Thu Mar 17 19:46:28 UTC 202220220317194628_15.0

patches/packages/bind-9.18.1-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and the following security issues:
  An assertion could occur in resume_dslookup() if the fetch had been shut
  down earlier.
  Lookups involving a DNAME could trigger an INSIST when "synth-from-dnssec"
  was enabled.
  A synchronous call to closehandle_cb() caused isc__nm_process_sock_buffer()
  to be called recursively, which in turn left TCP connections hanging in the
  CLOSE_WAIT state blocking indefinitely when out-of-order processing was
  disabled.
  The rules for acceptance of records into the cache have been tightened to
  prevent the possibility of poisoning if forwarders send records outside
  the configured bailiwick.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0667
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0635
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220
  (* Security fix *)
patches/packages/bluez-5.64-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release:
  Fix issue with handling A2DP discover procedure.
  Fix issue with media endpoint replies and SetConfiguration.
  Fix issue with HoG queuing events before report map is read.
  Fix issue with HoG and read order of GATT attributes.
  Fix issue with HoG and not using UHID_CREATE2 interface.
  Fix issue with failed scanning for 5 minutes after reboot.
patches/packages/openssl-1.1.1n-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a high severity security issue:
  The BN_mod_sqrt() function, which computes a modular square root, contains
  a bug that can cause it to loop forever for non-prime moduli.
  For more information, see:
    https://www.openssl.org/news/secadv/20220315.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1n-x86_64-1_slack15.0.txz:  Upgraded.
patches/packages/qt5-5.15.3_20220312_33a3f16f-x86_64-1_slack15.0.txz:  Upgraded.
  Thanks to Heinz Wiesinger for updating the fetch_sources.sh script to make
  sure that the QtWebEngine version matches the rest of Qt, which got the
  latest git pull compiling again.
  If a 32-bit userspace is detected, then:
  export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
  This works around crashes occuring with 32-bit QtWebEngine applications.
  Thanks to alienBOB.

1 files changed, 180 insertions, 0 deletions

diff --git a/patches/source/bind/bind.SlackBuild b/patches/source/bind/bind.SlackBuild
new file mode 100755
index 000000000..7884f1831
--- /dev/null
+++ b/patches/source/bind/bind.SlackBuild
@@ -0,0 +1,180 @@
+#!/bin/bash
+
+# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020, 2021  Patrick J. Volkerding, Sebeka, MN, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=bind
+VERSION=${VERSION:-$(echo ${PKGNAM}-[0-9]*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1_slack15.0}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) export ARCH=i586 ;;
+    arm*) export ARCH=arm ;;
+    # Unless $ARCH is already set, use uname -m for all other archs:
+       *) export ARCH=$( uname -m ) ;;
+  esac
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PKGNAM-$(echo $VERSION | tr - _)-$ARCH-$BUILD.txz"
+  exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-${PKGNAM}
+rm -rf $PKG
+mkdir -p $TMP $PKG/etc/default
+
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+fi
+
+cd $TMP
+rm -rf ${PKGNAM}-${VERSION}
+tar xvf $CWD/${PKGNAM}-$VERSION.tar.?z || exit 1
+cd ${PKGNAM}-$VERSION || exit 1
+
+# Make sure ownerships and permissions are sane:
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+# Detect krb5:
+if ls /lib*/libgssapi_krb5* 1> /dev/null 2> /dev/null ; then
+  GSSAPI=" --with-gssapi "
+else
+  GSSAPI=" "
+fi
+
+# Configure:
+CFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --with-libtool \
+  --with-libidn2 \
+  --with-python=/usr/bin/python3 \
+  --mandir=/usr/man \
+  --enable-shared \
+  --disable-static \
+  --with-openssl=/usr \
+  $GSSAPI \
+  --build=$ARCH-slackware-linux || exit 1
+
+# Build and install:
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+# These probably were not supposed to be installed:
+find . -name .deps -exec rm -rf "{}" \;
+find . -name .libs -exec rm -rf "{}" \;
+
+# We like symlinks.
+( cd $PKG/usr/sbin
+  ln -sf named lwresd
+)
+
+# We like a lot of symlinks.
+if [ -d $PKG/usr/man/man3 ]; then
+  ( cd $PKG/usr/man/man3
+    sh $CWD/3link.sh
+  )
+fi
+
+# Install init script:
+mkdir -p $PKG/etc/rc.d
+cp -a $CWD/rc.bind $PKG/etc/rc.d/rc.bind.new
+chmod 644 $PKG/etc/rc.d/rc.bind.new
+
+# Install default options file for named:
+cat $CWD/default.named > $PKG/etc/default/named.new
+
+# Fix library perms:
+chmod 755 $PKG/usr/lib${LIBDIRSUFFIX}/*
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
+  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Compress manual pages:
+find $PKG/usr/man -type f -exec gzip -9 {} \+
+for i in $( find $PKG/usr/man -type l ) ; do
+  ln -s $( readlink $i ).gz $i.gz
+  rm $i
+done
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
+cp -a \
+  CHANGES COPYRIGHT FAQ* README* \
+  doc/arm doc/misc \
+  $PKG/usr/doc/${PKGNAM}-$VERSION 
+
+# This one should have the correct perms of the config file:
+if [ -r $PKG/usr/doc/${PKGNAM}-$VERSION/misc/rndc.conf-sample ]; then
+  chmod 644 $PKG/usr/doc/${PKGNAM}-$VERSION/misc/rndc.conf-sample
+fi
+
+# One format of this is plenty.  Especially get rid of the bloated PDF.
+( cd $PKG/usr/doc/bind-$VERSION/arm
+  rm -f Makefile* *.pdf *.xml README.SGML latex-fixup.pl
+)
+
+# Add sample config files for a simple caching nameserver:
+mkdir -p $PKG/var/named/caching-example
+cat $CWD/caching-example/named.conf > $PKG/etc/named.conf.new
+cat $CWD/caching-example/localhost.zone > $PKG/var/named/caching-example/localhost.zone
+cat $CWD/caching-example/named.local > $PKG/var/named/caching-example/named.local
+cat $CWD/caching-example/named.root > $PKG/var/named/caching-example/named.root
+# This name is deprecated, but having it here doesn't hurt in case
+# an old configuration file wants it:
+cat $CWD/caching-example/named.root > $PKG/var/named/caching-example/named.ca
+
+mkdir -p $PKG/install
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$(echo $VERSION | tr - _)-$ARCH-$BUILD.txz
+