diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-03-08 20:26:54 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-03-08 22:40:50 +0100 |
commit | a24031248459c107553c13f30fd4bd94a44758e1 (patch) | |
tree | 50bd7142faec4cea4f3389d1bc2ef1003801345e /source/n | |
parent | 95095a0e2499322212eec0e9ac228095540ede4b (diff) | |
download | current-a24031248459c107553c13f30fd4bd94a44758e1.tar.gz current-a24031248459c107553c13f30fd4bd94a44758e1.tar.xz |
Wed Mar 8 20:26:54 UTC 202320230308202654
Hey folks, just some more updates on the road to an eventual beta. :-)
At this point nothing remains linked with openssl-1.1.1 except for python2 and
modules, and vsftpd. I think nobody cares about trying to force python2 to use
openssl3... it's EOL but still a zombie, unfortunately. I have seen some
patches for vsftpd and intend to take a look at them. We've bumped PHP to 8.2
and just gone ahead and killed 8.0 and 8.1. Like 7.4, 8.0 is not compatible
with openssl3 and it doesn't seem worthwhile to try to patch it. And with 8.2
already out for several revisions, 8.1 does not seem particularly valuable.
If you make use of PHP you should be used to it being a moving target by now.
Enjoy, and let me know if anything isn't working right. Cheers!
a/aaa_libraries-15.1-x86_64-19.txz: Rebuilt.
Recompiled against openssl-3.0.8: libcups.so.2, libcurl.so.4.8.0,
libldap.so.2.0.200, libssh2.so.1.0.1.
a/cryptsetup-2.6.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/kmod-30-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/openssl-solibs-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
a/openssl11-solibs-1.1.1t-x86_64-1.txz: Added.
ap/cups-2.4.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/hplip-3.20.5-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/lxc-4.0.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/mariadb-10.6.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/qpdf-11.3.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/sudo-1.9.13p3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cargo-vendor-filterer-0.5.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cvs-1.11.23-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/git-2.39.2-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/perl-5.36.0-x86_64-5.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/python3-3.9.16-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/ruby-3.2.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/rust-1.66.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/scons-4.5.1-x86_64-1.txz: Upgraded.
kde/falkon-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
kde/kitinerary-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/M2Crypto-0.38.0-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/SDL2-2.26.4-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libarchive-3.6.2-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libevent-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libimobiledevice-20211124_2c6121d-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libssh2-1.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libvncserver-0.9.14-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/mlt-7.14.0-x86_64-1.txz: Upgraded.
l/neon-0.32.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/nodejs-19.7.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/opusfile-0.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pipewire-0.3.66-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pulseaudio-16.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pycurl-7.44.1-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qca-2.3.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qt5-5.15.8_20230304_d8b881f0-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
l/serf-1.3.9-x86_64-8.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/alpine-2.26-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/bind-9.18.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/curl-7.88.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/cyrus-sasl-2.1.28-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/dovecot-2.3.20-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/epic5-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/fetchmail-6.4.37-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/htdig-3.2.0b6-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/httpd-2.4.56-x86_64-1.txz: Upgraded.
This update fixes two security issues:
HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.56
https://www.cve.org/CVERecord?id=CVE-2023-27522
https://www.cve.org/CVERecord?id=CVE-2023-25690
(* Security fix *)
NOTE: This package is compiled against openssl-3.0.8.
n/irssi-1.4.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/krb5-1.20.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lftp-4.9.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/links-2.28-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lynx-2.9.0dev.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/mutt-2.2.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/net-snmp-5.9.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/netatalk-3.1.14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/nmap-7.93-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ntp-4.2.8p15-x86_64-12.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openldap-2.6.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssh-9.2p1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssl-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/openssl11-1.1.1t-x86_64-1.txz: Added.
n/openvpn-2.6.0-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/php-8.2.3-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
n/pidentd-3.0.19-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/popa3d-1.0.3-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/postfix-3.7.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ppp-2.4.9-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/proftpd-1.3.8-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/rsync-3.2.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/s-nail-14.9.24-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/samba-4.18.0-x86_64-1.txz: Upgraded.
Build with the bundled Heimdal instead of the system MIT Kerberos.
Thanks again to rpenny.
n/slrn-1.0.3a-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/snownews-1.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/socat-1.7.4.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/stunnel-5.69-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/tcpdump-4.99.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wget-1.21.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wpa_supplicant-2.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/freerdp-2.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gftp-2.9.1b-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gkrellm-2.3.11-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/hexchat-2.16.1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/sane-1.0.32-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/x3270-4.0ga14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/xine-lib-1.2.13-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
y/bsd-games-2.17-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/php80/php80-8.0.28-x86_64-1.txz: Removed.
extra/php81/php81-8.1.16-x86_64-1.txz: Removed.
extra/rust-for-mozilla/rust-1.60.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-8.17.1-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-cf-8.17.1-noarch-7.txz: Rebuilt.
testing/packages/rust-1.67.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
