diff --git a/ChangeLog.rss b/ChangeLog.rss
index 1084b0ec1..a34e05559 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,9 +11,69 @@
Tracking Slackware development in git.
en-us
urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f
- Thu, 18 Jul 2024 20:01:18 GMT
- Fri, 19 Jul 2024 11:30:51 GMT
+ Tue, 23 Jul 2024 18:54:25 GMT
+ Wed, 24 Jul 2024 11:30:46 GMT
maintain_current_git.sh v 1.17
+ -
+ Tue, 23 Jul 2024 18:54:25 GMT
+ Tue, 23 Jul 2024 18:54:25 GMT
+ https://git.slackware.nl/current/tag/?h=20240723185425
+ 20240723185425
+
+
+patches/packages/bind-9.18.28-x86_64-1_slack15.0.txz: Upgraded.
+ Please note that we have moved to the 9.18 branch, as 9.16 is EOL.
+ This update fixes security issues:
+ Remove SIG(0) support from named as a countermeasure for CVE-2024-1975.
+ qctx-zversion was not being cleared when it should have been leading to
+ an assertion failure if it needed to be reused.
+ An excessively large number of rrtypes per owner can slow down database query
+ processing, so a limit has been placed on the number of rrtypes that can be
+ stored per owner (node) in a cache or zone database. This is configured with
+ the new "max-rrtypes-per-name" option, and defaults to 100.
+ Excessively large rdatasets can slow down database query processing, so a
+ limit has been placed on the number of records that can be stored per
+ rdataset in a cache or zone database. This is configured with the new
+ "max-records-per-type" option, and defaults to 100.
+ Malicious DNS client that sends many queries over TCP but never reads
+ responses can cause server to respond slowly or not respond at all for other
+ clients.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2024-1975
+ https://www.cve.org/CVERecord?id=CVE-2024-4076
+ https://www.cve.org/CVERecord?id=CVE-2024-1737
+ https://www.cve.org/CVERecord?id=CVE-2024-0760
+ (* Security fix *)
+patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txz: Rebuilt.
+patches/packages/glibc-2.33-x86_64-7_slack15.0.txz: Rebuilt.
+ This update fixes security issues:
+ nscd: Stack-based buffer overflow in netgroup cache.
+ nscd: Null pointer crash after notfound response.
+ nscd: netgroup cache may terminate daemon on memory allocation failure.
+ nscd: netgroup cache assumes NSS callback uses in-buffer strings.
+ These vulnerabilities were only present in the nscd binary.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2024-33599
+ https://www.cve.org/CVERecord?id=CVE-2024-33600
+ https://www.cve.org/CVERecord?id=CVE-2024-33601
+ https://www.cve.org/CVERecord?id=CVE-2024-33602
+ (* Security fix *)
+patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txz: Rebuilt.
+patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txz: Rebuilt.
+patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txz: Upgraded.
+ This release contains security fixes and improvements.
+ For more information, see:
+ https://www.mozilla.org/en-US/thunderbird/115.13.0/releasenotes/
+ https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/
+ https://www.cve.org/CVERecord?id=CVE-2024-6600
+ https://www.cve.org/CVERecord?id=CVE-2024-6601
+ https://www.cve.org/CVERecord?id=CVE-2024-6602
+ https://www.cve.org/CVERecord?id=CVE-2024-6603
+ https://www.cve.org/CVERecord?id=CVE-2024-6604
+ (* Security fix *)
+ ]]>
+
+
-
Thu, 18 Jul 2024 20:01:18 GMT
Thu, 18 Jul 2024 20:01:18 GMT
diff --git a/ChangeLog.txt b/ChangeLog.txt
index c208645cf..102b1afc7 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,55 @@
+Tue Jul 23 18:54:25 UTC 2024
+patches/packages/bind-9.18.28-x86_64-1_slack15.0.txz: Upgraded.
+ Please note that we have moved to the 9.18 branch, as 9.16 is EOL.
+ This update fixes security issues:
+ Remove SIG(0) support from named as a countermeasure for CVE-2024-1975.
+ qctx-zversion was not being cleared when it should have been leading to
+ an assertion failure if it needed to be reused.
+ An excessively large number of rrtypes per owner can slow down database query
+ processing, so a limit has been placed on the number of rrtypes that can be
+ stored per owner (node) in a cache or zone database. This is configured with
+ the new "max-rrtypes-per-name" option, and defaults to 100.
+ Excessively large rdatasets can slow down database query processing, so a
+ limit has been placed on the number of records that can be stored per
+ rdataset in a cache or zone database. This is configured with the new
+ "max-records-per-type" option, and defaults to 100.
+ Malicious DNS client that sends many queries over TCP but never reads
+ responses can cause server to respond slowly or not respond at all for other
+ clients.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2024-1975
+ https://www.cve.org/CVERecord?id=CVE-2024-4076
+ https://www.cve.org/CVERecord?id=CVE-2024-1737
+ https://www.cve.org/CVERecord?id=CVE-2024-0760
+ (* Security fix *)
+patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txz: Rebuilt.
+patches/packages/glibc-2.33-x86_64-7_slack15.0.txz: Rebuilt.
+ This update fixes security issues:
+ nscd: Stack-based buffer overflow in netgroup cache.
+ nscd: Null pointer crash after notfound response.
+ nscd: netgroup cache may terminate daemon on memory allocation failure.
+ nscd: netgroup cache assumes NSS callback uses in-buffer strings.
+ These vulnerabilities were only present in the nscd binary.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2024-33599
+ https://www.cve.org/CVERecord?id=CVE-2024-33600
+ https://www.cve.org/CVERecord?id=CVE-2024-33601
+ https://www.cve.org/CVERecord?id=CVE-2024-33602
+ (* Security fix *)
+patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txz: Rebuilt.
+patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txz: Rebuilt.
+patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txz: Upgraded.
+ This release contains security fixes and improvements.
+ For more information, see:
+ https://www.mozilla.org/en-US/thunderbird/115.13.0/releasenotes/
+ https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/
+ https://www.cve.org/CVERecord?id=CVE-2024-6600
+ https://www.cve.org/CVERecord?id=CVE-2024-6601
+ https://www.cve.org/CVERecord?id=CVE-2024-6602
+ https://www.cve.org/CVERecord?id=CVE-2024-6603
+ https://www.cve.org/CVERecord?id=CVE-2024-6604
+ (* Security fix *)
++--------------------------+
Thu Jul 18 20:01:18 UTC 2024
patches/packages/httpd-2.4.62-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
diff --git a/FILELIST.TXT b/FILELIST.TXT
index 935ddf9eb..537ea37dd 100644
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@@ -1,20 +1,20 @@
-Thu Jul 18 20:04:43 UTC 2024
+Tue Jul 23 18:59:27 UTC 2024
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
-drwxr-xr-x 12 root root 4096 2024-07-18 20:01 .
+drwxr-xr-x 12 root root 4096 2024-07-23 18:54 .
-rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0
-rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
--rw-r--r-- 1 root root 1247109 2024-07-17 19:32 ./CHECKSUMS.md5
--rw-r--r-- 1 root root 195 2024-07-17 19:32 ./CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 1247109 2024-07-18 20:05 ./CHECKSUMS.md5
+-rw-r--r-- 1 root root 195 2024-07-18 20:05 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r-- 1 root root 2144247 2024-07-18 20:01 ./ChangeLog.txt
+-rw-r--r-- 1 root root 2147120 2024-07-23 18:54 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r-- 1 root root 1631704 2024-07-17 19:32 ./FILELIST.TXT
+-rw-r--r-- 1 root root 1631704 2024-07-18 20:04 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT
@@ -832,13 +832,13 @@ drwxr-xr-x 2 root root 4096 2022-12-17 19:52 ./pasture/source/samba
-rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
-rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
-rw-r--r-- 1 root root 536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
-drwxr-xr-x 4 root root 4096 2024-07-18 20:04 ./patches
--rw-r--r-- 1 root root 127244 2024-07-18 20:04 ./patches/CHECKSUMS.md5
--rw-r--r-- 1 root root 195 2024-07-18 20:04 ./patches/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 173167 2024-07-18 20:04 ./patches/FILE_LIST
--rw-r--r-- 1 root root 17989057 2024-07-18 20:04 ./patches/MANIFEST.bz2
--rw-r--r-- 1 root root 90205 2024-07-18 20:04 ./patches/PACKAGES.TXT
-drwxr-xr-x 7 root root 32768 2024-07-18 20:04 ./patches/packages
+drwxr-xr-x 4 root root 4096 2024-07-23 18:59 ./patches
+-rw-r--r-- 1 root root 127687 2024-07-23 18:59 ./patches/CHECKSUMS.md5
+-rw-r--r-- 1 root root 195 2024-07-23 18:59 ./patches/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 173700 2024-07-23 18:59 ./patches/FILE_LIST
+-rw-r--r-- 1 root root 18013603 2024-07-23 18:59 ./patches/MANIFEST.bz2
+-rw-r--r-- 1 root root 90205 2024-07-23 18:59 ./patches/PACKAGES.TXT
+drwxr-xr-x 7 root root 32768 2024-07-23 18:59 ./patches/packages
-rw-r--r-- 1 root root 360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@@ -848,9 +848,9 @@ drwxr-xr-x 7 root root 32768 2024-07-18 20:04 ./patches/packages
-rw-r--r-- 1 root root 327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt
-rw-r--r-- 1 root root 10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc
--rw-r--r-- 1 root root 371 2024-04-18 18:20 ./patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txt
--rw-r--r-- 1 root root 2717232 2024-04-18 18:20 ./patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz
--rw-r--r-- 1 root root 195 2024-04-18 18:20 ./patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz.asc
+-rw-r--r-- 1 root root 371 2024-07-23 17:44 ./patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txt
+-rw-r--r-- 1 root root 2712164 2024-07-23 17:44 ./patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txz
+-rw-r--r-- 1 root root 195 2024-07-23 17:44 ./patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txz.asc
-rw-r--r-- 1 root root 275 2023-02-01 21:43 ./patches/packages/apr-1.7.2-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 265316 2023-02-01 21:43 ./patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-02-01 21:43 ./patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz.asc
@@ -860,9 +860,9 @@ drwxr-xr-x 7 root root 32768 2024-07-18 20:04 ./patches/packages
-rw-r--r-- 1 root root 326 2022-02-07 18:56 ./patches/packages/at-3.2.3-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 43124 2022-02-07 18:56 ./patches/packages/at-3.2.3-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-02-07 18:56 ./patches/packages/at-3.2.3-x86_64-1_slack15.0.txz.asc
--rw-r--r-- 1 root root 334 2024-04-18 17:18 ./patches/packages/bind-9.16.50-x86_64-1_slack15.0.txt
--rw-r--r-- 1 root root 2233188 2024-04-18 17:18 ./patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz
--rw-r--r-- 1 root root 195 2024-04-18 17:18 ./patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz.asc
+-rw-r--r-- 1 root root 334 2024-07-23 17:58 ./patches/packages/bind-9.18.28-x86_64-1_slack15.0.txt
+-rw-r--r-- 1 root root 2467400 2024-07-23 17:58 ./patches/packages/bind-9.18.28-x86_64-1_slack15.0.txz
+-rw-r--r-- 1 root root 195 2024-07-23 17:58 ./patches/packages/bind-9.18.28-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 333 2024-06-26 20:05 ./patches/packages/bluez-5.71-x86_64-3_slack15.0.txt
-rw-r--r-- 1 root root 1468212 2024-06-26 20:05 ./patches/packages/bluez-5.71-x86_64-3_slack15.0.txz
-rw-r--r-- 1 root root 195 2024-06-26 20:05 ./patches/packages/bluez-5.71-x86_64-3_slack15.0.txz.asc
@@ -929,15 +929,15 @@ drwxr-xr-x 7 root root 32768 2024-07-18 20:04 ./patches/packages
-rw-r--r-- 1 root root 397 2024-05-15 22:52 ./patches/packages/git-2.39.4-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 7315620 2024-05-15 22:52 ./patches/packages/git-2.39.4-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 195 2024-05-15 22:52 ./patches/packages/git-2.39.4-x86_64-1_slack15.0.txz.asc
--rw-r--r-- 1 root root 313 2024-04-18 18:21 ./patches/packages/glibc-2.33-x86_64-6_slack15.0.txt
--rw-r--r-- 1 root root 5280920 2024-04-18 18:21 ./patches/packages/glibc-2.33-x86_64-6_slack15.0.txz
--rw-r--r-- 1 root root 195 2024-04-18 18:21 ./patches/packages/glibc-2.33-x86_64-6_slack15.0.txz.asc
--rw-r--r-- 1 root root 353 2024-04-18 18:20 ./patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txt
--rw-r--r-- 1 root root 12117268 2024-04-18 18:20 ./patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz
--rw-r--r-- 1 root root 195 2024-04-18 18:20 ./patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz.asc
--rw-r--r-- 1 root root 507 2024-04-18 18:20 ./patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txt
--rw-r--r-- 1 root root 1426960 2024-04-18 18:20 ./patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz
--rw-r--r-- 1 root root 195 2024-04-18 18:20 ./patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz.asc
+-rw-r--r-- 1 root root 313 2024-07-23 17:44 ./patches/packages/glibc-2.33-x86_64-7_slack15.0.txt
+-rw-r--r-- 1 root root 5272508 2024-07-23 17:44 ./patches/packages/glibc-2.33-x86_64-7_slack15.0.txz
+-rw-r--r-- 1 root root 195 2024-07-23 17:44 ./patches/packages/glibc-2.33-x86_64-7_slack15.0.txz.asc
+-rw-r--r-- 1 root root 353 2024-07-23 17:44 ./patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txt
+-rw-r--r-- 1 root root 12094888 2024-07-23 17:44 ./patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txz
+-rw-r--r-- 1 root root 195 2024-07-23 17:44 ./patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txz.asc
+-rw-r--r-- 1 root root 507 2024-07-23 17:43 ./patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txt
+-rw-r--r-- 1 root root 1428536 2024-07-23 17:43 ./patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txz
+-rw-r--r-- 1 root root 195 2024-07-23 17:43 ./patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txz.asc
-rw-r--r-- 1 root root 503 2024-02-03 18:53 ./patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txt
-rw-r--r-- 1 root root 210604 2024-02-03 18:53 ./patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2024-02-03 18:53 ./patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz.asc
