diff options
Diffstat (limited to '')
-rw-r--r-- | source/d/llvm/llvm.url | 30 | ||||
-rwxr-xr-x | source/l/glibc/glibc.SlackBuild | 2 | ||||
-rw-r--r-- | source/l/glibc/patches/CVE-2024-2961_glibc2.39.patch | 217 | ||||
-rwxr-xr-x | source/l/pycups/pycups.SlackBuild | 3 | ||||
-rw-r--r-- | source/l/pycups/pycups.no.bogus.requires.diff | 30 | ||||
-rw-r--r-- | source/n/bind/caching-example/named.root | 8 |
6 files changed, 237 insertions, 53 deletions
diff --git a/source/d/llvm/llvm.url b/source/d/llvm/llvm.url index 463ea5a9b..cdcec53d5 100644 --- a/source/d/llvm/llvm.url +++ b/source/d/llvm/llvm.url @@ -1,15 +1,15 @@ -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/llvm-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/clang-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/clang-tools-extra-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/compiler-rt-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/flang-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/lldb-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/openmp-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/polly-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/libcxx-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/libcxxabi-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/lld-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/libunwind-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/cmake-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/third-party-18.1.3.src.tar.xz -https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.3/runtimes-18.1.3.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/llvm-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/clang-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/clang-tools-extra-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/compiler-rt-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/flang-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/lldb-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/openmp-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/polly-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/libcxx-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/libcxxabi-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/lld-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/libunwind-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/cmake-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/third-party-18.1.4.src.tar.xz +https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/runtimes-18.1.4.src.tar.xz diff --git a/source/l/glibc/glibc.SlackBuild b/source/l/glibc/glibc.SlackBuild index e16558257..d226405b7 100755 --- a/source/l/glibc/glibc.SlackBuild +++ b/source/l/glibc/glibc.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=glibc VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} CHECKOUT=${CHECKOUT:-""} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # I was considering disabling NSCD, but MoZes talked me out of it. :) #DISABLE_NSCD=" --disable-nscd " diff --git a/source/l/glibc/patches/CVE-2024-2961_glibc2.39.patch b/source/l/glibc/patches/CVE-2024-2961_glibc2.39.patch new file mode 100644 index 000000000..5a8c179a6 --- /dev/null +++ b/source/l/glibc/patches/CVE-2024-2961_glibc2.39.patch @@ -0,0 +1,217 @@ +From 31da30f23cddd36db29d5b6a1c7619361b271fb4 Mon Sep 17 00:00:00 2001 +From: Charles Fol <folcharles@gmail.com> +Date: Thu, 28 Mar 2024 12:25:38 -0300 +Subject: [PATCH] iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing + escape sequence (CVE-2024-2961) + +ISO-2022-CN-EXT uses escape sequences to indicate character set changes +(as specified by RFC 1922). While the SOdesignation has the expected +bounds checks, neither SS2designation nor SS3designation have its; +allowing a write overflow of 1, 2, or 3 bytes with fixed values: +'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'. + +Checked