diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2024-04-10 19:09:14 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2024-04-10 22:18:19 +0200 |
commit | 2136209b062ae65f523318f0130386ccfb602edb (patch) | |
tree | 87cc689611f863ef978cf1ab1a17f1180dff1916 /source | |
parent | 075f0a2233aa353625bd8e94b8eb197527ed1378 (diff) | |
download | current-2136209b062ae65f523318f0130386ccfb602edb.tar.gz current-2136209b062ae65f523318f0130386ccfb602edb.tar.xz |
Wed Apr 10 19:09:14 UTC 202420240410190914
a/cryptsetup-2.7.2-x86_64-1.txz: Upgraded.
a/kernel-firmware-20240410_53438f8-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.26-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.26-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.26-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.3.0-x86_64-1.txz: Upgraded.
a/pam-1.6.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.26-x86-1.txz: Upgraded.
d/rust-1.77.2-x86_64-1.txz: Upgraded.
[PATCH] compiler: Use wasm-ld for wasm targets.
Thanks to Heinz Wiesinger.
k/kernel-source-6.6.26-noarch-1.txz: Upgraded.
+SPECTRE_BHI_AUTO n
+SPECTRE_BHI_OFF n
+SPECTRE_BHI_ON y
l/gst-plugins-bad-free-1.24.2-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.24.2-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.24.2-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.24.2-x86_64-1.txz: Upgraded.
l/gstreamer-1.24.2-x86_64-1.txz: Upgraded.
l/libcap-ng-0.8.5-x86_64-1.txz: Upgraded.
l/nodejs-20.12.2-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.4.10-x86_64-1.txz: Upgraded.
n/gnutls-3.8.5-x86_64-2.txz: Rebuilt.
[PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration.
Thanks to bortolotto.
n/openssl-3.3.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source')
16 files changed, 125 insertions, 68 deletions
diff --git a/source/a/pam/fedora-patches/pam-1.6.0-noflex.patch b/source/a/pam/fedora-patches/pam-1.6.0-noflex.patch deleted file mode 100644 index 706841c9d..000000000 --- a/source/a/pam/fedora-patches/pam-1.6.0-noflex.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up Linux-PAM-1.6.0/doc/Makefile.am.noflex Linux-PAM-1.6.0/doc/Makefile.am ---- Linux-PAM-1.6.0/doc/Makefile.am.noflex 2024-01-23 13:19:04.681955581 +0100 -+++ Linux-PAM-1.6.0/doc/Makefile.am 2024-01-23 13:19:49.740014426 +0100 -@@ -2,7 +2,7 @@ - # Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de> - # - --SUBDIRS = man specs sag adg mwg -+SUBDIRS = man sag adg mwg - - CLEANFILES = *~ - DISTCLEANFILES = custom-html.xsl custom-man.xsl -diff -up Linux-PAM-1.6.0/Makefile.am.noflex Linux-PAM-1.6.0/Makefile.am ---- Linux-PAM-1.6.0/Makefile.am.noflex 2024-01-23 13:19:04.681955581 +0100 -+++ Linux-PAM-1.6.0/Makefile.am 2024-01-23 13:21:03.428109219 +0100 -@@ -4,7 +4,7 @@ - - AUTOMAKE_OPTIONS = 1.9 gnu dist-xz no-dist-gzip check-news - --SUBDIRS = libpam tests libpamc libpam_misc modules po conf xtests -+SUBDIRS = libpam tests libpamc libpam_misc modules po doc xtests - - if HAVE_DOC - SUBDIRS += doc diff --git a/source/a/pam/pam.SlackBuild b/source/a/pam/pam.SlackBuild index cfe61ec73..25f1cfad1 100755 --- a/source/a/pam/pam.SlackBuild +++ b/source/a/pam/pam.SlackBuild @@ -99,7 +99,6 @@ done # Patches from the Fedora SRPM: zcat $CWD/fedora-patches/pam-1.5.3-unix-nomsg.patch.gz | patch -p1 --verbose || exit 1 -zcat $CWD/fedora-patches/pam-1.6.0-noflex.