From 837ec54cfe1c06e90127faa662eb29ccf67150c7 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 19 May 2023 18:59:24 +0000 Subject: Fri May 19 18:59:24 UTC 2023 patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz: Upgraded. [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x. With execv() command line arguments are passed as separate strings and not the full command line in a single string. This prevents arbitrary command execution by escaping the quoting of the arguments in a job with forged job title. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-24805 (* Security fix *) --- ChangeLog.rss | 24 ++- ChangeLog.txt | 12 ++ FILELIST.TXT | 136 +++++++++-------- .../cups-filters-1.28.17-x86_64-1_slack15.0.txt | 11 ++ patches/source/cups-filters/CVE-2023-24805.patch | 167 +++++++++++++++++++++ .../source/cups-filters/cups-filters.SlackBuild | 147 ++++++++++++++++++ patches/source/cups-filters/cups-filters.url | 1 + patches/source/cups-filters/doinst.sh | 27 ++++ patches/source/cups-filters/slack-desc | 19 +++ recompress.sh | 2 + 10 files changed, 481 insertions(+), 65 deletions(-) create mode 100644 patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt create mode 100644 patches/source/cups-filters/CVE-2023-24805.patch create mode 100755 patches/source/cups-filters/cups-filters.SlackBuild create mode 100644 patches/source/cups-filters/cups-filters.url create mode 100644 patches/source/cups-filters/doinst.sh create mode 100644 patches/source/cups-filters/slack-desc diff --git a/ChangeLog.rss b/ChangeLog.rss index 0f2b843e3..ad60250a2 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,29 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Wed, 17 May 2023 20:59:51 GMT - Thu, 18 May 2023 11:30:15 GMT + Fri, 19 May 2023 18:59:24 GMT + Sat, 20 May 2023 11:38:45 GMT maintain_current_git.sh v 1.17 + + Fri, 19 May 2023 18:59:24 GMT + Fri, 19 May 2023 18:59:24 GMT + https://git.slackware.nl/current/tag/?h=20230519185924 + 20230519185924 + + +patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz: Upgraded. + [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x. + With execv() command line arguments are passed as separate strings and + not the full command line in a single string. This prevents arbitrary + command execution by escaping the quoting of the arguments in a job + with forged job title. + Thanks to marav. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-24805 + (* Security fix *) + ]]> + + Wed, 17 May 2023 20:59:51 GMT Wed, 17 May 2023 20:59:51 GMT diff --git a/ChangeLog.txt b/ChangeLog.txt index 27ed9a0fb..8e0b73b0a 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,15 @@ +Fri May 19 18:59:24 UTC 2023 +patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz: Upgraded. + [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x. + With execv() command line arguments are passed as separate strings and + not the full command line in a single string. This prevents arbitrary + command execution by escaping the quoting of the arguments in a job + with forged job title. + Thanks to marav. