From 6e7a178c9ace16b71ba3d83c925b44915615b92d Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Tue, 25 Oct 2022 18:38:58 +0000 Subject: Tue Oct 25 18:38:58 UTC 2022 patches/packages/expat-2.5.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680 (* Security fix *) patches/packages/samba-4.15.11-x86_64-1_slack15.0.txz: Upgraded. This update fixes the following security issue: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). For more information, see: https://www.samba.org/samba/security/CVE-2022-3437.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437 (* Security fix *) --- ChangeLog.rss | 31 ++++++++++++- ChangeLog.txt | 19 ++++++++ FILELIST.TXT | 54 +++++++++++----------- .../packages/expat-2.4.9-x86_64-1_slack15.0.txt | 11 ----- .../packages/expat-2.5.0-x86_64-1_slack15.0.txt | 11 +++++ .../packages/samba-4.15.10-x86_64-1_slack15.0.txt | 11 ----- .../packages/samba-4.15.11-x86_64-1_slack15.0.txt | 11 +++++ patches/source/samba/samba.url | 4 +- 8 files changed, 99 insertions(+), 53 deletions(-) delete mode 100644 patches/packages/expat-2.4.9-x86_64-1_slack15.0.txt create mode 100644 patches/packages/expat-2.5.0-x86_64-1_slack15.0.txt delete mode 100644 patches/packages/samba-4.15.10-x86_64-1_slack15.0.txt create mode 100644 patches/packages/samba-4.15.11-x86_64-1_slack15.0.txt diff --git a/ChangeLog.rss b/ChangeLog.rss index 8e9724858..f90165cfd 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,36 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Fri, 21 Oct 2022 18:19:00 GMT - Sat, 22 Oct 2022 11:30:33 GMT + Tue, 25 Oct 2022 18:38:58 GMT + Wed, 26 Oct 2022 11:30:22 GMT maintain_current_git.sh v 1.17 + + Tue, 25 Oct 2022 18:38:58 GMT + Tue, 25 Oct 2022 18:38:58 GMT + https://git.slackware.nl/current/tag/?h=20221025183858 + 20221025183858 + + +patches/packages/expat-2.5.0-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + Fix heap use-after-free after overeager destruction of a shared DTD in + function XML_ExternalEntityParserCreate in out-of-memory situations. + Expected impact is denial of service or potentially arbitrary code + execution. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680 + (* Security fix *) +patches/packages/samba-4.15.11-x86_64-1_slack15.0.txz: Upgraded. + This update fixes the following security issue: + There is a limited write heap buffer overflow in the GSSAPI unwrap_des() + and unwrap_des3() routines of Heimdal (included in Samba). + For more information, see: + https://www.samba.org/samba/security/CVE-2022-3437.html + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437 + (* Security fix *) + ]]> + + Fri, 21 Oct 2022 18:19:00 GMT Fri, 21 Oct 2022 18:19:00 GMT diff --git a/ChangeLog.txt b/ChangeLog.txt index 5c0ce227b..e8acc4930 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,22 @@ +Tue Oct 25 18:38:58 UTC 2022 +patches/packages/expat-2.5.0-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + Fix heap use-after-free after overeager destruction of a shared DTD in + function XML_ExternalEntityParserCreate in out-of-memory situations. + Expected impact is denial of service or potentially arbitrary code + execution. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680 + (* Security fix *) +patches/packages/samba-4.15.11-x86_64-1_slack15.0.txz: Upgraded. + This update fixes the following security issue: + There is a limited write heap buffer overflow in the GSSAPI unwrap_des() + and unwrap_des3() routines of Heimdal (included in Samba). + For more information, see: + https://www.samba.org/samba/security/CVE-2022-3437.html + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437 + (* Security fix *) ++--------------------------+ Fri Oct 21 18:19:00 UTC 2022 patches/packages/rsync-3.2.7-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. diff --git a/FILELIST.TXT b/FILELIST.TXT index 1c0eba1c8..f51a40408 