@@ -1047,9 +1047,9 @@ drwxr-xr-x 2 root root 4096 2024-06-16 21:36 ./patches/packages/linux-5.1
-rw-r--r-- 1 root root 564 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 1838968 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz.asc
--rw-r--r-- 1 root root 663 2024-07-13 18:26 ./patches/packages/mozilla-thunderbird-115.12.2-x86_64-1_slack15.0.txt
--rw-r--r-- 1 root root 60823332 2024-07-13 18:26 ./patches/packages/mozilla-thunderbird-115.12.2-x86_64-1_slack15.0.txz
--rw-r--r-- 1 root root 195 2024-07-13 18:26 ./patches/packages/mozilla-thunderbird-115.12.2-x86_64-1_slack15.0.txz.asc
+-rw-r--r-- 1 root root 663 2024-07-20 12:32 ./patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txt
+-rw-r--r-- 1 root root 60829832 2024-07-20 12:32 ./patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txz
+-rw-r--r-- 1 root root 195 2024-07-20 12:32 ./patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 451 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 1598024 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz.asc
@@ -1279,7 +1279,7 @@ drwxr-xr-x 2 root root 4096 2024-06-08 19:45 ./patches/packages/old-linux
-rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 119 root root 4096 2024-07-18 18:16 ./patches/source
+drwxr-xr-x 119 root root 4096 2024-07-23 18:40 ./patches/source
drwxr-xr-x 2 root root 4096 2023-09-26 19:22 ./patches/source/Cython
-rw-r--r-- 1 root root 1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
-rwxr-xr-x 1 root root 3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@@ -1319,11 +1319,11 @@ drwxr-xr-x 2 root root 4096 2022-02-07 18:45 ./patches/source/at
-rw-r--r-- 1 root root 428 2018-06-13 02:51 ./patches/source/at/doinst.sh.gz
-rw-r--r-- 1 root root 669 2018-06-14 18:38 ./patches/source/at/rc.atd
-rw-r--r-- 1 root root 776 2019-10-17 17:50 ./patches/source/at/slack-desc
-drwxr-xr-x 3 root root 4096 2024-04-18 17:10 ./patches/source/bind
+drwxr-xr-x 3 root root 4096 2024-07-23 17:57 ./patches/source/bind
-rw-r--r-- 1 root root 5120 2007-06-08 04:48 ./patches/source/bind/3link.sh
--rw-r--r-- 1 root root 5134620 2024-04-17 15:59 ./patches/source/bind/bind-9.16.50.tar.xz
--rw-r--r-- 1 root root 833 2024-04-17 15:59 ./patches/source/bind/bind-9.16.50.tar.xz.asc
--rwxr-xr-x 1 root root 5848 2023-12-21 19:03 ./patches/source/bind/bind.SlackBuild
+-rw-r--r-- 1 root root 5533340 2024-07-23 13:02 ./patches/source/bind/bind-9.18.28.tar.xz
+-rw-r--r-- 1 root root 833 2024-07-23 13:02 ./patches/source/bind/bind-9.18.28.tar.xz.asc
+-rwxr-xr-x 1 root root 5848 2023-12-21 19:04 ./patches/source/bind/bind.SlackBuild
drwxr-xr-x 2 root root 4096 2023-11-07 19:28 ./patches/source/bind/caching-example
-rw-r--r-- 1 root root 195 2001-05-18 02:03 ./patches/source/bind/caching-example/localhost.zone
-rw-r--r-- 1 root root 3313 2023-11-07 19:15 ./patches/source/bind/caching-example/named.ca
@@ -1533,10 +1533,10 @@ drwxr-xr-x 2 root root 4096 2006-12-03 23:10 ./patches/source/glibc-zonei
-rw-r--r-- 1 root root 833 2021-02-01 19:21 ./patches/source/glibc/glibc-2.33.tar.xz.sig
-rw-r--r-- 1 root root 2617 2016-08-08 14:05 ./patches/source/glibc/glibc-c-utf8-locale.patch.gz
-rwxr-xr-x 1 root root 174 2004-08-09 06:21 ./patches/source/glibc/glibc-cvs-checkout.sh
--rwxr-xr-x 1 root root 16097 2024-04-18 18:02 ./patches/source/glibc/glibc.SlackBuild
+-rwxr-xr-x 1 root root 16097 2024-07-23 17:26 ./patches/source/glibc/glibc.SlackBuild
-rw-r--r-- 1 root root 312 2019-02-16 20:06 ./patches/source/glibc/glibc.locale.no-archive.diff.gz
-rw-r--r-- 1 root root 213 2006-08-22 06:33 ./patches/source/glibc/glibc.ru_RU.CP1251.diff.gz
-drwxr-xr-x 2 root root 4096 2024-04-18 18:14 ./patches/source/glibc/patches
+drwxr-xr-x 2 root root 4096 2024-07-23 17:33 ./patches/source/glibc/patches
-rw-r--r-- 1 root root 899 2021-02-09 19:43 ./patches/source/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch.gz
-rw-r--r-- 1 root root 349 2021-08-07 18:22 ./patches/source/glibc/patches/CVE-2021-27645.patch.gz
-rw-r--r-- 1 root root 1145 2021-08-07 18:16 ./patches/source/glibc/patches/CVE-2021-33574_1.patch.gz
@@ -1544,6 +1544,11 @@ drwxr-xr-x 2 root root 4096 2024-04-18 18:14 ./patches/source/glibc/patch
-rw-r--r-- 1 root root 746 2021-08-07 18:18 ./patches/source/glibc/patches/CVE-2021-35942.patch.gz
-rw-r--r-- 1 root root 900 2021-08-17 19:01 ./patches/source/glibc/patches/CVE-2021-38604.patch.gz
-rw-r--r-- 1 root root 2656 2024-04-18 18:14 ./patches/source/glibc/patches/CVE-2024-2961_glibc2.33.patch.gz
+-rw-r--r-- 1 root root 780 2024-07-23 17:22 ./patches/source/glibc/patches/CVE-2024-33599.patch.gz
+-rw-r--r-- 1 root root 960 2024-07-23 17:23 ./patches/source/glibc/patches/CVE-2024-33600-1.patch.gz
+-rw-r--r-- 1 root root 1242 2024-07-23 17:24 ./patches/source/glibc/patches/CVE-2024-33600-2.patch.gz
+-rw-r--r-- 1 root root 4195 2024-07-23 17:25 ./patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_1.patch.gz
+-rw-r--r-- 1 root root 719 2024-07-23 17:32 ./patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_2.patch.gz
-rw-r--r-- 1 root root 2959 2021-04-01 23:15 ./patches/source/glibc/patches/cdc31409bd4f878577059e70dbd52a28643ec609.patch.gz
-rw-r--r-- 1 root root 2089 2022-01-24 19:33 ./patches/source/glibc/patches/glibc.CVE-2021-3998.patch.gz
-rw-r--r-- 1 root root 4102 2022-01-24 18:18 ./patches/source/glibc/patches/glibc.CVE-2021-3999.patch.gz
@@ -1858,7 +1863,7 @@ drwxr-xr-x 2 root root 4096 2023-01-06 19:30 ./patches/source/mozilla-nss
-rw-r--r-- 1 root root 37770371 2023-01-05 18:00 ./patches/source/mozilla-nss/nss-3.87.tar.lz
-rw-r--r-- 1 root root 2488 2012-04-29 21:05 ./patches/source/mozilla-nss/nss-config.in
-rw-r--r-- 1 root root 1023 2018-02-27 06:12 ./patches/source/mozilla-nss/slack-desc
-drwxr-xr-x 4 root root 4096 2024-07-13 17:01 ./patches/source/mozilla-thunderbird
+drwxr-xr-x 4 root root 4096 2024-07-20 03:40 ./patches/source/mozilla-thunderbird
drwxr-xr-x 2 root root 4096 2016-07-03 18:05 ./patches/source/mozilla-thunderbird/autoconf
-rw-r--r-- 1 root root 5869 2016-07-03 18:04 ./patches/source/mozilla-thunderbird/autoconf/autoconf-2.13-consolidated_fixes-1.patch.gz
-rw-r--r-- 1 root root 300116 1999-01-15 21:03 ./patches/source/mozilla-thunderbird/autoconf/autoconf-2.13.tar.xz
@@ -1882,8 +1887,8 @@ drwxr-xr-x 2 root root 4096 2024-07-09 17:25 ./patches/source/mozilla-thu
-rwxr-xr-x 1 root root 13127 2024-07-13 17:35 ./patches/source/mozilla-thunderbird/mozilla-thunderbird.SlackBuild
-rw-r--r-- 1 root root 1130 2018-02-27 06:47 ./patches/source/mozilla-thunderbird/slack-desc
-rw-r--r-- 1 root root 330 2019-08-27 16:35 ./patches/source/mozilla-thunderbird/tb.ui.scrollToClick.diff.gz
--rw-r--r-- 1 root root 529634488 2024-06-22 18:56 ./patches/source/mozilla-thunderbird/thunderbird-115.12.2.source.tar.xz
--rw-r--r-- 1 root root 833 2024-06-22 18:56 ./patches/source/mozilla-thunderbird/thunderbird-115.12.2.source.tar.xz.asc
+-rw-r--r-- 1 root root 536438476 2024-07-16 12:53 ./patches/source/mozilla-thunderbird/thunderbird-115.13.0.source.tar.xz
