Sat Sep 14 18:15:34 UTC 2024

patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz: Upgraded. This update fixes the following security issues: fix multiple vulnerabilities identified by SAST (#2251, #2256) cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) lzop: prevent integer overflow (#2174) rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696) rar4: fix CVE-2024-26256 (#2269) rar4: fix OOB in delta and audio filter (#2148, #2149) rar4: fix out of boundary access with large files (#2179) rar4: add boundary checks to rgb filter (#2210) rar4: fix OOB access with unicode filenames (#2203) rar5: clear 'data ready' cache on window buffer reallocs (#2265) rpm: calculate huge header sizes correctly (#2158) unzip: unify EOF handling (#2175) util: fix out of boundary access in mktemp functions (#2160) uu: stop processing if lines are too long (#2168) For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-20696 https://www.cve.org/CVERecord?id=CVE-2024-26256 (* Security fix *)
2024-12-27 09:59:16 +01:00 · 2024-09-14 18:15:34 +00:00 · 2024-09-14 18:15:34 +00:00 · 52e9abcddc
commit 52e9abcddc
parent ced6fa47ab
6 changed files with 82 additions and 57 deletions
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@ -11,9 +11,39 @@
      <description>Tracking Slackware development in git.</description>
      <language>en-us</language>
      <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Fri, 13 Sep 2024 01:32:33 GMT</pubDate>
+      <pubDate>Sat, 14 Sep 2024 18:15:34 GMT</pubDate>
-      <lastBuildDate>Fri, 13 Sep 2024 11:30:31 GMT</lastBuildDate>
+      <lastBuildDate>Sun, 15 Sep 2024 11:30:28 GMT</lastBuildDate>
      <generator>maintain_current_git.sh v 1.17</generator>
      <item>
         <title>Sat, 14 Sep 2024 18:15:34 GMT</title>
         <pubDate>Sat, 14 Sep 2024 18:15:34 GMT</pubDate>
         <link>https://git.slackware.nl/current/tag/?h=20240914181534</link>
         <guid isPermaLink="false">20240914181534</guid>
         <description>
           <![CDATA[<pre>
 patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes the following security issues:
  fix multiple vulnerabilities identified by SAST (#2251, #2256)
  cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
  lzop: prevent integer overflow (#2174)
  rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
  rar4: fix CVE-2024-26256 (#2269)
  rar4: fix OOB in delta and audio filter (#2148, #2149)
  rar4: fix out of boundary access with large files (#2179)
  rar4: add boundary checks to rgb filter (#2210)
  rar4: fix OOB access with unicode filenames (#2203)
  rar5: clear 'data ready' cache on window buffer reallocs (#2265)
  rpm: calculate huge header sizes correctly (#2158)
  unzip: unify EOF handling (#2175)
  util: fix out of boundary access in mktemp functions (#2160)
  uu: stop processing if lines are too long (#2168)
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-20696
    https://www.cve.org/CVERecord?id=CVE-2024-26256
  (* Security fix *)
           </pre>]]>
         </description>
      </item>
      <item>
         <title>Fri, 13 Sep 2024 01:32:33 GMT</title>
         <pubDate>Fri, 13 Sep 2024 01:32:33 GMT</pubDate>
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,3 +1,25 @@
 Sat Sep 14 18:15:34 UTC 2024
 patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes the following security issues:
  fix multiple vulnerabilities identified by SAST (#2251, #2256)
  cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
  lzop: prevent integer overflow (#2174)
  rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
  rar4: fix CVE-2024-26256 (#2269)
  rar4: fix OOB in delta and audio filter (#2148, #2149)
  rar4: fix out of boundary access with large files (#2179)
  rar4: add boundary checks to rgb filter (#2210)
  rar4: fix OOB access with unicode filenames (#2203)
  rar5: clear 'data ready' cache on window buffer reallocs (#2265)
  rpm: calculate huge header sizes correctly (#2158)
  unzip: unify EOF handling (#2175)
  util: fix out of boundary access in mktemp functions (#2160)
  uu: stop processing if lines are too long (#2168)
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-20696
    https://www.cve.org/CVERecord?id=CVE-2024-26256
  (* Security fix *)
 +--------------------------+
 Fri Sep 13 01:32:33 UTC 2024
 patches/packages/libssh2-1.11.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update adds support for rsa-sha2-512 and rsa-sha2-256, which are needed
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@ -1,20 +1,20 @@
-Fri Sep 13 01:35:38 UTC 2024
+Sat Sep 14 18:18:26 UTC 2024
 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.
