summaryrefslogtreecommitdiffstats
path: root/source
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2024-04-10 19:09:14 +0000
committer Eric Hameleers <alien@slackware.com>2024-04-10 22:18:19 +0200
commit2136209b062ae65f523318f0130386ccfb602edb (patch)
tree87cc689611f863ef978cf1ab1a17f1180dff1916 /source
parent075f0a2233aa353625bd8e94b8eb197527ed1378 (diff)
downloadcurrent-2136209b062ae65f523318f0130386ccfb602edb.tar.gz
current-2136209b062ae65f523318f0130386ccfb602edb.tar.xz
Wed Apr 10 19:09:14 UTC 202420240410190914
a/cryptsetup-2.7.2-x86_64-1.txz: Upgraded. a/kernel-firmware-20240410_53438f8-noarch-1.txz: Upgraded. a/kernel-generic-6.6.26-x86_64-1.txz: Upgraded. a/kernel-huge-6.6.26-x86_64-1.txz: Upgraded. a/kernel-modules-6.6.26-x86_64-1.txz: Upgraded. a/openssl-solibs-3.3.0-x86_64-1.txz: Upgraded. a/pam-1.6.1-x86_64-1.txz: Upgraded. d/kernel-headers-6.6.26-x86-1.txz: Upgraded. d/rust-1.77.2-x86_64-1.txz: Upgraded. [PATCH] compiler: Use wasm-ld for wasm targets. Thanks to Heinz Wiesinger. k/kernel-source-6.6.26-noarch-1.txz: Upgraded. +SPECTRE_BHI_AUTO n +SPECTRE_BHI_OFF n +SPECTRE_BHI_ON y l/gst-plugins-bad-free-1.24.2-x86_64-1.txz: Upgraded. l/gst-plugins-base-1.24.2-x86_64-1.txz: Upgraded. l/gst-plugins-good-1.24.2-x86_64-1.txz: Upgraded. l/gst-plugins-libav-1.24.2-x86_64-1.txz: Upgraded. l/gstreamer-1.24.2-x86_64-1.txz: Upgraded. l/libcap-ng-0.8.5-x86_64-1.txz: Upgraded. l/nodejs-20.12.2-x86_64-1.txz: Upgraded. l/python-trove-classifiers-2024.4.10-x86_64-1.txz: Upgraded. n/gnutls-3.8.5-x86_64-2.txz: Rebuilt. [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration. Thanks to bortolotto. n/openssl-3.3.0-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source')
-rw-r--r--source/a/pam/fedora-patches/pam-1.6.0-noflex.patch24
-rwxr-xr-xsource/a/pam/pam.SlackBuild1
-rw-r--r--source/a/pam/pam.url3
-rwxr-xr-xsource/d/rust/rust.SlackBuild2
-rw-r--r--source/d/rust/rust.url2
-rw-r--r--source/k/kernel-configs/config-generic-6.6.26 (renamed from source/k/kernel-configs/config-generic-6.6.25)5
-rw-r--r--source/k/kernel-configs/config-generic-6.6.26.x64 (renamed from source/k/kernel-configs/config-generic-6.6.25.x64)5
-rw-r--r--source/k/kernel-configs/config-huge-6.6.26 (renamed from source/k/kernel-configs/config-huge-6.6.25)5
-rw-r--r--source/k/kernel-configs/config-huge-6.6.26.x64 (renamed from source/k/kernel-configs/config-huge-6.6.25.x64)5
-rwxr-xr-xsource/l/gst-plugins-bad-free/fetch-sources.sh2
-rwxr-xr-xsource/l/gst-plugins-bad-free/gst-plugins-bad-free.SlackBuild2
-rw-r--r--source/l/libcap-ng/30453b6553948cd05c438f9f509013e3bb84f25b.patch25
-rwxr-xr-xsource/l/libcap-ng/libcap-ng.SlackBuild7
