Thu Sep 26 18:28:55 UTC 2024

patches/packages/boost-1.78.0-x86_64-3_slack15.0.txz: Rebuilt. Get rid of hardcoded temporary paths in the cmake files. Since these paths point to a location that an unprivileged user could create and populate with files that could be picked up during a build, it's possible this bug could be used for malicious purposes. Thanks to jmacloue. (* Security fix *)
2024-12-27 09:59:16 +01:00 · 2024-09-26 18:28:55 +00:00 · 2024-09-26 18:28:55 +00:00 · 3dc8ac7064
commit 3dc8ac7064
parent 993216ab39
6 changed files with 86 additions and 28 deletions
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@ -11,9 +11,26 @@
      <description>Tracking Slackware development in git.</description>
      <language>en-us</language>
      <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Wed, 25 Sep 2024 18:40:09 GMT</pubDate>
-      <lastBuildDate>Thu, 26 Sep 2024 11:30:25 GMT</lastBuildDate>
+      <pubDate>Thu, 26 Sep 2024 18:28:55 GMT</pubDate>
+      <lastBuildDate>Fri, 27 Sep 2024 11:30:27 GMT</lastBuildDate>
      <generator>maintain_current_git.sh v 1.17</generator>
+      <item>
+         <title>Thu, 26 Sep 2024 18:28:55 GMT</title>
+         <pubDate>Thu, 26 Sep 2024 18:28:55 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20240926182855</link>
+         <guid isPermaLink="false">20240926182855</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/boost-1.78.0-x86_64-3_slack15.0.txz:  Rebuilt.
+  Get rid of hardcoded temporary paths in the cmake files.
+  Since these paths point to a location that an unprivileged user could
+  create and populate with files that could be picked up during a build,
+  it's possible this bug could be used for malicious purposes.
+  Thanks to jmacloue.
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
      <item>
         <title>Wed, 25 Sep 2024 18:40:09 GMT</title>
         <pubDate>Wed, 25 Sep 2024 18:40:09 GMT</pubDate>
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,3 +1,12 @@
+Thu Sep 26 18:28:55 UTC 2024
+patches/packages/boost-1.78.0-x86_64-3_slack15.0.txz:  Rebuilt.
+  Get rid of hardcoded temporary paths in the cmake files.
+  Since these paths point to a location that an unprivileged user could
+  create and populate with files that could be picked up during a build,
+  it's possible this bug could be used for malicious purposes.
+  Thanks to jmacloue.
+  (* Security fix *)
+--------------------------+
 Wed Sep 25 18:40:09 UTC 2024
 patches/packages/git-2.46.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@ -1,20 +1,20 @@
-Wed Sep 25 18:41:38 UTC 2024
+Thu Sep 26 18:31:52 UTC 2024

 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.

