From 5a04d2d705926c4691d26307b0125cfb290e6ee7 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Wed, 21 Sep 2022 19:19:07 +0000
Subject: Wed Sep 21 19:19:07 UTC 2022

ap/cups-2.4.2-x86_64-3.txz:  Rebuilt.
  Fixed crash when using the CUPS web setup interface:
  [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing
  it (Issue #409).
  Thanks to MisterL, bryjen, and kjhambrick.
  Fixed an OpenSSL certificate loading issue:
  [PATCH] The OpenSSL code path wasn't loading the full certificate
  chain (Issue #465).
  Thanks to tmmukunn.
---
 ChangeLog.txt | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

(limited to 'ChangeLog.txt')

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 5254b9419..0e5583cd1 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,46 @@
+Wed Sep 21 19:19:07 UTC 2022
+ap/cups-2.4.2-x86_64-3.txz:  Rebuilt.
+  Fixed crash when using the CUPS web setup interface:
+  [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing
+  it (Issue #409).
+  Thanks to MisterL, bryjen, and kjhambrick.
+  Fixed an OpenSSL certificate loading issue:
+  [PATCH] The OpenSSL code path wasn't loading the full certificate
+  chain (Issue #465).
+  Thanks to tmmukunn.
++--------------------------+
+Wed Sep 21 18:30:30 UTC 2022
+ap/cups-2.4.2-x86_64-2.txz:  Rebuilt.
+  Install pkgconfig file to the proper directory.
+l/libbluray-1.3.3-x86_64-1.txz:  Upgraded.
+l/system-config-printer-1.5.18-x86_64-1.txz:  Upgraded.
+n/bind-9.18.7-x86_64-1.txz:  Upgraded.
+  This update fixes bugs and the following security issues:
+  Fix memory leak in EdDSA verify processing.
+  Fix serve-stale crash that could happen when stale-answer-client-timeout
+  was set to 0 and there was a stale CNAME in the cache for an incoming query.
+  Fix memory leaks in the DH code when using OpenSSL 3.0.0 and later versions.
+  The openssldh_compare(), openssldh_paramcompare(), and openssldh_todns()
+  functions were affected.
+  When an HTTP connection was reused to get statistics from the stats channel,
+  and zlib compression was in use, each successive response sent larger and
+  larger blocks of memory, potentially reading past the end of the allocated
+  buffer.
+  Prevent excessive resource use while processing large delegations.
+  For more information, see:
+    https://kb.isc.org/docs/cve-2022-38178
+    https://kb.isc.org/docs/cve-2022-3080
+    https://kb.isc.org/docs/cve-2022-2906
+    https://kb.isc.org/docs/cve-2022-2881
+    https://kb.isc.org/docs/cve-2022-2795
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2906
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2881
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795
+  (* Security fix *)
+n/nghttp2-1.50.0-x86_64-1.txz:  Upgraded.
++--------------------------+
 Tue Sep 20 22:50:28 UTC 2022
 a/kernel-generic-5.19.10-x86_64-1.txz:  Upgraded.
 a/kernel-huge-5.19.10-x86_64-1.txz:  Upgraded.
-- 
cgit v1.2.3-65-gdbad