summaryrefslogtreecommitdiffstats
path: root/source
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2023-10-03 22:19:10 +0000
committer Eric Hameleers <alien@slackware.com>2023-10-04 01:08:21 +0200
commit7a2ee07f950f14ce482ae370d28b18de8fcbde69 (patch)
treeb1ff69f347e10c2054f5faa019944d89990d1596 /source
parentcb4e8726f423a41c65ca89c8b8346b0974417940 (diff)
downloadcurrent-7a2ee07f950f14ce482ae370d28b18de8fcbde69.tar.gz
current-7a2ee07f950f14ce482ae370d28b18de8fcbde69.tar.xz
Tue Oct 3 22:19:10 UTC 202320231003221910
a/aaa_glibc-solibs-2.37-x86_64-3.txz: Rebuilt. a/dialog-1.3_20231002-x86_64-1.txz: Upgraded. ap/mpg123-1.32.3-x86_64-1.txz: Upgraded. d/llvm-17.0.2-x86_64-1.txz: Upgraded. d/meson-1.2.2-x86_64-2.txz: Rebuilt. [PATCH] Revert rust: apply global, project, and environment C args to bindgen. This fixes building Mesa. Thanks to lucabon and marav. kde/calligra-3.2.1-x86_64-34.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/cantor-23.08.1-x86_64-2.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/kfilemetadata-5.110.0-x86_64-2.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/kile-2.9.93-x86_64-28.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/kitinerary-23.08.1-x86_64-2.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/krita-5.1.5-x86_64-15.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/okular-23.08.1-x86_64-2.txz: Rebuilt. Recompiled against poppler-23.10.0. l/glibc-2.37-x86_64-3.txz: Rebuilt. l/glibc-i18n-2.37-x86_64-3.txz: Rebuilt. Patched to fix the "Looney Tunables" vulnerability, a local privilege escalation in ld.so. This vulnerability was introduced in April 2021 (glibc 2.34) by commit 2ed18c. Thanks to Qualys Research Labs for reporting this issue. For more information, see: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.cve.org/CVERecord?id=CVE-2023-4911 (* Security fix *) l/glibc-profile-2.37-x86_64-3.txz: Rebuilt. l/mozilla-nss-3.94-x86_64-1.txz: Upgraded. l/poppler-23.10.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. n/NetworkManager-1.44.2-x86_64-1.txz: Upgraded. n/irssi-1.4.5-x86_64-1.txz: Upgraded. x/fcitx5-5.1.1-x86_64-1.txz: Upgraded. x/fcitx5-anthy-5.1.1-x86_64-1.txz: Upgraded. x/fcitx5-chinese-addons-5.1.1-x86_64-1.txz: Upgraded. x/fcitx5-gtk-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-hangul-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-kkc-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-m17n-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.1-x86_64-1.txz: Upgraded. x/fcitx5-sayura-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-table-extra-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-table-other-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-unikey-5.1.1-x86_64-1.txz: Upgraded. x/libX11-1.8.7-x86_64-1.txz: Upgraded. This update fixes security issues: libX11: out-of-bounds memory access in _XkbReadKeySyms(). libX11: stack exhaustion from infinite recursion in PutSubImage(). libX11: integer overflow in XCreateImage() leading to a heap overflow. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003424.html https://www.cve.org/CVERecord?id=CVE-2023-43785 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://www.cve.org/CVERecord?id=CVE-2023-43787 (* Security fix *) x/libXpm-3.5.17-x86_64-1.txz: Upgraded. This update fixes security issues: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer(). libXpm: out of bounds read on XPM with corrupted colormap. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003424.html https://www.cve.org/CVERecord?id=CVE-2023-43788 https://www.cve.org/CVERecord?id=CVE-2023-43789 (* Security fix *) testing/packages/aaa_glibc-solibs-2.38-x86_64-2.txz: Rebuilt. testing/packages/glibc-2.38-x86_64-2.txz: Rebuilt. Patched to fix the "Looney Tunables" vulnerability, a local privilege escalation in ld.so. This vulnerability was introduced in April 2021 (glibc 2.34) by commit 2ed18c. Thanks to Qualys Research Labs for reporting this issue. For more information, see: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.cve.org/CVERecord?id=CVE-2023-4911 (* Security fix *) testing/packages/glibc-i18n-2.38-x86_64-2.txz: Rebuilt. testing/packages/glibc-profile-2.38-x86_64-2.txz: Rebuilt.