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/fedora-patches/pam-1.6.0-redhat-modules.patch.gz | patch -p1 --verbose || exit 1 # Improve the comments in /etc/environment: diff --git a/source/a/pam/pam.url b/source/a/pam/pam.url index d9bd3667c..8dde2e9f0 100644 --- a/source/a/pam/pam.url +++ b/source/a/pam/pam.url @@ -1,2 +1,3 @@ -#http://www.linux-pam.org/library/Linux-PAM-1.5.3.tar.bz2 https://github.com/linux-pam/linux-pam/releases +https://github.com/linux-pam/linux-pam/releases/download/v1.6.1/Linux-PAM-1.6.1.tar.xz +https://github.com/linux-pam/linux-pam/releases/download/v1.6.1/Linux-PAM-1.6.1.tar.xz.asc diff --git a/source/d/rust/rust.SlackBuild b/source/d/rust/rust.SlackBuild index 859c35401..6c398d95b 100755 --- a/source/d/rust/rust.SlackBuild +++ b/source/d/rust/rust.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=rust SRCNAM="${PKGNAM}c" -VERSION=${VERSION:-1.77.1} +VERSION=${VERSION:-1.77.2} BUILD=${BUILD:-1} # Set this to YES to build with the system LLVM, or NO to use the bundled LLVM. diff --git a/source/d/rust/rust.url b/source/d/rust/rust.url index 48c7416cd..d7fc4bf62 100644 --- a/source/d/rust/rust.url +++ b/source/d/rust/rust.url @@ -1,5 +1,5 @@ # Source code (repacked to .tar.lz): -VERSION=1.77.1 +VERSION=1.77.2 rm -f rustc-${VERSION}-src.tar.* lftpget https://static.rust-lang.org/dist/rustc-${VERSION}-src.tar.gz lftpget https://static.rust-lang.org/dist/rustc-${VERSION}-src.tar.gz.asc diff --git a/source/k/kernel-configs/config-generic-6.6.25 b/source/k/kernel-configs/config-generic-6.6.26 index bb645231a..c9f7d3ac5 100644 --- a/source/k/kernel-configs/config-generic-6.6.25 +++ b/source/k/kernel-configs/config-generic-6.6.26 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.25 Kernel Configuration +# Linux/x86 6.6.26 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y @@ -530,6 +530,9 @@ CONFIG_RETPOLINE=y CONFIG_RETHUNK=y # CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_MITIGATION_RFDS=y +CONFIG_SPECTRE_BHI_ON=y +# CONFIG_SPECTRE_BHI_OFF is not set +# CONFIG_SPECTRE_BHI_AUTO is not set # # Power management and ACPI options diff --git a/source/k/kernel-configs/config-generic-6.6.25.x64 b/source/k/kernel-configs/config-generic-6.6.26.x64 index 7bf4acfb2..119f79f2a 100644 --- a/source/k/kernel-configs/config-generic-6.6.25.x64 +++ b/source/k/kernel-configs/config-generic-6.6.26.x64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.25 Kernel Configuration +# Linux/x86 6.6.26 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y @@ -546,6 +546,9 @@ CONFIG_CPU_SRSO=y CONFIG_SLS=y # CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_MITIGATION_RFDS=y +CONFIG_SPECTRE_BHI_ON=y +# CONFIG_SPECTRE_BHI_OFF is not set +# CONFIG_SPECTRE_BHI_AUTO is not set CONFIG_ARCH_HAS_ADD_PAGES=y # diff --git a/source/k/kernel-configs/config-huge-6.6.25 b/source/k/kernel-configs/config-huge-6.6.26 index c8a2da44f..65d11b655 100644 --- a/source/k/kernel-configs/config-huge-6.6.25 +++ b/source/k/kernel-configs/config-huge-6.6.26 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.25 Kernel Configuration +# Linux/x86 6.6.26 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y @@ -530,6 +530,9 @@ CONFIG_RETPOLINE=y CONFIG_RETHUNK=y # CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_MITIGATION_RFDS=y +CONFIG_SPECTRE_BHI_ON=y +# CONFIG_SPECTRE_BHI_OFF is not set +# CONFIG_SPECTRE_BHI_AUTO is not set # # Power management and ACPI options diff --git a/source/k/kernel-configs/config-huge-6.6.25.x64 b/source/k/kernel-configs/config-huge-6.6.26.x64 index 384e52a72..60baad63e 100644 --- a/source/k/kernel-configs/config-huge-6.6.25.x64 +++ b/source/k/kernel-configs/config-huge-6.6.26.x64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.25 