summaryrefslogtreecommitdiffstats
path: root/source/n/php/CVE-2023-0567.patch (follow)
Commit message (Expand)AuthorAgeFilesLines
* Wed Mar 8 20:26:54 UTC 2023...Hey folks, just some more updates on the road to an eventual beta. :-) At this point nothing remains linked with openssl-1.1.1 except for python2 and modules, and vsftpd. I think nobody cares about trying to force python2 to use openssl3... it's EOL but still a zombie, unfortunately. I have seen some patches for vsftpd and intend to take a look at them. We've bumped PHP to 8.2 and just gone ahead and killed 8.0 and 8.1. Like 7.4, 8.0 is not compatible with openssl3 and it doesn't seem worthwhile to try to patch it. And with 8.2 already out for several revisions, 8.1 does not seem particularly valuable. If you make use of PHP you should be used to it being a moving target by now. Enjoy, and let me know if anything isn't working right. Cheers! a/aaa_libraries-15.1-x86_64-19.txz: Rebuilt. Recompiled against openssl-3.0.8: libcups.so.2, libcurl.so.4.8.0, libldap.so.2.0.200, libssh2.so.1.0.1. a/cryptsetup-2.6.1-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. a/kmod-30-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. a/openssl-solibs-3.0.8-x86_64-1.txz: Upgraded. Shared library .so-version bump. a/openssl11-solibs-1.1.1t-x86_64-1.txz: Added. ap/cups-2.4.2-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. ap/hplip-3.20.5-x86_64-7.txz: Rebuilt. Recompiled against openssl-3.0.8. ap/lxc-4.0.12-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. ap/mariadb-10.6.12-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. ap/qpdf-11.3.0-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. ap/sudo-1.9.13p3-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. d/cargo-vendor-filterer-0.5.7-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. d/cvs-1.11.23-x86_64-9.txz: Rebuilt. Recompiled against openssl-3.0.8. d/git-2.39.2-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. d/perl-5.36.0-x86_64-5.txz: Rebuilt. Recompiled against openssl-3.0.8. d/python3-3.9.16-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. d/ruby-3.2.1-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. d/rust-1.66.1-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. d/scons-4.5.1-x86_64-1.txz: Upgraded. kde/falkon-22.12.3-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. kde/kitinerary-22.12.3-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. l/M2Crypto-0.38.0-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. l/SDL2-2.26.4-x86_64-1.txz: Upgraded. l/gst-plugins-bad-free-1.22.1-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. l/libarchive-3.6.2-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. l/libevent-2.1.12-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. l/libimobiledevice-20211124_2c6121d-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. l/libssh2-1.10.0-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. l/libvncserver-0.9.14-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. l/mlt-7.14.0-x86_64-1.txz: Upgraded. l/neon-0.32.5-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. l/nodejs-19.7.0-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. l/opusfile-0.12-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. l/pipewire-0.3.66-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. l/pulseaudio-16.1-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. l/pycurl-7.44.1-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. l/qca-2.3.5-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. l/qt5-5.15.8_20230304_d8b881f0-x86_64-1.txz: Upgraded. Compiled against openssl-3.0.8. l/serf-1.3.9-x86_64-8.txz: Rebuilt. Recompiled against openssl-3.0.8. n/alpine-2.26-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/bind-9.18.12-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/curl-7.88.1-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/cyrus-sasl-2.1.28-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/dovecot-2.3.20-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/epic5-2.1.12-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. n/fetchmail-6.4.37-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/htdig-3.2.0b6-x86_64-9.txz: Rebuilt. Recompiled against openssl-3.0.8. n/httpd-2.4.56-x86_64-1.txz: Upgraded. This update fixes two security issues: HTTP Response Smuggling vulnerability via mod_proxy_uwsgi. HTTP Request Smuggling attack via mod_rewrite and mod_proxy. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.56 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://www.cve.org/CVERecord?id=CVE-2023-25690 (* Security fix *) NOTE: This package is compiled against openssl-3.0.8. n/irssi-1.4.3-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/krb5-1.20.1-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/lftp-4.9.2-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. n/links-2.28-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/lynx-2.9.0dev.10-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/mutt-2.2.9-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/net-snmp-5.9.3-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/netatalk-3.1.14-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/nmap-7.93-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/ntp-4.2.8p15-x86_64-12.txz: Rebuilt. Recompiled against openssl-3.0.8. n/openldap-2.6.4-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/openssh-9.2p1-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/openssl-3.0.8-x86_64-1.txz: Upgraded. Shared library .so-version bump. n/openssl11-1.1.1t-x86_64-1.txz: Added. n/openvpn-2.6.0-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/php-8.2.3-x86_64-1.txz: Upgraded. Compiled against openssl-3.0.8. n/pidentd-3.0.19-x86_64-7.txz: Rebuilt. Recompiled against openssl-3.0.8. n/popa3d-1.0.3-x86_64-7.txz: Rebuilt. Recompiled against openssl-3.0.8. n/postfix-3.7.4-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/ppp-2.4.9-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. n/proftpd-1.3.8-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/rsync-3.2.7-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/s-nail-14.9.24-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/samba-4.18.0-x86_64-1.txz: Upgraded. Build with the bundled Heimdal instead of the system MIT Kerberos. Thanks again to rpenny. n/slrn-1.0.3a-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. n/snownews-1.9-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/socat-1.7.4.4-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/stunnel-5.69-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/tcpdump-4.99.3-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. n/wget-1.21.3-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. n/wpa_supplicant-2.10-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. xap/freerdp-2.10.0-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. xap/gftp-2.9.1b-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. xap/gkrellm-2.3.11-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. xap/hexchat-2.16.1-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. xap/sane-1.0.32-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. xap/x3270-4.0ga14-x86_64-3.txz: Rebuilt. Recompiled against openssl-3.0.8. xap/xine-lib-1.2.13-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. y/bsd-games-2.17-x86_64-4.txz: Rebuilt. Recompiled against openssl-3.0.8. extra/php80/php80-8.0.28-x86_64-1.txz: Removed. extra/php81/php81-8.1.16-x86_64-1.txz: Removed. extra/rust-for-mozilla/rust-1.60.0-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. extra/sendmail/sendmail-8.17.1-x86_64-7.txz: Rebuilt. Recompiled against openssl-3.0.8. extra/sendmail/sendmail-cf-8.17.1-noarch-7.txz: Rebuilt. testing/packages/rust-1.67.1-x86_64-2.txz: Rebuilt. Recompiled against openssl-3.0.8. testing/packages/samba-4.17.5-x86_64-2.txz: Removed. 20230308202654 Patrick J Volkerding2023-03-081-142/+0