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Fri Oct 21 18:23:51 UTC 2022 +Tue Oct 25 18:43:53 UTC 2022 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2022-10-21 18:19 . +drwxr-xr-x 12 root root 4096 2022-10-25 18:38 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1155615 2022-10-20 18:45 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2022-10-20 18:45 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1155615 2022-10-21 18:24 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2022-10-21 18:24 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 1944481 2022-10-21 18:19 ./ChangeLog.txt +-rw-r--r-- 1 root root 1945410 2022-10-25 18:38 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1508427 2022-10-20 18:45 ./FILELIST.TXT +-rw-r--r-- 1 root root 1508427 2022-10-21 18:23 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY -rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT @@ -738,13 +738,13 @@ drwxr-xr-x 2 root root 4096 2008-05-07 05:21 ./pasture/source/php/pear -rwxr-xr-x 1 root root 9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild -rw-r--r-- 1 root root 775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz -rw-r--r-- 1 root root 830 2005-12-09 05:18 ./pasture/source/php/slack-desc -drwxr-xr-x 4 root root 4096 2022-10-21 18:23 ./patches --rw-r--r-- 1 root root 51186 2022-10-21 18:23 ./patches/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2022-10-21 18:23 ./patches/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 68310 2022-10-21 18:23 ./patches/FILE_LIST --rw-r--r-- 1 root root 11684940 2022-10-21 18:23 ./patches/MANIFEST.bz2 --rw-r--r-- 1 root root 37792 2022-10-21 18:23 ./patches/PACKAGES.TXT -drwxr-xr-x 3 root root 16384 2022-10-21 18:23 ./patches/packages +drwxr-xr-x 4 root root 4096 2022-10-25 18:43 ./patches +-rw-r--r-- 1 root root 51186 2022-10-25 18:43 ./patches/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2022-10-25 18:43 ./patches/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 68310 2022-10-25 18:43 ./patches/FILE_LIST +-rw-r--r-- 1 root root 11684161 2022-10-25 18:43 ./patches/MANIFEST.bz2 +-rw-r--r-- 1 root root 37792 2022-10-25 18:43 ./patches/PACKAGES.TXT +drwxr-xr-x 3 root root 16384 2022-10-25 18:43 ./patches/packages -rw-r--r-- 1 root root 327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt -rw-r--r-- 1 root root 10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz -rw-r--r-- 1 root root 163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc @@ -778,9 +778,9 @@ drwxr-xr-x 3 root root 16384 2022-10-21 18:23 ./patches/packages -rw-r--r-- 1 root root 443 2022-09-26 18:15 ./patches/packages/dnsmasq-2.87-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 389100 2022-09-26 18:15 ./patches/packages/dnsmasq-2.87-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-09-26 18:15 ./patches/packages/dnsmasq-2.87-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 301 2022-09-20 19:26 ./patches/packages/expat-2.4.9-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 130928 2022-09-20 19:26 ./patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2022-09-20 19:26 ./patches/packages/expat-2.4.9-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 301 2022-10-25 18:07 ./patches/packages/expat-2.5.0-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 131232 2022-10-25 18:07 ./patches/packages/expat-2.5.0-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2022-10-25 18:07 ./patches/packages/expat-2.5.0-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 602 2022-02-21 19:29 ./patches/packages/flac-1.3.4-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 389380 2022-02-21 19:29 ./patches/packages/flac-1.3.4-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-02-21 19:29 ./patches/packages/flac-1.3.4-x86_64-1_slack15.0.txz.asc @@ -881,9 +881,9 @@ drwxr-xr-x 2 root root 4096 