diff options
25 files changed, 962 insertions, 102 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 939399395..b29f3ec02 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,77 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Thu, 10 Nov 2022 19:47:59 GMT</pubDate> - <lastBuildDate>Fri, 11 Nov 2022 12:30:16 GMT</lastBuildDate> + <pubDate>Thu, 17 Nov 2022 01:49:28 GMT</pubDate> + <lastBuildDate>Thu, 17 Nov 2022 12:30:18 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Thu, 17 Nov 2022 01:49:28 GMT</title> + <pubDate>Thu, 17 Nov 2022 01:49:28 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20221117014928</link> + <guid isPermaLink="false">20221117014928</guid> + <description> + <![CDATA[<pre> +patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txz: Rebuilt. + Fixed integer overflows in PAC parsing. + Fixed memory leak in OTP kdcpreauth module. + Fixed PKCS11 module path search. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2022-42898 + (* Security fix *) +patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txz: Upgraded. + This update contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/firefox/102.5.0/releasenotes/ + https://www.mozilla.org/security/advisories/mfsa2022-48/ + https://www.cve.org/CVERecord?id=CVE-2022-45403 + https://www.cve.org/CVERecord?id=CVE-2022-45404 + https://www.cve.org/CVERecord?id=CVE-2022-45405 + https://www.cve.org/CVERecord?id=CVE-2022-45406 + https://www.cve.org/CVERecord?id=CVE-2022-45408 + https://www.cve.org/CVERecord?id=CVE-2022-45409 + https://www.cve.org/CVERecord?id=CVE-2022-45410 + https://www.cve.org/CVERecord?id=CVE-2022-45411 + https://www.cve.org/CVERecord?id=CVE-2022-45412 + https://www.cve.org/CVERecord?id=CVE-2022-45416 + https://www.cve.org/CVERecord?id=CVE-2022-45418 + https://www.cve.org/CVERecord?id=CVE-2022-45420 + https://www.cve.org/CVERecord?id=CVE-2022-45421 + (* Security fix *) +patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txz: Upgraded. + This release contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/102.5.0/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ + https://www.cve.org/CVERecord?id=CVE-2022-45403 + https://www.cve.org/CVERecord?id=CVE-2022-45404 + https://www.cve.org/CVERecord?id=CVE-2022-45405 + https://www.cve.org/CVERecord?id=CVE-2022-45406 + https://www.cve.org/CVERecord?id=CVE-2022-45408 + https://www.cve.org/CVERecord?id=CVE-2022-45409 + https://www.cve.org/CVERecord?id=CVE-2022-45410 + https://www.cve.org/CVERecord?id=CVE-2022-45411 + https://www.cve.org/CVERecord?id=CVE-2022-45412 + https://www.cve.org/CVERecord?id=CVE-2022-45416 + https://www.cve.org/CVERecord?id=CVE-2022-45418 + https://www.cve.org/CVERecord?id=CVE-2022-45420 + https://www.cve.org/CVERecord?id=CVE-2022-45421 + (* Security fix *) +patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz: Upgraded. + Fixed a security issue where Samba's Kerberos libraries and AD DC failed + to guard against integer overflows when parsing a PAC on a 32-bit system, + which allowed an attacker with a forged PAC to corrupt the heap. + For more information, see: + https://www.samba.org/samba/security/CVE-2022-42898.html + https://www.cve.org/CVERecord?id=CVE-2022-42898 + (* Security fix *) +patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz: Upgraded. + This update fixes regressions in the previous security fix: + mime-settings: Properly quote command parameters. + Revert "Escape characters which do not belong into an URI/URL (Issue #390)." + </pre>]]> + </description> + </item> + <item> <title>Thu, 10 Nov 2022 19:47:59 GMT</title> <pubDate>Thu, 10 Nov 2022 19:47:59 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20221110194759</link> diff --git a/ChangeLog.txt b/ChangeLog.txt index b8a4145af..fd6dfe4b7 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,62 @@ +Thu Nov 17 01:49:28 UTC 2022 +patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txz: Rebuilt. + Fixed integer overflows in PAC parsing. + Fixed memory leak in OTP kdcpreauth module. + Fixed PKCS11 module path search. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2022-42898 + (* Security fix *) +patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txz: Upgraded. + This update contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/firefox/102.5.0/releasenotes/ + https://www.mozilla.org/security/advisories/mfsa2022-48/ + https://www.cve.org/CVERecord?id=CVE-2022-45403 + https://www.cve.org/CVERecord?id=CVE-2022-45404 + https://www.cve.org/CVERecord?id=CVE-2022-45405 + https://www.cve.org/CVERecord?id=CVE-2022-45406 + https://www.cve.org/CVERecord?id=CVE-2022-45408 + https://www.cve.org/CVERecord?id=CVE-2022-45409 + https://www.cve.org/CVERecord?id=CVE-2022-45410 + https://www.cve.org/CVERecord?id=CVE-2022-45411 + https://www.cve.org/CVERecord?id=CVE-2022-45412 + https://www.cve.org/CVERecord?id=CVE-2022-45416 + https://www.cve.org/CVERecord?id=CVE-2022-45418 + https://www.cve.org/CVERecord?id=CVE-2022-45420 + https://www.cve.org/CVERecord?id=CVE-2022-45421 + (* Security fix *) +patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txz: Upgraded. + This release contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/102.5.0/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ + https://www.cve.org/CVERecord?id=CVE-2022-45403 + https://www.cve.org/CVERecord?id=CVE-2022-45404 + https://www.cve.org/CVERecord?id=CVE-2022-45405 + https://www.cve.org/CVERecord?id=CVE-2022-45406 + https://www.cve.org/CVERecord?id=CVE-2022-45408 + https://www.cve.org/CVERecord?id=CVE-2022-45409 + https://www.cve.org/CVERecord?id=CVE-2022-45410 + https://www.cve.org/CVERecord?id=CVE-2022-45411 + https://www.cve.org/CVERecord?id=CVE-2022-45412 + https://www.cve.org/CVERecord?id=CVE-2022-45416 + https://www.cve.org/CVERecord?id=CVE-2022-45418 + https://www.cve.org/CVERecord?id=CVE-2022-45420 + https://www.cve.org/CVERecord?id=CVE-2022-45421 + (* Security fix *) +patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz: Upgraded. + Fixed a security issue where Samba's Kerberos libraries and AD DC failed + to guard against integer overflows when parsing a PAC on a 32-bit system, + which allowed an attacker with a forged PAC to corrupt the heap. + For more information, see: + https://www.samba.org/samba/security/CVE-2022-42898.html + https://www.cve.org/CVERecord?id=CVE-2022-42898 + (* Security fix *) +patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz: Upgraded. + This update fixes regressions in the previous security fix: + mime-settings: Properly quote command parameters. + Revert "Escape characters which do not belong into an URI/URL (Issue #390)." ++--------------------------+ Thu Nov 10 19:47:59 UTC 2022 patches/packages/php-7.4.33-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: diff --git a/FILELIST.TXT b/FILELIST.TXT index 2d71d7771..6d563721b 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Thu Nov 10 19:50:20 UTC 2022 +Thu Nov 17 01:53:23 UTC 2022 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2022-11-10 19:47 . +drwxr-xr-x 12 root root 4096 2022-11-17 01:49 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1158795 2022-11-09 22:20 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2022-11-09 22:20 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1158795 2022-11-10 19:50 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2022-11-10 19:50 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 1950615 2022-11-10 19:47 ./ChangeLog.txt +-rw-r--r-- 1 root root 1953659 2022-11-17 01:49 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1512587 2022-11-09 22:19 ./FILELIST.TXT +-rw-r--r-- 1 root root 1512587 2022-11-10 19:50 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY -rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT @@ -738,13 +738,13 @@ drwxr-xr-x 2 root root 4096 2008-05-07 05:21 ./pasture/source/php/pear -rwxr-xr-x 1 root root 9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild -rw-r--r-- 1 root root 775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz -rw-r--r-- 1 root root 830 2005-12-09 05:18 ./pasture/source/php/slack-desc -drwxr-xr-x 4 root root 4096 2022-11-10 19:50 ./patches --rw-r--r-- 1 root root 54062 2022-11-10 19:50 ./patches/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2022-11-10 19:50 ./patches/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 72112 2022-11-10 19:50 ./patches/FILE_LIST --rw-r--r-- 1 root root 11743107 2022-11-10 19:50 ./patches/MANIFEST.bz2 --rw-r--r-- 1 root root 40216 2022-11-10 19:50 ./patches/PACKAGES.TXT -drwxr-xr-x 3 root root 16384 2022-11-10 19:50 ./patches/packages +drwxr-xr-x 4 root root 4096 2022-11-17 01:53 ./patches +-rw-r--r-- 1 root root 55508 2022-11-17 01:53 ./patches/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2022-11-17 01:53 ./patches/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 74033 2022-11-17 01:53 ./patches/FILE_LIST +-rw-r--r-- 1 root root 11808309 2022-11-17 01:53 ./patches/MANIFEST.bz2 +-rw-r--r-- 1 root root 40684 2022-11-17 01:53 ./patches/PACKAGES.TXT +drwxr-xr-x 3 root root 16384 2022-11-17 01:53 ./patches/packages -rw-r--r-- 1 root root 327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt -rw-r--r-- 1 root root 10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz -rw-r--r-- 1 root root 163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc @@ -808,6 +808,9 @@ drwxr-xr-x 3 root root 16384 2022-11-10 19:50 ./patches/packages -rw-r--r-- 1 root root 513 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 312136 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 304 2022-11-17 01:47 ./patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txt +-rw-r--r-- 1 root root 1210340 2022-11-17 01:47 ./patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txz +-rw-r--r-- 1 root root 163 2022-11-17 01:47 ./patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txz.asc -rw-r--r-- 1 root root 402 2022-04-08 18:31 ./patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 514852 2022-04-08 18:31 ./patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-04-08 18:31 ./patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txz.asc @@ -839,15 +842,15 @@ drwxr-xr-x 2 root root 4096 2022-08-26 04:06 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 369 2022-11-08 20:39 ./patches/packages/mariadb-10.5.18-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 29412112 2022-11-08 20:39 ./patches/packages/mariadb-10.5.18-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-11-08 20:39 ./patches/packages/mariadb-10.5.18-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 570 2022-10-17 21:29 ./patches/packages/mozilla-firefox-102.4.0esr-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 59169076 2022-10-17 21:29 ./patches/packages/mozilla-firefox-102.4.0esr-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2022-10-17 21:29 ./patches/packages/mozilla-firefox-102.4.0esr-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 570 2022-11-14 20:38 ./patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 59183892 2022-11-14 20:38 ./patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2022-11-14 20:38 ./patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 564 2022-11-03 19:45 ./patches/packages/mozilla-nss-3.84-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 1839996 2022-11-03 19:45 ./patches/packages/mozilla-nss-3.84-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-11-03 19:45 ./patches/packages/mozilla-nss-3.84-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 663 2022-11-04 17:57 ./patches/packages/mozilla-thunderbird-102.4.2-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 56137600 2022-11-04 17:57 ./patches/packages/mozilla-thunderbird-102.4.2-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2022-11-04 17:57 ./patches/packages/mozilla-thunderbird-102.4.2-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 663 2022-11-16 20:14 ./patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 56152244 2022-11-16 20:14 ./patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2022-11-16 20:14 ./patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 451 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 1598024 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz.asc @@ -884,9 +887,9 @@ drwxr-xr-x 2 root root 4096 2022-08-26 04:06 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 385 2022-04-13 18:19 ./patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 7739784 2022-04-13 18:19 ./patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-04-13 18:19 ./patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 507 2022-10-25 16:54 ./patches/packages/samba-4.15.11-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 13020260 2022-10-25 16:54 ./patches/packages/samba-4.15.11-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2022-10-25 16:54 ./patches/packages/samba-4.15.11-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 507 2022-11-17 01:46 ./patches/packages/samba-4.15.12-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 12970372 2022-11-17 01:46 ./patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2022-11-17 01:46 ./patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 392 2022-09-29 20:19 ./patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 38098032 2022-09-29 20:19 ./patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-09-29 20:19 ./patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz.asc @@ -911,9 +914,9 @@ drwxr-xr-x 2 root root 4096 2022-08-26 04:06 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 367 2022-10-20 18:34 ./patches/packages/whois-5.5.14-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 61840 2022-10-20 18:34 ./patches/packages/whois-5.5.14-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-10-20 18:34 ./patches/packages/whois-5.5.14-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 377 2022-11-09 20:30 ./patches/packages/xfce4-settings-4.16.4-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 801792 2022-11-09 20:30 ./patches/packages/xfce4-settings-4.16.4-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2022-11-09 20:30 ./patches/packages/xfce4-settings-4.16.4-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 377 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 801956 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 670 2022-10-17 18:31 ./patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txt -rw-r--r-- 1 root root 1779544 2022-10-17 18:31 ./patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txz -rw-r--r-- 1 root root 163 2022-10-17 18:31 ./patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txz.asc @@ -935,7 +938,7 @@ drwxr-xr-x 2 root root 4096 2022-08-26 04:06 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 388 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 105356 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz.asc -drwxr-xr-x 56 root root 4096 2022-11-10 19:30 ./patches/source +drwxr-xr-x 57 root root 4096 2022-11-17 01:48 ./patches/source drwxr-xr-x 2 root root 4096 2022-01-16 05:07 ./patches/source/aaa_base -rw-r--r-- 1 root root 11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz -rwxr-xr-x 1 root root 3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild @@ -1111,6 +1114,25 @@ drwxr-xr-x 2 root root 4096 2022-08-23 03:03 ./patches/source/hunspell -rwxr-xr-x 1 root root 4301 2022-08-23 03:06 ./patches/source/hunspell/hunspell.SlackBuild -rw-r--r-- 1 root root 37 2022-08-23 03:02 ./patches/source/hunspell/hunspell.url -rw-r--r-- 1 root root 965 2021-06-29 