From 1163276b19f99447b288fc836f9ba0a8de5acd14 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Thu, 25 Apr 2024 17:58:17 +0000 Subject: Thu Apr 25 17:58:17 UTC 2024 patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz: Rebuilt. Patched an out-of-bound error in the rar e8 filter that could allow for the execution of arbitrary code. Thanks to gmgf for the heads-up. For more information, see: https://github.com/advisories/GHSA-2jc9-36w4-pmqw https://www.cve.org/CVERecord?id=CVE-2024-26256 (* Security fix *) --- ChangeLog.rss | 22 +++++++- ChangeLog.txt | 10 ++++ FILELIST.TXT | 61 +++++++++++----------- .../libarchive-3.7.3-x86_64-1_slack15.0.txt | 11 ---- .../libarchive-3.7.3-x86_64-2_slack15.0.txt | 11 ++++ .../eb7939b24a681a04648a59cdebd386b1e9dc9237.patch | 23 ++++++++ patches/source/libarchive/libarchive.SlackBuild | 5 +- 7 files changed, 99 insertions(+), 44 deletions(-) delete mode 100644 patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txt create mode 100644 patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txt create mode 100644 patches/source/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch diff --git a/ChangeLog.rss b/ChangeLog.rss index cd4d5e607..1d3248c36 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,27 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Tue, 23 Apr 2024 22:24:03 GMT - Wed, 24 Apr 2024 11:30:35 GMT + Thu, 25 Apr 2024 17:58:17 GMT + Fri, 26 Apr 2024 11:30:33 GMT maintain_current_git.sh v 1.17 + + Thu, 25 Apr 2024 17:58:17 GMT + Thu, 25 Apr 2024 17:58:17 GMT + https://git.slackware.nl/current/tag/?h=20240425175817 + 20240425175817 + + +patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz: Rebuilt. + Patched an out-of-bound error in the rar e8 filter that could allow for + the execution of arbitrary code. + Thanks to gmgf for the heads-up. + For more information, see: + https://github.com/advisories/GHSA-2jc9-36w4-pmqw + https://www.cve.org/CVERecord?id=CVE-2024-26256 + (* Security fix *) + ]]> + + Tue, 23 Apr 2024 22:24:03 GMT Tue, 23 Apr 2024 22:24:03 GMT diff --git a/ChangeLog.txt b/ChangeLog.txt index 2205c79a5..bf7c3410a 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,13 @@ +Thu Apr 25 17:58:17 UTC 2024 +patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz: Rebuilt. + Patched an out-of-bound error in the rar e8 filter that could allow for + the execution of arbitrary code. + Thanks to gmgf for the heads-up. + For more information, see: + https://github.com/advisories/GHSA-2jc9-36w4-pmqw + https://www.cve.org/CVERecord?id=CVE-2024-26256 + (* Security fix *) ++--------------------------+ Tue Apr 23 22:24:03 UTC 2024 patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: diff --git a/FILELIST.TXT b/FILELIST.TXT index d5242f469..f4cc02b75 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Tue Apr 23 22:26:46 UTC 2024 +Thu Apr 25 18:00:55 UTC 2024 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2024-04-23 22:24 . +drwxr-xr-x 12 root root 4096 2024-04-25 17:58 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1234602 2024-04-23 19:51 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 195 2024-04-23 19:51 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1234602 2024-04-23 22:27 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 195 2024-04-23 22:27 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 2115586 2024-04-23 22:24 ./ChangeLog.txt +-rw-r--r-- 1 root root 2116012 2024-04-25 17:58 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1612479 2024-04-23 19:51 ./FILELIST.TXT +-rw-r--r-- 1 root root 1612479 2024-04-23 22:26 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY -rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT @@ -832,13 +832,13 @@ drwxr-xr-x 2 root root 4096 2022-12-17 19:52 ./pasture/source/samba -rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default -rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig -rw-r--r-- 1 root root 536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz -drwxr-xr-x 4 root root 4096 2024-04-23 22:26 ./patches --rw-r--r-- 1 root