diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2019-04-02 20:30:22 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2019-04-03 08:59:45 +0200 |
commit | caa5f28b83340fe23012ab27244a288449b26b26 (patch) | |
tree | 70102860b8f3df20347f25125b7ea065340cd1d5 | |
parent | df86158dc598141c63689a86c2f247053e616719 (diff) | |
download | current-caa5f28b83340fe23012ab27244a288449b26b26.tar.gz current-caa5f28b83340fe23012ab27244a288449b26b26.tar.xz |
Tue Apr 2 20:30:22 UTC 201920190402203022
a/hwdata-0.322-noarch-1.txz: Upgraded.
a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded.
a/shadow-4.6-x86_64-2.txz: Rebuilt.
adduser: reprompt on invalid user input. Thanks to ttk.
ap/ghostscript-9.26-x86_64-2.txz: Rebuilt.
Fixes security issues:
A specially crafted PostScript file could have access to the file system
outside of the constrains imposed by -dSAFER.
Transient procedures can allow access to system operators, leading to
remote code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116
(* Security fix *)
d/vala-0.44.2-x86_64-1.txz: Upgraded.
l/glib-networking-2.60.1-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded.
l/python-pillow-6.0.0-x86_64-1.txz: Upgraded.
n/wget-1.20.2-x86_64-1.txz: Upgraded.
Fixed an unspecified buffer overflow vulnerability.
(* Security fix *)
-rw-r--r-- | ChangeLog.rss | 36 | ||||
-rw-r--r-- | ChangeLog.txt | 24 | ||||
-rw-r--r-- | FILELIST.TXT | 158 | ||||
-rwxr-xr-x | recompress.sh | 4 | ||||
-rw-r--r-- | source/a/shadow/adduser | 31 | ||||
-rwxr-xr-x | source/a/shadow/shadow.SlackBuild | 2 | ||||
-rw-r--r-- | source/ap/ghostscript/ghostscript-cve-2019-3835.patch | 615 | ||||
-rw-r--r-- | source/ap/ghostscript/ghostscript-cve-2019-3838.patch | 56 | ||||
-rw-r--r-- | source/ap/ghostscript/ghostscript-cve-2019-6116.patch | 770 | ||||
-rw-r--r-- | source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch | 28 | ||||
-rwxr-xr-x | source/ap/ghostscript/ghostscript.SlackBuild | 8 | ||||
-rwxr-xr-x | source/l/python-pillow/python-pillow.SlackBuild | 2 | ||||
-rwxr-xr-x | source/n/wget/wget.SlackBuild | 2 |
13 files changed, 1641 insertions, 95 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 19b84da77..2c35fbf32 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,42 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Sun, 31 Mar 2019 18:51:16 GMT</pubDate> - <lastBuildDate>Mon, 1 Apr 2019 06:59:39 GMT</lastBuildDate> + <pubDate>Tue, 2 Apr 2019 20:30:22 GMT</pubDate> + <lastBuildDate>Wed, 3 Apr 2019 06:59:41 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.10</generator> <item> + <title>Tue, 2 Apr 2019 20:30:22 GMT</title> + <pubDate>Tue, 2 Apr 2019 20:30:22 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20190402203022</link> + <guid isPermaLink="false">20190402203022</guid> + <description> + <![CDATA[<pre> +a/hwdata-0.322-noarch-1.txz: Upgraded. +a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded. +a/shadow-4.6-x86_64-2.txz: Rebuilt. + adduser: reprompt on invalid user input. Thanks to ttk. +ap/ghostscript-9.26-x86_64-2.txz: Rebuilt. + Fixes security issues: + A specially crafted PostScript file could have access to the file system + outside of the constrains imposed by -dSAFER. + Transient procedures can allow access to system operators, leading to + remote code execution. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116 + (* Security fix *) +d/vala-0.44.2-x86_64-1.txz: Upgraded. +l/glib-networking-2.60.1-x86_64-1.txz: Upgraded. +l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded. +l/python-pillow-6.0.0-x86_64-1.txz: Upgraded. +n/wget-1.20.2-x86_64-1.txz: Upgraded. + Fixed an unspecified buffer overflow vulnerability. + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Sun, 31 Mar 2019 18:51:16 GMT</title> <pubDate>Sun, 31 Mar 2019 18:51:16 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20190331185116</link> diff --git a/ChangeLog.txt b/ChangeLog.txt index 1e8b94749..339bd3979 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,27 @@ +Tue Apr 2 20:30:22 UTC 2019 +a/hwdata-0.322-noarch-1.txz: Upgraded. +a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded. +a/shadow-4.6-x86_64-2.txz: Rebuilt. + adduser: reprompt on invalid user input. Thanks to ttk. +ap/ghostscript-9.26-x86_64-2.txz: Rebuilt. + Fixes security issues: + A specially crafted PostScript file could have access to the file system + outside of the constrains imposed by -dSAFER. + Transient procedures can allow access to system operators, leading to + remote code execution. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116 + (* Security fix *) +d/vala-0.44.2-x86_64-1.txz: Upgraded. +l/glib-networking-2.60.1-x86_64-1.txz: Upgraded. +l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded. +l/python-pillow-6.0.0-x86_64-1.txz: Upgraded. +n/wget-1.20.2-x86_64-1.txz: Upgraded. + Fixed an unspecified buffer overflow vulnerability. + (* Security fix *) ++--------------------------+ Sun Mar 31 18:51:16 UTC 2019 a/quota-4.05-x86_64-1.txz: Upgraded. d/cmake-3.14.1-x86_64-1.txz: Upgraded. diff --git a/FILELIST.TXT b/FILELIST.TXT index d4214212c..dcdf24d51 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Sun Mar 31 19:02:43 UTC 2019 +Tue Apr 2 20:45:57 UTC 2019 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2019-03-31 18:51 . +drwxr-xr-x 12 root root 4096 2019-04-02 20:30 . -rw-r--r-- 1 root root 10064 2016-06-30 18:39 ./ANNOUNCE.14_2 -rw-r--r-- 1 root root 14341 2018-11-29 05:40 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 913865 2019-03-29 18:37 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2019-03-29 18:37 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 913784 2019-03-31 19:03 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2019-03-31 19:03 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 599330 2019-03-31 18:51 ./ChangeLog.txt +-rw-r--r-- 1 root root 600416 2019-04-02 20:30 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2019-03-27 20:37 ./EFI/BOOT -rw-r--r-- 1 root root 1253376 2018-02-24 20:49 ./EFI/BOOT/bootx64.efi @@ -25,9 +25,9 @@ drwxr-xr-x 2 root root 4096 2019-03-27 20:37 ./EFI/BOOT -rwxr-xr-x 1 root root 2494 2018-02-24 20:49 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1201772 2019-03-29 18:37 ./FILELIST.TXT +-rw-r--r-- 1 root root 1201674 2019-03-31 19:02 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY --rw-r--r-- 1 root root 732375 2019-03-31 19:00 ./PACKAGES.TXT +-rw-r--r-- 1 root root 732373 2019-04-02 20:44 ./PACKAGES.TXT -rw-r--r-- 1 root root 8564 2016-06-28 21:33 ./README.TXT -rw-r--r-- 1 root root 3635 2019-03-27 20:14 ./README.initrd -rw-r--r-- 1 root root 34412 2017-12-01 17:44 ./README_CRYPT.TXT @@ -787,13 +787,13 @@ drwxr-xr-x 2 root root 4096 2012-09-20 18:06 ./patches -rw-r--r-- 1 root root 575 2012-09-20 18:06 ./patches/FILE_LIST -rw-r--r-- 1 root root 14 2012-09-20 18:06 ./patches/MANIFEST.bz2 -rw-r--r-- 1 root root 224 2012-09-20 18:06 ./patches/PACKAGES.TXT -drwxr-xr-x 18 root root 4096 2019-03-31 19:01 ./slackware64 --rw-r--r-- 1 root root 290566 2019-03-31 19:01 ./slackware64/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2019-03-31 19:01 ./slackware64/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 361941 2019-03-31 18:58 ./slackware64/FILE_LIST --rw-r--r-- 1 root root 3639495 2019-03-31 18:59 ./slackware64/MANIFEST.bz2 +drwxr-xr-x 18 root root 4096 2019-04-02 20:44 ./slackware64 +-rw-r--r-- 1 root root 290560 2019-04-02 20:44 ./slackware64/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2019-04-02 20:44 ./slackware64/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 361937 2019-04-02 20:41 ./slackware64/FILE_LIST +-rw-r--r-- 1 root root 3636614 2019-04-02 20:42 ./slackware64/MANIFEST.bz2 lrwxrwxrwx 1 root root 15 2009-08-23 23:34 ./slackware64/PACKAGES.TXT -> ../PACKAGES.TXT -drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a +drwxr-xr-x 2 root root 28672 2019-04-02 20:41 ./slackware64/a -rw-r--r-- 1 root root 327 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txt -rw-r--r-- 1 root root 10820 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txz -rw-r--r-- 1 root root 163 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txz.asc @@ -929,9 +929,9 @@ drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a -rw-r--r-- 1 root root 441 2018-11-07 23:40 ./slackware64/a/hostname-3.21-x86_64-1.txt -rw-r--r-- 1 root root 9156 2018-11-07 23:40 ./slackware64/a/hostname-3.21-x86_64-1.txz -rw-r--r-- 1 root root 163 2018-11-07 23:40 ./slackware64/a/hostname-3.21-x86_64-1.txz.asc --rw-r--r-- 1 root root 316 2019-03-05 21:40 ./slackware64/a/hwdata-0.321-noarch-1.txt --rw-r--r-- 1 root root 1324456 2019-03-05 21:40 ./slackware64/a/hwdata-0.321-noarch-1.txz --rw-r--r-- 1 root root 163 2019-03-05 21:40 ./slackware64/a/hwdata-0.321-noarch-1.txz.asc +-rw-r--r-- 1 root root 316 2019-04-02 19:31 ./slackware64/a/hwdata-0.322-noarch-1.txt +-rw-r--r-- 1 root root 1328944 2019-04-02 19:31 ./slackware64/a/hwdata-0.322-noarch-1.txz +-rw-r--r-- 1 root root 163 2019-04-02 19:31 ./slackware64/a/hwdata-0.322-noarch-1.txz.asc -rw-r--r-- 1 root root 465 2019-03-01 19:41 ./slackware64/a/infozip-6.0-x86_64-5.txt -rw-r--r-- 1 root root 410772 2019-03-01 19:41 ./slackware64/a/infozip-6.0-x86_64-5.txz -rw-r--r-- 1 root root 163 2019-03-01 19:41 ./slackware64/a/infozip-6.0-x86_64-5.txz.asc @@ -946,9 +946,9 @@ drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a -rw-r--r-- 1 root root 461 2018-04-13 13:06 ./slackware64/a/kbd-1.15.3-x86_64-4.txt -rw-r--r-- 1 root root 1144600 2018-04-13 13:06 ./slackware64/a/kbd-1.15.3-x86_64-4.txz -rw-r--r-- 1 root root 163 2018-04-13 13:06 ./slackware64/a/kbd-1.15.3-x86_64-4.txz.asc --rw-r--r-- 1 root root 422 2019-03-19 16:16 ./slackware64/a/kernel-firmware-20190314_7bc2464-noarch-1.txt --rw-r--r-- 1 root root 78560324 2019-03-19 16:16 ./slackware64/a/kernel-firmware-20190314_7bc2464-noarch-1.txz --rw-r--r-- 1 root root 163 2019-03-19 16:16 ./slackware64/a/kernel-firmware-20190314_7bc2464-noarch-1.txz.asc +-rw-r--r-- 1 root root 422 2019-04-02 19:41 ./slackware64/a/kernel-firmware-20190402_67b7579-noarch-1.txt +-rw-r--r-- 1 root root 78864876 2019-04-02 19:41 ./slackware64/a/kernel-firmware-20190402_67b7579-noarch-1.txz +-rw-r--r-- 1 root root 163 2019-04-02 19:41 ./slackware64/a/kernel-firmware-20190402_67b7579-noarch-1.txz.asc -rw-r--r-- 1 root root 624 2019-03-27 18:35 ./slackware64/a/kernel-generic-4.19.32-x86_64-1.txt -rw-r--r-- 1 root root 6458512 2019-03-27 18:35 ./slackware64/a/kernel-generic-4.19.32-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-03-27 18:35 ./slackware64/a/kernel-generic-4.19.32-x86_64-1.txz.asc @@ -1065,9 +1065,9 @@ drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a -rw-r--r-- 1 root root 406 2018-12-21 16:51 ./slackware64/a/sed-4.7-x86_64-1.txt -rw-r--r-- 1 root root 246084 2018-12-21 16:51 ./slackware64/a/sed-4.7-x86_64-1.txz -rw-r--r-- 1 root root 163 2018-12-21 16:51 ./slackware64/a/sed-4.7-x86_64-1.txz.asc --rw-r--r-- 1 root root 512 2018-11-16 21:07 ./slackware64/a/shadow-4.6-x86_64-1.txt --rw-r--r-- 1 root root 1484208 2018-11-16 21:07 ./slackware64/a/shadow-4.6-x86_64-1.txz --rw-r--r-- 1 root root 163 2018-11-16 21:07 ./slackware64/a/shadow-4.6-x86_64-1.txz.asc +-rw-r--r-- 1 root root 512 2019-04-02 20:20 ./slackware64/a/shadow-4.6-x86_64-2.txt +-rw-r--r-- 1 root root 1484756 2019-04-02 20:20 ./slackware64/a/shadow-4.6-x86_64-2.txz +-rw-r--r-- 1 root root 163 2019-04-02 20:20 ./slackware64/a/shadow-4.6-x86_64-2.txz.asc -rw-r--r-- 1 root root 623 2018-04-13 13:12 ./slackware64/a/sharutils-4.15.2-x86_64-2.txt -rw-r--r-- 1 root root 264912 2018-04-13 13:12 ./slackware64/a/sharutils-4.15.2-x86_64-2.txz -rw-r--r-- 1 root root 163 2018-04-13 13:12 ./slackware64/a/sharutils-4.15.2-x86_64-2.txz.asc @@ -1144,7 +1144,7 @@ drwxr-xr-x 2 root root 28672 2019-03-31 18:58 ./slackware64/a -rw-r--r-- 1 root root 540 2018-04-13 13:15 ./slackware64/a/zoo-2.10_22-x86_64-2.txt -rw-r--r-- 1 root root 56156 2018-04-13 13:15 ./slackware64/a/zoo-2.10_22-x86_64-2.txz -rw-r--r-- 1 root root 163 2018-04-13 13:15 ./slackware64/a/zoo-2.10_22-x86_64-2.txz.asc -drwxr-xr-x 2 root root 20480 2019-03-29 18:32 ./slackware64/ap +drwxr-xr-x 2 root root 20480 2019-04-02 20:41 ./slackware64/ap -rw-r--r-- 1 root root 291 2018-04-13 13:17 ./slackware64/ap/a2ps-4.14-x86_64-7.txt -rw-r--r-- 1 root root 694880 2018-04-13 13:17 ./slackware64/ap/a2ps-4.14-x86_64-7.txz -rw-r--r-- 1 root root 163 2018-04-13 13:17 ./slackware64/ap/a2ps-4.14-x86_64-7.txz.asc @@ -1214,9 +1214,9 @@ drwxr-xr-x 2 root root 20480 2019-03-29 18:32 ./slackware64/ap -rw-r--r-- 1 root root 602 2018-04-17 07:06 ./slackware64/ap/flac-1.3.2-x86_64-2.txt -rw-r--r-- 1 root root 528104 2018-04-17 07:06 ./slackware64/ap/flac-1.3.2-x86_64-2.txz -rw-r--r-- 1 root root 163 2018-04-17 07:06 ./slackware64/ap/flac-1.3.2-x86_64-2.txz.asc --rw-r--r-- 1 root root 558 2018-11-21 19:10 ./slackware64/ap/ghostscript-9.26-x86_64-1.txt --rw-r--r-- 1 root root 12317152 2018-11-21 19:10 ./slackware64/ap/ghostscript-9.26-x86_64-1.txz --rw-r--r-- 1 root root 163 2018-11-21 19:10 ./slackware64/ap/ghostscript-9.26-x86_64-1.txz.asc +-rw-r--r-- 1 root root 558 2019-04-02 19:45 ./slackware64/ap/ghostscript-9.26-x86_64-2.txt +-rw-r--r-- 1 root root 12316428 2019-04-02 19:45 ./slackware64/ap/ghostscript-9.26-x86_64-2.txz +-rw-r--r-- 1 root root 163 2019-04-02 19:45 ./slackware64/ap/ghostscript-9.26-x86_64-2.txz.asc -rw-r--r-- 1 root root 368 2018-06-06 06:18 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-3.txt -rw-r--r-- 1 root root 3514908 2018-06-06 06:18 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-3.txz -rw-r--r-- 1 root root 163 2018-06-06 06:18 ./slackware64/ap/ghostscript-fonts-std-8.11-noarch-3.txz.asc @@ -1390,7 +1390,7 @@ drwxr-xr-x 2 root root 20480 2019-03-29 18:32 ./slackware64/ap -rw-r--r-- 1 root root 506 2019-02-04 20:25 ./slackware64/ap/zsh-5.7.1-x86_64-1.txt -rw-r--r-- 1 root root 3008036 2019-02-04 20:25 ./slackware64/ap/zsh-5.7.1-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-02-04 20:25 ./slackware64/ap/zsh-5.7.1-x86_64-1.txz.asc -drwxr-xr-x 2 root root 20480 2019-03-31 18:58 ./slackware64/d +drwxr-xr-x 2 root root 20480 2019-04-02 20:41 ./slackware64/d -rw-r--r-- 1 root root 360 2019-02-28 19:27 ./slackware64/d/Cython-0.29.6-x86_64-1.txt -rw-r--r-- 1 root root 3074148 2019-02-28 19:27 ./slackware64/d/Cython-0.29.6-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-02-28 19:27 ./slackware64/d/Cython-0.29.6-x86_64-1.txz.asc @@ -1579,9 +1579,9 @@ drwxr-xr-x 2 root root 20480 2019-03-31 18:58 ./slackware64/d -rw-r--r-- 1 root root 2604416 2018-04-13 14:12 ./slackware64/d/swig-3.0.12-x86_64-2.txz -rw-r--r-- 1 root root 163 2018-04-13 14:12 ./slackware64/d/swig-3.0.12-x86_64-2.txz.asc -rw-r--r-- 1 root root 728 2018-11-21 20:59 ./slackware64/d/tagfile --rw-r--r-- 1 root root 394 2019-03-17 18:54 ./slackware64/d/vala-0.44.1-x86_64-1.txt --rw-r--r-- 1 root root 2125448 2019-03-17 18:54 ./slackware64/d/vala-0.44.1-x86_64-1.txz --rw-r--r-- 1 root root 163 2019-03-17 18:54 ./slackware64/d/vala-0.44.1-x86_64-1.txz.asc +-rw-r--r-- 1 root root 394 2019-04-01 18:55 ./slackware64/d/vala-0.44.2-x86_64-1.txt +-rw-r--r-- 1 root root 2128184 2019-04-01 18:55 ./slackware64/d/vala-0.44.2-x86_64-1.txz +-rw-r--r-- 1 root root 163 2019-04-01 18:55 ./slackware64/d/vala-0.44.2-x86_64-1.txz.asc -rw-r--r-- 1 root root 591 2018-04-13 14:12 ./slackware64/d/yasm-1.3.0-x86_64-2.txt -rw-r--r-- 1 root root 532592 2018-04-13 14:12 ./slackware64/d/yasm-1.3.0-x86_64-2.txz -rw-r--r-- 1 root root 163 2018-04-13 14:12 ./slackware64/d/yasm-1.3.0-x86_64-2.txz.asc @@ -2455,7 +2455,7 @@ drwxr-xr-x 2 root root 20480 2016-03-10 03:11 ./slackware64/kdei -rw-r--r-- 1 root root 7544 2018-03-01 07:54 ./slackware64/kdei/maketag -rw-r--r-- 1 root root 7544 2018-03-01 07:54 ./slackware64/kdei/maketag.ez -rw-r--r-- 1 root root 1500 2018-03-01 07:54 ./slackware64/kdei/tagfile -drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l +drwxr-xr-x 2 root root 69632 2019-04-02 20:41 ./slackware64/l -rw-r--r-- 1 root root 338 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txt -rw-r--r-- 1 root root 149752 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txz -rw-r--r-- 1 root root 163 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txz.asc @@ -2672,9 +2672,9 @@ drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l -rw-r--r-- 1 root root 302 2018-04-13 14:38 ./slackware64/l/glib-1.2.10-x86_64-6.txt -rw-r--r-- 1 root root 116160 2018-04-13 14:38 ./slackware64/l/glib-1.2.10-x86_64-6.txz -rw-r--r-- 1 root root 163 2018-04-13 14:38 ./slackware64/l/glib-1.2.10-x86_64-6.txz.asc --rw-r--r-- 1 root root 300 2019-03-13 01:57 ./slackware64/l/glib-networking-2.60.0.1-x86_64-1.txt --rw-r--r-- 1 root root 109856 2019-03-13 01:57 ./slackware64/l/glib-networking-2.60.0.1-x86_64-1.txz --rw-r--r-- 1 root root 163 2019-03-13 01:57 ./slackware64/l/glib-networking-2.60.0.1-x86_64-1.txz.asc +-rw-r--r-- 1 root root 300 2019-04-02 19:30 ./slackware64/l/glib-networking-2.60.1-x86_64-1.txt +-rw-r--r-- 1 root root 109824 2019-04-02 19:30 ./slackware64/l/glib-networking-2.60.1-x86_64-1.txz +-rw-r--r-- 1 root root 163 2019-04-02 19:30 ./slackware64/l/glib-networking-2.60.1-x86_64-1.txz.asc -rw-r--r-- 1 root root 407 2019-03-04 22:13 ./slackware64/l/glib2-2.60.0-x86_64-1.txt -rw-r--r-- 1 root root 3795936 2019-03-04 22:13 ./slackware64/l/glib2-2.60.0-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-03-04 22:13 ./slackware64/l/glib2-2.60.0-x86_64-1.txz.asc @@ -2786,9 +2786,9 @@ drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l -rw-r--r-- 1 root root 370 2018-04-17 07:49 ./slackware64/l/ilmbase-2.2.0-x86_64-2.txt -rw-r--r-- 1 root root 138092 2018-04-17 07:49 ./slackware64/l/ilmbase-2.2.0-x86_64-2.txz -rw-r--r-- 1 root root 163 2018-04-17 07:49 ./slackware64/l/ilmbase-2.2.0-x86_64-2.txz.asc --rw-r--r-- 1 root root 537 2019-03-25 17:16 ./slackware64/l/imagemagick-6.9.10_35-x86_64-1.txt --rw-r--r-- 1 root root 6750008 2019-03-25 17:16 ./slackware64/l/imagemagick-6.9.10_35-x86_64-1.txz --rw-r--r-- 1 root root 163 2019-03-25 17:16 ./slackware64/l/imagemagick-6.9.10_35-x86_64-1.txz.asc +-rw-r--r-- 1 root root 537 2019-04-01 18:56 ./slackware64/l/imagemagick-6.9.10_36-x86_64-1.txt +-rw-r--r-- 1 root root 6748324 2019-04-01 18:56 ./slackware64/l/imagemagick-6.9.10_36-x86_64-1.txz +-rw-r--r-- 1 root root 163 2019-04-01 18:56 ./slackware64/l/imagemagick-6.9.10_36-x86_64-1.txz.asc -rwxr-xr-x 1 root root 2897 2009-06-24 22:06 ./slackware64/l/install-packages -rw-r--r-- 1 root root 446 2006-09-18 10:41 ./slackware64/l/install.end -rw-r--r-- 1 root root 403 2019-01-26 19:42 ./slackware64/l/iso-codes-4.2-noarch-1.txt @@ -3270,9 +3270,9 @@ drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l -rw-r--r-- 1 root root 333 2019-02-19 23:41 ./slackware64/l/python-packaging-19.0-x86_64-2.txt -rw-r--r-- 1 root root 44652 2019-02-19 23:41 ./slackware64/l/python-packaging-19.0-x86_64-2.txz -rw-r--r-- 1 root root 163 2019-02-19 23:41 ./slackware64/l/python-packaging-19.0-x86_64-2.txz.asc --rw-r--r-- 1 root root 530 2019-02-19 23:29 ./slackware64/l/python-pillow-5.4.1-x86_64-2.txt --rw-r--r-- 1 root root 832824 2019-02-19 23:29 ./slackware64/l/python-pillow-5.4.1-x86_64-2.txz --rw-r--r-- 1 root root 163 2019-02-19 23:29 ./slackware64/l/python-pillow-5.4.1-x86_64-2.txz.asc +-rw-r--r-- 1 root root 530 2019-04-02 19:37 ./slackware64/l/python-pillow-6.0.0-x86_64-1.txt +-rw-r--r-- 1 root root 840924 2019-04-02 19:37 ./slackware64/l/python-pillow-6.0.0-x86_64-1.txz +-rw-r--r-- 1 root root 163 2019-04-02 19:37 ./slackware64/l/python-pillow-6.0.0-x86_64-1.txz.asc -rw-r--r-- 1 root root 280 2019-03-01 18:40 ./slackware64/l/python-ply-3.11-x86_64-1.txt -rw-r--r-- 1 root root 103360 2019-03-01 18:40 ./slackware64/l/python-ply-3.11-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-03-01 18:40 ./slackware64/l/python-ply-3.11-x86_64-1.txz.asc @@ -3421,7 +3421,7 @@ drwxr-xr-x 2 root root 69632 2019-03-31 18:58 ./slackware64/l -rw-r--r-- 1 root root 463 2018-12-30 04:38 ./slackware64/l/zstd-1.3.8-x86_64-1.txt -rw-r--r-- 1 root root 385208 2018-12-30 04:38 ./slackware64/l/zstd-1.3.8-x86_64-1.txz -rw-r--r-- 1 root root 163 2018-12-30 04:38 ./slackware64/l/zstd-1.3.8-x86_64-1.txz.asc -drwxr-xr-x 2 root root 36864 2019-03-31 18:58 ./slackware64/n +drwxr-xr-x 2 root root 36864 2019-04-02 20:41 ./slackware64/n -rw-r--r-- 1 root root 357 2019-01-19 18:48 ./slackware64/n/ModemManager-1.10.0-x86_64-1.txt -rw-r--r-- 1 root root 1644036 2019-01-19 18:48 ./slackware64/n/ModemManager-1.10.0-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-01-19 18:48 ./slackware64/n/ModemManager-1.10.0-x86_64-1.txz.asc @@ -3841,9 +3841,9 @@ drwxr-xr-x 2 root root 36864 2019-03-31 18:58 ./slackware64/n -rw-r--r-- 1 root root 511 2018-05-08 04:27 ./slackware64/n/vsftpd-3.0.3-x86_64-5.txt -rw-r--r-- 1 root root 126960 2018-05-08 04:27 ./slackware64/n/vsftpd-3.0.3-x86_64-5.txz -rw-r--r-- 1 root root 163 2018-05-08 04:27 ./slackware64/n/vsftpd-3.0.3-x86_64-5.txz.asc --rw-r--r-- 1 root root 397 2019-02-08 21:16 ./slackware64/n/wget-1.20.1-x86_64-3.txt --rw-r--r-- 1 root root 659632 2019-02-08 21:16 ./slackware64/n/wget-1.20.1-x86_64-3.txz --rw-r--r-- 1 root root 163 2019-02-08 21:16 ./slackware64/n/wget-1.20.1-x86_64-3.txz.asc +-rw-r--r-- 1 root root 397 2019-04-01 20:16 ./slackware64/n/wget-1.20.2-x86_64-1.txt +-rw-r--r-- 1 root root 691912 2019-04-01 20:16 ./slackware64/n/wget-1.20.2-x86_64-1.txz +-rw-r--r-- 1 root root 163 2019-04-01 20:16 ./slackware64/n/wget-1.20.2-x86_64-1.txz.asc -rw-r--r-- 1 root root 367 2019-03-28 19:26 ./slackware64/n/whois-5.4.2-x86_64-1.txt -rw-r--r-- 1 root root 58412 2019-03-28 19:26 ./slackware64/n/whois-5.4.2-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-03-28 19:26 ./slackware64/n/whois-5.4.2-x86_64-1.txz.asc @@ -5002,11 +5002,11 @@ drwxr-xr-x 2 root