Thu Oct 26 19:55:16 UTC 202320231026195516

a/kernel-firmware-20231024_4ee0175-noarch-1.txz:  Upgraded.
a/kernel-generic-6.1.60-x86_64-1.txz:  Upgraded.
a/kernel-huge-6.1.60-x86_64-1.txz:  Upgraded.
a/kernel-modules-6.1.60-x86_64-1.txz:  Upgraded.
a/shadow-4.14.1-x86_64-1.txz:  Upgraded.
d/kernel-headers-6.1.60-x86-1.txz:  Upgraded.
k/kernel-source-6.1.60-noarch-1.txz:  Upgraded.
  Hey folks, if you've been following LQ you know I've talked before about
  dropping the huge kernel and moving the distribution to use only the generic
  kernel plus an initrd. After mulling this over for a few months, I think I
  was looking at the problem in the wrong way. First of all, it's clear that
  some Slackware users have been using the huge kernel all along, without an
  initrd, and are (to say the least) unhappy about the prospect of a new
  requirement to start using one. I've been recommending the generic kernel for
  some time, and a major reason is that we've been using the same set of kernel
  modules with two slightly different kernels. Because of this, there have
  always been a few (generally seldom used) kernel modules that won't load into
  the huge kernel. These are things that aren't built into the huge kernel, but
  because of a difference in some kernel module dependency, they won't load.
  The conclusion that I've come to here is that rather than drop the huge
  kernel, or slap a LOCALVERSION on it and provide a whole duplicate tree of
  kernel modules especially for the huge kernel, it would be better to make the
  generic kernel more huge, and minimize the differences between the two kernel
  configs.
  That's what I've done here.
  Shown below are the differences between the previous generic kernel config
  and the one shipping in this update. You'll notice that most of the popular
  filesystems are built in. At this point the main difference it that the huge
  kernel has a couple of dozen SCSI drivers built into it. The modules for those
  drivers won't load into the huge kernel, but they're fully built in so that
  doesn't matter. If you find any other modules that will not load into the huge
  kernel, please make a note about it on LQ and I'll see what can be done.
  So, tl;dr - what does this change mean?
  Unless your root device is on SCSI, if you were able to use the huge kernel
  without an initrd previously, you should now be able to use the generic
  kernel without an initrd. The kernel is a bit bigger, but we probably have
  enough RAM these days that it won't make a difference.
  Enjoy! :-)
  -CIFS_SMB_DIRECT n
   9P_FS m -> y
   9P_FSCACHE n -> y
   BTRFS_FS m -> y
   CIFS m -> y
   CRYPTO_CMAC m -> y
   CRYPTO_CRC32 m -> y
   CRYPTO_XXHASH m -> y
   CRYPTO_ZSTD m -> y
   EFIVAR_FS m -> y
   EXFAT_FS m -> y
   EXT2_FS m -> y
   EXT3_FS m -> y
   EXT4_FS m -> y
   F2FS_FS m -> y
   FAILOVER m -> y
   FAT_FS m -> y
   FSCACHE m -> y
   FS_ENCRYPTION_ALGS m -> y
   FS_MBCACHE m -> y
   HW_RANDOM_VIRTIO m -> y
   ISO9660_FS m -> y
   JBD2 m -> y
   JFS_FS m -> y
   LZ4HC_COMPRESS m -> y
   LZ4_COMPRESS m -> y
   MSDOS_FS m -> y
   NETFS_SUPPORT m -> y
   NET_9P m -> y
   NET_9P_FD m -> y
   NET_9P_VIRTIO m -> y
   NET_FAILOVER m -> y
   NFSD m -> y
   NLS_CODEPAGE_437 m -> y
   NTFS3_FS m -> y
   NTFS_FS m -> y
   PSTORE_LZ4_COMPRESS n -> m
   PSTORE_LZO_COMPRESS n -> m
   PSTORE_ZSTD_COMPRESS n -> y
   QFMT_V2 m -> y
   QUOTA_TREE m -> y
   REISERFS_FS m -> y
   RPCSEC_GSS_KRB5 m -> y
   SMBFS m -> y
   SQUASHFS m -> y
   UDF_FS m -> y
   VFAT_FS m -> y
   VIRTIO_BALLOON m -> y
   VIRTIO_BLK m -> y
   VIRTIO_CONSOLE m -> y
   VIRTIO_INPUT m -> y
   VIRTIO_MMIO m -> y
   VIRTIO_NET m -> y
   VIRTIO_PCI m -> y
   VIRTIO_PCI_LIB m -> y
   VIRTIO_PCI_LIB_LEGACY m -> y
   VIRTIO_PMEM m -> y
   XFS_FS m -> y
   ZONEFS_FS n -> m
   ZSTD_COMPRESS m -> y
  +NFS_FSCACHE y
  +PSTORE_LZ4_COMPRESS_DEFAULT n
  +PSTORE_LZO_COMPRESS_DEFAULT n
  +PSTORE_ZSTD_COMPRESS_DEFAULT n
kde/plasma-workspace-5.27.9.1-x86_64-1.txz:  Upgraded.
