summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt74
1 files changed, 74 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 4d34e61f6..6c974d6a5 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,77 @@
+Tue Jan 30 22:01:28 UTC 2024
+a/lzip-1.24-x86_64-1.txz: Upgraded.
+a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
+ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
+ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
+d/binutils-2.42-x86_64-1.txz: Upgraded.
+ Shared library .so-version bump.
+d/cmake-3.28.2-x86_64-1.txz: Upgraded.
+d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
+ Recompiled against binutils-2.42.
+d/strace-6.7-x86_64-1.txz: Upgraded.
+kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
+ Recompiled against libpng-1.6.42.
+l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
+l/libpng-1.6.42-x86_64-1.txz: Upgraded.
+ Fixed the implementation of the macro function png_check_sig().
+ This was an API regression, introduced in libpng-1.6.41.
+ Reported by Matthieu Darbois.
+l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
+l/neon-0.33.0-x86_64-1.txz: Upgraded.
+l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
+ Recompiled against libpng-1.6.42.
+l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
+ Recompiled against libpng-1.6.42.
+l/talloc-2.4.2-x86_64-1.txz: Upgraded.
+l/tdb-1.4.10-x86_64-1.txz: Upgraded.
+l/tevent-0.16.1-x86_64-1.txz: Upgraded.
+n/openldap-2.6.7-x86_64-1.txz: Upgraded.
+n/openssl-3.2.1-x86_64-1.txz: Upgraded.
+ This update fixes possible denial-of-service security issues:
+ A file in PKCS12 format can contain certificates and keys and may come from
+ an untrusted source. The PKCS12 specification allows certain fields to be
+ NULL, but OpenSSL did not correctly check for this case. A fix has been
+ applied to prevent a NULL pointer dereference that results in OpenSSL
+ crashing. If an application processes PKCS12 files from an untrusted source
+ using the OpenSSL APIs then that application will be vulnerable to this
+ issue prior to this fix.
+ OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
+ PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
+ and PKCS12_newpass().
+ When function EVP_PKEY_public_check() is called on RSA public keys,
+ a computation is done to confirm that the RSA modulus, n, is composite.
+ For valid RSA keys, n is a product of two or more large primes and this
+ computation completes quickly. However, if n is an overly large prime,
+ then this computation would take a long time.
+ An application that calls EVP_PKEY_public_check() and supplies an RSA key
+ obtained from an untrusted source could be vulnerable to a Denial of Service
+ attack.
+ The function EVP_PKEY_public_check() is not called from other OpenSSL
+ functions however it is called from the OpenSSL pkey command line
+ application. For that reason that application is also vulnerable if used
+ with the "-pubin" and "-check" options on untrusted data.
+ To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
+ now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
+ Fix excessive time spent in DH check / generation with large Q parameter
+ value.
+ Applications that use the functions DH_generate_key() to generate an
+ X9.42 DH key may experience long delays. Likewise, applications that use
+ DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
+ to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
+ Where the key or parameters that are being checked have been obtained from
+ an untrusted source this may lead to a Denial of Service.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2024-0727
+ https://www.cve.org/CVERecord?id=CVE-2023-6237
+ https://www.cve.org/CVERecord?id=CVE-2023-5678
+ (* Security fix *)
+xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
+ Fixed build script to exit on errors.
+ Patched to build against gettext-0.22.4.
+ Thanks to Matteo Bernardini.
+xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
+ Recompiled against libpng-1.6.42.
++--------------------------+
Mon Jan 29 19:17:30 UTC 2024
ap/diffstat-1.66-x86_64-1.txz: Upgraded.
ap/moc-2.6_alpha3-x86_64-3.txz: Rebuilt.