18:41 ./patches/source/hunspell/slack-desc +drwxr-xr-x 3 root root 4096 2022-11-16 19:45 ./patches/source/krb5 +-rw-r--r-- 1 root root 1558 2022-11-16 19:44 ./patches/source/krb5/5ad465bc8e0d957a4945218bea487b77622bf433.patch +drwxr-xr-x 2 root root 4096 2020-01-21 18:39 ./patches/source/krb5/conf +-rw-r--r-- 1 root root 92 2019-12-10 20:45 ./patches/source/krb5/conf/kadmind +-rw-r--r-- 1 root root 1164 2019-12-10 21:03 ./patches/source/krb5/conf/kdc.conf.example +-rw-r--r-- 1 root root 90 2019-12-10 20:48 ./patches/source/krb5/conf/kpropd +-rw-r--r-- 1 root root 628 2019-12-10 21:00 ./patches/source/krb5/conf/krb5.conf.example +-rw-r--r-- 1 root root 92 2019-12-10 20:49 ./patches/source/krb5/conf/krb5kdc +-rw-r--r-- 1 root root 797 2019-12-12 21:24 ./patches/source/krb5/conf/rc.kadmind +-rw-r--r-- 1 root root 857 2019-12-12 21:25 ./patches/source/krb5/conf/rc.kpropd +-rw-r--r-- 1 root root 842 2019-12-12 21:24 ./patches/source/krb5/conf/rc.krb5kdc +-rw-r--r-- 1 root root 1454 2021-10-21 16:32 ./patches/source/krb5/d775c95af7606a51bf79547a94fa52ddd1cb7f49.patch +-rw-r--r-- 1 root root 357 2019-12-10 20:54 ./patches/source/krb5/doinst.sh.gz +-rw-r--r-- 1 root root 2252 2022-11-16 19:41 ./patches/source/krb5/e134d9a6b6332bd085093e9075c949ece784fcd0.patch +-rw-r--r-- 1 root root 3600 2022-11-16 19:32 ./patches/source/krb5/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583.patch +-rw-r--r-- 1 root root 6035610 2021-07-22 15:58 ./patches/source/krb5/krb5-1.19.2.tar.lz +-rwxr-xr-x 1 root root 6453 2022-11-16 19:45 ./patches/source/krb5/krb5.SlackBuild +-rw-r--r-- 1 root root 39 2017-09-30 20:08 ./patches/source/krb5/krb5.url +-rw-r--r-- 1 root root 756 2020-01-21 18:49 ./patches/source/krb5/slack-desc drwxr-xr-x 2 root root 4096 2022-04-08 18:24 ./patches/source/libarchive -rw-r--r-- 1 root root 5241148 2022-04-08 12:39 ./patches/source/libarchive/libarchive-3.6.1.tar.xz -rw-r--r-- 1 root root 833 2022-04-08 12:39 ./patches/source/libarchive/libarchive-3.6.1.tar.xz.asc @@ -1167,7 +1189,7 @@ drwxr-xr-x 2 root root 4096 2022-11-08 20:23 ./patches/source/mariadb -rw-r--r-- 1 root root 34 2015-05-07 18:51 ./patches/source/mariadb/mirror.url -rw-r--r-- 1 root root 1208 2021-04-23 17:54 ./patches/source/mariadb/rc.mysqld.gz -rw-r--r-- 1 root root 824 2018-02-27 06:12 ./patches/source/mariadb/slack-desc -drwxr-xr-x 3 root root 4096 2022-10-17 20:27 ./patches/source/mozilla-firefox +drwxr-xr-x 3 root root 4096 2022-11-14 19:35 ./patches/source/mozilla-firefox -rw-r--r-- 1 root root 693 2021-03-22 17:58 ./patches/source/mozilla-firefox/0027-LTO-Only-enable-LTO-for-Rust-when-complete-build-use.patch.gz drwxr-xr-x 5 root root 4096 2021-08-13 18:36 ./patches/source/mozilla-firefox/build-deps -rwxr-xr-x 1 root root 1919 2019-07-09 19:35 ./patches/source/mozilla-firefox/build-deps.sh @@ -1179,14 +1201,14 @@ drwxr-xr-x 2 root root 4096 2022-06-13 00:06 ./patches/source/mozilla-fire -rw-r--r-- 1 root root 150253 2022-04-21 16:48 ./patches/source/mozilla-firefox/build-deps/cbindgen/cbindgen-0.23.0.tar.lz -rwxr-xr-x 1 root root 2032 2022-06-14 16:39 ./patches/source/mozilla-firefox/build-deps/cbindgen/cbindgen.build -rw-r--r-- 1 root root 35 2021-06-25 03:11 ./patches/source/mozilla-firefox/build-deps/cbindgen/cbindgen.url -drwxr-xr-x 2 root root 4096 2022-10-18 18:16 ./patches/source/mozilla-firefox/build-deps/nodejs --rw-r--r-- 1 root root 38853960 2022-10-17 20:29 ./patches/source/mozilla-firefox/build-deps/nodejs/node-v19.0.0.tar.xz +drwxr-xr-x 2 root root 4096 2022-11-14 19:25 ./patches/source/mozilla-firefox/build-deps/nodejs +-rw-r--r-- 1 root root 39373084 2022-11-14 02:30 ./patches/source/mozilla-firefox/build-deps/nodejs/node-v19.1.0.tar.xz -rwxr-xr-x 1 root root 3003 2022-08-10 17:53 ./patches/source/mozilla-firefox/build-deps/nodejs/nodejs.build -rw-r--r-- 1 root root 86 2019-07-08 21:02 ./patches/source/mozilla-firefox/build-deps/nodejs/nodejs.url -rwxr-xr-x 1 root root 840 2018-03-13 12:55 ./patches/source/mozilla-firefox/fetch-and-repack.sh -rw-r--r-- 1 root root 330 2019-07-08 18:41 ./patches/source/mozilla-firefox/ff.ui.scrollToClick.diff.gz --rw-r--r-- 1 root root 482118312 2022-10-17 08:38 ./patches/source/mozilla-firefox/firefox-102.4.0esr.source.tar.xz --rw-r--r-- 1 root root 833 2022-10-17 08:38 ./patches/source/mozilla-firefox/firefox-102.4.0esr.source.tar.xz.asc +-rw-r--r-- 1 root root 478705384 2022-11-14 14:45 ./patches/source/mozilla-firefox/firefox-102.5.0esr.source.tar.xz +-rw-r--r-- 1 root root 833 2022-11-14 14:45 ./patches/source/mozilla-firefox/firefox-102.5.0esr.source.tar.xz.asc -rw-r--r-- 1 root root 327 2008-06-17 17:19 ./patches/source/mozilla-firefox/firefox.moz_plugin_path.diff.gz -rw-r--r-- 1 root root 518 2021-03-15 17:43 ./patches/source/mozilla-firefox/gkrust.a.no.networking.check.diff.gz -rw-r--r-- 1 root root 462 2009-07-01 06:05 ./patches/source/mozilla-firefox/mimeTypes.rdf.gz @@ -1205,7 +1227,7 @@ drwxr-xr-x 2 root root 4096 2022-11-03 19:32 ./patches/source/mozilla-nss -rw-r--r-- 1 root root 55116439 2022-10-13 15:40 ./patches/source/mozilla-nss/nss-3.84.tar.lz -rw-r--r-- 1 root root 2488 2012-04-29 21:05 ./patches/source/mozilla-nss/nss-config.in -rw-r--r-- 1 root root 1023 2018-02-27 06:12 ./patches/source/mozilla-nss/slack-desc -drwxr-xr-x 4 root root 4096 2022-11-04 16:49 ./patches/source/mozilla-thunderbird +drwxr-xr-x 4 root root 4096 2022-11-16 19:08 ./patches/source/mozilla-thunderbird -rw-r--r-- 1 root root 266 2022-08-06 19:40 ./patches/source/mozilla-thunderbird/arc4random_buf.glibc-2.36.diff.gz drwxr-xr-x 2 root root 4096 2016-07-03 18:05 ./patches/source/mozilla-thunderbird/autoconf -rw-r--r-- 1 root root 5869 2016-07-03 18:04 ./patches/source/mozilla-thunderbird/autoconf/autoconf-2.13-consolidated_fixes-1.patch.gz @@ -1221,8 +1243,8 @@ drwxr-xr-x 2 root root 4096 2022-06-13 00:06 ./patches/source/mozilla-thun -rw-r--r-- 1 root root 150253 2022-04-21 16:48 ./patches/source/mozilla-thunderbird/build-deps/cbindgen/cbindgen-0.23.0.tar.lz -rwxr-xr-x 1 root root 2032 2022-06-14 16:39 ./patches/source/mozilla-thunderbird/build-deps/cbindgen/cbindgen.build -rw-r--r-- 1 root root 35 2021-06-25 03:11 ./patches/source/mozilla-thunderbird/build-deps/cbindgen/cbindgen.url -drwxr-xr-x 2 root root 4096 2022-10-18 18:16 ./patches/source/mozilla-thunderbird/build-deps/nodejs --rw-r--r-- 1 root root 38853960 2022-10-17 20:29 ./patches/source/mozilla-thunderbird/build-deps/nodejs/node-v19.0.0.tar.xz +drwxr-xr-x 2 root root 4096 2022-11-14 19:25 ./patches/source/mozilla-thunderbird/build-deps/nodejs +-rw-r--r-- 1 root root 39373084 2022-11-14 02:30 ./patches/source/mozilla-thunderbird/build-deps/nodejs/node-v19.1.0.tar.xz -rwxr-xr-x 1 root root 3013 2021-08-13 18:10 ./patches/source/mozilla-thunderbird/build-deps/nodejs/nodejs.build -rw-r--r-- 1 root root 86 2019-07-08 21:02 ./patches/source/mozilla-thunderbird/build-deps/nodejs/nodejs.url -rw-r--r-- 1 root root 263 2022-06-30 18:42 ./patches/source/mozilla-thunderbird/double_t.x86.diff.gz @@ -1231,8 +1253,8 @@ drwxr-xr-x 2 root root 4096 2022-10-18 18:16 ./patches/source/mozilla-thun -rw-r--r-- 1 root root 3378 2005-03-08 05:13 ./patches/source/mozilla-thunderbird/mozilla-thunderbird.desktop -rw-r--r-- 1 root root 1130 2018-02-27 06:47 ./patches/source/mozilla-thunderbird/slack-desc -rw-r--r-- 1 root root 330 2019-08-27 16:35 ./patches/source/mozilla-thunderbird/tb.ui.scrollToClick.diff.gz --rw-r--r-- 1 root root 500913544 2022-11-03 19:25 ./patches/source/mozilla-thunderbird/thunderbird-102.4.2.source.tar.xz --rw-r--r-- 1 root root 833 2022-11-03 19:25 ./patches/source/mozilla-thunderbird/thunderbird-102.4.2.source.tar.xz.asc +-rw-r--r-- 1 root root 506950192 2022-11-15 20:39 ./patches/source/mozilla-thunderbird/thunderbird-102.5.0.source.tar.xz +-rw-r--r-- 1 root root 833 2022-11-15 20:39 ./patches/source/mozilla-thunderbird/thunderbird-102.5.0.source.tar.xz.asc drwxr-xr-x 2 root root 4096 2022-07-21 17:44 ./patches/source/net-snmp -rw-r--r-- 1 root root 356 2021-12-21 18:38 ./patches/source/net-snmp/doinst.sh.gz -rw-r--r-- 1 root root 607 2018-07-20 09:39 ./patches/source/net-snmp/net-snmp-5.7.2-cert-path.patch.gz @@ -1350,11 +1372,11 @@ drwxr-xr-x 2 root root 4096 2022-04-13 18:15 ./patches/source/ruby -rw-r--r-- 1 root root 15494036 2022-04-12 12:30 ./patches/source/ruby/ruby-3.0.4.tar.lz -rwxr-xr-x 1 root root 4817 2022-04-13 18:14 ./patches/source/ruby/ruby.SlackBuild -rw-r--r-- 1 root root 837 2019-03-13 16:43 ./patches/source/ruby/slack-desc -drwxr-xr-x 2 root root 4096 2022-10-25 16:47 ./patches/source/samba +drwxr-xr-x 2 root root 4096 2022-11-16 19:16 ./patches/source/samba -rw-r--r-- 1 root root 703 2016-06-13 04:19 ./patches/source/samba/doinst.sh.gz -rw-r--r-- 1 root root 940 2016-06-04 17:50 ./patches/source/samba/rc.samba --rw-r--r-- 1 root root 833 2022-10-24 10:41 ./patches/source/samba/samba-4.15.11.tar.asc --rw-r--r-- 1 root root 11906111 2022-10-24 10:41 ./patches/source/samba/samba-4.15.11.tar.lz +-rw-r--r-- 1 root root 833 2022-11-15 07:22 ./patches/source/samba/samba-4.15.12.tar.asc +-rw-r--r-- 1 root root 11910047 2022-11-15 07:22 ./patches/source/samba/samba-4.15.12.tar.lz -rwxr-xr-x 1 root root 7654 2022-05-02 18:04 ./patches/source/samba/samba.SlackBuild -rw-r--r-- 1 root root 227 2019-02-06 20:36 ./patches/source/samba/samba.libsmbclient.h.ffmpeg.compat.diff.gz -rw-r--r-- 1 root root 131 2022-10-25 16:46 ./patches/source/samba/samba.url @@ -1440,9 +1462,9 @@ drwxr-xr-x 2 root root 4096 2022-10-20 18:15 ./patches/source/whois -rw-r--r-- 1 root root 87372 2022-10-16 20:16 ./patches/source/whois/whois-5.5.14.tar.xz -rwxr-xr-x 1 root root 2917 2022-03-28 19:06 ./patches/source/whois/whois.SlackBuild -rw-r--r-- 1 root root 33 2019-07-24 18:55 ./patches/source/whois/whois.url -drwxr-xr-x 2 root root 4096 2022-11-09 20:26 ./patches/source/xfce4-settings +drwxr-xr-x 2 root root 4096 2022-11-16 19:13 ./patches/source/xfce4-settings -rw-r--r-- 1 root root 839 2018-02-27 06:13 ./patches/source/xfce4-settings/slack-desc --rw-r--r-- 1 root root 1211411 2022-11-07 20:28 ./patches/source/xfce4-settings/xfce4-settings-4.16.4.tar.lz +-rw-r--r-- 1 root root 1211837 2022-11-12 22:27 ./patches/source/xfce4-settings/xfce4-settings-4.16.5.tar.lz -rwxr-xr-x 1 root root 4923 2022-11-09 20:30 ./patches/source/xfce4-settings/xfce4-settings.SlackBuild -rw-r--r-- 1 root root 363 2019-07-30 02:26 ./patches/source/xfce4-settings/xfce4-settings.theme.diff.gz -rw-r--r-- 1 root root 83 2022-11-09 20:26 ./patches/source/xfce4-settings/xfce4-settings.url @@ -2711,24 +2733,24 @@ drwxr-xr-x 2 root root 69632 2022-02-01 08:29 ./slackware64/kde -rw-r--r-- 1 root root 901920 2022-01-06 22:55 ./slackware64/kde/kdeconnect-kde-21.12.1-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-01-06 22:55 ./slackware64/kde/kdeconnect-kde-21.12.1-x86_64-1.txz.asc -rw-r--r-- 1 root root 354 2022-01-04 21:33 ./slackware64/kde/kdecoration-5.23.5-x86_64-1.txt --rw-r--r-- 1 root root 73020 2022-01-04 21:33 ./slackware64/kde/kdecoration-5.23.5-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-01-04 21:33 ./slackware64/kde/kdecoration-5.23.5-x86_64-1.txz.asc --rw-r--r-- 1 root root 366 2022-01-08 22:38 ./slackware64/kde/kded-5.90.0-x86_64-1.txt --rw-r--r-- 1 root root 63452 2022-01-08 22:38 ./slackware64/kde/kded-5.90.0-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-01-08 22:38 ./slackware64/kde/kded-5.90.0-x86_64-1.txz.asc --rw-r--r-- 1 root root 266 2022-01-06 22:36 ./slackware64/kde/kdeedu-data-21.12.1-x86_64-1.txt --rw-r--r-- 1 root root 323268 2022-01-06 22:36 ./slackware64/kde/kdeedu-data-21.12.1-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-01-06 22:36 ./slackware64/kde/kdeedu-data-21.12.1-x86_64-1.txz.asc --rw-r--r-- 1 root root 350 2022-01-06 22:11 ./slackware64/kde/kdegraphics-mobipocket-21.12.1-x86_64-1.txt --rw-r--r-- 1 root root 28744 2022-01-06 22:11 ./slackware64/kde/kdegraphics-mobipocket-21.12.1-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-01-06 22:11 ./slackware64/kde/kdegraphics-mobipocket-21.12.1-x86_64-1.txz.asc --rw-r--r-- 1 root root 420 2022-01-06 22:12 ./slackware64/kde/kdegraphics-thumbnailers-21.12.1-x86_64-1.txt --rw-r--r-- 1 root root 45172 2022-01-06 22:12 ./slackware64/kde/kdegraphics-thumbnailers-21.12.1-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-01-06 22:12 ./slackware64/kde/kdegraphics-thumbnailers-21.12.1-x86_64-1.txz.asc --rw-r--r-- 1 root root 497 2022-01-08 22:46 ./slackware64/kde/kdelibs4support-5.90.0-x86_64-1.txt --rw-r--r-- 1 root root 3279528 2022-01-08 22:46 ./slackware64/kde/kdelibs4support-5.90.0-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-01-08 22:46 ./slackware64/kde/kdelibs4support-5.90.0-x86_64-1.txz.asc --rw-r--r-- 1 root root 410 2022-01-06 22:19 ./slackware64/kde/kdenetwork-filesharing-21.12.1-x86_64-1.txt +-rw-r--r-- 1 root root 73020 2022-01-04 21:33 ./slackware64/kde/kdecoration-5.23.5-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-01-04 21:33 ./slackware64/kde/kdecoration-5.23.5-x86_64-1.txz.asc +-rw-r--r-- 1 root root 366 2022-01-08 22:38 ./slackware64/kde/kded-5.90.0-x86_64-1.txt +-rw-r--r-- 1 root root 63452 2022-01-08 22:38 ./slackware64/kde/kded-5.90.0-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-01-08 22:38 ./slackware64/kde/kded-5.90.0-x86_64-1.txz.asc +-rw-r--r-- 1 root root 266 2022-01-06 22:36 ./slackware64/kde/kdeedu-data-21.12.1-x86_64-1.txt +-rw-r--r-- 1 root root 323268 2022-01-06 22:36 ./slackware64/kde/kdeedu-data-21.12.1-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-01-06 22:36 ./slackware64/kde/kdeedu-data-21.12.1-x86_64-1.txz.asc +-rw-r--r-- 1 root root 350 2022-01-06 22:11 ./slackware64/kde/kdegraphics-mobipocket-21.12.1-x86_64-1.txt +-rw-r--r-- 1 root root 28744 2022-01-06 22:11 ./slackware64/kde/kdegraphics-mobipocket-21.12.1-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-01-06 22:11 ./slackware64/kde/kdegraphics-mobipocket-21.12.1-x86_64-1.txz.asc +-rw-r--r-- 1 root root 420 2022-01-06 22:12 ./slackware64/kde/kdegraphics-thumbnailers-21.12.1-x86_64-1.txt +-rw-r--r-- 1 root root 45172 2022-01-06 22:12 ./slackware64/kde/kdegraphics-thumbnailers-21.12.1-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-01-06 22:12 ./slackware64/kde/kdegraphics-thumbnailers-21.12.1-x86_64-1.txz.asc +-rw-r--r-- 1 root root 497 2022-01-08 22:46 ./slackware64/kde/kdelibs4support-5.90.0-x86_64-1.txt +-rw-r--r-- 1 root root 3279528 2022-01-08 22:46 ./slackware64/kde/kdelibs4support-5.90.0-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-01-08 22:46 ./slackware64/kde/kdelibs4support-5.90.0-x86_64-1.txz.asc +-rw-r--r-- 1 root root 410 2022-01-06 22:19 ./slackware64/kde/kdenetwork-filesharing-21.12.1-x86_64-1.txt -rw-r--r-- 1 root root 103344 2022-01-06 22:19 ./slackware64/kde/kdenetwork-filesharing-21.12.1-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-01-06 22:19 ./slackware64/kde/kdenetwork-filesharing-21.12.1-x86_64-1.txz.asc -rw-r--r-- 1 root root 246 2022-01-06 22:53 ./slackware64/kde/kdenlive-21.12.1-x86_64-1.txt @@ -5448,27 +5470,27 @@ drwxr-xr-x 2 root root 65536 2022-02-01 04:47 ./slackware64/x -rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXcursor-1.2.0-x86_64-3.txz.asc -rw-r--r-- 1 root root 366 2021-02-13 13:07 ./slackware64/x/libXdamage-1.1.5-x86_64-3.txt -rw-r--r-- 1 root root 17752 2021-02-13 13:07 ./slackware64/x/libXdamage-1.1.5-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXdamage-1.1.5-x86_64-3.txz.asc --rw-r--r-- 1 root root 341 2021-02-13 13:07 ./slackware64/x/libXdmcp-1.1.3-x86_64-3.txt --rw-r--r-- 1 root root 54100 2021-02-13 13:07 ./slackware64/x/libXdmcp-1.1.3-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXdmcp-1.1.3-x86_64-3.txz.asc --rw-r--r-- 1 root root 345 2021-02-13 13:07 ./slackware64/x/libXevie-1.0.3-x86_64-5.txt --rw-r--r-- 1 root root 15388 2021-02-13 13:07 ./slackware64/x/libXevie-1.0.3-x86_64-5.txz --rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXevie-1.0.3-x86_64-5.txz.asc --rw-r--r-- 1 root root 335 2021-02-13 13:07 ./slackware64/x/libXext-1.3.4-x86_64-3.txt --rw-r--r-- 1 root root 138136 2021-02-13 13:07 ./slackware64/x/libXext-1.3.4-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXext-1.3.4-x86_64-3.txz.asc --rw-r--r-- 1 root root 351 2021-05-12 18:39 ./slackware64/x/libXfixes-6.0.0-x86_64-1.txt --rw-r--r-- 1 root root 26124 2021-05-12 18:39 ./slackware64/x/libXfixes-6.0.0-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-05-12 18:39 ./slackware64/x/libXfixes-6.0.0-x86_64-1.txz.asc --rw-r--r-- 1 root root 571 2021-08-02 18:01 ./slackware64/x/libXfont2-2.0.5-x86_64-1.txt --rw-r--r-- 1 root root 126844 2021-08-02 18:01 ./slackware64/x/libXfont2-2.0.5-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-08-02 18:01 ./slackware64/x/libXfont2-2.0.5-x86_64-1.txz.asc --rw-r--r-- 1 root root 410 2021-02-13 13:07 ./slackware64/x/libXfontcache-1.0.5-x86_64-5.txt --rw-r--r-- 1 root root 14632 2021-02-13 13:07 ./slackware64/x/libXfontcache-1.0.5-x86_64-5.txz --rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXfontcache-1.0.5-x86_64-5.txz.asc --rw-r--r-- 1 root root 291 2021-08-02 18:01 ./slackware64/x/libXft-2.3.4-x86_64-1.txt --rw-r--r-- 1 root root 62872 2021-08-02 18:01 ./slackware64/x/libXft-2.3.4-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXdamage-1.1.5-x86_64-3.txz.asc +-rw-r--r-- 1 root root 341 2021-02-13 13:07 ./slackware64/x/libXdmcp-1.1.3-x86_64-3.txt +-rw-r--r-- 1 root root 54100 2021-02-13 13:07 ./slackware64/x/libXdmcp-1.1.3-x86_64-3.txz +-rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXdmcp-1.1.3-x86_64-3.txz.asc +-rw-r--r-- 1 root root 345 2021-02-13 13:07 ./slackware64/x/libXevie-1.0.3-x86_64-5.txt +-rw-r--r-- 1 root root 15388 2021-02-13 13:07 ./slackware64/x/libXevie-1.0.3-x86_64-5.txz +-rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXevie-1.0.3-x86_64-5.txz.asc +-rw-r--r-- 1 root root 335 2021-02-13 13:07 ./slackware64/x/libXext-1.3.4-x86_64-3.txt +-rw-r--r-- 1 root root 138136 2021-02-13 13:07 ./slackware64/x/libXext-1.3.4-x86_64-3.txz +-rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXext-1.3.4-x86_64-3.txz.asc +-rw-r--r-- 1 root root 351 2021-05-12 18:39 ./slackware64/x/libXfixes-6.0.0-x86_64-1.txt +-rw-r--r-- 1 root root 26124 2021-05-12 18:39 ./slackware64/x/libXfixes-6.0.0-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-05-12 18:39 ./slackware64/x/libXfixes-6.0.0-x86_64-1.txz.asc +-rw-r--r-- 1 root root 571 2021-08-02 18:01 ./slackware64/x/libXfont2-2.0.5-x86_64-1.txt +-rw-r--r-- 1 root root 126844 2021-08-02 18:01 ./slackware64/x/libXfont2-2.0.5-x86_64-1.txz +-rw-r--r-- 1 root root 163 2021-08-02 18:01 ./slackware64/x/libXfont2-2.0.5-x86_64-1.txz.asc +-rw-r--r-- 1 root root 410 2021-02-13 13:07 ./slackware64/x/libXfontcache-1.0.5-x86_64-5.txt +-rw-r--r-- 1 root root 14632 2021-02-13 13:07 ./slackware64/x/libXfontcache-1.0.5-x86_64-5.txz +-rw-r--r-- 1 root root 163 2021-02-13 13:07 ./slackware64/x/libXfontcache-1.0.5-x86_64-5.txz.asc +-rw-r--r-- 1 root root 291 2021-08-02 18:01 ./slackware64/x/libXft-2.3.4-x86_64-1.txt +-rw-r--r-- 1 root root 62872 2021-08-02 18:01 ./slackware64/x/libXft-2.3.4-x86_64-1.txz -rw-r--r-- 1 root root 163 2021-08-02 18:01 ./slackware64/x/libXft-2.3.4-x86_64-1.txz.asc -rw-r--r-- 1 root root 293 2021-09-20 18:29 ./slackware64/x/libXi-1.8-x86_64-1.txt -rw-r--r-- 1 root root 192340 2021-09-20 18:29 ./slackware64/x/libXi-1.8-x86_64-1.txz @@ -15080,26 +15102,26 @@ drwxr-xr-x 2 root root 4096 2021-12-08 20:10 ./source/x/x11/src/app -rw-r--r-- 1 root root 171200 2019-08-12 17:51 ./source/x/x11/src/app/xrandr-1.5.1.tar.xz -rw-r--r-- 1 root root 133704 2021-08-09 17:34 ./source/x/x11/src/app/xrdb-1.2.1.tar.xz -rw-r--r-- 1 root root 118456 2018-03-10 04:14 ./source/x/x11/src/app/xrefresh-1.0.6.tar.xz --rw-r--r-- 1 root root 196436 2021-12-07 00:53 ./source/x/x11/src/app/xscope-1.4.2.tar.xz --rw-r--r-- 1 root root 134820 2018-03-10 04:18 ./source/x/x11/src/app/xset-1.2.4.tar.xz --rw-r--r-- 1 root root 119100 2018-03-10 04:22 ./source/x/x11/src/app/xsetroot-1.1.2.tar.xz --rw-r--r-- 1 root root 155304 2018-03-10 04:25 ./source/x/x11/src/app/xsm-1.0.4.tar.xz --rw-r--r-- 1 root root 117048 2019-02-20 00:08 ./source/x/x11/src/app/xstdcmap-1.0.4.tar.xz --rw-r--r-- 1 root root 118284 2013-01-14 21:52 ./source/x/x11/src/app/xvidtune-1.0.3.tar.xz --rw-r--r-- 1 root root 116808 2019-02-20 00:19 ./source/x/x11/src/app/xvinfo-1.1.4.tar.xz --rw-r--r-- 1 root root 140016 2021-08-02 00:16 ./source/x/x11/src/app/xwd-1.0.8.tar.xz --rw-r--r-- 1 root root 155740 2019-07-14 20:55 ./source/x/x11/src/app/xwininfo-1.1.5.tar.xz --rw-r--r-- 1 root root 122764 2018-03-10 04:45 ./source/x/x11/src/app/xwud-1.0.5.tar.xz -drwxr-xr-x 2 root root 4096 2021-10-06 18:12 ./source/x/x11/src/data --rw-r--r-- 1 root root 122548 2018-03-10 06:55 ./source/x/x11/src/data/xbitmaps-1.1.2.tar.xz --rw-r--r-- 1 root root 1500920 2019-02-15 03:01 ./source/x/x11/src/data/xcursor-themes-1.0.6.tar.xz --rw-r--r-- 1 root root 1156616 2021-10-04 10:31 ./source/x/x11/src/data/xkeyboard-config-2.34.tar.xz -drwxr-xr-x 2 root root 4096 2015-05-04 05:55 ./source/x/x11/src/doc --rw-r--r-- 1 root root 333452 2015-05-01 06:18 ./source/x/x11/src/doc/xorg-docs-1.7.1.tar.xz --rw-r--r-- 1 root root 110976 2012-06-06 02:42 ./source/x/x11/src/doc/xorg-sgml-doctools-1.11.tar.xz -drwxr-xr-x 2 root root 4096 2022-01-25 05:57 ./source/x/x11/src/driver --rw-r--r-- 1 root root 236544 2011-05-04 23:02 ./source/x/x11/src/driver/xf86-input-acecad-1.5.0.tar.xz --rw-r--r-- 1 root root 345048 2018-05-29 02:33 ./source/x/x11/src/driver/xf86-input-evdev-2.10.6.tar.xz +-rw-r--r-- 1 root root 196436 2021-12-07 00:53 ./source/x/x11/src/app/xscope-1.4.2.tar.xz +-rw-r--r-- 1 root root 134820 2018-03-10 04:18 ./source/x/x11/src/app/xset-1.2.4.tar.xz +-rw-r--r-- 1 root root 119100 2018-03-10 04:22 ./source/x/x11/src/app/xsetroot-1.1.2.tar.xz +-rw-r--r-- 1 root root 155304 2018-03-10 04:25 ./source/x/x11/src/app/xsm-1.0.4.tar.xz +-rw-r--r-- 1 root root 117048 2019-02-20 00:08 ./source/x/x11/src/app/xstdcmap-1.0.4.tar.xz +-rw-r--r-- 1 root root 118284 2013-01-14 21:52 ./source/x/x11/src/app/xvidtune-1.0.3.tar.xz +-rw-r--r-- 1 root root 116808 2019-02-20 00:19 ./source/x/x11/src/app/xvinfo-1.1.4.tar.xz +-rw-r--r-- 1 root root 140016 2021-08-02 00:16 ./source/x/x11/src/app/xwd-1.0.8.tar.xz +-rw-r--r-- 1 root root 155740 2019-07-14 20:55 ./source/x/x11/src/app/xwininfo-1.1.5.tar.xz +-rw-r--r-- 1 root root 122764 2018-03-10 04:45 ./source/x/x11/src/app/xwud-1.0.5.tar.xz +drwxr-xr-x 2 root root 4096 2021-10-06 18:12 ./source/x/x11/src/data +-rw-r--r-- 1 root root 122548 2018-03-10 06:55 ./source/x/x11/src/data/xbitmaps-1.1.2.tar.xz +-rw-r--r-- 1 root root 1500920 2019-02-15 03:01 ./source/x/x11/src/data/xcursor-themes-1.0.6.tar.xz +-rw-r--r-- 1 root root 1156616 2021-10-04 10:31 ./source/x/x11/src/data/xkeyboard-config-2.34.tar.xz +drwxr-xr-x 2 root root 4096 2015-05-04 05:55 ./source/x/x11/src/doc +-rw-r--r-- 1 root root 333452 2015-05-01 06:18 ./source/x/x11/src/doc/xorg-docs-1.7.1.tar.xz +-rw-r--r-- 1 root root 110976 2012-06-06 02:42 ./source/x/x11/src/doc/xorg-sgml-doctools-1.11.tar.xz +drwxr-xr-x 2 root root 4096 2022-01-25 05:57 ./source/x/x11/src/driver +-rw-r--r-- 1 root root 236544 2011-05-04 23:02 ./source/x/x11/src/driver/xf86-input-acecad-1.5.0.tar.xz +-rw-r--r-- 1 root