Diffstat (limited to 'source')
-rw-r--r--source/d/llvm/llvm.url56
-rw-r--r--source/d/meson/9d1d4ae746ce39d1916dfe71fd6dcc5fce27e828.patch142
-rwxr-xr-xsource/d/meson/meson.SlackBuild4
-rw-r--r--source/kde/kde/build/calligra2
-rw-r--r--source/kde/kde/build/cantor2
-rw-r--r--source/kde/kde/build/kfilemetadata2
-rw-r--r--source/kde/kde/build/kile2
-rw-r--r--source/kde/kde/build/kitinerary2
-rw-r--r--source/kde/kde/build/krita2
-rw-r--r--source/kde/kde/build/okular2
-rwxr-xr-xsource/l/glibc/glibc.SlackBuild2
-rw-r--r--source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch70
-rwxr-xr-xsource/l/mozilla-nss/mozilla-nss.SlackBuild2
-rwxr-xr-xsource/l/poppler/poppler.SlackBuild4
-rwxr-xr-xsource/n/irssi/irssi.SlackBuild2
-rwxr-xr-xsource/x/fcitx5-chinese-addons/fcitx5-chinese-addons.SlackBuild2
-rw-r--r--source/x/fcitx5-kkc/0001-remove-std-c-11-from-gui-CMakeLists.txt.patch24
-rwxr-xr-xsource/x/fcitx5-kkc/fcitx5-kkc.SlackBuild6
-rw-r--r--source/x/fcitx5/7fb3a5500270877d93b61b11b2a17b9b8f6a506b.patch26
-rwxr-xr-xsource/x/fcitx5/fcitx5.SlackBuild4
20 files changed, 260 insertions, 98 deletions
diff --git a/source/d/llvm/llvm.url b/source/d/llvm/llvm.url
index d91aa60a6..5afb5e973 100644
--- a/source/d/llvm/llvm.url
+++ b/source/d/llvm/llvm.url
@@ -1,29 +1,29 @@
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/llvm-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/clang-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/clang-tools-extra-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/compiler-rt-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/flang-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/lldb-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/openmp-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/polly-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/libcxx-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/libcxxabi-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/lld-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/libunwind-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/cmake-17.0.1.src.tar.xz
-https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.1/third-party-17.0.1.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/llvm-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/clang-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/clang-tools-extra-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/compiler-rt-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/flang-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/lldb-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/openmp-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/polly-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/libcxx-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/libcxxabi-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/lld-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/libunwind-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/cmake-17.0.2.src.tar.xz
+https://github.com/llvm/llvm-project/releases/download/llvmorg-17.0.2/third-party-17.0.2.src.tar.xz
-#http://llvm.org/releases/17.0.1/llvm-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/clang-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/clang-tools-extra-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/compiler-rt-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/flang-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/lldb-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/openmp-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/polly-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/libcxx-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/libcxxabi-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/lld-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/libunwind-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/cmake-17.0.1.src.tar.xz
-#http://llvm.org/releases/17.0.1/third-party-17.0.1.src.tar.xz
+#http://llvm.org/releases/17.0.2/llvm-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/clang-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/clang-tools-extra-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/compiler-rt-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/flang-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/lldb-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/openmp-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/polly-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/libcxx-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/libcxxabi-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/lld-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/libunwind-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/cmake-17.0.2.src.tar.xz
+#http://llvm.org/releases/17.0.2/third-party-17.0.2.src.tar.xz
diff --git a/source/d/meson/9d1d4ae746ce39d1916dfe71fd6dcc5fce27e828.patch b/source/d/meson/9d1d4ae746ce39d1916dfe71fd6dcc5fce27e828.patch
new file mode 100644
index 000000000..34fa9d8d6
--- /dev/null
+++ b/source/d/meson/9d1d4ae746ce39d1916dfe71fd6dcc5fce27e828.patch
@@ -0,0 +1,142 @@
+From 9d1d4ae746ce39d1916dfe71fd6dcc5fce27e828 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Tue, 3 Oct 2023 16:52:56 +0100
+Subject: [PATCH 7/7] Revert "rust: apply global, project, and environment C
+ args to bindgen"
+
+This reverts commit 36210f64f22dc10d324db76bb1a7988c9cd5b14e.