root 4096 2019-02-17 23:51 ./slackware64/y -rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag -rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag.ez -rw-r--r-- 1 root root 14 2018-03-01 07:55 ./slackware64/y/tagfile -drwxr-xr-x 19 root root 4096 2019-03-31 19:02 ./source --rw-r--r-- 1 root root 463048 2019-03-31 19:02 ./source/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2019-03-31 19:02 ./source/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 654118 2019-03-31 19:01 ./source/FILE_LIST --rw-r--r-- 1 root root 16748826 2019-03-31 19:01 ./source/MANIFEST.bz2 +drwxr-xr-x 19 root root 4096 2019-04-02 20:45 ./source +-rw-r--r-- 1 root root 463417 2019-04-02 20:45 ./source/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2019-04-02 20:45 ./source/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 654559 2019-04-02 20:45 ./source/FILE_LIST +-rw-r--r-- 1 root root 16754647 2019-04-02 20:45 ./source/MANIFEST.bz2 -rw-r--r-- 1 root root 1314 2006-10-02 04:40 ./source/README.TXT drwxr-xr-x 111 root root 4096 2019-03-16 20:25 ./source/a -rw-r--r-- 1 root root 877 2018-11-21 18:49 ./source/a/FTBFSlog @@ -5375,8 +5375,8 @@ drwxr-xr-x 2 root root 4096 2018-11-07 23:39 ./source/a/hostname -rwxr-xr-x 1 root root 3894 2018-11-07 23:39 ./source/a/hostname/hostname.SlackBuild -rw-r--r-- 1 root root 13467 2018-09-27 08:59 ./source/a/hostname/hostname_3.21.tar.gz -rw-r--r-- 1 root root 897 2018-02-27 06:13 ./source/a/hostname/slack-desc -drwxr-xr-x 2 root root 4096 2019-03-05 21:40 ./source/a/hwdata --rw-r--r-- 1 root root 1318870 2019-03-05 21:39 ./source/a/hwdata/hwdata-0.321.tar.lz +drwxr-xr-x 2 root root 4096 2019-04-02 19:30 ./source/a/hwdata +-rw-r--r-- 1 root root 1321571 2019-04-02 10:47 ./source/a/hwdata/hwdata-0.322.tar.lz -rwxr-xr-x 1 root root 4007 2018-11-08 23:10 ./source/a/hwdata/hwdata.SlackBuild -rw-r--r-- 1 root root 802 2018-02-27 06:13 ./source/a/hwdata/slack-desc drwxr-xr-x 4 root root 4096 2019-03-01 19:25 ./source/a/infozip @@ -5708,14 +5708,14 @@ drwxr-xr-x 2 root root 4096 2018-12-21 16:50 ./source/a/sed -rw-r--r-- 1 root root 833 2018-12-21 06:04 ./source/a/sed/sed-4.7.tar.xz.sig -rwxr-xr-x 1 root root 3825 2018-12-20 17:54 ./source/a/sed/sed.SlackBuild -rw-r--r-- 1 root root 857 2018-02-27 06:13 ./source/a/sed/slack-desc -drwxr-xr-x 2 root root 4096 2018-11-16 21:03 ./source/a/shadow --rw-r--r-- 1 root root 15940 2018-07-22 19:10 ./source/a/shadow/adduser +drwxr-xr-x 2 root root 4096 2019-04-02 20:15 ./source/a/shadow +-rw-r--r-- 1 root root 16202 2019-04-02 20:18 ./source/a/shadow/adduser -rw-r--r-- 1 root root 302 2018-11-16 21:02 ./source/a/shadow/doinst.sh.gz -rw-r--r-- 1 root root 4606 2012-09-13 23:27 ./source/a/shadow/login.defs.gz -rw-r--r-- 1 root root 1678100 2018-04-29 16:58 ./source/a/shadow/shadow-4.6.tar.xz -rw-r--r-- 1 root root 488 2018-04-30 19:40 ./source/a/shadow/shadow-4.6.tar.xz.asc -rw-r--r-- 1 root root 734 2013-12-14 21:05 ./source/a/shadow/shadow.CVE-2005-4890.relax.diff.gz --rwxr-xr-x 1 root root 5796 2018-11-16 21:03 ./source/a/shadow/shadow.SlackBuild +-rwxr-xr-x 1 root root 5796 2019-04-02 20:16 ./source/a/shadow/shadow.SlackBuild -rw-r--r-- 1 root root 301 2017-11-22 00:17 ./source/a/shadow/shadow.login.display.short.hostname.diff.gz -rw-r--r-- 1 root root 46 2014-07-02 00:15 ./source/a/shadow/shadow.url -rw-r--r-- 1 root root 966 2018-11-16 21:06 ./source/a/shadow/slack-desc @@ -5915,7 +5915,7 @@ drwxr-xr-x 2 root root 4096 2018-04-23 17:20 ./source/a/zoo -rw-r--r-- 1 root root 173607 1994-12-30 20:19 ./source/a/zoo/zoo-2.10.tar.gz -rwxr-xr-x 1 root root 3143 2018-04-23 17:20 ./source/a/zoo/zoo.SlackBuild -rw-r--r-- 1 root root 14136 2010-05-22 09:49 ./source/a/zoo/zoo_2.10-22.debian.tar.gz -drwxr-xr-x 82 root root 4096 2019-03-26 18:39 ./source/ap +drwxr-xr-x 82 root root 4096 2019-04-02 19:42 ./source/ap -rw-r--r-- 1 root root 270 2018-02-12 23:18 ./source/ap/FTBFSlog drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/ap/a2ps -rw-r--r-- 1 root root 1521 2017-10-01 17:59 ./source/ap/a2ps/a2ps-4.14-texinfo-nodes.patch.gz @@ -6057,7 +6057,7 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/ap/flac -rwxr-xr-x 1 root root 4358 2018-09-18 22:04 ./source/ap/flac/flac.SlackBuild -rw-r--r-- 1 root root 433 2014-11-29 12:34 ./source/ap/flac/flac.man.diff.gz -rw-r--r-- 1 root root 1054 2018-02-27 06:12 ./source/ap/flac/slack-desc -drwxr-xr-x 2 root root 4096 2018-11-21 19:01 ./source/ap/ghostscript +drwxr-xr-x 2 root root 4096 2019-04-01 19:01 ./source/ap/ghostscript drwxr-xr-x 2 root root 4096 2018-06-05 22:36 ./source/ap/ghostscript-fonts-std -rw-r--r-- 1 root root 169 2018-06-05 22:36 ./source/ap/ghostscript-fonts-std/doinst.sh.gz -rw-r--r-- 1 root root 3621829 2003-07-24 12:38 ./source/ap/ghostscript-fonts-std/ghostscript-fonts-std-8.11.tar.bz2 @@ -6066,7 +6066,11 @@ drwxr-xr-x 2 root root 4096 2018-06-05 22:36 ./source/ap/ghostscript-font -rw-r--r-- 1 root root 1878 2017-10-05 21:02 ./source/ap/ghostscript/cidfmap.gz -rwxr-xr-x 1 root root 765 2018-03-21 17:59 ./source/ap/ghostscript/dump.unused.internal.libraries.from.sources.sh -rw-r--r-- 1 root root 27061467 2018-11-20 16:18 ./source/ap/ghostscript/ghostscript-9.26.tar.lz --rwxr-xr-x 1 root root 7823 2018-09-18 22:04 ./source/ap/ghostscript/ghostscript.SlackBuild +-rw-r--r-- 1 root root 7120 2019-03-22 15:03 ./source/ap/ghostscript/ghostscript-cve-2019-3835.patch.gz +-rw-r--r-- 1 root root 800 2019-03-22 15:03 ./source/ap/ghostscript/ghostscript-cve-2019-3838.patch.gz +-rw-r--r-- 1 root root 7378 2019-03-22 15:03 ./source/ap/ghostscript/ghostscript-cve-2019-6116.patch.gz +-rw-r--r-- 1 root root 634 2019-03-22 15:03 ./source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch.gz +-rwxr-xr-x 1 root root 8190 2019-04-01 19:01 ./source/ap/ghostscript/ghostscript.SlackBuild -rw-r--r-- 1 root root 102 2018-11-21 19:00 ./source/ap/ghostscript/ghostscript.url -rw-r--r-- 1 root root 942 2013-05-21 06:34 ./source/ap/ghostscript/ijs-config -rw-r--r-- 1 root root 1017 2018-02-27 06:12 ./source/ap/ghostscript/slack-desc @@ -6830,12 +6834,12 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/d/swig -rw-r--r-- 1 root root 6002428 2017-01-27 23:54 ./source/d/swig/swig-3.0.12.tar.xz -rwxr-xr-x 1 root root 3993 2018-09-18 22:04 ./source/d/swig/swig.SlackBuild -rw-r--r-- 1 root root 87 2013-06-05 09:05 ./source/d/swig/swig.url -drwxr-xr-x 2 root root 4096 2019-03-17 18:52 ./source/d/vala +drwxr-xr-x 2 root root 4096 2019-04-01 18:53 ./source/d/vala -rw-r--r-- 1 root root 1718 2019-03-10 18:11 ./source/d/vala/disable-graphviz.patch.gz -rw-r--r-- 1 root root 116 2019-03-10 18:05 ./source/d/vala/disable-graphviz.patch.url -rw-r--r-- 1 root root 233 2018-11-11 05:10 ./source/d/vala/no.gvc-compat.c.diff.gz -rw-r--r-- 1 root root 849 2018-04-04 20:22 ./source/d/vala/slack-desc --rw-r--r-- 1 root root 3335856 2019-03-17 15:37 ./source/d/vala/vala-0.44.1.tar.xz +-rw-r--r-- 1 root root 3340588 2019-03-31 15:38 ./source/d/vala/vala-0.44.2.tar.xz -rwxr-xr-x 1 root root 4893 2018-11-23 19:49 ./source/d/vala/vala.SlackBuild drwxr-xr-x 2 root root 4096 2018-04-23 17:20 ./source/d/yasm -rw-r--r-- 1 root root 1043 2018-02-27 06:13 ./source/d/yasm/slack-desc @@ -8439,9 +8443,9 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/l/glade3 -rwxr-xr-x 1 root root 3710 2018-09-18 22:04 ./source/l/glade3/glade3.SlackBuild -rw-r--r-- 1 root root 900 2018-02-27 06:12 ./source/l/glade3/slack-desc drwxr-xr-x 2 root root 4096 2018-04-23 17:20 ./source/l/glib -drwxr-xr-x 2 root root 4096 2019-03-13 01:57 ./source/l/glib-networking +drwxr-xr-x 2 root root 4096 2019-04-02 19:29 ./source/l/glib-networking -rw-r--r-- 1 root root 119 2011-11-06 21:59 ./source/l/glib-networking/doinst.sh.gz --rw-r--r-- 1 root root 184368 2019-03-12 22:17 ./source/l/glib-networking/glib-networking-2.60.0.1.tar.xz +-rw-r--r-- 1 root root 184828 2019-04-02 04:57 ./source/l/glib-networking/glib-networking-2.60.1.tar.xz -rwxr-xr-x 1 root root 3989 2018-09-18 22:04 ./source/l/glib-networking/glib-networking.SlackBuild -rw-r--r-- 1 root root 795 2018-02-27 06:12 ./source/l/glib-networking/slack-desc -rw-r--r-- 1 root root 6408 2017-08-03 05:13 ./source/l/glib/glib-1.2.10-autotools.patch.gz @@ -8694,9 +8698,9 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/l/ilmbase -rw-r--r-- 1 root root 326876 2014-11-29 16:17 ./source/l/ilmbase/ilmbase-2.2.0.tar.xz -rwxr-xr-x 1 root root 3609 2018-09-18 22:04 ./source/l/ilmbase/ilmbase.SlackBuild -rw-r--r-- 1 root root 825 2018-02-27 06:12 ./source/l/ilmbase/slack-desc -drwxr-xr-x 2 root root 4096 2019-03-25 17:12 ./source/l/imagemagick --rw-r--r-- 1 root root 8898032 2019-03-24 20:21 ./source/l/imagemagick/ImageMagick-6.9.10-35.tar.lz --rw-r--r-- 1 root root 836 2019-03-25 12:30 ./source/l/imagemagick/ImageMagick-6.9.10-35.tar.lz.asc +drwxr-xr-x 2 root root 4096 2019-04-01 18:51 ./source/l/imagemagick +-rw-r--r-- 1 root root 8902505 2019-04-01 00:37 ./source/l/imagemagick/ImageMagick-6.9.10-36.tar.lz +-rw-r--r-- 1 root root 836 2019-04-01 13:46 ./source/l/imagemagick/ImageMagick-6.9.10-36.tar.lz.asc -rw-r--r-- 1 root root 309 2016-05-17 04:08 ./source/l/imagemagick/doinst.sh.gz -rwxr-xr-x 1 root root 7092 2018-10-26 18:39 ./source/l/imagemagick/imagemagick.SlackBuild -rw-r--r-- 1 root root 512 2017-07-18 01:14 ./source/l/imagemagick/policy.xml.diff.gz @@ -9504,9 +9508,9 @@ drwxr-xr-x 2 root root 4096 2019-02-19 21:35 ./source/l/python-packaging -rw-r--r-- 1 root root 39971 2019-01-20 11:05 ./source/l/python-packaging/packaging-19.0.tar.lz -rwxr-xr-x 1 root root 2950 2019-02-19 21:35 ./source/l/python-packaging/python-packaging.SlackBuild -rw-r--r-- 1 root root 829 2018-08-27 18:22 ./source/l/python-packaging/slack-desc -drwxr-xr-x 2 root root 4096 2019-02-19 21:35 ./source/l/python-pillow --rw-r--r-- 1 root root 11620812 2019-01-06 12:12 ./source/l/python-pillow/Pillow-5.4.1.tar.lz --rwxr-xr-x 1 root root 3589 2019-02-19 21:35 ./source/l/python-pillow/python-pillow.SlackBuild +drwxr-xr-x 2 root root 4096 2019-04-02 19:36 ./source/l/python-pillow +-rw-r--r-- 1 root root 455923 2019-04-01 22:25 ./source/l/python-pillow/Pillow-6.0.0.tar.lz +-rwxr-xr-x 1 root root 3589 2019-04-02 19:36 ./source/l/python-pillow/python-pillow.SlackBuild -rw-r--r-- 1 root root 991 2018-02-27 06:12 ./source/l/python-pillow/slack-desc drwxr-xr-x 2 root root 4096 2019-03-01 18:38 ./source/l/python-ply -rw-r--r-- 1 root root 121069 2018-02-15 19:01 ./source/l/python-ply/ply-3.11.tar.lz @@ -10772,12 +10776,12 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/n/vsftpd -rw-r--r-- 1 root root 315 2016-06-13 04:49 ./source/n/vsftpd/vsftpd.crypt.diff.gz -rw-r--r-- 1 root root 262 2018-05-07 21:11 ./source/n/vsftpd/vsftpd.link-with-openssl-1.1.diff.gz -rw-r--r-- 1 root root 115 2004-09-03 18:59 ./source/n/vsftpd/vsftpd.log.gz -drwxr-xr-x 2 root root 4096 2019-02-08 20:52 ./source/n/wget +drwxr-xr-x 2 root root 4096 2019-04-01 20:14 ./source/n/wget -rw-r--r-- 1 root root 264 2008-10-01 23:27 ./source/n/wget/doinst.sh.gz -rw-r--r-- 1 root root 849 2018-02-27 06:13 ./source/n/wget/slack-desc --rw-r--r-- 1 root root 2120611 2018-12-26 20:13 ./source/n/wget/wget-1.20.1.tar.lz --rw-r--r-- 1 root root 833 2018-12-26 20:13 ./source/n/wget/wget-1.20.1.tar.lz.sig --rwxr-xr-x 1 root root 3891 2019-02-08 20:52 ./source/n/wget/wget.SlackBuild +-rw-r--r-- 1 root root 2134961 2019-04-01 18:33 ./source/n/wget/wget-1.20.2.tar.lz +-rw-r--r-- 1 root root 854 2019-04-01 18:33 ./source/n/wget/wget-1.20.2.tar.lz.sig +-rwxr-xr-x 1 root root 3891 2019-04-01 20:15 ./source/n/wget/wget.SlackBuild drwxr-xr-x 2 root root 4096 2019-03-28 19:25 ./source/n/whois -rw-r--r-- 1 root root 820 2019-03-28 19:25 ./source/n/whois/slack-desc -rwxr-xr-x 1 root root 2904 2019-03-28 19:25 ./source/n/whois/whois.SlackBuild @@ -12437,12 +12441,12 @@ drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/pidgin -rw-r--r-- 1 root root 604129 2010-05-18 16:51 ./source/xap/pidgin/pidgin-encryption-3.1.tar.gz -rwxr-xr-x 1 root root 7550 2018-09-18 22:04 ./source/xap/pidgin/pidgin.SlackBuild -rw-r--r-- 1 root root 920 2018-02-27 06:13 ./source/xap/pidgin/slack-desc -drwxr-xr-x 2 root root 4096 2019-01-02 22:46 ./source/xap/rdesktop --rw-r--r-- 1 root root 250484 2019-01-02 14:21 ./source/xap/rdesktop/rdesktop-1.8.4.tar.xz --rwxr-xr-x 1 root root 3809 2019-01-02 22:46 ./source/xap/rdesktop/rdesktop.SlackBuild --rw-r--r-- 1 root root 850 2018-02-27 06:13 ./source/xap/rdesktop/slack-desc -drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/rxvt-unicode --rw-r--r-- 1 root root 222 2018-03-31 17:18 ./source/xap/rxvt-unicode/rxvt-unicode-256color.desktop +drwxr-xr-x 2 root root 4096 2019-01-02 22:46 ./source/xap/rdesktop +-rw-r--r-- 1 root root 250484 2019-01-02 14:21 ./source/xap/rdesktop/rdesktop-1.8.4.tar.xz +-rwxr-xr-x 1 root root 3809 2019-01-02 22:46 ./source/xap/rdesktop/rdesktop.SlackBuild +-rw-r--r-- 1 root root 850 2018-02-27 06:13 ./source/xap/rdesktop/slack-desc +drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/rxvt-unicode +-rw-r--r-- 1 root root 222 2018-03-31 17:18 ./source/xap/rxvt-unicode/rxvt-unicode-256color.desktop -rw-r--r-- 1 root root 712702 2016-01-23 20:09 ./source/xap/rxvt-unicode/rxvt-unicode-9.22.tar.lz -rwxr-xr-x 1 root root 5651 2018-11-30 21:13 ./source/xap/rxvt-unicode/rxvt-unicode.SlackBuild -rw-r--r-- 1 root root 207 2018-03-31 17:17 ./source/xap/rxvt-unicode/rxvt-unicode.desktop diff --git a/recompress.sh b/recompress.sh index f95a743fb..048f2e1ff 100755 --- a/recompress.sh +++ b/recompress.sh @@ -704,6 +704,10 @@ gzip ./source/ap/seejpeg/seejpeg-1.10.diff gzip ./source/ap/cups/doinst.sh gzip ./source/ap/at/doinst.sh gzip ./source/ap/ghostscript/cidfmap +gzip ./source/ap/ghostscript/ghostscript-cve-2019-3835.patch +gzip ./source/ap/ghostscript/ghostscript-cve-2019-6116.patch +gzip ./source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch +gzip ./source/ap/ghostscript/ghostscript-cve-2019-3838.patch gzip ./source/ap/screen/52fix_screen_utf8_nfd.patch gzip ./source/ap/screen/60-revert-screenrc-change.diff gzip ./source/ap/screen/26source_encoding.patch diff --git a/source/a/shadow/adduser b/source/a/shadow/adduser index 482cb7500..49c11f87a 100644 --- a/source/a/shadow/adduser +++ b/source/a/shadow/adduser @@ -36,6 +36,9 @@ ########################################################################## # History # ########### +# v1.17 - 2019-04-01 +# * Re-invoking input requests when human error causes failure. <ttk> +# qv: https://www.linuxquestions.org/questions/slackware-14/adduser-shell-script-error-4175650984/ # v1.16 - 2018-07-22 # * Added input group. <pjv> # v1.15 - 2012-09-13 @@ -128,7 +131,7 @@ fi # This setting enables the 'recycling' of older unused UIDs. # When you userdel a user, it removes it from passwd and shadow but it will # never get used again unless you specify it expliticly -- useradd (appears to) just -# look at the last line in passwd and increment the uid. I like the idea of +# look at the last line in passwd and increment the uid. I like the idea of # recycling uids but you may have very good reasons not to (old forgotten # confidential files still on the system could then be owned by this new user). # We'll set this to no because this is what the original adduser shell script @@ -185,7 +188,7 @@ function check_group () { #: Read the login name for the new user :# # # Remember that most Mail Transfer Agents are case independant, so having -# 'uSer' and 'user' may cause confusion/things to break. Because of this, +# 'uSer' and 'user' may cause confusion/things to break. Because of this, # useradd from shadow-4.0.3 no longer accepts usernames containing uppercase, # and we must reject them, too. @@ -195,7 +198,9 @@ LOGIN="$1" needinput=yes while [ ! -z $needinput ]; do if [ -z "$LOGIN" ]; then - while [ -z "$LOGIN" ]; do LOGIN="$(get_input "Login name for new user []:")" ; done + while [ -z "$LOGIN" ]; do + LOGIN="$(get_input "Login name for new user []:")" + done fi grep "^${LOGIN}:" $pfile >/dev/null 2>&1 # ensure it's not already used if [ $? -eq 0 ]; then @@ -415,7 +420,7 @@ if [ $? -gt 0 ]; then exit 1 fi -# chown the home dir ? We can only do this once the useradd has +# chown the home dir? We can only do this once the useradd has # completed otherwise the user name doesn't exist. if [ ! -z "${CHOWNHOMEDIR}" ]; then chown "$LOGIN"."$( echo $GID | awk '{print $2}')" "${CHOWNHOMEDIR}" @@ -423,17 +428,19 @@ fi # Set the finger information $chfn "$LOGIN" -if [ $? -gt 0 ]; then - echo "- Warning: an error occurred while setting finger information" -fi +while [ $? -gt 0 ]; do + echo "- Warning: an error occurred while setting finger information." + echo " Please try again." + $chfn "$LOGIN" +done # Set a password $passwd "$LOGIN" -if [ $? -gt 0 ]; then - echo "* WARNING: An error occured while setting the password for" - echo " this account. Please manually investigate this *" - exit 1 -fi +while [ $? -gt 0 ]; do + echo "- Warning: An error occured while setting the password for" + echo " this account. Please try again." + $passwd "$LOGIN" +done # If it was created (it should have been!), set the permissions for that user's dir HME="$(echo "$HME" | awk '{print $2}')" # We have to remove the -g prefix diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild index c227b0f11..6fcb3f27e 100755 --- a/source/a/shadow/shadow.SlackBuild +++ b/source/a/shadow/shadow.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=shadow VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/ap/ghostscript/ghostscript-cve-2019-3835.patch b/source/ap/ghostscript/ghostscript-cve-2019-3835.patch new file mode 100644 index 000000000..07e14e537 --- /dev/null +++ b/source/ap/ghostscript/ghostscript-cve-2019-3835.patch @@ -0,0 +1,615 @@ +From 779664d79f0dca77dbdd66b753679bfd12dcbbad Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Mon, 26 Nov 2018 18:01:25 +0000 +Subject: [PATCH 1/4] Have gs_cet.ps run from gs_init.ps + +Previously gs_cet.ps was run on the command line, to set up the interpreter +state so our output more closely matches the example output for the QL CET +tests. + +Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the +file directly. + +This works better for gpdl as it means the changes are made in the intial +interpreter state, rather than after initialisation is complete. + +This also means adding a definition of the default procedure for black +generation and under color removal (rather it being defined in-line in +.setdefaultbgucr + +Also, add a check so gs_cet.ps only runs once - if we try to run it a second +time, we'll just skip over the file, flushing through to the end. +--- + Resource/Init/gs_cet.ps | 11 ++++++++++- + Resource/Init/gs_init.ps | 13 ++++++++++++- + 2 files changed, 22 insertions(+), 2 deletions(-) + +diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps +index d3e1686..75534bb 100644 +--- a/Resource/Init/gs_cet.ps ++++ b/Resource/Init/gs_cet.ps +@@ -1,6 +1,11 @@ + %!PS + % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET + ++systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq ++{ ++ (%END GS_CET) .skipeof ++} if ++ + % do this in the server level so it is persistent across jobs + //true 0 startjob not { + (*** Warning: CET startup is not in server default) = flush +@@ -25,7 +30,9 @@ currentglobal //true setglobal + + /UNROLLFORMS true def + +-{ } bind dup ++(%.defaultbgrucrproc) cvn { } bind def ++ ++(%.defaultbgrucrproc) cvn load dup + setblackgeneration + setundercolorremoval + 0 array cvx readonly dup dup dup setcolortransfer +@@ -109,3 +116,5 @@ userdict /.smoothness currentsmoothness put + % end of slightly nasty hack to give consistent cluster results + + //false 0 startjob pop % re-enter encapsulated mode ++ ++%END GS_CET +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index d9a0829..152e98a 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -1544,10 +1544,18 @@ setpacking + % any-part-of-pixel rule. + 0.5 .setfilladjust + } bind def ++ + % Set the default screen and BG/UCR. ++% We define the proc here, rather than inline in .setdefaultbgucr ++% for the benefit of gs_cet.ps so jobs that do anything that causes ++% .setdefaultbgucr to be called will still get the redefined proc ++% in gs_cet.ps ++(%.defaultbgrucrproc) cvn { pop 0 } def ++ + /.setdefaultbgucr { + systemdict /setblackgeneration known { +- { pop 0 } dup setblackgeneration setundercolorremoval ++ (%.defaultbgrucrproc) cvn load dup ++ setblackgeneration setundercolorremoval + } if + } bind def + /.useloresscreen { % - .useloresscreen <bool> +@@ -2499,4 +2507,7 @@ WRITESYSTEMDICT { + % be 'true' in some cases. + userdict /AGM_preserve_spots //false put + ++systemdict /CETMODE .knownget ++{ { (gs_cet.ps) runlibfile } if } if ++ + % The interpreter will run the initial procedure (start). +-- +2.20.1 + + +From e8acf6d1aa1fc92f453175509bfdad6f2b12dc73 Mon Sep 17 00:00:00 2001 +From: Nancy Durgin <nancy.durgin@artifex.com> +Date: Thu, 14 Feb 2019 10:09:00 -0800 +Subject: [PATCH 2/4] Undef /odef in gs_init.ps + +Made a new temporary utility function in gs_cet.ps (.odef) to use instead +of /odef. This makes it fine to undef odef with all the other operators in +gs_init.ps + +This punts the bigger question of what to do with .makeoperator, but it +doesn't make the situation any worse than it already was. +--- + Resource/Init/gs_cet.ps | 10 ++++++++-- + Resource/Init/gs_init.ps | 1 + + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps +index 75534bb..dbc5c4e 100644 +--- a/Resource/Init/gs_cet.ps ++++ b/Resource/Init/gs_cet.ps +@@ -1,6 +1,10 @@ + %!PS + % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET + ++/.odef { % <name> <proc> odef - ++ 1 index exch .makeoperator def ++} bind def ++ + systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq + { + (%END GS_CET) .skipeof +@@ -93,8 +97,8 @@ userdict /.smoothness currentsmoothness