Sat Sep 14 18:15:34 UTC 2024

patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes the following security issues:
  fix multiple vulnerabilities identified by SAST (#2251, #2256)
  cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
  lzop: prevent integer overflow (#2174)
  rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
  rar4: fix CVE-2024-26256 (#2269)
  rar4: fix OOB in delta and audio filter (#2148, #2149)
  rar4: fix out of boundary access with large files (#2179)
  rar4: add boundary checks to rgb filter (#2210)
  rar4: fix OOB access with unicode filenames (#2203)
  rar5: clear 'data ready' cache on window buffer reallocs (#2265)
  rpm: calculate huge header sizes correctly (#2158)
  unzip: unify EOF handling (#2175)
  util: fix out of boundary access in mktemp functions (#2160)
  uu: stop processing if lines are too long (#2168)
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-20696
    https://www.cve.org/CVERecord?id=CVE-2024-26256
  (* Security fix *)
This commit is contained in:
Patrick J Volkerding 2024-09-14 18:15:34 +00:00 committed by Eric Hameleers
parent ced6fa47ab
commit 52e9abcddc
6 changed files with 82 additions and 57 deletions

View file

@ -11,9 +11,39 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
<pubDate>Fri, 13 Sep 2024 01:32:33 GMT</pubDate>
<lastBuildDate>Fri, 13 Sep 2024 11:30:31 GMT</lastBuildDate>
<pubDate>Sat, 14 Sep 2024 18:15:34 GMT</pubDate>
<lastBuildDate>Sun, 15 Sep 2024 11:30:28 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
<title>Sat, 14 Sep 2024 18:15:34 GMT</title>
<pubDate>Sat, 14 Sep 2024 18:15:34 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20240914181534</link>
<guid isPermaLink="false">20240914181534</guid>
<description>
<![CDATA[<pre>
patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz: Upgraded.
This update fixes the following security issues:
fix multiple vulnerabilities identified by SAST (#2251, #2256)
cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
lzop: prevent integer overflow (#2174)
rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
rar4: fix CVE-2024-26256 (#2269)
rar4: fix OOB in delta and audio filter (#2148, #2149)
rar4: fix out of boundary access with large files (#2179)
rar4: add boundary checks to rgb filter (#2210)
rar4: fix OOB access with unicode filenames (#2203)
rar5: clear 'data ready' cache on window buffer reallocs (#2265)
rpm: calculate huge header sizes correctly (#2158)
unzip: unify EOF handling (#2175)
util: fix out of boundary access in mktemp functions (#2160)
uu: stop processing if lines are too long (#2168)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-20696
https://www.cve.org/CVERecord?id=CVE-2024-26256
(* Security fix *)
</pre>]]>
</description>
</item>
<item>
<title>Fri, 13 Sep 2024 01:32:33 GMT</title>
<pubDate>Fri, 13 Sep 2024 01:32:33 GMT</pubDate>

View file

@ -1,3 +1,25 @@
Sat Sep 14 18:15:34 UTC 2024
patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz: Upgraded.
This update fixes the following security issues:
fix multiple vulnerabilities identified by SAST (#2251, #2256)
cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)
lzop: prevent integer overflow (#2174)
rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696)
rar4: fix CVE-2024-26256 (#2269)
rar4: fix OOB in delta and audio filter (#2148, #2149)
rar4: fix out of boundary access with large files (#2179)
rar4: add boundary checks to rgb filter (#2210)
rar4: fix OOB access with unicode filenames (#2203)
rar5: clear 'data ready' cache on window buffer reallocs (#2265)
rpm: calculate huge header sizes correctly (#2158)
unzip: unify EOF handling (#2175)
util: fix out of boundary access in mktemp functions (#2160)
uu: stop processing if lines are too long (#2168)
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-20696
https://www.cve.org/CVERecord?id=CVE-2024-26256
(* Security fix *)
+--------------------------+
Fri Sep 13 01:32:33 UTC 2024
patches/packages/libssh2-1.11.0-x86_64-1_slack15.0.txz: Upgraded.
This update adds support for rsa-sha2-512 and rsa-sha2-256, which are needed

