From 71ceb94a1412ec19af5c69ad44880ad5cd8fd643 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Sun, 20 Oct 2019 19:39:21 +0000 Subject: Sun Oct 20 19:39:21 UTC 2019 d/python-2.7.17-x86_64-1.txz: Upgraded. This update fixes bugs and security issues: Update vendorized expat library version to 2.2.8. Disallow URL paths with embedded whitespace or control characters into the underlying http client request. Such potentially malicious header injection URLs now cause an httplib.InvalidURL exception to be raised. Avoid file reading by disallowing ``local-file://`` and ``local_file://`` URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948 (* Security fix *) n/proftpd-1.3.6b-x86_64-1.txz: Upgraded. --- ChangeLog.rss | 29 ++++++++++++++-- ChangeLog.txt | 17 ++++++++++ FILELIST.TXT | 66 ++++++++++++++++++------------------- source/d/python/python.SlackBuild | 2 +- source/n/proftpd/proftpd.SlackBuild | 4 +-- 5 files changed, 80 insertions(+), 38 deletions(-) diff --git a/ChangeLog.rss b/ChangeLog.rss index 632c9fd97..ebf74a341 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,34 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Sat, 19 Oct 2019 19:04:57 GMT - Sun, 20 Oct 2019 06:59:44 GMT + Sun, 20 Oct 2019 19:39:21 GMT + Mon, 21 Oct 2019 06:59:43 GMT maintain_current_git.sh v 1.11 + + Sun, 20 Oct 2019 19:39:21 GMT + Sun, 20 Oct 2019 19:39:21 GMT + https://git.slackware.nl/current/tag/?h=20191020193921 + 20191020193921 + + +d/python-2.7.17-x86_64-1.txz: Upgraded. + This update fixes bugs and security issues: + Update vendorized expat library version to 2.2.8. + Disallow URL paths with embedded whitespace or control characters into the + underlying http client request. Such potentially malicious header injection + URLs now cause an httplib.InvalidURL exception to be raised. + Avoid file reading by disallowing ``local-file://`` and ``local_file://`` + URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and + :meth:`urllib.URLopener.retrieve`. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948 + (* Security fix *) +n/proftpd-1.3.6b-x86_64-1.txz: Upgraded. + ]]> + + Sat, 19 Oct 2019 19:04:57 GMT Sat, 19 Oct 2019 19:04:57 GMT diff --git a/ChangeLog.txt b/ChangeLog.txt index 4ad66141e..cbe53fec4 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,20 @@ +Sun Oct 20 19:39:21 UTC 2019 +d/python-2.7.17-x86_64-1.txz: Upgraded. + This update fixes bugs and security issues: + Update vendorized expat library version to 2.2.8. + Disallow URL paths with embedded whitespace or control characters into the + underlying http client request. Such potentially malicious header injection + URLs now cause an httplib.InvalidURL exception to be raised. + Avoid file reading by disallowing ``local-file://`` and ``local_file://`` + URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and + :meth:`urllib.URLopener.retrieve`. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948 + (* Security fix *) +n/proftpd-1.3.6b-x86_64-1.txz: Upgraded. ++--------------------------+ Sat Oct 19 19:04:57 UTC 2019 d/python-pip-19.3.1-x86_64-1.txz: Upgraded. l/mozilla-nss-3.47-x86_64-1.txz: Upgraded. diff --git a/FILELIST.TXT b/FILELIST.TXT index 6cc815418..80be9fff4 100644 --- a/FILELIST.TXT +++ b/FILELIST.TXT @@ -1,20 +1,20 @@ -Sat Oct 19 19:16:07 UTC 2019 +Sun Oct 20 20:02:43 UTC 2019 Here is the file list for this directory. If you are using a mirror site and find missing or extra files in the disk subdirectories, please have the archive administrator refresh the mirror. -drwxr-xr-x 12 root root 4096 2019-10-19 19:04 . +drwxr-xr-x 12 root root 4096 2019-10-20 19:39 . -rw-r--r-- 1 root root 10064 2016-06-30 18:39 ./ANNOUNCE.14_2 -rw-r--r-- 1 root root 14642 2019-10-18 21:18 ./CHANGES_AND_HINTS.TXT --rw-r--r-- 1 root root 924836 2019-10-18 23:10 ./CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2019-10-18 23:10 ./CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 924836 2019-10-19 19:16 ./CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2019-10-19 19:16 ./CHECKSUMS.md5.asc -rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING -rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3 -rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT -rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT --rw-r--r-- 1 root root 718391 2019-10-19 19:04 ./ChangeLog.txt +-rw-r--r-- 1 root root 719282 2019-10-20 19:39 ./ChangeLog.txt drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI drwxr-xr-x 2 root root 4096 2019-10-18 00:57 ./EFI/BOOT -rw-r--r-- 1 root root 1417216 2019-07-05 18:54 ./EFI/BOOT/bootx64.efi @@ -25,9 +25,9 @@ drwxr-xr-x 2 root root 4096 2019-10-18 00:57 ./EFI/BOOT -rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh -rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg -rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg --rw-r--r-- 1 root root 1216238 2019-10-18 23:09 ./FILELIST.TXT +-rw-r--r-- 1 root root 1216237 2019-10-19 19:16 ./FILELIST.TXT -rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY --rw-r--r-- 1 root root 732230 2019-10-19 19:14 ./PACKAGES.TXT +-rw-r--r-- 1 root root 732230 2019-10-20 20:01 ./PACKAGES.TXT -rw-r--r-- 1 root root 8564 2016-06-28 21:33 ./README.TXT -rw-r--r-- 1 root root 3635 2019-10-18 00:21 ./README.initrd -rw-r--r-- 1 root root 34412 2017-12-01 17:44 ./README_CRYPT.TXT @@ -823,11 +823,11 @@ drwxr-xr-x 2 root root 4096 2012-09-20 18:06 ./patches -rw-r--r-- 1 root root 575 2012-09-20 18:06 ./patches/FILE_LIST -rw-r--r-- 1 root root 14 2012-09-20 18:06 ./patches/MANIFEST.bz2 -rw-r--r-- 1 root root 224 2012-09-20 18:06 ./patches/PACKAGES.TXT -drwxr-xr-x 18 root root 4096 2019-10-19 19:14 ./slackware64 --rw-r--r-- 1 root root 290524 2019-10-19 19:14 ./slackware64/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2019-10-19 19:14 ./slackware64/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 361903 2019-10-19 19:11 ./slackware64/FILE_LIST --rw-r--r-- 1 root root 3646854 2019-10-19 19:12 ./slackware64/MANIFEST.bz2 +drwxr-xr-x 18 root root 4096 2019-10-20 20:01 ./slackware64 +-rw-r--r-- 1 root root 290524 2019-10-20 20:01 ./slackware64/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2019-10-20 20:01 ./slackware64/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 361903 2019-10-20 19:58 ./slackware64/FILE_LIST +-rw-r--r-- 1 root root 3639976 2019-10-20 