-drwxr-xr-x  12 root root      4096 2024-09-25 18:40 .
+drwxr-xr-x  12 root root      4096 2024-09-26 18:28 .
 -rw-r--r--   1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--   1 root root     16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r--   1 root root   1256512 2024-09-25 18:28 ./CHECKSUMS.md5
-rw-r--r--   1 root root       195 2024-09-25 18:28 ./CHECKSUMS.md5.asc
+-rw-r--r--   1 root root   1256512 2024-09-25 18:42 ./CHECKSUMS.md5
+-rw-r--r--   1 root root       195 2024-09-25 18:42 ./CHECKSUMS.md5.asc
 -rw-r--r--   1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--   1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--   1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--   1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r--   1 root root   2160508 2024-09-25 18:40 ./ChangeLog.txt
+-rw-r--r--   1 root root   2160940 2024-09-26 18:28 ./ChangeLog.txt
 drwxr-xr-x   3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x   2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--   1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x   2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x   1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--   1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--   1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r--   1 root root   1646879 2024-09-25 18:27 ./FILELIST.TXT
+-rw-r--r--   1 root root   1646879 2024-09-25 18:41 ./FILELIST.TXT
 -rw-r--r--   1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--   1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--   1 root root      8034 2022-02-02 03:36 ./README.TXT
@ -832,13 +832,13 @@ drwxr-xr-x   2 root root      4096 2022-12-17 19:52 ./pasture/source/samba
 -rw-r--r--   1 root root      7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
 -rw-r--r--   1 root root      7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
 -rw-r--r--   1 root root       536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
-drwxr-xr-x   4 root root      4096 2024-09-25 18:41 ./patches
-rw-r--r--   1 root root    134897 2024-09-25 18:41 ./patches/CHECKSUMS.md5
-rw-r--r--   1 root root       195 2024-09-25 18:41 ./patches/CHECKSUMS.md5.asc
-rw-r--r--   1 root root    186178 2024-09-25 18:41 ./patches/FILE_LIST
-rw-r--r--   1 root root  18212619 2024-09-25 18:41 ./patches/MANIFEST.bz2
-rw-r--r--   1 root root     93945 2024-09-25 18:41 ./patches/PACKAGES.TXT
-drwxr-xr-x   7 root root     32768 2024-09-25 18:41 ./patches/packages
+drwxr-xr-x   4 root root      4096 2024-09-26 18:31 ./patches
+-rw-r--r--   1 root root    134974 2024-09-26 18:31 ./patches/CHECKSUMS.md5
+-rw-r--r--   1 root root       195 2024-09-26 18:31 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--   1 root root    186273 2024-09-26 18:31 ./patches/FILE_LIST
+-rw-r--r--   1 root root  18225329 2024-09-26 18:31 ./patches/MANIFEST.bz2
+-rw-r--r--   1 root root     93945 2024-09-26 18:31 ./patches/PACKAGES.TXT
+drwxr-xr-x   7 root root     32768 2024-09-26 18:31 ./patches/packages
 -rw-r--r--   1 root root       360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root   2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@ -866,9 +866,9 @@ drwxr-xr-x   7 root root     32768 2024-09-25 18:41 ./patches/packages
 -rw-r--r--   1 root root       333 2024-06-26 20:05 ./patches/packages/bluez-5.71-x86_64-3_slack15.0.txt
 -rw-r--r--   1 root root   1468212 2024-06-26 20:05 ./patches/packages/bluez-5.71-x86_64-3_slack15.0.txz
 -rw-r--r--   1 root root       195 2024-06-26 20:05 ./patches/packages/bluez-5.71-x86_64-3_slack15.0.txz.asc
-rw-r--r--   1 root root       432 2022-03-08 02:17 ./patches/packages/boost-1.78.0-x86_64-2_slack15.0.txt
-rw-r--r--   1 root root  11235356 2022-03-08 02:17 ./patches/packages/boost-1.78.0-x86_64-2_slack15.0.txz
-rw-r--r--   1 root root       163 2022-03-08 02:17 ./patches/packages/boost-1.78.0-x86_64-2_slack15.0.txz.asc
+-rw-r--r--   1 root root       432 2024-09-26 17:16 ./patches/packages/boost-1.78.0-x86_64-3_slack15.0.txt
+-rw-r--r--   1 root root  11235396 2024-09-26 17:16 ./patches/packages/boost-1.78.0-x86_64-3_slack15.0.txz
+-rw-r--r--   1 root root       195 2024-09-26 17:16 ./patches/packages/boost-1.78.0-x86_64-3_slack15.0.txz.asc
