From b9cb99a88e34842a370c2a5a3cbe265b4ce1157b Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Wed, 19 Jul 2023 20:36:46 +0000 Subject: Wed Jul 19 20:36:46 UTC 2023 patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: fopen race condition. For more information, see: https://curl.se/docs/CVE-2023-32001.html https://www.cve.org/CVERecord?id=CVE-2023-32001 (* Security fix *) patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code execution relating to PKCS#11 providers. The PKCS#11 support ssh-agent(1) could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team. Potentially-incompatible changes: * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behaviour: "-Oallow-remote-pkcs11". For more information, see: https://www.openssh.com/txt/release-9.3p2 https://www.cve.org/CVERecord?id=CVE-2023-38408 (* Security fix *) --- ChangeLog.rss | 44 +++++++++++++++++- ChangeLog.txt | 32 +++++++++++++ FILELIST.TXT | 52 +++++++++++----------- patches/packages/curl-8.1.2-x86_64-1_slack15.0.txt | 11 ----- patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt | 11 +++++ .../packages/openssh-9.3p1-x86_64-1_slack15.0.txt | 11 ----- .../packages/openssh-9.3p2-x86_64-1_slack15.0.txt | 11 +++++ 7 files changed, 122 insertions(+), 50 deletions(-) delete mode 100644 patches/packages/curl-8.1.2-x86_64-1_slack15.0.txt create mode 100644 patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt delete mode 100644 patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txt create mode 100644 patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txt diff --git a/ChangeLog.rss b/ChangeLog.rss index 397884600..bd857b2a9 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,49 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Mon, 17 Jul 2023 19:17:19 GMT - Tue, 18 Jul 2023 11:30:21 GMT + Wed, 19 Jul 2023 20:36:46 GMT + Fri, 21 Jul 2023 11:30:19 GMT maintain_current_git.sh v 1.17 + + Wed, 19 Jul 2023 20:36:46 GMT + Wed, 19 Jul 2023 20:36:46 GMT + https://git.slackware.nl/current/tag/?h=20230719203646 + 20230719203646 + + +patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + fopen race condition. + For more information, see: + https://curl.se/docs/CVE-2023-32001.html + https://www.cve.org/CVERecord?id=CVE-2023-32001 + (* Security fix *) +patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code + execution relating to PKCS#11 providers. + The PKCS#11 support ssh-agent(1) could be abused to achieve remote code + execution via a forwarded agent socket if the following conditions are met: + * Exploitation requires the presence of specific libraries on the victim + system. + * Remote exploitation requires that the agent was forwarded to an + attacker-controlled system. + Exploitation can also be prevented by starting ssh-agent(1) with an empty + PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that + contains only specific provider libraries. + This vulnerability was discovered and demonstrated to be exploitable by the + Qualys Security Advisory team. + Potentially-incompatible changes: + * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules + issued by remote clients by default. A flag has been added to restore the + previous behaviour: "-Oallow-remote-pkcs11". + For more information, see: + https://www.openssh.com/txt/release-9.3p2 + https://www.cve.org/CVERecord?id=CVE-2023-38408 + (* Security fix *) + ]]> + + Mon, 17 Jul 2023 19:17:19 GMT Mon, 17 Jul 2023 19:17:19 GMT diff --git a/ChangeLog.txt b/ChangeLog.txt index 9e7c249a4..10de8592f 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,35 @@ +Wed Jul 19 20:36:46 UTC 2023 +patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + fopen race condition. + For more information, see: + https://curl.se/docs/CVE-2023-32001.html + https://www.cve.org/CVERecord?id=CVE-2023-32001 + (* Security fix *) +patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code + execution relating to PKCS#11 providers. + The PKCS#11 support ssh-agent(1) could be abused to achieve remote code + execution via a forwarded agent socket if the following conditions are met: + * Exploitation requires the presence of specific libraries on the victim + system. + * Remote exploitation requires that the agent was forwarded to an + attacker-controlled system. + Exploitation can also be prevented by starting ssh-agent(1) with an empty + PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that + contains only specific provider libraries. + This vulnerability was discovered and demonstrated to be exploitable by the + Qualys Security Advisory team. + Potentially-incompatible changes: + * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules + issued by remote clients by default. A flag has been added to restore the + previous behaviour: "-Oallow-remote-pkcs11". + For more information, see: + https://www.openssh.com/txt/release-9.3p2 + https://www.cve.org/CVERecord?id=CVE-2023-38408 + (* Security fix *) ++--------------------------+ Mon Jul 17 19:17:19 UTC 2023 patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. diff --git a/FILELIST.TXT b/FILELIST.TXT index 62d0c6d24..9f3d36749 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Mon Jul 17 19:22:32 UTC 2023 +Wed Jul 19 20:43:15 UTC 2023 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2023-07-17 