root 115729 2024-04-23 22:26 ./patches/CHECKSUMS.md5 --rw-r--r-- 1 root root 195 2024-04-23 22:26 ./patches/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 157569 2024-04-23 22:26 ./patches/FILE_LIST --rw-r--r-- 1 root root 15508521 2024-04-23 22:26 ./patches/MANIFEST.bz2 --rw-r--r-- 1 root root 80966 2024-04-23 22:26 ./patches/PACKAGES.TXT -drwxr-xr-x 5 root root 32768 2024-04-23 22:26 ./patches/packages +drwxr-xr-x 4 root root 4096 2024-04-25 18:00 ./patches +-rw-r--r-- 1 root root 115830 2024-04-25 18:00 ./patches/CHECKSUMS.md5 +-rw-r--r-- 1 root root 195 2024-04-25 18:00 ./patches/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 157688 2024-04-25 18:00 ./patches/FILE_LIST +-rw-r--r-- 1 root root 15513180 2024-04-25 18:00 ./patches/MANIFEST.bz2 +-rw-r--r-- 1 root root 80966 2024-04-25 18:00 ./patches/PACKAGES.TXT +drwxr-xr-x 5 root root 32768 2024-04-25 18:00 ./patches/packages -rw-r--r-- 1 root root 360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc @@ -980,9 +980,9 @@ drwxr-xr-x 5 root root 32768 2024-04-23 22:26 ./patches/packages -rw-r--r-- 1 root root 313 2023-10-03 19:40 ./patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 94968 2023-10-03 19:40 ./patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-10-03 19:40 ./patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 402 2024-04-08 18:13 ./patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 523692 2024-04-08 18:13 ./patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 195 2024-04-08 18:13 ./patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 402 2024-04-25 17:31 ./patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txt +-rw-r--r-- 1 root root 523812 2024-04-25 17:31 ./patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz +-rw-r--r-- 1 root root 195 2024-04-25 17:31 ./patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz.asc -rw-r--r-- 1 root root 359 2023-10-11 20:02 ./patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 291764 2023-10-11 20:02 ./patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-10-11 20:02 ./patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz.asc @@ -1235,7 +1235,7 @@ drwxr-xr-x 2 root root 4096 2023-11-21 21:09 ./patches/packages/old-linux -rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc -drwxr-xr-x 113 root root 4096 2024-04-23 22:21 ./patches/source +drwxr-xr-x 113 root root 4096 2024-04-25 17:57 ./patches/source drwxr-xr-x 2 root root 4096 2023-09-26 19:22 ./patches/source/Cython -rw-r--r-- 1 root root 1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz -rwxr-xr-x 1 root root 3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild @@ -1653,10 +1653,11 @@ drwxr-xr-x 3 root root 4096 2023-01-17 21:37 ./patches/source/libXpm/src drwxr-xr-x 2 root root 4096 2023-10-03 19:37 ./patches/source/libXpm/src/lib -rw-r--r-- 1 root root 468964 2023-10-03 16:13 ./patches/source/libXpm/src/lib/libXpm-3.5.17.tar.xz -rwxr-xr-x 1 root root 15219 2020-02-19 20:37 ./patches/source/libXpm/x11.SlackBuild -drwxr-xr-x 2 root root 4096 2024-04-08 18:12 ./patches/source/libarchive +drwxr-xr-x 2 root root 4096 2024-04-25 17:29 ./patches/source/libarchive +-rw-r--r-- 1 root root 914 2024-04-25 17:20 ./patches/source/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch -rw-r--r-- 1 root root 5428992 2024-04-08 09:55 ./patches/source/libarchive/libarchive-3.7.3.tar.xz -rw-r--r-- 1 root root 659 2024-04-08 09:55 ./patches/source/libarchive/libarchive-3.7.3.tar.xz.asc --rwxr-xr-x 1 root root 3786 2023-09-14 01:58 ./patches/source/libarchive/libarchive.SlackBuild +-rwxr-xr-x 1 root root 3893 2024-04-25 17:29 ./patches/source/libarchive/libarchive.SlackBuild -rw-r--r-- 1 root root 131 2024-04-08 18:11 ./patches/source/libarchive/libarchive.url -rw-r--r-- 1 root root 856 2018-02-27 06:12 ./patches/source/libarchive/slack-desc drwxr-xr-x 2 root root 4096 2023-10-11 20:01 ./patches/source/libcaca @@ -2631,8 +2632,8 @@ drwxr-xr-x 2 root root 20480 2022-02-02 08:24 ./slackware64/a -rw-r--r-- 1 root root 163 2021-02-13 11:03 ./slackware64/a/gpm-1.20.7-x86_64-9.txz.asc -rw-r--r-- 1 root root 575 2021-06-10 18:05 ./slackware64/a/gptfdisk-1.0.8-x86_64-1.txt -rw-r--r-- 1 root root 191260 2021-06-10 18:05 ./slackware64/a/gptfdisk-1.0.8-x86_64-1.txz --rw-r--r-- 1 root root 163 2021-06-10 18:05 ./slackware64/a/gptfdisk-1.0.8-x86_64-1.txz.asc --rw-r--r-- 1 root root 291 2021-08-15 17:46 ./slackware64/a/grep-3.7-x86_64-1.txt +-rw-r--r-- 1 root root 163 2021-06-10 18:05 ./slackware64/a/gptfdisk-1.0.8-x86_64-1.txz.asc +-rw-r--r-- 1 root root 291 2021-08-15 17:46 ./slackware64/a/grep-3.7-x86_64-1.txt -rw-r--r-- 1 root root 278672 2021-08-15 17:46 ./slackware64/a/grep-3.7-x86_64-1.txz -rw-r--r-- 1 root root 163 2021-08-15 17:46 ./slackware64/a/grep-3.7-x86_64-1.txz.asc -rw-r--r-- 1 root root 182 2021-09-10 18:45 ./slackware64/a/grub-2.06-x86_64-4.txt @@ -5395,8 +5396,8 @@ drwxr-xr-x 2 root root 69632 2022-02-02 04:20 ./slackware64/l -rw-r--r-- 1 root root 163 2021-11-03 01:02 ./slackware64/l/pycurl-7.44.1-x86_64-3.txz.asc -rw-r--r-- 1 root root 397 2021-02-13 07:39 ./slackware64/l/pygobject-2.28.7-x86_64-8.txt -rw-r--r-- 1 root root 410164 2021-02-13 07:39 ./slackware64/l/pygobject-2.28.7-x86_64-8.txz --rw-r--r-- 1 root root 163 2021-02-13 07:39 ./slackware64/l/pygobject-2.28.7-x86_64-8.txz.asc --rw-r--r-- 1 root root 411 2021-11-03 00:44 ./slackware64/l/pygobject3-3.42.0-x86_64-3.txt +-rw-r--r-- 1 root root 163 2021-02-13 07:39 ./slackware64/l/pygobject-2.28.7-x86_64-8.txz.asc +-rw-r--r-- 1 root root 411 2021-11-03 00:44 ./slackware64/l/pygobject3-3.42.0-x86_64-3.txt -rw-r--r-- 1 root root 219464 2021-11-03 00:44 ./slackware64/l/pygobject3-3.42.0-x86_64-3.txz -rw-r--r-- 1 root root 163 2021-11-03 00:44 ./slackware64/l/pygobject3-3.42.0-x86_64-3.txz.asc -rw-r--r-- 1 root root 311 2021-02-13 07:40 ./slackware64/l/pygtk-2.24.0-x86_64-7.txt @@ -8317,8 +8318,8 @@ drwxr-xr-x 2 root root 4096 2021-02-20 20:44 ./source/a/sysvinit-scripts/s -rw-r--r-- 1 root root 18050 2022-01-27 22:32 ./source/a/sysvinit-scripts/scripts/rc.S -rw-r--r-- 1 root root 3330 2021-04-23 18:31 ./source/a/sysvinit-scripts/scripts/rc.cpufreq -rw-r--r-- 1 root root 274 2021-04-23 18:31 ./source/a/sysvinit-scripts/scripts/rc.local --rw-r--r-- 1 root root 170 2021-04-23 18:31 ./source/a/sysvinit-scripts/scripts/rc.loop --rw-r--r-- 1 root root 780 2021-04-23 18:31 ./source/a/sysvinit-scripts/scripts/rc.modules +-rw-r--r-- 1 root root 170 2021-04-23 18:31 ./source/a/sysvinit-scripts/scripts/rc.loop +-rw-r--r-- 1 root root 780 2021-04-23 18:31 ./source/a/sysvinit-scripts/scripts/rc.modules -rw-r--r-- 1 root root 691 2021-04-23 18:31 ./source/a/sysvinit-scripts/scripts/rc.modules.local -rw-r--r-- 1 root root 1656 2021-04-23 18:31 ./source/a/sysvinit-scripts/scripts/rc.sysvinit -rw-r--r-- 1 root root 842 2018-02-27 06:13 ./source/a/sysvinit-scripts/slack-desc @@ -11370,8 +11371,8 @@ drwxr-xr-x 2 root root 4096 2022-01-25 19:26 ./source/kde/kde/src/plasma-e -rw-r--r-- 1 root root 43576 2022-01-04 09:49 ./source/kde/kde/src/plasma/breeze-gtk-5.23.5.tar.xz -rw-r--r-- 1 root root 833 2022-01-04 09:49 ./source/kde/kde/src/plasma/breeze-gtk-5.23.5.tar.xz.sig -rw-r--r-- 1 root root 110580 2022-01-04 09:49 ./source/kde/kde/src/plasma/breeze-plymouth-5.23.5.tar.xz --rw-r--r-- 1 root root 833 2022-01-04 09:49 ./source/kde/kde/src/plasma/breeze-plymouth-5.23.5.tar.xz.sig --rw-r--r-- 1 root root 8237796 2022-01-04 09:50 ./source/kde/kde/src/plasma/discover-5.23.5.tar.xz +-rw-r--r-- 1 root root 833 2022-01-04 09:49 ./source/kde/kde/src/plasma/breeze-plymouth-5.23.5.tar.xz.sig +-rw-r--r-- 1 root root 8237796 2022-01-04 09:50 ./source/kde/kde/src/plasma/discover-5.23.5.tar.xz -rw-r--r-- 1 root root 833 2022-01-04 09:50 ./source/kde/kde/src/plasma/discover-5.23.5.tar.xz.sig -rw-r--r-- 1 root root 793388 2022-01-04 09:50 ./source/kde/kde/src/plasma/drkonqi-5.23.5.tar.xz -rw-r--r-- 1 root root 833 2022-01-04 09:50 ./source/kde/kde/src/plasma/drkonqi-5.23.5.tar.xz.sig @@ -14829,9 +14830,9 @@ drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/x/fcitx-unikey -rw-r--r-- 1 root root 310 2020-08-01 01:41 ./source/x/fcitx/fcitx-4.2.9.8.tar.xz.sig -rw-r--r-- 1 root root 295 2020-11-25 23:27 ./source/x/fcitx/fcitx-autostart.patch.gz -rwxr-xr-x 1 root root 4009 2022-01-11 05:20 ./source/x/fcitx/fcitx.SlackBuild --rw-r--r-- 1 root root 987 2016-10-12 18:43 ./source/x/fcitx/slack-desc -drwxr-xr-x 3 root root 4096 2021-02-13 05:32 ./source/x/fontconfig --rw-r--r-- 1 root root 139 2013-02-28 21:07 ./source/x/fontconfig/doinst.sh.gz +-rw-r--r-- 1 root root 987 2016-10-12 18:43 ./source/x/fcitx/slack-desc +drwxr-xr-x 3 root root 4096 2021-02-13 05:32 ./source/x/fontconfig +-rw-r--r-- 1 root root 139 2013-02-28 21:07 ./source/x/fontconfig/doinst.sh.gz drwxr-xr-x 2 root root 4096 2020-05-19 17:42 ./source/x/fontconfig/fedora-patches -rw-r--r-- 1 root root 675 2020-04-23 09:20 ./source/x/fontconfig/fedora-patches/fontconfig-0-timestamp-dir-on-sb.patch.gz -rw-r--r-- 1 root root 438 2020-04-23 09:20 ./source/x/fontconfig/fedora-patches/fontconfig-drop-lang-from-pkgkit-format.patch.gz diff --git a/patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txt b/patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txt deleted file mode 100644 index 64742121f..000000000 --- a/patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txt +++ /dev/null @@ -1,11 +0,0 @@ -libarchive: libarchive (archive reading library) -libarchive: -libarchive: Libarchive is a programming library that can create and read -libarchive: several different streaming archive formats, including most -libarchive: popular TAR variants and several CPIO formats. It can also -libarchive: write SHAR archives. -libarchive: -libarchive: Homepage: http://libarchive.org -libarchive: -libarchive: -libarchive: diff --git a/patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txt b/patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txt new file mode 100644 index 000000000..64742121f --- /dev/null +++ b/patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txt @@ -0,0 +1,11 @@ +libarchive: libarchive (archive reading library) +libarchive: +libarchive: Libarchive is a programming library that can create and read +libarchive: several different streaming archive formats, including most +libarchive: popular TAR variants and several CPIO formats. It can also +libarchive: write SHAR archives. +libarchive: +libarchive: Homepage: http://libarchive.org +libarchive: +libarchive: +libarchive: diff --git a/patches/source/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch b/patches/source/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch new file mode 100644 index 000000000..b17200126 --- /dev/null +++ b/patches/source/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch @@ -0,0 +1,23 @@ +From eb7939b24a681a04648a59cdebd386b1e9dc9237 Mon Sep 17 00:00:00 2001 +From: Wei-Cheng Pan +Date: Mon, 22 Apr 2024 01:55:41 +0900 +Subject: [PATCH] fix: OOB in rar e8 filter (#2135) + +This patch fixes an out-of-bound error in rar e8 filter. +--- + libarchive/archive_read_support_format_rar.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index 99a11d170..266d0ee99 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -3615,7 +3615,7 @@ execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, siz + uint32_t filesize = 0x1000000; + uint32_t i; + +- if (length > PROGRAM_WORK_SIZE || length < 4) ++ if (length > PROGRAM_WORK_SIZE || length <= 4) + return 0; + + for (i = 0; i <= length - 5; i++) diff --git a/patches/source/libarchive/libarchive.SlackBuild b/patches/source/libarchive/libarchive.SlackBuild index a170fd63a..fcb4cd753 100755 --- a/patches/source/libarchive/libarchive.SlackBuild +++ b/patches/source/libarchive/libarchive.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libarchive VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1_slack15.0} +BUILD=${BUILD:-2_slack15.0} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -79,6 +79,9 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ +# CVE-2024-26256: +cat $CWD/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch | patch -p1 --verbose || exit 1 + CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ -- cgit v1.2.3