View file

@ -1,20 +1,20 @@
Fri Sep 13 01:35:38 UTC 2024
Sat Sep 14 18:18:26 UTC 2024
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
drwxr-xr-x 12 root root 4096 2024-09-13 01:32 .
drwxr-xr-x 12 root root 4096 2024-09-14 18:15 .
-rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0
-rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r-- 1 root root 1256026 2024-09-11 17:50 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2024-09-11 17:50 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 1256617 2024-09-13 01:36 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2024-09-13 01:36 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r-- 1 root root 2158306 2024-09-13 01:32 ./ChangeLog.txt
-rw-r--r-- 1 root root 2159419 2024-09-14 18:15 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r-- 1 root root 1646218 2024-09-11 17:50 ./FILELIST.TXT
-rw-r--r-- 1 root root 1647000 2024-09-13 01:35 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT
@ -832,13 +832,13 @@ drwxr-xr-x 2 root root 4096 2022-12-17 19:52 ./pasture/source/samba
-rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
-rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
-rw-r--r-- 1 root root 536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
drwxr-xr-x 4 root root 4096 2024-09-13 01:35 ./patches
-rw-r--r-- 1 root root 134994 2024-09-13 01:35 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2024-09-13 01:35 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 186293 2024-09-13 01:35 ./patches/FILE_LIST
-rw-r--r-- 1 root root 18212222 2024-09-13 01:35 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 93944 2024-09-13 01:35 ./patches/PACKAGES.TXT
drwxr-xr-x 7 root root 32768 2024-09-13 01:35 ./patches/packages
drwxr-xr-x 4 root root 4096 2024-09-14 18:18 ./patches
-rw-r--r-- 1 root root 134893 2024-09-14 18:18 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2024-09-14 18:18 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 186174 2024-09-14 18:18 ./patches/FILE_LIST
-rw-r--r-- 1 root root 18216901 2024-09-14 18:18 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 93944 2024-09-14 18:18 ./patches/PACKAGES.TXT
drwxr-xr-x 7 root root 32768 2024-09-14 18:18 ./patches/packages
-rw-r--r-- 1 root root 360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@ -995,9 +995,9 @@ drwxr-xr-x 7 root root 32768 2024-09-13 01:35 ./patches/packages
-rw-r--r-- 1 root root 313 2023-10-03 19:40 ./patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 94968 2023-10-03 19:40 ./patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-10-03 19:40 ./patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 402 2024-04-25 17:31 ./patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txt
-rw-r--r-- 1 root root 523812 2024-04-25 17:31 ./patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz
-rw-r--r-- 1 root root 195 2024-04-25 17:31 ./patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz.asc
-rw-r--r-- 1 root root 402 2024-09-14 17:09 ./patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 527944 2024-09-14 17:09 ./patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 195 2024-09-14 17:09 ./patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 359 2023-10-11 20:02 ./patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 291764 2023-10-11 20:02 ./patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-10-11 20:02 ./patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz.asc
@ -1300,7 +1300,7 @@ drwxr-xr-x 2 root root 4096 2024-06-08 19:45 ./patches/packages/old-linux
-rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 126 root root 4096 2024-09-12 22:31 ./patches/source
drwxr-xr-x 126 root root 4096 2024-09-14 18:01 ./patches/source
drwxr-xr-x 2 root root 4096 2023-09-26 19:22 ./patches/source/Cython
-rw-r--r-- 1 root root 1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
-rwxr-xr-x 1 root root 3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@ -1784,11 +1784,10 @@ drwxr-xr-x 3 root root 4096 2023-01-17 21:37 ./patches/source/libXpm/src
drwxr-xr-x 2 root root 4096 2023-10-03 19:37 ./patches/source/libXpm/src/lib
-rw-r--r-- 1 root root 468964 2023-10-03 16:13 ./patches/source/libXpm/src/lib/libXpm-3.5.17.tar.xz
-rwxr-xr-x 1 root root 15219 2020-02-19 20:37 ./patches/source/libXpm/x11.SlackBuild
drwxr-xr-x 2 root root 4096 2024-04-25 17:29 ./patches/source/libarchive
-rw-r--r-- 1 root root 914 2024-04-25 17:20 ./patches/source/libarchive/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch
-rw-r--r-- 1 root root 5428992 2024-04-08 09:55 ./patches/source/libarchive/libarchive-3.7.3.tar.xz
-rw-r--r-- 1 root root 659 2024-04-08 09:55 ./patches/source/libarchive/libarchive-3.7.3.tar.xz.asc
-rwxr-xr-x 1 root root 3893 2024-04-25 17:29 ./patches/source/libarchive/libarchive.SlackBuild
drwxr-xr-x 2 root root 4096 2024-09-14 17:08 ./patches/source/libarchive
-rw-r--r-- 1 root root 5437940 2024-09-13 21:06 ./patches/source/libarchive/libarchive-3.7.5.tar.xz
-rw-r--r-- 1 root root 659 2024-09-13 21:06 ./patches/source/libarchive/libarchive-3.7.5.tar.xz.asc
-rwxr-xr-x 1 root root 3786 2024-09-14 17:08 ./patches/source/libarchive/libarchive.SlackBuild
-rw-r--r-- 1 root root 131 2024-04-08 18:11 ./patches/source/libarchive/libarchive.url
-rw-r--r-- 1 root root 856 2018-02-27 06:12 ./patches/source/libarchive/slack-desc
drwxr-xr-x 2 root root 4096 2023-10-11 20:01 ./patches/source/libcaca

View file

@ -1,23 +0,0 @@
From eb7939b24a681a04648a59cdebd386b1e9dc9237 Mon Sep 17 00:00:00 2001
From: Wei-Cheng Pan <legnaleurc@gmail.com>
Date: Mon, 22 Apr 2024 01:55:41 +0900
Subject: [PATCH] fix: OOB in rar e8 filter (#2135)
This patch fixes an out-of-bound error in rar e8 filter.
---
libarchive/archive_read_support_format_rar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index 99a11d170..266d0ee99 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -3615,7 +3615,7 @@ execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, siz
uint32_t filesize = 0x1000000;
uint32_t i;
- if (length > PROGRAM_WORK_SIZE || length < 4)
+ if (length > PROGRAM_WORK_SIZE || length <= 4)
return 0;
for (i = 0; i <= length - 5; i++)

View file

@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libarchive
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-2_slack15.0}
BUILD=${BUILD:-1_slack15.0}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@ -79,9 +79,6 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
# CVE-2024-26256:
cat $CWD/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch | patch -p1 --verbose || exit 1
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \