diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2021-09-17 04:17:57 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2021-09-17 17:59:52 +0200 |
| commit | 216e5284961bf8c173702c05ba4329cfaca9015f (patch) | |
| tree | 3c56f60ee4f8b5e724c91dec4c1aa9ab4a931af3 /source | |
| parent | d4dd1e8c22c4ac031b6dd8997701d97385f7feac (diff) | |
| download | current-216e5284961bf8c173702c05ba4329cfaca9015f.tar.gz current-216e5284961bf8c173702c05ba4329cfaca9015f.tar.xz | |
Fri Sep 17 04:17:57 UTC 202120210917041757
a/cryptsetup-2.4.1-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.0-noarch-5.txz: Rebuilt.
Stop D-Bus after NFS partitions are unmounted to avoid a hang.
Thanks to vulcan59 and bassmadrigal.
ap/sudo-1.9.8p1-x86_64-1.txz: Upgraded.
l/fftw-3.3.10-x86_64-1.txz: Upgraded.
l/libxkbcommon-1.3.1-x86_64-1.txz: Upgraded.
l/pipewire-0.3.36-x86_64-1.txz: Upgraded.
n/dhcpcd-9.4.0-x86_64-2.txz: Rebuilt.
Applied upstream patch:
DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
Thanks to marav.
n/httpd-2.4.49-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
core: ap_escape_quotes buffer overflow
mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
core: null pointer dereference on malformed request
mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
(* Security fix *)
x/ibus-libpinyin-1.12.1-x86_64-1.txz: Upgraded.
x/libpinyin-2.6.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-91.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.1.1/releasenotes/
Diffstat (limited to 'source')
| -rw-r--r-- | source/a/sysvinit-scripts/scripts/rc.6 | 10 | ||||
| -rwxr-xr-x | source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild | 2 | ||||
| -rwxr-xr-x | source/l/fftw/fftw.SlackBuild | 2 | ||||
| -rwxr-xr-x | source/n/dhcpcd/dhcpcd.SlackBuild | 3 | ||||
| -rw-r--r-- | source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch | 119 | ||||
| -rw-r--r-- | source/n/httpd/httpd.url | 4 | ||||
| -rwxr-xr-x | source/x/ibus-libpinyin/ibus-libpinyin.SlackBuild | 2 | ||||
| -rwxr-xr-x | source/x/libpinyin/libpinyin.SlackBuild | 2 |
8 files changed, 132 insertions, 12 deletions
diff --git a/source/a/sysvinit-scripts/scripts/rc.6 b/source/a/sysvinit-scripts/scripts/rc.6 index 92338d4d8..e9197ff45 100644 --- a/source/a/sysvinit-scripts/scripts/rc.6 +++ b/source/a/sysvinit-scripts/scripts/rc.6 @@ -116,11 +116,6 @@ if [ -x /etc/rc.d/rc.haveged ]; then /etc/rc.d/rc.haveged stop fi -# Stop D-Bus: -if [ -x /etc/rc.d/rc.messagebus ]; then - /etc/rc.d/rc.messagebus stop -fi - # Kill any processes (typically gam) that would otherwise prevent # unmounting NFS volumes: unset FUSER_DELAY @@ -139,6 +134,11 @@ fi echo "Unmounting remote filesystems:" /bin/umount -v -a -l -f -r -t nfs,nfs4,smbfs,cifs | tr -d ' ' | grep successfully | sed "s/:successfullyunmounted/ has been successfully unmounted./g" +# Stop D-Bus: +if [ -x /etc/rc.d/rc.messagebus ]; then + /etc/rc.d/rc.messagebus stop +fi + # Try to shut down pppd: PS="$(ps ax)" if echo "$PS" | /bin/grep -q -w pppd ; then diff --git a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild index ae1f2346a..6a16c6a91 100755 --- a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild +++ b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=sysvinit-scripts VERSION=${VERSION:-15.0} ARCH=noarch -BUILD=${BUILD:-4} +BUILD=${BUILD:-5} # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information diff --git a/source/l/fftw/fftw.SlackBuild b/source/l/fftw/fftw.SlackBuild index 1fae73a71..8e3a34df2 100755 --- a/source/l/fftw/fftw.SlackBuild +++ b/source/l/fftw/fftw.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=fftw VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | cut -f 2- -d - | rev | cut -f 3- -d . | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} # Automatically determine the architecture we're building on: diff --git a/source/n/dhcpcd/dhcpcd.SlackBuild b/source/n/dhcpcd/dhcpcd.SlackBuild index 53cf1be4a..c4efe43d9 100755 --- a/source/n/dhcpcd/dhcpcd.SlackBuild +++ b/source/n/dhcpcd/dhcpcd.