+
+This ended up not doing what was intended - see https://github.com/mesonbuild/meson/issues/12065#issuecomment-1742263677.
+
+Bug: https://bugs.gentoo.org/914989
+Bug: https://bugs.gentoo.org/915014
+Signed-off-by: Sam James <sam@gentoo.org>
+---
+ mesonbuild/modules/rust.py | 6 ------
+ test cases/rust/12 bindgen/meson.build | 18 ------------------
+ .../rust/12 bindgen/src/global-project.h | 10 ----------
+ test cases/rust/12 bindgen/src/global.c | 5 -----
+ test cases/rust/12 bindgen/src/global.rs | 14 --------------
+ test cases/rust/12 bindgen/test.json | 5 +----
+ 6 files changed, 1 insertion(+), 57 deletions(-)
+ delete mode 100644 test cases/rust/12 bindgen/src/global-project.h
+ delete mode 100644 test cases/rust/12 bindgen/src/global.c
+ delete mode 100644 test cases/rust/12 bindgen/src/global.rs
+
+diff --git a/mesonbuild/modules/rust.py b/mesonbuild/modules/rust.py
+index e6e5c633f..3514412e6 100644
+--- a/mesonbuild/modules/rust.py
++++ b/mesonbuild/modules/rust.py
+@@ -232,12 +232,6 @@ class RustModule(ExtensionModule):
+ elif isinstance(s, CustomTarget):
+ depends.append(s)
+
+- clang_args.extend(state.global_args.get('c', []))
+- clang_args.extend(state.project_args.get('c', []))
+- cargs = state.get_option('args', state.subproject, lang='c')
+- assert isinstance(cargs, list), 'for mypy'
+- clang_args.extend(cargs)
+-
+ if self._bindgen_bin is None:
+ self._bindgen_bin = state.find_program('bindgen')
+
+diff --git a/test cases/rust/12 bindgen/meson.build b/test cases/rust/12 bindgen/meson.build
+index e7cb5f3db..c05cc0631 100644
+--- a/test cases/rust/12 bindgen/meson.build
++++ b/test cases/rust/12 bindgen/meson.build
+@@ -8,9 +8,6 @@ if not prog_bindgen.found()
+ error('MESON_SKIP_TEST bindgen not found')
+ endif
+
+-add_project_arguments('-DPROJECT_ARG', language : 'c')
+-add_global_arguments('-DGLOBAL_ARG', language : 'c')
+-
+ # This seems to happen on windows when libclang.dll is not in path or is not
+ # valid. We must try to process a header file for this to work.