Kernel Configuration +# Linux/x86 6.6.26 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y @@ -546,6 +546,9 @@ CONFIG_CPU_SRSO=y CONFIG_SLS=y # CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_MITIGATION_RFDS=y +CONFIG_SPECTRE_BHI_ON=y +# CONFIG_SPECTRE_BHI_OFF is not set +# CONFIG_SPECTRE_BHI_AUTO is not set CONFIG_ARCH_HAS_ADD_PAGES=y # diff --git a/source/l/gst-plugins-bad-free/fetch-sources.sh b/source/l/gst-plugins-bad-free/fetch-sources.sh index f3abff571..1ba85d7ce 100755 --- a/source/l/gst-plugins-bad-free/fetch-sources.sh +++ b/source/l/gst-plugins-bad-free/fetch-sources.sh @@ -26,7 +26,7 @@ # # Example: VERSION=1.18.5 ./fetch-sources.sh -VERSION=${VERSION:-1.24.1} +VERSION=${VERSION:-1.24.2} rm -rf rm -rf gst-plugins-bad-free-$VERSION gst-plugins-bad-$VERSION diff --git a/source/l/gst-plugins-bad-free/gst-plugins-bad-free.SlackBuild b/source/l/gst-plugins-bad-free/gst-plugins-bad-free.SlackBuild index f6e40311b..17d9735ba 100755 --- a/source/l/gst-plugins-bad-free/gst-plugins-bad-free.SlackBuild +++ b/source/l/gst-plugins-bad-free/gst-plugins-bad-free.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=gst-plugins-bad-free VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/l/libcap-ng/30453b6553948cd05c438f9f509013e3bb84f25b.patch b/source/l/libcap-ng/30453b6553948cd05c438f9f509013e3bb84f25b.patch deleted file mode 100644 index 4cd8e9fc1..000000000 --- a/source/l/libcap-ng/30453b6553948cd05c438f9f509013e3bb84f25b.patch +++ /dev/null @@ -1,25 +0,0 @@ -commit 30453b6553948cd05c438f9f509013e3bb84f25b -Author: Steve Grubb <ausearch.1@gmail.com> -Date: Thu Jan 4 15:06:29 2024 -0500 - - Remove python global exception handler since its deprecated - -diff --git a/bindings/src/capng_swig.i b/bindings/src/capng_swig.i -index fcdaf18..fa85e13 100644 ---- a/bindings/src/capng_swig.i -+++ b/bindings/src/capng_swig.i -@@ -30,13 +30,6 @@ - - %varargs(16, signed capability = 0) capng_updatev; - --%except(python) { -- $action -- if (result < 0) { -- PyErr_SetFromErrno(PyExc_OSError); -- return NULL; -- } --} - #endif - - %define __signed__ - diff --git a/source/l/libcap-ng/libcap-ng.SlackBuild b/source/l/libcap-ng/libcap-ng.SlackBuild index acd405fa8..5528f4896 100755 --- a/source/l/libcap-ng/libcap-ng.SlackBuild +++ b/source/l/libcap-ng/libcap-ng.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libcap-ng VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -85,11 +85,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Patch for swig-4.2.0: -cat $CWD/30453b6553948cd05c438f9f509013e3bb84f25b.patch | patch -p1 --verbose || exit 1 - -autoreconf -vif - # Configure: CFLAGS="$SLKCFLAGS" \ ./configure \ diff --git a/source/l/python-trove-classifiers/python-trove-classifiers.SlackBuild b/source/l/python-trove-classifiers/python-trove-classifiers.SlackBuild index 57d4ccdd6..c66ac9763 100755 --- a/source/l/python-trove-classifiers/python-trove-classifiers.SlackBuild +++ b/source/l/python-trove-classifiers/python-trove-classifiers.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=python-trove-classifiers VERSION=${VERSION:-$(echo trove-classifiers-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/gnutls/1830.patch b/source/n/gnutls/1830.patch new file mode 100644 index 000000000..d3271fb1d --- /dev/null +++ b/source/n/gnutls/1830.patch @@ -0,0 +1,96 @@ +From 6eec2a3854f90bfb30492d59db59c675bfb0f6f9 Mon Sep 17 00:00:00 2001 +From: Zoltan Fridrich <zfridric@redhat.com> +Date: Wed, 10 Apr 2024 12:51:33 +0200 +Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration + +Signed-off-by: Zoltan Fridrich <zfridric@redhat.com> +--- + lib/priority.c | 12 ++++++---- + ...system-override-allow-rsa-pkcs1-encrypt.sh | 22 +++++++++++++++++-- + 2 files changed, 28 insertions(+), 6 deletions(-) + +diff --git a/lib/priority.c b/lib/priority.c +index 8abe00d1ff..342f71471d 100644 +--- a/lib/priority.c ++++ b/lib/priority.c +@@ -1423,9 +1423,6 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) + _gnutls_default_priority_string = cfg->default_priority_string; + } + +- /* enable RSA-PKCS1-V1_5 by default */ +- cfg->allow_rsa_pkcs1_encrypt = true; +- + if (cfg->allowlisting) { + /* also updates `flags` of global `hash_algorithms[]` */ + ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size); +@@ -2231,6 +2228,9 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) + } + + if (stat(system_priority_file, &sb) < 0) { ++ /* if there is no config enable RSA-PKCS1-V1_5 by default */ ++ system_wide_config.allow_rsa_pkcs1_encrypt = true; ++ + _gnutls_debug_log("cfg: unable to access: %s: %d\n", + system_priority_file, errno); + goto out; +@@ -2272,12 +2272,16 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) + system_priority_file, errno); + goto out; + } ++ ++ memset(&ctx, 0, sizeof(ctx)); ++ /* enable RSA-PKCS1-V1_5 by default */ ++ ctx.cfg.allow_rsa_pkcs1_encrypt = true; ++ + /* Parsing the configuration file needs to be done in 2 phases: + * first parsing the [global] section + * and then the other sections, + * because the [global] section modifies the parsing behavior. + */ +- memset(&ctx, 0, sizeof(ctx)); + err = ini_parse_file(fp, global_ini_handler, &ctx); + if (!err) { + if (fseek(fp, 0L, SEEK_SET) < 0) { +diff --git a/tests/system-override-allow-rsa-pkcs1-encrypt.sh b/tests/system-override-allow-rsa-pkcs1-encrypt.sh +index b7d477c96e..014088bd2f 100755 +--- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh ++++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh +@@ -38,15 +38,33 @@ cat <<_EOF_ > ${CONF} + allow-rsa-pkcs1-encrypt = true + _EOF_ + +-${TEST} && fail "RSAES-PKCS1-v1_5 expected to succeed" ++${TEST} ++if [ $? != 0 ]; then ++ echo "${TEST} expected to succeed" ++ exit 1 ++fi ++echo "RSAES-PKCS1-v1_5 successfully enabled" + + cat <<_EOF_ > ${CONF} + [overrides] + allow-rsa-pkcs1-encrypt = false + _EOF_ + +-${TEST} || fail "RSAES-PKCS1-v1_5 expected to fail" ++${TEST} ++if [ $? = 0 ]; then ++ echo "${TEST} expected to fail" ++ exit 1 ++fi ++echo "RSAES-PKCS1-v1_5 successfully disabled" + + unset GNUTLS_SYSTEM_PRIORITY_FILE + unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID ++ ++${TEST} ++if [ $? != 0 ]; then ++ echo "${TEST} expected to succeed by default" ++ exit 1 ++fi ++echo "RSAES-PKCS1-v1_5 successfully enabled by default" ++ + exit 0 +-- +GitLab + diff --git a/source/n/gnutls/gnutls.SlackBuild b/source/n/gnutls/gnutls.SlackBuild index 157f01aae..154b283fa 100755 --- a/source/n/gnutls/gnutls.SlackBuild +++ b/source/n/gnutls/gnutls.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2007, 2008, 2009, 2010, 2016, 2017, 2018, 2020 Patrick Volkerding, Sebeka, MN, USA +# Copyright 2007, 2008, 2009, 2010, 2016, 2017, 2018, 2020, 2024 Patrick Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=gnutls VERSION=${VERSION:-$(echo gnutls-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -81,6 +81,9 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ +# [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration: +cat $CWD/1830.patch | patch -p1 --verbose || exit 1 + # Need to reconf to find guile-3.0.x: autoreconf -vif |