diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-07-19 20:36:46 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-07-19 23:51:30 +0200 |
commit | 6f8b2b4fabce9d8d0571802529cad2df31d9a0ca (patch) | |
tree | e9ebed30271d260e477fc09d30189ecd8405ad78 /source | |
parent | a1b07eafc1e2522790168868d732f16d0c442ff8 (diff) | |
download | current-6f8b2b4fabce9d8d0571802529cad2df31d9a0ca.tar.gz current-6f8b2b4fabce9d8d0571802529cad2df31d9a0ca.tar.xz |
Wed Jul 19 20:36:46 UTC 202320230719203646
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.html
https://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2
https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.html
https://www.samba.org/samba/security/CVE-2023-3347.html
https://www.samba.org/samba/security/CVE-2023-34966.html
https://www.samba.org/samba/security/CVE-2023-34967.html
https://www.samba.org/samba/security/CVE-2023-34968.html
https://www.cve.org/CVERecord?id=CVE-2022-2127
https://www.cve.org/CVERecord?id=CVE-2023-3347
https://www.cve.org/CVERecord?id=CVE-2023-34966
https://www.cve.org/CVERecord?id=CVE-2023-34967
https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source')
-rw-r--r-- | source/d/cmake/cmake.url | 2 | ||||
-rw-r--r-- | source/k/kernel-configs/config-generic-6.1.39 (renamed from source/k/kernel-configs/config-generic-6.1.38) | 2 | ||||
-rw-r--r-- | source/k/kernel-configs/config-generic-6.1.39.x64 (renamed from source/k/kernel-configs/config-generic-6.1.38.x64) | 2 | ||||
-rw-r--r-- | source/k/kernel-configs/config-generic-smp-6.1.39-smp (renamed from source/k/kernel-configs/config-generic-smp-6.1.38-smp) | 2 | ||||
-rw-r--r-- | source/k/kernel-configs/config-huge-6.1.39 (renamed from source/k/kernel-configs/config-huge-6.1.38) | 2 | ||||
-rw-r--r-- | source/k/kernel-configs/config-huge-6.1.39.x64 (renamed from source/k/kernel-configs/config-huge-6.1.38.x64) | 2 | ||||
-rw-r--r-- | source/k/kernel-configs/config-huge-smp-6.1.39-smp (renamed from source/k/kernel-configs/config-huge-smp-6.1.38-smp) | 2 | ||||
-rw-r--r-- | source/l/mpfr/patches/patch10 | 48 | ||||
-rw-r--r-- | source/l/mpfr/patches/patch11 | 52 | ||||
-rw-r--r-- | source/l/mpfr/patches/patch12 | 48 | ||||
-rw-r--r-- | source/n/samba/samba.url | 4 |
11 files changed, 157 insertions, 9 deletions
diff --git a/source/d/cmake/cmake.url b/source/d/cmake/cmake.url index 74325bbe9..b63adf2e2 100644 --- a/source/d/cmake/cmake.url +++ b/source/d/cmake/cmake.url @@ -1,2 +1,2 @@ https://github.com/Kitware/CMake/releases -https://github.com/Kitware/CMake/releases/download/v3.26.4/cmake-3.26.4.tar.gz +https://github.com/Kitware/CMake/releases/download/v3.27.0/cmake-3.27.0.tar.gz diff --git a/source/k/kernel-configs/config-generic-6.1.38 b/source/k/kernel-configs/config-generic-6.1.39 index 21a8d22bc..53d9cc24f 100644 --- a/source/k/kernel-configs/config-generic-6.1.38 +++ b/source/k/kernel-configs/config-generic-6.1.39 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.1.38 Kernel Configuration +# Linux/x86 6.1.39 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0" CONFIG_CC_IS_GCC=y diff --git a/source/k/kernel-configs/config-generic-6.1.38.x64 b/source/k/kernel-configs/config-generic-6.1.39.x64 index 434cc34d2..d03edd79a 100644 --- a/source/k/kernel-configs/config-generic-6.1.38.x64 +++ b/source/k/kernel-configs/config-generic-6.1.39.x64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.1.38 Kernel Configuration +# Linux/x86 6.1.39 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0" CONFIG_CC_IS_GCC=y diff --git a/source/k/kernel-configs/config-generic-smp-6.1.38-smp b/source/k/kernel-configs/config-generic-smp-6.1.39-smp index 8f0ace714..4b7aca7e0 100644 --- a/source/k/kernel-configs/config-generic-smp-6.1.38-smp +++ b/source/k/kernel-configs/config-generic-smp-6.1.39-smp @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.1.38 Kernel Configuration +# Linux/x86 6.1.39 