diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-06-02 20:56:35 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-06-02 23:45:41 +0200 |
commit | 8b137cd8352b84bf56b01414f58a6d55a99d22a6 (patch) | |
tree | f73aeff466f3d465f4e24864a08658966c0f8d80 /source/ap | |
parent | a9c0ca9f8fa5a0a244f0f0f7b0c2623df807b494 (diff) | |
download | current-8b137cd8352b84bf56b01414f58a6d55a99d22a6.tar.gz current-8b137cd8352b84bf56b01414f58a6d55a99d22a6.tar.xz |
Fri Jun 2 20:56:35 UTC 202320230602205635
a/hwdata-0.371-noarch-1.txz: Upgraded.
ap/cups-2.4.3-x86_64-1.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
d/git-2.41.0-x86_64-1.txz: Upgraded.
d/llvm-16.0.5-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-29.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kimageformats-5.106.0-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kio-extras-23.04.1-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/krita-5.1.5-x86_64-9.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/Imath-3.1.9-x86_64-1.txz: Upgraded.
Evidently the shared library .so-version bump in Imath-3.1.8 should not have
happened, so this update reverts it to the previous value.
l/gst-plugins-bad-free-1.22.3-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/imagemagick-7.1.1_11-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/mozjs102-102.12.0esr-x86_64-1.txz: Upgraded.
l/openexr-3.1.7-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/serf-1.3.10-x86_64-1.txz: Upgraded.
l/vte-0.72.2-x86_64-1.txz: Upgraded.
n/nettle-3.9.1-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p16-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551
https://www.cve.org/CVERecord?id=CVE-2023-26552
https://www.cve.org/CVERecord?id=CVE-2023-26553
https://www.cve.org/CVERecord?id=CVE-2023-26554
https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
n/samba-4.18.3-x86_64-1.txz: Upgraded.
tcl/tclx-8.6.2-x86_64-1.txz: Upgraded.
x/ibus-libpinyin-1.15.3-x86_64-1.txz: Upgraded.
x/libX11-1.8.5-x86_64-1.txz: Upgraded.
xap/gimp-2.10.34-x86_64-4.txz: Rebuilt.
Recompiled against Imath-3.1.9.
xfce/xfce4-pulseaudio-plugin-0.4.7-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/ap')
-rw-r--r-- | source/ap/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch | 36 | ||||
-rw-r--r-- | source/ap/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch | 36 | ||||
-rwxr-xr-x | source/ap/cups/cups.SlackBuild | 8 |
3 files changed, 1 insertions, 79 deletions
diff --git a/source/ap/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch b/source/ap/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch deleted file mode 100644 index f38baf8a7..000000000 --- a/source/ap/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c0c403744b1bf4a9790a8fcaabcd60970cbefe06 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet <michael.r.sweet@gmail.com> -Date: Tue, 7 Jun 2022 13:45:29 -0400 -Subject: [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after - freeing it (Issue #409) - ---- - CHANGES.md | 1 + - cups/tls-openssl.c | 2 ++ - 2 files changed, 3 insertions(+) - -#diff --git a/CHANGES.md b/CHANGES.md -#index 8b78b003fa..befbf3ab44 100644 -#--- a/CHANGES.md -#+++ b/CHANGES.md -#@@ -6,6 +6,7 @@ Changes in CUPS v2.4.3 (TBA) -# -# - Added a title with device uri for found network printers (Issues #402, #393) -# - Fixed configuration on RISC-V machines (Issue #404) -#+- Fixed an OpenSSL crash bug (Issue #409) -# -# -# Changes in CUPS v2.4.2 (26th May 2022) -diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c -index c3e57742e8..6db9f8a9c2 100644 ---- a/cups/tls-openssl.c -+++ b/cups/tls-openssl.c -@@ -1152,6 +1152,8 @@ _httpTLSStop(http_t *http) // I - Connection to server - SSL_shutdown(http->tls); - SSL_CTX_free(context); - SSL_free(http->tls); -+ -+ http->tls = NULL; - } - - diff --git a/source/ap/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch b/source/ap/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch deleted file mode 100644 index 572ca0717..000000000 --- a/source/ap/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch +++ /dev/null @@ -1,36 +0,0 @@ -From cd84d7fde692237af4996d4a0e985a3eb4a293f0 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet <michael.r.sweet@gmail.com> -Date: Mon, 5 Sep 2022 09:20:03 -0400 -Subject: [PATCH] The OpenSSL code path wasn't loading the full certificate - chain (Issue #465) - ---- - CHANGES.md | 1 + - cups/tls-openssl.c | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -#diff --git a/CHANGES.md b/CHANGES.md -#index f96677675a..81aef4e680 100644 -#--- a/CHANGES.md -#+++ b/CHANGES.md -#@@ -12,6 +12,7 @@ Changes in CUPS v2.4.3 (TBA) -# hostname (Issue #419) -# - Fixed an OpenSSL crash bug (Issue #409) -# - Fixed a potential SNMP OID value overflow issue (Issue #431) -#+- Fixed an OpenSSL certificate loading issue (Issue #465) -# - Look for default printer on network if needed (Issue ##452) -# - Now localize HTTP responses using the Content-Language value (Issue #426) -# - Raised file size limit for importing PPD via Web UI (Issue #433) -diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c -index ceb3abaedc..acc10fc420 100644 ---- a/cups/tls-openssl.c -+++ b/cups/tls-openssl.c -@@ -1055,7 +1055,7 @@ _httpTLSStart(http_t *http) // I - Connection to server - } - - SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM); -- SSL_CTX_use_certificate_file(context, crtfile, SSL_FILETYPE_PEM); -+ SSL_CTX_use_certificate_chain_file(context, crtfile); - } - - // Set TLS options... diff --git a/source/ap/cups/cups.SlackBuild b/source/ap/cups/cups.SlackBuild index ffc2e99f9..560fafbbf 100755 --- a/source/ap/cups/cups.SlackBuild +++ b/source/ap/cups/cups.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=cups VERSION=${VERSION:-$(echo $PKGNAM-2*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-4} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -81,12 +81,6 @@ cd cups-$VERSION || exit 1 sed -i.orig -e 's#$exec_prefix/lib/cups#$libdir/cups#g' configure -# Fix OpenSSL crash: -zcat $CWD/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch.gz | patch -p1 --verbose || exit 1 - -# Fix OpenSSL certificate loading issue: -zcat $CWD/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch.gz | patch -p1 --verbose || exit 1 - # Choose correct options depending on whether PAM is installed: if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then PAM_OPTIONS="--enable-pam" |