19:59 ./slackware64/MANIFEST.bz2 lrwxrwxrwx 1 root root 15 2009-08-23 23:34 ./slackware64/PACKAGES.TXT -> ../PACKAGES.TXT drwxr-xr-x 2 root root 28672 2019-10-18 21:19 ./slackware64/a -rw-r--r-- 1 root root 327 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txt @@ -1423,7 +1423,7 @@ drwxr-xr-x 2 root root 20480 2019-10-18 21:19 ./slackware64/ap -rw-r--r-- 1 root root 506 2019-02-04 20:25 ./slackware64/ap/zsh-5.7.1-x86_64-1.txt -rw-r--r-- 1 root root 3008036 2019-02-04 20:25 ./slackware64/ap/zsh-5.7.1-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-02-04 20:25 ./slackware64/ap/zsh-5.7.1-x86_64-1.txz.asc -drwxr-xr-x 2 root root 20480 2019-10-19 19:11 ./slackware64/d +drwxr-xr-x 2 root root 20480 2019-10-20 19:58 ./slackware64/d -rw-r--r-- 1 root root 360 2019-07-27 18:08 ./slackware64/d/Cython-0.29.13-x86_64-1.txt -rw-r--r-- 1 root root 3223156 2019-07-27 18:08 ./slackware64/d/Cython-0.29.13-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-07-27 18:08 ./slackware64/d/Cython-0.29.13-x86_64-1.txz.asc @@ -1575,9 +1575,9 @@ drwxr-xr-x 2 root root 20480 2019-10-19 19:11 ./slackware64/d -rw-r--r-- 1 root root 337 2018-04-13 14:04 ./slackware64/d/pmake-1.111-x86_64-5.txt -rw-r--r-- 1 root root 120924 2018-04-13 14:04 ./slackware64/d/pmake-1.111-x86_64-5.txz -rw-r--r-- 1 root root 163 2018-04-13 14:04 ./slackware64/d/pmake-1.111-x86_64-5.txz.asc --rw-r--r-- 1 root root 436 2019-09-18 18:17 ./slackware64/d/python-2.7.16-x86_64-3.txt --rw-r--r-- 1 root root 12922164 2019-09-18 18:17 ./slackware64/d/python-2.7.16-x86_64-3.txz --rw-r--r-- 1 root root 163 2019-09-18 18:17 ./slackware64/d/python-2.7.16-x86_64-3.txz.asc +-rw-r--r-- 1 root root 436 2019-10-20 18:57 ./slackware64/d/python-2.7.17-x86_64-1.txt +-rw-r--r-- 1 root root 13031204 2019-10-20 18:57 ./slackware64/d/python-2.7.17-x86_64-1.txz +-rw-r--r-- 1 root root 163 2019-10-20 18:57 ./slackware64/d/python-2.7.17-x86_64-1.txz.asc -rw-r--r-- 1 root root 270 2019-10-19 17:35 ./slackware64/d/python-pip-19.3.1-x86_64-1.txt -rw-r--r-- 1 root root 2196228 2019-10-19 17:35 ./slackware64/d/python-pip-19.3.1-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-10-19 17:35 ./slackware64/d/python-pip-19.3.1-x86_64-1.txz.asc @@ -3460,7 +3460,7 @@ drwxr-xr-x 2 root root 69632 2019-10-19 19:11 ./slackware64/l -rw-r--r-- 1 root root 463 2019-08-21 04:36 ./slackware64/l/zstd-1.4.3-x86_64-1.txt -rw-r--r-- 1 root root 400628 2019-08-21 04:36 ./slackware64/l/zstd-1.4.3-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-08-21 04:36 ./slackware64/l/zstd-1.4.3-x86_64-1.txz.asc -drwxr-xr-x 2 root root 36864 2019-10-18 21:19 ./slackware64/n +drwxr-xr-x 2 root root 36864 2019-10-20 19:58 ./slackware64/n -rw-r--r-- 1 root root 357 2019-09-15 20:54 ./slackware64/n/ModemManager-1.10.6-x86_64-1.txt -rw-r--r-- 1 root root 1704048 2019-09-15 20:54 ./slackware64/n/ModemManager-1.10.6-x86_64-1.txz -rw-r--r-- 1 root root 163 2019-09-15 20:54 ./slackware64/n/ModemManager-1.10.6-x86_64-1.txz.asc @@ -3813,9 +3813,9 @@ drwxr-xr-x 2 root root 36864 2019-10-18 21:19 ./slackware64/n -rw-r--r-- 1 root root 687 2018-04-13 15:51 ./slackware64/n/procmail-3.22-x86_64-3.txt -rw-r--r-- 