root 345048 2018-05-29 02:33 ./source/x/x11/src/driver/xf86-input-evdev-2.10.6.tar.xz -rw-r--r-- 1 root root 291860 2016-11-17 23:02 ./source/x/x11/src/driver/xf86-input-joystick-1.6.3.tar.xz -rw-r--r-- 1 root root 290104 2016-11-17 04:29 ./source/x/x11/src/driver/xf86-input-keyboard-1.9.0.tar.xz -rw-r--r-- 1 root root 312324 2022-01-24 05:05 ./source/x/x11/src/driver/xf86-input-libinput-1.2.1.tar.xz diff --git a/patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txt b/patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txt new file mode 100644 index 000000000..cd70c71bb --- /dev/null +++ b/patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txt @@ -0,0 +1,11 @@ +krb5: krb5 (Network authentication protocol) +krb5: +krb5: Kerberos is a network authentication protocol. It is designed to +krb5: provide strong authentication for client/server applications by using +krb5: secret-key cryptography. +krb5: +krb5: Homepage: http://web.mit.edu/kerberos/ +krb5: +krb5: +krb5: +krb5: diff --git a/patches/packages/mozilla-firefox-102.4.0esr-x86_64-1_slack15.0.txt b/patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txt index 9d8594319..9d8594319 100644 --- a/patches/packages/mozilla-firefox-102.4.0esr-x86_64-1_slack15.0.txt +++ b/patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txt diff --git a/patches/packages/mozilla-thunderbird-102.4.2-x86_64-1_slack15.0.txt b/patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txt index 5acb7b92e..5acb7b92e 100644 --- a/patches/packages/mozilla-thunderbird-102.4.2-x86_64-1_slack15.0.txt +++ b/patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txt diff --git a/patches/packages/samba-4.15.11-x86_64-1_slack15.0.txt b/patches/packages/samba-4.15.12-x86_64-1_slack15.0.txt index e1800f156..e1800f156 100644 --- a/patches/packages/samba-4.15.11-x86_64-1_slack15.0.txt +++ b/patches/packages/samba-4.15.12-x86_64-1_slack15.0.txt diff --git a/patches/packages/xfce4-settings-4.16.4-x86_64-1_slack15.0.txt b/patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txt index 84b8cb8eb..84b8cb8eb 100644 --- a/patches/packages/xfce4-settings-4.16.4-x86_64-1_slack15.0.txt +++ b/patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txt diff --git a/patches/source/krb5/5ad465bc8e0d957a4945218bea487b77622bf433.patch b/patches/source/krb5/5ad465bc8e0d957a4945218bea487b77622bf433.patch new file mode 100644 index 000000000..9819447e8 --- /dev/null +++ b/patches/source/krb5/5ad465bc8e0d957a4945218bea487b77622bf433.patch @@ -0,0 +1,48 @@ +From 5ad465bc8e0d957a4945218bea487b77622bf433 Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Fri, 3 Jun 2022 14:30:42 -0400 +Subject: [PATCH] Fix memory leak in OTP kdcpreauth module + +In otp_edata(), free the generated nonce. + +ticket: 9063 (new) +tags: pullup +target_version: 1.20-next +target_version: 1.19-next +--- + src/plugins/preauth/otp/main.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c +index 119714f994..0e682aae58 100644 +--- a/src/plugins/preauth/otp/main.c ++++ b/src/plugins/preauth/otp/main.c +@@ -228,7 +228,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request, + krb5_pa_otp_challenge chl; + krb5_pa_data *pa = NULL; + krb5_error_code retval; +- krb5_data *encoding; ++ krb5_data *encoding, nonce = empty_data(); + char *config; + + /* Determine if otp is enabled for the user. */ +@@ -256,9 +256,10 @@ otp_edata(krb5_context context, krb5_kdc_req *request, + ti.iteration_count = -1; + + /* Generate the nonce. */ +- retval = nonce_generate(context, armor_key->length, &chl.nonce); ++ retval = nonce_generate(context, armor_key->length, &nonce); + if (retval != 0) + goto out; ++ chl.nonce = nonce; + + /* Build the output pa-data. */ + retval = encode_krb5_pa_otp_challenge(&chl, &encoding); +@@ -275,6 +276,7 @@ otp_edata(krb5_context context, krb5_kdc_req *request, + free(encoding); + + out: ++ krb5_free_data_contents(context, &nonce); + (*respond)(arg, retval, pa); + } + diff --git a/patches/source/krb5/conf/kadmind b/patches/source/krb5/conf/kadmind new file mode 100644 index 000000000..5913ac120 --- /dev/null +++ b/patches/source/krb5/conf/kadmind @@ -0,0 +1,2 @@ +# To set additional options for kadmind, add them in the variable below: +KADMIND_OPTIONS="" diff --git a/patches/source/krb5/conf/kdc.conf.example b/patches/source/krb5/conf/kdc.conf.example new file mode 100644 index 000000000..1c7cc3a94 --- /dev/null +++ b/patches/source/krb5/conf/kdc.conf.example @@ -0,0 +1,35 @@ +[kdcdefaults] + kdc_listen = 88 + kdc_tcp_listen = 88 + +[realms] + ATHENA.MIT.EDU = { + kadmind_port = 749 + max_life = 12h 0m 0s + max_renewable_life = 7d 0h 0m 0s + master_key_type = aes256-cts-hmac-sha1-96 + supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal + database_module = openldap_ldapconf + } + +[logging] + kdc = FILE:/var/kerberos/krb5kdc/kdc.log + admin_server = FILE:/var/kerberos/krb5kdc/kadmin.log + +[dbdefaults] + ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu + +[dbmodules] + openldap_ldapconf = { + db_library = kldap + disable_last_success = true + ldap_kdc_dn = "cn=krbadmin,dc=mit,dc=edu" + # this object needs to have read rights on + # the realm container and principal subtrees + ldap_kadmind_dn = "cn=krbadmin,dc=mit,dc=edu" + # this object needs to have read and write rights on + # the realm container and principal subtrees + ldap_service_password_file = /etc/kerberos/service.keyfile + ldap_servers = ldaps://kerberos.mit.edu + ldap_conns_per_server = 5 + } diff --git a/patches/source/krb5/conf/kpropd b/patches/source/krb5/conf/kpropd new file mode 100644 index 000000000..cc65d10b4 --- /dev/null +++ b/patches/source/krb5/conf/kpropd @@ -0,0 +1,2 @@ +# To set additional options for kpropd, add them in the variable below: +KPROPD_OPTIONS="" diff --git a/patches/source/krb5/conf/krb5.conf.example b/patches/source/krb5/conf/krb5.conf.example new file mode 100644 index 000000000..705e7cf30 --- /dev/null +++ b/patches/source/krb5/conf/krb5.conf.example @@ -0,0 +1,29 @@ +[libdefaults] + default_realm = ATHENA.MIT.EDU + dns_lookup_kdc = true + dns_lookup_realm = false + +[realms] + ATHENA.MIT.EDU = { + kdc = kerberos.mit.edu + kdc = kerberos-1.mit.edu + kdc = kerberos-2.mit.edu + admin_server = kerberos.mit.edu + master_kdc = kerberos.mit.edu + } + EXAMPLE.COM = { + kdc = kerberos.example.com + kdc = kerberos-1.example.com + admin_server = kerberos.example.com + } + +[domain_realm] + mit.edu = ATHENA.MIT.EDU + +[capaths] + ATHENA.MIT.EDU = { + EXAMPLE.COM = . + } + EXAMPLE.COM = { + ATHENA.MIT.EDU = . + } diff --git a/patches/source/krb5/conf/krb5kdc b/patches/source/krb5/conf/krb5kdc new file mode 100644 index 000000000..6679d1b80 --- /dev/null +++ b/patches/source/krb5/conf/krb5kdc @@ -0,0 +1,2 @@ +# To set additional options for krb5kdc, add them in the variable below: +KRB5KDC_OPTIONS="" diff --git a/patches/source/krb5/conf/rc.kadmind b/patches/source/krb5/conf/rc.kadmind new file mode 100644 index 000000000..2f838a7c4 --- /dev/null +++ b/patches/source/krb5/conf/rc.kadmind @@ -0,0 +1,40 @@ +#!/bin/sh +# Start the Kerberos administration server. This typically runs on the +# master Kerberos server, which stores the KDC database. + +# To change the default options, edit /etc/default/kadmind. +if [ -r /etc/default/kadmind ]; then + . /etc/default/kadmind +fi + +start_atd() { + if ! /usr/bin/pgrep --ns $$ --euid root -f "^/usr/sbin/kadmind" 1> /dev/null 2> /dev/null ; then + echo "Starting kadmind: /usr/sbin/kadmind $KADMIND_OPTIONS" + /usr/sbin/kadmind $KADMIND_OPTIONS + fi +} + +stop_atd() { + echo "Stopping kadmind." + /usr/bin/pkill --ns $$ --euid root -f "^/usr/sbin/kadmind" 2> /dev/null +} + +restart_atd() { + stop_atd + sleep 1 + start_atd +} + +case "$1" in +'start') + start_atd + ;; +'stop') + stop_atd + ;; +'restart') + restart_atd + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/patches/source/krb5/conf/rc.kpropd b/patches/source/krb5/conf/rc.kpropd new file mode 100644 index 000000000..8dde85d87 --- /dev/null +++ b/patches/source/krb5/conf/rc.kpropd @@ -0,0 +1,41 @@ +#!