diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2023-08-04 20:17:36 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2023-08-05 13:30:38 +0200 |
| commit | 79e6c8efb811e73296062977a5f840c4c7cb0f1c (patch) | |
| tree | d2bc8c1db1ae29eaffc32f50c61ba7a82b55955c /patches | |
| parent | af3a1b13c3fc7185876bb746f520dcae15c94c8e (diff) | |
| download | current-79e6c8efb811e73296062977a5f840c4c7cb0f1c.tar.gz current-79e6c8efb811e73296062977a5f840c4c7cb0f1c.tar.xz | |
Fri Aug 4 20:17:36 UTC 202320230804201736_15.0
extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
loading in XML without enabling it).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-3823
(* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz: Upgraded.
Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz: Added.
We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
https://www.cve.org/CVERecord?id=CVE-2023-4045
https://www.cve.org/CVERecord?id=CVE-2023-4046
https://www.cve.org/CVERecord?id=CVE-2023-4047
https://www.cve.org/CVERecord?id=CVE-2023-4048
https://www.cve.org/CVERecord?id=CVE-2023-4049
https://www.cve.org/CVERecord?id=CVE-2023-4050
https://www.cve.org/CVERecord?id=CVE-2023-4052
https://www.cve.org/CVERecord?id=CVE-2023-4054
https://www.cve.org/CVERecord?id=CVE-2023-4055
https://www.cve.org/CVERecord?id=CVE-2023-4056
https://www.cve.org/CVERecord?id=CVE-2023-4057
(* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz: Upgraded.
PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
branch because Windows has made changes that break Samba 4.15.x. The last
4.15.x will be retained in /pasture as a fallback. There may be some
required configuration changes with this, but we've kept using MIT Kerberos
to try to have the behavior change as little as possible. Upgrade carefully.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.html
https://www.samba.org/samba/security/CVE-2023-3347.html
https://www.samba.org/samba/security/CVE-2023-34966.html
https://www.samba.org/samba/security/CVE-2023-34967.html
https://www.samba.org/samba/security/CVE-2023-34968.html
https://www.cve.org/CVERecord?id=CVE-2022-2127
https://www.cve.org/CVERecord?id=CVE-2023-3347
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://www.cve.org/CVERecord?id=CVE-2023-34967
https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
Diffstat (limited to 'patches')
| -rw-r--r-- | patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txt (renamed from patches/packages/mozilla-firefox-102.13.0esr-x86_64-1_slack15.0.txt) | 0 | ||||
| -rw-r--r-- | patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txt (renamed from patches/packages/mozilla-thunderbird-102.13.1-x86_64-1_slack15.0.txt) | 0 | ||||
| -rw-r--r-- | patches/packages/samba-4.18.5-x86_64-1_slack15.0.txt (renamed from patches/packages/samba-4.15.13-x86_64-1_slack15.0.txt) | 0 | ||||
| -rwxr-xr-x | patches/source/mozilla-firefox/build-deps.sh | 12 | ||||
| -rwxr-xr-x | patches/source/mozilla-firefox/mozilla-firefox.SlackBuild | 47 | ||||
| -rw-r--r-- | patches/source/mozilla-thunderbird/arc4random_buf.glibc-2.36.diff | 18 | ||||
| -rwxr-xr-x | patches/source/mozilla-thunderbird/mozilla-thunderbird.SlackBuild | 23 | ||||
| -rwxr-xr-x | patches/source/samba/samba.SlackBuild | 25 | ||||
| -rw-r--r-- | patches/source/samba/samba.url | 4 |
9 files changed, 50 insertions, 79 deletions
