack-desc -drwxr-xr-x 2 root root 4096 2023-01-17 20:50 ./patches/source/git --rw-r--r-- 1 root root 566 2023-01-17 18:00 ./patches/source/git/git-2.35.6.tar.sign --rw-r--r-- 1 root root 6882860 2023-01-17 18:00 ./patches/source/git/git-2.35.6.tar.xz +drwxr-xr-x 2 root root 4096 2023-02-15 19:23 ./patches/source/git +-rw-r--r-- 1 root root 566 2023-02-14 17:54 ./patches/source/git/git-2.35.7.tar.sign +-rw-r--r-- 1 root root 6884912 2023-02-14 17:54 ./patches/source/git/git-2.35.7.tar.xz -rwxr-xr-x 1 root root 5491 2022-04-14 20:18 ./patches/source/git/git.SlackBuild -rw-r--r-- 1 root root 45 2015-09-01 20:04 ./patches/source/git/git.url -rw-r--r-- 1 root root 848 2018-02-27 06:13 ./patches/source/git/slack-desc diff --git a/extra/source/php80/fetch-php.sh b/extra/source/php80/fetch-php.sh index 180ebf3dd..5e16b0399 100755 --- a/extra/source/php80/fetch-php.sh +++ b/extra/source/php80/fetch-php.sh @@ -1,2 +1,2 @@ -lftpget http://us.php.net/distributions/php-8.0.27.tar.xz.asc -lftpget http://us.php.net/distributions/php-8.0.27.tar.xz +lftpget http://us.php.net/distributions/php-8.0.28.tar.xz.asc +lftpget http://us.php.net/distributions/php-8.0.28.tar.xz diff --git a/extra/source/php81/fetch-php.sh b/extra/source/php81/fetch-php.sh index 85ab582c3..7c534a3c4 100755 --- a/extra/source/php81/fetch-php.sh +++ b/extra/source/php81/fetch-php.sh @@ -1,2 +1,2 @@ -lftpget http://us.php.net/distributions/php-8.1.14.tar.xz.asc -lftpget http://us.php.net/distributions/php-8.1.14.tar.xz +lftpget http://us.php.net/distributions/php-8.1.16.tar.xz.asc +lftpget http://us.php.net/distributions/php-8.1.16.tar.xz diff --git a/patches/packages/curl-7.87.0-x86_64-1_slack15.0.txt b/patches/packages/curl-7.88.0-x86_64-1_slack15.0.txt index 54c4e875d..54c4e875d 100644 --- a/patches/packages/curl-7.87.0-x86_64-1_slack15.0.txt +++ b/patches/packages/curl-7.88.0-x86_64-1_slack15.0.txt diff --git a/patches/packages/git-2.35.6-x86_64-1_slack15.0.txt b/patches/packages/git-2.35.7-x86_64-1_slack15.0.txt index 059a95baf..059a95baf 100644 --- a/patches/packages/git-2.35.6-x86_64-1_slack15.0.txt +++ b/patches/packages/git-2.35.7-x86_64-1_slack15.0.txt |