-rwxr-xr-xsource/l/python-trove-classifiers/python-trove-classifiers.SlackBuild2
-rw-r--r--source/n/gnutls/1830.patch96
-rwxr-xr-xsource/n/gnutls/gnutls.SlackBuild7
16 files changed, 125 insertions, 68 deletions
diff --git a/source/a/pam/fedora-patches/pam-1.6.0-noflex.patch b/source/a/pam/fedora-patches/pam-1.6.0-noflex.patch
deleted file mode 100644
index 706841c9d..000000000
--- a/source/a/pam/fedora-patches/pam-1.6.0-noflex.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -up Linux-PAM-1.6.0/doc/Makefile.am.noflex Linux-PAM-1.6.0/doc/Makefile.am
---- Linux-PAM-1.6.0/doc/Makefile.am.noflex 2024-01-23 13:19:04.681955581 +0100
-+++ Linux-PAM-1.6.0/doc/Makefile.am 2024-01-23 13:19:49.740014426 +0100
-@@ -2,7 +2,7 @@
- # Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
- #
-
--SUBDIRS = man specs sag adg mwg
-+SUBDIRS = man sag adg mwg
-
- CLEANFILES = *~
- DISTCLEANFILES = custom-html.xsl custom-man.xsl
-diff -up Linux-PAM-1.6.0/Makefile.am.noflex Linux-PAM-1.6.0/Makefile.am
---- Linux-PAM-1.6.0/Makefile.am.noflex 2024-01-23 13:19:04.681955581 +0100
-+++ Linux-PAM-1.6.0/Makefile.am 2024-01-23 13:21:03.428109219 +0100
-@@ -4,7 +4,7 @@
-
- AUTOMAKE_OPTIONS = 1.9 gnu dist-xz no-dist-gzip check-news
-
--SUBDIRS = libpam tests libpamc libpam_misc modules po conf xtests
-+SUBDIRS = libpam tests libpamc libpam_misc modules po doc xtests
-
- if HAVE_DOC
- SUBDIRS += doc
diff --git a/source/a/pam/pam.SlackBuild b/source/a/pam/pam.SlackBuild
index cfe61ec73..25f1cfad1 100755
--- a/source/a/pam/pam.SlackBuild
+++ b/source/a/pam/pam.SlackBuild
@@ -99,7 +99,6 @@ done
# Patches from the Fedora SRPM:
zcat $CWD/fedora-patches/pam-1.5.3-unix-nomsg.patch.gz | patch -p1 --verbose || exit 1
-zcat $CWD/fedora-patches/pam-1.6.0-noflex.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.6.0-redhat-modules.patch.gz | patch -p1 --verbose || exit 1
# Improve the comments in /etc/environment:
diff --git a/source/a/pam/pam.url b/source/a/pam/pam.url
index d9bd3667c..8dde2e9f0 100644
--- a/source/a/pam/pam.url
+++ b/source/a/pam/pam.url
@@ -1,2 +1,3 @@
-#http://www.linux-pam.org/library/Linux-PAM-1.5.3.tar.bz2
https://github.com/linux-pam/linux-pam/releases
+https://github.com/linux-pam/linux-pam/releases/download/v1.6.1/Linux-PAM-1.6.1.tar.xz
+https://github.com/linux-pam/linux-pam/releases/download/v1.6.1/Linux-PAM-1.6.1.tar.xz.asc
diff --git a/source/d/rust/rust.SlackBuild b/source/d/rust/rust.SlackBuild
index 859c35401..6c398d95b 100755
--- a/source/d/rust/rust.SlackBuild
+++ b/source/d/rust/rust.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=rust
SRCNAM="${PKGNAM}c"