l/glib2-2.78.1-x86_64-1.txz:  Upgraded.
l/netpbm-11.04.03-x86_64-1.txz:  Upgraded.
l/newt-0.52.24-x86_64-1.txz:  Upgraded.
n/gpgme-1.23.0-x86_64-1.txz:  Upgraded.
n/p11-kit-0.25.1-x86_64-1.txz:  Upgraded.
n/php-8.2.12-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.2.12
x/xorg-server-21.1.9-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  Use-after-free bug in DestroyWindow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
    https://www.cve.org/CVERecord?id=CVE-2023-5380
  (* Security fix *)
x/xorg-server-xephyr-21.1.9-x86_64-1.txz:  Upgraded.
x/xorg-server-xnest-21.1.9-x86_64-1.txz:  Upgraded.
x/xorg-server-xvfb-21.1.9-x86_64-1.txz:  Upgraded.
x/xorg-server-xwayland-23.2.2-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
  (* Security fix *)
xap/mozilla-thunderbird-115.4.1-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
    https://www.cve.org/CVERecord?id=CVE-2023-5721
    https://www.cve.org/CVERecord?id=CVE-2023-5732
    https://www.cve.org/CVERecord?id=CVE-2023-5724
    https://www.cve.org/CVERecord?id=CVE-2023-5725
    https://www.cve.org/CVERecord?id=CVE-2023-5726
    https://www.cve.org/CVERecord?id=CVE-2023-5727
    https://www.cve.org/CVERecord?id=CVE-2023-5728
    https://www.cve.org/CVERecord?id=CVE-2023-5730
  (* Security fix *)
xfce/thunar-4.18.8-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.

1 files changed, 321 insertions, 0 deletions

diff --git a/source/a/shadow/68a722760487d3537905d97d45e5fba189592022.patch b/source/a/shadow/68a722760487d3537905d97d45e5fba189592022.patch
new file mode 100644
index 000000000..3c4ce8342
--- /dev/null
+++ b/source/a/shadow/68a722760487d3537905d97d45e5fba189592022.patch
@@ -0,0 +1,321 @@
+From 68a722760487d3537905d97d45e5fba189592022 Mon Sep 17 00:00:00 2001
+From: Iker Pedrosa <ipedrosa@redhat.com>
+Date: Tue, 8 Aug 2023 16:01:41 +0200
+Subject: [PATCH] libmisc: add readpassphrase source code
+
+Remove libbsd dependency by including the source code of
+readpassphrase() in the project.
+
+Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
+---
+ configure.ac             |  17 +---
+ libmisc/Makefile.am      |   2 +
+ libmisc/readpassphrase.c | 198 +++++++++++++++++++++++++++++++++++++++
+ libmisc/readpassphrase.h |  45 +++++++++
+ 4 files changed, 246 insertions(+), 16 deletions(-)
+ create mode 100644 libmisc/readpassphrase.c
+ create mode 100644 libmisc/readpassphrase.h
+
+diff --git a/configure.ac b/configure.ac
+index d9cf73037..160719dd5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -45,7 +45,7 @@ AC_CHECK_HEADERS(crypt.h utmp.h \
+ dnl shadow now uses the libc's shadow implementation
+ AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
+ 
+-AC_CHECK_FUNCS(arc4random_buf futimes \
++AC_CHECK_FUNCS(arc4random_buf futimes readpassphrase \
+ 	getentropy getrandom getspnam getusershell \
+ 	initgroups lckpwdf lutimes mempcpy \
+ 	setgroups updwtmp updwtmpx innetgr \
+@@ -412,21 +412,6 @@ AC_SUBST(LIYESCRYPT)
+ AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
+ 	[AC_MSG_ERROR([crypt() not found])])
+ 
+-AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
+-	AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
+-])
+-AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
+-	PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
+-])
+-dnl Make sure either the libc or libbsd provide the header.