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0" CONFIG_CC_IS_GCC=y diff --git a/source/k/kernel-configs/config-huge-6.1.38 b/source/k/kernel-configs/config-huge-6.1.39 index 380c923aa..1dc47dd98 100644 --- a/source/k/kernel-configs/config-huge-6.1.38 +++ b/source/k/kernel-configs/config-huge-6.1.39 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.1.38 Kernel Configuration +# Linux/x86 6.1.39 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0" CONFIG_CC_IS_GCC=y diff --git a/source/k/kernel-configs/config-huge-6.1.38.x64 b/source/k/kernel-configs/config-huge-6.1.39.x64 index 350059d1e..4ac7570c7 100644 --- a/source/k/kernel-configs/config-huge-6.1.38.x64 +++ b/source/k/kernel-configs/config-huge-6.1.39.x64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.1.38 Kernel Configuration +# Linux/x86 6.1.39 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0" CONFIG_CC_IS_GCC=y diff --git a/source/k/kernel-configs/config-huge-smp-6.1.38-smp b/source/k/kernel-configs/config-huge-smp-6.1.39-smp index 7df1d19b1..0261a4c7f 100644 --- a/source/k/kernel-configs/config-huge-smp-6.1.38-smp +++ b/source/k/kernel-configs/config-huge-smp-6.1.39-smp @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.1.38 Kernel Configuration +# Linux/x86 6.1.39 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.1.0" CONFIG_CC_IS_GCC=y diff --git a/source/l/mpfr/patches/patch10 b/source/l/mpfr/patches/patch10 new file mode 100644 index 000000000..e16aef592 --- /dev/null +++ b/source/l/mpfr/patches/patch10 @@ -0,0 +1,48 @@ +diff -Naurd mpfr-4.2.0-a/PATCHES mpfr-4.2.0-b/PATCHES +--- mpfr-4.2.0-a/PATCHES 2023-07-17 13:54:11.126789510 +0000 ++++ mpfr-4.2.0-b/PATCHES 2023-07-17 13:54:11.170788387 +0000 +@@ -0,0 +1 @@ ++gcc-pr106155-workaround +diff -Naurd mpfr-4.2.0-a/VERSION mpfr-4.2.0-b/VERSION +--- mpfr-4.2.0-a/VERSION 2023-05-17 17:19:35.596201603 +0000 ++++ mpfr-4.2.0-b/VERSION 2023-07-17 13:54:11.170788387 +0000 +@@ -1 +1 @@ +-4.2.0-p9 ++4.2.0-p10 +diff -Naurd mpfr-4.2.0-a/src/mpfr.h mpfr-4.2.0-b/src/mpfr.h +--- mpfr-4.2.0-a/src/mpfr.h 2023-05-17 17:19:35.592201606 +0000 ++++ mpfr-4.2.0-b/src/mpfr.h 2023-07-17 13:54:11.170788387 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 2 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.2.0-p9" ++#define MPFR_VERSION_STRING "4.2.0-p10" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.2.0-a/src/version.c mpfr-4.2.0-b/src/version.c +--- mpfr-4.2.0-a/src/version.c 2023-05-17 17:19:35.592201606 +0000 ++++ mpfr-4.2.0-b/src/version.c 2023-07-17 13:54:11.170788387 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.2.0-p9"; ++ return "4.2.0-p10"; + } +diff -Naurd mpfr-4.2.0-a/tests/tfpif.c mpfr-4.2.0-b/tests/tfpif.c +--- mpfr-4.2.0-a/tests/tfpif.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/tests/tfpif.c 2023-07-17 13:54:11.162788591 +0000 +@@ -277,7 +277,10 @@ + + for (i = 0; i < BAD; i++) + { +- mpfr_exp_t emax; ++ mpfr_exp_t INITIALIZED(emax); ++ /* The INITIALIZED() is a workaround for GCC bug 106155: ++ https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106155 */ ++ + /* For i == 6, mpfr_prec_t needs at least a 65-bit precision + (64 value bits + 1 sign bit) to avoid a failure. */ + if (i == 6 && MPFR_PREC_BITS > 64) diff --git a/source/l/mpfr/patches/patch11 b/source/l/mpfr/patches/patch11 new file mode 100644 index 000000000..15c983638 --- /dev/null +++ b/source/l/mpfr/patches/patch11 @@ -0,0 +1,52 @@ +diff -Naurd mpfr-4.2.0-a/PATCHES mpfr-4.2.0-b/PATCHES +--- mpfr-4.2.0-a/PATCHES 2023-07-17 13:56:17.375566485 +0000 ++++ mpfr-4.2.0-b/PATCHES 2023-07-17 13:56:17.415565464 +0000 +@@ -0,0 +1 @@ ++inp_str-nullchar +diff -Naurd mpfr-4.2.0-a/VERSION mpfr-4.2.0-b/VERSION +--- mpfr-4.2.0-a/VERSION 2023-07-17 13:54:11.170788387 +0000 ++++ mpfr-4.2.0-b/VERSION 2023-07-17 13:56:17.415565464 +0000 +@@ -1 +1 @@ +-4.2.0-p10 ++4.2.0-p11 +diff -Naurd mpfr-4.2.0-a/src/inp_str.c mpfr-4.2.0-b/src/inp_str.c +--- mpfr-4.2.0-a/src/inp_str.