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-24805 + (* Security fix *) ++--------------------------+ Wed May 17 20:59:51 UTC 2023 patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: diff --git a/FILELIST.TXT b/FILELIST.TXT index c2dc77405..33d78e7ad 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Wed May 17 21:06:08 UTC 2023 +Fri May 19 19:01:52 UTC 2023 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2023-05-17 20:59 . +drwxr-xr-x 12 root root 4096 2023-05-19 18:59 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1176579 2023-05-14 17:08 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2023-05-14 17:08 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1176579 2023-05-17 21:06 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2023-05-17 21:06 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 2011284 2023-05-17 20:59 ./ChangeLog.txt +-rw-r--r-- 1 root root 2011831 2023-05-19 18:59 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1534352 2023-05-14 17:07 ./FILELIST.TXT +-rw-r--r-- 1 root root 1534352 2023-05-17 21:06 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY -rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT @@ -738,13 +738,13 @@ drwxr-xr-x 2 root root 4096 2008-05-07 05:21 ./pasture/source/php/pear -rwxr-xr-x 1 root root 9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild -rw-r--r-- 1 root root 775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz -rw-r--r-- 1 root root 830 2005-12-09 05:18 ./pasture/source/php/slack-desc -drwxr-xr-x 4 root root 4096 2023-05-17 21:06 ./patches --rw-r--r-- 1 root root 70369 2023-05-17 21:06 ./patches/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2023-05-17 21:06 ./patches/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 95299 2023-05-17 21:06 ./patches/FILE_LIST --rw-r--r-- 1 root root 12013730 2023-05-17 21:06 ./patches/MANIFEST.bz2 --rw-r--r-- 1 root root 50881 2023-05-17 21:06 ./patches/PACKAGES.TXT -drwxr-xr-x 3 root root 20480 2023-05-17 21:06 ./patches/packages +drwxr-xr-x 4 root root 4096 2023-05-19 19:01 ./patches +-rw-r--r-- 1 root root 71093 2023-05-19 19:01 ./patches/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2023-05-19 19:01 ./patches/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 96249 2023-05-19 19:01 ./patches/FILE_LIST +-rw-r--r-- 1 root root 12012998 2023-05-19 19:01 ./patches/MANIFEST.bz2 +-rw-r--r-- 1 root root 51431 2023-05-19 19:01 ./patches/PACKAGES.TXT +drwxr-xr-x 3 root root 20480 2023-05-19 19:01 ./patches/packages -rw-r--r-- 1 root root 327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt -rw-r--r-- 1 root root 10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz -rw-r--r-- 1 root root 163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc @@ -772,6 +772,9 @@ drwxr-xr-x 3 root root 20480 2023-05-17 21:06 ./patches/packages -rw-r--r-- 1 root root 642 2022-09-21 19:13 ./patches/packages/cups-2.4.2-x86_64-3_slack15.0.txt -rw-r--r-- 1 root root 1589324 2022-09-21 19:13 ./patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz -rw-r--r-- 1 root root 163 2022-09-21 19:13 ./patches/packages/cups-2.4.2-x86_64-3_slack15.0.txz.asc +-rw-r--r-- 1 root root 416 2023-05-19 18:13 ./patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 827024 2023-05-19 18:13 ./patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2023-05-19 18:13 ./patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 552 2023-05-17 16:53 ./patches/packages/curl-8.1.0-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 1347864 2023-05-17 16:53 ./patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-05-17 16:53 ./patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz.asc @@ -989,7 +992,7 @@ drwxr-xr-x 2 root root 4096 2023-02-18 02:05 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc -drwxr-xr-x 73 root root 4096 2023-05-17 17:35 ./patches/source +drwxr-xr-x 74 root root 4096 2023-05-19 18:56 ./patches/source drwxr-xr-x 2 root root 4096 2022-01-16 05:07 ./patches/source/aaa_base -rw-r--r-- 1 root root 11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz -rwxr-xr-x 1 root root 3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild @@ -1060,6 +1063,13 @@ drwxr-xr-x 2 root root 4096 2023-05-06 18:51 ./patches/source/ca-certifica -rw-r--r-- 1 root root 829 2019-02-26 23:30 ./patches/source/ca-certificates/slack-desc -rw-r--r-- 1 root root 229 2019-02-26 20:33 ./patches/source/ca-certificates/update-ca-certificates.c_rehash.diff.gz drwxr-xr-x 2 root root 4096 2022-09-21 19:12 ./patches/source/cups +drwxr-xr-x 2 root root 4096 2023-05-19 18:08 ./patches/source/cups-filters +-rw-r--r-- 1 root root 1831 2023-05-19 18:08 ./patches/source/cups-filters/CVE-2023-24805.patch.gz +-rw-r--r-- 1 root root 1230865 2023-01-25 01:38 ./patches/source/cups-filters/cups-filters-1.28.17.tar.lz +-rwxr-xr-x 1 root root 4647 2023-05-19 18:11 ./patches/source/cups-filters/cups-filters.SlackBuild +-rw-r--r-- 1 root root 51 2014-07-21 02:53 ./patches/source/cups-filters/cups-filters.url +-rw-r--r-- 1 root root 339 2018-01-08 22:54 ./patches/source/cups-filters/doinst.sh.gz +-rw-r--r-- 1 root root 908 2018-02-27 06:12 ./patches/source/cups-filters/slack-desc -rw-r--r-- 1 root root 691 2022-09-21 19:02 ./patches/source/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch.gz -rw-r--r-- 1 root root 824 2022-09-21 19:10 ./patches/source/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch.gz -rw-r--r-- 1 root root 6207496 2022-05-26 06:17 ./patches/source/cups/cups-2.4.2.tar.lz @@ -2742,16 +2752,16 @@ drwxr-xr-x 2 root root 69632 2022-02-01 08:29 ./slackware64/kde -rw-r--r-- 1 root root 163 2022-01-04 21:34 ./slackware64/kde/breeze-gtk-5.23.5-x86_64-1.txz.asc -rw-r--r-- 1 root root 303 2022-01-08 22:30 ./slackware64/kde/breeze-icons-5.90.0-noarch-1.txt -rw-r--r-- 1 root root 4259620 2022-01-08 22:30 ./slackware64/kde/breeze-icons-5.90.0-noarch-1.txz --rw-r--r-- 1 root root 163 2022-01-08 22:30 ./slackware64/kde/breeze-icons-5.90.0-noarch-1.txz.asc --rw-r--r-- 1 root root 293 2022-01-06 21:42 ./slackware64/kde/calendarsupport-21.12.1-x86_64-1.txt --rw-r--r-- 1 root root 565492 2022-01-06 21:42 ./slackware64/kde/calendarsupport-21.12.1-x86_64-1.txz --rw-r--r-- 1 root root 163 2022-01-06 21:42 ./slackware64/kde/calendarsupport-21.12.1-x86_64-1.txz.asc --rw-r--r-- 1 root root 543 2021-12-26 20:07 ./slackware64/kde/calligra-3.2.1-x86_64-15.txt --rw-r--r-- 1 root root 57553824 2021-12-26 20:07 ./slackware64/kde/calligra-3.2.1-x86_64-15.txz --rw-r--r-- 1 root root 163 2021-12-26 20:07 ./slackware64/kde/calligra-3.2.1-x86_64-15.txz.asc --rw-r--r-- 1 root root 356 2021-09-30 19:55 ./slackware64/kde/calligraplan-3.3.0-x86_64-3.txt --rw-r--r-- 1 root root 5380488 2021-09-30 19:55 ./slackware64/kde/calligraplan-3.3.0-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-09-30 19:55 ./slackware64/kde/calligraplan-3.3.0-x86_64-3.txz.asc +-rw-r--r-- 1 root root 163 2022-01-08 22:30 ./slackware64/kde/breeze-icons-5.90.0-noarch-1.txz.asc +-rw-r--r-- 1 root root 293 2022-01-06 21:42 ./slackware64/kde/calendarsupport-21.12.1-x86_64-1.txt +-rw-r--r-- 1 root root 565492 2022-01-06 21:42 ./slackware64/kde/calendarsupport-21.12.1-x86_64-1.txz +-rw-r--r-- 1 root root 163 2022-01-06 21:42 ./slackware64/kde/calendarsupport-21.12.1-x86_64-1.txz.asc +-rw-r--r-- 1 root root 543 2021-12-26 20:07 ./slackware64/kde/calligra-3.2.1-x86_64-15.txt +-rw-r--r-- 1 root root 57553824 2021-12-26 20:07 ./slackware64/kde/calligra-3.2.1-x86_64-15.txz +-rw-r--r-- 1 root root 163 2021-12-26 20:07 ./slackware64/kde/calligra-3.2.1-x86_64-15.txz.asc +-rw-r--r-- 1 root root 356 2021-09-30 19:55 ./slackware64/kde/calligraplan-3.3.0-x86_64-3.txt +-rw-r--r-- 1 root root 5380488 2021-09-30 19:55 ./slackware64/kde/calligraplan-3.3.0-x86_64-3.txz +-rw-r--r-- 1 root root 163 2021-09-30 19:55 ./slackware64/kde/calligraplan-3.3.0-x86_64-3.txz.asc -rw-r--r-- 1 root root 332 2022-01-06 22:40 ./slackware64/kde/cantor-21.12.1-x86_64-1.txt -rw-r--r-- 1 root root 2156824 2022-01-06 22:40 ./slackware64/kde/cantor-21.12.1-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-01-06 22:40 ./slackware64/kde/cantor-21.12.1-x86_64-1.txz.asc @@ -5479,16 +5489,16 @@ drwxr-xr-x 2 root root 65536 2022-02-01 04:47 ./slackware64/x -rw-r--r-- 1 root root 224 2022-01-05 06:55 ./slackware64/x/fcitx-qt5-1.2.7-x86_64-1.txt -rw-r--r-- 1 root root 153040 2022-01-05 06:55 ./slackware64/x/fcitx-qt5-1.2.7-x86_64-1.txz -rw-r--r-- 1 root root 163 2022-01-05 06:55 ./slackware64/x/fcitx-qt5-1.2.7-x86_64-1.txz.asc --rw-r--r-- 1 root root 278 2021-02-13 12:45 ./slackware64/x/fcitx-sayura-0.1.2-x86_64-3.txt --rw-r--r-- 1 root root 18380 2021-02-13 12:45 ./slackware64/x/fcitx-sayura-0.1.2-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-02-13 12:45 ./slackware64/x/fcitx-sayura-0.1.2-x86_64-3.txz.asc --rw-r--r-- 1 root root 394 2021-02-13 12:45 ./slackware64/x/fcitx-table-extra-0.3.8-x86_64-3.txt --rw-r--r-- 1 root root 4096992 2021-02-13 12:45 ./slackware64/x/fcitx-table-extra-0.3.8-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-02-13 12:45 ./slackware64/x/fcitx-table-extra-0.3.8-x86_64-3.txz.asc --rw-r--r-- 1 root root 397 2021-02-13 12:45 ./slackware64/x/fcitx-table-other-0.2.4-x86_64-3.txt --rw-r--r-- 1 root root 220552 2021-02-13 12:45 ./slackware64/x/fcitx-table-other-0.2.4-x86_64-3.txz --rw-r--r-- 1 root root 163 2021-02-13 12:45 ./slackware64/x/fcitx-table-other-0.2.4-x86_64-3.txz.asc --rw-r--r-- 1 root root 291 2021-02-13 12:45 ./slackware64/x/fcitx-unikey-0.2.7-x86_64-3.txt +-rw-r--r-- 1 root root 278 2021-02-13 12:45 ./slackware64/x/fcitx-sayura-0.1.2-x86_64-3.txt +-rw-r--r-- 1 root root 18380 2021-02-13 12:45 ./slackware64/x/fcitx-sayura-0.1.2-x86_64-3.txz +-rw-r--r-- 1 root root 163 2021-02-13 12:45 ./slackware64/x/fcitx-sayura-0.1.2-x86_64-3.txz.asc +-rw-r--r-- 1 root root 394 2021-02-13 12:45 ./slackware64/x/fcitx-table-extra-0.3.8-x86_64-3.txt +-rw-r--r-- 1 root root 4096992 2021-02-13 12:45 ./slackware64/x/fcitx-table-extra-0.3.8-x86_64-3.txz +-rw-r--r-- 1 root root 163 2021-02-13 12:45 ./slackware64/x/fcitx-table-extra-0.3.8-x86_64-3.txz.asc +-rw-r--r-- 1 root root 397 2021-02-13 12:45 ./slackware64/x/fcitx-table-other-0.2.4-x86_64-3.txt +-rw-r--r-- 1 root root 220552 2021-02-13 12:45 ./slackware64/x/fcitx-table-other-0.2.4-x86_64-3.txz +-rw-r--r-- 1 root root 163 2021-02-13 12:45 ./slackware64/x/fcitx-table-other-0.2.4-x86_64-3.txz.asc +-rw-r--r-- 1 root root 291 2021-02-13 12:45 ./slackware64/x/fcitx-unikey-0.2.7-x86_64-3.txt -rw-r--r-- 1 root root 79120 2021-02-13 12:45 ./slackware64/x/fcitx-unikey-0.2.7-x86_64-3.txz -rw-r--r-- 1 root root 163 2021-02-13 12:45 ./slackware64/x/fcitx-unikey-0.2.7-x86_64-3.txz.asc -rw-r--r-- 1 root root 436 2021-02-13 13:19 ./slackware64/x/font-adobe-100dpi-1.0.3-noarch-5.txt @@ -8618,20 +8628,20 @@ drwxr-xr-x 2 root root 4096 2022-01-23 01:07 ./source/d/parallel drwxr-xr-x 2 root root 4096 2021-12-14 21:01 ./source/d/patchelf -rw-r--r-- 1 root root 91259 2021-12-05 14:39 ./source/d/patchelf/patchelf-0.14.3.tar.lz -rwxr-xr-x 1 root root 4422 2021-08-06 17:30 ./source/d/patchelf/patchelf.SlackBuild --rw-r--r-- 1 root root 925 2018-02-27 06:13 ./source/d/patchelf/slack-desc -drwxr-xr-x 2 root root 4096 2021-05-21 04:53 ./source/d/perl --rw-r--r-- 1 root root 45129 2012-09-04 16:12 ./source/d/perl/Authen-SASL-2.16.tar.gz --rw-r--r-- 1 