testing/packages/samba-4.17.5-x86_64-2.txz: Removed.
Diffstat (limited to 'source/n')
52 files changed, 343 insertions, 832 deletions
diff --git a/source/n/alpine/alpine.SlackBuild b/source/n/alpine/alpine.SlackBuild index 62a26b758..152f25c7f 100755 --- a/source/n/alpine/alpine.SlackBuild +++ b/source/n/alpine/alpine.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=alpine VERSION=${VERSION:-2.26} -ALPINEBUILD=${ALPINEBUILD:-2} +ALPINEBUILD=${ALPINEBUILD:-3} IMAPDBUILD=${IMAPDBUILD:-1} PINEPGP=${PINEPGP:-0.18.0} diff --git a/source/n/bind/bind.SlackBuild b/source/n/bind/bind.SlackBuild index 856c86504..d7bd598e5 100755 --- a/source/n/bind/bind.SlackBuild +++ b/source/n/bind/bind.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=bind VERSION=${VERSION:-$(echo ${PKGNAM}-[0-9]*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/curl/curl.SlackBuild b/source/n/curl/curl.SlackBuild index 94649e0dc..5520efac3 100755 --- a/source/n/curl/curl.SlackBuild +++ b/source/n/curl/curl.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=curl VERSION=${VERSION:-$(echo curl-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild index acc7bc86d..89bbf6b5e 100755 --- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild +++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=cyrus-sasl VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | cut -f 3- -d - | rev | cut -f 3- -d . | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/dovecot/dovecot.SlackBuild b/source/n/dovecot/dovecot.SlackBuild index 1c5dfaff9..7993a195e 100755 --- a/source/n/dovecot/dovecot.SlackBuild +++ b/source/n/dovecot/dovecot.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=dovecot VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} if [ -z "$ARCH" ]; then case "$( uname -m )" in diff --git a/source/n/epic5/epic5.SlackBuild b/source/n/epic5/epic5.SlackBuild index b0dd19514..64256c6fa 100755 --- a/source/n/epic5/epic5.SlackBuild +++ b/source/n/epic5/epic5.SlackBuild @@ -26,7 +26,7 @@ PKGNAM=epic5 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} EPICVER=5 HELPFILE=current -BUILD=${BUILD:-3} +BUILD=${BUILD:-4} ## Default to no Ruby support, since it seems that ruby-2.7.0 is not compatible. ## Patches to fix this are welcome, otherwise we'll keep an eye on upstream. diff --git a/source/n/fetchmail/fetchmail.SlackBuild b/source/n/fetchmail/fetchmail.SlackBuild index 2e74e15db..13530b769 100755 --- a/source/n/fetchmail/fetchmail.SlackBuild +++ b/source/n/fetchmail/fetchmail.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=fetchmail VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/htdig/htdig.SlackBuild b/source/n/htdig/htdig.SlackBuild index 1ba354190..1ca8264ff 100755 --- a/source/n/htdig/htdig.SlackBuild +++ b/source/n/htdig/htdig.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=htdig VERSION=${VERSION:-3.2.0b6} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -BUILD=${BUILD:-8} +BUILD=${BUILD:-9} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/httpd/httpd.url b/source/n/httpd/httpd.url index 2d790b703..07150b119 100644 --- a/source/n/httpd/httpd.url +++ b/source/n/httpd/httpd.url @@ -1,2 +1,2 @@ -http://www.apache.org/dist/httpd/httpd-2.4.55.tar.bz2 -http://www.apache.org/dist/httpd/httpd-2.4.55.tar.bz2.asc +http://www.apache.org/dist/httpd/httpd-2.4.56.tar.bz2 +http://www.apache.org/dist/httpd/httpd-2.4.56.tar.bz2.asc diff --git a/source/n/irssi/irssi.SlackBuild b/source/n/irssi/irssi.SlackBuild index 4437ed256..518529f2f 100755 --- a/source/n/irssi/irssi.SlackBuild +++ b/source/n/irssi/irssi.SlackBuild @@ -28,7 +28,7 @@ PKG=$TMP/package-irssi VERSION=${VERSION:-$(echo irssi-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} DIRCD=${VERSION} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/krb5/krb5.SlackBuild b/source/n/krb5/krb5.SlackBuild index fbc5123a4..55fd9690d 100755 --- a/source/n/krb5/krb5.SlackBuild +++ b/source/n/krb5/krb5.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=krb5 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} if [ -z "$ARCH" ]; then case "$( uname -m )" in diff --git a/source/n/lftp/lftp.SlackBuild b/source/n/lftp/lftp.SlackBuild index cafbaeb9c..152f7eb51 100755 --- a/source/n/lftp/lftp.SlackBuild +++ b/source/n/lftp/lftp.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=lftp VERSION=${VERSION:-$(echo lftp-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-4} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/n/links/links.SlackBuild b/source/n/links/links.SlackBuild index 2d51626a9..ce9ac21a6 100755 --- a/source/n/links/links.SlackBuild +++ b/source/n/links/links.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=links VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/lynx/lynx.SlackBuild b/source/n/lynx/lynx.SlackBuild index a3622e04d..967716c0a 100755 --- a/source/n/lynx/lynx.SlackBuild +++ b/source/n/lynx/lynx.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=lynx PKGVER=2.9.0dev.10 DIRVER=2.9.0dev.10 -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/n/mutt/mutt.SlackBuild b/source/n/mutt/mutt.SlackBuild index 3bdff629f..e214ec1c4 100755 --- a/source/n/mutt/mutt.SlackBuild +++ b/source/n/mutt/mutt.SlackBuild @@ -23,7 +23,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=mutt VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/net-snmp/net-snmp.SlackBuild b/source/n/net-snmp/net-snmp.SlackBuild index 42788ce7b..5ba2de270 100755 --- a/source/n/net-snmp/net-snmp.SlackBuild +++ b/source/n/net-snmp/net-snmp.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=net-snmp VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/netatalk/netatalk.SlackBuild b/source/n/netatalk/netatalk.SlackBuild index acb26fe93..5774dd82a 100755 --- a/source/n/netatalk/netatalk.SlackBuild +++ b/source/n/netatalk/netatalk.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=netatalk VERSION=${VERSION:-$(echo netatalk-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/nmap/nmap.SlackBuild b/source/n/nmap/nmap.SlackBuild index ec33ad75b..185434432 100755 --- a/source/n/nmap/nmap.SlackBuild +++ b/source/n/nmap/nmap.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=nmap VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/ntp/ntp.SlackBuild b/source/n/ntp/ntp.SlackBuild index 88deaf8fc..ca9f922f5 100755 --- a/source/n/ntp/ntp.SlackBuild +++ b/source/n/ntp/ntp.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=ntp VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-11} +BUILD=${BUILD:-12} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/openldap/openldap.SlackBuild b/source/n/openldap/openldap.SlackBuild index d49e6f9df..e16cd1fab 100755 --- a/source/n/openldap/openldap.SlackBuild +++ b/source/n/openldap/openldap.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=openldap VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/openssh/openssh.SlackBuild b/source/n/openssh/openssh.SlackBuild index 24a3ac502..6fc3e5e07 100755 --- a/source/n/openssh/openssh.SlackBuild +++ b/source/n/openssh/openssh.SlackBuild @@ -30,7 +30,7 @@ PKG=$TMP/package-openssh PKGNAM=openssh VERSION=${VERSION:-$(echo openssh-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/n/openssl/openssl.SlackBuild b/source/n/openssl/openssl.SlackBuild index e497f250a..690807a4d 100755 --- a/source/n/openssl/openssl.SlackBuild +++ b/source/n/openssl/openssl.SlackBuild @@ -2,7 +2,7 @@ # Copyright 2000 BSDi, Inc. Concord, CA, USA # Copyright 2001, 2002 Slackware Linux, Inc. Concord, CA, USA -# Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2023 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -85,6 +85,7 @@ elif [ "$ARCH" = "x86_64" ]; then LIBDIRSUFFIX="64" fi +# NOT USED for openssl3... # OpenSSL has a (nasty?) habit of bumping the internal version number with # every release. This wouldn't be so bad, but some applications are so # paranoid that they won't run against a different OpenSSL version than @@ -92,12 +93,12 @@ fi # # So, we will use the OPENSSL_VERSION_NUMBER from openssl-1.1.1 unless ABI # breakage forces it to change. Yes, we're finally using this old trick. :) -sed -i "s/#define OPENSSL_VERSION_NUMBER.