diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2023-09-18 18:40:04 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2023-09-18 21:29:02 +0200 |
| commit | 9191658382bcc955e2a3209799dd405f6f523442 (patch) | |
| tree | 3b377ae632c9b807f1e069303c3df1cea347c2b0 /source | |
| parent | 1ca47371e62165c8d226a0f8b2b27e1aad28ff74 (diff) | |
| download | current-9191658382bcc955e2a3209799dd405f6f523442.tar.gz current-9191658382bcc955e2a3209799dd405f6f523442.tar.xz | |
Mon Sep 18 18:40:04 UTC 202320230918184004
a/sysklogd-2.5.2-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.11-x86_64-1.txz: Upgraded.
l/adwaita-icon-theme-45.0-noarch-1.txz: Upgraded.
l/gsettings-desktop-schemas-45.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_16-x86_64-1.txz: Upgraded.
l/libdeflate-1.19-x86_64-1.txz: Upgraded.
l/libqalculate-4.8.1-x86_64-1.txz: Upgraded.
l/vte-0.74.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.17-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Validate data type in dalloc_value_for_key(). This flaw could allow a
malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
execute arbitrary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-42464
(* Security fix *)
Diffstat (limited to 'source')
| -rwxr-xr-x | source/d/cargo-vendor-filterer/fetch-sources.sh | 2 | ||||
| -rwxr-xr-x | source/l/adwaita-icon-theme/adwaita-icon-theme.SlackBuild | 28 | ||||
| -rwxr-xr-x | source/l/imagemagick/imagemagick.SlackBuild | 20 | ||||
| -rw-r--r-- | source/l/imagemagick/policy.xml.diff | 32 |
4 files changed, 36 insertions, 46 deletions
diff --git a/source/d/cargo-vendor-filterer/fetch-sources.sh b/source/d/cargo-vendor-filterer/fetch-sources.sh index 96451f32b..0874fae3b 100755 --- a/source/d/cargo-vendor-filterer/fetch-sources.sh +++ b/source/d/cargo-vendor-filterer/fetch-sources.sh @@ -1,6 +1,6 @@ #!/bin/bash -VERSION=${VERSION:-0.5.9} +VERSION=${VERSION:-0.5.11} rm -rf cargo-vendor-filterer-*.tar.?z cargo-cargo-vendor-filterer* diff --git a/source/l/adwaita-icon-theme/adwaita-icon-theme.SlackBuild b/source/l/adwaita-icon-theme/adwaita-icon-theme.SlackBuild index e07c1817a..27350f954 100755 --- a/source/l/adwaita-icon-theme/adwaita-icon-theme.SlackBuild +++ b/source/l/adwaita-icon-theme/adwaita-icon-theme.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2012, 2013, 2018 Patrick Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2012, 2013, 2018, 2023 Patrick Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -70,15 +70,27 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -./configure \ +# Configure, build, and install: +export CFLAGS="$SLKCFLAGS" +export CXXFLAGS="$SLKCFLAGS" +mkdir meson-build +cd meson-build +meson setup \ --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ + --libdir=lib${LIBDIRSUFFIX} \ + --libexecdir=/usr/libexec \ + --bindir=/usr/bin \ + --sbindir=/usr/sbin \ + --includedir=/usr/include \ + --datadir=/usr/share \ + --mandir=/usr/man \ --sysconfdir=/etc \ --localstatedir=/var \ - --build=$ARCH-slackware-linux || exit 1 - -make $NUMJOBS || make || exit 1 -make install DESTDIR=$PKG || exit 1 + --buildtype=release \ + .. || exit 1 + "${NINJA:=ninja}" $NUMJOBS || exit 1 + DESTDIR=$PKG $NINJA install || exit 1 +cd .. # Add some extra icons that are missing for Xfce. # Copy from the main tree and back to make sure that we @@ -96,6 +108,8 @@ make install DESTDIR=$PKG || exit 1 rm -r tmpicons ) +find $PKG -name .icon-theme.cache -exec rm "{}" \; + mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION cp -a \ AUTHORS COPYING* NEWS README* TODO \ diff --git a/source/l/imagemagick/imagemagick.SlackBuild b/source/l/imagemagick/imagemagick.SlackBuild index 254d9c7ea..64b04f335 100755 --- a/source/l/imagemagick/imagemagick.SlackBuild +++ b/source/l/imagemagick/imagemagick.SlackBuild @@ -23,7 +23,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=imagemagick -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # NOTE: This is to cope with ImageMagick version numbers such as 5.4.7-4, # which occur fairly often (but not always). If these numbers are all the same, @@ -42,6 +42,9 @@ BASEVER=$FILEVER # contain a '-'. We'll try to autogenerate this one. PKGVER=$(echo $FILEVER | tr - _) +# Default security policy to install as policy.xml: +POLICY=${POLICY:-limited} + # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in @@ -93,9 +96,6 @@ rm -rf ImageMagick-$BASEVER tar xvf $CWD/ImageMagick-$FILEVER.tar.?z || exit 1 cd ImageMagick-$BASEVER || exit 1 -# Harden the default settings in policy.xml to prevent security issues: -zcat $CWD/policy.xml.diff.gz | patch -p1 --verbose || exit 1 - chown -R root:root . find . \ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ @@ -123,6 +123,7 @@ CXXFLAGS="$SLKCFLAGS" \ --with-perl \ --with-perl-options="INSTALLDIRS=vendor" \ --with-rsvg \ + --with-security-policy=$POLICY \ --build=$ARCH-slackware-linux || exit 1 make $NUMJOBS || make || exit 1 @@ -147,6 +148,14 @@ rm -f $PKG/usr/lib${LIBDIRSUFFIX}/libltdl.* # to locate modules. rm -f $PKG/usr/lib${LIBDIRSUFFIX}/*.la +# Make sure the proper security policy.xml is installed: +cp -a config/policy-${POLICY}.xml $PKG/etc/ImageMagick-7/policy.xml + +# Provide all the security policy XML files as examples: +for file in config/policy*xml ; do + cp -a $file $PKG/etc/ImageMagick-7/$(basename ${file}).example +done + ( cd $PKG # Nothing but a perl upgrade should replace this (and maybe not even that) find . -name perllocal.pod | xargs rm -f @@ -190,7 +199,7 @@ fi # Move config files to .new: ( cd $PKG/etc/ImageMagick* - for file in * ; do + for file in *.xml ; do mv ${file} ${file}.new done ) @@ -215,4 +224,3 @@ cat $CWD/slack-desc > $PKG/install/slack-desc cd $PKG /sbin/makepkg -l y -c n $TMP/imagemagick-$PKGVER-$ARCH-$BUILD.txz - diff --git a/source/l/imagemagick/policy.xml.diff b/source/l/imagemagick/policy.xml.diff deleted file mode 100644 index 95a02f279..000000000 --- a/source/l/imagemagick/policy.xml.diff +++ /dev/null @@ -1,32 +0,0 @@ ---- ./config/policy.xml.orig 2020-11-14 07:53:19.000000000 -0600 -+++ ./config/policy.xml 2020-11-16 13:45:10.032089547 -0600 -@@ -52,6 +52,21 @@ - <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" /> - --> - <policymap> -+ <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -+ <!-- SECURITY: disable potentially insecure coders: --> -+ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> -+ <policy domain="coder" rights="none" pattern="HTTPS" /> -+ <policy domain="coder" rights="none" pattern="MVG" /> -+ <policy domain="coder" rights="none" pattern="MSL" /> -+ <policy domain="coder" rights="none" pattern="TEXT" /> -+ <policy domain="coder" rights="none" pattern="SHOW" /> -+ <policy domain="coder" rights="none" pattern="WIN" /> -+ <policy domain="coder" rights="none" pattern="PLT" /> -+ <!-- SECURITY: prevent indirect reads: --> -+ <policy domain="path" rights="none" pattern="@*" /> -+ <!-- SECURITY: prevent pipe to shell: --> -+ <policy domain="path" rights="none" pattern="|*" /> -+ <!-- Some examples: --> - <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> --> - <!-- <policy domain="resource" name="memory" value="2GiB"/> --> - <!-- <policy domain="resource" name="map" value="4GiB"/> --> -@@ -70,7 +85,6 @@ - <!-- <policy domain="path" rights="none" pattern="@*" /> --> - <!-- <policy domain="cache" name="memory-map" value="anonymous"/> --> - <!-- <policy domain="cache" name="synchronize" value="True"/> --> -- <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> --> - <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> --> - <!-- <policy domain="system" name="shred" value="2"/> --> - <!-- <policy domain="system" name="precision" value="6"/> --> |