diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-06-15 18:59:33 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-06-15 21:34:54 +0200 |
commit | 6804b60830c68cf1122b6b9ce1cee807ef6e295b (patch) | |
tree | e58bb29a530b8f8e0090c9bc8c8ce8301efaf3b6 /source | |
parent | 2795ec931a3725d9a6fabb74e8edc91b9a434380 (diff) | |
download | current-6804b60830c68cf1122b6b9ce1cee807ef6e295b.tar.gz current-6804b60830c68cf1122b6b9ce1cee807ef6e295b.tar.xz |
Thu Jun 15 18:59:33 UTC 202320230615185933
a/btrfs-progs-6.3.2-x86_64-1.txz: Upgraded.
l/a52dec-0.8.0-x86_64-1.txz: Upgraded.
l/gjs-1.76.2-x86_64-1.txz: Upgraded.
x/libX11-1.8.6-x86_64-1.txz: Upgraded.
This update fixes buffer overflows in InitExt.c that could at least cause
the client to crash due to memory corruption.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-3138
(* Security fix *)
Diffstat (limited to 'source')
-rw-r--r-- | source/ap/mc/mc-3605-extfs.c-fix-buffer-overflow.patch | 53 | ||||
-rwxr-xr-x | source/ap/mc/mc.SlackBuild | 5 | ||||
-rwxr-xr-x | source/l/a52dec/a52dec.SlackBuild | 23 | ||||
-rw-r--r-- | source/l/a52dec/a52dec.url | 1 | ||||
-rw-r--r-- | source/l/a52dec/slack-desc | 2 |
5 files changed, 20 insertions, 64 deletions
diff --git a/source/ap/mc/mc-3605-extfs.c-fix-buffer-overflow.patch b/source/ap/mc/mc-3605-extfs.c-fix-buffer-overflow.patch deleted file mode 100644 index bf0761f39..000000000 --- a/source/ap/mc/mc-3605-extfs.c-fix-buffer-overflow.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 5cb89fd2150ac91d791b0360631d3fd08c5fb1d4 Mon Sep 17 00:00:00 2001 -From: Andreas Mohr <and@gmx.li> -Date: Sat, 12 Mar 2016 16:20:43 +0000 -Subject: [PATCH] extfs.c: fix buffer overflow - -When handling with copy/move commands inside of archive we can lead into buffer overflow -steps to roproduce: - create simple 7z archive - open it - rename single filename - hit buffer overflow - -found by clang/AddressSanitizer - -==17794==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000273593 at pc 0x00000045f2a9 bp 0x7ffc94aa8e20 sp 0x7ffc94aa85d0 -READ of size 2 at 0x602000273593 thread T0 - #0 0x45f2a8 in __interceptor_strchr.part.44 (/usr/bin/mc+0x45f2a8) - #1 0x70fb72 in extfs_find_entry_int /tmp/portage/app-misc/mc-9999/work/mc-9999/src/vfs/extfs/extfs.c:312:13 - #2 0x70f562 in extfs_find_entry /tmp/portage/app-misc/mc-9999/work/mc-9999/src/vfs/extfs/extfs.c:331:11 - #3 0x712131 in extfs_internal_stat /tmp/portage/app-misc/mc-9999/work/mc-9999/src/vfs/extfs/extfs.c:1117:13 - #4 0x7f3de308ab59 in mc_stat /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/vfs/interface.c:556:46 - #5 0x538575 in file_mask_dialog /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/filegui.c:1340:25 - #6 0x6e0753 in panel_operate /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/file.c:2718:13 - #7 0x6bdabd in rename_cmd /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/cmd.c:811:9 - #8 0x551ef4 in midnight_execute_cmd /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/midnight.c:1307:9 - #9 0x7f3de30a49e7 in buttonbar_callback /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/buttonbar.c:172:42 - #10 0x7f3de30b2305 in dlg_try_hotkey /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:464:23 - #11 0x7f3de30b199a in dlg_key_event /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:509:19 - #12 0x7f3de30b2ef9 in frontend_dlg_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:570:9 - #13 0x7f3de30b2af5 in dlg_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:1267:5 - #14 0x5507bb in do_nc /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/midnight.c:1827:9 - #15 0x50b874 in main /tmp/portage/app-misc/mc-9999/work/mc-9999/src/main.c:403:21 - #16 0x7f3de1ec78fb in __libc_start_main (/lib64/libc.so.6+0x208fb) - #17 0x427f48 in _start (/usr/bin/mc+0x427f48) - -Signed-off-by: Andreas Mohr <and@gmx.li> ---- - src/vfs/extfs/extfs.