diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2021-12-20 19:41:32 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2021-12-21 08:59:54 +0100 |
| commit | c7bc4d7179cfcf3ec450f8f5cec7956d81cf23f9 (patch) | |
| tree | bf73bf696ea4ded6058898b54ebc0a3ce43dc06a /source | |
| parent | ad82a27736106e5f9c9f2e1e0aa6f7da617c7a1d (diff) | |
| download | current-c7bc4d7179cfcf3ec450f8f5cec7956d81cf23f9.tar.gz current-c7bc4d7179cfcf3ec450f8f5cec7956d81cf23f9.tar.xz | |
Mon Dec 20 19:41:32 UTC 202120211220194132
a/pkgtools-15.0-noarch-42.txz: Rebuilt.
setup.services: list rc.nfsd. Suggested by alienBOB.
l/expat-2.4.2-x86_64-1.txz: Upgraded.
l/gegl-0.4.34-x86_64-1.txz: Upgraded.
n/httpd-2.4.52-x86_64-1.txz: Upgraded.
SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: ae 1/4*a-o(R)e 1/4
TengMA(@Te3t123)
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
(* Security fix *)
xap/gimp-2.10.30-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.4.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.4.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
(* Security fix *)
xap/xlockmore-5.68-x86_64-1.txz: Upgraded.
xap/xsnow-3.4.2-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source')
| -rwxr-xr-x | source/a/pkgtools/pkgtools.SlackBuild | 2 | ||||
| -rw-r--r-- | source/a/pkgtools/scripts/setup.services | 13 | ||||
| -rw-r--r-- | source/n/httpd/httpd.url | 4 |
3 files changed, 15 insertions, 4 deletions
diff --git a/source/a/pkgtools/pkgtools.SlackBuild b/source/a/pkgtools/pkgtools.SlackBuild index c34f82f50..f9c031a08 100755 --- a/source/a/pkgtools/pkgtools.SlackBuild +++ b/source/a/pkgtools/pkgtools.SlackBuild @@ -30,7 +30,7 @@ PKGNAM=pkgtools # *** UPDATE THESE WITH EACH BUILD: VERSION=15.0 ARCH=${ARCH:-noarch} -BUILD=${BUILD:-41} +BUILD=${BUILD:-42} # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information diff --git a/source/a/pkgtools/scripts/setup.services b/source/a/pkgtools/scripts/setup.services index ee31b6f94..768254329 100644 --- a/source/a/pkgtools/scripts/setup.services +++ b/source/a/pkgtools/scripts/setup.services @@ -196,6 +196,17 @@ if [ -r etc/rc.d/rc.mysqld ]; then EOF fi +if [ -r etc/rc.d/rc.nfsd ]; then + if [ -x etc/rc.d/rc.nfsd ]; then + RC_NFSD=on + else + RC_NFSD=off + fi + cat << EOF >> $TMP/tmpscript + "rc.nfsd" "The Network File System Daemons" $RC_NFSD "Daemons needed to share files to other machines using NFS." \\ +EOF +fi + if [ -r etc/rc.d/rc.ntpd ]; then if [ -x etc/rc.d/rc.ntpd ]; then RC_NTPD=on @@ -350,7 +361,7 @@ if [ ! $? = 0 ]; then exit fi -for service in rc.atalk rc.atd rc.bind rc.crond rc.cups rc.dovecot rc.dnsmasq rc.fuse rc.hald rc.hplip rc.httpd rc.inetd rc.ip_forward rc.lprng rc.messagebus rc.mysqld rc.ntpd rc.openldap rc.openvpn rc.pcmcia rc.postfix rc.rpc rc.samba rc.saslauthd rc.smartd rc.snmpd rc.sendmail rc.syslog rc.sshd ; do +for service in rc.atalk rc.atd rc.bind rc.crond rc.cups rc.dovecot rc.dnsmasq rc.fuse rc.hald rc.hplip rc.httpd rc.inetd rc.ip_forward rc.lprng rc.messagebus rc.mysqld rc.nfsd rc.ntpd rc.openldap rc.openvpn rc.pcmcia rc.postfix rc.rpc rc.samba rc.saslauthd rc.smartd rc.snmpd rc.sendmail rc.syslog rc.sshd ; do if [ -f etc/rc.d/$service ]; then if grep -w $service $TMP/reply 1> /dev/null ; then chmod 755 etc/rc.d/$service diff --git a/source/n/httpd/httpd.url b/source/n/httpd/httpd.url index e9acbe714..19b3dcbab 100644 --- a/source/n/httpd/httpd.url +++ b/source/n/httpd/httpd.url @@ -1,2 +1,2 @@ -http://www.apache.org/dist/httpd/httpd-2.4.51.tar.bz2 -http://www.apache.org/dist/httpd/httpd-2.4.51.tar.bz2.asc +http://www.apache.org/dist/httpd/httpd-2.4.52.tar.bz2 +http://www.apache.org/dist/httpd/httpd-2.4.52.tar.bz2.asc |