diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-10-19 19:14:05 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-10-19 22:14:29 +0200 |
commit | 80666c2496ecb09578daeb4a295b1fc90cd68bbb (patch) | |
tree | 0ed144db54ca99993f31e751ce2822cbfb99f401 /source/n | |
parent | b36863e0974e59996232294d71dcb0cc357930b5 (diff) | |
download | current-80666c2496ecb09578daeb4a295b1fc90cd68bbb.tar.gz current-80666c2496ecb09578daeb4a295b1fc90cd68bbb.tar.xz |
Thu Oct 19 19:14:05 UTC 202320231019191405
ap/texinfo-7.1-x86_64-1.txz: Upgraded.
kde/attica-5.111.0-x86_64-1.txz: Upgraded.
kde/baloo-5.111.0-x86_64-1.txz: Upgraded.
kde/bluez-qt-5.111.0-x86_64-1.txz: Upgraded.
kde/breeze-icons-5.111.0-noarch-1.txz: Upgraded.
kde/extra-cmake-modules-5.111.0-x86_64-1.txz: Upgraded.
kde/frameworkintegration-5.111.0-x86_64-1.txz: Upgraded.
kde/kactivities-5.111.0-x86_64-1.txz: Upgraded.
kde/kactivities-stats-5.111.0-x86_64-1.txz: Upgraded.
kde/kapidox-5.111.0-x86_64-1.txz: Upgraded.
kde/karchive-5.111.0-x86_64-1.txz: Upgraded.
kde/kauth-5.111.0-x86_64-1.txz: Upgraded.
kde/kbookmarks-5.111.0-x86_64-1.txz: Upgraded.
kde/kcalendarcore-5.111.0-x86_64-1.txz: Upgraded.
kde/kcmutils-5.111.0-x86_64-1.txz: Upgraded.
kde/kcodecs-5.111.0-x86_64-1.txz: Upgraded.
kde/kcompletion-5.111.0-x86_64-1.txz: Upgraded.
kde/kconfig-5.111.0-x86_64-1.txz: Upgraded.
kde/kconfigwidgets-5.111.0-x86_64-1.txz: Upgraded.
kde/kcontacts-5.111.0-x86_64-1.txz: Upgraded.
kde/kcoreaddons-5.111.0-x86_64-1.txz: Upgraded.
kde/kcrash-5.111.0-x86_64-1.txz: Upgraded.
kde/kdav-5.111.0-x86_64-1.txz: Upgraded.
kde/kdbusaddons-5.111.0-x86_64-1.txz: Upgraded.
kde/kdeclarative-5.111.0-x86_64-1.txz: Upgraded.
kde/kded-5.111.0-x86_64-1.txz: Upgraded.
kde/kdelibs4support-5.111.0-x86_64-1.txz: Upgraded.
kde/kdesignerplugin-5.111.0-x86_64-1.txz: Upgraded.
kde/kdesu-5.111.0-x86_64-1.txz: Upgraded.
kde/kdewebkit-5.111.0-x86_64-1.txz: Upgraded.
kde/kdnssd-5.111.0-x86_64-1.txz: Upgraded.
kde/kdoctools-5.111.0-x86_64-1.txz: Upgraded.
kde/kemoticons-5.111.0-x86_64-1.txz: Upgraded.
kde/kfilemetadata-5.111.0-x86_64-1.txz: Upgraded.
kde/kglobalaccel-5.111.0-x86_64-1.txz: Upgraded.
kde/kguiaddons-5.111.0-x86_64-1.txz: Upgraded.
kde/kholidays-5.111.0-x86_64-1.txz: Upgraded.
kde/khtml-5.111.0-x86_64-1.txz: Upgraded.
kde/ki18n-5.111.0-x86_64-1.txz: Upgraded.
kde/kiconthemes-5.111.0-x86_64-1.txz: Upgraded.
kde/kidletime-5.111.0-x86_64-1.txz: Upgraded.
kde/kimageformats-5.111.0-x86_64-1.txz: Upgraded.
kde/kinit-5.111.0-x86_64-1.txz: Upgraded.
kde/kio-5.111.0-x86_64-1.txz: Upgraded.
kde/kirigami2-5.111.0-x86_64-1.txz: Upgraded.
kde/kitemmodels-5.111.0-x86_64-1.txz: Upgraded.
kde/kitemviews-5.111.0-x86_64-1.txz: Upgraded.
kde/kjobwidgets-5.111.0-x86_64-1.txz: Upgraded.
kde/kjs-5.111.0-x86_64-1.txz: Upgraded.