*/\/* Use 0x1010100fL (1.1.1) below to avoid pointlessly breaking the ABI *\/\n#define OPENSSL_VERSION_NUMBER 0x1010100fL/g" include/openssl/opensslv.h || exit 1 +#sed -i "s/#define OPENSSL_VERSION_NUMBER.*/\/* Use 0x1010100fL (1.1.1) below to avoid pointlessly breaking the ABI *\/\n#define OPENSSL_VERSION_NUMBER 0x1010100fL/g" include/openssl/opensslv.h || exit 1 chown -R root:root . mkdir -p $PKG1/usr/doc/openssl-$VERSION -cp -a ACKNOWLEDGEMENTS AUTHORS CHANGES* CONTRIBUTING FAQ INSTALL* \ - LICENSE* NEWS NOTES* README* doc \ +cp -a ACKNOWLEDGEMENTS* AUTHORS* CHANGES* CONTRIBUTING* FAQ* INSTALL* \ + LICENSE* NEWS* NOTES* README* doc \ $PKG1/usr/doc/openssl-$VERSION find $PKG1/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \+ find $PKG1/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \+ @@ -152,20 +153,17 @@ rm -rf $PKG1/usr/share/doc # Also no thanks on .pod versions of the already shipped manpages: rm -rf $PKG1/usr/doc/openssl-*/doc/man* - -# Make the .so.? library symlinks: -( cd $PKG1/usr/lib${LIBDIRSUFFIX} ; ldconfig -l lib*.so.* ) +rm -rf $PKG1/usr/doc/openssl-*/doc/internal # Move libraries, as they might be needed by programs that bring a network # mounted /usr online: mkdir $PKG1/lib${LIBDIRSUFFIX} ( cd $PKG1/usr/lib${LIBDIRSUFFIX} - for file in lib*.so.?.* ; do + for file in lib*.so.? ; do mv $file ../../lib${LIBDIRSUFFIX} ln -sf ../../lib${LIBDIRSUFFIX}/$file . done - cp -a lib*.so.? ../../lib${LIBDIRSUFFIX} ) # Add a cron script to warn root if a certificate is going to expire soon: @@ -209,27 +207,12 @@ if [ -d $PKG1/usr/man ]; then ln -s $( readlink $eachpage ).gz $eachpage.gz rm $eachpage done - gzip -9 *.? + gzip -9 *.ossl? ) done ) fi -# If there's an openssl1 directory, then build openssl-1.0 shared libraries for -# compatibility with programs linked to those: -if [ -d $CWD/openssl1 ]; then - ( cd $CWD/openssl1 - ./openssl1.build || exit 1 - ) || exit 1 - # Don't put these in the openssl package... openssl-solibs is enough. - #mkdir -p $PKG1/lib${LIBDIRSUFFIX} - #cp -a $TMP/package-openssl1/usr/lib/lib*.so.?.?.? $PKG1/lib${LIBDIRSUFFIX} - #( cd $PKG1/lib${LIBDIRSUFFIX} ; ldconfig -l lib*.so.?.?.? ) - mkdir -p $PKG2/lib${LIBDIRSUFFIX} - cp -a $TMP/package-openssl1/usr/lib${LIBDIRSUFFIX}/lib*.so.?.?.? $PKG2/lib${LIBDIRSUFFIX} - ( cd $PKG2/lib${LIBDIRSUFFIX} ; ldconfig -l lib*.so.?.?.? ) -fi - cd $PKG1 chmod 755 usr/lib${LIBDIRSUFFIX}/pkgconfig sed -i -e "s#lib\$#lib${LIBDIRSUFFIX}#" usr/lib${LIBDIRSUFFIX}/pkgconfig/*.pc @@ -241,13 +224,20 @@ cat $CWD/slack-desc.openssl > install/slack-desc # Make runtime package: mkdir -p $PKG2/lib${LIBDIRSUFFIX} ( cd lib${LIBDIRSUFFIX} ; cp -a lib*.so.* $PKG2/lib${LIBDIRSUFFIX} ) -( cd $PKG2/lib${LIBDIRSUFFIX} ; ldconfig -l * ) +mkdir -p $PKG2/usr/lib${LIBDIRSUFFIX} +cp -a $PKG1//usr/lib${LIBDIRSUFFIX}/{engines-3,ossl-modules} $PKG2/usr/lib${LIBDIRSUFFIX} +( cd $PKG2/lib${LIBDIRSUFFIX} + for file in lib*.so.? ; do + ( cd $PKG2/usr/lib${LIBDIRSUFFIX} ; ln -sf ../../lib${LIBDIRSUFFIX}/$file . ) + done +) mkdir -p $PKG2/etc ( cd $PKG2/etc ; cp -a $PKG1/etc/ssl . ) mkdir -p $PKG2/usr/doc/openssl-$VERSION ( cd $TMP/openssl-$VERSION - cp -a ACKNOWLEDGEMENTS AUTHORS CHANGES* CONTRIBUTING FAQ INSTALL* \ - LICENSE* NEWS NOTES* README* $PKG2/usr/doc/openssl-$VERSION + cp -a ACKNOWLEDGEMENTS* AUTHORS* CHANGES* CONTRIBUTING* FAQ* INSTALL* \ + LICENSE* NEWS* NOTES* README* \ + $PKG2/usr/doc/openssl-$VERSION # If there's a CHANGES file, installing at least part of the recent history # is useful, but don't let it get totally out of control: if [ -r CHANGES ]; then diff --git a/source/n/openssl11/openssl11.SlackBuild b/source/n/openssl11/openssl11.SlackBuild new file mode 100755 index 000000000..63b94f063 --- /dev/null +++ b/source/n/openssl11/openssl11.SlackBuild @@ -0,0 +1,233 @@ +#!/bin/bash + +# Copyright 2000 BSDi, Inc. Concord, CA, USA +# Copyright 2001, 2002 Slackware Linux, Inc. Concord, CA, USA +# Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018, 2023 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Set initial variables: +cd $(dirname $0) ; CWD=$(pwd) +TMP=${TMP:-/tmp} + +PKGNAM=openssl11 +VERSION=${VERSION:-$(echo openssl-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +PKG1=$TMP/package-openssl11 +PKG2=$TMP/package-ossllibs11 +NAME1=openssl11-$VERSION-$ARCH-$BUILD +NAME2=openssl11-solibs-$VERSION-$ARCH-$BUILD + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "${NAME1}.txz" + echo "${NAME2}.txz" + exit 0 +fi + +# Parallel build doesn't link properly. +#NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +# So that ls has the right field counts for parsing... +export LC_ALL=C + +cd $TMP +rm -rf $PKG1 $PKG2 openssl-$VERSION + +tar xvf $CWD/openssl-$VERSION.tar.gz || exit 1 +cd openssl-$VERSION + +# Fix pod syntax errors which are fatal wih a newer perl: +find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|$\)/\=item C<\1>/g" {} \; + +## For openssl-1.1.x, don't try to change the soname. +## Use .so.1, not .so.1.0.0: +#sed -i "s/soname=\$\$SHLIB\$\$SHLIB_SOVER\$\$SHLIB_SUFFIX/soname=\$\$SHLIB.1/g" Makefile.shared + +if [ "$ARCH" = "i586" ]; then + # Build with -march=i586 -mtune=i686: + sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i586 -mtune=i686/g" Configure + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + # Build with -march=i686 -mtune=i686: + sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i686 -mtune=i686/g" Configure + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + LIBDIRSUFFIX="64" +fi + +# OpenSSL has a (nasty?) habit of bumping the internal version number with +# every release. This wouldn't be so bad, but some applications are so +# paranoid that they won't run against a different OpenSSL version than +# what they were compiled against, whether or not the ABI has changed. +# +# So, we will use the OPENSSL_VERSION_NUMBER from openssl-1.1.1 unless ABI +# breakage forces it to change. Yes, we're finally using this old trick. :) +sed -i "s/#define OPENSSL_VERSION_NUMBER.*/\/* Use 0x1010100fL (1.1.1) below to avoid pointlessly breaking the ABI *\/\n#define OPENSSL_VERSION_NUMBER 0x1010100fL/g" include/openssl/opensslv.h || exit 1 + +chown -R root:root . +mkdir -p $PKG1/usr/doc/openssl-$VERSION +cp -a ACKNOWLEDGEMENTS AUTHORS CHANGES* CONTRIBUTING FAQ INSTALL* \ + LICENSE* NEWS NOTES* README* doc \ + $PKG1/usr/doc/openssl-$VERSION +find $PKG1/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \+ +find $PKG1/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \+ + +# If there's a CHANGES file, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r CHANGES ]; then + DOCSDIR=$(echo $PKG1/usr/doc/*-$VERSION) + cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES + touch -r CHANGES $DOCSDIR/CHANGES +fi + +# These are the known patent issues with OpenSSL: +# name # expires +# MDC-2: 4,908,861 2007-03-13, not included. +# IDEA: 5,214,703 2010-05-25, not included. +# +# Although all of the above are expired, it's still probably +# not a good idea to include them as there are better +# algorithms to use. + +./config \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + --libdir=lib${LIBDIRSUFFIX}/openssl-1.1 \ + zlib \ + enable-camellia \ + enable-seed \ + enable-rfc3779 \ + enable-cms \ + enable-md2 \ + enable-rc5 \ + enable-ssl3 \ + enable-ssl3-method \ + no-weak-ssl-ciphers \ + no-mdc2 \ + no-ec2m \ + no-idea \ + no-sse2 \ + shared + +make $NUMJOBS depend || make depend || exit 1 + +make $NUMJOBS || make || exit 1 + +make install DESTDIR=$PKG1 || exit 1 + +# No thanks on static libraries: +rm -f $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.1/*.a + +# Also no thanks on .pod versions of the already shipped manpages: +rm -rf $PKG1/usr/doc/openssl-*/doc/man* + +# Move libraries, as they might be needed by programs that bring a network +# mounted /usr online: + +mkdir $PKG1/lib${LIBDIRSUFFIX} +( cd $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.1 + for file in lib*.so.?.