diff --git a/patches/packages/mozilla-firefox-102.13.0esr-x86_64-1_slack15.0.txt b/patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txt index 9d8594319..9d8594319 100644 --- a/patches/packages/mozilla-firefox-102.13.0esr-x86_64-1_slack15.0.txt +++ b/patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txt diff --git a/patches/packages/mozilla-thunderbird-102.13.1-x86_64-1_slack15.0.txt b/patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txt index 5acb7b92e..5acb7b92e 100644 --- a/patches/packages/mozilla-thunderbird-102.13.1-x86_64-1_slack15.0.txt +++ b/patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txt diff --git a/patches/packages/samba-4.15.13-x86_64-1_slack15.0.txt b/patches/packages/samba-4.18.5-x86_64-1_slack15.0.txt index e1800f156..e1800f156 100644 --- a/patches/packages/samba-4.15.13-x86_64-1_slack15.0.txt +++ b/patches/packages/samba-4.18.5-x86_64-1_slack15.0.txt diff --git a/patches/source/mozilla-firefox/build-deps.sh b/patches/source/mozilla-firefox/build-deps.sh index af9d440e2..4cec5c9a1 100755 --- a/patches/source/mozilla-firefox/build-deps.sh +++ b/patches/source/mozilla-firefox/build-deps.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2019 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2019, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -29,13 +29,17 @@ chmod 700 $TMP/mozilla-firefox-build-deps PATH=$TMP/mozilla-firefox-build-deps/usr/bin:$HOME/.cargo/bin:$PATH # cbindgen is a build-time dependency: -( cd $CWD/build-deps/cbindgen ; ./cbindgen.build ) || exit 1 +if [ ! -x /usr/bin/cbindgen ]; then + ( cd $CWD/build-deps/cbindgen ; ./cbindgen.build ) || exit 1 +fi if /bin/ls build-deps*.txz 1> /dev/null 2> /dev/null ; then # use prebuilt autoconf/nodejs ( cd $TMP/mozilla-firefox-build-deps ; tar xf $CWD/build-deps*.txz ) else # We need to use the incredibly ancient autoconf-2.13 for this :/ ( cd $CWD/build-deps/autoconf ; ./autoconf.build ) || exit 1 - # And node.js... WHY - ( cd $CWD/build-deps/nodejs ; ./nodejs.build ) || exit 1 + # And node.js... + if [ ! -x /usr/bin/node ]; then + ( cd $CWD/build-deps/nodejs ; ./nodejs.build ) || exit 1 + fi fi diff --git a/patches/source/mozilla-firefox/mozilla-firefox.SlackBuild b/patches/source/mozilla-firefox/mozilla-firefox.SlackBuild index 5cad8cc89..cbf1fb9e4 100755 --- a/patches/source/mozilla-firefox/mozilla-firefox.SlackBuild +++ b/patches/source/mozilla-firefox/mozilla-firefox.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020, 2021 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020, 2021, 2022, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -189,7 +189,8 @@ rm -rf firefox-$RELEASEVER rm -rf firefox-unpack mkdir firefox-unpack cd firefox-unpack -tar xvf $CWD/firefox-$VERSION.source.tar.?z || exit 1 +echo "Extracting $CWD/firefox-$VERSION.source.tar.?z..." +tar xf $CWD/firefox-$VERSION.source.tar.?z || exit 1 mv * .. cd .. rm -rf firefox-unpack @@ -234,7 +235,6 @@ OPTIONS="\ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --with-system-zlib \ - --with-system-nspr \ --with-unsigned-addon-scopes=app,system \ --without-wasm-sandboxed-libraries \ --allow-addon-sideload \ @@ -345,38 +345,25 @@ rm -rf $PKG/usr/lib${LIBDIRSUFFIX}/firefox-devel-$RELEASEVER # Nor these: rm -rf $PKG/usr/include -( cd $PKG/usr/lib${LIBDIRSUFFIX}/firefox-$RELEASEVER - #mv defaults/profile/mimeTypes.rdf defaults/profile/mimeTypes.rdf.orig || exit 1 - if [ -d defaults/profile ]; then - zcat $CWD/mimeTypes.rdf > defaults/profile/mimeTypes.rdf || exit 1 - fi - # OK, this patch is useless on 7.x. We'll float without it and see what happens. - # Perhaps it won't make a difference or should be worked around elsewhere. - #zcat $CWD/firefox.moz_plugin_path.diff.gz \ - # | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" \ - # | patch -p1 --verbose --backup --suffix=.orig || exit 1 - # Clean up if the above patch was successful: - #rm -f firefox.orig -) || exit +# 2022-12, COMMENTING OUT AS OBSOLETE +#( cd $PKG/usr/lib${LIBDIRSUFFIX}/firefox +# #mv