From 348dffe043c24552437ca1408bc83fb20db9774b Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Wed, 8 Jun 2022 19:15:34 +0000 Subject: Wed Jun 8 19:15:34 UTC 2022 patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism. Information Disclosure in mod_lua with websockets. mod_sed denial of service. Denial of service in mod_lua r:parsebody. Read beyond bounds in ap_strcmp_match(). Read beyond bounds via ap_rwrite(). Read beyond bounds in mod_isapi. mod_proxy_ajp: Possible request smuggling. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.54 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 (* Security fix *) --- ChangeLog.rss | 35 +++++++++++++++++-- ChangeLog.txt | 23 +++++++++++++ FILELIST.TXT | 40 +++++++++++----------- .../packages/httpd-2.4.53-x86_64-1_slack15.0.txt | 11 ------ .../packages/httpd-2.4.54-x86_64-1_slack15.0.txt | 11 ++++++ 5 files changed, 87 insertions(+), 33 deletions(-) delete mode 100644 patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txt create mode 100644 patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txt diff --git a/ChangeLog.rss b/ChangeLog.rss index bebc82542..4cd638e97 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,40 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Sat, 4 Jun 2022 18:43:17 GMT - Sun, 5 Jun 2022 11:30:14 GMT + Wed, 8 Jun 2022 19:15:34 GMT + Thu, 9 Jun 2022 11:30:15 GMT maintain_current_git.sh v 1.17 + + Wed, 8 Jun 2022 19:15:34 GMT + Wed, 8 Jun 2022 19:15:34 GMT + https://git.slackware.nl/current/tag/?h=20220608191534 + 20220608191534 + + +patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded. + This update fixes bugs and the following security issues: + mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism. + Information Disclosure in mod_lua with websockets. + mod_sed denial of service. + Denial of service in mod_lua r:parsebody. + Read beyond bounds in ap_strcmp_match(). + Read beyond bounds via ap_rwrite(). + Read beyond bounds in mod_isapi. + mod_proxy_ajp: Possible request smuggling. + For more information, see: + https://downloads.apache.org/httpd/CHANGES_2.4.54 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 + (* Security fix *) + ]]> + + Sat, 4 Jun 2022 18:43:17 GMT Sat, 4 Jun 2022 18:43:17 GMT diff --git a/ChangeLog.txt b/ChangeLog.txt index 12d9280ad..6b14d5b49 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,26 @@ +Wed Jun 8 19:15:34 UTC 2022 +patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded. + This update fixes bugs and the following security issues: + mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism. + Information Disclosure in mod_lua with websockets. + mod_sed denial of service. + Denial of service in mod_lua r:parsebody. + Read beyond bounds in ap_strcmp_match(). + Read beyond bounds via ap_rwrite(). + Read beyond bounds in mod_isapi. + mod_proxy_ajp: Possible request smuggling. + For more information, see: + https://downloads.apache.org/httpd/CHANGES_2.4.54 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 + (* Security fix *) ++--------------------------+ Sat Jun 4 18:43:17 UTC 2022 patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. diff --git a/FILELIST.TXT b/FILELIST.TXT index 821988501..d8bf13210 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Sat Jun 4 18:45:38 UTC 2022 +Wed Jun 8 19:20:40 UTC 2022 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2022-06-04 18:43 . +drwxr-xr-x 12 root root 4096 2022-06-08 19:15 . -rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0 -rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 1137736 2022-06-02 19:46 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2022-06-02 19:46 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 1137740 2022-06-04 18:45 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2022-06-04 18:45 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 1901885 2022-06-04 18:43 ./ChangeLog.txt +-rw-r--r-- 1 root root 1903048 2022-06-08 19:15 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi @@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1485047 2022-06-02 19:45 ./FILELIST.TXT +-rw-r--r-- 1 root root 1485051 2022-06-04 18:45 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY -rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT -rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT @@ -737,13 +737,13 @@ drwxr-xr-x 2 root root 4096 2008-05-07 05:21 ./pasture/source/php/pear -rwxr-xr-x 1 root root 9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild -rw-r--r-- 1 root root 775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz -rw-r--r-- 1 root root 830 2005-12-09 05:18 ./pasture/source/php/slack-desc -drwxr-xr-x 4 root root 4096 2022-06-04 18:45 ./patches --rw-r--r-- 1 root root 35056 2022-06-04 18:45 ./patches/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2022-06-04 18:45 ./patches/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 46906 2022-06-04 18:45 ./patches/FILE_LIST --rw-r--r-- 1 root root 11415266 2022-06-04 18:45 ./patches/MANIFEST.bz2 --rw-r--r-- 1 root root 26334 2022-06-04 18:45 ./patches/PACKAGES.TXT -drwxr-xr-x 3 root root 12288 2022-06-04 18:45 ./patches/packages +drwxr-xr-x 4 root root 4096 2022-06-08 19:20 ./patches +-rw-r--r-- 1 root root 35056 2022-06-08 19:20 ./patches/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2022-06-08 19:20 ./patches/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 46906 2022-06-08 19:20 ./patches/FILE_LIST +-rw-r--r-- 1 root root 11412835 2022-06-08 19:20 ./patches/MANIFEST.bz2 +-rw-r--r-- 1 root root 26334 2022-06-08 19:20 ./patches/PACKAGES.TXT +drwxr-xr-x 3 root root 12288 2022-06-08 19:20 ./patches/packages -rw-r--r-- 1 root root 327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt -rw-r--r-- 1 root root 10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz -rw-r--r-- 1 root root 163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc @@ -789,9 +789,9 @@ drwxr-xr-x 3 root root 12288 2022-06-04 18:45 ./patches/packages -rw-r--r-- 1 root root 314 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 111208 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz.asc --rw-r--r-- 1 root root 513 2022-03-14 17:42 ./patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txt --rw-r--r-- 1 root root 3882140 2022-03-14 17:42 ./patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txz --rw-r--r-- 1 root root 163 2022-03-14 17:42 ./patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txz.asc +-rw-r--r-- 1 root root 513 2022-06-08 17:58 ./patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txt +-rw-r--r-- 1 root root 3891688 2022-06-08 17:58 ./patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz +-rw-r--r-- 1 root root 163 2022-06-08 17:58 ./patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz.asc -rw-r--r-- 1 root root 402 2022-04-08 18:31 ./patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 514852 2022-04-08 18:31 ./patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-04-08 18:31 ./patches/packages/libarchive-3.6.1-x86_64-1_slack15.0.txz.asc @@ -874,7 +874,7 @@ drwxr-xr-x 2 root root 4096 2022-05-09 21:37 ./patches/packages/linux-5.15 -rw-r--r-- 1 root root 388 2022-03-28 19:09 ./patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txt -rw-r--r-- 1 root root 105204 2022-03-28 19:09 ./patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz -rw-r--r-- 1 root root 163 2022-03-28 19:09 ./patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz.asc -drwxr-xr-x 38 root root 4096 2022-06-04 18:42 ./patches/source +drwxr-xr-x 38 root root 4096 2022-06-08 18:41 ./patches/source drwxr-xr-x 2 root root 4096 2022-01-16 05:07 ./patches/source/aaa_base -rw-r--r-- 1 root root 11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz -rwxr-xr-x 1 root root 3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild @@ -1003,10 +1003,10 @@ drwxr-xr-x 2 root root 4096 2022-04-07 21:51 ./patches/source/gzip -rw-r--r-- 1 root root 833 2022-04-07 17:00 ./patches/source/gzip/gzip-1.12.tar.xz.sig -rwxr-xr-x 1 root root 5170 2022-04-14 20:41 ./patches/source/gzip/gzip.SlackBuild -rw-r--r-- 1 root root 766 2018-02-27 06:13 ./patches/source/gzip/slack-desc -drwxr-xr-x 2 root root 4096 2022-03-14 17:38 ./patches/source/httpd +drwxr-xr-x 2 root root 4096 2022-06-08 17:55 ./patches/source/httpd -rw-r--r-- 1 root root 931 2018-09-24 18:58 ./patches/source/httpd/doinst.sh.gz --rw-r--r-- 1 root root 7431942 2022-03-14 09:45 ./patches/source/httpd/httpd-2.4.53.tar.bz2 --rw-r--r-- 1 root root 874 2022-03-14 09:45 ./patches/source/httpd/httpd-2.4.53.tar.bz2.asc +-rw-r--r-- 1 root root 7434530 2022-06-08 08:42 ./patches/source/httpd/httpd-2.4.54.tar.bz2 +-rw-r--r-- 1 root root 874 2022-06-08 08:42 ./patches/source/httpd/httpd-2.4.54.tar.bz2.asc -rwxr-xr-x 1 root root 9115 2022-03-14 17:38 ./patches/source/httpd/httpd.SlackBuild -rw-r--r-- 1 root root 260 2012-04-13 02:17 ./patches/source/httpd/httpd.runasapache.diff.gz -rw-r--r-- 1 root root 112 2022-03-14 17:26 ./patches/source/httpd/httpd.url diff --git a/patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txt b/patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txt deleted file mode 100644 index 3185f84d3..000000000 --- a/patches/packages/httpd-2.4.53-x86_64-1_slack15.0.txt +++ /dev/null @@ -1,11 +0,0 @@ -httpd: httpd (The Apache HTTP Server) -httpd: -httpd: Apache is an HTTP server designed as a plug-in replacement for the -httpd: NCSA HTTP server. It fixes numerous bugs in the NCSA server and -httpd: includes many frequently requested new features, and has an API which -httpd: allows it to be extended to meet users' needs more easily. -httpd: -httpd: Apache is the most popular web server in the known universe; over -httpd: half of the servers on the Internet are running Apache or one of -httpd: its variants. -httpd: diff --git a/patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txt b/patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..3185f84d3 --- /dev/null +++ b/patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +httpd: httpd (The Apache HTTP Server) +httpd: +httpd: Apache is an HTTP server designed as a plug-in replacement for the +httpd: NCSA HTTP server. It fixes numerous bugs in the NCSA server and +httpd: includes many frequently requested new features, and has an API which +httpd: allows it to be extended to meet users' needs more easily. +httpd: +httpd: Apache is the most popular web server in the known universe; over +httpd: half of the servers on the Internet are running Apache or one of +httpd: its variants. +httpd: -- cgit v1.2.3