* ; do + mv $file ../../../lib${LIBDIRSUFFIX} + ln -sf ../../../lib${LIBDIRSUFFIX}/$file . + done +) + +# Move include files: +mkdir -p $PKG1/usr/include/openssl-1.1 +mv $PKG1/usr/include/openssl $PKG1/usr/include/openssl-1.1/openssl + +# Edit .pc files to correct the includedir: +sed -e "s|/include$|/include/openssl-1.1|" -i $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.1/pkgconfig/*.pc + +# Rename openssl binary: +mv $PKG1/usr/bin/openssl $PKG1/usr/bin/openssl-1.1 + +# Don't package these things: +rm -rf $PKG1/etc $PKG1/usr/bin/c_rehash + +# Not needed in openssl11 compat package. +# +## Add a cron script to warn root if a certificate is going to expire soon: +#mkdir -p $PKG1/etc/cron.daily +#zcat $CWD/certwatch.gz > $PKG1/etc/cron.daily/certwatch.new +#chmod 755 $PKG1/etc/cron.daily/certwatch.new + +#mv $PKG1/etc/ssl/openssl.cnf $PKG1/etc/ssl/openssl.cnf.new + +( cd $PKG1 + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +# Remove the man pages and installed docs: +rm -r $PKG1/usr/share/{doc,man} +rmdir $PKG1/usr/share + +cd $PKG1 +#chmod 755 usr/lib${LIBDIRSUFFIX}/pkgconfig +#sed -i -e "s#lib\$#lib${LIBDIRSUFFIX}#" usr/lib${LIBDIRSUFFIX}/pkgconfig/*.pc +mkdir -p install +cat $CWD/slack-desc.openssl11 > install/slack-desc +/sbin/makepkg -l y -c n $TMP/${NAME1}.txz + +# Make runtime package: +mkdir -p $PKG2/lib${LIBDIRSUFFIX} +( cd lib${LIBDIRSUFFIX} ; cp -a lib*.so.* $PKG2/lib${LIBDIRSUFFIX} ) +mkdir -p $PKG2/usr/lib${LIBDIRSUFFIX}/openssl-1.1 +cp -a $PKG1//usr/lib${LIBDIRSUFFIX}/openssl-1.1/engines-1.1 $PKG2/usr/lib${LIBDIRSUFFIX}/openssl-1.1 +( cd $PKG2/lib${LIBDIRSUFFIX} + for file in lib*.so.?.? ; do + ( cd $PKG2/usr/lib${LIBDIRSUFFIX}/openssl-1.1 ; ln -sf ../../../lib${LIBDIRSUFFIX}/$file . ) + done +) +#mkdir -p $PKG2/etc +#( cd $PKG2/etc ; cp -a $PKG1/etc/ssl . ) +mkdir -p $PKG2/usr/doc/openssl-$VERSION +( cd $TMP/openssl-$VERSION + cp -a CHANGES CHANGES.SSLeay FAQ INSTALL INSTALL.MacOS INSTALL.VMS INSTALL.W32 \ + LICENSE NEWS README README.ENGINE $PKG2/usr/doc/openssl-$VERSION + # If there's a CHANGES file, installing at least part of the recent history + # is useful, but don't let it get totally out of control: + if [ -r CHANGES ]; then + DOCSDIR=$(echo $PKG2/usr/doc/*-$VERSION) + cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES + touch -r CHANGES $DOCSDIR/CHANGES + fi +) + +find $PKG2/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \+ +find $PKG2/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \+ +cd $PKG2 +mkdir -p install +cat $CWD/slack-desc.openssl11-solibs > install/slack-desc +/sbin/makepkg -l y -c n $TMP/${NAME2}.txz diff --git a/source/n/openssl11/slack-desc.openssl11 b/source/n/openssl11/slack-desc.openssl11 new file mode 100644 index 000000000..812bdc626 --- /dev/null +++ b/source/n/openssl11/slack-desc.openssl11 @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +openssl11: openssl11 (SSL toolkit version 1.1.x) +openssl11: +openssl11: The OpenSSL certificate management tool and the shared libraries that +openssl11: provide various encryption and decryption algorithms and protocols. +openssl11: +openssl11: This product includes software developed by the OpenSSL Project for +openssl11: use in the OpenSSL Toolkit (http://www.openssl112.org). This product +openssl11: includes cryptographic software written by Eric Young +openssl11: (eay@cryptsoft.com). This product includes software written by Tim +openssl11: Hudson (tjh@cryptsoft.com). +openssl11: diff --git a/source/n/openssl11/slack-desc.openssl11-solibs b/source/n/openssl11/slack-desc.openssl11-solibs new file mode 100644 index 000000000..f42eaf426 --- /dev/null +++ b/source/n/openssl11/slack-desc.openssl11-solibs @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +openssl11-solibs: openssl11-solibs (OpenSSL shared libraries v1.1.x) +openssl11-solibs: +openssl11-solibs: These shared libraries provide encryption routines required by +openssl11-solibs: programs such as openssh, bind, sendmail, and many others. +openssl11-solibs: +openssl11-solibs: This product includes software developed by the OpenSSL Project for +openssl11-solibs: use in the OpenSSL Toolkit (http://www.openssl.org). This product +openssl11-solibs: includes cryptographic software written by Eric Young +openssl11-solibs: (eay@cryptsoft.com). This product includes software written by Tim +openssl11-solibs: Hudson (tjh@cryptsoft.com). +openssl11-solibs: diff --git a/source/n/openvpn/openvpn.SlackBuild b/source/n/openvpn/openvpn.SlackBuild index 7390d1d64..f136d02a2 100755 --- a/source/n/openvpn/openvpn.SlackBuild +++ b/source/n/openvpn/openvpn.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=openvpn VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/php/CVE-2022-31631.patch b/source/n/php/CVE-2022-31631.patch deleted file mode 100644 index 6aa309549..000000000 --- a/source/n/php/CVE-2022-31631.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 921b6813da3237a83e908998483f46ae3d8bacba Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Mon, 31 Oct 2022 17:20:23 +0100 -Subject: [PATCH] Fix #81740: PDO::quote() may return unquoted string - -`sqlite3_snprintf()` expects its first parameter to be `int`; we need -to avoid overflow. ---- - ext/pdo_sqlite/sqlite_driver.c | 3 +++ - ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++ - 2 files changed, 20 insertions(+) - create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt - -diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c -index 4233ff10ff2e..5a72a1eda23f 100644 ---- a/ext/pdo_sqlite/sqlite_driver.c -+++ b/ext/pdo_sqlite/sqlite_driver.c -@@ -232,6 +232,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t - /* NB: doesn't handle binary strings... use prepared stmts for that */ - static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype ) - { -+ if (unquotedlen > (INT_MAX - 3) / 2) { -+ return 0; -+ } - *quoted = safe_emalloc(2, unquotedlen, 3); - sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted); - *quotedlen = strlen(*quoted); -diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt -new file mode 100644 -index 000000000000..99fb07c3048b ---- /dev/null -+++ b/ext/pdo_sqlite/tests/bug81740.phpt -@@ -0,0 +1,17 @@ -+--TEST-- -+Bug #81740 (PDO::quote() may return unquoted string) -+--SKIPIF-- -+<?php -+if (!extension_loaded('pdo_sqlite')) print 'skip not loaded'; -+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test"); -+?> -+--INI-- -+memory_limit=-1 -+--FILE-- -+<?php -+$pdo = new PDO("sqlite::memory:"); -+$string = str_repeat("a", 0x80000000); -+var_dump($pdo->quote($string)); -+?> -+--EXPECT-- -+bool(false) diff --git a/source/n/php/CVE-2023-0567.patch b/source/n/php/CVE-2023-0567.patch deleted file mode 100644 index 78defd92b..000000000 --- a/source/n/php/CVE-2023-0567.