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/src/inp_str.c 2023-07-17 13:56:17.407565669 +0000 +@@ -69,6 +69,15 @@ + if (c == EOF || isspace (c)) + break; + str[str_size++] = (unsigned char) c; ++ /* If c is '\0' (while not being a whitespace character), the word will ++ not have a valid format. But in the context of a string in memory, ++ '\0' is a terminating null character. So, to avoid ending with a ++ valid string format (like "1" with ignored characters after the ++ terminating null character), we need to make sure that the string ++ does not have a valid format; so let's start it with '*'. Note ++ that we should read the full word, so we cannot break. */ ++ if (MPFR_UNLIKELY (c == '\0')) ++ str[0] = '*'; + if (str_size == (size_t) -1) + break; + c = getc (stream); +diff -Naurd mpfr-4.2.0-a/src/mpfr.h mpfr-4.2.0-b/src/mpfr.h +--- mpfr-4.2.0-a/src/mpfr.h 2023-07-17 13:54:11.170788387 +0000 ++++ mpfr-4.2.0-b/src/mpfr.h 2023-07-17 13:56:17.411565566 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 2 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.2.0-p10" ++#define MPFR_VERSION_STRING "4.2.0-p11" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.2.0-a/src/version.c mpfr-4.2.0-b/src/version.c +--- mpfr-4.2.0-a/src/version.c 2023-07-17 13:54:11.170788387 +0000 ++++ mpfr-4.2.0-b/src/version.c 2023-07-17 13:56:17.415565464 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.2.0-p10"; ++ return "4.2.0-p11"; + } diff --git a/source/l/mpfr/patches/patch12 b/source/l/mpfr/patches/patch12 new file mode 100644 index 000000000..49ad49299 --- /dev/null +++ b/source/l/mpfr/patches/patch12 @@ -0,0 +1,48 @@ +diff -Naurd mpfr-4.2.0-a/PATCHES mpfr-4.2.0-b/PATCHES +--- mpfr-4.2.0-a/PATCHES 2023-07-17 13:57:28.913739912 +0000 ++++ mpfr-4.2.0-b/PATCHES 2023-07-17 13:57:28.961738687 +0000 +@@ -0,0 +1 @@ ++strtofr-nullchar +diff -Naurd mpfr-4.2.0-a/VERSION mpfr-4.2.0-b/VERSION +--- mpfr-4.2.0-a/VERSION 2023-07-17 13:56:17.415565464 +0000 ++++ mpfr-4.2.0-b/VERSION 2023-07-17 13:57:28.961738687 +0000 +@@ -1 +1 @@ +-4.2.0-p11 ++4.2.0-p12 +diff -Naurd mpfr-4.2.0-a/src/mpfr.h mpfr-4.2.0-b/src/mpfr.h +--- mpfr-4.2.0-a/src/mpfr.h 2023-07-17 13:56:17.411565566 +0000 ++++ mpfr-4.2.0-b/src/mpfr.h 2023-07-17 13:57:28.957738789 +0000 +@@ -27,7 +27,7 @@ + #define MPFR_VERSION_MAJOR 4 + #define MPFR_VERSION_MINOR 2 + #define MPFR_VERSION_PATCHLEVEL 0 +-#define MPFR_VERSION_STRING "4.2.0-p11" ++#define MPFR_VERSION_STRING "4.2.0-p12" + + /* User macros: + MPFR_USE_FILE: Define it to make MPFR define functions dealing +diff -Naurd mpfr-4.2.0-a/src/strtofr.c mpfr-4.2.0-b/src/strtofr.c +--- mpfr-4.2.0-a/src/strtofr.c 2023-01-05 17:09:48.000000000 +0000 ++++ mpfr-4.2.0-b/src/strtofr.c 2023-07-17 13:57:28.949738993 +0000 +@@ -242,7 +242,10 @@ + pstr->mantissa = NULL; + + /* Optional leading whitespace */ +- while (isspace((unsigned char) *str)) str++; ++ /* For non-"C" locales, the ISO C standard allows isspace(0) to ++ return true. So we need to stop explicitly on '\0'. */ ++ while (*str != '\0' && isspace ((unsigned char) *str)) ++ str++; + + /* An optional sign `+' or `-' */ + pstr->negative = (*str == '-'); +diff -Naurd mpfr-4.2.0-a/src/version.c mpfr-4.2.0-b/src/version.c +--- mpfr-4.2.0-a/src/version.c 2023-07-17 13:56:17.415565464 +0000 ++++ mpfr-4.2.0-b/src/version.c 2023-07-17 13:57:28.961738687 +0000 +@@ -25,5 +25,5 @@ + const char * + mpfr_get_version (void) + { +- return "4.2.0-p11"; ++ return "4.2.0-p12"; + } diff --git a/source/n/samba/samba.url b/source/n/samba/samba.url index f99f9cc96..997f3a46b 100644 --- a/source/n/samba/samba.url +++ b/source/n/samba/samba.url @@ -1,2 +1,2 @@ -https://download.samba.org/pub/samba/stable/samba-4.18.4.tar.gz -https://download.samba.org/pub/samba/stable/samba-4.18.4.tar.asc +https://download.samba.org/pub/samba/stable/samba-4.18.5.tar.gz +https://download.samba.org/pub/samba/stable/samba-4.18.5.tar.asc |