2022-08-26 04:06 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 385 2022-04-13 18:19 ./patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 7739784 2022-04-13 18:19 ./patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-04-13 18:19 ./patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 507 2022-10-19 19:06 ./patches/packages/samba-4.15.10-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 12971004 2022-10-19 19:06 ./patches/packages/samba-4.15.10-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2022-10-19 19:06 ./patches/packages/samba-4.15.10-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 507 2022-10-25 16:54 ./patches/packages/samba-4.15.11-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 13020260 2022-10-25 16:54 ./patches/packages/samba-4.15.11-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2022-10-25 16:54 ./patches/packages/samba-4.15.11-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 392 2022-09-29 20:19 ./patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 38098032 2022-09-29 20:19 ./patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-09-29 20:19 ./patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz.asc @@ -923,7 +923,7 @@ drwxr-xr-x 2 root root 4096 2022-08-26 04:06 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 388 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 105356 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz.asc -drwxr-xr-x 52 root root 4096 2022-10-21 18:14 ./patches/source +drwxr-xr-x 52 root root 4096 2022-10-25 18:36 ./patches/source drwxr-xr-x 2 root root 4096 2022-01-16 05:07 ./patches/source/aaa_base -rw-r--r-- 1 root root 11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz -rwxr-xr-x 1 root root 3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild @@ -1028,9 +1028,9 @@ drwxr-xr-x 2 root root 4096 2022-09-26 18:09 ./patches/source/dnsmasq -rw-r--r-- 1 root root 345 2021-04-25 18:48 ./patches/source/dnsmasq/doinst.sh.gz -rw-r--r-- 1 root root 383 2021-04-25 18:44 ./patches/source/dnsmasq/rc.dnsmasq.gz -rw-r--r-- 1 root root 898 2018-02-27 06:13 ./patches/source/dnsmasq/slack-desc -drwxr-xr-x 2 root root 4096 2022-09-20 19:25 ./patches/source/expat --rw-r--r-- 1 root root 457785 2022-09-20 15:11 ./patches/source/expat/expat-2.4.9.tar.lz --rw-r--r-- 1 root root 833 2022-09-20 15:11 ./patches/source/expat/expat-2.4.9.tar.lz.asc +drwxr-xr-x 2 root root 4096 2022-10-25 18:01 ./patches/source/expat +-rw-r--r-- 1 root root 459132 2022-10-25 15:41 ./patches/source/expat/expat-2.5.0.tar.lz +-rw-r--r-- 1 root root 833 2022-10-25 15:41 ./patches/source/expat/expat-2.5.0.tar.lz.asc -rwxr-xr-x 1 root root 3363 2022-03-05 17:08 ./patches/source/expat/expat.SlackBuild -rw-r--r-- 1 root root 754 2018-08-16 17:16 ./patches/source/expat/slack-desc drwxr-xr-x 2 root root 4096 2022-02-21 19:14 ./patches/source/flac @@ -1327,14 +1327,14 @@ drwxr-xr-x 2 root root 4096 2022-04-13 18:15 ./patches/source/ruby -rw-r--r-- 1 root root 15494036 2022-04-12 12:30 ./patches/source/ruby/ruby-3.0.4.tar.lz -rwxr-xr-x 1 root root 4817 2022-04-13 18:14 ./patches/source/ruby/ruby.SlackBuild -rw-r--r-- 1 root root 837 2019-03-13 16:43 ./patches/source/ruby/slack-desc -drwxr-xr-x 2 root root 4096 2022-10-19 18:51 ./patches/source/samba +drwxr-xr-x 2 root root 4096 2022-10-25 16:47 ./patches/source/samba -rw-r--r-- 1 root root 703 2016-06-13 04:19 ./patches/source/samba/doinst.sh.gz -rw-r--r-- 1 root root 940 2016-06-04 17:50 ./patches/source/samba/rc.samba --rw-r--r-- 1 root root 833 2022-09-28 15:35 ./patches/source/samba/samba-4.15.10.tar.asc --rw-r--r-- 1 root root 11901506 2022-09-28 15:35 ./patches/source/samba/samba-4.15.10.tar.lz +-rw-r--r-- 1 root root 833 2022-10-24 10:41 ./patches/source/samba/samba-4.15.11.tar.asc +-rw-r--r-- 1 root root 11906111 2022-10-24 10:41 ./patches/source/samba/samba-4.15.11.tar.lz -rwxr-xr-x 1 root root 7654 2022-05-02 18:04 ./patches/source/samba/samba.SlackBuild -rw-r--r-- 1 root root 227 2019-02-06 20:36 ./patches/source/samba/samba.libsmbclient.h.ffmpeg.compat.diff.gz --rw-r--r-- 1 root root 131 2022-10-19 18:50 ./patches/source/samba/samba.url +-rw-r--r-- 1 root root 131 2022-10-25 16:46 ./patches/source/samba/samba.url -rw-r--r-- 1 root root 960 2018-02-27 06:13 ./patches/source/samba/slack-desc -rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./patches/source/samba/smb.conf.default -rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./patches/source/samba/smb.conf.default.orig diff --git a/patches/packages/expat-2.4.9-x86_64-1_slack15.0.txt b/patches/packages/expat-2.4.9-x86_64-1_slack15.0.txt deleted file mode 100644 index e5f720d42..000000000 --- a/patches/packages/expat-2.4.9-x86_64-1_slack15.0.txt +++ /dev/null @@ -1,11 +0,0 @@ -expat: expat (C library for parsing XML) -expat: -expat: This is Expat, a C library for parsing XML, written by James Clark. -expat: Expat is a stream-oriented XML parser used by Python, GNOME, Xft2, -expat: and other things. -expat: -expat: Homepage: https://libexpat.github.io -expat: -expat: -expat: -expat: diff --git a/patches/packages/expat-2.5.0-x86_64-1_slack15.0.txt b/patches/packages/expat-2.5.0-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..e5f720d42 --- /dev/null +++ b/patches/packages/expat-2.5.0-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +expat: expat (C library for parsing XML) +expat: +expat: This is Expat, a C library for parsing XML, written by James Clark. +expat: Expat is a stream-oriented XML parser used by Python, GNOME, Xft2, +expat: and other things. +expat: +expat: Homepage: https://libexpat.github.io +expat: +expat: +expat: +expat: diff --git a/patches/packages/samba-4.15.10-x86_64-1_slack15.0.txt b/patches/packages/samba-4.15.10-x86_64-1_slack15.0.txt deleted file mode 100644 index e1800f156..000000000 --- a/patches/packages/samba-4.15.10-x86_64-1_slack15.0.txt +++ /dev/null @@ -1,11 +0,0 @@ -samba: samba (CIFS file and print server) -samba: -samba: Samba is a CIFS file and print server for CIFS clients. It allows -samba: you to make file space or printers on a Samba host available to CIFS -samba: clients (such as PCs running Windows). -samba: -samba: If you have any Windows file servers, you may be able to replace them -samba: or supplement them with Samba. One of Samba's big strengths is -samba: integration, so you can use it to tie together your Linux hosts and -samba: Windows PC clients. -samba: diff --git a/patches/packages/samba-4.15.11-x86_64-1_slack15.0.txt b/patches/packages/samba-4.15.11-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..e1800f156 --- /dev/null +++ b/patches/packages/samba-4.15.11-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +samba: samba (CIFS file and print server) +samba: +samba: Samba is a CIFS file and print server for CIFS clients. It allows +samba: you to make file space or printers on a Samba host available to CIFS +samba: clients (such as PCs running Windows). +samba: +samba: If you have any Windows file servers, you may be able to replace them +samba: or supplement them with Samba. One of Samba's big strengths is +samba: integration, so you can use it to tie together your Linux hosts and +samba: Windows PC clients. +samba: diff --git a/patches/source/samba/samba.url b/patches/source/samba/samba.url index 6b88c562a..66a8df80d 100644 --- a/patches/source/samba/samba.url +++ b/patches/source/samba/samba.url @@ -1,2 +1,2 @@ -https://download.samba.org/pub/samba/stable/samba-4.15.10.tar.gz -https://download.samba.org/pub/samba/stable/samba-4.15.10.tar.asc +https://download.samba.org/pub/samba/stable/samba-4.15.11.tar.gz +https://download.samba.org/pub/samba/stable/samba-4.15.11.tar.asc -- cgit v1.2.3-65-gdbad