1 root root 135716 2018-04-13 15:51 ./slackware64/n/procmail-3.22-x86_64-3.txz -rw-r--r-- 1 root root 163 2018-04-13 15:51 ./slackware64/n/procmail-3.22-x86_64-3.txz.asc --rw-r--r-- 1 root root 371 2019-10-13 17:29 ./slackware64/n/proftpd-1.3.6a-x86_64-1.txt --rw-r--r-- 1 root root 1353668 2019-10-13 17:29 ./slackware64/n/proftpd-1.3.6a-x86_64-1.txz --rw-r--r-- 1 root root 163 2019-10-13 17:29 ./slackware64/n/proftpd-1.3.6a-x86_64-1.txz.asc +-rw-r--r-- 1 root root 371 2019-10-20 18:49 ./slackware64/n/proftpd-1.3.6b-x86_64-1.txt +-rw-r--r-- 1 root root 1353520 2019-10-20 18:49 ./slackware64/n/proftpd-1.3.6b-x86_64-1.txz +-rw-r--r-- 1 root root 163 2019-10-20 18:49 ./slackware64/n/proftpd-1.3.6b-x86_64-1.txz.asc -rw-r--r-- 1 root root 590 2019-02-19 23:39 ./slackware64/n/pssh-2.3.1-x86_64-4.txt -rw-r--r-- 1 root root 38948 2019-02-19 23:39 ./slackware64/n/pssh-2.3.1-x86_64-4.txz -rw-r--r-- 1 root root 163 2019-02-19 23:39 ./slackware64/n/pssh-2.3.1-x86_64-4.txz.asc @@ -5038,11 +5038,11 @@ drwxr-xr-x 2 root root 4096 2019-02-17 23:51 ./slackware64/y -rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag -rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag.ez -rw-r--r-- 1 root root 14 2018-03-01 07:55 ./slackware64/y/tagfile -drwxr-xr-x 19 root root 4096 2019-10-19 19:16 ./source --rw-r--r-- 1 root root 469823 2019-10-19 19:16 ./source/CHECKSUMS.md5 --rw-r--r-- 1 root root 163 2019-10-19 19:16 ./source/CHECKSUMS.md5.asc --rw-r--r-- 1 root root 663079 2019-10-19 19:15 ./source/FILE_LIST --rw-r--r-- 1 root root 17794231 2019-10-19 19:15 ./source/MANIFEST.bz2 +drwxr-xr-x 19 root root 4096 2019-10-20 20:02 ./source +-rw-r--r-- 1 root root 469823 2019-10-20 20:02 ./source/CHECKSUMS.md5 +-rw-r--r-- 1 root root 163 2019-10-20 20:02 ./source/CHECKSUMS.md5.asc +-rw-r--r-- 1 root root 663079 2019-10-20 20:02 ./source/FILE_LIST +-rw-r--r-- 1 root root 17781754 2019-10-20 20:02 ./source/MANIFEST.bz2 -rw-r--r-- 1 root root 1314 2006-10-02 04:40 ./source/README.TXT drwxr-xr-x 110 root root 4096 2019-10-18 18:37 ./source/a -rw-r--r-- 1 root root 1034 2019-05-04 17:56 ./source/a/FTBFSlog @@ -6800,7 +6800,7 @@ drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/d/pmake -rw-r--r-- 1 root root 38071 2007-02-09 20:45 ./source/d/pmake/pmake.txt.gz -rw-r--r-- 1 root root 26675 2005-07-07 09:32 ./source/d/pmake/pmake_1.111-1.diff.gz -rw-r--r-- 1 root root 790 2018-02-27 06:49 ./source/d/pmake/slack-desc -drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/d/python +drwxr-xr-x 2 root root 4096 2019-10-20 18:54 ./source/d/python drwxr-xr-x 2 root root 4096 2019-10-19 17:35 ./source/d/python-pip -rw-r--r-- 1 root root 999996 2019-10-18 08:21 ./source/d/python-pip/pip-19.3.1.tar.lz -rw-r--r-- 1 root root 33 2018-03-29 06:10 ./source/d/python-pip/pip.url @@ -6811,10 +6811,10 @@ drwxr-xr-x 2 root root 4096 2019-10-07 18:54 ./source/d/python-setuptools -rw-r--r-- 1 root root 40 2017-11-28 22:11 ./source/d/python-setuptools/python-setuptools.url -rw-r--r-- 1 root root 460073 2019-10-07 01:39 ./source/d/python-setuptools/setuptools-41.4.0.tar.lz -rw-r--r-- 1 root root 1059 2018-02-27 06:13 ./source/d/python-setuptools/slack-desc --rw-r--r-- 1 root root 12752104 2019-03-02 18:40 ./source/d/python/Python-2.7.16.tar.xz --rw-r--r-- 1 root root 833 2019-03-02 18:40 ./source/d/python/Python-2.7.16.tar.xz.asc --rw-r--r-- 1 root root 1632463 2019-03-02 19:04 ./source/d/python/python-2.7.16-docs-text.tar.bz2 --rwxr-xr-x 1 root root 5710 2019-09-29 23:48 ./source/d/python/python.SlackBuild +-rw-r--r-- 1 root root 12855568 2019-10-19 19:00 ./source/d/python/Python-2.7.17.tar.xz +-rw-r--r-- 1 root root 833 2019-10-19 19:00 ./source/d/python/Python-2.7.17.tar.xz.asc +-rw-r--r-- 1 root root 1624111 2019-10-19 19:00 ./source/d/python/python-2.7.17-docs-text.tar.bz2 +-rwxr-xr-x 1 root root 5710 2019-10-20 18:54 ./source/d/python/python.SlackBuild -rw-r--r-- 1 root root 798 2012-05-09 18:38 ./source/d/python/python.no-static-library.diff.gz -rw-r--r-- 1 root root 325 2009-06-09 19:23 ./source/d/python/python.readline.set_pre_input_hook.diff.gz -rw-r--r-- 1 root root 34 2019-03-03 19:49 ./source/d/python/python.url @@ -10717,13 +10717,13 @@ drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/n/procmail -rw-r--r-- 1 root root 277 2006-09-19 04:10 ./source/n/procmail/procmail.lfs.diff.gz -rw-r--r-- 1 root root 13073 2002-12-26 21:18 ./source/n/procmail/procmail_3.22-5.diff.gz -rw-r--r-- 1 root root 1143 2018-02-27 06:13 ./source/n/procmail/slack-desc -drwxr-xr-x 3 root root 4096 2019-10-13 17:27 ./source/n/proftpd +drwxr-xr-x 3 root root 4096 2019-10-20 18:27 ./source/n/proftpd -rw-r--r-- 1 root root 306 2003-03-06 07:52 ./source/n/proftpd/doinst.sh.gz drwxr-xr-x 2 root root 4096 2017-04-20 21:08 ./source/n/proftpd/etc -rw-r--r-- 1 root root 581 2001-02-26 07:31 ./source/n/proftpd/etc/ftpusers -rw-r--r-- 1 root root 1986 2017-04-20 21:08 ./source/n/proftpd/etc/proftpd.conf --rw-r--r-- 1 root root 14424980 2019-10-12 23:39 ./source/n/proftpd/proftpd-1.3.6a.tar.lz --rwxr-xr-x 1 root root 4625 2019-10-13 17:28 ./source/n/proftpd/proftpd.SlackBuild +-rw-r--r-- 1 root root 14426305 2019-10-19 20:38 ./source/n/proftpd/proftpd-1.3.6b.tar.lz +-rwxr-xr-x 1 root root 4625 2019-10-20 18:47 ./source/n/proftpd/proftpd.SlackBuild -rw-r--r-- 1 root root 826 2018-02-27 06:13 ./source/n/proftpd/slack-desc drwxr-xr-x 2 root root 4096 2019-09-29 23:48 ./source/n/pssh -rw-r--r-- 1 root root 238 2017-04-16 10:40 ./source/n/pssh/pssh-2.3.1-py3-import.patch.gz diff --git a/source/d/python/python.SlackBuild b/source/d/python/python.SlackBuild index 4a51a71ee..c74af7970 100755 --- a/source/d/python/python.SlackBuild +++ b/source/d/python/python.SlackBuild @@ -26,7 +26,7 @@ PKGNAM=python SRCNAM=Python VERSION=$(echo $SRCNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev) BRANCH_VERSION=$(echo $VERSION | cut -f 1,2 -d . ) -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/n/proftpd/proftpd.SlackBuild b/source/n/proftpd/proftpd.SlackBuild index a2484230a..21c219962 100755 --- a/source/n/proftpd/proftpd.SlackBuild +++ b/source/n/proftpd/proftpd.SlackBuild @@ -23,8 +23,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=proftpd -VERSION=1.3.6a -DIRVER=1.3.6a +VERSION=1.3.6b +DIRVER=1.3.6b BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} -- cgit v1.2.3