root root 161579 2019-01-09 09:07 ./source/d/perl/DBD-mysql-4.050.tar.gz --rw-r--r-- 1 root root 612372 2020-01-31 19:02 ./source/d/perl/DBI-1.643.tar.gz --rw-r--r-- 1 root root 15562 2019-11-12 05:45 ./source/d/perl/Devel-CheckLib-1.14.tar.gz --rw-r--r-- 1 root root 248102 2021-02-26 08:03 ./source/d/perl/IO-Socket-SSL-2.070.tar.gz --rw-r--r-- 1 root root 32767 2020-09-27 00:13 ./source/d/perl/MIME-Base64-3.16.tar.gz --rw-r--r-- 1 root root 18275 2017-10-17 20:29 ./source/d/perl/Module-Runtime-0.016.tar.gz --rw-r--r-- 1 root root 108339 2021-03-29 06:42 ./source/d/perl/Moo-2.005004.tar.gz --rw-r--r-- 1 root root 534246 2021-01-21 19:08 ./source/d/perl/Net-SSLeay-1.90.tar.gz --rw-r--r-- 1 root root 108661 2017-08-04 08:05 ./source/d/perl/Parse-Yapp-1.21.tar.gz --rw-r--r-- 1 root root 92950 2021-02-05 00:12 ./source/d/perl/Path-Tiny-0.118.tar.gz --rw-r--r-- 1 root root 32485 2019-10-01 17:33 ./source/d/perl/Sub-Quote-2.006006.tar.gz +-rw-r--r-- 1 root root 925 2018-02-27 06:13 ./source/d/patchelf/slack-desc +drwxr-xr-x 2 root root 4096 2021-05-21 04:53 ./source/d/perl +-rw-r--r-- 1 root root 45129 2012-09-04 16:12 ./source/d/perl/Authen-SASL-2.16.tar.gz +-rw-r--r-- 1 root root 161579 2019-01-09 09:07 ./source/d/perl/DBD-mysql-4.050.tar.gz +-rw-r--r-- 1 root root 612372 2020-01-31 19:02 ./source/d/perl/DBI-1.643.tar.gz +-rw-r--r-- 1 root root 15562 2019-11-12 05:45 ./source/d/perl/Devel-CheckLib-1.14.tar.gz +-rw-r--r-- 1 root root 248102 2021-02-26 08:03 ./source/d/perl/IO-Socket-SSL-2.070.tar.gz +-rw-r--r-- 1 root root 32767 2020-09-27 00:13 ./source/d/perl/MIME-Base64-3.16.tar.gz +-rw-r--r-- 1 root root 18275 2017-10-17 20:29 ./source/d/perl/Module-Runtime-0.016.tar.gz +-rw-r--r-- 1 root root 108339 2021-03-29 06:42 ./source/d/perl/Moo-2.005004.tar.gz +-rw-r--r-- 1 root root 534246 2021-01-21 19:08 ./source/d/perl/Net-SSLeay-1.90.tar.gz +-rw-r--r-- 1 root root 108661 2017-08-04 08:05 ./source/d/perl/Parse-Yapp-1.21.tar.gz +-rw-r--r-- 1 root root 92950 2021-02-05 00:12 ./source/d/perl/Path-Tiny-0.118.tar.gz +-rw-r--r-- 1 root root 32485 2019-10-01 17:33 ./source/d/perl/Sub-Quote-2.006006.tar.gz -rw-r--r-- 1 root root 523388 2020-07-13 21:51 ./source/d/perl/Template-Toolkit-3.009.tar.gz -rw-r--r-- 1 root root 85164 2019-01-05 11:57 ./source/d/perl/TermReadKey-2.38.tar.gz -rw-r--r-- 1 root root 108897 2021-03-03 15:19 ./source/d/perl/URI-5.09.tar.gz @@ -15042,21 +15052,21 @@ drwxr-xr-x 2 root root 12288 2020-05-18 17:50 ./source/x/x11/slack-desc -rw-r--r-- 1 root root 829 2012-04-08 02:23 ./source/x/x11/slack-desc/fstobdf -rw-r--r-- 1 root root 818 2012-04-08 02:23 ./source/x/x11/slack-desc/gccmakedep -rw-r--r-- 1 root root 736 2014-05-13 20:38 ./source/x/x11/slack-desc/glamor-egl --rw-r--r-- 1 root root 781 2012-04-08 02:25 ./source/x/x11/slack-desc/glproto --rw-r--r-- 1 root root 805 2018-02-26 22:55 ./source/x/x11/slack-desc/iceauth --rw-r--r-- 1 root root 760 2018-02-26 22:55 ./source/x/x11/slack-desc/ico --rw-r--r-- 1 root root 875 2018-07-19 17:59 ./source/x/x11/slack-desc/igt-gpu-tools --rw-r--r-- 1 root root 753 2018-02-26 22:55 ./source/x/x11/slack-desc/imake --rw-r--r-- 1 root root 820 2012-04-08 02:27 ./source/x/x11/slack-desc/inputproto --rw-r--r-- 1 root root 785 2012-04-08 02:28 ./source/x/x11/slack-desc/kbproto --rw-r--r-- 1 root root 745 2012-04-08 02:28 ./source/x/x11/slack-desc/libFS --rw-r--r-- 1 root root 761 2012-04-08 02:29 ./source/x/x11/slack-desc/libICE --rw-r--r-- 1 root root 744 2012-04-08 02:42 ./source/x/x11/slack-desc/libSM --rw-r--r-- 1 root root 762 2012-04-08 02:42 ./source/x/x11/slack-desc/libX11 --rw-r--r-- 