+-save_CFLAGS="$CFLAGS"
+-CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
+-AC_CHECK_HEADERS([readpassphrase.h])
+-AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
+-	AC_MSG_ERROR([readpassphrase.h is missing])
+-])
+-CFLAGS="$save_CFLAGS"
+-
+ AC_SUBST(LIBACL)
+ if test "$with_acl" != "no"; then
+ 	AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
+diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
+index b135447c9..90f1dec8e 100644
+--- a/libmisc/Makefile.am
++++ b/libmisc/Makefile.am
+@@ -64,6 +64,8 @@ libmisc_la_SOURCES = \
+ 	pwdcheck.c \
+ 	pwd_init.c \
+ 	csrand.c \
++	readpassphrase.h \
++	readpassphrase.c \
+ 	remove_tree.c \
+ 	rlogin.c \
+ 	root_flag.c \
+diff --git a/libmisc/readpassphrase.c b/libmisc/readpassphrase.c
+new file mode 100644
+index 000000000..5ff060cca
+--- /dev/null
++++ b/libmisc/readpassphrase.c
+@@ -0,0 +1,198 @@
++/*	$OpenBSD: readpassphrase.c,v 1.26 2016/10/18 12:47:18 millert Exp $	*/
++
++/*
++ * Copyright (c) 2000-2002, 2007, 2010
++ *	Todd C. Miller <Todd.Miller@courtesan.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ *
++ * Sponsored in part by the Defense Advanced Research Projects
++ * Agency (DARPA) and Air Force Research Laboratory, Air Force
++ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
++ */
++
++#include <ctype.h>
++#include <errno.h>
++#include <fcntl.h>
++#include <paths.h>
++#include <pwd.h>
++#include <signal.h>
++#include <string.h>
++#include <termios.h>
++#include <unistd.h>
++#include <readpassphrase.h>
++
++#ifndef TCSASOFT
++#define TCSASOFT 0
++#endif
++
++#ifndef _NSIG
++#if defined(NSIG)
++#define _NSIG NSIG
++#else
++/* The SIGRTMAX define might be set to a function such as sysconf(). */
++#define _NSIG (SIGRTMAX + 1)
++#endif
++#endif
++
++static volatile sig_atomic_t signo[_NSIG];
++
++static void handler(int);
++
++char *
++readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
++{
++	ssize_t nr;
++	int input, output, save_errno, i, need_restart;
++	char ch, *p, *end;
++	struct termios term, oterm;
++	struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
++	struct sigaction savetstp, savettin, savettou, savepipe;
++
++	/* I suppose we could alloc on demand in this case (XXX). */
++	if (bufsiz == 0) {
++		errno = EINVAL;
++		return(NULL);
++	}
++
++restart:
++	for (i = 0; i < _NSIG; i++)
++		signo[i] = 0;
++	nr = -1;
++	save_errno = 0;
++	need_restart = 0;
++	/*
++	 * Read and write to /dev/tty if available.  If not, read from
++	 * stdin and write to stderr unless a tty is required.
++	 */
++	if ((flags & RPP_STDIN) ||
++	    (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
++		if (flags & RPP_REQUIRE_TTY) {
++			errno = ENOTTY;
++			return(NULL);
++		}
++		input = STDIN_FILENO;
++		output = STDERR_FILENO;
++	}
++
++	/*
++	 * Turn off echo if possible.
++	 * If we are using a tty but are not the foreground pgrp this will
++	 * generate SIGTTOU, so do it *before* installing the signal handlers.
++	 */
++	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
++		memcpy(&term, &oterm, sizeof(term));
++		if (!(flags & RPP_ECHO_ON))
++			term.c_lflag &= ~(ECHO | ECHONL);
++#ifdef VSTATUS
++		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
++			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
++#endif
++		(void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
++	} else {
++		memset(&term, 0, sizeof(term));
++		term.c_lflag |= ECHO;
++		memset(&oterm, 0, sizeof(oterm));
++		oterm.c_lflag |= ECHO;
++	}
++
++	/*
++	 * Catch signals that would otherwise cause the user to end
++	 * up with echo turned off in the shell.  Don't worry about
++	 * things like SIGXCPU and SIGVTALRM for now.