+-rw-r--r-- 1 root root 833 2024-07-16 12:53 ./patches/source/mozilla-thunderbird/thunderbird-115.13.0.source.tar.xz.asc
-rw-r--r-- 1 root root 3378 2005-03-08 05:13 ./patches/source/mozilla-thunderbird/thunderbird.desktop
drwxr-xr-x 2 root root 4096 2022-07-21 17:44 ./patches/source/net-snmp
-rw-r--r-- 1 root root 356 2021-12-21 18:38 ./patches/source/net-snmp/doinst.sh.gz
@@ -2567,11 +2572,11 @@ drwxr-xr-x 2 root root 4096 2024-07-10 20:35 ./patches/source/xorg-server
-rw-r--r-- 1 root root 1600 2024-04-03 22:11 ./patches/source/xorg-server/patch/xorg-server/CVE-2024-31083.patch.gz
-rw-r--r-- 1 root root 298 2018-05-30 05:02 ./patches/source/xorg-server/patch/xorg-server/fix-nouveau-segfault.diff.gz
-rw-r--r-- 1 root root 357 2020-09-11 18:38 ./patches/source/xorg-server/patch/xorg-server/fix-pci-segfault.diff.gz
--rw-r--r-- 1 root root 340 2012-04-14 03:01 ./patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff.gz
--rw-r--r-- 1 root root 897 2016-04-14 16:42 ./patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch.gz
-drwxr-xr-x 2 root root 4096 2022-07-12 19:52 ./patches/source/xorg-server/post-install
--rw-r--r-- 1 root root 2848 2017-01-18 00:22 ./patches/source/xorg-server/post-install/xorg-server.post-install
-drwxr-xr-x 2 root root 4096 2013-04-18 22:44 ./patches/source/xorg-server/slack-desc
+-rw-r--r-- 1 root root 340 2012-04-14 03:01 ./patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff.gz
+-rw-r--r-- 1 root root 897 2016-04-14 16:42 ./patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch.gz
+drwxr-xr-x 2 root root 4096 2022-07-12 19:52 ./patches/source/xorg-server/post-install
+-rw-r--r-- 1 root root 2848 2017-01-18 00:22 ./patches/source/xorg-server/post-install/xorg-server.post-install
+drwxr-xr-x 2 root root 4096 2013-04-18 22:44 ./patches/source/xorg-server/slack-desc
-rw-r--r-- 1 root root 1132 2022-07-12 19:54 ./patches/source/xorg-server/slack-desc/xorg-server
-rw-r--r-- 1 root root 839 2009-05-30 01:47 ./patches/source/xorg-server/slack-desc/xorg-server-xephyr
-rw-r--r-- 1 root root 1060 2018-02-26 23:03 ./patches/source/xorg-server/slack-desc/xorg-server-xnest
@@ -5333,13 +5338,13 @@ drwxr-xr-x 2 root root 69632 2022-02-02 04:20 ./slackware64/l
-rw-r--r-- 1 root root 371 2021-02-13 07:15 ./slackware64/l/libunistring-0.9.10-x86_64-3.txt
-rw-r--r-- 1 root root 529024 2021-02-13 07:15 ./slackware64/l/libunistring-0.9.10-x86_64-3.txz
-rw-r--r-- 1 root root 163 2021-02-13 07:15 ./slackware64/l/libunistring-0.9.10-x86_64-3.txz.asc
--rw-r--r-- 1 root root 679 2022-01-16 20:29 ./slackware64/l/libunwind-1.6.2-x86_64-1.txt
--rw-r--r-- 1 root root 113552 2022-01-16 20:29 ./slackware64/l/libunwind-1.6.2-x86_64-1.txz
--rw-r--r-- 1 root root 163 2022-01-16 20:29 ./slackware64/l/libunwind-1.6.2-x86_64-1.txz.asc
--rw-r--r-- 1 root root 427 2021-10-16 18:11 ./slackware64/l/liburing-2.1-x86_64-2.txt
--rw-r--r-- 1 root root 56500 2021-10-16 18:11 ./slackware64/l/liburing-2.1-x86_64-2.txz
--rw-r--r-- 1 root root 163 2021-10-16 18:11 ./slackware64/l/liburing-2.1-x86_64-2.txz.asc
--rw-r--r-- 1 root root 287 2021-04-16 18:12 ./slackware64/l/libusb-1.0.24-x86_64-4.txt
+-rw-r--r-- 1 root root 679 2022-01-16 20:29 ./slackware64/l/libunwind-1.6.2-x86_64-1.txt
+-rw-r--r-- 1 root root 113552 2022-01-16 20:29 ./slackware64/l/libunwind-1.6.2-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2022-01-16 20:29 ./slackware64/l/libunwind-1.6.2-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 427 2021-10-16 18:11 ./slackware64/l/liburing-2.1-x86_64-2.txt
+-rw-r--r-- 1 root root 56500 2021-10-16 18:11 ./slackware64/l/liburing-2.1-x86_64-2.txz
+-rw-r--r-- 1 root root 163 2021-10-16 18:11 ./slackware64/l/liburing-2.1-x86_64-2.txz.asc
+-rw-r--r-- 1 root root 287 2021-04-16 18:12 ./slackware64/l/libusb-1.0.24-x86_64-4.txt
-rw-r--r-- 1 root root 78376 2021-04-16 18:12 ./slackware64/l/libusb-1.0.24-x86_64-4.txz
-rw-r--r-- 1 root root 163 2021-04-16 18:12 ./slackware64/l/libusb-1.0.24-x86_64-4.txz.asc
-rw-r--r-- 1 root root 444 2021-05-17 18:17 ./slackware64/l/libusb-compat-0.1.7-x86_64-1.txt
@@ -8232,14 +8237,14 @@ drwxr-xr-x 2 root root 4096 2020-01-12 21:23 ./source/a/nvi/patches
drwxr-xr-x 2 root root 4096 2021-07-11 17:53 ./source/a/os-prober
-rwxr-xr-x 1 root root 4560 2021-07-11 17:53 ./source/a/os-prober/os-prober.SlackBuild
-rw-r--r-- 1 root root 682 2019-08-06 04:39 ./source/a/os-prober/os-prober.lvm2.diff.gz
--rw-r--r-- 1 root root 338 2013-08-30 20:22 ./source/a/os-prober/os-prober.reiserfs.diff.gz
--rw-r--r-- 1 root root 27140 2021-07-10 23:07 ./source/a/os-prober/os-prober_1.79.tar.xz
--rw-r--r-- 1 root root 874 2018-02-27 06:13 ./source/a/os-prober/slack-desc
-drwxr-xr-x 4 root root 4096 2021-09-04 03:07 ./source/a/pam
--rw-r--r-- 1 root root 988784 2021-09-03 12:20 ./source/a/pam/Linux-PAM-1.5.2.tar.xz
--rw-r--r-- 1 root root 801 2021-09-03 12:20 ./source/a/pam/Linux-PAM-1.5.2.tar.xz.asc
--rw-r--r-- 1 root root 252 2014-07-26 06:55 ./source/a/pam/doinst.sh.gz
-drwxr-xr-x 2 root root 4096 2020-11-11 19:58 ./source/a/pam/fedora-patches
+-rw-r--r-- 1 root root 338 2013-08-30 20:22 ./source/a/os-prober/os-prober.reiserfs.diff.gz
+-rw-r--r-- 1 root root 27140 2021-07-10 23:07 ./source/a/os-prober/os-prober_1.79.tar.xz
+-rw-r--r-- 1 root root 874 2018-02-27 06:13 ./source/a/os-prober/slack-desc
+drwxr-xr-x 4 root root 4096 2021-09-04 03:07 ./source/a/pam
+-rw-r--r-- 1 root root 988784 2021-09-03 12:20 ./source/a/pam/Linux-PAM-1.5.2.tar.xz
+-rw-r--r-- 1 root root 801 2021-09-03 12:20 ./source/a/pam/Linux-PAM-1.5.2.tar.xz.asc
+-rw-r--r-- 1 root root 252 2014-07-26 06:55 ./source/a/pam/doinst.sh.gz
+drwxr-xr-x 2 root root 4096 2020-11-11 19:58 ./source/a/pam/fedora-patches
-rw-r--r-- 1 root root 487 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch.gz
-rw-r--r-- 1 root root 534 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch.gz
-rw-r--r-- 1 root root 541 2019-02-02 06:05 ./source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch.gz
@@ -11359,10 +11364,10 @@ drwxr-xr-x 3 root root 12288 2022-01-21 19:09 ./source/kde/kde/src/framewor
-rw-r--r-- 1 root root 125136 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kcompletion-5.90.0.tar.xz
-rw-r--r-- 1 root root 488 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kcompletion-5.90.0.tar.xz.sig
-rw-r--r-- 1 root root 279744 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kconfig-5.90.0.tar.xz
--rw-r--r-- 1 root root 488 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kconfig-5.90.0.tar.xz.sig
--rw-r--r-- 1 root root 414176 2022-01-21 17:00 ./source/kde/kde/src/frameworks/kconfigwidgets-5.90.1.tar.xz
--rw-r--r-- 1 root root 488 2022-01-21 17:00 ./source/kde/kde/src/frameworks/kconfigwidgets-5.90.1.tar.xz.sig
--rw-r--r-- 1 root root 183196 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kcontacts-5.90.0.tar.xz
+-rw-r--r-- 1 root root 488 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kconfig-5.90.0.tar.xz.sig
+-rw-r--r-- 1 root root 414176 2022-01-21 17:00 ./source/kde/kde/src/frameworks/kconfigwidgets-5.90.1.tar.xz
+-rw-r--r-- 1 root root 488 2022-01-21 17:00 ./source/kde/kde/src/frameworks/kconfigwidgets-5.90.1.tar.xz.sig