/bin/sh +# Start the Kerberos V5 slave KDC update server. This runs on a slave +# (secondary) KDC server. It allows the master Kerberos server to use +# kprop(8) to propagate its database to the slave servers. + +# To change the default options, edit /etc/default/kpropd. +if [ -r /etc/default/kpropd ]; then + . /etc/default/kpropd +fi + +start_atd() { + if ! /usr/bin/pgrep --ns $$ --euid root -f "^/usr/sbin/kpropd" 1> /dev/null 2> /dev/null ; then + echo "Starting kpropd: /usr/sbin/kpropd $KPROPD_OPTIONS" + /usr/sbin/kpropd $KPROPD_OPTIONS + fi +} + +stop_atd() { + echo "Stopping kpropd." + /usr/bin/pkill --ns $$ --euid root -f "^/usr/sbin/kpropd" 2> /dev/null +} + +restart_atd() { + stop_atd + sleep 1 + start_atd +} + +case "$1" in +'start') + start_atd + ;; +'stop') + stop_atd + ;; +'restart') + restart_atd + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/patches/source/krb5/conf/rc.krb5kdc b/patches/source/krb5/conf/rc.krb5kdc new file mode 100644 index 000000000..5e9baef1a --- /dev/null +++ b/patches/source/krb5/conf/rc.krb5kdc @@ -0,0 +1,41 @@ +#!/bin/sh +# Start krb5kdc, which is the Kerberos version 5 Authentication Service +# and Key Distribution Center (AS/KDC). This needs to run first on both +# master and secondary KDCs. + +# To change the default options, edit /etc/default/krb5kdc. +if [ -r /etc/default/krb5kdc ]; then + . /etc/default/krb5kdc +fi + +start_atd() { + if ! /usr/bin/pgrep --ns $$ --euid root -f "^/usr/sbin/krb5kdc" 1> /dev/null 2> /dev/null ; then + echo "Starting krb5kdc: /usr/sbin/krb5kdc $KRB5KDC_OPTIONS" + /usr/sbin/krb5kdc $KRB5KDC_OPTIONS + fi +} + +stop_atd() { + echo "Stopping krb5kdc." + /usr/bin/pkill --ns $$ --euid root -f "^/usr/sbin/krb5kdc" 2> /dev/null +} + +restart_atd() { + stop_atd + sleep 1 + start_atd +} + +case "$1" in +'start') + start_atd + ;; +'stop') + stop_atd + ;; +'restart') + restart_atd + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/patches/source/krb5/d775c95af7606a51bf79547a94fa52ddd1cb7f49.patch b/patches/source/krb5/d775c95af7606a51bf79547a94fa52ddd1cb7f49.patch new file mode 100644 index 000000000..7623d8292 --- /dev/null +++ b/patches/source/krb5/d775c95af7606a51bf79547a94fa52ddd1cb7f49.patch @@ -0,0 +1,43 @@ +From d775c95af7606a51bf79547a94fa52ddd1cb7f49 Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Tue, 3 Aug 2021 01:15:27 -0400 +Subject: [PATCH] Fix KDC null deref on TGS inner body null server + +After the KDC decodes a FAST inner body, it does not check for a null +server. Prior to commit 39548a5b17bbda9eeb63625a201cfd19b9de1c5b this +would typically result in an error from krb5_unparse_name(), but with +the addition of get_local_tgt() it results in a null dereference. Add +a null check. + +Reported by Joseph Sutton of Catalyst. + +CVE-2021-37750: + +In MIT krb5 releases 1.14 and later, an authenticated attacker can +cause a null dereference in the KDC by sending a FAST TGS request with +no server field. + +ticket: 9008 (new) +tags: pullup +target_version: 1.19-next +target_version: 1.18-next +--- + src/kdc/do_tgs_req.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c +index 582e497cc9..32dc65fa8e 100644 +--- a/src/kdc/do_tgs_req.c ++++ b/src/kdc/do_tgs_req.c +@@ -204,6 +204,11 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, + status = "FIND_FAST"; + goto cleanup; + } ++ if (sprinc == NULL) { ++ status = "NULL_SERVER"; ++ errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; ++ goto cleanup; ++ } + + errcode = get_local_tgt(kdc_context, &sprinc->realm, header_server, + &local_tgt, &local_tgt_storage, &local_tgt_key); diff --git a/patches/source/krb5/doinst.sh b/patches/source/krb5/doinst.sh new file mode 100644 index 000000000..8c0fa65e2 --- /dev/null +++ b/patches/source/krb5/doinst.sh @@ -0,0 +1,30 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.kadmind.new +preserve_perms etc/rc.d/rc.kpropd.new +preserve_perms etc/rc.d/rc.krb5kdc.new +config etc/default/kadmind.new +config etc/default/kpropd.new +config etc/default/krb5kdc.new diff --git a/patches/source/krb5/e134d9a6b6332bd085093e9075c949ece784fcd0.patch b/patches/source/krb5/e134d9a6b6332bd085093e9075c949ece784fcd0.patch new file mode 100644 index 000000000..6bf0b90a2 --- /dev/null +++ b/patches/source/krb5/e134d9a6b6332bd085093e9075c949ece784fcd0.patch @@ -0,0 +1,65 @@ +From e134d9a6b6332bd085093e9075c949ece784fcd0 Mon Sep 17 00:00:00 2001 +From: sashan <anedvedicky@gmail.com> +Date: Sat, 18 Jun 2022 00:05:32 +0200 +Subject: [PATCH] Fix PKCS11 module path search + +Commit c5c11839e02c7993eb78f2c94c75c10cf93f2195 switched the loading +of the PKCS#11 module from dlopen() to krb5int_open_plugin(). Because +krb5int_open_plugin() includes a stat() test, this change has the +unintended consequence of requiring the module name to be an absolute +or relative path to the library, not a filename within the dynamic +linker search path. + +Within krb5int_open_plugin(), only stat() the filename on the +platforms which will use the file type. + +[ghudson@mit.edu: adjusted conditionals to call stat() on Windows; +rewrote commit message] + +ticket: 9067 (new) +tags: pullup +target_version: 1.20-next +--- + src/util/support/plugins.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/util/support/plugins.c b/src/util/support/plugins.c +index 1ff10c354d0..c6a9a21d57c 100644 +--- a/src/util/support/plugins.c ++++ b/src/util/support/plugins.c +@@ -189,9 +189,10 @@ long KRB5_CALLCONV + krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct errinfo *ep) + { + long err = 0; +- struct stat statbuf; + struct plugin_file_handle *htmp = NULL; + int got_plugin = 0; ++#if defined(USE_CFBUNDLE) || defined(_WIN32) ++ struct stat statbuf; + + if (!err) { + if (stat (filepath, &statbuf) < 0) { +@@ -201,6 +202,7 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct + filepath, strerror(err)); + } + } ++#endif + + if (!err) { + htmp = calloc (1, sizeof (*htmp)); /* calloc initializes ptrs to NULL */ +@@ -208,11 +210,12 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct + } + + #if USE_DLOPEN +- if (!err && ((statbuf.st_mode & S_IFMT) == S_IFREG ++ if (!err + #if USE_CFBUNDLE +- || (statbuf.st_mode & S_IFMT) == S_IFDIR ++ && ((statbuf.st_mode & S_IFMT) == S_IFREG ++ || (statbuf.st_mode & S_IFMT) == S_IFDIR) + #endif /* USE_CFBUNDLE */ +- )) { ++ ) { + void *handle = NULL; + + #if USE_CFBUNDLE diff --git a/patches/source/krb5/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583.patch b/patches/source/krb5/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583.patch new file mode 100644 index 000000000..74c635f34 --- /dev/null +++ b/patches/source/krb5/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583.patch @@ -0,0 +1,103 @@ +From ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583 Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Mon, 17 Oct 2022 20:25:11 -0400 +Subject: [PATCH] Fix integer overflows in PAC parsing + +In krb5_parse_pac(), check for buffer counts large enough to threaten +integer overflow in the header length and memory length calculations. +Avoid potential integer overflows when checking the length of each +buffer. Credit to OSS-Fuzz for discovering one of the issues. + +CVE-2022-42898: + +In MIT krb5 releases 1.8 and later, an authenticated attacker may be +able to cause a KDC or kadmind process to crash by reading beyond the +bounds of allocated memory, creating a denial of service. A +privileged attacker may similarly be able to cause a Kerberos or GSS +application