1 root root 869 2012-04-08 03:03 ./source/x/x11/slack-desc/libXScrnSaver --rw-r--r-- 1 root root 923 2018-02-26 22:55 ./source/x/x11/slack-desc/libXau --rw-r--r-- 1 root root 665 2012-04-08 03:03 ./source/x/x11/slack-desc/libXaw --rw-r--r-- 1 root root 970 2018-02-26 22:55 ./source/x/x11/slack-desc/libXaw3d +-rw-r--r-- 1 root root 781 2012-04-08 02:25 ./source/x/x11/slack-desc/glproto +-rw-r--r-- 1 root root 805 2018-02-26 22:55 ./source/x/x11/slack-desc/iceauth +-rw-r--r-- 1 root root 760 2018-02-26 22:55 ./source/x/x11/slack-desc/ico +-rw-r--r-- 1 root root 875 2018-07-19 17:59 ./source/x/x11/slack-desc/igt-gpu-tools +-rw-r--r-- 1 root root 753 2018-02-26 22:55 ./source/x/x11/slack-desc/imake +-rw-r--r-- 1 root root 820 2012-04-08 02:27 ./source/x/x11/slack-desc/inputproto +-rw-r--r-- 1 root root 785 2012-04-08 02:28 ./source/x/x11/slack-desc/kbproto +-rw-r--r-- 1 root root 745 2012-04-08 02:28 ./source/x/x11/slack-desc/libFS +-rw-r--r-- 1 root root 761 2012-04-08 02:29 ./source/x/x11/slack-desc/libICE +-rw-r--r-- 1 root root 744 2012-04-08 02:42 ./source/x/x11/slack-desc/libSM +-rw-r--r-- 1 root root 762 2012-04-08 02:42 ./source/x/x11/slack-desc/libX11 +-rw-r--r-- 1 root root 869 2012-04-08 03:03 ./source/x/x11/slack-desc/libXScrnSaver +-rw-r--r-- 1 root root 923 2018-02-26 22:55 ./source/x/x11/slack-desc/libXau +-rw-r--r-- 1 root root 665 2012-04-08 03:03 ./source/x/x11/slack-desc/libXaw +-rw-r--r-- 1 root root 970 2018-02-26 22:55 ./source/x/x11/slack-desc/libXaw3d -rw-r--r-- 1 root root 872 2012-04-08 03:04 ./source/x/x11/slack-desc/libXcomposite -rw-r--r-- 1 root root 827 2012-04-08 03:06 ./source/x/x11/slack-desc/libXcursor -rw-r--r-- 1 root root 827 2012-04-08 03:06 ./source/x/x11/slack-desc/libXdamage diff --git a/patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt b/patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..f8e50be74 --- /dev/null +++ b/patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +cups-filters: cups-filters (backends and filters for CUPS) +cups-filters: +cups-filters: This package provides backends, filters, and other software that was +cups-filters: once part of the core CUPS distribution but is no longer included. +cups-filters: In addition it contains additional filters and software developed +cups-filters: independently. +cups-filters: +cups-filters: +cups-filters: +cups-filters: +cups-filters: diff --git a/patches/source/cups-filters/CVE-2023-24805.patch b/patches/source/cups-filters/CVE-2023-24805.patch new file mode 100644 index 000000000..e84312a82 --- /dev/null +++ b/patches/source/cups-filters/CVE-2023-24805.patch @@ -0,0 +1,167 @@ +--- ./backend/beh.c.orig 2023-01-24 19:38:24.000000000 -0600 ++++ ./backend/beh.c 2023-05-19 13:08:27.724167656 -0500 +@@ -22,12 +22,14 @@ + #include "backend-private.h" + #include + #include ++#include ++ + + /* + * Local globals... + */ + +-static int job_canceled = 0; /* Set to 1 on SIGTERM */ ++static volatile int job_canceled = 0; /* Set to 1 on SIGTERM */ + + /* + * Local functions... +@@ -213,21 +215,44 @@ + char **argv, /* I - Command-line arguments */ + char *filename) { /* I - File name of input data */ + const char *cups_serverbin; /* Location of programs */ ++ char *backend_argv[8]; // Arguments for called CUPS backend + char scheme[1024], /* Scheme from URI */ + *ptr, /* Pointer into scheme */ +- cmdline[65536]; /* Backend command line */ +- int retval; ++ backend_path[2048]; // Backend path ++ int pid, ++ wait_pid, ++ wait_status, ++ retval = 0; ++ int bytes; ++ + + /* + * Build the backend command line... + */ + +- strncpy(scheme, uri, sizeof(scheme) - 1); +- if (strlen(uri) > 1023) +- scheme[1023] = '\0'; ++ scheme[0] = '\0'; ++ strncat(scheme, uri, sizeof(scheme) - 1); + if ((ptr = strchr(scheme, ':')) != NULL) + *ptr = '\0'; +- ++ else ++ { ++ fprintf(stderr, ++ "ERROR: beh: Invalid URI, no colon (':') to mark end of scheme part.