+-rw-r--r-- 1 root root 183196 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kcontacts-5.90.0.tar.xz
-rw-r--r-- 1 root root 488 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kcontacts-5.90.0.tar.xz.sig
-rw-r--r-- 1 root root 445896 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kcoreaddons-5.90.0.tar.xz
-rw-r--r-- 1 root root 488 2022-01-01 14:29 ./source/kde/kde/src/frameworks/kcoreaddons-5.90.0.tar.xz.sig
@@ -14718,13 +14723,13 @@ drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/n/telnet
drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/n/tftp-hpa
-rw-r--r-- 1 root root 1010 2018-02-27 06:13 ./source/n/tftp-hpa/slack-desc
-rw-r--r-- 1 root root 836 2011-12-11 22:15 ./source/n/tftp-hpa/tftp-hpa-5.2.tar.sign
--rw-r--r-- 1 root root 89564 2011-12-11 22:15 ./source/n/tftp-hpa/tftp-hpa-5.2.tar.xz
--rwxr-xr-x 1 root root 3220 2021-02-13 05:32 ./source/n/tftp-hpa/tftp-hpa.SlackBuild
--rw-r--r-- 1 root root 201 2021-01-16 18:55 ./source/n/tftp-hpa/tftp-hpa.fcommon.diff.gz
-drwxr-xr-x 2 root root 4096 2021-12-27 19:55 ./source/n/tin
--rw-r--r-- 1 root root 939 2018-02-27 06:13 ./source/n/tin/slack-desc
--rw-r--r-- 1 root root 1570500 2021-12-26 14:00 ./source/n/tin/tin-2.6.1.tar.xz
--rw-r--r-- 1 root root 286 2021-12-26 14:41 ./source/n/tin/tin-2.6.1.tar.xz.sign
+-rw-r--r-- 1 root root 89564 2011-12-11 22:15 ./source/n/tftp-hpa/tftp-hpa-5.2.tar.xz
+-rwxr-xr-x 1 root root 3220 2021-02-13 05:32 ./source/n/tftp-hpa/tftp-hpa.SlackBuild
+-rw-r--r-- 1 root root 201 2021-01-16 18:55 ./source/n/tftp-hpa/tftp-hpa.fcommon.diff.gz
+drwxr-xr-x 2 root root 4096 2021-12-27 19:55 ./source/n/tin
+-rw-r--r-- 1 root root 939 2018-02-27 06:13 ./source/n/tin/slack-desc
+-rw-r--r-- 1 root root 1570500 2021-12-26 14:00 ./source/n/tin/tin-2.6.1.tar.xz
+-rw-r--r-- 1 root root 286 2021-12-26 14:41 ./source/n/tin/tin-2.6.1.tar.xz.sign
-rwxr-xr-x 1 root root 3653 2021-09-27 18:04 ./source/n/tin/tin.SlackBuild
-rw-r--r-- 1 root root 40 2019-07-22 18:02 ./source/n/tin/tin.url
drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/n/traceroute
@@ -17067,32 +17072,14 @@ drwxr-xr-x 2 root root 4096 2021-02-13 05:32 ./source/y/nethack
-rwxr-xr-x 1 root root 4998 2021-02-13 05:32 ./source/y/nethack/nethack.SlackBuild
-rw-r--r-- 1 root root 59 2020-12-30 20:25 ./source/y/nethack/nethack.url
-rw-r--r-- 1 root root 1031 2020-12-30 21:50 ./source/y/nethack/slack-desc
-drwxr-xr-x 4 root root 4096 2024-05-16 01:17 ./testing
--rw-r--r-- 1 root root 2278 2024-05-16 01:17 ./testing/CHECKSUMS.md5
--rw-r--r-- 1 root root 195 2024-05-16 01:17 ./testing/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 2975 2024-05-16 01:17 ./testing/FILE_LIST
--rw-r--r-- 1 root root 36569 2024-05-16 01:17 ./testing/MANIFEST.bz2
--rw-r--r-- 1 root root 727 2024-05-16 01:17 ./testing/PACKAGES.TXT
-drwxr-xr-x 2 root root 4096 2024-05-16 01:17 ./testing/packages
--rw-r--r-- 1 root root 334 2024-05-15 22:40 ./testing/packages/bind-9.18.27-x86_64-1_slack15.0.txt
--rw-r--r-- 1 root root 2458740 2024-05-15 22:40 ./testing/packages/bind-9.18.27-x86_64-1_slack15.0.txz
--rw-r--r-- 1 root root 195 2024-05-15 22:40 ./testing/packages/bind-9.18.27-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 4 root root 4096 2024-05-16 00:10 ./testing/source
-drwxr-xr-x 3 root root 4096 2024-05-15 22:38 ./testing/source/bind
--rw-r--r-- 1 root root 5120 2007-06-08 04:48 ./testing/source/bind/3link.sh
--rw-r--r-- 1 root root 5524000 2024-05-15 15:52 ./testing/source/bind/bind-9.18.27.tar.xz
--rw-r--r-- 1 root root 833 2024-05-15 15:52 ./testing/source/bind/bind-9.18.27.tar.xz.asc
--rwxr-xr-x 1 root root 5848 2023-12-21 19:04 ./testing/source/bind/bind.SlackBuild
-drwxr-xr-x 2 root root 4096 2023-11-07 19:28 ./testing/source/bind/caching-example
--rw-r--r-- 1 root root 195 2001-05-18 02:03 ./testing/source/bind/caching-example/localhost.zone
--rw-r--r-- 1 root root 3313 2023-11-07 19:15 ./testing/source/bind/caching-example/named.ca
--rw-r--r-- 1 root root 681 2008-04-13 21:47 ./testing/source/bind/caching-example/named.conf
--rw-r--r-- 1 root root 433 2011-03-26 06:54 ./testing/source/bind/caching-example/named.local
--rw-r--r-- 1 root root 3311 2024-03-25 05:00 ./testing/source/bind/caching-example/named.root
--rw-r--r-- 1 root root 1067 2023-12-01 20:18 ./testing/source/bind/default.named
--rw-r--r-- 1 root root 532 2021-09-16 00:25 ./testing/source/bind/doinst.sh.gz
--rw-r--r-- 1 root root 4045 2023-11-07 19:20 ./testing/source/bind/rc.bind
--rw-r--r-- 1 root root 786 2018-02-27 06:13 ./testing/source/bind/slack-desc
+drwxr-xr-x 4 root root 4096 2024-07-23 18:59 ./testing
+-rw-r--r-- 1 root root 1154 2024-07-23 18:59 ./testing/CHECKSUMS.md5
+-rw-r--r-- 1 root root 195 2024-07-23 18:59 ./testing/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 1471 2024-07-23 18:59 ./testing/FILE_LIST
+-rw-r--r-- 1 root root 14 2024-07-23 18:59 ./testing/MANIFEST.bz2
+-rw-r--r-- 1 root root 224 2024-07-23 18:59 ./testing/PACKAGES.TXT
+drwxr-xr-x 2 root root 4096 2024-07-23 17:56 ./testing/packages
+drwxr-xr-x 3 root root 4096 2024-07-23 17:56 ./testing/source
drwxr-xr-x 2 root root 4096 2022-02-02 06:50 ./testing/source/linux-5.16.5-configs
-rw-r--r-- 1 root root 75 2022-02-01 04:54 ./testing/source/linux-5.16.5-configs/README
-rw-r--r-- 1 root root 238294 2022-02-02 06:54 ./testing/source/linux-5.16.5-configs/config-generic-5.16.5
diff --git a/patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txt b/patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txt
similarity index 100%
rename from patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txt
rename to patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txt
diff --git a/patches/packages/bind-9.16.50-x86_64-1_slack15.0.txt b/patches/packages/bind-9.18.28-x86_64-1_slack15.0.txt
similarity index 100%
rename from patches/packages/bind-9.16.50-x86_64-1_slack15.0.txt
rename to patches/packages/bind-9.18.28-x86_64-1_slack15.0.txt
diff --git a/patches/packages/glibc-2.33-x86_64-6_slack15.0.txt b/patches/packages/glibc-2.33-x86_64-7_slack15.0.txt
similarity index 100%
rename from patches/packages/glibc-2.33-x86_64-6_slack15.0.txt
rename to patches/packages/glibc-2.33-x86_64-7_slack15.0.txt
diff --git a/patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txt b/patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txt
similarity index 100%
rename from patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txt
rename to patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txt
diff --git a/patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txt b/patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txt
similarity index 100%
rename from patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txt
rename to patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txt
diff --git a/patches/packages/mozilla-thunderbird-115.12.2-x86_64-1_slack15.0.txt b/patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txt
similarity index 100%
rename from patches/packages/mozilla-thunderbird-115.12.2-x86_64-1_slack15.0.txt
rename to patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txt
