Wed Dec 7 18:48:07 UTC 202220221207184807

d/cargo-vendor-filterer-0.5.7-x86_64-1.txz:  Added.
  Thanks to Heinz Wiesinger.
d/cbindgen-0.24.3-x86_64-1.txz:  Added.
d/python3-3.9.16-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680
  (heap use-after-free).
  gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio
  related name resolution functions no longer involves a quadratic algorithm
  to fix CVE-2022-45061. This prevents a potential CPU denial of service if an
  out-of-spec excessive length hostname involving bidirectional characters were
  decoded. Some protocols such as urllib http 3xx redirects potentially allow
  for an attacker to supply such a name.
  gh-100001: python -m http.server no longer allows terminal control characters
  sent within a garbage request to be printed to the stderr server log.
  gh-87604: Avoid publishing list of active per-interpreter audit hooks via the
  gc module.
  gh-97514: On Linux the multiprocessing module returns to using filesystem
  backed unix domain sockets for communication with the forkserver process
  instead of the Linux abstract socket namespace. Only code that chooses to use
  the "forkserver" start method is affected. This prevents Linux CVE-2022-42919
  (potential privilege escalation) as abstract sockets have no permissions and
  could allow any user on the system in the same network namespace (often the
  whole system) to inject code into the multiprocessing forkserver process.
  Filesystem based socket permissions restrict this to the forkserver process
  user as was the default in Python 3.8 and earlier.
  gh-98517: Port XKCP's fix for the buffer overflows in SHA-3 to fix
  CVE-2022-37454.
  gh-68966: The deprecated mailcap module now refuses to inject unsafe text
  (filenames, MIME types, parameters) into shell commands to address
  CVE-2015-20107. Instead of using such text, it will warn and act as if a
  match was not found (or for test commands, as if the test failed).
  For more information, see:
    https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.html
    https://www.cve.org/CVERecord?id=CVE-2022-43680
    https://www.cve.org/CVERecord?id=CVE-2022-45061
    https://www.cve.org/CVERecord?id=CVE-2022-42919
    https://www.cve.org/CVERecord?id=CVE-2022-37454
    https://www.cve.org/CVERecord?id=CVE-2015-20107
  (* Security fix *)
d/rust-bindgen-0.63.0-x86_64-1.txz:  Added.
  Thanks to Heinz Wiesinger.
l/pcre2-10.41-x86_64-1.txz:  Upgraded.
n/proftpd-1.3.8-x86_64-1.txz:  Upgraded.
x/mesa-22.3.0-x86_64-1.txz:  Upgraded.
  Compiled with Rusticl support. Thanks to Heinz Wiesinger.
x/xdm-1.1.14-x86_64-1.txz:  Upgraded.

7 files changed, 8 insertions, 153 deletions

diff --git a/source/x/mesa/mesa.SlackBuild b/source/x/mesa/mesa.SlackBuild
index 36a80cf73..6f42f6607 100755
--- a/source/x/mesa/mesa.SlackBuild
+++ b/source/x/mesa/mesa.SlackBuild
@@ -131,6 +131,8 @@ meson setup \
   -Dplatforms=x11,wayland \
   -Dgallium-opencl=icd \
   -Dgallium-nine=true \
+  -Dgallium-rusticl=true \
+  -Drust_std=2021 \
   -Dosmesa=true \
   -Dgallium-drivers=$GALLIUM_DRIVERS \
   -Dvulkan-drivers=amd,intel,swrast \
diff --git a/source/x/x11/build/xdm b/source/x/x11/build/xdm
index 8351c1939..d00491fd7 100644
--- a/source/x/x11/build/xdm
+++ b/source/x/x11/build/xdm
@@ -1 +1 @@
-14
+1
diff --git a/source/x/x11/doinst.sh/xdm b/source/x/x11/doinst.sh/xdm
index fc3b5a679..78d53d822 100644
--- a/source/x/x11/doinst.sh/xdm
+++ b/source/x/x11/doinst.sh/xdm
@@ -21,3 +21,8 @@ do
   config etc/X11/xdm/${conffile}.new
 done
 