defaults/profile/mimeTypes.rdf defaults/profile/mimeTypes.rdf.orig || exit 1 +# if [ -d defaults/profile ]; then +# zcat $CWD/mimeTypes.rdf > defaults/profile/mimeTypes.rdf || exit 1 +# fi +# # OK, this patch is useless on 7.x. We'll float without it and see what happens. +# # Perhaps it won't make a difference or should be worked around elsewhere. +# #zcat $CWD/firefox.moz_plugin_path.diff.gz \ +# # | sed -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" \ +# # | patch -p1 --verbose --backup --suffix=.orig || exit 1 +# # Clean up if the above patch was successful: +# #rm -f firefox.orig +#) || exit mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/mozilla/plugins mkdir -p $PKG/usr/share/applications cat $CWD/mozilla-firefox.desktop > $PKG/usr/share/applications/mozilla-firefox.desktop -# These files/directories are usually created if Firefox is run as root, -# which on many systems might (and possibly should) be never. Therefore, if we -# don't see them we'll put stubs in place to prevent startup errors. -( cd $PKG/usr/lib${LIBDIRSUFFIX}/firefox-$RELEASEVER - if [ -d extensions/talkback\@mozilla.org ]; then - if [ ! -r extensions/talkback\@mozilla.org/chrome.manifest ]; then - echo > extensions/talkback\@mozilla.org/chrome.manifest - fi - fi - if [ ! -d updates ]; then - mkdir -p updates/0 - fi -) - # Need some default icons in the right place: for i in 16 22 24 32 48 256; do install -m 0644 -D browser/branding/official/default${i}.png \ diff --git a/patches/source/mozilla-thunderbird/arc4random_buf.glibc-2.36.diff b/patches/source/mozilla-thunderbird/arc4random_buf.glibc-2.36.diff deleted file mode 100644 index d4131c0a2..000000000 --- a/patches/source/mozilla-thunderbird/arc4random_buf.glibc-2.36.diff +++ /dev/null @@ -1,18 +0,0 @@ ---- ./ipc/chromium/src/third_party/libevent/arc4random.c.orig 2022-08-04 14:57:57.000000000 -0500 -+++ ./ipc/chromium/src/third_party/libevent/arc4random.c 2022-08-06 14:40:21.569033657 -0500 -@@ -484,6 +484,7 @@ - } - #endif - -+#if 0 - ARC4RANDOM_EXPORT void - arc4random_buf(void *buf_, size_t n) - { -@@ -497,6 +498,7 @@ - } - ARC4_UNLOCK_(); - } -+#endif - - #ifndef ARC4RANDOM_NOUNIFORM - /* diff --git a/patches/source/mozilla-thunderbird/mozilla-thunderbird.SlackBuild b/patches/source/mozilla-thunderbird/mozilla-thunderbird.SlackBuild index 4039ae9fc..adf013765 100755 --- a/patches/source/mozilla-thunderbird/mozilla-thunderbird.SlackBuild +++ b/patches/source/mozilla-thunderbird/mozilla-thunderbird.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2011, 2012, 2014, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2008, 2009, 2010, 2011, 2012, 2014, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -157,7 +157,8 @@ rm -rf thunderbird-$RELEASEVER rm -rf thunderbird-unpack mkdir thunderbird-unpack cd thunderbird-unpack -tar xvf $CWD/thunderbird-$VERSION.source.tar.?z || exit 1 +echo "Extracting $CWD/thunderbird-$VERSION.source.tar.?z..." +tar xf $CWD/thunderbird-$VERSION.source.tar.?z || exit 1 mv * .. cd .. rm -rf thunderbird-unpack @@ -177,9 +178,6 @@ if [ "$ARCH" = "i686" -a "$CC" = "gcc" ]; then zcat $CWD/double_t.x86.diff.gz | patch -p1 --verbose || exit 1 fi -## Don't define a function that's included starting in glibc-2.36: -#zcat $CWD/arc4random_buf.glibc-2.36.diff.gz | patch -p1 --verbose || exit 1 - # Fetch localization, if requested: if [ ! -z $MOZLOCALIZE ]; then LOC_TAG="THUNDERBIRD_$( echo $VERSION | tr \. _ )_RELEASE" @@ -210,7 +208,6 @@ OPTIONS="\ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --with-system-zlib \ - --with-system-nspr \ --enable-alsa \ --with-unsigned-addon-scopes=app,system \ --without-wasm-sandboxed-libraries \ @@ -316,20 +313,6 @@ mkdir -p $PKG/usr/share/pixmaps # Symlinked below. #cat $CWD/thunderbird.png > $PKG/usr/share/pixmaps/thunderbird.png -# These files/directories are usually created if Thunderbird is run as root, -# which on many systems might (and possibly should) be never. Therefore, if we -# don't see them we'll put stubs in place to prevent startup errors. -( cd $PKG/usr/lib${LIBDIRSUFFIX}/thunderbird-$RELEASEVER - if [ -d extensions/talkback\@mozilla.org ]; then - if [ ! -r extensions/talkback\@mozilla.org/chrome.manifest ]; then - echo > extensions/talkback\@mozilla.org/chrome.manifest - fi - fi - if [ ! -d updates ]; then - mkdir -p updates/0 - fi -) - # Need some default icons in the right place: for i in 16 22 24 32 48 256; do install -m 0644 -D comm/mail/branding/thunderbird/default${i}.png \ diff --git a/patches/source/samba/samba.SlackBuild b/patches/source/samba/samba.SlackBuild index f5085c02b..821de6817 100755 --- a/patches/source/samba/samba.SlackBuild +++ b/patches/source/samba/samba.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2008, 2009, 2010, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -28,6 +28,19 @@ PKGNAM=samba VERSION=${VERSION:-$(echo samba-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} BUILD=${BUILD:-1_slack15.0} +# This option may be set to "heimdal" or "mit". +# Upstream considers the use of MIT Kerberos for provisioning an AD DC +# to be experimental (for now), and recommends using the bundled Heimdal. +# Set here to MIT, since Slackware 15.0 shipped using that option. +KERBEROS=${KERBEROS:-mit} + +if [ "$KERBEROS" = "mit" ]; then + KERB_OPTIONS="--with-system-mitkrb5 --with-experimental-mit-ad-dc" +elif [ "$KERBEROS" = "heimdal" ]; then + # Please note that this perl module will be required: https://metacpan.org/pod/JSON + KERB_OPTIONS="--bundled-libraries=heimdal" +fi + if [ -e $CWD/machine.conf ]; then . $CWD/machine.conf ] elif [ -e /etc/slackbuild/machine.conf ]; then @@ -102,7 +115,7 @@ find . \ # Choose correct options depending on whether PAM is installed: if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then - PAM_OPTIONS="--with-pam --with-pammodulesdir=/lib${LIBDIRSUFFIX}/security --with-system-mitkrb5 --with-experimental-mit-ad-dc" + PAM_OPTIONS="--with-pam --with-pammodulesdir=/lib${LIBDIRSUFFIX}/security" unset SHADOW_OPTIONS else unset PAM_OPTIONS @@ -143,16 +156,16 @@ CFLAGS="$SLKCFLAGS" \ --with-ldap \ --with-ads \ --without-fam \ + $KERB_OPTIONS \ $PAM_OPTIONS \ $SHADOW_OPTIONS \ --build=$TARGET || exit 1 # Gives errors: #--builtin-libraries=replace,ccan \ - #--bundled-libraries=heimdal \ # Build with waf directly so that multiple jobs work. # Script lifted from "./configure". -PREVPATH=`dirname $0` +PREVPATH=$(dirname $0) WAF=./buildtools/bin/waf # using JOBS=1 gives maximum compatibility with # systems like AIX which have broken threading in python @@ -160,6 +173,9 @@ JOBS=$(echo $NUMJOBS | tr -dc '0-9') export JOBS # Make sure we don't have any library preloaded. unset LD_PRELOAD +# Make sure we get stable hashes +PYTHONHASHSEED=1 +export PYTHONHASHSEED cd . || exit 1 ${PYTHON:=python3} $WAF build "$@" || exit 1 cd $PREVPATH @@ -240,4 +256,3 @@ EOF cd $PKG /sbin/makepkg -l y -c n $TMP/samba-$VERSION-$ARCH-$BUILD.txz - diff --git a/patches/source/samba/samba.url b/patches/source/samba/samba.url index cbd5b0980..997f3a46b 100644 --- a/patches/source/samba/samba.url +++ b/patches/source/samba/samba.url @@ -1,2 +1,2 @@ -https://download.samba.org/pub/samba/stable/samba-4.15.13.tar.gz -https://download.samba.org/pub/samba/stable/samba-4.15.13.tar.asc +https://download.samba.org/pub/samba/stable/samba-4.18.5.tar.gz +https://download.samba.org/pub/samba/stable/samba-4.18.5.tar.asc |