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=dhcpcd VERSION=${VERSION:-$(echo dhcpcd-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # By default, Slackware builds dhcpcd with privilege separation, which improves # security by ensuring that any security vulnerabilies such as buffer overflows @@ -94,6 +94,7 @@ find . \ patch -p1 --verbose < $CWD/patches/dhcpcd.conf-Don-t-invoke-wpa_supplicant-by-default.patch || exit 1 patch -p1 --verbose < $CWD/patches/use-hostname_short-in-dhcpcd.conf.patch || exit 1 patch -p1 --verbose < $CWD/patches/dhcpcd.conf-request_ntp_server_by_default.patch || exit 1 +patch -p1 --verbose < $CWD/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch || exit 1 # At this point, it should be safe to assume that /var will be mounted by the # time dhcpcd is called, as all non-root local filesystems are mounted from diff --git a/source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch b/source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch new file mode 100644 index 000000000..8f6a0075a --- /dev/null +++ b/source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch @@ -0,0 +1,119 @@ +From 2fae4a113c3e736d585dd300ca6c8fddae300503 Mon Sep 17 00:00:00 2001 +From: Roy Marples <roy@marples.name> +Date: Tue, 31 Aug 2021 10:57:44 +0100 +Subject: [PATCH] DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages. + +As per RFC 4704 section 5. +Fixes #44. +--- + src/dhcp6.c | 79 +++++++++++++++++++++++++++++++++------------------------- + 1 files changed, 45 insertions(+), 34 deletions(-) + +diff --git a/src/dhcp6.c b/src/dhcp6.c +index f355418..9c818b3 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -637,7 +637,7 @@ dhcp6_makemessage(struct interface *ifp) + uint8_t type; + uint16_t si_len, uni_len, n_options; + uint8_t *o_lenp; +- struct if_options *ifo; ++ struct if_options *ifo = ifp->options; + const struct dhcp_opt *opt, *opt2; + const struct ipv6_addr *ap; + char hbuf[HOSTNAME_MAX_LEN + 1]; +@@ -658,8 +658,50 @@ dhcp6_makemessage(struct interface *ifp) + state->send = NULL; + } + +- ifo = ifp->options; +- fqdn = ifo->fqdn; ++ switch(state->state) { ++ case DH6S_INIT: /* FALLTHROUGH */ ++ case DH6S_DISCOVER: ++ type = DHCP6_SOLICIT; ++ break; ++ case DH6S_REQUEST: ++ type = DHCP6_REQUEST; ++ break; ++ case DH6S_CONFIRM: ++ type = DHCP6_CONFIRM; ++ break; ++ case DH6S_REBIND: ++ type = DHCP6_REBIND; ++ break; ++ case DH6S_RENEW: ++ type = DHCP6_RENEW; ++ break; ++ case DH6S_INFORM: ++ type = DHCP6_INFORMATION_REQ; ++ break; ++ case DH6S_RELEASE: ++ type = DHCP6_RELEASE; ++ break; ++ case DH6S_DECLINE: ++ type = DHCP6_DECLINE; ++ break; ++ default: ++ errno = EINVAL; ++ return -1; ++ } ++ ++ /* RFC 4704 Section 5 says we can only send FQDN for these ++ * message types. */ ++ switch(type) { ++ case DHCP6_SOLICIT: ++ case DHCP6_REQUEST: ++ case DHCP6_RENEW: ++ case DHCP6_REBIND: ++ fqdn = ifo->fqdn; ++ break; ++ default: ++ fqdn = FQDN_DISABLE; ++ break; ++ } + + if (fqdn == FQDN_DISABLE && ifo->options & DHCPCD_HOSTNAME) { + /* We're sending the DHCPv4 hostname option, so send FQDN as +@@ -823,37 +865,6 @@ dhcp6_makemessage(struct interface *ifp) + } + + switch(state->state) { +- case DH6S_INIT: /* FALLTHROUGH */ +- case DH6S_DISCOVER: +- type = DHCP6_SOLICIT; +- break; +- case DH6S_REQUEST: +- type = DHCP6_REQUEST; +- break; +- case DH6S_CONFIRM: +- type = DHCP6_CONFIRM; +- break; +- case DH6S_REBIND: +- type = DHCP6_REBIND; +- break; +- case DH6S_RENEW: +- type = DHCP6_RENEW; +- break; +- case DH6S_INFORM: +- type = DHCP6_INFORMATION_REQ; +- break; +- case DH6S_RELEASE: +- type = DHCP6_RELEASE; +- break; +- case DH6S_DECLINE: +- type = DHCP6_DECLINE; +- break; +- default: +- errno = EINVAL; +- return -1; +- } +- +- switch(state->state) { + case DH6S_REQUEST: /* FALLTHROUGH */ + case DH6S_RENEW: /* FALLTHROUGH */ + case DH6S_RELEASE: +-- +1.7.1 + + diff --git a/source/n/httpd/httpd.url b/source/n/httpd/httpd.url index 9dc6266cb..08da5553f 100644 --- a/source/n/httpd/httpd.url +++ b/source/n/httpd/httpd.url @@ -1,2 +1,2 @@ -http://www.apache.org/dist/httpd/httpd-2.4.48.tar.bz2 -http://www.apache.org/dist/httpd/httpd-2.4.48.tar.bz2.asc +http://www.apache.org/dist/httpd/httpd-2.4.49.tar.bz2 +http://www.apache.org/dist/httpd/httpd-2.4.49.tar.bz2.asc diff --git a/source/x/ibus-libpinyin/ibus-libpinyin.SlackBuild b/source/x/ibus-libpinyin/ibus-libpinyin.SlackBuild index 3bfad788a..2e9446ba2 100755 --- a/source/x/ibus-libpinyin/ibus-libpinyin.SlackBuild +++ b/source/x/ibus-libpinyin/ibus-libpinyin.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=ibus-libpinyin VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/x/libpinyin/libpinyin.SlackBuild b/source/x/libpinyin/libpinyin.SlackBuild index 27d67040e..67ec0aae8 100755 --- a/source/x/libpinyin/libpinyin.SlackBuild +++ b/source/x/libpinyin/libpinyin.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libpinyin VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d- | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} |