+ #
+@@ -84,18 +81,3 @@ test('generated header', rust_bin2)
+
+ subdir('sub')
+ subdir('dependencies')
+-
+-gp = rust.bindgen(
+- input : 'src/global-project.h',
+- output : 'global-project.rs',
+-)
+-
+-gp_lib = static_library('gp_lib', 'src/global.c')
+-
+-gp_exe = executable(
+- 'gp_exe',
+- structured_sources(['src/global.rs', gp]),
+- link_with : gp_lib,
+-)
+-
+-test('global and project arguments', gp_exe)
+diff --git a/test cases/rust/12 bindgen/src/global-project.h b/test cases/rust/12 bindgen/src/global-project.h
+deleted file mode 100644
+index 6084e8ed6..000000000
+--- a/test cases/rust/12 bindgen/src/global-project.h
++++ /dev/null
+@@ -1,10 +0,0 @@
+-#ifndef GLOBAL_ARG
+-char * success(void);
+-#endif
+-#ifndef PROJECT_ARG
+-char * success(void);
+-#endif
+-#ifndef CMD_ARG
+-char * success(void);
+-#endif
+-int success(void);
+diff --git a/test cases/rust/12 bindgen/src/global.c b/test cases/rust/12 bindgen/src/global.c
+deleted file mode 100644
+index 10f6676f7..000000000
+--- a/test cases/rust/12 bindgen/src/global.c
++++ /dev/null
+@@ -1,5 +0,0 @@
+-#include "src/global-project.h"
+-
+-int success(void) {
+- return 0;
+-}
+diff --git a/test cases/rust/12 bindgen/src/global.rs b/test cases/rust/12 bindgen/src/global.rs
+deleted file mode 100644
+index 4b70b1ecc..000000000
+--- a/test cases/rust/12 bindgen/src/global.rs
++++ /dev/null
+@@ -1,14 +0,0 @@
+-// SPDX-license-identifer: Apache-2.0
+-// Copyright © 2023 Intel Corporation
+-
+-#![allow(non_upper_case_globals)]
+-#![allow(non_camel_case_types)]
+-#![allow(non_snake_case)]
+-
+-include!("global-project.rs");
+-
+-fn main() {
+- unsafe {
+- std::process::exit(success());
+- };
+-}
+diff --git a/test cases/rust/12 bindgen/test.json b/test cases/rust/12 bindgen/test.json
+index b3a758562..f94ee85f9 100644
+--- a/test cases/rust/12 bindgen/test.json
++++ b/test cases/rust/12 bindgen/test.json
+@@ -1,10 +1,7 @@
+ {
+- "env": {
+- "CFLAGS": "-DCMD_ARG"
+- },
+ "stdout": [
+ {
+- "line": "test cases/rust/12 bindgen/meson.build:30: WARNING: Project targets '>= 0.63' but uses feature introduced in '1.0.0': \"rust.bindgen\" keyword argument \"include_directories\" of type array[str]."
++ "line": "test cases/rust/12 bindgen/meson.build:27: WARNING: Project targets '>= 0.63' but uses feature introduced in '1.0.0': \"rust.bindgen\" keyword argument \"include_directories\" of type array[str]."