diff --git a/patches/source/glibc/glibc.SlackBuild b/patches/source/glibc/glibc.SlackBuild
index f7945abd2..e14017cda 100755
--- a/patches/source/glibc/glibc.SlackBuild
+++ b/patches/source/glibc/glibc.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=glibc
VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
CHECKOUT=${CHECKOUT:-""}
-BUILD=${BUILD:-6_slack15.0}
+BUILD=${BUILD:-7_slack15.0}
# I was considering disabling NSCD, but MoZes talked me out of it. :)
#DISABLE_NSCD=" --disable-nscd "
diff --git a/patches/source/glibc/patches/CVE-2024-33599.patch b/patches/source/glibc/patches/CVE-2024-33599.patch
new file mode 100644
index 000000000..c78f99269
--- /dev/null
+++ b/patches/source/glibc/patches/CVE-2024-33599.patch
@@ -0,0 +1,35 @@
+From 5c75001a96abcd50cbdb74df24c3f013188d076e Mon Sep 17 00:00:00 2001
+From: Florian Weimer
+Date: Thu, 25 Apr 2024 15:00:45 +0200
+Subject: [PATCH] CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup
+ cache (bug 31677)
+
+Using alloca matches what other caches do. The request length is
+bounded by MAXKEYLEN.
+
+Reviewed-by: Carlos O'Donell
+(cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa)
+---
+ nscd/netgroupcache.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+index ad2daddafdc..8835547acfa 100644
+--- a/nscd/netgroupcache.c
++++ b/nscd/netgroupcache.c
+@@ -503,12 +503,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
+ = (struct indataset *) mempool_alloc (db,
+ sizeof (*dataset) + req->key_len,
+ 1);
+- struct indataset dataset_mem;
+ bool cacheable = true;
+ if (__glibc_unlikely (dataset == NULL))
+ {
+ cacheable = false;
+- dataset = &dataset_mem;
++ /* The alloca is safe because nscd_run_worker verfies that
++ key_len is not larger than MAXKEYLEN. */
++ dataset = alloca (sizeof (*dataset) + req->key_len);
+ }
+
+ datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,
diff --git a/patches/source/glibc/patches/CVE-2024-33600-1.patch b/patches/source/glibc/patches/CVE-2024-33600-1.patch
new file mode 100644
index 000000000..58000f73e
--- /dev/null
+++ b/patches/source/glibc/patches/CVE-2024-33600-1.patch
@@ -0,0 +1,56 @@
+From f20a8d696b13c6261b52a6434899121f8b19d5a7 Mon Sep 17 00:00:00 2001
+From: Florian Weimer
+Date: Thu, 25 Apr 2024 15:01:07 +0200
+Subject: [PATCH] CVE-2024-33600: nscd: Do not send missing not-found response
+ in addgetnetgrentX (bug 31678)
+
+If we failed to add a not-found response to the cache, the dataset
+point can be null, resulting in a null pointer dereference.
+
+Reviewed-by: Siddhesh Poyarekar
+(cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa)
+---
+ nscd/netgroupcache.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+index 8835547acfa..f2e7d60b50e 100644
+--- a/nscd/netgroupcache.c
++++ b/nscd/netgroupcache.c
+@@ -148,7 +148,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ /* No such service. */
+ cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
+ &key_copy);
+- goto writeout;
++ goto maybe_cache_add;
+ }
+
+ memset (&data, '\0', sizeof (data));
+@@ -349,7 +349,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ {
+ cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
+ &key_copy);
+- goto writeout;
++ goto maybe_cache_add;
+ }
+
+ total = buffilled;
+@@ -411,14 +411,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ }
+
+ if (he == NULL && fd != -1)
+- {
+- /* We write the dataset before inserting it to the database
+- since while inserting this thread might block and so would
+- unnecessarily let the receiver wait. */
+- writeout:
++ /* We write the dataset before inserting it to the database since
++ while inserting this thread might block and so would
++ unnecessarily let the receiver wait. */
+ writeall (fd, &dataset->resp, dataset->head.recsize);
+- }
+
++ maybe_cache_add:
+ if (cacheable)
+ {
+ /* If necessary, we also propagate the data to disk. */
diff --git a/patches/source/glibc/patches/CVE-2024-33600-2.patch b/patches/source/glibc/patches/CVE-2024-33600-2.patch
new file mode 100644
index 000000000..20158a4e4
--- /dev/null
+++ b/patches/source/glibc/patches/CVE-2024-33600-2.patch
@@ -0,0 +1,57 @@
+From e3eef1b8fbdd3a7917af466ca9c4b7477251ca79 Mon Sep 17 00:00:00 2001
+From: Florian Weimer
+Date: Thu, 25 Apr 2024 15:01:07 +0200
+Subject: [PATCH] CVE-2024-33600: nscd: Avoid null pointer crashes after
+ notfound response (bug 31678)
+
+The addgetnetgrentX call in addinnetgrX may have failed to produce
+a result, so the result variable in addinnetgrX can be NULL.
+Use db->negtimeout as the fallback value if there is no result data;
+the timeout is also overwritten below.
+
+Also avoid sending a second not-found response. (The client
+disconnects after receiving the first response, so the data stream did
+not go out of sync even without this fix.) It is still beneficial to
+add the negative response to the mapping, so that the client can get
+it from there in the future, instead of going through the socket.
+
+Reviewed-by: Siddhesh Poyarekar
+(cherry picked from commit b048a482f088e53144d26a61c390bed0210f49f2)
+---
+ nscd/netgroupcache.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+index f2e7d60b50e..aa9501a2c05 100644
+--- a/nscd/netgroupcache.c
++++ b/nscd/netgroupcache.c
+@@ -512,14 +512,15 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
+
+ datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,
+ sizeof (innetgroup_response_header),
+- he == NULL ? 0 : dh->nreloads + 1, result->head.ttl);
++ he == NULL ? 0 : dh->nreloads + 1,
++ result == NULL ? db->negtimeout : result->head.ttl);
+ /* Set the notfound status and timeout based on the result from
+ getnetgrent. */
+- dataset->head.notfound = result->head.notfound;
++ dataset->head.notfound = result == NULL || result->head.notfound;
+ dataset->head.timeout = timeout;
+
+ dataset->resp.version = NSCD_VERSION;
+- dataset->resp.found = result->resp.found;
++ dataset->resp.found = result != NULL && result->resp.found;
+ /* Until we find a matching entry the result is 0. */
+ dataset->resp.result = 0;
+
+@@ -567,7 +568,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
+ goto out;
+ }
+
+- if (he == NULL)
++ /* addgetnetgrentX may have already sent a notfound response. Do
++ not send another one. */
++ if (he == NULL && dataset->resp.found)
+ {
+ /* We write the dataset before inserting it to the database
+ since while inserting this thread might block and so would
diff --git a/patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_1.patch b/patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_1.patch
new file mode 100644
index 000000000..7328aab3b
--- /dev/null
+++ b/patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_1.patch
@@ -0,0 +1,387 @@
+From 4d27d4b9a188786fc6a56745506cec2acfc51f83 Mon Sep 17 00:00:00 2001
+From: Florian Weimer
+Date: Thu, 25 Apr 2024 15:01:07 +0200
+Subject: [PATCH] CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two
+ buffers in addgetnetgrentX (bug 31680)
+
+This avoids potential memory corruption when the underlying NSS
+callback function does not use the buffer space to store all strings
+(e.g., for constant strings).
+
+Instead of custom buffer management, two scratch buffers are used.
+This increases stack usage somewhat.
+
+Scratch buffer allocation failure is handled by return -1
+(an invalid timeout value) instead of terminating the process.
+This fixes bug 31679.
+
+Reviewed-by: Siddhesh Poyarekar
+(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
+---
+ nscd/netgroupcache.c | 219 ++++++++++++++++++++++++-------------------
+ 1 file changed, 121 insertions(+), 98 deletions(-)
+
+diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+index aa9501a2c05..ee98ffd96ed 100644
+--- a/nscd/netgroupcache.c
++++ b/nscd/netgroupcache.c
+@@ -24,6 +24,7 @@
+ #include
+ #include
+ #include
++#include
+
+ #include "../inet/netgroup.h"
+ #include "nscd.h"
+@@ -66,6 +67,16 @@ struct dataset
+ char strdata[0];
+ };
+
++/* Send a notfound response to FD. Always returns -1 to indicate an
++ ephemeral error. */
++static time_t
++send_notfound (int fd)
++{
++ if (fd != -1)
++ TEMP_FAILURE_RETRY (send (fd, ¬found, sizeof (notfound), MSG_NOSIGNAL));
++ return -1;
++}
++
+ /* Sends a notfound message and prepares a notfound dataset to write to the
+ cache. Returns true if there was enough memory to allocate the dataset and
+ returns the dataset in DATASETP, total bytes to write in TOTALP and the
+@@ -84,8 +95,7 @@ do_notfound (struct database_dyn *db, int fd, request_header *req,
+ total = sizeof (notfound);
+ timeout = time (NULL) + db->negtimeout;
+
+- if (fd != -1)
+- TEMP_FAILURE_RETRY (send (fd, ¬found, total, MSG_NOSIGNAL));
++ send_notfound (fd);
+
+ dataset = mempool_alloc (db, sizeof (struct dataset) + req->key_len, 1);
+ /* If we cannot permanently store the result, so be it. */
+@@ -110,11 +120,78 @@ do_notfound (struct database_dyn *db, int fd, request_header *req,
+ return cacheable;
+ }
+
++struct addgetnetgrentX_scratch
++{
++ /* This is the result that the caller should use. It can be NULL,
++ point into buffer, or it can be in the cache. */
++ struct dataset *dataset;
++
++ struct scratch_buffer buffer;
++
++ /* Used internally in addgetnetgrentX as a staging area. */
++ struct scratch_buffer tmp;
++
++ /* Number of bytes in buffer that are actually used. */
++ size_t buffer_used;
++};
++
++static void
++addgetnetgrentX_scratch_init (struct addgetnetgrentX_scratch *scratch)
++{
++ scratch->dataset = NULL;
++ scratch_buffer_init (&scratch->buffer);
++ scratch_buffer_init (&scratch->tmp);
++
++ /* Reserve space for the header. */
++ scratch->buffer_used = sizeof (struct dataset);
++ static_assert (sizeof (struct dataset) < sizeof (scratch->tmp.__space),
++ "initial buffer space");
++ memset (scratch->tmp.data, 0, sizeof (struct dataset));
++}
++
++static void
++addgetnetgrentX_scratch_free (struct addgetnetgrentX_scratch *scratch)
++{
++ scratch_buffer_free (&scratch->buffer);
++ scratch_buffer_free (&scratch->tmp);
++}
++
++/* Copy LENGTH bytes from S into SCRATCH. Returns NULL if SCRATCH
++ could not be resized, otherwise a pointer to the copy. */
++static char *
++addgetnetgrentX_append_n (struct addgetnetgrentX_scratch *scratch,
++ const char *s, size_t length)
++{
++ while (true)
++ {
++ size_t remaining = scratch->buffer.length - scratch->buffer_used;
++ if (remaining >= length)
++ break;
++ if (!scratch_buffer_grow_preserve (&scratch->buffer))
++ return NULL;
++ }
++ char *copy = scratch->buffer.data + scratch->buffer_used;
++ memcpy (copy, s, length);
++ scratch->buffer_used += length;
++ return copy;
++}
++
++/* Copy S into SCRATCH, including its null terminator. Returns false
++ if SCRATCH could not be resized. */
++static bool
++addgetnetgrentX_append (struct addgetnetgrentX_scratch *scratch, const char *s)
++{
++ if (s == NULL)
++ s = "";
++ return addgetnetgrentX_append_n (scratch, s, strlen (s) + 1) != NULL;
++}
++
++/* Caller must initialize and free *SCRATCH. If the return value is
++ negative, this function has sent a notfound response. */
+ static time_t
+ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ const char *key, uid_t uid, struct hashentry *he,
+- struct datahead *dh, struct dataset **resultp,
+- void **tofreep)
++ struct datahead *dh, struct addgetnetgrentX_scratch *scratch)
+ {
+ if (__glibc_unlikely (debug_level > 0))
+ {
+@@ -133,14 +210,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+
+ char *key_copy = NULL;
+ struct __netgrent data;
+- size_t buflen = MAX (1024, sizeof (*dataset) + req->key_len);
+- size_t buffilled = sizeof (*dataset);
+- char *buffer = NULL;
+ size_t nentries = 0;
+ size_t group_len = strlen (key) + 1;
+ struct name_list *first_needed
+ = alloca (sizeof (struct name_list) + group_len);
+- *tofreep = NULL;
+
+ if (netgroup_database == NULL
+ && __nss_database_lookup2 ("netgroup", NULL, NULL, &netgroup_database))
+@@ -152,8 +225,6 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ }
+
+ memset (&data, '\0', sizeof (data));
+- buffer = xmalloc (buflen);
+- *tofreep = buffer;
+ first_needed->next = first_needed;
+ memcpy (first_needed->name, key, group_len);
+ data.needed_groups = first_needed;
+@@ -196,8 +267,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ while (1)
+ {
+ int e;
+- status = getfct.f (&data, buffer + buffilled,
+- buflen - buffilled - req->key_len, &e);
++ status = getfct.f (&data, scratch->tmp.data,
++ scratch->tmp.length, &e);
+ if (status == NSS_STATUS_SUCCESS)
+ {
+ if (data.type == triple_val)
+@@ -205,68 +276,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ const char *nhost = data.val.triple.host;
+ const char *nuser = data.val.triple.user;
+ const char *ndomain = data.val.triple.domain;
+-
+- size_t hostlen = strlen (nhost ?: "") + 1;
+- size_t userlen = strlen (nuser ?: "") + 1;
+- size_t domainlen = strlen (ndomain ?: "") + 1;
+-
+- if (nhost == NULL || nuser == NULL || ndomain == NULL
+- || nhost > nuser || nuser > ndomain)
+- {
+- const char *last = nhost;
+- if (last == NULL
+- || (nuser != NULL && nuser > last))
+- last = nuser;
+- if (last == NULL
+- || (ndomain != NULL && ndomain > last))
+- last = ndomain;
+-
+- size_t bufused
+- = (last == NULL
+- ? buffilled
+- : last + strlen (last) + 1 - buffer);
+-
+- /* We have to make temporary copies. */
+- size_t needed = hostlen + userlen + domainlen;
+-
+- if (buflen - req->key_len - bufused < needed)
+- {
+- buflen += MAX (buflen, 2 * needed);
+- /* Save offset in the old buffer. We don't
+- bother with the NULL check here since
+- we'll do that later anyway. */
+- size_t nhostdiff = nhost - buffer;
+- size_t nuserdiff = nuser - buffer;
+- size_t ndomaindiff = ndomain - buffer;
+-
+- char *newbuf = xrealloc (buffer, buflen);
+- /* Fix up the triplet pointers into the new
+- buffer. */
+- nhost = (nhost ? newbuf + nhostdiff
+- : NULL);
+- nuser = (nuser ? newbuf + nuserdiff
+- : NULL);
+- ndomain = (ndomain ? newbuf + ndomaindiff
+- : NULL);
+- *tofreep = buffer = newbuf;
+- }
+-
+- nhost = memcpy (buffer + bufused,
+- nhost ?: "", hostlen);
+- nuser = memcpy ((char *) nhost + hostlen,
+- nuser ?: "", userlen);