\n"); ++ exit (CUPS_BACKEND_FAILED); ++ } ++ if (strchr(scheme, '/')) ++ { ++ fprintf(stderr, ++ "ERROR: beh: Invalid URI, scheme contains a slash ('/').\n"); ++ exit (CUPS_BACKEND_FAILED); ++ } ++ if (!strcmp(scheme, ".") || !strcmp(scheme, "..")) ++ { ++ fprintf(stderr, ++ "ERROR: beh: Invalid URI, scheme (\"%s\") is a directory.\n", ++ scheme); ++ exit (CUPS_BACKEND_FAILED); ++ } + if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL) + cups_serverbin = CUPS_SERVERBIN; + +@@ -235,16 +260,26 @@ + fprintf(stderr, + "ERROR: beh: Direct output into a file not supported.\n"); + exit (CUPS_BACKEND_FAILED); +- } else +- snprintf(cmdline, sizeof(cmdline), +- "%s/backend/%s '%s' '%s' '%s' '%s' '%s' %s", +- cups_serverbin, scheme, argv[1], argv[2], argv[3], +- /* Apply number of copies only if beh was called with a +- file name and not with the print data in stdin, as +- backends should handle copies only if they are called +- with a file name */ +- (argc == 6 ? "1" : argv[4]), +- argv[5], filename); ++ } ++ ++ backend_argv[0] = uri; ++ backend_argv[1] = argv[1]; ++ backend_argv[2] = argv[2]; ++ backend_argv[3] = argv[3]; ++ backend_argv[4] = (argc == 6 ? "1" : argv[4]); ++ backend_argv[5] = argv[5]; ++ backend_argv[6] = filename; ++ backend_argv[7] = NULL; ++ ++ bytes = snprintf(backend_path, sizeof(backend_path), ++ "%s/backend/%s", cups_serverbin, scheme); ++ if (bytes < 0 || bytes >= sizeof(backend_path)) ++ { ++ fprintf(stderr, ++ "ERROR: beh: Invalid scheme (\"%s\"), could not determing backend path.\n", ++ scheme); ++ exit (CUPS_BACKEND_FAILED); ++ } + + /* + * Overwrite the device URI and run the actual backend... +@@ -253,17 +288,41 @@ + setenv("DEVICE_URI", uri, 1); + + fprintf(stderr, +- "DEBUG: beh: Executing backend command line \"%s\"...\n", +- cmdline); ++ "DEBUG: beh: Executing backend command line \"%s '%s' '%s' '%s' '%s' '%s'%s%s\"...\n", ++ backend_path, backend_argv[1], backend_argv[2], backend_argv[3], ++ backend_argv[4], backend_argv[5], ++ (backend_argv[6] && backend_argv[6][0] ? " " : ""), ++ (backend_argv[6] && backend_argv[6][0] ? backend_argv[6] : "")); + fprintf(stderr, + "DEBUG: beh: Using device URI: %s\n", + uri); + +- retval = system(cmdline) >> 8; ++ if ((pid = fork()) == 0) ++ { ++ retval = execv(backend_path, backend_argv); ++ ++ if (retval == -1) ++ fprintf(stderr, "ERROR: Unable to execute backend: %s\n", ++ strerror(errno)); ++ exit (CUPS_BACKEND_FAILED); ++ } ++ else if (pid < 0) ++ { ++ fprintf(stderr, "ERROR: Unable to fork for backend\n"); ++ return (CUPS_BACKEND_FAILED); ++ } ++ ++ while ((wait_pid = wait(&wait_status)) < 0 && errno == EINTR); + +- if (retval == -1) +- fprintf(stderr, "ERROR: Unable to execute backend command line: %s\n", +- strerror(errno)); ++ if (wait_pid >= 0 && wait_status) ++ { ++ if (WIFEXITED(wait_status)) ++ retval = WEXITSTATUS(wait_status); ++ else if (WTERMSIG(wait_status) != SIGTERM) ++ retval = WTERMSIG(wait_status); ++ else ++ retval = 0; ++ } + + return (retval); + } +@@ -277,8 +336,10 @@ + sigterm_handler(int sig) { /* I - Signal number (unused) */ + (void)sig; + +- fprintf(stderr, +- "DEBUG: beh: Job canceled.\n"); ++ const char * const msg = "DEBUG: beh: Job canceled.