* Wed Feb 15 03:05:40 UTC 2023...a/kernel-firmware-20230214_a253a37-noarch-1.txz: Upgraded. a/kernel-generic-6.1.12-x86_64-1.txz: Upgraded. a/kernel-huge-6.1.12-x86_64-1.txz: Upgraded. a/kernel-modules-6.1.12-x86_64-1.txz: Upgraded. d/kernel-headers-6.1.12-x86-1.txz: Upgraded. d/rust-1.66.1-x86_64-1.txz: Upgraded. k/kernel-source-6.1.12-noarch-1.txz: Upgraded. kde/bluedevil-5.27.0-x86_64-1.txz: Upgraded. kde/breeze-5.27.0-x86_64-1.txz: Upgraded. kde/breeze-grub-5.27.0-x86_64-1.txz: Upgraded. kde/breeze-gtk-5.27.0-x86_64-1.txz: Upgraded. kde/drkonqi-5.27.0-x86_64-1.txz: Upgraded. kde/kactivitymanagerd-5.27.0-x86_64-1.txz: Upgraded. kde/kde-cli-tools-5.27.0-x86_64-1.txz: Upgraded. kde/kde-gtk-config-5.27.0-x86_64-1.txz: Upgraded. kde/kdecoration-5.27.0-x86_64-1.txz: Upgraded. kde/kdeplasma-addons-5.27.0-x86_64-1.txz: Upgraded. kde/kgamma5-5.27.0-x86_64-1.txz: Upgraded. kde/khotkeys-5.27.0-x86_64-1.txz: Upgraded. kde/kinfocenter-5.27.0-x86_64-1.txz: Upgraded. kde/kmenuedit-5.27.0-x86_64-1.txz: Upgraded. kde/kpipewire-5.27.0-x86_64-1.txz: Upgraded. kde/kscreen-5.27.0-x86_64-1.txz: Upgraded. kde/kscreenlocker-5.27.0-x86_64-1.txz: Upgraded. kde/ksshaskpass-5.27.0-x86_64-1.txz: Upgraded. kde/ksystemstats-5.27.0-x86_64-1.txz: Upgraded. kde/kwallet-pam-5.27.0-x86_64-1.txz: Upgraded. kde/kwayland-integration-5.27.0-x86_64-1.txz: Upgraded. kde/kwin-5.27.0-x86_64-1.txz: Upgraded. kde/kwrited-5.27.0-x86_64-1.txz: Upgraded. kde/layer-shell-qt-5.27.0-x86_64-1.txz: Upgraded. kde/libkscreen-5.27.0-x86_64-1.txz: Upgraded. kde/libksysguard-5.27.0-x86_64-1.txz: Upgraded. kde/milou-5.27.0-x86_64-1.txz: Upgraded. kde/oxygen-5.27.0-x86_64-1.txz: Upgraded. kde/oxygen-sounds-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-browser-integration-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-desktop-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-disks-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-firewall-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-integration-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-nm-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-pa-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-sdk-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-systemmonitor-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-vault-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-workspace-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-workspace-wallpapers-5.27.0-x86_64-1.txz: Upgraded. kde/polkit-kde-agent-1-5.27.0-x86_64-1.txz: Upgraded. kde/powerdevil-5.27.0-x86_64-1.txz: Upgraded. kde/qqc2-breeze-style-5.27.0-x86_64-1.txz: Upgraded. kde/sddm-kcm-5.27.0-x86_64-1.txz: Upgraded. kde/systemsettings-5.27.0-x86_64-1.txz: Upgraded. kde/xdg-desktop-portal-kde-5.27.0-x86_64-1.txz: Upgraded. l/mozjs102-102.8.0esr-x86_64-1.txz: Upgraded. n/php-7.4.33-x86_64-3.txz: Rebuilt. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) xap/mozilla-firefox-110.0-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/110.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/ https://www.cve.org/CVERecord?id=CVE-2023-25728 https://www.cve.org/CVERecord?id=CVE-2023-25730 https://www.cve.org/CVERecord?id=CVE-2023-25743 https://www.cve.org/CVERecord?id=CVE-2023-0767 https://www.cve.org/CVERecord?id=CVE-2023-25735 https://www.cve.org/CVERecord?id=CVE-2023-25737 https://www.cve.org/CVERecord?id=CVE-2023-25738 https://www.cve.org/CVERecord?id=CVE-2023-25739 https://www.cve.org/CVERecord?id=CVE-2023-25729 https://www.cve.org/CVERecord?id=CVE-2023-25732 https://www.cve.org/CVERecord?id=CVE-2023-25734 https://www.cve.org/CVERecord?id=CVE-2023-25740 https://www.cve.org/CVERecord?id=CVE-2023-25731 https://www.cve.org/CVERecord?id=CVE-2023-25733 https://www.cve.org/CVERecord?id=CVE-2023-25736 https://www.cve.org/CVERecord?id=CVE-2023-25741 https://www.cve.org/CVERecord?id=CVE-2023-25742 https://www.cve.org/CVERecord?id=CVE-2023-25744 https://www.cve.org/CVERecord?id=CVE-2023-25745 (* Security fix *) extra/php80/php80-8.0.28-x86_64-1.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) extra/php81/php81-8.1.16-x86_64-1.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/rust-1.67.1-x86_64-1.txz: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt. 20230215030540 Patrick J Volkerding2023-02-151-0/+142
generated by cgit v1.2.3-80-g2a13 (git 2.46.2) at 2024-09-26 20:27:56 +0000