on aarch64-linux-gnu. + +Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +Reviewed-by: Carlos O'Donell <carlos@redhat.com> +Tested-by: Carlos O'Donell <carlos@redhat.com> + +(cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada) +--- + iconvdata/Makefile | 5 +- + iconvdata/iso-2022-cn-ext.c | 12 +++ + iconvdata/tst-iconv-iso-2022-cn-ext.c | 128 ++++++++++++++++++++++++++ + 3 files changed, 144 insertions(+), 1 deletion(-) + create mode 100644 iconvdata/tst-iconv-iso-2022-cn-ext.c + +diff --git a/iconvdata/Makefile b/iconvdata/Makefile +index ea019ce5c0..7196a8744b 100644 +--- a/iconvdata/Makefile ++++ b/iconvdata/Makefile +@@ -75,7 +75,8 @@ ifeq (yes,$(build-shared)) + tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ + tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ + bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \ +- bug-iconv13 bug-iconv14 bug-iconv15 ++ bug-iconv13 bug-iconv14 bug-iconv15 \ ++ tst-iconv-iso-2022-cn-ext + ifeq ($(have-thread-library),yes) + tests += bug-iconv3 + endif +@@ -330,6 +331,8 @@ $(objpfx)bug-iconv14.out: $(addprefix $(objpfx), $(gconv-modules)) \ + $(addprefix $(objpfx),$(modules.so)) + $(objpfx)bug-iconv15.out: $(addprefix $(objpfx), $(gconv-modules)) \ + $(addprefix $(objpfx),$(modules.so)) ++$(objpfx)tst-iconv-iso-2022-cn-ext.out: $(addprefix $(objpfx), $(gconv-modules)) \ ++ $(addprefix $(objpfx),$(modules.so)) + + $(objpfx)iconv-test.out: run-iconv-test.sh \ + $(addprefix $(objpfx), $(gconv-modules)) \ +diff --git a/iconvdata/iso-2022-cn-ext.c b/iconvdata/iso-2022-cn-ext.c +index b34c8a36f4..cce29b1969 100644 +--- a/iconvdata/iso-2022-cn-ext.c ++++ b/iconvdata/iso-2022-cn-ext.c +@@ -574,6 +574,12 @@ DIAG_IGNORE_Os_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); + { \ + const char *escseq; \ + \ ++ if (outptr + 4 > outend) \ ++ { \ ++ result = __GCONV_FULL_OUTPUT; \ ++ break; \ ++ } \ ++ \ + assert (used == CNS11643_2_set); /* XXX */ \ + escseq = "*H"; \ + *outptr++ = ESC; \ +@@ -587,6 +593,12 @@ DIAG_IGNORE_Os_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); + { \ + const char *escseq; \ + \ ++ if (outptr + 4 > outend) \ ++ { \ ++ result = __GCONV_FULL_OUTPUT; \ ++ break; \ ++ } \ ++ \ + assert ((used >> 5) >= 3 && (used >> 5) <= 7); \ + escseq = "+I+J+K+L+M" + ((used >> 5) - 3) * 2; \ + *outptr++ = ESC; \ +diff --git a/iconvdata/tst-iconv-iso-2022-cn-ext.c b/iconvdata/tst-iconv-iso-2022-cn-ext.c +new file mode 100644 +index 0000000000..96a8765fd5 +--- /dev/null ++++ b/iconvdata/tst-iconv-iso-2022-cn-ext.c +@@ -0,0 +1,128 @@ ++/* Verify ISO-2022-CN-EXT does not write out of the bounds. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <stdio.h> ++#include <string.h> ++ ++#include <errno.h> ++#include <iconv.h> ++#include <sys/mman.h> ++ ++#include <support/xunistd.h> ++#include <support/check.h> ++#include <support/support.h> ++ ++/* The test sets up a two memory page buffer with the second page marked ++ PROT_NONE to trigger a fault if the conversion writes beyond the exact ++ expected amount. Then we carry out various conversions and precisely ++ place the start of the output buffer in order to trigger a SIGSEGV if the ++ process writes anywhere between 1 and page sized bytes more (only one ++ PROT_NONE page is setup as a canary) than expected. These tests exercise ++ all three of the cases in ISO-2022-CN-EXT where the converter must switch ++ character sets and may run out of buffer space while doing the ++ operation. */ ++ ++static int ++do_test (void) ++{ ++ iconv_t cd = iconv_open ("ISO-2022-CN-EXT", "UTF-8"); ++ TEST_VERIFY_EXIT (cd != (iconv_t) -1); ++ ++ char *ntf; ++ size_t ntfsize; ++ char *outbufbase; ++ { ++ int pgz = getpagesize (); ++ TEST_VERIFY_EXIT (pgz > 0); ++ ntfsize = 2 * pgz; ++ ++ ntf = xmmap (NULL, ntfsize, PROT_READ | PROT_WRITE, MAP_PRIVATE ++ | MAP_ANONYMOUS, -1); ++ xmprotect (ntf + pgz, pgz, PROT_NONE); ++ ++ outbufbase = ntf + pgz; ++ } ++ ++ /* Check if SOdesignation escape sequence does not trigger an OOB write. */ ++ { ++ char inbuf[] = "\xe4\xba\xa4\xe6\x8d\xa2"; ++ ++ for (int i = 0; i < 9; i++) ++ { ++ char *inp = inbuf; ++ size_t inleft = sizeof (inbuf) - 1; ++ ++ char *outp = outbufbase - i; ++ size_t outleft = i; ++ ++ TEST_VERIFY_EXIT (iconv (cd, &inp, &inleft, &outp, &outleft) ++ == (size_t) -1); ++ TEST_COMPARE (errno, E2BIG); ++ ++ TEST_VERIFY_EXIT (iconv (cd, NULL, NULL, NULL, NULL) == 0); ++ } ++ } ++ ++ /* Same as before for SS2designation. */ ++ { ++ char inbuf[] = "ã´½ \xe3\xb4\xbd"; ++ ++ for (int i = 0; i < 14; i++) ++ { ++ char *inp = inbuf; ++ size_t inleft = sizeof (inbuf) - 1; ++ ++ char *outp = outbufbase - i; ++ size_t outleft = i; ++ ++ TEST_VERIFY_EXIT (iconv (cd, &inp, &inleft, &outp, &outleft) ++ == (size_t) -1); ++ TEST_COMPARE (errno, E2BIG); ++ ++ TEST_VERIFY_EXIT (iconv (cd, NULL, NULL, NULL, NULL) == 0); ++ } ++ } ++ ++ /* Same as before for SS3designation. */ ++ { ++ char inbuf[] = "å \xe5\x8a\x84"; ++ ++ for (int i = 0; i < 14; i++) ++ { ++ char *inp = inbuf; ++ size_t inleft = sizeof (inbuf) - 1; ++ ++ char *outp = outbufbase - i; ++ size_t outleft = i; ++ ++ TEST_VERIFY_EXIT (iconv (cd, &inp, &inleft, &outp, &outleft) ++ == (size_t) -1); ++ TEST_COMPARE (errno, E2BIG); ++ ++ TEST_VERIFY_EXIT (iconv (cd, NULL, NULL, NULL, NULL) == 0); ++ } ++ } ++ ++ TEST_VERIFY_EXIT (iconv_close (cd) != -1); ++ ++ xmunmap (ntf, ntfsize); ++ ++ return 0; ++} ++ ++#include <support/test-driver.c> +-- +2.39.3 + + diff --git a/source/l/pycups/pycups.SlackBuild b/source/l/pycups/pycups.SlackBuild index 4b35c4e8d..2baa7c19c 100755 --- a/source/l/pycups/pycups.SlackBuild +++ b/source/l/pycups/pycups.SlackBuild @@ -65,9 +65,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -# Requiring gcc and python3-devel in these files must be a mistake: -cat $CWD/pycups.no.bogus.requires.diff | patch -p1 --verbose || exit 1 - make || exit 1 make install DESTDIR=$PKG || exit 1 diff --git a/source/l/pycups/pycups.no.bogus.requires.diff b/source/l/pycups/pycups.no.bogus.requires.diff deleted file mode 100644 index 0b33fc8e7..000000000 --- a/source/l/pycups/pycups.no.bogus.requires.diff +++ /dev/null @@ -1,30 +0,0 @@ ---- ./pycups.egg-info/requires.txt.orig 2024-04-17 09:28:43.000000000 -0500 -+++ ./pycups.egg-info/requires.txt 2024-04-17 15:29:21.533926348 -0500 -@@ -1,2 +1 @@ --gcc --python3-devel -+ ---- ./setup.py.orig 2024-04-17 09:27:05.000000000 -0500 -+++ ./setup.py 2024-04-17 15:29:36.532925519 -0500 -@@ -61,10 +61,6 @@ - "Programming Language :: Python :: 3", - ], - license="GPLv2+", -- install_requires=[ -- 'gcc', -- 'python3-devel', -- ], - ext_modules=[Extension("cups", - ["cupsmodule.c", "cupsconnection.c", - "cupsppd.c", "cupsipp.c"], ---- ./PKG-INFO.orig 2024-04-17 09:28:43.393506800 -0500 -+++ ./PKG-INFO 2024-04-17 15:29:05.376927242 -0500 -@@ -16,8 +16,6 @@ - Classifier: Programming Language :: Python - Classifier: Programming Language :: Python :: 3 - License-File: COPYING --Requires-Dist: gcc --Requires-Dist: python3-devel - - This is a set of Python bindings for the libcups library from the - CUPS project. diff --git a/source/n/bind/caching-example/named.root b/source/n/bind/caching-example/named.root index 6db8239a2..280ab0668 100644 --- a/source/n/bind/caching-example/named.root +++ b/source/n/bind/caching-example/named.root @@ -9,8 +9,8 @@ ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; -; last update: October 24, 2023 -; related version of root zone: 2023102402 +; last update: March 25, 2024 +; related version of root zone: 2024032501 ; ; FORMERLY NS.INTERNIC.NET ; @@ -21,8 +21,8 @@ A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 -B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b +B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2 +B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b ; ; FORMERLY C.PSI.NET ; |