\n"; ++ // The if() is to eliminate the return value and silence the warning ++ // about an unused return value. ++ if (write(2, msg, strlen(msg))); + + if (job_canceled) + _exit(CUPS_BACKEND_OK); diff --git a/patches/source/cups-filters/cups-filters.SlackBuild b/patches/source/cups-filters/cups-filters.SlackBuild new file mode 100755 index 000000000..df671a376 --- /dev/null +++ b/patches/source/cups-filters/cups-filters.SlackBuild @@ -0,0 +1,147 @@ +#!/bin/bash + +# Copyright 2015, 2018, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=cups-filters +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1_slack15.0} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +zcat $CWD/CVE-2023-24805.patch.gz | patch -p1 --verbose || exit 1 + +if [ ! -r configure ]; then + if [ -x ./autogen.sh ]; then + NOCONFIGURE=1 ./autogen.sh + else + autoreconf -vif + fi +fi +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS -std=c++17 -fpermissive" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --mandir=/usr/man \ + --infodir=/usr/info \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --with-test-font-path=/usr/share/fonts/TTF/DejaVuSans.ttf \ + --without-php \ + --disable-avahi \ + --disable-mutool \ + --disable-static \ + --with-browseremoteprotocols=cups \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/etc/rc.d +mv $PKG/etc/init.d/cups-browsed $PKG/etc/rc.d/rc.cups-browsed +chmod 0644 $PKG/etc/rc.d/rc.cups-browsed +rm -rf $PKG/etc/init.d $PKG/etc/rc{0,2,3,5}.d + +find $PKG/etc -type f -exec mv {} {}.new \; + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + AUTHORS COPYING* INSTALL ChangeLog NEWS README* THANKS TODO \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/*-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/cups-filters/cups-filters.url b/patches/source/cups-filters/cups-filters.url new file mode 100644 index 000000000..7b1d5cdfa --- /dev/null +++ b/patches/source/cups-filters/cups-filters.url @@ -0,0 +1 @@ +http://www.openprinting.org/download/cups-filters/ diff --git a/patches/source/cups-filters/doinst.sh b/patches/source/cups-filters/doinst.sh new file mode 100644 index 000000000..35b624517 --- /dev/null +++ b/patches/source/cups-filters/doinst.sh @@ -0,0 +1,27 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +config etc/cups/cups-browsed.conf.new +preserve_perms etc/rc.d/rc.cups-browsed.new + diff --git a/patches/source/cups-filters/slack-desc b/patches/source/cups-filters/slack-desc new file mode 100644 index 000000000..9c2590f3b --- /dev/null +++ b/patches/source/cups-filters/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +cups-filters: cups-filters (backends and filters for CUPS) +cups-filters: +cups-filters: This package provides backends, filters, and other software that was +cups-filters: once part of the core CUPS distribution but is no longer included. +cups-filters: In addition it contains additional filters and software developed +cups-filters: independently. +cups-filters: +cups-filters: +cups-filters: +cups-filters: +cups-filters: diff --git a/recompress.sh b/recompress.sh index 1208446e4..25c8ba397 100755 --- a/recompress.sh +++ b/recompress.sh @@ -1224,6 +1224,8 @@ gzip ./patches/source/glibc-zoneinfo/zic.default.fat.diff gzip ./patches/source/sudo/doinst.sh gzip ./patches/source/rxvt-unicode/rxvt-unicode.utempter.diff gzip ./patches/source/rxvt-unicode/CVE-2022-4170.diff +gzip ./patches/source/cups-filters/doinst.sh +gzip ./patches/source/cups-filters/CVE-2023-24805.patch gzip ./patches/source/ca-certificates/fixup_update-ca-certificates.diff gzip ./patches/source/ca-certificates/doinst.sh gzip ./patches/source/ca-certificates/update-ca-certificates.c_rehash.diff -- cgit v1.2.3-79-gdb01