+ }
+ ]
+ }
+--
+2.42.0
+
+
diff --git a/source/d/meson/meson.SlackBuild b/source/d/meson/meson.SlackBuild
index 6e0faba19..25d08985a 100755
--- a/source/d/meson/meson.SlackBuild
+++ b/source/d/meson/meson.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=meson
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
@@ -60,6 +60,8 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \+
+cat $CWD/9d1d4ae746ce39d1916dfe71fd6dcc5fce27e828.patch | patch -p1 --verbose || exit 1
+
python3 setup.py install --root=$PKG || exit 1
mv $PKG/usr/share/man $PKG/usr/
diff --git a/source/kde/kde/build/calligra b/source/kde/kde/build/calligra
index bb95160cb..a78736459 100644
--- a/source/kde/kde/build/calligra
+++ b/source/kde/kde/build/calligra
@@ -1 +1 @@
-33
+34
diff --git a/source/kde/kde/build/cantor b/source/kde/kde/build/cantor
index d00491fd7..0cfbf0888 100644
--- a/source/kde/kde/build/cantor
+++ b/source/kde/kde/build/cantor
@@ -1 +1 @@
-1
+2
diff --git a/source/kde/kde/build/kfilemetadata b/source/kde/kde/build/kfilemetadata
index d00491fd7..0cfbf0888 100644
--- a/source/kde/kde/build/kfilemetadata
+++ b/source/kde/kde/build/kfilemetadata
@@ -1 +1 @@
-1
+2
diff --git a/source/kde/kde/build/kile b/source/kde/kde/build/kile
index f64f5d8d8..9902f1784 100644
--- a/source/kde/kde/build/kile
+++ b/source/kde/kde/build/kile
@@ -1 +1 @@
-27
+28
diff --git a/source/kde/kde/build/kitinerary b/source/kde/kde/build/kitinerary
index d00491fd7..0cfbf0888 100644
--- a/source/kde/kde/build/kitinerary
+++ b/source/kde/kde/build/kitinerary
@@ -1 +1 @@
-1
+2
diff --git a/source/kde/kde/build/krita b/source/kde/kde/build/krita
index 8351c1939..60d3b2f4a 100644
--- a/source/kde/kde/build/krita
+++ b/source/kde/kde/build/krita
@@ -1 +1 @@
-14
+15
diff --git a/source/kde/kde/build/okular b/source/kde/kde/build/okular
index d00491fd7..0cfbf0888 100644
--- a/source/kde/kde/build/okular
+++ b/source/kde/kde/build/okular
@@ -1 +1 @@
-1
+2
diff --git a/source/l/glibc/glibc.SlackBuild b/source/l/glibc/glibc.SlackBuild
index f8ed0d813..bac317163 100755
--- a/source/l/glibc/glibc.SlackBuild
+++ b/source/l/glibc/glibc.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=glibc
VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
CHECKOUT=${CHECKOUT:-""}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
# I was considering disabling NSCD, but MoZes talked me out of it. :)
#DISABLE_NSCD=" --disable-nscd "
diff --git a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch b/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch
new file mode 100644
index 000000000..074317990
--- /dev/null
+++ b/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch
@@ -0,0 +1,70 @@
+From 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 19 Sep 2023 18:39:32 -0400
+Subject: [PATCH] tunables: Terminate if end of input is reached
+ (CVE-2023-4911)
+
+The string parsing routine may end up writing beyond bounds of tunestr
+if the input tunable string is malformed, of the form name=name=val.
+This gets processed twice, first as name=name=val and next as name=val,
+resulting in tunestr being name=name=val:name=val, thus overflowing
+tunestr.
+
+Terminate the parsing loop at the first instance itself so that tunestr
+does not overflow.
+
+Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+---
+ NEWS | 5 +++++
+ elf/dl-tunables.c | 17 +++++++++-------
+
+
+--- ./NEWS.orig 2023-01-31 21:27:45.000000000 -0600
++++ ./NEWS 2023-10-03 15:47:54.560781260 -0500
+@@ -28,6 +28,11 @@
+ heap and prints it to the target log file, potentially revealing a
+ portion of the contents of the heap.
+
++ CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
++ environment of a setuid program and NAME is valid, it may result in a
++ buffer overflow, which could be exploited to achieve escalated
++ privileges. This flaw was introduced in glibc 2.34.
