diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2024-04-25 17:58:17 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2024-04-25 20:28:55 +0200 |
commit | 6dbbaa7eea6bbecc6781e45924e5928bab0c944d (patch) | |
tree | ff60c5eccd78779cc18f4e42312fac94e7212e08 /source | |
parent | 48fa1dd3030f07f257e0226ee4bc7691331fe6f6 (diff) | |
download | current-6dbbaa7eea6bbecc6781e45924e5928bab0c944d.tar.gz current-6dbbaa7eea6bbecc6781e45924e5928bab0c944d.tar.xz |
Thu Apr 25 17:58:17 UTC 202420240425175817
l/PyQt-builder-1.16.2-x86_64-1.txz: Upgraded.
l/fribidi-1.0.14-x86_64-1.txz: Upgraded.
l/libarchive-3.7.3-x86_64-2.txz: Rebuilt.
Patched an out-of-bound error in the rar e8 filter that could allow for
the execution of arbitrary code.
Thanks to gmgf for the heads-up.
For more information, see:
https://github.com/advisories/GHSA-2jc9-36w4-pmqw
https://www.cve.org/CVERecord?id=CVE-2024-26256
(* Security fix *)
n/bluez-5.75-x86_64-3.txz: Rebuilt.
[PATCH] shared/uhid: Fix crash if bt_uhid_destroy free replay structure.
Thanks to sombragris.
n/libgpg-error-1.49-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source')
-rwxr-xr-x | source/l/PyQt-builder/PyQt-builder.SlackBuild | 2 | ||||
-rw-r--r-- | source/l/fribidi/fribidi.url | 1 | ||||
-rw-r--r-- | source/l/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch | 23 | ||||
-rwxr-xr-x | source/l/libarchive/libarchive.SlackBuild | 5 | ||||
-rw-r--r-- | source/n/bluez/b94f1be656f34ea1363f5566ef63b847234c6dea.patch | 45 | ||||
-rwxr-xr-x | source/n/bluez/bluez.SlackBuild | 4 |
6 files changed, 77 insertions, 3 deletions
diff --git a/source/l/PyQt-builder/PyQt-builder.SlackBuild b/source/l/PyQt-builder/PyQt-builder.SlackBuild index c2ccc6340..ff82a960f 100755 --- a/source/l/PyQt-builder/PyQt-builder.SlackBuild +++ b/source/l/PyQt-builder/PyQt-builder.SlackBuild @@ -23,7 +23,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=PyQt-builder -SRCNAM=PyQt-builder +SRCNAM=pyqt_builder VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} BUILD=${BUILD:-1} diff --git a/source/l/fribidi/fribidi.url b/source/l/fribidi/fribidi.url new file mode 100644 index 000000000..deab3e5a8 --- /dev/null +++ b/source/l/fribidi/fribidi.url @@ -0,0 +1 @@ +https://github.com/fribidi/fribidi/releases/download/v1.0.14/fribidi-1.0.14.tar.xz diff --git a/source/l/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch b/source/l/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch new file mode 100644 index 000000000..b17200126 --- /dev/null +++ b/source/l/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch @@ -0,0 +1,23 @@ +From eb7939b24a681a04648a59cdebd386b1e9dc9237 Mon Sep 17 00:00:00 2001 +From: Wei-Cheng Pan <legnaleurc@gmail.com> +Date: Mon, 22 Apr 2024 01:55:41 +0900 +Subject: [PATCH] fix: OOB in rar e8 filter (#2135) + +This patch fixes an out-of-bound error in rar e8 filter. +--- + libarchive/archive_read_support_format_rar.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index 99a11d170..266d0ee99 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -3615,7 +3615,7 @@ execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, siz + uint32_t filesize = 0x1000000; + uint32_t i; + +- if (length > PROGRAM_WORK_SIZE || length < 4) ++ if (length > PROGRAM_WORK_SIZE || length <= 4) + return 0; + + for (i = 0; i <= length - 5; i++) diff --git a/source/l/libarchive/libarchive.SlackBuild b/source/l/libarchive/libarchive.SlackBuild index 341389530..e953f89fc 100755 --- a/source/l/libarchive/libarchive.SlackBuild +++ b/source/l/libarchive/libarchive.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libarchive VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -79,6 +79,9 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ +# CVE-2024-26256: +cat $CWD/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch | patch -p1 --verbose || exit 1 + if [ ! -r configure ]; then if [ -x ./autogen.sh ]; then NOCONFIGURE=1 ./autogen.sh diff --git a/source/n/bluez/b94f1be656f34ea1363f5566ef63b847234c6dea.patch b/source/n/bluez/b94f1be656f34ea1363f5566ef63b847234c6dea.patch new file mode 100644 index 000000000..129c7b045 --- /dev/null +++ b/source/n/bluez/b94f1be656f34ea1363f5566ef63b847234c6dea.patch @@ -0,0 +1,45 @@ +From b94f1be656f34ea1363f5566ef63b847234c6dea Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Mon, 15 Apr 2024 10:48:58 -0400 +Subject: [PATCH] shared/uhid: Fix crash if bt_uhid_destroy free replay + structure + +Id replay structured has been allocated it shall be set back to NULL +after calling uhid_replay_free otherwise it may cause the following +crash: + +Invalid read of size 1 + at 0x1D8FC4: bt_uhid_record (uhid.c:116) + by 0x1D912C: uhid_read_handler (uhid.c:158) + by 0x201A64: watch_callback (io-glib.c:157) + by 0x48D4198: g_main_dispatch.lto_priv.0 (gmain.c:3344) + by 0x49333BE: UnknownInlinedFun (gmain.c:4152) + by 0x49333BE: g_main_context_iterate_unlocked.isra.0 (gmain.c:4217) + by 0x48D4DC6: g_main_loop_run (gmain.c:4419) + by 0x2020F4: mainloop_run (mainloop-glib.c:66) + by 0x20254B: mainloop_run_with_signal (mainloop-notify.c:188) + by 0x12D6D4: main (main.c:1456) + Address 0x53ae9c0 is 0 bytes inside a block of size 40 free'd + at 0x48468CF: free (vg_replace_malloc.c:985) + by 0x1D8E19: uhid_replay_free (uhid.c:68) + by 0x1D8E19: uhid_replay_free (uhid.c:59) + by 0x1D8E19: bt_uhid_destroy (uhid.c:509) + by 0x1591F5: uhid_disconnect (device.c:183) + +Fixes: https://github.com/bluez/bluez/issues/815 +--- + src/shared/uhid.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/shared/uhid.c b/src/shared/uhid.c +index c1092b707..1f071b958 100644 +--- a/src/shared/uhid.c ++++ b/src/shared/uhid.c +@@ -507,6 +507,7 @@ int bt_uhid_destroy(struct bt_uhid *uhid) + + uhid->created = false; + uhid_replay_free(uhid->replay); ++ uhid->replay = NULL; + + return err; + } diff --git a/source/n/bluez/bluez.SlackBuild b/source/n/bluez/bluez.SlackBuild index 08de3c809..3597c4fd4 100755 --- a/source/n/bluez/bluez.SlackBuild +++ b/source/n/bluez/bluez.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=bluez VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} @@ -78,6 +78,8 @@ find . \ sed -i -e 's|-lreadline|\0 -lncursesw|g' Makefile.{in,tools} +cat $CWD/b94f1be656f34ea1363f5566ef63b847234c6dea.patch | patch -p1 --verbose || exit 1 + autoreconf -vif # We're adding --enable-deprecated due to this commit: |