Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-30 08:38:10 +01:00
Code Issues Projects Releases Packages Wiki Activity

Tue Jan 14 23:53:04 UTC 2025

Browse source 
extra/llvm-19.1.7-x86_64-1_slack15.0.txz:  Upgraded.
patches/packages/rsync-3.4.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a security release, fixing several important security vulnerabilities:
  Heap Buffer Overflow in Checksum Parsing.
  Info Leak via uninitialized Stack contents defeats ASLR.
  Server leaks arbitrary client files.
  Server can make client write files outside of destination directory using symbolic links.
  --safe-links Bypass.
  Symlink race condition.
  Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
  Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
  discovering these vulnerabilities and working with the rsync project
  to develop and test fixes.
  For more information, see:
    https://kb.cert.org/vuls/id/952657
    https://www.cve.org/CVERecord?id=CVE-2024-12084
    https://www.cve.org/CVERecord?id=CVE-2024-12085
    https://www.cve.org/CVERecord?id=CVE-2024-12086
    https://www.cve.org/CVERecord?id=CVE-2024-12087
    https://www.cve.org/CVERecord?id=CVE-2024-12088
    https://www.cve.org/CVERecord?id=CVE-2024-12747
  (* Security fix *)
This commit is contained in:
Patrick J Volkerding 2025-01-14 23:53:04 +00:00 committed by Eric Hameleers
parent 5ff37300bd
commit 5c82bc1205
6 changed files with 90 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
ChangeLog.rss
View file

@ -11,9 +11,41 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
<pubDate>Sat, 11 Jan 2025 22:49:38 GMT</pubDate>
<lastBuildDate>Sun, 12 Jan 2025 12:30:29 GMT</lastBuildDate>
<pubDate>Tue, 14 Jan 2025 23:53:04 GMT</pubDate>
<lastBuildDate>Wed, 15 Jan 2025 12:30:30 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
<title>Tue, 14 Jan 2025 23:53:04 GMT</title>
<pubDate>Tue, 14 Jan 2025 23:53:04 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20250114235304</link>
<guid isPermaLink="false">20250114235304</guid>
<description>
<![CDATA[<pre>
extra/llvm-19.1.7-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/rsync-3.4.0-x86_64-1_slack15.0.txz: Upgraded.
This is a security release, fixing several important security vulnerabilities:
Heap Buffer Overflow in Checksum Parsing.
Info Leak via uninitialized Stack contents defeats ASLR.
Server leaks arbitrary client files.
Server can make client write files outside of destination directory using symbolic links.
--safe-links Bypass.
Symlink race condition.
Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
discovering these vulnerabilities and working with the rsync project
to develop and test fixes.
For more information, see:
https://kb.cert.org/vuls/id/952657
https://www.cve.org/CVERecord?id=CVE-2024-12084
https://www.cve.org/CVERecord?id=CVE-2024-12085
https://www.cve.org/CVERecord?id=CVE-2024-12086
https://www.cve.org/CVERecord?id=CVE-2024-12087
https://www.cve.org/CVERecord?id=CVE-2024-12088
https://www.cve.org/CVERecord?id=CVE-2024-12747
(* Security fix *)
</pre>]]>
</description>
</item>
<item>
<title>Sat, 11 Jan 2025 22:49:38 GMT</title>
<pubDate>Sat, 11 Jan 2025 22:49:38 GMT</pubDate>

24
ChangeLog.txt
View file

@ -1,3 +1,27 @@
Tue Jan 14 23:53:04 UTC 2025
extra/llvm-19.1.7-x86_64-1_slack15.0.txz: Upgraded.
patches/packages/rsync-3.4.0-x86_64-1_slack15.0.txz: Upgraded.
This is a security release, fixing several important security vulnerabilities:
Heap Buffer Overflow in Checksum Parsing.
Info Leak via uninitialized Stack contents defeats ASLR.
Server leaks arbitrary client files.
Server can make client write files outside of destination directory using symbolic links.
--safe-links Bypass.
Symlink race condition.
Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
discovering these vulnerabilities and working with the rsync project
to develop and test fixes.
For more information, see:
https://kb.cert.org/vuls/id/952657
https://www.cve.org/CVERecord?id=CVE-2024-12084
https://www.cve.org/CVERecord?id=CVE-2024-12085
https://www.cve.org/CVERecord?id=CVE-2024-12086
https://www.cve.org/CVERecord?id=CVE-2024-12087
https://www.cve.org/CVERecord?id=CVE-2024-12088
https://www.cve.org/CVERecord?id=CVE-2024-12747
(* Security fix *)
+--------------------------+
Sat Jan 11 22:49:38 UTC 2025
extra/rust-for-mozilla/rust-1.84.0-x86_64-1_slack15.0.txz: Upgraded.
+--------------------------+