put + } { + /setsmoothness .systemvar /typecheck signalerror + } ifelse +-} bind odef +-/currentsmoothness { userdict /.smoothness get } bind odef % for 09-55.PS, 09-57.PS . ++} bind //.odef exec ++/currentsmoothness { userdict /.smoothness get } bind //.odef exec % for 09-55.PS, 09-57.PS . + + % slightly nasty hack to give consistent cluster results + /ofnfa systemdict /filenameforall get def +@@ -113,6 +117,8 @@ userdict /.smoothness currentsmoothness put + } ifelse + ofnfa + } bind def ++ ++currentdict /.odef undef + % end of slightly nasty hack to give consistent cluster results + + //false 0 startjob pop % re-enter encapsulated mode +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index 152e98a..723c447 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2263,6 +2263,7 @@ SAFER { .setsafeglobal } if + /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams + /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath /.currentoutputdevice + /.type /.writecvs /.setSMask /.currentSMask /.needinput /.countexecstack /.execstack /.applypolicies ++ /odef + + % Used by a free user in the Library of Congress. Apparently this is used to + % draw a partial page, which is then filled in by the results of a barcode +-- +2.20.1 + + +From 205591753126802da850ada6511a0ff8411aa287 Mon Sep 17 00:00:00 2001 +From: Ray Johnston <ray.johnston@artifex.com> +Date: Thu, 14 Feb 2019 10:20:03 -0800 +Subject: [PATCH 3/4] Fix bug 700585: Restrict superexec and remove it from + internals and gs_cet.ps + +Also while changing things, restructure the CETMODE so that it will +work with -dSAFER. The gs_cet.ps is now run when we are still at save +level 0 with systemdict writeable. Allows us to undefine .makeoperator +and .setCPSImode internal operators after CETMODE is handled. + +Change previous uses of superexec to using .forceput (with the usual +.bind executeonly to hide it). +--- + Resource/Init/gs_cet.ps | 39 ++++++++++++++------------------------- + Resource/Init/gs_dps1.ps | 2 +- + Resource/Init/gs_fonts.ps | 8 ++++---- + Resource/Init/gs_init.ps | 38 +++++++++++++++++++++++++++----------- + Resource/Init/gs_ttf.ps | 8 ++++---- + Resource/Init/gs_type1.ps | 6 +++--- + 6 files changed, 53 insertions(+), 48 deletions(-) + +diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps +index dbc5c4e..58da404 100644 +--- a/Resource/Init/gs_cet.ps ++++ b/Resource/Init/gs_cet.ps +@@ -1,37 +1,28 @@ +-%!PS + % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET + +-/.odef { % <name> <proc> odef - +- 1 index exch .makeoperator def +-} bind def +- ++% skip if we've already run this -- based on fake "product" + systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq + { + (%END GS_CET) .skipeof + } if + +-% do this in the server level so it is persistent across jobs +-//true 0 startjob not { +- (*** Warning: CET startup is not in server default) = flush +-} if ++% Note: this must be run at save level 0 and when systemdict is writeable ++currentglobal //true setglobal ++systemdict dup dup dup ++/version (3017.102) readonly .forceput % match CPSI 3017.102 ++/product (PhotoPRINT SE 5.0v2) readonly .forceput % match CPSI 3017.102 ++/revision 0 put % match CPSI 3017.103 Tek shows revision 5 ++/serialnumber dup {233640} readonly .makeoperator .forceput % match CPSI 3017.102 Tek shows serialnumber 1401788461 ++ ++systemdict /.odef { % <name> <proc> odef - ++ 1 index exch //.makeoperator def ++} .bind .forceput % this will be undefined at the end + + 300 .sethiresscreen % needed for language switch build since it + % processes gs_init.ps BEFORE setting the resolution + + 0 array 0 setdash % CET 09-08 wants local setdash + +-currentglobal //true setglobal +- +-{ +- systemdict dup dup dup +- /version (3017.102) readonly put % match CPSI 3017.102 +- /product (PhotoPRINT SE 5.0v2) readonly put % match CPSI 3017.102 +- /revision 0 put % match CPSI 3017.103 Tek shows revision 5 +- /serialnumber dup {233640} readonly .makeoperator put % match CPSI 3017.102 Tek shows serialnumber 1401788461 +- systemdict /deviceinfo undef % for CET 20-23-1 +-% /UNROLLFORMS true put % CET files do unreasonable things inside forms +-} 1183615869 internaldict /superexec get exec +- + /UNROLLFORMS true def + + (%.defaultbgrucrproc) cvn { } bind def +@@ -118,9 +109,7 @@ userdict /.smoothness currentsmoothness put + ofnfa + } bind def + +-currentdict /.odef undef +-% end of slightly nasty hack to give consistent cluster results +- +-//false 0 startjob pop % re-enter encapsulated mode ++systemdict /.odef .undef + ++% end of slightly nasty hack to give consistent cluster results + %END GS_CET +diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps +index b75ea14..01475ac 100644 +--- a/Resource/Init/gs_dps1.ps ++++ b/Resource/Init/gs_dps1.ps +@@ -85,7 +85,7 @@ level2dict begin + % definition, copy it into the local directory. + //systemdict /SharedFontDirectory .knownget + { 1 index .knownget +- { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly ++ { //.FontDirectory 2 index 3 -1 roll .forceput } % readonly + if + } + if +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index c13a2fc..787dc07 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -512,11 +512,11 @@ buildfontdict 3 /.buildfont3 cvx put + % the font in LocalFontDirectory. + .currentglobal + { //systemdict /LocalFontDirectory .knownget +- { 2 index 2 index { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly ++ { 2 index 2 index .forceput } % readonly + if + } + if +- dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly ++ dup //.FontDirectory 4 -2 roll .forceput % readonly + % If the font originated as a resource, register it. + currentfile .currentresourcefile eq { dup .registerfont } if + readonly +@@ -1179,13 +1179,13 @@ currentdict /.putgstringcopy .undef + //.FontDirectory 1 index known not { + 2 dict dup /FontName 3 index put + dup /FontType 1 put +- //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly ++ //.FontDirectory 3 1 roll //.forceput exec % readonly + } { + pop + } ifelse + } forall + } forall +- } ++ } executeonly % hide .forceput + FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined + + % Install initial fonts from Fontmap. +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index 723c447..7ab8c6c 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2194,9 +2194,6 @@ SAFER { .setsafeglobal } if + /.endtransparencygroup % transparency-example.ps + /.setdotlength % Bug687720.ps + /.sort /.setdebug /.mementolistnewblocks /getenv +- +- /.makeoperator /.setCPSImode % gs_cet.ps, this won't work on cluster with -dSAFER +- + /unread + ] + {systemdict exch .forceundef} forall +@@ -2276,7 +2273,6 @@ SAFER { .setsafeglobal } if + + % Used by our own test suite files + %/.fileposition %image-qa.ps +- %/.makeoperator /.setCPSImode % gs_cet.ps + + % Either our code uses these in ways which mean they can't be undefined, or they are used directly by + % test files/utilities, or engineers expressed a desire to keep them visible. +@@ -2464,6 +2460,16 @@ end + /vmreclaim where + { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if + } if ++ ++% Do this before systemdict is locked (see below for additional CETMODE setup using gs_cet.ps) ++systemdict /CETMODE .knownget { ++ { ++ (gs_cet.ps) runlibfile ++ } if ++} if ++systemdict /.makeoperator .undef % must be after gs_cet.ps ++systemdict /.setCPSImode .undef % must be after gs_cet.ps ++ + DELAYBIND not { + systemdict /.bindnow .undef % We only need this for DELAYBIND + systemdict /.forcecopynew .undef % remove temptation +@@ -2472,16 +2478,29 @@ DELAYBIND not { + systemdict /.forceundef .undef % ditto + } if + +-% Move superexec to internaldict if superexec is defined. +-systemdict /superexec .knownget { +- 1183615869 internaldict /superexec 3 -1 roll put +- systemdict /superexec .undef ++% Move superexec to internaldict if superexec is defined. (Level 2 or later) ++systemdict /superexec known { ++ % restrict superexec to single known use by PScript5.dll ++ % We could do this only for SAFER mode, but internaldict and superexec are ++ % not very well documented, and we don't want them to be used. ++ 1183615869 internaldict /superexec { ++ 2 index /Private eq % first check for typical use in PScript5.dll ++ 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec ++ 1 index 0 get systemdict /put get eq and ++ { ++ //superexec exec % the only usage we allow ++ } { ++ /superexec load /invalidaccess signalerror ++ } ifelse ++ } bind cvx executeonly put ++ systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator + } if + + % Can't remove this one until the last minute :-) + DELAYBIND not { + systemdict /.undef .undef + } if ++ + WRITESYSTEMDICT { + SAFER { + (\n *** WARNING - you have selected SAFER, indicating you want Ghostscript\n) print +@@ -2508,7 +2527,4 @@ WRITESYSTEMDICT { + % be 'true' in some cases. + userdict /AGM_preserve_spots //false put + +-systemdict /CETMODE .knownget +-{ { (gs_cet.ps) runlibfile } if } if +- + % The interpreter will run the initial procedure (start). +diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps +index 05943c5..064b6c8 100644 +--- a/Resource/Init/gs_ttf.ps ++++ b/Resource/Init/gs_ttf.ps +@@ -1421,7 +1421,7 @@ mark + TTFDEBUG { (\n1 setting alias: ) print dup ==only + ( to be the same as ) print 2 index //== exec } if + +- 7 index 2 index 3 -1 roll exch //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse ++ 7 index 2 index 3 -1 roll exch .forceput + } forall + pop pop pop + } +@@ -1439,7 +1439,7 @@ mark + exch pop + TTFDEBUG { (\n2 setting alias: ) print 1 index ==only + ( to use glyph index: ) print dup //== exec } if +- 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse ++ 5 index 3 1 roll .forceput + //false + } + { +@@ -1456,7 +1456,7 @@ mark + { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer) + TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only + ( to be index: ) print dup //== exec } if +- exch pop 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse ++ exch pop 5 index 3 1 roll .forceput + } + { + pop pop +@@ -1486,7 +1486,7 @@ mark + } ifelse + ] + TTFDEBUG { (Encoding: ) print dup === flush } if +-} bind def ++} .bind executeonly odef % hides .forceput + + % to be removed 9.09...... + currentdict /postalias undef +diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps +index 96e1ced..61f5269 100644 +--- a/Resource/Init/gs_type1.ps ++++ b/Resource/Init/gs_type1.ps +@@ -116,7 +116,7 @@ + { % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname aglname + CFFDEBUG { (\nsetting alias: ) print dup ==only + ( to be the same as glyph: ) print 1 index //== exec } if +- 3 index exch 3 index //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse ++ 3 index exch 3 index .forceput + % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname + } + {pop} ifelse +@@ -135,7 +135,7 @@ + 3 1 roll pop pop + } if + pop +- dup /.AGLprocessed~GS //true //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse ++ dup /.AGLprocessed~GS //true .forceput + } if + + %% We need to excute the C .buildfont1 in a stopped context so that, if there +@@ -148,7 +148,7 @@ + {//.buildfont1} stopped + 4 3 roll .setglobal + {//.buildfont1 $error /errorname get signalerror} if +- } bind def ++ } .bind executeonly def % hide .forceput + + % If the diskfont feature isn't included, define a dummy .loadfontdict. + /.loadfontdict where +-- +2.20.1 + + +From d683d1e6450d74619e6277efeebfc222d9a5cb91 Mon Sep 17 00:00:00 2001 +From: Ray Johnston <ray.johnston@artifex.com> +Date: Sun, 24 Feb 2019 22:01:04 -0800 +Subject: [PATCH 4/4] Bug 700585: Obliterate "superexec". We don't need it, nor + do any known apps. + +We were under the impression that the Windows driver 'PScript5.dll' used +superexec, but after testing with our extensive suite of PostScript file, +and analysis of the PScript5 "Adobe CoolType ProcSet, it does not appear +that this operator is needed anymore. Get rid of superexec and all of the +references to it, since it is a potential security hole. +--- + Resource/Init/gs_init.ps | 18 ------------------ + psi/icontext.c | 1 - + psi/icstate.h | 1 - + psi/zcontrol.c | 30 ------------------------------ + psi/zdict.c | 6 ++---- + psi/zgeneric.c | 3 +-- + 6 files changed, 3 insertions(+), 56 deletions(-) + +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index 7ab8c6c..af881b5 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2478,24 +2478,6 @@ DELAYBIND not { + systemdict /.forceundef .undef % ditto + } if + +-% Move superexec to internaldict if superexec is defined. (Level 2 or later) +-systemdict /superexec known { +- % restrict superexec to single known use by PScript5.dll +- % We could do this only for SAFER mode, but internaldict and superexec are +- % not very well documented, and we don't want them to be used. +- 1183615869 internaldict /superexec { +- 2 index /Private eq % first check for typical use in PScript5.dll +- 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec +- 1 index 0 get systemdict /put get eq and +- { +- //superexec exec % the only usage we allow +- } { +- /superexec load /invalidaccess signalerror +- } ifelse +- } bind cvx executeonly put +- systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator +-} if +- + % Can't remove this one until the last minute :-) + DELAYBIND not { + systemdict /.undef .undef +diff --git a/psi/icontext.c b/psi/icontext.c +index 1fbe486..7462ea3 100644 +--- a/psi/icontext.c ++++ b/psi/icontext.c +@@ -151,7 +151,6 @@ context_state_alloc(gs_context_state_t ** ppcst, + pcst->rand_state = rand_state_initial; + pcst->usertime_total = 0; + pcst->keep_usertime = false; +- pcst->in_superexec = 0; + pcst->plugin_list = 0; + make_t(&pcst->error_object, t__invalid); + { /* +diff --git a/psi/icstate.h b/psi/icstate.h +index 4c6a14d..1009d85 100644 +--- a/psi/icstate.h ++++ b/psi/icstate.h +@@ -54,7 +54,6 @@ struct gs_context_state_s { + long usertime_total; /* total accumulated usertime, */ + /* not counting current time if running */ + bool keep_usertime; /* true if context ever executed usertime */ +- int in_superexec; /* # of levels of superexec */ + /* View clipping is handled in the graphics state. */ + ref error_object; /* t__invalid or error object from operator */ + ref userparams; /* t_dictionary */ +diff --git a/psi/zcontrol.c b/psi/zcontrol.c +index 0362cf4..dc813e8 100644 +--- a/psi/zcontrol.c ++++ b/psi/zcontrol.c +@@ -158,34 +158,6 @@ zexecn(i_ctx_t *i_ctx_p) + return o_push_estack; + } + +-/* <obj> superexec - */ +-static int end_superexec(i_ctx_t *); +-static int +-zsuperexec(i_ctx_t *i_ctx_p) +-{ +- os_ptr op = osp; +- es_ptr ep; +- +- check_op(1); +- if (!r_has_attr(op, a_executable)) +- return 0; /* literal object just gets pushed back */ +- check_estack(2); +- ep = esp += 3; +- make_mark_estack(ep - 2, es_other, end_superexec); /* error case */ +- make_op_estack(ep - 1, end_superexec); /* normal case */ +- ref_assign(ep, op); +- esfile_check_cache(); +- pop(1); +- i_ctx_p->in_superexec++; +- return o_push_estack; +-} +-static int +-end_superexec(i_ctx_t *i_ctx_p) +-{ +- i_ctx_p->in_superexec--; +- return 0; +-} +- + /* <array> <executable> .runandhide <obj> */ + /* before executing <executable>, <array> is been removed from */ + /* the operand stack and placed on the execstack with attributes */ +@@ -971,8 +943,6 @@ const op_def zcontrol3_op_defs[] = { + {"0%loop_continue", loop_continue}, + {"0%repeat_continue", repeat_continue}, + {"0%stopped_push", stopped_push}, +- {"1superexec", zsuperexec}, +- {"0%end_superexec", end_superexec}, + {"2.runandhide", zrunandhide}, + {"0%end_runandhide", end_runandhide}, + op_def_end(0) +diff --git a/psi/zdict.c b/psi/zdict.c +index b0deaaa..e2e525d 100644 +--- a/psi/zdict.c ++++ b/psi/zdict.c +@@ -212,8 +212,7 @@ zundef(i_ctx_t *i_ctx_p) + int code; + + check_type(*op1, t_dictionary); +- if (i_ctx_p->in_superexec == 0) +- check_dict_write(*op1); ++ check_dict_write(*op1); + code = idict_undef(op1, op); + if (code < 0 && code != gs_error_undefined) /* ignore undefined error */ + return code; +@@ -504,8 +503,7 @@ zsetmaxlength(i_ctx_t *i_ctx_p) + int code; + + check_type(*op1, t_dictionary); +- if (i_ctx_p->in_superexec == 0) +- check_dict_write(*op1); ++ check_dict_write(*op1); + check_type(*op, t_integer); + if (op->value.intval < 0) + return_error(gs_error_rangecheck); +diff --git a/psi/zgeneric.c b/psi/zgeneric.c +index 8048e28..d4edddb 100644 +--- a/psi/zgeneric.c ++++ b/psi/zgeneric.c +@@ -204,8 +204,7 @@ zput(i_ctx_t *i_ctx_p) + + switch (r_type(op2)) { + case t_dictionary: +- if (i_ctx_p->in_superexec == 0) +- check_dict_write(*op2); ++ check_dict_write(*op2); + { + int code = idict_put(op2, op1, op); + +-- +2.20.1 + diff --git a/source/ap/ghostscript/ghostscript-cve-2019-3838.patch b/source/ap/ghostscript/ghostscript-cve-2019-3838.patch new file mode 100644 index 000000000..0ba1e876b --- /dev/null +++ b/source/ap/ghostscript/ghostscript-cve-2019-3838.patch @@ -0,0 +1,56 @@ +From ed9fcd95bb01f0768bf273b2526732e381202319 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 20 Feb 2019 09:54:28 +0000 +Subject: [PATCH 1/2] Bug 700576: Make a transient proc executeonly (in + DefineResource). + +This prevents access to .forceput + +Solution originally suggested by cbuissar@redhat.com. +--- + Resource/Init/gs_res.ps | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index d9b3459..b646329 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -425,7 +425,7 @@ status { + % so we have to use .forcedef here. + /.Instances 1 index .forcedef % Category dict is read-only + } executeonly if +- } ++ } executeonly + { .LocalInstances dup //.emptydict eq + { pop 3 dict localinstancedict Category 2 index put + } +-- +2.20.1 + + +From a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 22 Feb 2019 12:28:23 +0000 +Subject: [PATCH 2/2] Bug 700576(redux): an extra transient proc needs + executeonly'ed. + +--- + Resource/Init/gs_res.ps | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index b646329..8c1f29f 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -437,7 +437,7 @@ status { + % Now make the resource value read-only. + 0 2 copy get { readonly } .internalstopped pop + dup 4 1 roll put exch pop exch pop +- } ++ } executeonly + { /defineresource cvx /typecheck signaloperror + } + ifelse +-- +2.20.1 + diff --git a/source/ap/ghostscript/ghostscript-cve-2019-6116.patch b/source/ap/ghostscript/ghostscript-cve-2019-6116.patch new file mode 100644 index 000000000..1246039ea --- /dev/null +++ b/source/ap/ghostscript/ghostscript-cve-2019-6116.patch @@ -0,0 +1,770 @@ +From 13b0a36f8181db66a91bcc8cea139998b53a8996 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 5 Dec 2018 12:22:13 +0000 +Subject: [PATCH 1/4] Sanitize op stack for error conditions + +We save the stacks to an array and store the array for the error handler to +access. + +For SAFER, we traverse the array, and deep copy any op arrays (procedures). As +we make these copies, we check for operators that do *not* exist in systemdict, +when we find one, we replace the operator with a name object (of the form +"/--opname--"). +--- + psi/int.mak | 3 +- + psi/interp.c | 8 ++++++ + psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + psi/istack.h | 3 ++ + 4 files changed, 91 insertions(+), 1 deletion(-) + +diff --git a/psi/int.mak b/psi/int.mak +index 6ab5bf0..6b349cb 100644 +--- a/psi/int.mak ++++ b/psi/int.mak +@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\ + $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\ + $(ierrors_h) $(gsstruct_h) $(gsutil_h)\ + $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\ +- $(store_h) $(INT_MAK) $(MAKEDIRS) ++ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \ ++ $(INT_MAK) $(MAKEDIRS) + $(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c + + $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\ +diff --git a/psi/interp.c b/psi/interp.c +index 6dc0dda..aa5779c 100644 +--- a/psi/interp.c ++++ b/psi/interp.c +@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) + uint size = ref_stack_count(pstack) - skip; + uint save_space = ialloc_space(idmemory); + int code, i; ++ ref *safety, *safe; + + if (size > 65535) + size = 65535; +@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) + make_null(&arr->value.refs[i]); + } + } ++ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 && ++ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) && ++ safe->value.boolval == true) { ++ code = ref_stack_array_sanitize(i_ctx_p, arr, arr); ++ if (code < 0) ++ return code; ++ } + ialloc_set_space(idmemory, save_space); + return code; + } +diff --git a/psi/istack.c b/psi/istack.c +index 8fe151f..f1a3e51 100644 +--- a/psi/istack.c ++++ b/psi/istack.c +@@ -27,6 +27,10 @@ + #include "iutil.h" + #include "ivmspace.h" /* for local/global test */ + #include "store.h" ++#include "icstate.h" ++#include "iname.h" ++#include "dstack.h" ++#include "idict.h" + + /* Forward references */ + static void init_block(ref_stack_t *pstack, const ref *pblock_array, +@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count, + return 0; + } + ++int ++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr) ++{ ++ int i, code; ++ ref obj, arr2; ++ ref *pobj2; ++ gs_memory_t *mem = (gs_memory_t *)idmemory->current; ++ ++ if (!r_is_array(sarr) || !r_has_type(darr, t_array)) ++ return_error(gs_error_typecheck); ++ ++ for (i = 0; i < r_size(sarr); i++) { ++ code = array_get(mem, sarr, i, &obj); ++ if (code < 0) ++ make_null(&obj); ++ switch(r_type(&obj)) { ++ case t_operator: ++ { ++ int index = op_index(&obj); ++ ++ if (index > 0 && index < op_def_count) { ++ const byte *data = (const byte *)(op_index_def(index)->oname + 1); ++ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) { ++ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize"); ++ if (s) { ++ s[0] = '\0'; ++ strcpy((char *)s, "--"); ++ strcpy((char *)s + 2, (char *)data); ++ strcpy((char *)s + strlen((char *)data) + 2, "--"); ++ } ++ else { ++ s = (byte *)data; ++ } ++ code = name_ref(imemory, s, strlen((char *)s), &obj, 1); ++ if (code < 0) make_null(&obj); ++ if (s != data) ++ gs_free_object(mem, s, "ref_stack_array_sanitize"); ++ } ++ } ++ else { ++ make_null(&obj); ++ } ++ ref_assign(darr->value.refs + i, &obj); ++ break; ++ } ++ case t_array: ++ case t_shortarray: ++ case t_mixedarray: ++ { ++ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable); ++ /* We only want to copy executable arrays */ ++ if (attrs & (a_execute | a_executable)) { ++ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize"); ++ if (code < 0) { ++ make_null(&arr2); ++ } ++ else { ++ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2); ++ } ++ ref_assign(darr->value.refs + i, &arr2); ++ } ++ else { ++ ref_assign(darr->value.refs + i, &obj); ++ } ++ break; ++ } ++ default: ++ ref_assign(darr->value.refs + i, &obj); ++ } ++ } ++ return 0; ++} ++ ++ + /* + * Store the top 'count' elements of a stack, starting 'skip' elements below + * the top, into an array, with or without store/undo checking. age=-1 for +diff --git a/psi/istack.h b/psi/istack.h +index 051dcbe..54be405 100644 +--- a/psi/istack.h ++++ b/psi/istack.h +@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count, + uint skip, int age, bool check, + gs_dual_memory_t *idmem, client_name_t cname); + ++int ++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr); ++ + /* + * Pop the top N elements off a stack. + * The number must not exceed the number of elements in use. +-- +2.20.1 + + +From 2db98f9c66135601efb103d8db7d020a672308db Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 13 Dec 2018 15:28:34 +0000 +Subject: [PATCH 2/4] Any transient procedures that call .force* operators + +(i.e. for conditionals or loops) make them executeonly. +--- + Resource/Init/gs_diskn.ps | 2 +- + Resource/Init/gs_dps1.ps | 4 ++-- + Resource/Init/gs_fntem.ps | 4 ++-- + Resource/Init/gs_fonts.ps | 12 ++++++------ + Resource/Init/gs_init.ps | 4 ++-- + Resource/Init/gs_lev2.ps | 11 ++++++----- + Resource/Init/gs_pdfwr.ps | 2 +- + Resource/Init/gs_res.ps | 4 ++-- + Resource/Init/gs_setpd.ps | 2 +- + Resource/Init/pdf_base.ps | 13 ++++++++----- + Resource/Init/pdf_draw.ps | 16 +++++++++------- + Resource/Init/pdf_font.ps | 6 +++--- + Resource/Init/pdf_main.ps | 4 ++-- + Resource/Init/pdf_ops.ps | 7 ++++--- + 14 files changed, 49 insertions(+), 42 deletions(-) + +diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps +index fd694bc..8bf2054 100644 +--- a/Resource/Init/gs_diskn.ps ++++ b/Resource/Init/gs_diskn.ps +@@ -51,7 +51,7 @@ systemdict begin + mark 5 1 roll ] mark exch { { } forall } forall ] + //systemdict /.searchabledevs 2 index .forceput + exch .setglobal +- } ++ } executeonly + if + } .bind executeonly odef % must be bound and hidden for .forceput + +diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps +index ec5db61..4fae283 100644 +--- a/Resource/Init/gs_dps1.ps ++++ b/Resource/Init/gs_dps1.ps +@@ -78,7 +78,7 @@ level2dict begin + .currentglobal + { % Current mode is global; delete from local directory too. + //systemdict /LocalFontDirectory .knownget +- { 1 index .forceundef } % LocalFontDirectory is readonly ++ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly + if + } + { % Current mode is local; if there was a shadowed global +@@ -126,7 +126,7 @@ level2dict begin + } + ifelse + } forall +- pop counttomark 2 idiv { .forceundef } repeat pop % readonly ++ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly + } + if + //SharedFontDirectory exch .forcecopynew pop +diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps +index c1f7651..6eb672a 100644 +--- a/Resource/Init/gs_fntem.ps ++++ b/Resource/Init/gs_fntem.ps +@@ -401,12 +401,12 @@ currentdict end def + .forceput % FontInfo can be read-only. + pop % bool <font> + exit +- } if ++ } executeonly if + dup /FontInfo get % bool <font> <FI> + /GlyphNames2Unicode /Unicode /Decoding findresource + .forceput % FontInfo can be read-only. + exit +- } loop ++ } executeonly loop + exch setglobal + } .bind executeonly odef % must be bound and hidden for .forceput + +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index 803faca..290da0c 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + /.setnativefontmapbuilt { % set whether we've been run + dup type /booleantype eq { + systemdict exch /.nativefontmapbuilt exch .forceput +- } ++ } executeonly + {pop} + ifelse + } .bind executeonly odef +@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put + { 2 index gcheck currentglobal + 2 copy eq { + pop pop .forceput +- } { ++ } executeonly { + 5 1 roll setglobal + dup length string copy + .forceput setglobal +- } ifelse ++ } executeonly ifelse + } .bind executeonly odef % must be bound and hidden for .forceput + + % Attempt to load a font from a file. +@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put + .FontDirectory 3 index .forceundef % readonly + 1 index (r) file .loadfont .FontDirectory exch + /.setglobal .systemvar exec +- } ++ } executeonly + { .loadfont .FontDirectory + } + ifelse +@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put + dup 3 index .fontknownget + { dup /PathLoad 4 index .putgstringcopy + 4 1 roll pop pop pop //true exit +- } if ++ } executeonly if + + % Maybe the file had a different FontName. + % See if we can get a FontName from the file, and if so, +@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put + ifelse % Stack: origfontname fontdict + exch pop //true exit + % Stack: fontdict +- } ++ } executeonly + if pop % Stack: origfontname fontdirectory path + } + if pop pop % Stack: origfontname +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index d733124..56c0bd2 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if + % Update the copy of the user parameters. + mark .currentuserparams counttomark 2 idiv { + userparams 3 1 roll .forceput % userparams is read-only +- } repeat pop ++ } executeonly repeat pop + % Turn on idiom recognition, if available. + currentuserparams /IdiomRecognition known { + /IdiomRecognition //true .definepsuserparam +@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if + % Remove real system params from pssystemparams. + mark .currentsystemparams counttomark 2 idiv { + pop pssystemparams exch .forceundef +- } repeat pop ++ } executeonly repeat pop + } if + + % Set up AlignToPixels : +diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps +index 44fe619..0f0d573 100644 +--- a/Resource/Init/gs_lev2.ps ++++ b/Resource/Init/gs_lev2.ps +@@ -154,7 +154,8 @@ end + % protect top level of parameters that we copied + dup type dup /arraytype eq exch /stringtype eq or { readonly } if + /userparams .systemvar 3 1 roll .forceput % userparams is read-only +- } { ++ } executeonly ++ { + pop pop + } ifelse + } forall +@@ -224,7 +225,7 @@ end + % protect top level parameters that we copied + dup type dup /arraytype eq exch /stringtype eq or { readonly } if + //pssystemparams 3 1 roll .forceput % pssystemparams is read-only +- } ++ } executeonly + { pop pop + } + ifelse +@@ -934,7 +935,7 @@ mark + dup /PaintProc get + 1 index /Implementation known not { + 1 index dup /Implementation //null .forceput readonly pop +- } if ++ } executeonly if + exec + }.bind odef + +@@ -958,7 +959,7 @@ mark + dup /PaintProc get + 1 index /Implementation known not { + 1 index dup /Implementation //null .forceput readonly pop +- } if ++ } executeonly if + /UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not + %% [CTM] <<Form>> PaintProc .beginform - + { +@@ -1005,7 +1006,7 @@ mark + %% Form dictioanry using the /Implementation key). + 1 dict dup /FormID 4 -1 roll put + 1 index exch /Implementation exch .forceput readonly pop +- } ++ } executeonly + ifelse + } + { +diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps +index 58e75d3..b425103 100644 +--- a/Resource/Init/gs_pdfwr.ps ++++ b/Resource/Init/gs_pdfwr.ps +@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef + } ifelse + } bind .makeoperator .forceput + systemdict /.pdf_hooked_DSC_Creator //true .forceput +- } if ++ } executeonly if + pop + } if + } { +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index 8eb8bb0..d9b3459 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -152,7 +152,7 @@ setglobal + % use .forceput / .forcedef later to replace the dummy, + % empty .Instances dictionary with the real one later. + readonly +- } { ++ }{ + /defineresource cvx /typecheck signaloperror + } ifelse + } bind executeonly odef +@@ -424,7 +424,7 @@ status { + % As noted above, Category dictionaries are read-only, + % so we have to use .forcedef here. + /.Instances 1 index .forcedef % Category dict is read-only +- } if ++ } executeonly if + } + { .LocalInstances dup //.emptydict eq + { pop 3 dict localinstancedict Category 2 index put +diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps +index e22597e..7875d1f 100644 +--- a/Resource/Init/gs_setpd.ps ++++ b/Resource/Init/gs_setpd.ps +@@ -634,7 +634,7 @@ NOMEDIAATTRS { + SETPDDEBUG { (Rolling back.) = pstack flush } if + 3 index 2 index 3 -1 roll .forceput + 4 index 1 index .knownget +- { 4 index 3 1 roll .forceput } ++ { 4 index 3 1 roll .forceput } executeonly + { 3 index exch .undef } + ifelse + } bind executeonly odef +diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps +index b45e980..7312729 100644 +--- a/Resource/Init/pdf_base.ps ++++ b/Resource/Init/pdf_base.ps +@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef + + /.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ? + PDFDEBUG { +- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if ++ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if + PDFSTEP { + pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput + PDFSTEPcount 1 gt { + pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput +- } { ++ } executeonly ++ { + dup ==only + ( step # ) print PDFtokencount =only + ( ? ) print flush 1 //false .outputpage + (%stdin) (r) file 255 string readline { + token { + exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput +- } { ++ } executeonly ++ { + pdfdict /PDFSTEPcount 1 .forceput +- } ifelse % token ++ } executeonly ifelse % token + } { + pop /PDFSTEP //false def % EOF on stdin + } ifelse % readline + } ifelse % PDFSTEPcount > 1 +- } { ++ } executeonly ++ { + dup ==only () = flush + } ifelse % PDFSTEP + } if % PDFDEBUG +diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps +index 6b0ba93..40c6ac8 100644 +--- a/Resource/Init/pdf_draw.ps ++++ b/Resource/Init/pdf_draw.ps +@@ -1118,14 +1118,14 @@ currentdict end readonly def + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } + { + currentglobal pdfdict gcheck .setglobal + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + end + } ifelse + } loop +@@ -1141,14 +1141,14 @@ currentdict end readonly def + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } + { + currentglobal pdfdict gcheck .setglobal + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } if + pop + +@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef + /IncrementAppearanceNumber { + pdfdict /AppearanceNumber .knownget { + 1 add pdfdict /AppearanceNumber 3 -1 roll .forceput +- }{ ++ } executeonly ++ { + pdfdict /AppearanceNumber 0 .forceput +- } ifelse ++ } executeonly ifelse + }bind executeonly odef + + /MakeAppearanceName { +@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef + %% want to preserve it. + pdfdict /.PreservePDFForm false .forceput + /q cvx /execform cvx 5 -2 roll +- }{ ++ } executeonly ++ { + /q cvx /PDFexecform cvx 5 -2 roll + } ifelse + +diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps +index bea9ea9..4cd62b9 100644 +--- a/Resource/Init/pdf_font.ps ++++ b/Resource/Init/pdf_font.ps +@@ -714,7 +714,7 @@ currentdict end readonly def + pop pop pop + currentdict /.stackdepth .forceundef + currentdict /.dstackdepth .forceundef +- } ++ } executeonly + {pop pop pop} + ifelse + +@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef + (\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) + pdfformatwarning + pdfdict /.Qqwarning_issued //true .forceput +- } if ++ } executeonly if + Q + } repeat + Q +@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef + /CIDFallBack /CIDFont findresource + } if + exit +- } if ++ } executeonly if + } if + } if + +diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps +index 00da47a..37e69b3 100644 +--- a/Resource/Init/pdf_main.ps ++++ b/Resource/Init/pdf_main.ps +@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } + { + currentglobal pdfdict gcheck .setglobal + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } if + } if + pop +diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps +index 8672d61..aa09641 100644 +--- a/Resource/Init/pdf_ops.ps ++++ b/Resource/Init/pdf_ops.ps +@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } + { + currentglobal pdfdict gcheck .setglobal + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } if + } bind executeonly odef + +@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef + dup type /booleantype eq { + .currentSMask type /dicttype eq { + .currentSMask /Processed 2 index .forceput +- } { ++ } executeonly ++ { + .setSMask + }ifelse + }{ +-- +2.20.1 + + +From 99f13091a3f309bdc95d275ea9fec10bb9f42d9a Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Sat, 15 Dec 2018 09:08:32 +0000 +Subject: [PATCH 3/4] Bug700317: Fix logic for an older change + +Unlike almost every other function in gs, dict_find_string() returns 1 on +success 0 or <0 on failure. The logic for this case was wrong. +--- + psi/interp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/psi/interp.c b/psi/interp.c +index aa5779c..f6c45bb 100644 +--- a/psi/interp.c ++++ b/psi/interp.c +@@ -703,7 +703,7 @@ again: + * i.e. it's an internal operator we have hidden + */ + code = dict_find_string(systemdict, (const char *)bufptr, &tobj); +- if (code < 0) { ++ if (code <= 0) { + buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-'; + rlen += 4; + bufptr = buf; +-- +2.20.1 + + +From 59d8f4deef90c1598ff50616519d5576756b4495 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Tue, 18 Dec 2018 10:42:10 +0000 +Subject: [PATCH 4/4] Harden some uses of .force* operators + +by adding a few immediate evalutions +--- + Resource/Init/gs_dps1.ps | 4 ++-- + Resource/Init/gs_fonts.ps | 20 ++++++++++---------- + Resource/Init/gs_init.ps | 6 +++--- + 3 files changed, 15 insertions(+), 15 deletions(-) + +diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps +index 4fae283..b75ea14 100644 +--- a/Resource/Init/gs_dps1.ps ++++ b/Resource/Init/gs_dps1.ps +@@ -74,7 +74,7 @@ level2dict begin + } odef + % undefinefont has to take local/global VM into account. + /undefinefont % <fontname> undefinefont - +- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly ++ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly + .currentglobal + { % Current mode is global; delete from local directory too. + //systemdict /LocalFontDirectory .knownget +@@ -85,7 +85,7 @@ level2dict begin + % definition, copy it into the local directory. + //systemdict /SharedFontDirectory .knownget + { 1 index .knownget +- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly ++ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly + if + } + if +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index 290da0c..c13a2fc 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put + if + } + if +- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly ++ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly + % If the font originated as a resource, register it. + currentfile .currentresourcefile eq { dup .registerfont } if + readonly +@@ -943,7 +943,7 @@ $error /SubstituteFont { } put + % Try to find a font using only the present contents of Fontmap. + /.tryfindfont { % <fontname> .tryfindfont <font> true + % <fontname> .tryfindfont false +- .FontDirectory 1 index .fontknownget ++ //.FontDirectory 1 index .fontknownget + { % Already loaded + exch pop //true + } +@@ -975,7 +975,7 @@ $error /SubstituteFont { } put + { % Font with a procedural definition + exec % The procedure will load the font. + % Check to make sure this really happened. +- .FontDirectory 1 index .knownget ++ //.FontDirectory 1 index .knownget + { exch pop //true exit } + if + } +@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put + % because it's different depending on language level. + .currentglobal exch /.setglobal .systemvar exec + % Remove the fake definition, if any. +- .FontDirectory 3 index .forceundef % readonly +- 1 index (r) file .loadfont .FontDirectory exch ++ //.FontDirectory 3 index .forceundef % readonly ++ 1 index (r) file .loadfont //.FontDirectory exch + /.setglobal .systemvar exec + } executeonly +- { .loadfont .FontDirectory ++ { .loadfont //.FontDirectory + } + ifelse + % Stack: fontname fontfilename fontdirectory +@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put + % Stack: origfontname fontdirectory filefontname fontdict + 3 -1 roll pop + % Stack: origfontname filefontname fontdict +- dup /FontName get dup FontDirectory exch .forceundef +- GlobalFontDirectory exch .forceundef ++ dup /FontName get dup //.FontDirectory exch .forceundef ++ /GlobalFontDirectory .systemvar exch .forceundef + dup length dict .copydict dup 3 index /FontName exch put + 2 index exch definefont + exch +@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef + { + { + pop dup type /stringtype eq { cvn } if +- .FontDirectory 1 index known not { ++ //.FontDirectory 1 index known not { + 2 dict dup /FontName 3 index put + dup /FontType 1 put +- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly ++ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly + } { + pop + } ifelse +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index 56c0bd2..d9a0829 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef + }ifelse + }forall + noaccess pop +- systemdict /.setsafeerrors .forceundef +- systemdict /.SAFERERRORLIST .forceundef ++ //systemdict /.setsafeerrors .forceundef ++ //systemdict /.SAFERERRORLIST .forceundef + } bind executeonly odef + + SAFERERRORS {.setsafererrors} if +@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef + + /.locksafe { + .locksafe_userparams +- systemdict /getenv {pop //false} .forceput ++ //systemdict /getenv {pop //false} .forceput + % setpagedevice has the side effect of clearing the page, but + % we will just document that. Using setpagedevice keeps the device + % properties and pagedevice .LockSafetyParams in agreement even +-- +2.20.1 + diff --git a/source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch b/source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch new file mode 100644 index 000000000..fadb948d5 --- /dev/null +++ b/source/ap/ghostscript/ghostscript-subclassing-devices-fix-put_image-method.patch @@ -0,0 +1,28 @@ +From fae21f1668d2b44b18b84cf0923a1d5f3008a696 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <ken.sharp@artifex.com> +Date: Tue, 4 Dec 2018 21:31:31 +0000 +Subject: subclassing devices - fix put_image method + +The subclassing devices need to change the 'memory device' parameter to +be the child device, when its the same as the subclassing device. + +Otherwise we end up trying to access the child device's memory pointers +in the subclassing device, which may not contain valid copies of +those pointers. + +diff --git a/base/gdevsclass.c b/base/gdevsclass.c +index d9c85d2e4..51092585a 100644 +--- a/base/gdevsclass.c ++++ b/base/gdevsclass.c +@@ -797,7 +797,10 @@ int default_subclass_put_image(gx_device *dev, gx_device *mdev, const byte **buf + int alpha_plane_index, int tag_plane_index) + { + if (dev->child) +- return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); ++ if (dev == mdev) ++ return dev_proc(dev->child, put_image)(dev->child, dev->child, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); ++ else ++ return dev_proc(dev->child, put_image)(dev->child, mdev, buffers, num_chan, x, y, width, height, row_stride, alpha_plane_index, tag_plane_index); + + return 0; + } diff --git a/source/ap/ghostscript/ghostscript.SlackBuild b/source/ap/ghostscript/ghostscript.SlackBuild index cad33b149..2d15f220d 100755 --- a/source/ap/ghostscript/ghostscript.SlackBuild +++ b/source/ap/ghostscript/ghostscript.SlackBuild @@ -27,7 +27,7 @@ if [ -r gnu-ghostscript-*.tar.?z ]; then SRCPREFIX="gnu-" fi VERSION=${VERSION:-$(echo $SRCPREFIX$PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -76,6 +76,12 @@ cd ${SRCPREFIX}${PKGNAM}-$VERSION || exit 1 # Remove unmaintained garbage: rm -rf freetype jpeg lcms2 libpng libtiff png tiff zlib +# Security and bugfix patches: +zcat $CWD/ghostscript-cve-2019-6116.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/ghostscript-subclassing-devices-fix-put_image-method.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/ghostscript-cve-2019-3835.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/ghostscript-cve-2019-3838.patch.gz | patch -p1 --verbose || exit 1 + # Regenerate ./configure. Needed if patched, or to prevent libtool mismatch. autoreconf --force --install ( cd jbig2dec ; autoreconf --force --install ) diff --git a/source/l/python-pillow/python-pillow.SlackBuild b/source/l/python-pillow/python-pillow.SlackBuild index c45c3fc9f..76e5743b8 100755 --- a/source/l/python-pillow/python-pillow.SlackBuild +++ b/source/l/python-pillow/python-pillow.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=python-pillow VERSION=${VERSION:-$(echo Pillow-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/wget/wget.SlackBuild b/source/n/wget/wget.SlackBuild index bcf4a3f60..ddbbd1c44 100755 --- a/source/n/wget/wget.SlackBuild +++ b/source/n/wget/wget.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=wget VERSION=${VERSION:-$(echo wget-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} |