From 206ee03fe7b74a0f85d75c5e783efaa2991f2c56 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Tue, 7 Nov 2023 19:57:12 +0000 Subject: Tue Nov 7 19:57:12 UTC 2023 patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz: Upgraded. The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-42465 https://www.cve.org/CVERecord?id=CVE-2023-42456 (* Security fix *) --- ChangeLog.rss | 25 ++++++++++++-- ChangeLog.txt | 13 ++++++++ FILELIST.TXT | 38 +++++++++++----------- .../packages/sudo-1.9.14p2-x86_64-1_slack15.0.txt | 11 ------- .../packages/sudo-1.9.15-x86_64-1_slack15.0.txt | 11 +++++++ 5 files changed, 66 insertions(+), 32 deletions(-) delete mode 100644 patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txt create mode 100644 patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txt diff --git a/ChangeLog.rss b/ChangeLog.rss index 1cd19cbb0..457b9bacb 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,30 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Tue, 31 Oct 2023 18:49:18 GMT - Wed, 1 Nov 2023 12:30:06 GMT + Tue, 7 Nov 2023 19:57:12 GMT + Wed, 8 Nov 2023 12:30:22 GMT maintain_current_git.sh v 1.17 + + Tue, 7 Nov 2023 19:57:12 GMT + Tue, 7 Nov 2023 19:57:12 GMT + https://git.slackware.nl/current/tag/?h=20231107195712 + 20231107195712 + + +patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz: Upgraded. + The sudoers plugin has been modified to make it more resilient to ROWHAMMER + attacks on authentication and policy matching. + The sudoers plugin now constructs the user time stamp file path name using + the user-ID instead of the user name. This avoids a potential problem with + user names that contain a path separator ('/') being interpreted as part of + the path name. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-42465 + https://www.cve.org/CVERecord?id=CVE-2023-42456 + (* Security fix *) + ]]> + + Tue, 31 Oct 2023 18:49:18 GMT Tue, 31 Oct 2023 18:49:18 GMT diff --git a/ChangeLog.txt b/ChangeLog.txt index a4cec5a56..d261e18e7 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,16 @@ +Tue Nov 7 19:57:12 UTC 2023 +patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz: Upgraded. + The sudoers plugin has been modified to make it more resilient to ROWHAMMER + attacks on authentication and policy matching. + The sudoers plugin now constructs the user time stamp file path name using + the user-ID instead of the user name. This avoids a potential problem with + user names that contain a path separator ('/') being interpreted as part of + the path name. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-42465 + https://www.cve.org/CVERecord?id=CVE-2023-42456 + (* Security fix *) ++--------------------------+ Tue Oct 31 18:49:18 UTC 2023 extra/php81/php81-8.1.25-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. diff --git a/FILELIST.TXT b/FILELIST.TXT index 1b1b5d1ab..b72757663 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Tue Oct 31 18:51:56 UTC 2023 +Tue Nov 7 20:02:22 UTC 2023 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2023-10-31 18:49 . +drwxr-xr-x 12 root root 4096 2023-11-07 19:57 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1195426 2023-10-26 20:00 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2023-10-26 20:00 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1195426 2023-10-31 18:52 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2023-10-31 18:52 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 2058159 2023-10-31 18:49 ./ChangeLog.txt +-rw-r--r-- 1 root root 2058811 2023-11-07 19:57 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1563301 2023-10-26 19:59 ./FILELIST.TXT +-rw-r--r-- 1 root root 1563301 2023-10-31 18:51 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY -rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT @@ -752,13 +752,13 @@ drwxr-xr-x 2 root root 4096 2022-12-17 19:52 ./pasture/source/samba -rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default -rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig -rw-r--r-- 1 root root 536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz -drwxr-xr-x 4 root root 4096 2023-10-26 19:59 ./patches --rw-r--r-- 1 root root 86534 2023-10-26 19:59 ./patches/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2023-10-26 19:59 ./patches/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 118114 2023-10-26 19:59 ./patches/FILE_LIST --rw-r--r-- 1 root root 13195472 2023-10-26 19:59 ./patches/MANIFEST.bz2 --rw-r--r-- 1 root root 62618 2023-10-26 19:59 ./patches/PACKAGES.TXT -drwxr-xr-x 3 root root 24576 2023-10-26 19:59 ./patches/packages +drwxr-xr-x 4 root root 4096 2023-11-07 20:02 ./patches +-rw-r--r-- 1 root root 86526 2023-11-07 20:02 ./patches/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2023-11-07 20:02 ./patches/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 118106 2023-11-07 20:02 ./patches/FILE_LIST +-rw-r--r-- 1 root root 13187975 2023-11-07 20:02 ./patches/MANIFEST.bz2 +-rw-r--r-- 1 root root 62616 2023-11-07 20:02 ./patches/PACKAGES.TXT +drwxr-xr-x 3 root root 24576 2023-11-07 20:02 ./patches/packages -rw-r--r-- 1 root root 360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc @@ -1000,9 +1000,9 @@ drwxr-xr-x 2 root root 4096 2023-06-23 18:50 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 392 2023-09-20 19:57 ./patches/packages/seamonkey-2.53.17.1-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 38416604 2023-09-20 19:57 ./patches/packages/seamonkey-2.53.17.1-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-09-20 19:57 ./patches/packages/seamonkey-2.53.17.1-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 442 2023-07-17 02:12 ./patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 1237820 2023-07-17 02:12 ./patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2023-07-17 02:12 ./patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 442 2023-11-07 01:12 ./patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 1307056 2023-11-07 01:12 ./patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2023-11-07 01:12 ./patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 403 2022-11-09 20:23 ./patches/packages/sysstat-12.7.1-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 360840 2022-11-09 20:23 ./patches/packages/sysstat-12.7.1-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-11-09 20:23 ./patches/packages/sysstat-12.7.1-x86_64-1_slack15.0.txz.asc @@ -1060,7 +1060,7 @@ drwxr-xr-x 2 root root 4096 2023-06-23 18:50 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc -drwxr-xr-x 93 root root 4096 2023-10-26 19:04 ./patches/source +drwxr-xr-x 93 root root 4096 2023-11-07 19:50 ./patches/source drwxr-xr-x 2 root root 4096 2023-09-26 19:22 ./patches/source/Cython -rw-r--r-- 1 root root 1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz -rwxr-xr-x 1 root root 3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild @@ -1831,10 +1831,10 @@ drwxr-xr-x 2 root root 4096 2016-07-03 18:05 ./patches/source/seamonkey/au -rw-r--r-- 1 root root 319 2021-07-13 20:11 ./patches/source/seamonkey/seamonkey.desktop -rw-r--r-- 1 root root 849 2020-03-01 04:26 ./patches/source/seamonkey/slack-desc -rw-r--r-- 1 root root 341 2017-07-21 16:21 ./patches/source/seamonkey/sm.ui.scrollToClick.diff.gz -drwxr-xr-x 2 root root 4096 2023-07-17 02:11 ./patches/source/sudo +drwxr-xr-x 2 root root 4096 2023-11-07 01:10 ./patches/source/sudo -rw-r--r-- 1 root root 275 2004-09-19 00:25 ./patches/source/sudo/doinst.sh.gz -rw-r--r-- 1 root root 894 2018-02-27 06:12 ./patches/source/sudo/slack-desc --rw-r--r-- 1 root root 2857540 2023-07-16 20:06 ./patches/source/sudo/sudo-1.9.14p2.tar.xz +-rw-r--r-- 1 root root 2898960 2023-11-06 17:23 ./patches/source/sudo/sudo-1.9.15.tar.xz -rwxr-xr-x 1 root root 4582 2022-11-05 19:13 ./patches/source/sudo/sudo.SlackBuild -rw-r--r-- 1 root root 25 2020-06-19 19:00 ./patches/source/sudo/sudo.url drwxr-xr-x 2 root root 4096 2022-11-09 20:22 ./patches/source/sysstat diff --git a/patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txt b/patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txt deleted file mode 100644 index 427ea5539..000000000 --- a/patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txt +++ /dev/null @@ -1,11 +0,0 @@ -sudo: sudo (give limited root privileges to certain users) -sudo: -sudo: 'sudo' is a command that allows users to execute some commands as -sudo: root. The /etc/sudoers file (edited with 'visudo') specifies which -sudo: users have access to sudo and which commands they can run. 'sudo' -sudo: logs all its activities to /var/log/ so the system administrator -sudo: can keep an eye on things. -sudo: -sudo: Homepage: https://www.sudo.ws -sudo: -sudo: diff --git a/patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txt b/patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..427ea5539 --- /dev/null +++ b/patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +sudo: sudo (give limited root privileges to certain users) +sudo: +sudo: 'sudo' is a command that allows users to execute some commands as +sudo: root. The /etc/sudoers file (edited with 'visudo') specifies which +sudo: users have access to sudo and which commands they can run. 'sudo' +sudo: logs all its activities to /var/log/ so the system administrator +sudo: can keep an eye on things. +sudo: +sudo: Homepage: https://www.sudo.ws +sudo: +sudo: -- cgit v1.2.3-65-gdbad