-drwxr-xr-x  12 root root      4096 2024-09-13 01:32 .
+drwxr-xr-x  12 root root      4096 2024-09-14 18:15 .
 -rw-r--r--   1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--   1 root root     16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r--   1 root root   1256026 2024-09-11 17:50 ./CHECKSUMS.md5
+-rw-r--r--   1 root root   1256617 2024-09-13 01:36 ./CHECKSUMS.md5
-rw-r--r--   1 root root       195 2024-09-11 17:50 ./CHECKSUMS.md5.asc
+-rw-r--r--   1 root root       195 2024-09-13 01:36 ./CHECKSUMS.md5.asc
 -rw-r--r--   1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--   1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--   1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--   1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r--   1 root root   2158306 2024-09-13 01:32 ./ChangeLog.txt
+-rw-r--r--   1 root root   2159419 2024-09-14 18:15 ./ChangeLog.txt
 drwxr-xr-x   3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x   2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--   1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x   2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x   1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--   1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--   1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r--   1 root root   1646218 2024-09-11 17:50 ./FILELIST.TXT
+-rw-r--r--   1 root root   1647000 2024-09-13 01:35 ./FILELIST.TXT
 -rw-r--r--   1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--   1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--   1 root root      8034 2022-02-02 03:36 ./README.TXT
@ -832,13 +832,13 @@ drwxr-xr-x   2 root root      4096 2022-12-17 19:52 ./pasture/source/samba
 -rw-r--r--   1 root root      7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
 -rw-r--r--   1 root root      7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
 -rw-r--r--   1 root root       536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
-drwxr-xr-x   4 root root      4096 2024-09-13 01:35 ./patches
+drwxr-xr-x   4 root root      4096 2024-09-14 18:18 ./patches
-rw-r--r--   1 root root    134994 2024-09-13 01:35 ./patches/CHECKSUMS.md5
+-rw-r--r--   1 root root    134893 2024-09-14 18:18 ./patches/CHECKSUMS.md5
-rw-r--r--   1 root root       195 2024-09-13 01:35 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--   1 root root       195 2024-09-14 18:18 ./patches/CHECKSUMS.md5.asc
-rw-r--r--   1 root root    186293 2024-09-13 01:35 ./patches/FILE_LIST
+-rw-r--r--   1 root root    186174 2024-09-14 18:18 ./patches/FILE_LIST
-rw-r--r--   1 root root  18212222 2024-09-13 01:35 ./patches/MANIFEST.bz2
+-rw-r--r--   1 root root  18216901 2024-09-14 18:18 ./patches/MANIFEST.bz2
-rw-r--r--   1 root root     93944 2024-09-13 01:35 ./patches/PACKAGES.TXT
+-rw-r--r--   1 root root     93944 2024-09-14 18:18 ./patches/PACKAGES.TXT
-drwxr-xr-x   7 root root     32768 2024-09-13 01:35 ./patches/packages
+drwxr-xr-x   7 root root     32768 2024-09-14 18:18 ./patches/packages
 -rw-r--r--   1 root root       360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root   2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@ -995,9 +995,9 @@ drwxr-xr-x   7 root root     32768 2024-09-13 01:35 ./patches/packages
 -rw-r--r--   1 root root       313 2023-10-03 19:40 ./patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root     94968 2023-10-03 19:40 ./patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-10-03 19:40 ./patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz.asc
-rw-r--r--   1 root root       402 2024-04-25 17:31 ./patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txt
+-rw-r--r--   1 root root       402 2024-09-14 17:09 ./patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txt
-rw-r--r--   1 root root    523812 2024-04-25 17:31 ./patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz
+-rw-r--r--   1 root root    527944 2024-09-14 17:09 ./patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz
-rw-r--r--   1 root root       195 2024-04-25 17:31 ./patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz.asc
+-rw-r--r--   1 root root       195 2024-09-14 17:09 ./patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz.asc