64
FILELIST.TXT
View file

@ -1,20 +1,20 @@
Sat Jan 11 22:53:32 UTC 2025
Tue Jan 14 23:56:54 UTC 2025
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
drwxr-xr-x 12 root root 4096 2025-01-11 22:49 .
drwxr-xr-x 12 root root 4096 2025-01-14 23:53 .
-rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0
-rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r-- 1 root root 1261814 2025-01-08 23:31 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2025-01-08 23:31 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 1261814 2025-01-11 22:53 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2025-01-11 22:53 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r-- 1 root root 2184501 2025-01-11 22:49 ./ChangeLog.txt
-rw-r--r-- 1 root root 2185681 2025-01-14 23:53 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r-- 1 root root 1654017 2025-01-08 23:30 ./FILELIST.TXT
-rw-r--r-- 1 root root 1654017 2025-01-11 22:53 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT
@ -39,12 +39,12 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 17294 2008-12-08 18:13 ./SPEAK_INSTALL.TXT
-rw-r--r-- 1 root root 57187 2022-02-01 19:37 ./Slackware-HOWTO
-rw-r--r-- 1 root root 8700 2022-01-26 05:44 ./UPGRADE.TXT
drwxr-xr-x 19 root root 4096 2025-01-11 22:53 ./extra
-rw-r--r-- 1 root root 55402 2025-01-11 22:53 ./extra/CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2025-01-11 22:53 ./extra/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 69634 2025-01-11 22:53 ./extra/FILE_LIST
-rw-r--r-- 1 root root 5004470 2025-01-11 22:53 ./extra/MANIFEST.bz2
-rw-r--r-- 1 root root 38373 2025-01-11 22:53 ./extra/PACKAGES.TXT
drwxr-xr-x 19 root root 4096 2025-01-14 23:56 ./extra
-rw-r--r-- 1 root root 55402 2025-01-14 23:56 ./extra/CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2025-01-14 23:56 ./extra/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 69634 2025-01-14 23:56 ./extra/FILE_LIST
-rw-r--r-- 1 root root 5006567 2025-01-14 23:56 ./extra/MANIFEST.bz2
-rw-r--r-- 1 root root 38373 2025-01-14 23:56 ./extra/PACKAGES.TXT
-rw-r--r-- 1 root root 149 2002-02-09 00:18 ./extra/README.TXT
drwxr-xr-x 2 root root 20480 2020-05-26 20:38 ./extra/aspell-word-lists
-rw-r--r-- 1 root root 171 2016-06-06 20:10 ./extra/aspell-word-lists/aspell-af-0.50_0-x86_64-5.txt
@ -348,9 +348,9 @@ drwxr-xr-x 2 root root 4096 2018-02-27 06:13 ./extra/google-chrome
-rwxr-xr-x 1 root root 4168 2019-09-18 22:18 ./extra/google-chrome/google-chrome.SlackBuild
-rw-r--r-- 1 root root 840 2018-02-27 06:13 ./extra/google-chrome/slack-desc
lrwxrwxrwx 1 root root 11 2012-07-30 20:41 ./extra/java -> source/java
-rw-r--r-- 1 root root 346 2024-12-18 02:34 ./extra/llvm-19.1.6-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 251042356 2024-12-18 02:34 ./extra/llvm-19.1.6-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 195 2024-12-18 02:34 ./extra/llvm-19.1.6-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 346 2025-01-14 20:53 ./extra/llvm-19.1.7-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 251079780 2025-01-14 20:53 ./extra/llvm-19.1.7-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 195 2025-01-14 20:53 ./extra/llvm-19.1.7-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 315 2024-02-18 20:08 ./extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 30271960 2024-02-18 20:08 ./extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-02-18 20:08 ./extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz.asc
@ -381,7 +381,7 @@ drwxr-xr-x 2 root root 4096 2024-01-31 21:21 ./extra/sendmail
-rw-r--r-- 1 root root 586 2024-01-31 20:58 ./extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txt
-rw-r--r-- 1 root root 119356 2024-01-31 20:58 ./extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-01-31 20:58 ./extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz.asc
drwxr-xr-x 21 root root 4096 2025-01-11 22:48 ./extra/source
drwxr-xr-x 21 root root 4096 2025-01-14 23:09 ./extra/source
lrwxrwxrwx 1 root root 21 2021-04-29 18:18 ./extra/source/alpine -> ../../source/n/alpine
drwxr-xr-x 4 root root 4096 2018-11-09 05:59 ./extra/source/aspell-word-lists
-rwxr-xr-x 1 root root 3531 2020-05-26 20:06 ./extra/source/aspell-word-lists/aspell-dict.SlackBuild
@ -578,12 +578,12 @@ drwxr-xr-x 2 root root 4096 2012-07-30 18:44 ./extra/source/java/profile.
-rwxr-xr-x 1 root root 80 2019-07-30 16:57 ./extra/source/java/profile.d/jre.sh
-rw-r--r-- 1 root root 817 2018-02-27 06:13 ./extra/source/java/slack-desc.jdk
-rw-r--r-- 1 root root 861 2018-02-27 06:13 ./extra/source/java/slack-desc.jre
drwxr-xr-x 2 root root 4096 2024-12-17 20:02 ./extra/source/llvm
drwxr-xr-x 2 root root 4096 2025-01-14 18:28 ./extra/source/llvm
-rw-r--r-- 1 root root 275 2024-03-06 20:03 ./extra/source/llvm/clang.toolchains.32-bit.triple.diff.gz
-rwxr-xr-x 1 root root 4101 2024-10-18 20:25 ./extra/source/llvm/libclc.SlackBuild
-rwxr-xr-x 1 root root 8081 2024-10-18 20:24 ./extra/source/llvm/llvm.SlackBuild
-rw-r--r-- 1 root root 77 2024-10-15 20:09 ./extra/source/llvm/llvm.url
-rw-r--r-- 1 root root 132024196 2024-12-17 11:04 ./extra/source/llvm/llvmorg-19.1.6.tar.lz
-rw-r--r-- 1 root root 132031906 2025-01-14 09:41 ./extra/source/llvm/llvmorg-19.1.7.tar.lz
-rw-r--r-- 1 root root 830 2019-07-25 03:31 ./extra/source/llvm/slack-desc
-rw-r--r-- 1 root root 813 2018-02-27 06:12 ./extra/source/llvm/slack-desc.libclc
drwxr-xr-x 2 root root 4096 2024-02-17 22:45 ./extra/source/llvm13-compat
@ -821,13 +821,13 @@ drwxr-xr-x 2 root root 4096 2022-12-17 19:52 ./pasture/source/samba
-rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
-rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
-rw-r--r-- 1 root root 536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
drwxr-xr-x 4 root root 4096 2025-01-08 23:30 ./patches
-rw-r--r-- 1 root root 142654 2025-01-08 23:30 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2025-01-08 23:30 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 196688 2025-01-08 23:30 ./patches/FILE_LIST
-rw-r--r-- 1 root root 18961769 2025-01-08 23:30 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 100361 2025-01-08 23:30 ./patches/PACKAGES.TXT
drwxr-xr-x 7 root root 32768 2025-01-08 23:30 ./patches/packages
drwxr-xr-x 4 root root 4096 2025-01-14 23:56 ./patches
-rw-r--r-- 1 root root 142654 2025-01-14 23:56 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 195 2025-01-14 23:56 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 196688 2025-01-14 23:56 ./patches/FILE_LIST
-rw-r--r-- 1 root root 18968795 2025-01-14 23:56 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 100361 2025-01-14 23:56 ./patches/PACKAGES.TXT
drwxr-xr-x 7 root root 32768 2025-01-14 23:56 ./patches/packages
