Thu Apr 4 20:49:23 UTC 2024

patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HTTP/2 DoS by memory exhaustion on endless continuation frames. HTTP Response Splitting in multiple modules. HTTP response splitting. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.59 https://www.cve.org/CVERecord?id=CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2023-38709 (* Security fix *) patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it can accept after a HEADERS frame. For more information, see: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://www.kb.cert.org/vuls/id/421644 https://www.cve.org/CVERecord?id=CVE-2024-28182 (* Security fix *)
2025-01-13 08:01:53 +01:00 · 2024-04-04 20:49:23 +00:00 · 2024-04-04 20:49:23 +00:00 · 1e2fa38645
commit 1e2fa38645
parent d6e7dd0417
6 changed files with 89 additions and 31 deletions
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@ -11,9 +11,42 @@
      <description>Tracking Slackware development in git.</description>
      <language>en-us</language>
      <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Wed,  3 Apr 2024 22:22:06 GMT</pubDate>
-      <lastBuildDate>Thu,  4 Apr 2024 11:30:27 GMT</lastBuildDate>
+      <pubDate>Thu,  4 Apr 2024 20:49:23 GMT</pubDate>
+      <lastBuildDate>Fri,  5 Apr 2024 11:30:43 GMT</lastBuildDate>
      <generator>maintain_current_git.sh v 1.17</generator>
+      <item>
+         <title>Thu,  4 Apr 2024 20:49:23 GMT</title>
+         <pubDate>Thu,  4 Apr 2024 20:49:23 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20240404204923</link>
+         <guid isPermaLink="false">20240404204923</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  HTTP/2 DoS by memory exhaustion on endless continuation frames.
+  HTTP Response Splitting in multiple modules.
+  HTTP response splitting.
+  For more information, see:
+    https://downloads.apache.org/httpd/CHANGES_2.4.59
+    https://www.cve.org/CVERecord?id=CVE-2024-27316
+    https://www.cve.org/CVERecord?id=CVE-2024-24795
+    https://www.cve.org/CVERecord?id=CVE-2023-38709
+  (* Security fix *)
+patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
+  frames even after a stream is reset to keep HPACK context in sync. This
+  causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
+  this vulnerability by limiting the number of CONTINUATION frames it can
+  accept after a HEADERS frame.
+  For more information, see:
+    https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
+    https://www.kb.cert.org/vuls/id/421644
+    https://www.cve.org/CVERecord?id=CVE-2024-28182
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
      <item>
         <title>Wed,  3 Apr 2024 22:22:06 GMT</title>
         <pubDate>Wed,  3 Apr 2024 22:22:06 GMT</pubDate>
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,3 +1,28 @@
+Thu Apr  4 20:49:23 UTC 2024
+patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  HTTP/2 DoS by memory exhaustion on endless continuation frames.
+  HTTP Response Splitting in multiple modules.
+  HTTP response splitting.
+  For more information, see:
+    https://downloads.apache.org/httpd/CHANGES_2.4.59
+    https://www.cve.org/CVERecord?id=CVE-2024-27316
+    https://www.cve.org/CVERecord?id=CVE-2024-24795
+    https://www.cve.org/CVERecord?id=CVE-2023-38709
+  (* Security fix *)
+patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
+  frames even after a stream is reset to keep HPACK context in sync. This
+  causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
+  this vulnerability by limiting the number of CONTINUATION frames it can
+  accept after a HEADERS frame.
+  For more information, see:
+    https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
+    https://www.kb.cert.org/vuls/id/421644
+    https://www.cve.org/CVERecord?id=CVE-2024-28182
+  (* Security fix *)
+--------------------------+
 Wed Apr  3 22:22:06 UTC 2024
 patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@ -1,20 +1,20 @@
-Wed Apr  3 22:24:45 UTC 2024
+Thu Apr  4 20:51:47 UTC 2024

 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.

-drwxr-xr-x  12 root root      4096 2024-04-03 22:22 .
+drwxr-xr-x  12 root root      4096 2024-04-04 20:49 .