 -rw-r--r--   1 root root       359 2023-10-11 20:02 ./patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root    291764 2023-10-11 20:02 ./patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-10-11 20:02 ./patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz.asc
@ -1300,7 +1300,7 @@ drwxr-xr-x   2 root root      4096 2024-06-08 19:45 ./patches/packages/old-linux
 -rw-r--r--   1 root root       463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
 -rw-r--r--   1 root root    459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
 -rw-r--r--   1 root root       163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 126 root root      4096 2024-09-12 22:31 ./patches/source
+drwxr-xr-x 126 root root      4096 2024-09-14 18:01 ./patches/source
 drwxr-xr-x   2 root root      4096 2023-09-26 19:22 ./patches/source/Cython
 -rw-r--r--   1 root root   1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
 -rwxr-xr-x   1 root root      3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@ -1784,11 +1784,10 @@ drwxr-xr-x   3 root root      4096 2023-01-17 21:37 ./patches/source/libXpm/src
 drwxr-xr-x   2 root root      4096 2023-10-03 19:37 ./patches/source/libXpm/src/lib
 -rw-r--r--   1 root root    468964 2023-10-03 16:13 ./patches/source/libXpm/src/lib/libXpm-3.5.17.tar.xz
 -rwxr-xr-x   1 root root     15219 2020-02-19 20:37 ./patches/source/libXpm/x11.SlackBuild
-drwxr-xr-x   2 root root      4096 2024-04-25 17:29 ./patches/source/libarchive
+drwxr-xr-x   2 root root      4096 2024-09-14 17:08 ./patches/source/libarchive
-rw-r--r--   1 root root       914 2024-04-25 17:20 ./patches/source/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch
+-rw-r--r--   1 root root   5437940 2024-09-13 21:06 ./patches/source/libarchive/libarchive-3.7.5.tar.xz
-rw-r--r--   1 root root   5428992 2024-04-08 09:55 ./patches/source/libarchive/libarchive-3.7.3.tar.xz
+-rw-r--r--   1 root root       659 2024-09-13 21:06 ./patches/source/libarchive/libarchive-3.7.5.tar.xz.asc
-rw-r--r--   1 root root       659 2024-04-08 09:55 ./patches/source/libarchive/libarchive-3.7.3.tar.xz.asc
+-rwxr-xr-x   1 root root      3786 2024-09-14 17:08 ./patches/source/libarchive/libarchive.SlackBuild
 -rwxr-xr-x   1 root root      3893 2024-04-25 17:29 ./patches/source/libarchive/libarchive.SlackBuild
 -rw-r--r--   1 root root       131 2024-04-08 18:11 ./patches/source/libarchive/libarchive.url
 -rw-r--r--   1 root root       856 2018-02-27 06:12 ./patches/source/libarchive/slack-desc
 drwxr-xr-x   2 root root      4096 2023-10-11 20:01 ./patches/source/libcaca
--- a/patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txt
+++ b/patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txt
--- a/patches/source/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch
+++ b/patches/source/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch
@ -1,23 +0,0 @@
 From eb7939b24a681a04648a59cdebd386b1e9dc9237 Mon Sep 17 00:00:00 2001
 From: Wei-Cheng Pan <legnaleurc@gmail.com>
 Date: Mon, 22 Apr 2024 01:55:41 +0900
 Subject: [PATCH] fix: OOB in rar e8 filter (#2135)
 This patch fixes an out-of-bound error in rar e8 filter.
 ---
 libarchive/archive_read_support_format_rar.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
 index 99a11d170..266d0ee99 100644
 --- a/libarchive/archive_read_support_format_rar.c
 +++ b/libarchive/archive_read_support_format_rar.c
@@ -3615,7 +3615,7 @@ execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, siz
   uint32_t filesize = 0x1000000;
   uint32_t i;
 -  if (length > PROGRAM_WORK_SIZE || length < 4)
 +  if (length > PROGRAM_WORK_SIZE || length <= 4)
     return 0;
   for (i = 0; i <= length - 5; i++)
--- a/patches/source/libarchive/libarchive.SlackBuild
+++ b/patches/source/libarchive/libarchive.SlackBuild
@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 PKGNAM=libarchive
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2_slack15.0}
+BUILD=${BUILD:-1_slack15.0}
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@ -79,9 +79,6 @@ find . \
 \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
 -exec chmod 644 {} \+
 # CVE-2024-26256:
 cat $CWD/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch | patch -p1 --verbose || exit 1
 CFLAGS="$SLKCFLAGS" \
 CXXFLAGS="$SLKCFLAGS" \
 ./configure \