-rw-r--r-- 1 root root 360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@ -1217,9 +1217,9 @@ drwxr-xr-x 2 root root 4096 2024-06-08 19:45 ./patches/packages/old-linux
-rw-r--r-- 1 root root 460 2023-09-03 18:56 ./patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txt
-rw-r--r-- 1 root root 1579796 2023-09-03 18:56 ./patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-09-03 18:56 ./patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txz.asc
-rw-r--r-- 1 root root 525 2022-10-21 18:08 ./patches/packages/rsync-3.2.7-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 383704 2022-10-21 18:08 ./patches/packages/rsync-3.2.7-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-10-21 18:08 ./patches/packages/rsync-3.2.7-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 525 2025-01-14 21:06 ./patches/packages/rsync-3.4.0-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 385284 2025-01-14 21:06 ./patches/packages/rsync-3.4.0-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 195 2025-01-14 21:06 ./patches/packages/rsync-3.4.0-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 385 2024-04-23 22:02 ./patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 7741904 2024-04-23 22:02 ./patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 195 2024-04-23 22:02 ./patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txz.asc
@ -1319,7 +1319,7 @@ drwxr-xr-x 2 root root 4096 2024-06-08 19:45 ./patches/packages/old-linux
-rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 136 root root 4096 2025-01-08 23:25 ./patches/source
drwxr-xr-x 136 root root 4096 2025-01-14 23:07 ./patches/source
drwxr-xr-x 2 root root 4096 2023-09-26 19:22 ./patches/source/Cython
-rw-r--r-- 1 root root 1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
-rwxr-xr-x 1 root root 3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@ -2488,9 +2488,9 @@ drwxr-xr-x 3 root root 4096 2023-09-03 18:45 ./patches/source/rocs/src
drwxr-xr-x 2 root root 4096 2023-09-03 18:45 ./patches/source/rocs/src/applications
-rw-r--r-- 1 root root 1558900 2022-01-04 09:53 ./patches/source/rocs/src/applications/rocs-21.12.1.tar.xz
-rw-r--r-- 1 root root 833 2022-01-04 09:53 ./patches/source/rocs/src/applications/rocs-21.12.1.tar.xz.sig
drwxr-xr-x 2 root root 4096 2022-10-21 18:07 ./patches/source/rsync
-rw-r--r-- 1 root root 768744 2022-10-21 00:58 ./patches/source/rsync/rsync-3.2.7.tar.xz
-rwxr-xr-x 1 root root 3680 2022-08-15 18:00 ./patches/source/rsync/rsync.SlackBuild
drwxr-xr-x 2 root root 4096 2025-01-14 20:44 ./patches/source/rsync
-rw-r--r-- 1 root root 780344 2025-01-14 19:17 ./patches/source/rsync/rsync-3.4.0.tar.lz
-rwxr-xr-x 1 root root 3679 2025-01-14 20:44 ./patches/source/rsync/rsync.SlackBuild
-rw-r--r-- 1 root root 978 2018-02-27 06:13 ./patches/source/rsync/slack-desc
drwxr-xr-x 2 root root 4096 2024-04-23 21:56 ./patches/source/ruby
-rw-r--r-- 1 root root 15495545 2024-04-23 11:16 ./patches/source/ruby/ruby-3.0.7.tar.lz

0
extra/llvm-19.1.6-x86_64-1_slack15.0.txt → extra/llvm-19.1.7-x86_64-1_slack15.0.txt
View file

0
patches/packages/rsync-3.2.7-x86_64-1_slack15.0.txt → patches/packages/rsync-3.4.0-x86_64-1_slack15.0.txt
View file

1
patches/source/rsync/rsync.SlackBuild
View file

@ -117,4 +117,3 @@ cat $CWD/slack-desc > $PKG/install/slack-desc
# Build the package:
cd $PKG
/sbin/makepkg -l y -c n $TMP/rsync-$VERSION-$ARCH-$BUILD.txz