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 7882d12ff2d8d8c5a4af821464e0a5ac2cde2002 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be> -Date: Mon, 23 Jan 2023 21:15:24 +0100 -Subject: [PATCH] crypt: Fix validation of malformed BCrypt hashes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -PHP’s implementation of crypt_blowfish differs from the upstream Openwall -version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt -by including a `$` character within the characters that represent the salt. - -Hashes that are affected by the “PHP Hack” may erroneously validate any -password as valid when used with `password_verify` and when comparing the -return value of `crypt()` against the input. - -The PHP Hack exists since the first version of PHP’s own crypt_blowfish -implementation that was added in 1e820eca02dcf322b41fd2fe4ed2a6b8309f8ab5. - -No clear reason is given for the PHP Hack’s existence. This commit removes it, -because BCrypt hashes containing a `$` character in their salt are not valid -BCrypt hashes. ---- - ext/standard/crypt_blowfish.c | 8 -- - .../tests/crypt/bcrypt_salt_dollar.phpt | 82 +++++++++++++++++++ - 2 files changed, 82 insertions(+), 8 deletions(-) - create mode 100644 ext/standard/tests/crypt/bcrypt_salt_dollar.phpt - -diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c -index 3806a290aee4..351d40308089 100644 ---- a/ext/standard/crypt_blowfish.c -+++ b/ext/standard/crypt_blowfish.c -@@ -371,7 +371,6 @@ static const unsigned char BF_atoi64[0x60] = { - #define BF_safe_atoi64(dst, src) \ - { \ - tmp = (unsigned char)(src); \ -- if (tmp == '$') break; /* PHP hack */ \ - if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \ - tmp = BF_atoi64[tmp]; \ - if (tmp > 63) return -1; \ -@@ -399,13 +398,6 @@ static int BF_decode(BF_word *dst, const char *src, int size) - *dptr++ = ((c3 & 0x03) << 6) | c4; - } while (dptr < end); - -- if (end - dptr == size) { -- return -1; -- } -- -- while (dptr < end) /* PHP hack */ -- *dptr++ = 0; -- - return 0; - } - -diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt -new file mode 100644 -index 000000000000..32e335f4b087 ---- /dev/null -+++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt -@@ -0,0 +1,82 @@ -+--TEST-- -+bcrypt correctly rejects salts containing $ -+--FILE-- -+<?php -+for ($i = 0; $i < 23; $i++) { -+ $salt = '$2y$04$' . str_repeat('0', $i) . '$'; -+ $result = crypt("foo", $salt); -+ var_dump($salt); -+ var_dump($result); -+ var_dump($result === $salt); -+} -+?> -+--EXPECT-- -+string(8) "$2y$04$$" -+string(2) "*0" -+bool(false) -+string(9) "$2y$04$0$" -+string(2) "*0" -+bool(false) -+string(10) "$2y$04$00$" -+string(2) "*0" -+bool(false) -+string(11) "$2y$04$000$" -+string(2) "*0" -+bool(false) -+string(12) "$2y$04$0000$" -+string(2) "*0" -+bool(false) -+string(13) "$2y$04$00000$" -+string(2) "*0" -+bool(false) -+string(14) "$2y$04$000000$" -+string(2) "*0" -+bool(false) -+string(15) "$2y$04$0000000$" -+string(2) "*0" -+bool(false) -+string(16) "$2y$04$00000000$" -+string(2) "*0" -+bool(false) -+string(17) "$2y$04$000000000$" -+string(2) "*0" -+bool(false) -+string(18) "$2y$04$0000000000$" -+string(2) "*0" -+bool(false) -+string(19) "$2y$04$00000000000$" -+string(2) "*0" -+bool(false) -+string(20) "$2y$04$000000000000$" -+string(2) "*0" -+bool(false) -+string(21) "$2y$04$0000000000000$" -+string(2) "*0" -+bool(false) -+string(22) "$2y$04$00000000000000$" -+string(2) "*0" -+bool(false) -+string(23) "$2y$04$000000000000000$" -+string(2) "*0" -+bool(false) -+string(24) "$2y$04$0000000000000000$" -+string(2) "*0" -+bool(false) -+string(25) "$2y$04$00000000000000000$" -+string(2) "*0" -+bool(false) -+string(26) "$2y$04$000000000000000000$" -+string(2) "*0" -+bool(false) -+string(27) "$2y$04$0000000000000000000$" -+string(2) "*0" -+bool(false) -+string(28) "$2y$04$00000000000000000000$" -+string(2) "*0" -+bool(false) -+string(29) "$2y$04$000000000000000000000$" -+string(2) "*0" -+bool(false) -+string(30) "$2y$04$0000000000000000000000$" -+string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K" -+bool(false) diff --git a/source/n/php/CVE-2023-0568.patch b/source/n/php/CVE-2023-0568.patch deleted file mode 100644 index 3b8440926..000000000 --- a/source/n/php/CVE-2023-0568.patch +++ /dev/null @@ -1,62 +0,0 @@ -From c0fceebfa195b8e56a7108cb731b5ea7afbef70c Mon Sep 17 00:00:00 2001 -From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> -Date: Fri, 27 Jan 2023 19:28:27 +0100 -Subject: [PATCH] Fix array overrun when appending slash to paths - -Fix it by extending the array sizes by one character. As the input is -limited to the maximum path length, there will always be place to append -the slash. As the php_check_specific_open_basedir() simply uses the -strings to compare against each other, no new failures related to too -long paths are introduced. -We'll let the DOM and XML case handle a potentially too long path in the -library code. ---- - ext/dom/document.c | 2 +- - ext/xmlreader/php_xmlreader.c | 2 +- - main/fopen_wrappers.c | 6 +++--- - 3 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/ext/dom/document.c b/ext/dom/document.c -index 4dee5548f188..c60198a3be11 100644 ---- a/ext/dom/document.c -+++ b/ext/dom/document.c -@@ -1182,7 +1182,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so - int validate, recover, resolve_externals, keep_blanks, substitute_ent; - int resolved_path_len; - int old_error_reporting = 0; -- char *directory=NULL, resolved_path[MAXPATHLEN]; -+ char *directory=NULL, resolved_path[MAXPATHLEN + 1]; - - if (id != NULL) { - intern = Z_DOMOBJ_P(id); -diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c -index c17884d960cb..39141c8c1223 100644 ---- a/ext/xmlreader/php_xmlreader.c -+++ b/ext/xmlreader/php_xmlreader.c -@@ -1017,7 +1017,7 @@ PHP_METHOD(XMLReader, XML) - xmlreader_object *intern = NULL; - char *source, *uri = NULL, *encoding = NULL; - int resolved_path_len, ret = 0; -- char *directory=NULL, resolved_path[MAXPATHLEN]; -+ char *directory=NULL, resolved_path[MAXPATHLEN + 1]; - xmlParserInputBufferPtr inputbfr; - xmlTextReaderPtr reader; - -diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c -index f6ce26e104be..12cc9c8b10c0 100644 ---- a/main/fopen_wrappers.c -+++ b/main/fopen_wrappers.c -@@ -129,10 +129,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir) - */ - PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path) - { -- char resolved_name[MAXPATHLEN]; -- char resolved_basedir[MAXPATHLEN]; -+ char resolved_name[MAXPATHLEN + 1]; -+ char resolved_basedir[MAXPATHLEN + 1]; - char local_open_basedir[MAXPATHLEN]; -- char path_tmp[MAXPATHLEN]; -+ char path_tmp[MAXPATHLEN + 1]; - char *path_file; - size_t resolved_basedir_len; - size_t resolved_name_len; diff --git a/source/n/php/CVE-2023-0662.patch b/source/n/php/CVE-2023-0662.patch deleted file mode 100644 index e9cada2c9..000000000 --- a/source/n/php/CVE-2023-0662.patch +++ /dev/null @@ -1,411 +0,0 @@ -From 716de0cff539f46294ef70fe75d548cd66766370 Mon Sep 17 00:00:00 2001 -From: Jakub Zelenka <bukka@php.net> -Date: Thu, 19 Jan 2023 14:31:25 +0000 -Subject: [PATCH] Introduce max_multipart_body_parts INI - -This fixes GHSA-54hq-v5wp-fqgv DOS vulnerabality by limitting number of -parsed multipart body parts as currently all parts were always parsed. ---- - main/main.c | 1 + - main/rfc1867.c | 11 ++ - ...