+- ndomain = memcpy ((char *) nuser + userlen,
+- ndomain ?: "", domainlen);
+- }
+-
+- char *wp = buffer + buffilled;
+- wp = memmove (wp, nhost ?: "", hostlen);
+- wp += hostlen;
+- wp = memmove (wp, nuser ?: "", userlen);
+- wp += userlen;
+- wp = memmove (wp, ndomain ?: "", domainlen);
+- wp += domainlen;
+- buffilled = wp - buffer;
++ if (!(addgetnetgrentX_append (scratch, nhost)
++ && addgetnetgrentX_append (scratch, nuser)
++ && addgetnetgrentX_append (scratch, ndomain)))
++ return send_notfound (fd);
+ ++nentries;
+ }
+ else
+@@ -318,8 +331,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ }
+ else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
+ {
+- buflen *= 2;
+- *tofreep = buffer = xrealloc (buffer, buflen);
++ if (!scratch_buffer_grow (&scratch->tmp))
++ return send_notfound (fd);
+ }
+ else if (status == NSS_STATUS_RETURN
+ || status == NSS_STATUS_NOTFOUND
+@@ -352,10 +365,17 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ goto maybe_cache_add;
+ }
+
+- total = buffilled;
++ /* Capture the result size without the key appended. */
++ total = scratch->buffer_used;
++
++ /* Make a copy of the key. The scratch buffer must not move after
++ this point. */
++ key_copy = addgetnetgrentX_append_n (scratch, key, req->key_len);
++ if (key_copy == NULL)
++ return send_notfound (fd);
+
+ /* Fill in the dataset. */
+- dataset = (struct dataset *) buffer;
++ dataset = scratch->buffer.data;
+ timeout = datahead_init_pos (&dataset->head, total + req->key_len,
+ total - offsetof (struct dataset, resp),
+ he == NULL ? 0 : dh->nreloads + 1,
+@@ -364,11 +384,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ dataset->resp.version = NSCD_VERSION;
+ dataset->resp.found = 1;
+ dataset->resp.nresults = nentries;
+- dataset->resp.result_len = buffilled - sizeof (*dataset);
+-
+- assert (buflen - buffilled >= req->key_len);
+- key_copy = memcpy (buffer + buffilled, key, req->key_len);
+- buffilled += req->key_len;
++ dataset->resp.result_len = total - sizeof (*dataset);
+
+ /* Now we can determine whether on refill we have to create a new
+ record or not. */
+@@ -399,7 +415,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ if (__glibc_likely (newp != NULL))
+ {
+ /* Adjust pointer into the memory block. */
+- key_copy = (char *) newp + (key_copy - buffer);
++ key_copy = (char *) newp + (key_copy - (char *) dataset);
+
+ dataset = memcpy (newp, dataset, total + req->key_len);
+ cacheable = true;
+@@ -440,7 +456,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ }
+
+ out:
+- *resultp = dataset;
++ scratch->dataset = dataset;
+
+ return timeout;
+ }
+@@ -461,6 +477,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
+ if (user != NULL)
+ key = (char *) rawmemchr (key, '\0') + 1;
+ const char *domain = *key++ ? key : NULL;
++ struct addgetnetgrentX_scratch scratch;
++
++ addgetnetgrentX_scratch_init (&scratch);
+
+ if (__glibc_unlikely (debug_level > 0))
+ {
+@@ -476,12 +495,8 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
+ group, group_len,
+ db, uid);
+ time_t timeout;
+- void *tofree;
+ if (result != NULL)
+- {
+- timeout = result->head.timeout;
+- tofree = NULL;
+- }
++ timeout = result->head.timeout;
+ else
+ {
+ request_header req_get =
+@@ -490,7 +505,10 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
+ .key_len = group_len
+ };
+ timeout = addgetnetgrentX (db, -1, &req_get, group, uid, NULL, NULL,
+- &result, &tofree);
++ &scratch);
++ result = scratch.dataset;
++ if (timeout < 0)
++ goto out;
+ }
+
+ struct indataset
+@@ -604,7 +622,7 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
+ }
+
+ out:
+- free (tofree);
++ addgetnetgrentX_scratch_free (&scratch);
+ return timeout;
+ }
+
+@@ -614,11 +632,12 @@ addgetnetgrentX_ignore (struct database_dyn *db, int fd, request_header *req,
+ const char *key, uid_t uid, struct hashentry *he,
+ struct datahead *dh)
+ {
+- struct dataset *ignore;
+- void *tofree;
+- time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh,
+- &ignore, &tofree);
+- free (tofree);
++ struct addgetnetgrentX_scratch scratch;
++ addgetnetgrentX_scratch_init (&scratch);
++ time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh, &scratch);
++ addgetnetgrentX_scratch_free (&scratch);
++ if (timeout < 0)
++ timeout = 0;
+ return timeout;
+ }
+
+@@ -662,5 +681,9 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he,
+ .key_len = he->len
+ };
+
+- return addinnetgrX (db, -1, &req, db->data + he->key, he->owner, he, dh);
++ int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner,
++ he, dh);
++ if (timeout < 0)
++ timeout = 0;
++ return timeout;
+ }
diff --git a/patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_2.patch b/patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_2.patch
new file mode 100644
index 000000000..6154eb83e
--- /dev/null
+++ b/patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_2.patch
@@ -0,0 +1,33 @@
+From 1e398f406bb7ad8ffac66e664a44f11d2a0b8f36 Mon Sep 17 00:00:00 2001
+From: Florian Weimer
+Date: Thu, 2 May 2024 17:06:19 +0200
+Subject: [PATCH] nscd: Use time_t for return type of addgetnetgrentX
+
+Using int may give false results for future dates (timeouts after the
+year 2028).
+
+Fixes commit 04a21e050d64a1193a6daab872bca2528bda44b ("CVE-2024-33601,
+CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX
+(bug 31680)").
+
+Reviewed-by: Carlos O'Donell
+(cherry picked from commit 4bbca1a44691a6e9adcee5c6798a707b626bc331)
+---
+ nscd/netgroupcache.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+index ee98ffd96ed..7a4e767be2b 100644
+--- a/nscd/netgroupcache.c
++++ b/nscd/netgroupcache.c
+@@ -681,8 +681,8 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he,
+ .key_len = he->len
+ };
+
+- int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner,
+- he, dh);
++ time_t timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner,
++ he, dh);
+ if (timeout < 0)
+ timeout = 0;
+ return timeout;
diff --git a/recompress.sh b/recompress.sh
index 4350a613c..efb7191a6 100755
--- a/recompress.sh
+++ b/recompress.sh
@@ -1208,9 +1208,14 @@ gzip ./patches/source/glibc/patches/glibc.CVE-2021-3998.patch
gzip ./patches/source/glibc/patches/CVE-2021-33574_2.patch
gzip ./patches/source/glibc/patches/CVE-2021-27645.patch
gzip ./patches/source/glibc/patches/CVE-2021-38604.patch
+gzip ./patches/source/glibc/patches/CVE-2024-33600-2.patch
+gzip ./patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_2.patch
gzip ./patches/source/glibc/patches/CVE-2021-35942.patch
+gzip ./patches/source/glibc/patches/CVE-2024-33599.patch
+gzip ./patches/source/glibc/patches/CVE-2024-33601_CVE-2024-33602_1.patch
gzip ./patches/source/glibc/patches/CVE-2021-33574_1.patch
gzip ./patches/source/glibc/patches/CVE-2024-2961_glibc2.33.patch
+gzip ./patches/source/glibc/patches/CVE-2024-33600-1.patch
gzip ./patches/source/glibc/glibc-c-utf8-locale.patch
gzip ./patches/source/glibc/glibc-2.32.en_US.no.am.pm.date.format.diff
gzip ./patches/source/mozilla-thunderbird/autoconf/autoconf-2.13-consolidated_fixes-1.patch