service to crash. On 32-bit platforms, an attacker can +also cause insufficient memory to be allocated for the result, +potentially leading to remote code execution in a KDC, kadmind, or GSS +or Kerberos application server process. An attacker with the +privileges of a cross-realm KDC may be able to extract secrets from a +KDC process's memory by having them copied into the PAC of a new +ticket. + +ticket: 9074 (new) +tags: pullup +target_version: 1.20-next +target_version: 1.19-next +--- + src/lib/krb5/krb/pac.c | 9 +++++++-- + src/lib/krb5/krb/t_pac.c | 18 ++++++++++++++++++ + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c +index 2f1df8d42b..f6c4373de0 100644 +--- a/src/lib/krb5/krb/pac.c ++++ b/src/lib/krb5/krb/pac.c +@@ -28,6 +28,8 @@ + #include "int-proto.h" + #include "authdata.h" + ++#define MAX_BUFFERS 4096 ++ + /* draft-brezak-win2k-krb-authz-00 */ + + /* +@@ -317,6 +319,9 @@ krb5_pac_parse(krb5_context context, + if (version != 0) + return EINVAL; + ++ if (cbuffers < 1 || cbuffers > MAX_BUFFERS) ++ return ERANGE; ++ + header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH); + if (len < header_len) + return ERANGE; +@@ -349,8 +354,8 @@ krb5_pac_parse(krb5_context context, + krb5_pac_free(context, pac); + return EINVAL; + } +- if (buffer->Offset < header_len || +- buffer->Offset + buffer->cbBufferSize > len) { ++ if (buffer->Offset < header_len || buffer->Offset > len || ++ buffer->cbBufferSize > len - buffer->Offset) { + krb5_pac_free(context, pac); + return ERANGE; + } +diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c +index 0b1b1f0564..173bde7bab 100644 +--- a/src/lib/krb5/krb/t_pac.c ++++ b/src/lib/krb5/krb/t_pac.c +@@ -431,6 +431,16 @@ static const unsigned char s4u_pac_ent_xrealm[] = { + 0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00 + }; + ++static const unsigned char fuzz1[] = { ++ 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, ++ 0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5 ++}; ++ ++static const unsigned char fuzz2[] = { ++ 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, ++ 0x20, 0x20 ++}; ++ + static const char *s4u_principal = "w2k8u@ACME.COM"; + static const char *s4u_enterprise = "w2k8u@abc@ACME.COM"; + +@@ -828,6 +838,14 @@ main(int argc, char **argv) + krb5_free_principal(context, sep); + } + ++ /* Check problematic PACs found by fuzzing. */ ++ ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ + /* + * Test empty free + */ diff --git a/patches/source/krb5/krb5.SlackBuild b/patches/source/krb5/krb5.SlackBuild new file mode 100755 index 000000000..49ea6646d --- /dev/null +++ b/patches/source/krb5/krb5.SlackBuild @@ -0,0 +1,199 @@ +#!/bin/sh + +# Copyright 2009 Tom Canich, State College, Pennsylvania, USA +# Copyright 2015-2017 Willy Sudiarto Raharjo <willysr@slackbuilds.org> +# Copyright 2017, 2018, 2019, 2020, 2022 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=krb5 +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-3_slack15.0} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +sed -i "/KRB5ROOT=/s/\/local//" src/util/ac_check_krb5.m4 + +cat $CWD/d775c95af7606a51bf79547a94fa52ddd1cb7f49.patch | patch -p1 --verbose || exit 1 +cat $CWD/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583.patch | patch -p1 --verbose || exit 1 +cat $CWD/e134d9a6b6332bd085093e9075c949ece784fcd0.patch | patch -p1 --verbose || exit 1 +cat $CWD/5ad465bc8e0d957a4945218bea487b77622bf433.patch | patch -p1 --verbose || exit 1 + +cd src + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +CPPFLAGS+=" -I/usr/include/et" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var/kerberos \ + --runstatedir=/var/run \ + --mandir=/usr/man \ + --enable-dns-for-realm \ + --with-ldap \ + --with-system-et \ + --with-system-ss \ + --enable-pkinit \ + --with-tls-impl=openssl \ + --with-system-verto=no \ + --with-prng-alg=os \ + --build=$ARCH-slackware-linux || exit 1 + +# Build: +make $NUMJOBS || make || exit 1 + +# Double check for proper runstatedir setting: +if ! grep -q /var/run/krb5kdc include/osconf.h ; then + echo "FATAL: runstatedir not set properly: $(grep KDC_RUN_DIR include/osconf.h)" + exit 1 +fi + +# Install: +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +# Fix perms on shared objects: +find $PKG/usr/lib${LIBDIRSUFFIX} -name "*.so*" -exec chmod 755 "{}" \+ + +# Install init scripts: +mkdir -p $PKG/etc/rc.d +cp -a $CWD/conf/rc.kadmind $PKG/etc/rc.d/rc.kadmind.new +cp -a $CWD/conf/rc.kpropd $PKG/etc/rc.d/rc.kpropd.new +cp -a $CWD/conf/rc.krb5kdc $PKG/etc/rc.d/rc.krb5kdc.new +chown root:root $PKG/etc/rc.d/* +chmod 644 $PKG/etc/rc.d/* + +# Install default options: +mkdir -p $PKG/etc/default +cp -a $CWD/conf/kadmind $PKG/etc/default/kadmind.new +cp -a $CWD/conf/kpropd $PKG/etc/default/kpropd.new +cp -a $CWD/conf/krb5kdc $PKG/etc/default/krb5kdc.new +chown root:root $PKG/etc/default/* +chmod 644 $PKG/etc/default/* + +# Install example config files: +mkdir -p $PKG/etc +cp -a $CWD/conf/krb5.conf.example $PKG/etc/krb5.conf.example +chown root:root $PKG/etc/krb5.conf.example +chmod 644 $PKG/etc/krb5.conf.example +mkdir -p /var/kerberos/krb5kdc +cp -a $CWD/conf/kdc.conf.example $PKG/var/kerberos/krb5kdc/kdc.conf.example +chown root:root $PKG/var/kerberos/krb5kdc/kdc.conf.example +chmod 644 $PKG/var/kerberos/krb5kdc/kdc.conf.example + +# Move examples to the documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-${VERSION}/examples +mv $PKG/usr/share/examples/krb5/* $PKG/usr/doc/${PKGNAM}-${VERSION}/examples +rmdir $PKG/usr/share/examples/krb5 $PKG/usr/share/examples 2> /dev/null + +# Move some libraries to $PKG/lib${LIBDIRSUFFIX}: +mkdir -p $PKG/lib${LIBDIRSUFFIX} +( cd $PKG/usr/lib${LIBDIRSUFFIX} + for lib in libgssapi_krb5 libkrb5 libk5crypto libkrb5support ; do + mv ${lib}.so.?.* ../../lib${LIBDIRSUFFIX} + ln -sf ../../lib${LIBDIRSUFFIX}/${lib}.so.?.* . + cp -a ${lib}.so.? ../../lib${LIBDIRSUFFIX} + done +) + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +rm -rf $PKG/usr/man/cat{1,5,8} + +# Compress and link manpages, if any: +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1 | grep -v '\.gz$') ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.? + ) + done + ) +fi + +# krb5 ships with a ton of docs, but for now we'll just include these: +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION + cp -a \ + ../NOTICE* ../README* \ + $PKG/usr/doc/$PKGNAM-$VERSION + +mkdir -p $PKG/install +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/patches/source/krb5/krb5.url b/patches/source/krb5/krb5.url new file mode 100644 index 000000000..8f5e8ff86 --- /dev/null +++ b/patches/source/krb5/krb5.url @@ -0,0 +1 @@ +http://web.mit.edu/kerberos/dist/krb5/ diff --git a/patches/source/krb5/slack-desc b/patches/source/krb5/slack-desc new file mode 100644 index 000000000..6a41cbc34 --- /dev/null +++ b/patches/source/krb5/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +krb5: krb5 (Network authentication protocol) +krb5: +krb5: Kerberos is a network authentication protocol. It is designed to +krb5: provide strong authentication for client/server applications by using +krb5: secret-key cryptography. +krb5: +krb5: Homepage: http://web.mit.edu/kerberos/ +krb5: +krb5: +krb5: +krb5: diff --git a/recompress.sh b/recompress.sh index ccd19187f..7ffc4a45e 100755 --- a/recompress.sh +++ b/recompress.sh @@ -1211,6 +1211,7 @@ gzip ./patches/source/sudo/doinst.sh gzip ./patches/source/ca-certificates/fixup_update-ca-certificates.diff gzip ./patches/source/ca-certificates/doinst.sh gzip ./patches/source/ca-certificates/update-ca-certificates.c_rehash.diff +gzip ./patches/source/krb5/doinst.sh gzip ./patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch gzip ./patches/source/xorg-server/patch/xorg-server/0001-autobind-GPUs-to-the-screen.patch |