 -rw-r--r--   1 root root       484 2023-05-22 17:48 ./patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root    139872 2023-05-22 17:48 ./patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-05-22 17:48 ./patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz.asc
@ -1300,7 +1300,7 @@ drwxr-xr-x   2 root root      4096 2024-06-08 19:45 ./patches/packages/old-linux
 -rw-r--r--   1 root root       463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root    459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 126 root root      4096 2024-09-25 18:39 ./patches/source
+drwxr-xr-x 126 root root      4096 2024-09-26 18:03 ./patches/source
 drwxr-xr-x   2 root root      4096 2023-09-26 19:22 ./patches/source/Cython
 -rw-r--r--   1 root root   1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
 -rwxr-xr-x   1 root root      3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@ -1370,9 +1370,10 @@ drwxr-xr-x   2 root root      4096 2016-04-18 18:04 ./patches/source/bluez/confi
 -rw-r--r--   1 root root       148 2015-11-26 06:03 ./patches/source/bluez/config/uart.conf
 -rw-r--r--   1 root root       370 2017-12-28 21:31 ./patches/source/bluez/doinst.sh.gz
 -rw-r--r--   1 root root       786 2019-09-20 19:06 ./patches/source/bluez/slack-desc
-drwxr-xr-x   2 root root      4096 2022-03-08 01:58 ./patches/source/boost
+drwxr-xr-x   2 root root      4096 2024-09-26 17:12 ./patches/source/boost
 -rw-r--r--   1 root root      1181 2021-12-12 02:01 ./patches/source/boost/0001-b2-fix-install.patch.gz
-rwxr-xr-x   1 root root      5995 2022-03-08 01:59 ./patches/source/boost/boost.SlackBuild
+-rw-r--r--   1 root root      1084 2024-07-17 00:00 ./patches/source/boost/boost-1.73.0-cmakedir.patch
+-rwxr-xr-x   1 root root      6129 2024-09-26 17:12 ./patches/source/boost/boost.SlackBuild
 -rw-r--r--   1 root root  91192426 2021-12-02 07:20 ./patches/source/boost/boost_1_78_0.tar.lz
 -rw-r--r--   1 root root       885 2021-04-17 17:57 ./patches/source/boost/slack-desc
 drwxr-xr-x   2 root root      4096 2023-05-22 17:44 ./patches/source/c-ares
--- a/patches/packages/boost-1.78.0-x86_64-3_slack15.0.txt
+++ b/patches/packages/boost-1.78.0-x86_64-3_slack15.0.txt
--- a/patches/source/boost/boost-1.73.0-cmakedir.patch
+++ b/patches/source/boost/boost-1.73.0-cmakedir.patch
@ -0,0 +1,28 @@
+--- boost_1_73_0/tools/boost_install/boost-install.jam~	2020-04-24 20:21:50.330267122 +0100
+++ boost_1_73_0/tools/boost_install/boost-install.jam	2020-04-24 20:22:16.818360540 +0100
+@@ -652,25 +652,6 @@
+         "get_filename_component(_BOOST_CMAKEDIR \"${CMAKE_CURRENT_LIST_DIR}/../\" REALPATH)"
+         : true ;
+ 
+-    if [ path.is-rooted $(cmakedir) ]
+-    {
+-        local cmakedir-native = [ path-native-fwd $(cmakedir) ] ;
+-
+-        print.text
+-
+-            ""
+-            "# If the computed and the original directories are symlink-equivalent, use original"
+-            "if(EXISTS \"$(cmakedir-native)\")"
+-            "  get_filename_component(_BOOST_CMAKEDIR_ORIGINAL \"$(cmakedir-native)\" REALPATH)"
+-            "  if(_BOOST_CMAKEDIR STREQUAL _BOOST_CMAKEDIR_ORIGINAL)"
+-            "    set(_BOOST_CMAKEDIR \"$(cmakedir-native)\")"
+-            "  endif()"
+-            "  unset(_BOOST_CMAKEDIR_ORIGINAL)"
+-            "endif()"
+-            ""
+-            : true ;
+-    }
+-
+     get-dir "_BOOST_INCLUDEDIR" : $(includedir) ;
+ 
+     if $(library-type) = INTERFACE
--- a/patches/source/boost/boost.SlackBuild
+++ b/patches/source/boost/boost.SlackBuild
@ -30,7 +30,7 @@ cd $(dirname $0) ; CWD=$(pwd)

 PKGNAM=boost
 VERSION=${VERSION:-$(echo $PKGNAM_*.tar.?z | rev | cut -f 3- -d . | rev | cut -f 2- -d _)}
-BUILD=${BUILD:-2_slack15.0}
+BUILD=${BUILD:-3_slack15.0}

 PKG_VERSION=$(echo $VERSION | tr _ .)	# Leave this alone
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
@ -85,6 +85,9 @@ rm -rf boost_$VERSION
 tar xvf $CWD/boost_$VERSION.tar.?z || exit 1
 cd boost_$VERSION || exit 1

+# Avoid hardcoded /tmp/package-boost/ paths in the cmake files:
+cat $CWD/boost-1.73.0-cmakedir.patch | patch -p1 --verbose || exit 1
+
 zcat $CWD/0001-b2-fix-install.patch.gz | patch -p1 --verbose || exit 1

 chown -R root:root .