19:17 . +drwxr-xr-x 12 root root 4096 2023-07-19 20:36 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1186350 2023-07-12 20:48 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2023-07-12 20:48 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1186350 2023-07-17 19:22 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2023-07-17 19:22 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 2026666 2023-07-17 19:17 ./ChangeLog.txt +-rw-r--r-- 1 root root 2028254 2023-07-19 20:36 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1550666 2023-07-12 20:47 ./FILELIST.TXT +-rw-r--r-- 1 root root 1550666 2023-07-17 19:22 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY -rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT @@ -737,13 +737,13 @@ drwxr-xr-x 2 root root 4096 2008-05-07 05:21 ./pasture/source/php/pear -rwxr-xr-x 1 root root 9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild -rw-r--r-- 1 root root 775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz -rw-r--r-- 1 root root 830 2005-12-09 05:18 ./pasture/source/php/slack-desc -drwxr-xr-x 4 root root 4096 2023-07-17 19:22 ./patches --rw-r--r-- 1 root root 79302 2023-07-17 19:22 ./patches/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2023-07-17 19:22 ./patches/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 107835 2023-07-17 19:22 ./patches/FILE_LIST --rw-r--r-- 1 root root 12615428 2023-07-17 19:22 ./patches/MANIFEST.bz2 --rw-r--r-- 1 root root 56668 2023-07-17 19:22 ./patches/PACKAGES.TXT -drwxr-xr-x 3 root root 20480 2023-07-17 19:22 ./patches/packages +drwxr-xr-x 4 root root 4096 2023-07-19 20:43 ./patches +-rw-r--r-- 1 root root 79302 2023-07-19 20:43 ./patches/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2023-07-19 20:43 ./patches/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 107835 2023-07-19 20:43 ./patches/FILE_LIST +-rw-r--r-- 1 root root 12615435 2023-07-19 20:43 ./patches/MANIFEST.bz2 +-rw-r--r-- 1 root root 56668 2023-07-19 20:43 ./patches/PACKAGES.TXT +drwxr-xr-x 3 root root 20480 2023-07-19 20:43 ./patches/packages -rw-r--r-- 1 root root 327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt -rw-r--r-- 1 root root 10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz -rw-r--r-- 1 root root 163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc @@ -777,9 +777,9 @@ drwxr-xr-x 3 root root 20480 2023-07-17 19:22 ./patches/packages -rw-r--r-- 1 root root 416 2023-05-19 18:13 ./patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 827024 2023-05-19 18:13 ./patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-05-19 18:13 ./patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 552 2023-05-30 17:36 ./patches/packages/curl-8.1.2-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 1347056 2023-05-30 17:36 ./patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2023-05-30 17:36 ./patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 552 2023-07-19 19:33 ./patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 1365332 2023-07-19 19:33 ./patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2023-07-19 19:33 ./patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 373 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 993108 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz.asc @@ -910,9 +910,9 @@ drwxr-xr-x 2 root root 4096 2023-06-23 18:50 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 562 2023-06-06 17:07 ./patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 2046784 2023-06-06 17:07 ./patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-06-06 17:07 ./patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 672 2023-03-16 16:37 ./patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 1061424 2023-03-16 16:37 ./patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2023-03-16 16:37 ./patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 672 2023-07-19 19:50 ./patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 1062080 2023-07-19 19:50 ./patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2023-07-19 19:50 ./patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 559 2023-05-30 17:46 ./patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 3605164 2023-05-30 17:46 ./patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-05-30 17:46 ./patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz.asc @@ -1015,7 +1015,7 @@ drwxr-xr-x 2 root root 4096 2023-06-23 18:50 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc -drwxr-xr-x 82 root root 4096 2023-07-17 19:11 ./patches/source +drwxr-xr-x 82 root root 4096 2023-07-19 20:33 ./patches/source drwxr-xr-x 2 root root 4096 2022-01-16 05:07 ./patches/source/aaa_base -rw-r--r-- 1 root root 11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz -rwxr-xr-x 1 root root 3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild @@ -1102,9 +1102,9 @@ drwxr-xr-x 2 root root 4096 2023-05-19 18:08 ./patches/source/cups-filters -rw-r--r-- 1 root root 46 2021-06-29 19:51 ./patches/source/cups/cups.url -rw-r--r-- 1 root root 454 2021-04-26 18:11 ./patches/source/cups/doinst.sh.gz -rw-r--r-- 1 root root 1094 2018-11-29 19:15 ./patches/source/cups/slack-desc -drwxr-xr-x 2 root root 4096 2023-05-30 17:34 ./patches/source/curl --rw-r--r-- 1 root root 2612652 