summaryrefslogtreecommitdiffstats
path: root/source
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2020-11-25 23:25:45 +0000
committer Eric Hameleers <alien@slackware.com>2020-11-26 08:59:52 +0100
commit042736eeb574486635e076ffcc36593ac09c72ba (patch)
treed80deda6acecf44b4591168f49716a68bbf50be8 /source
parentd4f3249a812a440339f94607fa9b69fc981a6f4b (diff)
downloadcurrent-042736eeb574486635e076ffcc36593ac09c72ba.tar.gz
current-042736eeb574486635e076ffcc36593ac09c72ba.tar.xz
Wed Nov 25 23:25:45 UTC 202020201125232545
ap/qpdf-10.0.4-x86_64-1.txz: Upgraded. d/cmake-3.19.1-x86_64-1.txz: Upgraded. n/bind-9.16.9-x86_64-1.txz: Upgraded. This update fixes bugs, including a denial-of-service security issue: After a Negative Trust Anchor (NTA) is added, BIND performs periodic checks to see if it is still necessary. If BIND encountered a failure while creating a query to perform such a check, it attempted to dereference a NULL pointer, resulting in a crash. [GL #2244] (* Security fix *) n/cifs-utils-6.11-x86_64-2.txz: Rebuilt. Patched to fix mounting CIFS shares when linked with libcap-ng-0.8.1. Thanks to marrowsuck.
Diffstat (limited to '')
-rwxr-xr-xsource/l/libsamplerate/libsamplerate.SlackBuild22
-rw-r--r--source/l/libsamplerate/slack-desc2
-rwxr-xr-xsource/n/bind/bind.SlackBuild2
-rwxr-xr-xsource/n/cifs-utils/cifs-utils.SlackBuild7
-rw-r--r--source/n/cifs-utils/cifs-utils.f4e7c84467152624a288351321c8664dbf3364af.patch101
-rw-r--r--source/n/libnfnetlink/libnfnetlink.url1
6 files changed, 129 insertions, 6 deletions
diff --git a/source/l/libsamplerate/libsamplerate.SlackBuild b/source/l/libsamplerate/libsamplerate.SlackBuild
index 25d9419bc..7d9959d76 100755
--- a/source/l/libsamplerate/libsamplerate.SlackBuild
+++ b/source/l/libsamplerate/libsamplerate.SlackBuild
@@ -1,7 +1,25 @@
#!/bin/bash
-# Slackware build script for libsamplerate
-# Written by paul wisehart paul@1ud2.com
+# Copyright 2018 paul wisehart <paul@1ud2.com>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
# Modified by Robby Workman <rworkman@slackbuilds.org>
cd $(dirname $0) ; CWD=$(pwd)
diff --git a/source/l/libsamplerate/slack-desc b/source/l/libsamplerate/slack-desc
index 16a64e2ab..151a39f94 100644
--- a/source/l/libsamplerate/slack-desc
+++ b/source/l/libsamplerate/slack-desc
@@ -15,5 +15,5 @@ libsamplerate: sample rate used by DAT players. SRC is capable of arbitrary and
libsamplerate: varying conversions. SRC provides a small set of converters to allow
libsamplerate: quality to be traded off against computation cost.
libsamplerate:
-libsamplerate: libsamplerate home: http://www.mega-nerd.com/SRC/
+libsamplerate: Homepage: http://www.mega-nerd.com/SRC/
libsamplerate:
diff --git a/source/n/bind/bind.SlackBuild b/source/n/bind/bind.SlackBuild
index 783ef548a..1b7af8957 100755
--- a/source/n/bind/bind.SlackBuild
+++ b/source/n/bind/bind.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=bind
VERSION=${VERSION:-$(echo ${PKGNAM}-[0-9]*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/cifs-utils/cifs-utils.SlackBuild b/source/n/cifs-utils/cifs-utils.SlackBuild
index 04e7a31c8..a7af8f9f2 100755
--- a/source/n/cifs-utils/cifs-utils.SlackBuild
+++ b/source/n/cifs-utils/cifs-utils.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2012, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2012, 2018, 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=cifs-utils
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -81,6 +81,9 @@ rm -rf $PKGNAM-$VERSION
tar xvf $CWD/$PKGNAM-$VERSION.tar.?z* || exit 1
cd $PKGNAM-$VERSION
+# Fix for new libcap-ng:
+zcat $CWD/cifs-utils.f4e7c84467152624a288351321c8664dbf3364af.patch.gz | patch -p1 --verbose || exit 1
+
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
diff --git a/source/n/cifs-utils/cifs-utils.f4e7c84467152624a288351321c8664dbf3364af.patch b/source/n/cifs-utils/cifs-utils.f4e7c84467152624a288351321c8664dbf3364af.patch
new file mode 100644
index 000000000..ed319182c
--- /dev/null
+++ b/source/n/cifs-utils/cifs-utils.f4e7c84467152624a288351321c8664dbf3364af.patch
@@ -0,0 +1,101 @@
+From f4e7c84467152624a288351321c8664dbf3364af Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas@archlinux.org>
+Date: Sat, 21 Nov 2020 11:41:26 +0100
+Subject: [PATCH 1/2] mount.cifs: update the cap bounding set only when
+ CAP_SETPCAP is given
+
+libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
+of -4 when trying to update the capability bounding set without having the
+CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
+silently skipped updating the bounding set and only updated the normal
+CAPNG_SELECT_CAPS capabilities instead.