-54hq-v5wp-fqgv-max-body-parts-custom.phpt | 53 +++++++++ - ...54hq-v5wp-fqgv-max-body-parts-default.phpt | 54 +++++++++ - .../ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt | 52 +++++++++ - sapi/fpm/tests/tester.inc | 106 +++++++++++++++--- - 6 files changed, 262 insertions(+), 15 deletions(-) - create mode 100644 sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt - create mode 100644 sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt - create mode 100644 sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt - -diff --git a/main/main.c b/main/main.c -index 40684f32dc14..c58ea58bf5ac 100644 ---- a/main/main.c -+++ b/main/main.c -@@ -751,6 +751,7 @@ PHP_INI_BEGIN() - PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) - PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) - PHP_INI_ENTRY("max_file_uploads", "20", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) -+ PHP_INI_ENTRY("max_multipart_body_parts", "-1", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) - - STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) - STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) -diff --git a/main/rfc1867.c b/main/rfc1867.c -index b43cfae5a1e2..3086e8da3dbe 100644 ---- a/main/rfc1867.c -+++ b/main/rfc1867.c -@@ -687,6 +687,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ - void *event_extra_data = NULL; - unsigned int llen = 0; - int upload_cnt = INI_INT("max_file_uploads"); -+ int body_parts_cnt = INI_INT("max_multipart_body_parts"); - const zend_encoding *internal_encoding = zend_multibyte_get_internal_encoding(); - php_rfc1867_getword_t getword; - php_rfc1867_getword_conf_t getword_conf; -@@ -708,6 +709,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ - return; - } - -+ if (body_parts_cnt < 0) { -+ body_parts_cnt = PG(max_input_vars) + upload_cnt; -+ } -+ int body_parts_limit = body_parts_cnt; -+ - /* Get the boundary */ - boundary = strstr(content_type_dup, "boundary"); - if (!boundary) { -@@ -792,6 +798,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ - char *pair = NULL; - int end = 0; - -+ if (--body_parts_cnt < 0) { -+ php_error_docref(NULL, E_WARNING, "Multipart body parts limit exceeded %d. To increase the limit change max_multipart_body_parts in php.ini.", body_parts_limit); -+ goto fileupload_done; -+ } -+ - while (isspace(*cd)) { - ++cd; - } -#diff --git a/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt -#new file mode 100644 -#index 000000000000..d2239ac3c410 -#--- /dev/null -#+++ b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt -#@@ -0,0 +1,53 @@ -#+--TEST-- -#+FPM: GHSA-54hq-v5wp-fqgv - max_multipart_body_parts ini custom value -#+--SKIPIF-- -#+<?php include "skipif.inc"; ?> -#+--FILE-- -#+<?php -#+ -#+require_once "tester.inc"; -#+ -#+$cfg = <<<EOT -#+[global] -#+error_log = {{FILE:LOG}} -#+[unconfined] -#+listen = {{ADDR}} -#+pm = dynamic -#+pm.max_children = 5 -#+pm.start_servers = 1 -#+pm.min_spare_servers = 1 -#+pm.max_spare_servers = 3 -#+php_admin_value[html_errors] = false -#+php_admin_value[max_input_vars] = 20 -#+php_admin_value[max_file_uploads] = 5 -#+php_admin_value[max_multipart_body_parts] = 10 -#+php_flag[display_errors] = On -#+EOT; -#+ -#+$code = <<<EOT -#+<?php -#+var_dump(count(\$_POST)); -#+EOT; -#+ -#+$tester = new FPM\Tester($cfg, $code); -#+$tester->start(); -#+$tester->expectLogStartNotices(); -#+echo $tester -#+ ->request(stdin: [ -#+ 'parts' => [ -#+ 'count' => 30, -#+ ] -#+ ]) -#+ ->getBody(); -#+$tester->terminate(); -#+$tester->close(); -#+ -#+?> -#+--EXPECT-- -#+Warning: Unknown: Multipart body parts limit exceeded 10. To increase the limit change max_multipart_body_parts in php.ini. in Unknown on line 0 -#+int(10) -#+--CLEAN-- -#+<?php -#+require_once "tester.inc"; -#+FPM\Tester::clean(); -#+?> -#diff --git a/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt -#new file mode 100644 -#index 000000000000..42b5afbf9ee7 -#--- /dev/null -#+++ b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt -#@@ -0,0 +1,54 @@ -#+--TEST-- -#+FPM: GHSA-54hq-v5wp-fqgv - max_multipart_body_parts ini default -#+--SKIPIF-- -#+<?php include "skipif.inc"; ?> -#+--FILE-- -#+<?php -#+ -#+require_once "tester.inc"; -#+ -#+$cfg = <<<EOT -#+[global] -#+error_log = {{FILE:LOG}} -#+[unconfined] -#+listen = {{ADDR}} -#+pm = dynamic -#+pm.max_children = 5 -#+pm.start_servers = 1 -#+pm.min_spare_servers = 1 -#+pm.max_spare_servers = 3 -#+php_admin_value[html_errors] = false -#+php_admin_value[max_input_vars] = 20 -#+php_admin_value[max_file_uploads] = 5 -#+php_flag[display_errors] = On -#+EOT; -#+ -#+$code = <<<EOT -#+<?php -#+var_dump(count(\$_POST)); -#+EOT; -#+ -#+$tester = new FPM\Tester($cfg, $code); -#+$tester->start(); -#+$tester->expectLogStartNotices(); -#+echo $tester -#+ ->request(stdin: [ -#+ 'parts' => [ -#+ 'count' => 30, -#+ ] -#+ ]) -#+ ->getBody(); -#+$tester->terminate(); -#+$tester->close(); -#+ -#+?> -#+--EXPECT-- -#+Warning: Unknown: Input variables exceeded 20. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 -#+ -#+Warning: Unknown: Multipart body parts limit exceeded 25. To increase the limit change max_multipart_body_parts in php.ini. in Unknown on line 0 -#+int(20) -#+--CLEAN-- -#+<?php -#+require_once "tester.inc"; -#+FPM\Tester::clean(); -#+?> -#diff --git a/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt -#new file mode 100644 -#index 000000000000..da81174c7280 -#--- /dev/null -#+++ b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt -#@@ -0,0 +1,52 @@ -#+--TEST-- -#+FPM: GHSA-54hq-v5wp-fqgv - exceeding max_file_uploads -#+--SKIPIF-- -#+<?php include "skipif.inc"; ?> -#+--FILE-- -#+<?php -#+ -#+require_once "tester.inc"; -#+ -#+$cfg = <<<EOT -#+[global] -#+error_log = {{FILE:LOG}} -#+[unconfined] -#+listen = {{ADDR}} -#+pm = dynamic -#+pm.max_children = 5 -#+pm.start_servers = 1 -#+pm.min_spare_servers = 1 -#+pm.max_spare_servers = 3 -#+php_admin_value[html_errors] = false -#+php_admin_value[max_file_uploads] = 5 -#+php_flag[display_errors] = On -#+EOT; -#+ -#+$code = <<<EOT -#+<?php -#+var_dump(count(\$_FILES)); -#+EOT; -#+ -#+$tester = new FPM\Tester($cfg, $code); -#+$tester->start(); -#+$tester->expectLogStartNotices(); -#+echo $tester -#+ ->request(stdin: [ -#+ 'parts' => [ -#+ 'count' => 10, -#+ 'param' => 'filename' -#+ ] -#+ ]) -#+ ->getBody(); -#+$tester->terminate(); -#+$tester->close(); -#+ -#+?> -#+--EXPECT-- -#+Warning: Maximum number of allowable file uploads has been exceeded in Unknown on line 0 -#+int(5) -#+--CLEAN-- -#+<?php -#+require_once "tester.inc"; -#+FPM\Tester::clean(); -#+?> -##diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc -##index 6197cdba53f5..e51aa0f69143 100644 -##--- a/sapi/fpm/tests/tester.inc -##+++ b/sapi/fpm/tests/tester.inc -#@@ -567,13 +567,17 @@ class Tester -# * @param string $query -# * @param array $headers -# * @param string|null $uri -#+ * @param string|null $scriptFilename -#+ * @param string|null $stdin -# * -# * @return array -# */ -# private function getRequestParams( -# string $query = '', -# array $headers = [], -#- string $uri = null -#+ string $uri = null, -#+ string $scriptFilename = null, -#+ ?string $stdin = null -# ): array { -# if (is_null($uri)) { -# $uri = $this->makeSourceFile(); -3@@ -582,8 +586,8 @@ class Tester -# $params = array_merge( -# [ -# 'GATEWAY_INTERFACE' => 'FastCGI/1.0', -#- 'REQUEST_METHOD' => 'GET', -#- 'SCRIPT_FILENAME' => $uri, -#+ 'REQUEST_METHOD' => is_null($stdin) ? 'GET' : 'POST', -#+ 'SCRIPT_FILENAME' => $scriptFilename ?: $uri, -# 'SCRIPT_NAME' => $uri, -# 'QUERY_STRING' => $query, -# 'REQUEST_URI' => $uri . ($query ? '?' . $query : ""), -#@@ -597,7 +601,7 @@ class Tester -# 'SERVER_PROTOCOL' => 'HTTP/1.1', -# 'DOCUMENT_ROOT' => __DIR__, -# 'CONTENT_TYPE' => '', -#- 'CONTENT_LENGTH' => 0 -#+ 'CONTENT_LENGTH' => strlen($stdin ?? "") // Default to 0 -# ], -# $headers -# ); -#@@ -607,20 +611,86 @@ class Tester -# }); -# } -# -#+ /** -#+ * Parse stdin and generate data for multipart config. -#+ * -#+ * @param array $stdin -#+ * @param array $headers -#+ * -#+ * @return void -#+ * @throws \Exception -#+ */ -#+ private function parseStdin(array $stdin, array &$headers) -#+ { -#+ $parts = $stdin['parts'] ?? null; -#+ if (empty($parts)) { -#+ throw new \Exception('The stdin array needs to contain parts'); -#+ } -#+ $boundary = $stdin['boundary'] ?? 