++	 */
++	sigemptyset(&sa.sa_mask);
++	sa.sa_flags = 0;		/* don't restart system calls */
++	sa.sa_handler = handler;
++	(void)sigaction(SIGALRM, &sa, &savealrm);
++	(void)sigaction(SIGHUP, &sa, &savehup);
++	(void)sigaction(SIGINT, &sa, &saveint);
++	(void)sigaction(SIGPIPE, &sa, &savepipe);
++	(void)sigaction(SIGQUIT, &sa, &savequit);
++	(void)sigaction(SIGTERM, &sa, &saveterm);
++	(void)sigaction(SIGTSTP, &sa, &savetstp);
++	(void)sigaction(SIGTTIN, &sa, &savettin);
++	(void)sigaction(SIGTTOU, &sa, &savettou);
++
++	if (!(flags & RPP_STDIN))
++		(void)write(output, prompt, strlen(prompt));
++	end = buf + bufsiz - 1;
++	p = buf;
++	while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
++		if (p < end) {
++			if ((flags & RPP_SEVENBIT))
++				ch &= 0x7f;
++			if (isalpha((unsigned char)ch)) {
++				if ((flags & RPP_FORCELOWER))
++					ch = (char)tolower((unsigned char)ch);
++				if ((flags & RPP_FORCEUPPER))
++					ch = (char)toupper((unsigned char)ch);
++			}
++			*p++ = ch;
++		}
++	}
++	*p = '\0';
++	save_errno = errno;
++	if (!(term.c_lflag & ECHO))
++		(void)write(output, "\n", 1);
++
++	/* Restore old terminal settings and signals. */
++	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
++		const int sigttou = signo[SIGTTOU];
++
++		/* Ignore SIGTTOU generated when we are not the fg pgrp. */
++		while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 &&
++		    errno == EINTR && !signo[SIGTTOU])
++			continue;
++		signo[SIGTTOU] = sigttou;
++	}
++	(void)sigaction(SIGALRM, &savealrm, NULL);
++	(void)sigaction(SIGHUP, &savehup, NULL);
++	(void)sigaction(SIGINT, &saveint, NULL);
++	(void)sigaction(SIGQUIT, &savequit, NULL);
++	(void)sigaction(SIGPIPE, &savepipe, NULL);
++	(void)sigaction(SIGTERM, &saveterm, NULL);
++	(void)sigaction(SIGTSTP, &savetstp, NULL);
++	(void)sigaction(SIGTTIN, &savettin, NULL);
++	(void)sigaction(SIGTTOU, &savettou, NULL);
++	if (input != STDIN_FILENO)
++		(void)close(input);
++
++	/*
++	 * If we were interrupted by a signal, resend it to ourselves
++	 * now that we have restored the signal handlers.
++	 */
++	for (i = 0; i < _NSIG; i++) {
++		if (signo[i]) {
++			kill(getpid(), i);
++			switch (i) {
++			case SIGTSTP:
++			case SIGTTIN:
++			case SIGTTOU:
++				need_restart = 1;
++			}
++		}
++	}
++	if (need_restart)
++		goto restart;
++
++	if (save_errno)
++		errno = save_errno;
++	return(nr == -1 ? NULL : buf);
++}
++
++static void handler(int s)
++{
++
++	signo[s] = 1;
++}
+diff --git a/libmisc/readpassphrase.h b/libmisc/readpassphrase.h
+new file mode 100644
+index 000000000..336a01156
+--- /dev/null
++++ b/libmisc/readpassphrase.h
+@@ -0,0 +1,45 @@
++/*	$OpenBSD: readpassphrase.h,v 1.4 2003/06/03 01:52:39 millert Exp $	*/
++
++/*
++ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ *
++ * Sponsored in part by the Defense Advanced Research Projects
++ * Agency (DARPA) and Air Force Research Laboratory, Air Force
++ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
++ */
++
++#ifndef LIBBSD_READPASSPHRASE_H
++#define LIBBSD_READPASSPHRASE_H
++
++#define RPP_ECHO_OFF    0x00		/* Turn off echo (default). */
++#define RPP_ECHO_ON     0x01		/* Leave echo on. */
++#define RPP_REQUIRE_TTY 0x02		/* Fail if there is no tty. */
++#define RPP_FORCELOWER  0x04		/* Force input to lower case. */
++#define RPP_FORCEUPPER  0x08		/* Force input to upper case. */
++#define RPP_SEVENBIT    0x10		/* Strip the high bit from input. */
++#define RPP_STDIN       0x20		/* Read from stdin, not /dev/tty */
++
++#ifdef LIBBSD_OVERLAY
++#include <sys/cdefs.h>
++#else
++//#include <bsd/sys/cdefs.h>
++#endif
++#include <sys/types.h>
++
++__BEGIN_DECLS
++char * readpassphrase(const char *, char *, size_t, int);
++__END_DECLS
++
++#endif /* !LIBBSD_READPASSPHRASE_H */