kde/kjsembed-5.111.0-x86_64-1.txz: Upgraded.
kde/kmediaplayer-5.111.0-x86_64-1.txz: Upgraded.
kde/knewstuff-5.111.0-x86_64-1.txz: Upgraded.
kde/knotifications-5.111.0-x86_64-1.txz: Upgraded.
kde/knotifyconfig-5.111.0-x86_64-1.txz: Upgraded.
kde/kpackage-5.111.0-x86_64-1.txz: Upgraded.
kde/kparts-5.111.0-x86_64-1.txz: Upgraded.
kde/kpeople-5.111.0-x86_64-1.txz: Upgraded.
kde/kplotting-5.111.0-x86_64-1.txz: Upgraded.
kde/kpty-5.111.0-x86_64-1.txz: Upgraded.
kde/kquickcharts-5.111.0-x86_64-1.txz: Upgraded.
kde/kross-5.111.0-x86_64-1.txz: Upgraded.
kde/krunner-5.111.0-x86_64-1.txz: Upgraded.
kde/kservice-5.111.0-x86_64-1.txz: Upgraded.
kde/ktexteditor-5.111.0-x86_64-1.txz: Upgraded.
kde/ktextwidgets-5.111.0-x86_64-1.txz: Upgraded.
kde/kunitconversion-5.111.0-x86_64-1.txz: Upgraded.
kde/kwallet-5.111.0-x86_64-1.txz: Upgraded.
kde/kwayland-5.111.0-x86_64-1.txz: Upgraded.
kde/kwidgetsaddons-5.111.0-x86_64-1.txz: Upgraded.
kde/kwindowsystem-5.111.0-x86_64-1.txz: Upgraded.
kde/kxmlgui-5.111.0-x86_64-1.txz: Upgraded.
kde/kxmlrpcclient-5.111.0-x86_64-1.txz: Upgraded.
kde/modemmanager-qt-5.111.0-x86_64-1.txz: Upgraded.
kde/networkmanager-qt-5.111.0-x86_64-1.txz: Upgraded.
kde/oxygen-icons5-5.111.0-noarch-1.txz: Upgraded.
kde/plasma-framework-5.111.0-x86_64-1.txz: Upgraded.
kde/prison-5.111.0-x86_64-1.txz: Upgraded.
kde/purpose-5.111.0-x86_64-1.txz: Upgraded.
kde/qqc2-desktop-style-5.111.0-x86_64-1.txz: Upgraded.
kde/solid-5.111.0-x86_64-1.txz: Upgraded.
kde/sonnet-5.111.0-x86_64-1.txz: Upgraded.
kde/syndication-5.111.0-x86_64-1.txz: Upgraded.
kde/syntax-highlighting-5.111.0-x86_64-1.txz: Upgraded.
kde/threadweaver-5.111.0-x86_64-1.txz: Upgraded.
l/harfbuzz-8.2.2-x86_64-1.txz: Upgraded.
l/nodejs-21.0.0-x86_64-1.txz: Upgraded.
l/pipewire-0.3.83-x86_64-1.txz: Upgraded.
n/dhcpcd-10.0.4-x86_64-1.txz: Upgraded.
n/httpd-2.4.58-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed
right away on RST.
low: mod_macro buffer over-read.
low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.58
https://www.cve.org/CVERecord?id=CVE-2023-45802
https://www.cve.org/CVERecord?id=CVE-2023-31122
https://www.cve.org/CVERecord?id=CVE-2023-43622
(* Security fix *)
n/nftables-1.0.9-x86_64-1.txz: Upgraded.
x/egl-wayland-1.1.13-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.3.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.3.3/releasenotes/
xfce/xfce4-dev-tools-4.18.1-x86_64-1.txz: Upgraded.