'AaB03x'; -#+ if ( ! isset($headers['CONTENT_TYPE'])) { -#+ $headers['CONTENT_TYPE'] = 'multipart/form-data; boundary=' . $boundary; -#+ } -#+ $count = $parts['count'] ?? null; -#+ if ( ! is_null($count)) { -#+ $dispositionType = $parts['disposition'] ?? 'form-data'; -#+ $dispositionParam = $parts['param'] ?? 'name'; -#+ $namePrefix = $parts['prefix'] ?? 'f'; -#+ $nameSuffix = $parts['suffix'] ?? ''; -#+ $value = $parts['value'] ?? 'test'; -#+ $parts = []; -#+ for ($i = 0; $i < $count; $i++) { -#+ $parts[] = [ -#+ 'disposition' => $dispositionType, -#+ 'param' => $dispositionParam, -#+ 'name' => "$namePrefix$i$nameSuffix", -#+ 'value' => $value -#+ ]; -#+ } -#+ } -#+ $out = ''; -#+ $nl = "\r\n"; -#+ foreach ($parts as $part) { -#+ if (!is_array($part)) { -#+ $part = ['name' => $part]; -#+ } elseif ( ! isset($part['name'])) { -#+ throw new \Exception('Each part has to have a name'); -#+ } -#+ $name = $part['name']; -#+ $dispositionType = $part['disposition'] ?? 'form-data'; -#+ $dispositionParam = $part['param'] ?? 'name'; -#+ $value = $part['value'] ?? 'test'; -#+ $partHeaders = $part['headers'] ?? []; -#+ -#+ $out .= "--$boundary$nl"; -#+ $out .= "Content-disposition: $dispositionType; $dispositionParam=\"$name\"$nl"; -#+ foreach ($partHeaders as $headerName => $headerValue) { -#+ $out .= "$headerName: $headerValue$nl"; -#+ } -#+ $out .= $nl; -#+ $out .= "$value$nl"; -#+ } -#+ $out .= "--$boundary--$nl"; -#+ -#+ return $out; -#+ } -#+ -# /** -# * Execute request. -# * -#- * @param string $query -#- * @param array $headers -#- * @param string|null $uri -#- * @param string|null $address -#- * @param string|null $successMessage -#- * @param string|null $errorMessage -#- * @param bool $connKeepAlive -#- * @param bool $expectError -#- * @param int $readLimit -#+ * @param string $query -#+ * @param array $headers -#+ * @param string|null $uri -#+ * @param string|null $address -#+ * @param string|null $successMessage -#+ * @param string|null $errorMessage -#+ * @param bool $connKeepAlive -#+ * @param string|null $scriptFilename = null -#+ * @param string|array|null $stdin = null -#+ * @param bool $expectError -#+ * @param int $readLimit -# * -# * @return Response -#+ * @throws \Exception -# */ -# public function request( -# string $query = '', -#@@ -630,6 +700,8 @@ class Tester -# string $successMessage = null, -# string $errorMessage = null, -# bool $connKeepAlive = false, -#+ string $scriptFilename = null, -#+ string|array $stdin = null, -# bool $expectError = false, -# int $readLimit = -1, -# ): Response { -#@@ -637,12 +709,16 @@ class Tester -# return new Response(null, true); -# } -# -#- $params = $this->getRequestParams($query, $headers, $uri); -#+ if (is_array($stdin)) { -#+ $stdin = $this->parseStdin($stdin, $headers); -#+ } -#+ -#+ $params = $this->getRequestParams($query, $headers, $uri, $scriptFilename, $stdin); -# $this->trace('Request params', $params); -# -# try { -# $this->response = new Response( -#- $this->getClient($address, $connKeepAlive)->request_data($params, false, $readLimit) -#+ $this->getClient($address, $connKeepAlive)->request_data($params, $stdin, $readLimit) -# ); -# if ($expectError) { -# $this->error('Expected request error but the request was successful'); diff --git a/source/n/php/fetch-php.sh b/source/n/php/fetch-php.sh index e44524800..14eb1c5c3 100755 --- a/source/n/php/fetch-php.sh +++ b/source/n/php/fetch-php.sh @@ -1,2 +1,2 @@ -lftpget http://us.php.net/distributions/php-7.4.33.tar.xz.asc -lftpget http://us.php.net/distributions/php-7.4.33.tar.xz +lftpget http://us.php.net/distributions/php-8.2.3.tar.xz.asc +lftpget http://us.php.net/distributions/php-8.2.3.tar.xz diff --git a/source/n/php/mod_php.conf.example b/source/n/php/mod_php.conf.example index d8f96eb09..6ca1d3a87 100644 --- a/source/n/php/mod_php.conf.example +++ b/source/n/php/mod_php.conf.example @@ -3,7 +3,7 @@ # # Load the PHP module: -LoadModule php7_module lib/httpd/modules/libphp7.so +LoadModule php_module lib/httpd/modules/libphp.so # Tell Apache to feed all *.php files through PHP. If you'd like to # parse PHP embedded in files with different extensions, comment out diff --git a/source/n/php/php.SlackBuild b/source/n/php/php.SlackBuild index c54694b16..00f49b4d7 100755 --- a/source/n/php/php.SlackBuild +++ b/source/n/php/php.SlackBuild @@ -3,7 +3,7 @@ # Build and package mod_php on Slackware. # by: David Cantrell <david@slackware.com> # Modified for PHP 4-5 by volkerdi@slackware.com -# Copyright 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2017, 2019, 2020, 2021, 2023 Patrick Volkerding, Sebeka, MN, USA +# Copyright 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2017, 2019, 2020, 2021 Patrick Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=php VERSION=${VERSION:-$(echo php-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} ALPINE=2.26 -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -127,11 +127,6 @@ rm -rf php-$VERSION tar xvf $CWD/php-$VERSION.tar.xz || exit 1 cd php-$VERSION || exit 1 -zcat $CWD/CVE-2022-31631.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2023-0567.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2023-0568.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/CVE-2023-0662.patch.gz | patch -p1 --verbose || exit 1 - # cleanup: find . -name "*.orig" -delete @@ -160,11 +155,6 @@ zcat $CWD/php-fpm.conf.diff.gz | patch -p1 --verbose || exit 1 # Fix for imap API change: zcat $CWD/php.imap.api.diff.gz | patch -p1 --verbose || exit 1 -# Use enchant-2: -zcat $CWD/php.enchant-2.patch.gz | patch -p1 --verbose || exit 1 -export ENCHANT_CFLAGS="-I/usr/include/enchant-2" -export ENCHANT_LIBS="-lenchant-2" - # Install the build folder into /usr/lib$LIBDIRSUFFIX/php/build # and adapt phpize accordingly: sed -i "s|build$|php/build|" scripts/Makefile.frag @@ -348,4 +338,3 @@ cat $CWD/slack-desc > $PKG/install/slack-desc cd $PKG /sbin/makepkg -l y -c n $TMP/php-$VERSION-$ARCH-$BUILD.txz - diff --git a/source/n/php/php.enchant-2.patch b/source/n/php/php.enchant-2.patch deleted file mode 100644 index 9d421c3bf..000000000 --- a/source/n/php/php.enchant-2.patch +++ /dev/null @@ -1,76 +0,0 @@ ---- php-7.4.4/ext/enchant/config.m4 2020-03-17 10:40:22.000000000 +0000 -+++ php-7.4.4/ext/enchant/config.m4 2020-03-27 21:25:27.754470703 +0000 -@@ -4,21 +4,21 @@ PHP_ARG_WITH([enchant], - [Include Enchant support])]) - - if test "$PHP_ENCHANT" != "no"; then -- PKG_CHECK_MODULES([ENCHANT], [enchant]) -+ PKG_CHECK_MODULES([ENCHANT], [enchant-2]) - - PHP_EVAL_INCLINE($ENCHANT_CFLAGS) - PHP_EVAL_LIBLINE($ENCHANT_LIBS, ENCHANT_SHARED_LIBADD) - - AC_DEFINE(HAVE_ENCHANT, 1, [ ]) - -- PHP_CHECK_LIBRARY(enchant, enchant_get_version, -+ PHP_CHECK_LIBRARY(enchant-2, enchant_get_version, - [ - AC_DEFINE(HAVE_ENCHANT_GET_VERSION, 1, [ ]) - ], [ ], [ - $ENCHANT_LIBS - ]) - -- PHP_CHECK_LIBRARY(enchant, enchant_broker_set_param, -+ PHP_CHECK_LIBRARY(enchant-2, enchant_broker_set_param, - [ - AC_DEFINE(HAVE_ENCHANT_BROKER_SET_PARAM, 1, [ ]) - ], [ ], [ ---- a/ext/enchant/enchant.c.orig -+++ b/ext/enchant/enchant.c -@@ -738,7 +738,7 @@ - for (i = 0; i < n_sugg; i++) { - add_next_index_string(sugg, suggs[i]); - } -- enchant_dict_free_suggestions(pdict->pdict, suggs); -+ enchant_dict_free_string_list(pdict->pdict, suggs); - } - - -@@ -793,7 +793,7 @@ - add_next_index_string(return_value, suggs[i]); - } - -- enchant_dict_free_suggestions(pdict->pdict, suggs); -+ enchant_dict_free_string_list(pdict->pdict, suggs); - } - } - /* }}} */ -@@ -813,7 +813,7 @@ - - PHP_ENCHANT_GET_DICT; - -- enchant_dict_add_to_personal(pdict->pdict, word, wordlen); -+ enchant_dict_add(pdict->pdict, word, wordlen); - } - /* }}} */ - -@@ -851,7 +851,7 @@ - - PHP_ENCHANT_GET_DICT; - -- RETURN_BOOL(enchant_dict_is_in_session(pdict->pdict, word, wordlen)); -+ RETURN_BOOL(enchant_dict_is_added(pdict->pdict, word, wordlen)); - } - /* }}} */ - ---- php-7.4.4/build/php.m4 2020-03-17 06:40:21.000000000 -0400 -+++ php-7.4.4/build/php.m4 2020-04-05 09:27:14.634620646 -0400 -@@ -1541,7 +1541,7 @@ AC_DEFUN([PHP_CHECK_LIBRARY], [ - ],[ - LDFLAGS=$save_old_LDFLAGS - ext_shared=$save_ext_shared -- unset ac_cv_lib_$1[]_$2 -+ unset ac_cv_lib_[]translit($1, -, _)_$2 - $4 - ])dnl - ]) diff --git a/source/n/php/php.ini-development.diff b/source/n/php/php.ini-development.diff index ce12f5a4b..4240941e0 100644 --- a/source/n/php/php.ini-development.diff +++ b/source/n/php/php.ini-development.diff @@ -1,6 +1,6 @@ ---- ./php.ini-development.orig 2020-05-12 03:09:16.000000000 -0500 -+++ ./php.ini-development 2020-05-12 14:14:32.901530776 -0500 -@@ -899,7 +899,50 @@ +--- ./php.ini-development.orig 2021-11-23 12:56:11.000000000 -0600 ++++ ./php.ini-development 2021-11-29 13:08:24.467109377 -0600 +@@ -905,7 +905,50 @@ ; 'extension='php_<ext>.dll') is supported for legacy reasons and may be ; deprecated in a future PHP major version. So, when it is possible, please ; move to the new ('extension=<ext>) syntax. @@ -51,10 +51,10 @@ ; Notes for Windows environments : ; ; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) -@@ -1335,7 +1378,7 @@ +@@ -1350,7 +1393,7 @@ ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. - ; http://php.net/session.save-path + ; https://php.net/session.save-path -;session.save_path = "/tmp" +session.save_path = "/var/lib/php" diff --git a/source/n/pidentd/pidentd.SlackBuild b/source/n/pidentd/pidentd.SlackBuild index 27be57c91..56ba4a1a3 100755 --- a/source/n/pidentd/pidentd.SlackBuild +++ b/source/n/pidentd/pidentd.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=pidentd VERSION=3.0.19 -BUILD=${BUILD:-6} +BUILD=${BUILD:-7} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/popa3d/popa3d.SlackBuild b/source/n/popa3d/popa3d.SlackBuild index 13afe4b97..c3cd6543b 100755 --- a/source/n/popa3d/popa3d.SlackBuild +++ b/source/n/popa3d/popa3d.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=popa3d VERSION=1.0.3 -BUILD=${BUILD:-6} +BUILD=${BUILD:-7} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/postfix/postfix.SlackBuild b/source/n/postfix/postfix.SlackBuild index 46603d50f..c64b7192e 100755 --- a/source/n/postfix/postfix.SlackBuild +++ b/source/n/postfix/postfix.SlackBuild @@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=postfix VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} if [ -z "$ARCH" ]; then case "$( uname -m )" in diff --git a/source/n/ppp/ppp.SlackBuild b/source/n/ppp/ppp.SlackBuild index b2840d6e5..9504fca35 100755 --- a/source/n/ppp/ppp.SlackBuild +++ b/source/n/ppp/ppp.SlackBuild @@ -26,7 +26,7 @@ PKGNAM=ppp VERSION=2.4.9 RADVER=1.1.7 PPPVER=1.98 -BUILD=${BUILD:-3} +BUILD=${BUILD:-4} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/n/proftpd/proftpd.SlackBuild b/source/n/proftpd/proftpd.SlackBuild index 06d4940df..4aa08db1b 100755 --- a/source/n/proftpd/proftpd.SlackBuild +++ b/source/n/proftpd/proftpd.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=proftpd VERSION=1.3.8 DIRVER=1.3.8 -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/n/rsync/rsync.SlackBuild b/source/n/rsync/rsync.SlackBuild index 07896eea9..1d86935ef 100755 --- a/source/n/rsync/rsync.SlackBuild +++ b/source/n/rsync/rsync.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=rsync VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/s-nail/s-nail.SlackBuild b/source/n/s-nail/s-nail.SlackBuild index de726a34c..02a018f85 100755 --- a/source/n/s-nail/s-nail.SlackBuild +++ b/source/n/s-nail/s-nail.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=s-nail VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} if [ -z "$ARCH" ]; then case "$( uname -m )" in diff --git a/source/n/samba/samba.SlackBuild b/source/n/samba/samba.SlackBuild index 757ca4336..7eed0b774 100755 --- a/source/n/samba/samba.SlackBuild +++ b/source/n/samba/samba.SlackBuild @@ -28,8 +28,10 @@ PKGNAM=samba VERSION=${VERSION:-$(echo samba-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} BUILD=${BUILD:-1} -# This option may also be set to "heimdal": -KERBEROS=${KERBEROS:-mit} +# This option may be set to "heimdal" or "mit". +# Upstream considers the use of MIT Kerberos for provisioning an AD DC +# to be experimental (for now), and recommends using the bundled Heimdal. +KERBEROS=${KERBEROS:-heimdal} if [ "$KERBEROS" = "mit" ]; then KERB_OPTIONS="--with-system-mitkrb5 --with-experimental-mit-ad-dc" diff --git a/source/n/samba/samba.url b/source/n/samba/samba.url index 4f011ee0b..bba455673 100644 --- a/source/n/samba/samba.url +++ b/source/n/samba/samba.url @@ -1,2 +1,2 @@ -https://download.samba.org/pub/samba/stable/samba-4.17.5.tar.gz -https://download.samba.org/pub/samba/stable/samba-4.17.5.tar.asc +https://download.samba.org/pub/samba/stable/samba-4.18.0.tar.gz +https://download.samba.org/pub/samba/stable/samba-4.18.0.tar.asc diff --git a/source/n/slrn/slrn.SlackBuild b/source/n/slrn/slrn.SlackBuild index 4f319b08f..ff6225c5b 100755 --- a/source/n/slrn/slrn.SlackBuild +++ b/source/n/slrn/slrn.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=slrn VERSION=1.0.3a -BUILD=${BUILD:-3} +BUILD=${BUILD:-4} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/snownews/snownews.SlackBuild b/source/n/snownews/snownews.SlackBuild index 1f1225808..4ceb42e6d 100755 --- a/source/n/snownews/snownews.SlackBuild +++ b/source/n/snownews/snownews.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=snownews VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/socat/socat.SlackBuild b/source/n/socat/socat.SlackBuild index a0291e55c..945411097 100755 --- a/source/n/socat/socat.SlackBuild +++ b/source/n/socat/socat.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=socat VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/stunnel/stunnel.SlackBuild b/source/n/stunnel/stunnel.SlackBuild index bbd15ddfb..aa2f33fb1 100755 --- a/source/n/stunnel/stunnel.SlackBuild +++ b/source/n/stunnel/stunnel.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=stunnel VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/tcpdump/tcpdump.SlackBuild b/source/n/tcpdump/tcpdump.SlackBuild index 8442d178f..080cf899a 100755 --- a/source/n/tcpdump/tcpdump.SlackBuild +++ b/source/n/tcpdump/tcpdump.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=tcpdump VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/vsftpd/vsftpd.SlackBuild b/source/n/vsftpd/vsftpd.SlackBuild index b2e076bb8..a7879a5fe 100755 --- a/source/n/vsftpd/vsftpd.SlackBuild +++ b/source/n/vsftpd/vsftpd.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=vsftpd VERSION=${VERSION:-$(echo ${PKGNAM}-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/wget/wget.SlackBuild b/source/n/wget/wget.SlackBuild index 2014844c2..476fb2995 100755 --- a/source/n/wget/wget.SlackBuild +++ b/source/n/wget/wget.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=wget VERSION=${VERSION:-$(echo wget-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/n/wpa_supplicant/wpa_supplicant.SlackBuild b/source/n/wpa_supplicant/wpa_supplicant.SlackBuild index 0b467ffd7..2f1a718eb 100755 --- a/source/n/wpa_supplicant/wpa_supplicant.SlackBuild +++ b/source/n/wpa_supplicant/wpa_supplicant.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=wpa_supplicant VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} SRCVERSION=$(printf $VERSION | tr _ -) |