++
+ The following bugs are resolved with this release:
+
+ [12154] network: Cannot resolve hosts which have wildcard aliases
+--- ./elf/dl-tunables.c.orig 2023-01-31 21:27:45.000000000 -0600
++++ ./elf/dl-tunables.c 2023-10-03 15:47:54.560781260 -0500
+@@ -187,11 +187,7 @@
+ /* If we reach the end of the string before getting a valid name-value
+ pair, bail out. */
+ if (p[len] == '\0')
+- {
+- if (__libc_enable_secure)
+- tunestr[off] = '\0';
+- return;
+- }
++ break;
+
+ /* We did not find a valid name-value pair before encountering the
+ colon. */
+@@ -251,9 +247,16 @@
+ }
+ }
+
+- if (p[len] != '\0')
+- p += len + 1;
++ /* We reached the end while processing the tunable string. */
++ if (p[len] == '\0')
++ break;
++
++ p += len + 1;
+ }
++
++ /* Terminate tunestr before we leave. */
++ if (__libc_enable_secure)
++ tunestr[off] = '\0';
+ }
+ #endif
+
diff --git a/source/l/mozilla-nss/mozilla-nss.SlackBuild b/source/l/mozilla-nss/mozilla-nss.SlackBuild
index b7f29b542..fec258230 100755
--- a/source/l/mozilla-nss/mozilla-nss.SlackBuild
+++ b/source/l/mozilla-nss/mozilla-nss.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=mozilla-nss
SRCNAM=nss
-VERSION=${VERSION:-3.93}
+VERSION=${VERSION:-3.94}
NSPR=${NSPR:-4.35}
BUILD=${BUILD:-1}
diff --git a/source/l/poppler/poppler.SlackBuild b/source/l/poppler/poppler.SlackBuild
index 76768ad9b..1c8dd4909 100755
--- a/source/l/poppler/poppler.SlackBuild
+++ b/source/l/poppler/poppler.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2017, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2017, 2018, 2020, 2023 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -25,6 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=poppler
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1}
+QT6OPT=${QT6OPT:--DENABLE_QT6=OFF}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -94,6 +95,7 @@ cmake \
-DENABLE_XPDF_HEADERS=ON \
-DENABLE_UNSTABLE_API_ABI_HEADERS=ON \
-DENABLE_ZLIB=ON \
+ $QT6OPT \
.. || exit 1
make $NUMJOBS || make || exit 1
diff --git a/source/n/irssi/irssi.SlackBuild b/source/n/irssi/irssi.SlackBuild
index 4437ed256..db34640da 100755
--- a/source/n/irssi/irssi.SlackBuild
+++ b/source/n/irssi/irssi.SlackBuild
@@ -28,7 +28,7 @@ PKG=$TMP/package-irssi
VERSION=${VERSION:-$(echo irssi-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
DIRCD=${VERSION}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/x/fcitx5-chinese-addons/fcitx5-chinese-addons.SlackBuild b/source/x/fcitx5-chinese-addons/fcitx5-chinese-addons.SlackBuild
index 0998ce454..1580fca71 100755
--- a/source/x/fcitx5-chinese-addons/fcitx5-chinese-addons.SlackBuild
+++ b/source/x/fcitx5-chinese-addons/fcitx5-chinese-addons.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=fcitx5-chinese-addons
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d- | cut -f 2- -d _ | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-1}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/x/fcitx5-kkc/0001-remove-std-c-11-from-gui-CMakeLists.txt.patch b/source/x/fcitx5-kkc/0001-remove-std-c-11-from-gui-CMakeLists.txt.patch
deleted file mode 100644
index 260113583..000000000
--- a/source/x/fcitx5-kkc/0001-remove-std-c-11-from-gui-CMakeLists.txt.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 418c44e61fcda33e809076d1817acc2f2362d409 Mon Sep 17 00:00:00 2001
-From: Qiyu Yan <yanqiyu@fedoraproject.org>