-VERSION=${VERSION:-1.77.1}
+VERSION=${VERSION:-1.77.2}
BUILD=${BUILD:-1}
# Set this to YES to build with the system LLVM, or NO to use the bundled LLVM.
diff --git a/source/d/rust/rust.url b/source/d/rust/rust.url
index 48c7416cd..d7fc4bf62 100644
--- a/source/d/rust/rust.url
+++ b/source/d/rust/rust.url
@@ -1,5 +1,5 @@
# Source code (repacked to .tar.lz):
-VERSION=1.77.1
+VERSION=1.77.2
rm -f rustc-${VERSION}-src.tar.*
lftpget https://static.rust-lang.org/dist/rustc-${VERSION}-src.tar.gz
lftpget https://static.rust-lang.org/dist/rustc-${VERSION}-src.tar.gz.asc
diff --git a/source/k/kernel-configs/config-generic-6.6.25 b/source/k/kernel-configs/config-generic-6.6.26
index bb645231a..c9f7d3ac5 100644
--- a/source/k/kernel-configs/config-generic-6.6.25
+++ b/source/k/kernel-configs/config-generic-6.6.26
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 6.6.25 Kernel Configuration
+# Linux/x86 6.6.26 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0"
CONFIG_CC_IS_GCC=y
@@ -530,6 +530,9 @@ CONFIG_RETPOLINE=y
CONFIG_RETHUNK=y
# CONFIG_GDS_FORCE_MITIGATION is not set
CONFIG_MITIGATION_RFDS=y
+CONFIG_SPECTRE_BHI_ON=y
+# CONFIG_SPECTRE_BHI_OFF is not set
+# CONFIG_SPECTRE_BHI_AUTO is not set
#
# Power management and ACPI options
diff --git a/source/k/kernel-configs/config-generic-6.6.25.x64 b/source/k/kernel-configs/config-generic-6.6.26.x64
index 7bf4acfb2..119f79f2a 100644
--- a/source/k/kernel-configs/config-generic-6.6.25.x64
+++ b/source/k/kernel-configs/config-generic-6.6.26.x64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 6.6.25 Kernel Configuration
+# Linux/x86 6.6.26 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0"
CONFIG_CC_IS_GCC=y
@@ -546,6 +546,9 @@ CONFIG_CPU_SRSO=y
CONFIG_SLS=y
# CONFIG_GDS_FORCE_MITIGATION is not set
CONFIG_MITIGATION_RFDS=y
+CONFIG_SPECTRE_BHI_ON=y
+# CONFIG_SPECTRE_BHI_OFF is not set
+# CONFIG_SPECTRE_BHI_AUTO is not set
CONFIG_ARCH_HAS_ADD_PAGES=y
#
diff --git a/source/k/kernel-configs/config-huge-6.6.25 b/source/k/kernel-configs/config-huge-6.6.26
index c8a2da44f..65d11b655 100644
--- a/source/k/kernel-configs/config-huge-6.6.25
+++ b/source/k/kernel-configs/config-huge-6.6.26
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 6.6.25 Kernel Configuration
+# Linux/x86 6.6.26 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0"
CONFIG_CC_IS_GCC=y
@@ -530,6 +530,9 @@ CONFIG_RETPOLINE=y
CONFIG_RETHUNK=y
# CONFIG_GDS_FORCE_MITIGATION is not set
CONFIG_MITIGATION_RFDS=y
+CONFIG_SPECTRE_BHI_ON=y
+# CONFIG_SPECTRE_BHI_OFF is not set
+# CONFIG_SPECTRE_BHI_AUTO is not set
#
# Power management and ACPI options
diff --git a/source/k/kernel-configs/config-huge-6.6.25.x64 b/source/k/kernel-configs/config-huge-6.6.26.x64
index 384e52a72..60baad63e 100644
--- a/source/k/kernel-configs/config-huge-6.6.25.x64
+++ b/source/k/kernel-configs/config-huge-6.6.26.x64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 6.6.25 Kernel Configuration
+# Linux/x86 6.6.26 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0"
CONFIG_CC_IS_GCC=y
@@ -546,6 +546,9 @@ CONFIG_CPU_SRSO=y
CONFIG_SLS=y
# CONFIG_GDS_FORCE_MITIGATION is not set
CONFIG_MITIGATION_RFDS=y
+CONFIG_SPECTRE_BHI_ON=y
+# CONFIG_SPECTRE_BHI_OFF is not set
+# CONFIG_SPECTRE_BHI_AUTO is not set
CONFIG_ARCH_HAS_ADD_PAGES=y
#
diff --git a/source/l/gst-plugins-bad-free/fetch-sources.sh b/source/l/gst-plugins-bad-free/fetch-sources.sh