Diffstat (limited to '')
-rwxr-xr-x | source/n/httpd/httpd.SlackBuild | 2 | ||||
-rw-r--r-- | source/n/httpd/httpd.url | 4 | ||||
-rw-r--r-- | source/n/nftables/5f1676ac9f1aeb36d7695c3c354dade013a1e4f3.patch | 248 | ||||
-rwxr-xr-x | source/n/nftables/nftables.SlackBuild | 5 |
4 files changed, 4 insertions, 255 deletions
diff --git a/source/n/httpd/httpd.SlackBuild b/source/n/httpd/httpd.SlackBuild index 36a3a91e3..438525eef 100755 --- a/source/n/httpd/httpd.SlackBuild +++ b/source/n/httpd/httpd.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=httpd VERSION=${VERSION:-$(echo $PKGNAM-*.tar.bz2 | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/httpd/httpd.url b/source/n/httpd/httpd.url index a6083e679..fdbabad99 100644 --- a/source/n/httpd/httpd.url +++ b/source/n/httpd/httpd.url @@ -1,2 +1,2 @@ -http://www.apache.org/dist/httpd/httpd-2.4.57.tar.bz2 -http://www.apache.org/dist/httpd/httpd-2.4.57.tar.bz2.asc +http://www.apache.org/dist/httpd/httpd-2.4.58.tar.bz2 +http://www.apache.org/dist/httpd/httpd-2.4.58.tar.bz2.asc diff --git a/source/n/nftables/5f1676ac9f1aeb36d7695c3c354dade013a1e4f3.patch b/source/n/nftables/5f1676ac9f1aeb36d7695c3c354dade013a1e4f3.patch deleted file mode 100644 index 26eb9b2fc..000000000 --- a/source/n/nftables/5f1676ac9f1aeb36d7695c3c354dade013a1e4f3.patch +++ /dev/null @@ -1,248 +0,0 @@ -From 5f1676ac9f1aeb36d7695c3c354dade013a1e4f3 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Tue, 18 Jul 2023 23:10:01 +0200 -Subject: meta: stash context statement length when generating payload/meta - dependency - -... meta mark set ip dscp - -generates an implicit dependency from the inet family to match on meta -nfproto ip. - -The length of this implicit expression is incorrectly adjusted to the -statement length, ie. relational to compare meta nfproto takes 4 bytes -instead of 1 byte. The evaluation of 'ip dscp' under the meta mark -statement triggers this implicit dependency which should not consider -the context statement length since it is added before the statement -itself. - -This problem shows when listing the ruleset, since netlink_parse_cmp() -where left->len < right->len, hence handling the implicit dependency as -a concatenation, but it is actually a bug in the evaluation step that -leads to incorrect bytecode. - -Fixes: 3c64ea7995cb ("evaluate: honor statement length in integer evaluation") -Fixes: edecd58755a8 ("evaluate: support shifts larger than the width of the left operand") -Tested-by: Brian Davidson <davidson.brian@gmail.com> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - src/payload.c | 13 +++++++ - tests/py/inet/meta.t | 5 +++ - tests/py/inet/meta.t.json | 86 ++++++++++++++++++++++++++++++++++++++++++++ - tests/py/inet/meta.t.payload | 40 +++++++++++++++++++++ - 4 files changed, 144 insertions(+) - -diff --git a/src/payload.c b/src/payload.c -index f67b5407..7862745b 100644 ---- a/src/payload.c -+++ b/src/payload.c -@@ -409,6 +409,7 @@ static int payload_add_dependency(struct eval_ctx *ctx, - const struct proto_hdr_template *tmpl; - struct expr *dep, *left, *right; - struct proto_ctx *pctx; -+ unsigned int stmt_len; - struct stmt *stmt; - int protocol; - -@@ -429,11 +430,16 @@ static int payload_add_dependency(struct eval_ctx *ctx, - constant_data_ptr(protocol, tmpl->len)); - - dep = relational_expr_alloc(&expr->location, OP_EQ, left, right); -+ -+ stmt_len = ctx->stmt_len; -+ ctx->stmt_len = 0; -+ - stmt = expr_stmt_alloc(&dep->location, dep); - if (stmt_evaluate(ctx, stmt) < 0) { - return expr_error(ctx->msgs, expr, - "dependency statement is invalid"); - } -+ ctx->stmt_len = stmt_len; - - if (ctx->inner_desc) { - if (tmpl->meta_key) -@@ -543,6 +549,7 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr, - const struct hook_proto_desc *h; - const struct proto_desc *desc; - struct proto_ctx *pctx; -+ unsigned int stmt_len; - struct stmt *stmt; - uint16_t type; - -@@ -559,12 +566,18 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr, - "protocol specification is invalid " - "for this family"); - -+ stmt_len = ctx->stmt_len; -+ ctx->stmt_len = 0; -+ - stmt = meta_stmt_meta_iiftype(&expr->location, type); - if (stmt_evaluate(ctx, stmt) < 0) { - return expr_error(ctx->msgs, expr, - "dependency statement is invalid"); - } - *res = stmt; -+ -+ ctx->stmt_len = stmt_len; -+ - return 0; - } - -diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t -index 374738a7..5c062b39 100644 ---- a/tests/py/inet/meta.t -+++ b/tests/py/inet/meta.t -@@ -25,3 +25,8 @@ meta mark set ct mark >> 8;ok - meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 };ok - ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 1.2.3.6-1.2.3.8 . 