-Date: Sun, 12 Mar 2023 12:48:39 +0800
-Subject: [PATCH] remove -std=c++11 from gui/CMakeLists.txt
-
----
- gui/CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/gui/CMakeLists.txt b/gui/CMakeLists.txt
-index 38b50d4..2327132 100644
---- a/gui/CMakeLists.txt
-+++ b/gui/CMakeLists.txt
-@@ -17,7 +17,7 @@ qt5_wrap_ui(KKC_CONFIG_SRCS dictwidget.ui adddictdialog.ui shortcutwidget.ui add
- add_library(fcitx5-kkc-config
- MODULE ${KKC_CONFIG_SRCS})
-
--add_definitions(-DQT_NO_KEYWORDS -std=c++11)
-+add_definitions(-DQT_NO_KEYWORDS)
-
- target_include_directories(fcitx5-kkc-config PRIVATE ${PROJECT_BINARY_DIR} ${CMAKE_CURRENT_BINARY_DIR})
-
---
-2.39.2
diff --git a/source/x/fcitx5-kkc/fcitx5-kkc.SlackBuild b/source/x/fcitx5-kkc/fcitx5-kkc.SlackBuild
index fd366ded0..8168ed344 100755
--- a/source/x/fcitx5-kkc/fcitx5-kkc.SlackBuild
+++ b/source/x/fcitx5-kkc/fcitx5-kkc.SlackBuild
@@ -1,7 +1,7 @@
#!/bin/bash
# Copyright 2015-2016 Heinz Wiesinger, Amsterdam, The Netherlands
-# Copyright 2016, 2020 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2016, 2020, 2023 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=fcitx5-kkc
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d- | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
@@ -76,8 +76,6 @@ rm -rf fcitx5-kkc-$VERSION
tar xvf $CWD/fcitx5-kkc-$VERSION.tar.?z || exit 1
cd fcitx5-kkc-$VERSION || exit 1
-zcat $CWD/0001-remove-std-c-11-from-gui-CMakeLists.txt.patch.gz | patch -p1 --verbose || exit 1
-
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
diff --git a/source/x/fcitx5/7fb3a5500270877d93b61b11b2a17b9b8f6a506b.patch b/source/x/fcitx5/7fb3a5500270877d93b61b11b2a17b9b8f6a506b.patch
deleted file mode 100644
index 0e8a33913..000000000
--- a/source/x/fcitx5/7fb3a5500270877d93b61b11b2a17b9b8f6a506b.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 7fb3a5500270877d93b61b11b2a17b9b8f6a506b Mon Sep 17 00:00:00 2001
-From: Weng Xuetian <wengxt@gmail.com>
-Date: Sat, 20 May 2023 20:02:24 -0700
-Subject: [PATCH] Fix compatiblity with fmt 10.0
-
-Fix #797
----
- src/modules/dbus/dbusmodule.cpp | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/modules/dbus/dbusmodule.cpp b/src/modules/dbus/dbusmodule.cpp
-index a7196676..6bebee30 100644
---- a/src/modules/dbus/dbusmodule.cpp
-+++ b/src/modules/dbus/dbusmodule.cpp
-@@ -570,8 +570,9 @@ class Controller1 : public ObjectVTable<Controller1> {
- ss << fmt::format("{:02x}", static_cast<int>(v));
- }
- ss << "] program:" << ic->program()
-- << " frontend:" << ic->frontend()
-- << " cap:" << fmt::format("{:x}", ic->capabilityFlags())
-+ << " frontend:" << ic->frontend() << " cap:"
-+ << fmt::format("{:x}",
-+ static_cast<uint64_t>(ic->capabilityFlags()))
- << " focus:" << ic->hasFocus() << std::endl;
- return true;
- });
diff --git a/source/x/fcitx5/fcitx5.SlackBuild b/source/x/fcitx5/fcitx5.SlackBuild
index ce3d80a10..cda538784 100755
--- a/source/x/fcitx5/fcitx5.SlackBuild
+++ b/source/x/fcitx5/fcitx5.SlackBuild
@@ -1,7 +1,7 @@
#!/bin/bash
# Copyright 2012 vvoody <vvoodywang@gmail.com>
-# Copyright 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2018, 2020, 2023 Patrick J. Volkerding, Sebeka, MN, USA
#
# All rights reserved.
#
@@ -87,8 +87,6 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
-zcat $CWD/7fb3a5500270877d93b61b11b2a17b9b8f6a506b.patch.gz | patch -p1 --verbose || exit 1
-
mkdir build
cd build
cmake \