index f3abff571..1ba85d7ce 100755
--- a/source/l/gst-plugins-bad-free/fetch-sources.sh
+++ b/source/l/gst-plugins-bad-free/fetch-sources.sh
@@ -26,7 +26,7 @@
#
# Example: VERSION=1.18.5 ./fetch-sources.sh
-VERSION=${VERSION:-1.24.1}
+VERSION=${VERSION:-1.24.2}
rm -rf rm -rf gst-plugins-bad-free-$VERSION gst-plugins-bad-$VERSION
diff --git a/source/l/gst-plugins-bad-free/gst-plugins-bad-free.SlackBuild b/source/l/gst-plugins-bad-free/gst-plugins-bad-free.SlackBuild
index f6e40311b..17d9735ba 100755
--- a/source/l/gst-plugins-bad-free/gst-plugins-bad-free.SlackBuild
+++ b/source/l/gst-plugins-bad-free/gst-plugins-bad-free.SlackBuild
@@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=gst-plugins-bad-free
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/l/libcap-ng/30453b6553948cd05c438f9f509013e3bb84f25b.patch b/source/l/libcap-ng/30453b6553948cd05c438f9f509013e3bb84f25b.patch
deleted file mode 100644
index 4cd8e9fc1..000000000
--- a/source/l/libcap-ng/30453b6553948cd05c438f9f509013e3bb84f25b.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-commit 30453b6553948cd05c438f9f509013e3bb84f25b
-Author: Steve Grubb <ausearch.1@gmail.com>
-Date: Thu Jan 4 15:06:29 2024 -0500
-
- Remove python global exception handler since its deprecated
-
-diff --git a/bindings/src/capng_swig.i b/bindings/src/capng_swig.i
-index fcdaf18..fa85e13 100644
---- a/bindings/src/capng_swig.i
-+++ b/bindings/src/capng_swig.i
-@@ -30,13 +30,6 @@
-
- %varargs(16, signed capability = 0) capng_updatev;
-
--%except(python) {
-- $action
-- if (result < 0) {
-- PyErr_SetFromErrno(PyExc_OSError);
-- return NULL;
-- }
--}
- #endif
-
- %define __signed__
-
diff --git a/source/l/libcap-ng/libcap-ng.SlackBuild b/source/l/libcap-ng/libcap-ng.SlackBuild
index acd405fa8..5528f4896 100755
--- a/source/l/libcap-ng/libcap-ng.SlackBuild
+++ b/source/l/libcap-ng/libcap-ng.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libcap-ng
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -85,11 +85,6 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
-# Patch for swig-4.2.0:
-cat $CWD/30453b6553948cd05c438f9f509013e3bb84f25b.patch | patch -p1 --verbose || exit 1
-
-autoreconf -vif
-
# Configure:
CFLAGS="$SLKCFLAGS" \
./configure \
diff --git a/source/l/python-trove-classifiers/python-trove-classifiers.SlackBuild b/source/l/python-trove-classifiers/python-trove-classifiers.SlackBuild
index 57d4ccdd6..c66ac9763 100755
--- a/source/l/python-trove-classifiers/python-trove-classifiers.SlackBuild
+++ b/source/l/python-trove-classifiers/python-trove-classifiers.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=python-trove-classifiers
VERSION=${VERSION:-$(echo trove-classifiers-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/gnutls/1830.patch b/source/n/gnutls/1830.patch
new file mode 100644
index 000000000..d3271fb1d
--- /dev/null
+++ b/source/n/gnutls/1830.patch
@@ -0,0 +1,96 @@
+From 6eec2a3854f90bfb30492d59db59c675bfb0f6f9 Mon Sep 17 00:00:00 2001
+From: Zoltan Fridrich <zfridric@redhat.com>
+Date: Wed, 10 Apr 2024 12:51:33 +0200
+Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration
+
+Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
+---
+ lib/priority.c | 12 ++++++----
+ ...system-override-allow-rsa-pkcs1-encrypt.sh | 22 +++++++++++++++++--
+ 2 files changed, 28 insertions(+), 6 deletions(-)