2023-05-30 06:17 ./patches/source/curl/curl-8.1.2.tar.xz --rw-r--r-- 1 root root 488 2023-05-30 06:17 ./patches/source/curl/curl-8.1.2.tar.xz.asc +drwxr-xr-x 2 root root 4096 2023-07-19 19:31 ./patches/source/curl +-rw-r--r-- 1 root root 2637208 2023-07-19 06:16 ./patches/source/curl/curl-8.2.0.tar.xz +-rw-r--r-- 1 root root 488 2023-07-19 06:16 ./patches/source/curl/curl-8.2.0.tar.xz.asc -rwxr-xr-x 1 root root 4861 2022-04-27 18:34 ./patches/source/curl/curl.SlackBuild -rw-r--r-- 1 root root 30 2018-04-20 16:49 ./patches/source/curl/curl.url -rw-r--r-- 1 root root 1004 2019-02-06 21:57 ./patches/source/curl/slack-desc @@ -1540,10 +1540,10 @@ drwxr-xr-x 2 root root 4096 2023-06-06 17:05 ./patches/source/ntp -rw-r--r-- 1 root root 2483 2018-02-15 11:45 ./patches/source/ntp/ntpdate.8.gz -rw-r--r-- 1 root root 805 2021-02-16 19:01 ./patches/source/ntp/rc.ntpd -rw-r--r-- 1 root root 1013 2023-06-02 18:24 ./patches/source/ntp/slack-desc -drwxr-xr-x 2 root root 4096 2023-03-16 16:36 ./patches/source/openssh +drwxr-xr-x 2 root root 4096 2023-07-19 19:39 ./patches/source/openssh -rw-r--r-- 1 root root 593 2020-02-07 03:05 ./patches/source/openssh/doinst.sh.gz --rw-r--r-- 1 root root 1856839 2023-03-15 21:50 ./patches/source/openssh/openssh-9.3p1.tar.gz --rw-r--r-- 1 root root 833 2023-03-15 21:50 ./patches/source/openssh/openssh-9.3p1.tar.gz.asc +-rw-r--r-- 1 root root 1835850 2023-07-19 13:55 ./patches/source/openssh/openssh-9.3p2.tar.gz +-rw-r--r-- 1 root root 833 2023-07-19 13:55 ./patches/source/openssh/openssh-9.3p2.tar.gz.asc -rwxr-xr-x 1 root root 6297 2023-02-02 20:04 ./patches/source/openssh/openssh.SlackBuild -rw-r--r-- 1 root root 1658 2022-02-24 19:30 ./patches/source/openssh/openssh.tcp_wrappers.diff.gz -rw-r--r-- 1 root root 54 2020-02-14 19:40 ./patches/source/openssh/openssh.url diff --git a/patches/packages/curl-8.1.2-x86_64-1_slack15.0.txt b/patches/packages/curl-8.1.2-x86_64-1_slack15.0.txt deleted file mode 100644 index 54c4e875d..000000000 --- a/patches/packages/curl-8.1.2-x86_64-1_slack15.0.txt +++ /dev/null @@ -1,11 +0,0 @@ -curl: curl (command line URL data transfer tool) -curl: -curl: Curl is a command line tool for transferring data specified with URL -curl: syntax. The command is designed to work without user interaction or -curl: any kind of interactivity. Curl offers a busload of useful tricks -curl: like proxy support, user authentication, ftp upload, HTTP post, SSL -curl: (https:) connections, cookies, file transfer resume and more. -curl: -curl: libcurl is a library that Curl uses to do its job. It is readily -curl: available to be used by your software, too. -curl: diff --git a/patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt b/patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..54c4e875d --- /dev/null +++ b/patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +curl: curl (command line URL data transfer tool) +curl: +curl: Curl is a command line tool for transferring data specified with URL +curl: syntax. The command is designed to work without user interaction or +curl: any kind of interactivity. Curl offers a busload of useful tricks +curl: like proxy support, user authentication, ftp upload, HTTP post, SSL +curl: (https:) connections, cookies, file transfer resume and more. +curl: +curl: libcurl is a library that Curl uses to do its job. It is readily +curl: available to be used by your software, too. +curl: diff --git a/patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txt b/patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txt deleted file mode 100644 index dca51ed45..000000000 --- a/patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txt +++ /dev/null @@ -1,11 +0,0 @@ -openssh: openssh (Secure Shell daemon and clients) -openssh: -openssh: ssh (Secure Shell) is a program for logging into a remote machine and -openssh: for executing commands on a remote machine. It is intended to replace -openssh: rlogin and rsh, and provide secure encrypted communications between -openssh: two untrusted hosts over an insecure network. sshd (SSH Daemon) is -openssh: the daemon program for ssh. OpenSSH is based on the last free version -openssh: of Tatu Ylonen's SSH, further enhanced and cleaned up by Aaron -openssh: Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and -openssh: Dug Song. It has a homepage at http://www.openssh.com/ -openssh: diff --git a/patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txt b/patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..dca51ed45 --- /dev/null +++ b/patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +openssh: openssh (Secure Shell daemon and clients) +openssh: +openssh: ssh (Secure Shell) is a program for logging into a remote machine and +openssh: for executing commands on a remote machine. It is intended to replace +openssh: rlogin and rsh, and provide secure encrypted communications between +openssh: two untrusted hosts over an insecure network. sshd (SSH Daemon) is +openssh: the daemon program for ssh. OpenSSH is based on the last free version +openssh: of Tatu Ylonen's SSH, further enhanced and cleaned up by Aaron +openssh: Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and +openssh: Dug Song. It has a homepage at http://www.openssh.com/ +openssh: -- cgit v1.2.3-79-gdb01