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/vfs/extfs/extfs.c b/src/vfs/extfs/extfs.c -index 2e7c87b..f7cdaee 100644 ---- a/src/vfs/extfs/extfs.c -+++ b/src/vfs/extfs/extfs.c -@@ -307,6 +307,8 @@ extfs_find_entry_int (struct entry *dir, const char *name, GSList * list, - } - } - /* Next iteration */ -+ if (c == '\0') -+ break; - *q = c; - p = q + 1; - q = strchr (p, PATH_SEP); diff --git a/source/ap/mc/mc.SlackBuild b/source/ap/mc/mc.SlackBuild index f4f74a83f..f39c73d37 100755 --- a/source/ap/mc/mc.SlackBuild +++ b/source/ap/mc/mc.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2011, 2013, 2016, 2018, 2019 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2011, 2013, 2016, 2018, 2019, 2023 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -73,9 +73,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Upstream fixes: -zcat $CWD/mc-3605-extfs.c-fix-buffer-overflow.patch.gz | patch -p1 --verbose || exit 1 - if [ ! -x ./configure ]; then ./autogen.sh fi diff --git a/source/l/a52dec/a52dec.SlackBuild b/source/l/a52dec/a52dec.SlackBuild index 78822c6c1..eea35d85c 100755 --- a/source/l/a52dec/a52dec.SlackBuild +++ b/source/l/a52dec/a52dec.SlackBuild @@ -3,7 +3,7 @@ # Slackware build script for a52dec # # Copyright 2007 Niklas "Nille" Åkerström -# Copyright 2014, 2016, 2018 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2014, 2016, 2018, 2023 Patrick J. Volkerding, Sebeka, MN, USA # Copyright 2014 Heinz Wiesinger, Amsterdam, NL # All rights reserved. # @@ -27,8 +27,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=a52dec -VERSION=${VERSION:-$(echo a52dec*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d- | rev)} -BUILD=${BUILD:-5} +VERSION=${VERSION:-$(echo a52dec*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d- | rev | tr -d v)} +BUILD=${BUILD:-1} if [ -z "$ARCH" ]; then case "$( uname -m )" in @@ -69,8 +69,8 @@ rm -rf $PKG mkdir -p $TMP $PKG cd $TMP rm -rf $PKGNAM-$VERSION -tar xvf $CWD/$PKGNAM-$VERSION.tar.?z* || exit 1 -cd $PKGNAM-$VERSION || exit 1 +tar xvf $CWD/$PKGNAM-v$VERSION.tar.?z* || exit 1 +cd $PKGNAM-v$VERSION || exit 1 chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \ @@ -78,11 +78,22 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ +if [ ! -r configure ]; then + if [ -x ./autogen.sh ]; then + NOCONFIGURE=1 ./autogen.sh + else + autoreconf -vif + fi +fi CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --mandir=/usr/man \ --enable-shared \ --disable-static \ --build=$ARCH-slackware-linux || exit 1 @@ -116,7 +127,7 @@ fi mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION cp -a \ - AUTHORS COPYING* ChangeLog HISTORY INSTALL NEWS README* TODO \ + AUTHORS* COPYING* ChangeLog* HISTORY* INSTALL* NEWS* README* TODO* \ $PKG/usr/doc/$PKGNAM-$VERSION mkdir -p $PKG/install diff --git a/source/l/a52dec/a52dec.url b/source/l/a52dec/a52dec.url new file mode 100644 index 000000000..b237e1986 --- /dev/null +++ b/source/l/a52dec/a52dec.url @@ -0,0 +1 @@ +https://git.adelielinux.org/community/a52dec/ diff --git a/source/l/a52dec/slack-desc b/source/l/a52dec/slack-desc index 998e1ec58..fd6b8bc1d 100644 --- a/source/l/a52dec/slack-desc +++ b/source/l/a52dec/slack-desc @@ -8,5 +8,5 @@ a52dec: library for decoding ATSC A/52 streams. The A/52 standard is used a52dec: in a variety of applications, including digital television and DVD. a52dec: It is also known as AC-3. a52dec: -a52dec: Homepage: http://liba52.sourceforge.net/ +a52dec: Homepage: https://git.adelielinux.org/community/a52dec/ a52dec: |