 -rw-r--r--   1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--   1 root root     16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r--   1 root root   1229179 2024-04-03 20:02 ./CHECKSUMS.md5
-rw-r--r--   1 root root       195 2024-04-03 20:02 ./CHECKSUMS.md5.asc
+-rw-r--r--   1 root root   1229887 2024-04-04 19:11 ./CHECKSUMS.md5
+-rw-r--r--   1 root root       195 2024-04-04 19:11 ./CHECKSUMS.md5.asc
 -rw-r--r--   1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--   1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--   1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--   1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r--   1 root root   2106812 2024-04-03 22:22 ./ChangeLog.txt
+-rw-r--r--   1 root root   2108035 2024-04-04 20:49 ./ChangeLog.txt
 drwxr-xr-x   3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x   2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--   1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x   2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x   1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--   1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--   1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r--   1 root root   1605769 2024-04-03 20:02 ./FILELIST.TXT
+-rw-r--r--   1 root root   1606587 2024-04-04 19:11 ./FILELIST.TXT
 -rw-r--r--   1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--   1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--   1 root root      8034 2022-02-02 03:36 ./README.TXT
@ -828,13 +828,13 @@ drwxr-xr-x   2 root root      4096 2022-12-17 19:52 ./pasture/source/samba
 -rw-r--r--   1 root root      7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
 -rw-r--r--   1 root root      7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
 -rw-r--r--   1 root root       536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
-drwxr-xr-x   4 root root      4096 2024-04-03 22:24 ./patches
-rw-r--r--   1 root root    111814 2024-04-03 22:24 ./patches/CHECKSUMS.md5
-rw-r--r--   1 root root       195 2024-04-03 22:24 ./patches/CHECKSUMS.md5.asc
-rw-r--r--   1 root root    152487 2024-04-03 22:24 ./patches/FILE_LIST
-rw-r--r--   1 root root  15370039 2024-04-03 22:24 ./patches/MANIFEST.bz2
-rw-r--r--   1 root root     78327 2024-04-03 22:24 ./patches/PACKAGES.TXT
-drwxr-xr-x   5 root root     32768 2024-04-03 22:24 ./patches/packages
+drwxr-xr-x   4 root root      4096 2024-04-04 19:11 ./patches
+-rw-r--r--   1 root root    111814 2024-04-04 19:11 ./patches/CHECKSUMS.md5
+-rw-r--r--   1 root root       195 2024-04-04 19:11 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--   1 root root    152487 2024-04-04 19:11 ./patches/FILE_LIST
+-rw-r--r--   1 root root  15352234 2024-04-04 19:11 ./patches/MANIFEST.bz2
+-rw-r--r--   1 root root     78327 2024-04-04 19:11 ./patches/PACKAGES.TXT
+drwxr-xr-x   5 root root     32768 2024-04-04 19:11 ./patches/packages
 -rw-r--r--   1 root root       360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root   2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@ -931,9 +931,9 @@ drwxr-xr-x   5 root root     32768 2024-04-03 22:24 ./patches/packages
 -rw-r--r--   1 root root       314 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root    111208 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz.asc
-rw-r--r--   1 root root       513 2023-10-19 19:02 ./patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txt
-rw-r--r--   1 root root   3907716 2023-10-19 19:02 ./patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz
-rw-r--r--   1 root root       163 2023-10-19 19:02 ./patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz.asc
+-rw-r--r--   1 root root       513 2024-04-04 16:57 ./patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txt
+-rw-r--r--   1 root root   3913144 2024-04-04 16:57 ./patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz
+-rw-r--r--   1 root root       195 2024-04-04 16:57 ./patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz.asc
 -rw-r--r--   1 root root       513 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root    312136 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz.asc
@ -1037,9 +1037,9 @@ drwxr-xr-x   2 root root      4096 2023-12-26 00:24 ./patches/packages/linux-5.1
 -rw-r--r--   1 root root       582 2023-06-26 18:57 ./patches/packages/network-scripts-15.0-noarch-19_slack15.0.txt
 -rw-r--r--   1 root root     40028 2023-06-26 18:57 ./patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-06-26 18:57 ./patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz.asc
-rw-r--r--   1 root root       297 2023-10-10 23:31 ./patches/packages/nghttp2-1.57.0-x86_64-1_slack15.0.txt
-rw-r--r--   1 root root    112612 2023-10-10 23:31 ./patches/packages/nghttp2-1.57.0-x86_64-1_slack15.0.txz