+# Prevent a black background for login/password when upgrading from xdm-1.1.1
+# and ignoring the .new files :-)
+if ! grep -q inpColor etc/X11/xdm/Xresources ; then
+  echo 'xlogin*inpColor: grey80' >> etc/X11/xdm/Xresources
+fi
diff --git a/source/x/x11/patch/xdm.patch b/source/x/x11/patch/xdm.patch
deleted file mode 100644
index e9b5ec3cd..000000000
--- a/source/x/x11/patch/xdm.patch
+++ /dev/null
@@ -1,6 +0,0 @@
-zcat $CWD/patch/xdm/xdm.glibc.crypt.diff.gz | patch -p1 --verbose || \
-  { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
-zcat $CWD/patch/xdm/xdm-1.1.11-setproctitle-include.patch.gz | patch -p1 --verbose || \
-  { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
-zcat $CWD/patch/xdm/xdm.arc4random.diff.gz | patch -p1 --verbose || \
-  { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
diff --git a/source/x/x11/patch/xdm/xdm-1.1.11-setproctitle-include.patch b/source/x/x11/patch/xdm/xdm-1.1.11-setproctitle-include.patch
deleted file mode 100644
index 0a3f32bbe..000000000
--- a/source/x/x11/patch/xdm/xdm-1.1.11-setproctitle-include.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-diff -ur a/xdm/choose.c b/xdm/choose.c
---- a/xdm/choose.c	2011-09-25 09:35:47.000000000 +0200
-+++ b/xdm/choose.c	2014-01-06 16:33:09.628065364 +0100
-@@ -54,6 +54,14 @@
- #  include       <tiuser.h>
- # endif
- 
-+# ifdef HAVE_SETPROCTITLE
-+#  ifdef __linux__
-+#   include <bsd/unistd.h>
-+#  else
-+#   include <unistd.h>
-+#  endif
-+# endif
-+
- # include <time.h>
- # define Time_t time_t
- 
-diff -ur a/xdm/session.c b/xdm/session.c
---- a/xdm/session.c	2011-09-25 09:35:47.000000000 +0200
-+++ b/xdm/session.c	2014-01-06 16:40:57.508072789 +0100
-@@ -54,6 +54,15 @@
- # include <usersec.h>
- #endif
- 
-+# ifdef HAVE_SETPROCTITLE
-+#  include <sys/types.h>
-+#  ifdef __linux__
-+#   include <bsd/unistd.h>
-+#  else
-+#   include <unistd.h>
-+#  endif
-+# endif
-+
- #ifndef USE_PAM        /* PAM modules should handle these */
- # ifdef SECURE_RPC
- #  include <rpc/rpc.h>
diff --git a/source/x/x11/patch/xdm/xdm.arc4random.diff b/source/x/x11/patch/xdm/xdm.arc4random.diff
deleted file mode 100644
index 06948e63e..000000000
--- a/source/x/x11/patch/xdm/xdm.arc4random.diff
+++ /dev/null
@@ -1,67 +0,0 @@
-diff -aurN xdm-1.1.11/xdm/genauth.c xdm-20220911_468b760/xdm/genauth.c
---- xdm-1.1.11/xdm/genauth.c	2011-09-25 09:35:47.000000000 +0200
-+++ xdm-20220911_468b760/xdm/genauth.c	2022-10-08 06:24:57.000000000 +0200
-@@ -40,6 +40,22 @@
- 
- #include <errno.h>
- 
-+#ifdef HAVE_ARC4RANDOM
-+# ifdef __linux__
-+#  if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
-+#   if __GLIBC_PREREQ(2, 36)
-+#    include <stdlib.h>
-+#   else
-+#    include <bsd/stdlib.h>
-+#   endif
-+#  else
-+#   include <bsd/stdlib.h>
-+#  endif
-+# else
-+#  include <stdlib.h>
-+# endif
-+#endif
-+
- #include <time.h>
- #define Time_t time_t
- 
-@@ -372,7 +388,7 @@
- 	  randomDevice, errno);
-     }
- #  endif
--    /*  Try some pseudo-random number genrator daemon next */
-+    /*  Try some pseudo-random number generator daemon next */
-     if (prngdSocket != NULL || prngdPort != 0) {
- 	    if (get_prngd_bytes((char *)tmpkey, sizeof(tmpkey), prngdPort,
- 		    prngdSocket) == 0) {
-@@ -408,15 +424,20 @@
-     static int	    xdmcpAuthInited;
-     long	    ldata[2];
- 
--# ifdef ITIMER_REAL
-+# ifndef HAVE_ARC4RANDOM
-+#  ifdef ITIMER_REAL
-     struct timeval  now;
- 
-     X_GETTIMEOFDAY (&now);
-     ldata[0] = now.tv_usec;
-     ldata[1] = now.tv_sec;
--# else
-+#  else
-     ldata[0] = time ((long *) 0);
-     ldata[1] = getpid ();
-+#  endif
-+# else
-+    ldata[0] = arc4random();
-+    ldata[1] = arc4random();
- # endif
- 
-     longtochars (ldata[0], data+0);
-@@ -462,7 +483,7 @@
- 	LogError("Cannot open randomDevice \"%s\", errno = %d\n",
- 		 randomDevice, errno);
- #  endif /* DEV_RANDOM */
--    /*  Try some pseudo-random number genrator daemon next */
-+    /*  Try some pseudo-random number generator daemon next */
-     if (prngdSocket != NULL || prngdPort != 0) {
- 	    if (get_prngd_bytes(auth, len, prngdPort, prngdSocket) == 0) {
- 		    return 1;
diff --git a/source/x/x11/patch/xdm/xdm.glibc.crypt.diff b/source/x/x11/patch/xdm/xdm.glibc.crypt.diff
deleted file mode 100644
index 076df37dc..000000000
--- a/source/x/x11/patch/xdm/xdm.glibc.crypt.diff
+++ /dev/null
@@ -1,42 +0,0 @@
-From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001
-From: mancha <mancha1@hush.com>
-Date: Wed, 22 May 2013 14:20:26 +0000
-Subject: Handle NULL returns from glibc 2.17+ crypt().
-
-Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
-(w/ NULL return) if the salt violates specifications. Additionally,
-on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
-passed to crypt() fail with EPERM (w/ NULL return).
-
-If using glibc's crypt(), check return value to avoid a possible
-NULL pointer dereference.
-
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
-diff --git a/greeter/verify.c b/greeter/verify.c
-index db3cb7d..b009e2b 100644
---- a/greeter/verify.c
-+++ b/greeter/verify.c
-@@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
- 	struct spwd	*sp;
- #  endif
- 	char		*user_pass = NULL;
-+	char		*crypted_pass = NULL;
- # endif
- # ifdef __OpenBSD__
- 	char            *s;
-@@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
- #  if defined(ultrix) || defined(__ultrix__)
- 	if (authenticate_user(p, greet->password, NULL) < 0)
- #  else
--	if (strcmp (crypt (greet->password, user_pass), user_pass))
-+	crypted_pass = crypt (greet->password, user_pass);
-+	if ((crypted_pass == NULL)
-+	    || (strcmp (crypted_pass, user_pass)))
- #  endif
- 	{
- 		if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) {
---
-cgit v0.9.0.2-2-gbebe
-