0x00000200-0x00000300 };ok - ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 5.6.7.8 . 0x00000200 };ok -+ -+meta mark set ip dscp;ok -+meta mark set ip dscp | 0x40;ok -+meta mark set ip6 dscp;ok -+meta mark set ip6 dscp | 0x40;ok -diff --git a/tests/py/inet/meta.t.json b/tests/py/inet/meta.t.json -index 92a1f9bf..3ba0fd1d 100644 ---- a/tests/py/inet/meta.t.json -+++ b/tests/py/inet/meta.t.json -@@ -440,3 +440,89 @@ - } - ] - -+# meta mark set ip dscp -+[ -+ { -+ "mangle": { -+ "key": { -+ "meta": { -+ "key": "mark" -+ } -+ }, -+ "value": { -+ "payload": { -+ "field": "dscp", -+ "protocol": "ip" -+ } -+ } -+ } -+ } -+] -+ -+# meta mark set ip dscp | 0x40 -+[ -+ { -+ "mangle": { -+ "key": { -+ "meta": { -+ "key": "mark" -+ } -+ }, -+ "value": { -+ "|": [ -+ { -+ "payload": { -+ "field": "dscp", -+ "protocol": "ip" -+ } -+ }, -+ 64 -+ ] -+ } -+ } -+ } -+] -+ -+# meta mark set ip6 dscp -+[ -+ { -+ "mangle": { -+ "key": { -+ "meta": { -+ "key": "mark" -+ } -+ }, -+ "value": { -+ "payload": { -+ "field": "dscp", -+ "protocol": "ip6" -+ } -+ } -+ } -+ } -+] -+ -+# meta mark set ip6 dscp | 0x40 -+[ -+ { -+ "mangle": { -+ "key": { -+ "meta": { -+ "key": "mark" -+ } -+ }, -+ "value": { -+ "|": [ -+ { -+ "payload": { -+ "field": "dscp", -+ "protocol": "ip6" -+ } -+ }, -+ 64 -+ ] -+ } -+ } -+ } -+] -+ -diff --git a/tests/py/inet/meta.t.payload b/tests/py/inet/meta.t.payload -index ea540907..c53b5077 100644 ---- a/tests/py/inet/meta.t.payload -+++ b/tests/py/inet/meta.t.payload -@@ -133,3 +133,43 @@ inet test-inet input - [ meta load mark => reg 9 ] - [ lookup reg 1 set __set%d ] - -+# meta mark set ip dscp -+inet test-inet input -+ [ meta load nfproto => reg 1 ] -+ [ cmp eq reg 1 0x00000002 ] -+ [ payload load 1b @ network header + 1 => reg 1 ] -+ [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] -+ [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] -+ [ meta set mark with reg 1 ] -+ -+# meta mark set ip dscp | 0x40 -+inet test-inet input -+ [ meta load nfproto => reg 1 ] -+ [ cmp eq reg 1 0x00000002 ] -+ [ payload load 1b @ network header + 1 => reg 1 ] -+ [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ] -+ [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ] -+ [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ] -+ [ meta set mark with reg 1 ] -+ -+# meta mark set ip6 dscp -+inet test-inet input -+ [ meta load nfproto => reg 1 ] -+ [ cmp eq reg 1 0x0000000a ] -+ [ payload load 2b @ network header + 0 => reg 1 ] -+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] -+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] -+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] -+ [ meta set mark with reg 1 ] -+ -+# meta mark set ip6 dscp | 0x40 -+inet test-inet input -+ [ meta load nfproto => reg 1 ] -+ [ cmp eq reg 1 0x0000000a ] -+ [ payload load 2b @ network header + 0 => reg 1 ] -+ [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] -+ [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] -+ [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] -+ [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ] -+ [ meta set mark with reg 1 ] -+ --- -cgit v1.2.3 - diff --git a/source/n/nftables/nftables.SlackBuild b/source/n/nftables/nftables.SlackBuild index a48cd1c32..c5d15fe72 100755 --- a/source/n/nftables/nftables.SlackBuild +++ b/source/n/nftables/nftables.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=nftables VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} @@ -78,9 +78,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Upstream patch: -cat $CWD/5f1676ac9f1aeb36d7695c3c354dade013a1e4f3.patch | patch -p1 --verbose || exit 1 - CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ LIBS="-lncursesw" \ |