-rw-r--r--   1 root root       163 2023-10-10 23:31 ./patches/packages/nghttp2-1.57.0-x86_64-1_slack15.0.txz.asc
+-rw-r--r--   1 root root       297 2024-04-04 17:00 ./patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txt
+-rw-r--r--   1 root root    117908 2024-04-04 17:00 ./patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz
+-rw-r--r--   1 root root       195 2024-04-04 17:00 ./patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz.asc
 -rw-r--r--   1 root root       550 2023-05-25 18:24 ./patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root    466552 2023-05-25 18:24 ./patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-05-25 18:24 ./patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz.asc
@ -1216,7 +1216,7 @@ drwxr-xr-x   2 root root      4096 2023-11-21 21:09 ./patches/packages/old-linux
 -rw-r--r--   1 root root       463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root    459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 111 root root      4096 2024-04-03 22:20 ./patches/source
+drwxr-xr-x 111 root root      4096 2024-04-04 18:18 ./patches/source
 drwxr-xr-x   2 root root      4096 2023-09-26 19:22 ./patches/source/Cython
 -rw-r--r--   1 root root   1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
 -rwxr-xr-x   1 root root      3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@ -1469,13 +1469,13 @@ drwxr-xr-x   2 root root      4096 2022-04-07 21:51 ./patches/source/gzip
 -rw-r--r--   1 root root       833 2022-04-07 17:00 ./patches/source/gzip/gzip-1.12.tar.xz.sig
 -rwxr-xr-x   1 root root      5170 2022-04-14 20:41 ./patches/source/gzip/gzip.SlackBuild
 -rw-r--r--   1 root root       766 2018-02-27 06:13 ./patches/source/gzip/slack-desc
-drwxr-xr-x   2 root root      4096 2023-10-19 18:58 ./patches/source/httpd
+drwxr-xr-x   2 root root      4096 2024-04-04 16:56 ./patches/source/httpd
 -rw-r--r--   1 root root       931 2018-09-24 18:58 ./patches/source/httpd/doinst.sh.gz
-rw-r--r--   1 root root   7485817 2023-10-19 09:09 ./patches/source/httpd/httpd-2.4.58.tar.bz2
-rw-r--r--   1 root root       874 2023-10-19 09:09 ./patches/source/httpd/httpd-2.4.58.tar.bz2.asc
+-rw-r--r--   1 root root   7503198 2024-04-04 13:33 ./patches/source/httpd/httpd-2.4.59.tar.bz2
+-rw-r--r--   1 root root       833 2024-04-04 13:33 ./patches/source/httpd/httpd-2.4.59.tar.bz2.asc
 -rwxr-xr-x   1 root root      9115 2022-03-14 17:38 ./patches/source/httpd/httpd.SlackBuild
 -rw-r--r--   1 root root       260 2012-04-13 02:17 ./patches/source/httpd/httpd.runasapache.diff.gz
-rw-r--r--   1 root root       112 2023-10-19 18:51 ./patches/source/httpd/httpd.url
+-rw-r--r--   1 root root       112 2024-04-04 16:46 ./patches/source/httpd/httpd.url
 -rw-r--r--   1 root root       171 2021-05-23 19:15 ./patches/source/httpd/logrotate.httpd
 -rw-r--r--   1 root root      1001 2023-08-16 16:41 ./patches/source/httpd/rc.httpd
 -rw-r--r--   1 root root       966 2018-02-27 06:13 ./patches/source/httpd/slack-desc
@ -1834,9 +1834,9 @@ drwxr-xr-x   2 root root      4096 2021-04-01 20:21 ./patches/source/network-scr
 -rw-r--r--   1 root root        19 1999-01-28 01:15 ./patches/source/network-scripts/scripts/resolv.conf
 -rw-r--r--   1 root root       349 2003-02-18 23:53 ./patches/source/network-scripts/scripts/setup.netconfig
 -rw-r--r--   1 root root      1045 2018-02-27 06:13 ./patches/source/network-scripts/slack-desc
-drwxr-xr-x   2 root root      4096 2023-10-10 23:26 ./patches/source/nghttp2
-rw-r--r--   1 root root   1543568 2023-10-10 14:12 ./patches/source/nghttp2/nghttp2-1.57.0.tar.xz
-rw-r--r--   1 root root       195 2023-10-10 14:12 ./patches/source/nghttp2/nghttp2-1.57.0.tar.xz.asc
+drwxr-xr-x   2 root root      4096 2024-04-04 16:59 ./patches/source/nghttp2
+-rw-r--r--   1 root root   1645808 2024-04-04 08:43 ./patches/source/nghttp2/nghttp2-1.61.0.tar.xz
+-rw-r--r--   1 root root       833 2024-04-04 08:43 ./patches/source/nghttp2/nghttp2-1.61.0.tar.xz.asc
 -rwxr-xr-x   1 root root      4616 2023-10-10 23:31 ./patches/source/nghttp2/nghttp2.SlackBuild
 -rw-r--r--   1 root root       118 2023-10-10 23:25 ./patches/source/nghttp2/nghttp2.url
 -rw-r--r--   1 root root       784 2018-03-26 18:26 ./patches/source/nghttp2/slack-desc
--- a/patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txt
+++ b/patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txt
--- a/patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txt
+++ b/patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txt
--- a/patches/source/httpd/httpd.url
+++ b/patches/source/httpd/httpd.url
@ -1,2 +1,2 @@
-http://www.apache.org/dist/httpd/httpd-2.4.58.tar.bz2
-http://www.apache.org/dist/httpd/httpd-2.4.58.tar.bz2.asc
+http://www.apache.org/dist/httpd/httpd-2.4.59.tar.bz2
+http://www.apache.org/dist/httpd/httpd-2.4.59.tar.bz2.asc