+
+Check beforehand whether we have CAP_SETPCAP, in which case we can use
+CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
+Otherwise, we can at least update the normal capabilities, but refrain from
+trying to update the bounding set to avoid getting an error.
+
+Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
+---
+ mount.cifs.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/mount.cifs.c b/mount.cifs.c
+index 4feb397..88b8b69 100644
+--- a/mount.cifs.c
++++ b/mount.cifs.c
+@@ -338,6 +338,8 @@ static int set_password(struct parsed_mount_info *parsed_info, const char *src)
+ static int
+ drop_capabilities(int parent)
+ {
++ capng_select_t set = CAPNG_SELECT_CAPS;
++
+ capng_setpid(getpid());
+ capng_clear(CAPNG_SELECT_BOTH);
+ if (parent) {
+@@ -355,7 +357,10 @@ drop_capabilities(int parent)
+ return EX_SYSERR;
+ }
+ }
+- if (capng_apply(CAPNG_SELECT_BOTH)) {
++ if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++ set = CAPNG_SELECT_BOTH;
++ }
++ if (capng_apply(set)) {
+ fprintf(stderr, "Unable to apply new capability set.\n");
+ return EX_SYSERR;
+ }
+--
+2.29.2
+
+
+From 64dfbafe7a0639a96d67f0b840b6e6498e1f68a9 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas@archlinux.org>
+Date: Sat, 21 Nov 2020 11:48:33 +0100
+Subject: [PATCH 2/2] cifs.upall: update the cap bounding set only when
+ CAP_SETPCAP is given
+
+libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
+of -4 when trying to update the capability bounding set without having the
+CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
+silently skipped updating the bounding set and only updated the normal
+CAPNG_SELECT_CAPS capabilities instead.
+
+Check beforehand whether we have CAP_SETPCAP, in which case we can use
+CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
+Otherwise, we can at least update the normal capabilities, but refrain from
+trying to update the bounding set to avoid getting an error.
+
+Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
+---
+ cifs.upcall.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/cifs.upcall.c b/cifs.upcall.c
+index 1559434..af1a0b0 100644
+--- a/cifs.upcall.c
++++ b/cifs.upcall.c
+@@ -88,6 +88,8 @@ typedef enum _sectype {
+ static int
+ trim_capabilities(bool need_environ)
+ {
++ capng_select_t set = CAPNG_SELECT_CAPS;
++
+ capng_clear(CAPNG_SELECT_BOTH);
+
+ /* SETUID and SETGID to change uid, gid, and grouplist */
+@@ -105,7 +107,10 @@ trim_capabilities(bool need_environ)
+ return 1;
+ }
+
+- if (capng_apply(CAPNG_SELECT_BOTH)) {
++ if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++ set = CAPNG_SELECT_BOTH;
++ }
++ if (capng_apply(set)) {
+ syslog(LOG_ERR, "%s: Unable to apply capability set: %m\n", __func__);
+ return 1;
+ }
+--
+2.29.2
+
diff --git a/source/n/libnfnetlink/libnfnetlink.url b/source/n/libnfnetlink/libnfnetlink.url
new file mode 100644
index 000000000..b3c122793
--- /dev/null
+++ b/source/n/libnfnetlink/libnfnetlink.url
@@ -0,0 +1 @@
+https://netfilter.org/projects/libnfnetlink/files