+
+diff --git a/lib/priority.c b/lib/priority.c
+index 8abe00d1ff..342f71471d 100644
+--- a/lib/priority.c
++++ b/lib/priority.c
+@@ -1423,9 +1423,6 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx)
+ _gnutls_default_priority_string = cfg->default_priority_string;
+ }
+
+- /* enable RSA-PKCS1-V1_5 by default */
+- cfg->allow_rsa_pkcs1_encrypt = true;
+-
+ if (cfg->allowlisting) {
+ /* also updates `flags` of global `hash_algorithms[]` */
+ ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size);
+@@ -2231,6 +2228,9 @@ static int _gnutls_update_system_priorities(bool defer_system_wide)
+ }
+
+ if (stat(system_priority_file, &sb) < 0) {
++ /* if there is no config enable RSA-PKCS1-V1_5 by default */
++ system_wide_config.allow_rsa_pkcs1_encrypt = true;
++
+ _gnutls_debug_log("cfg: unable to access: %s: %d\n",
+ system_priority_file, errno);
+ goto out;
+@@ -2272,12 +2272,16 @@ static int _gnutls_update_system_priorities(bool defer_system_wide)
+ system_priority_file, errno);
+ goto out;
+ }
++
++ memset(&ctx, 0, sizeof(ctx));
++ /* enable RSA-PKCS1-V1_5 by default */
++ ctx.cfg.allow_rsa_pkcs1_encrypt = true;
++
+ /* Parsing the configuration file needs to be done in 2 phases:
+ * first parsing the [global] section
+ * and then the other sections,
+ * because the [global] section modifies the parsing behavior.
+ */
+- memset(&ctx, 0, sizeof(ctx));
+ err = ini_parse_file(fp, global_ini_handler, &ctx);
+ if (!err) {
+ if (fseek(fp, 0L, SEEK_SET) < 0) {
+diff --git a/tests/system-override-allow-rsa-pkcs1-encrypt.sh b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
+index b7d477c96e..014088bd2f 100755
+--- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh
++++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh
+@@ -38,15 +38,33 @@ cat <<_EOF_ > ${CONF}
+ allow-rsa-pkcs1-encrypt = true
+ _EOF_
+
+-${TEST} && fail "RSAES-PKCS1-v1_5 expected to succeed"
++${TEST}
++if [ $? != 0 ]; then
++ echo "${TEST} expected to succeed"
++ exit 1
++fi
++echo "RSAES-PKCS1-v1_5 successfully enabled"
+
+ cat <<_EOF_ > ${CONF}
+ [overrides]
+ allow-rsa-pkcs1-encrypt = false
+ _EOF_
+
+-${TEST} || fail "RSAES-PKCS1-v1_5 expected to fail"
++${TEST}
++if [ $? = 0 ]; then
++ echo "${TEST} expected to fail"
++ exit 1
++fi
++echo "RSAES-PKCS1-v1_5 successfully disabled"
+
+ unset GNUTLS_SYSTEM_PRIORITY_FILE
+ unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID
++
++${TEST}
++if [ $? != 0 ]; then
++ echo "${TEST} expected to succeed by default"
++ exit 1
++fi
++echo "RSAES-PKCS1-v1_5 successfully enabled by default"
++
+ exit 0
+--
+GitLab
+
diff --git a/source/n/gnutls/gnutls.SlackBuild b/source/n/gnutls/gnutls.SlackBuild
index 157f01aae..154b283fa 100755
--- a/source/n/gnutls/gnutls.SlackBuild
+++ b/source/n/gnutls/gnutls.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2007, 2008, 2009, 2010, 2016, 2017, 2018, 2020 Patrick Volkerding, Sebeka, MN, USA
+# Copyright 2007, 2008, 2009, 2010, 2016, 2017, 2018, 2020, 2024 Patrick Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=gnutls
VERSION=${VERSION:-$(echo gnutls-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -81,6 +81,9 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
+# [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration:
+cat $CWD/1830.patch | patch -p1 --verbose || exit 1
+
# Need to reconf to find guile-3.0.x:
autoreconf -vif