Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Wed Feb 15 03:05:40 UTC 2023

Browse source 
extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Core: Password_verify() always return true with some hash.
  Core: 1-byte array overrun in common path resolve code.
  SAPI: DOS vulnerability when parsing multipart request body.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0567
    https://www.cve.org/CVERecord?id=CVE-2023-0568
    https://www.cve.org/CVERecord?id=CVE-2023-0662
  (* Security fix *)
extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Core: Password_verify() always return true with some hash.
  Core: 1-byte array overrun in common path resolve code.
  SAPI: DOS vulnerability when parsing multipart request body.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0567
    https://www.cve.org/CVERecord?id=CVE-2023-0568
    https://www.cve.org/CVERecord?id=CVE-2023-0662
  (* Security fix *)
patches/packages/hwdata-0.367-noarch-1_slack15.0.txz:  Upgraded.
  Upgraded to get information for newer hardware.
  Requested by kingbeowulf on LQ.
patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.8.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/
    https://www.cve.org/CVERecord?id=CVE-2023-25728
    https://www.cve.org/CVERecord?id=CVE-2023-25730
    https://www.cve.org/CVERecord?id=CVE-2023-25743
    https://www.cve.org/CVERecord?id=CVE-2023-0767
    https://www.cve.org/CVERecord?id=CVE-2023-25735
    https://www.cve.org/CVERecord?id=CVE-2023-25737
    https://www.cve.org/CVERecord?id=CVE-2023-25738
    https://www.cve.org/CVERecord?id=CVE-2023-25739
    https://www.cve.org/CVERecord?id=CVE-2023-25729
    https://www.cve.org/CVERecord?id=CVE-2023-25732
    https://www.cve.org/CVERecord?id=CVE-2023-25734
    https://www.cve.org/CVERecord?id=CVE-2023-25742
    https://www.cve.org/CVERecord?id=CVE-2023-25746
  (* Security fix *)
patches/packages/php-7.4.33-x86_64-3_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Core: Password_verify() always return true with some hash.
  Core: 1-byte array overrun in common path resolve code.
  SAPI: DOS vulnerability when parsing multipart request body.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0567
    https://www.cve.org/CVERecord?id=CVE-2023-0568
    https://www.cve.org/CVERecord?id=CVE-2023-0662
  (* Security fix *)
This commit is contained in:
Patrick J Volkerding 2023-02-15 03:05:40 +00:00 committed by Eric Hameleers
parent 57c03ef31c
commit ad9ea8bf78
13 changed files with 1002 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
ChangeLog.rss
View file

@ -11,9 +11,71 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
<pubDate>Fri, 10 Feb 2023 20:08:41 GMT</pubDate>
<lastBuildDate>Sat, 11 Feb 2023 12:30:19 GMT</lastBuildDate>
<pubDate>Wed, 15 Feb 2023 03:05:40 GMT</pubDate>
<lastBuildDate>Thu, 16 Feb 2023 00:30:23 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
<title>Wed, 15 Feb 2023 03:05:40 GMT</title>
<pubDate>Wed, 15 Feb 2023 03:05:40 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20230215030540</link>
<guid isPermaLink="false">20230215030540</guid>
<description>
<![CDATA[<pre>
extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
patches/packages/hwdata-0.367-noarch-1_slack15.0.txz: Upgraded.
Upgraded to get information for newer hardware.
Requested by kingbeowulf on LQ.
patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/
https://www.cve.org/CVERecord?id=CVE-2023-25728
https://www.cve.org/CVERecord?id=CVE-2023-25730
https://www.cve.org/CVERecord?id=CVE-2023-25743
https://www.cve.org/CVERecord?id=CVE-2023-0767
https://www.cve.org/CVERecord?id=CVE-2023-25735
https://www.cve.org/CVERecord?id=CVE-2023-25737
https://www.cve.org/CVERecord?id=CVE-2023-25738
https://www.cve.org/CVERecord?id=CVE-2023-25739
https://www.cve.org/CVERecord?id=CVE-2023-25729
https://www.cve.org/CVERecord?id=CVE-2023-25732
https://www.cve.org/CVERecord?id=CVE-2023-25734
https://www.cve.org/CVERecord?id=CVE-2023-25742
https://www.cve.org/CVERecord?id=CVE-2023-25746
(* Security fix *)
patches/packages/php-7.4.33-x86_64-3_slack15.0.txz: Rebuilt.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
</pre>]]>
</description>
</item>
<item>
<title>Fri, 10 Feb 2023 20:08:41 GMT</title>
<pubDate>Fri, 10 Feb 2023 20:08:41 GMT</pubDate>

54
ChangeLog.txt
View file

@ -1,3 +1,57 @@
Wed Feb 15 03:05:40 UTC 2023
extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
patches/packages/hwdata-0.367-noarch-1_slack15.0.txz: Upgraded.
Upgraded to get information for newer hardware.
Requested by kingbeowulf on LQ.
patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/
https://www.cve.org/CVERecord?id=CVE-2023-25728
https://www.cve.org/CVERecord?id=CVE-2023-25730
https://www.cve.org/CVERecord?id=CVE-2023-25743
https://www.cve.org/CVERecord?id=CVE-2023-0767
https://www.cve.org/CVERecord?id=CVE-2023-25735
https://www.cve.org/CVERecord?id=CVE-2023-25737
https://www.cve.org/CVERecord?id=CVE-2023-25738
https://www.cve.org/CVERecord?id=CVE-2023-25739
https://www.cve.org/CVERecord?id=CVE-2023-25729
https://www.cve.org/CVERecord?id=CVE-2023-25732
https://www.cve.org/CVERecord?id=CVE-2023-25734
https://www.cve.org/CVERecord?id=CVE-2023-25742
https://www.cve.org/CVERecord?id=CVE-2023-25746
(* Security fix *)
patches/packages/php-7.4.33-x86_64-3_slack15.0.txz: Rebuilt.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
+--------------------------+
Fri Feb 10 20:08:41 UTC 2023
patches/packages/gnutls-3.7.9-x86_64-1_slack15.0.txz: Upgraded.
libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.

210
FILELIST.TXT
View file

@ -1,20 +1,20 @@
Fri Feb 10 20:11:08 UTC 2023
Wed Feb 15 03:10:48 UTC 2023
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
drwxr-xr-x 12 root root 4096 2023-02-10 20:08 .
drwxr-xr-x 12 root root 4096 2023-02-15 03:05 .
-rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0
-rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r-- 1 root root 1172029 2023-02-09 01:03 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-02-09 01:03 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 1172029 2023-02-10 20:11 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-02-10 20:11 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r-- 1 root root 1986692 2023-02-10 20:08 ./ChangeLog.txt
-rw-r--r-- 1 root root 1989338 2023-02-15 03:05 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r-- 1 root root 1528427 2023-02-09 01:02 ./FILELIST.TXT
-rw-r--r-- 1 root root 1528427 2023-02-10 20:11 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT
@ -39,12 +39,12 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 17294 2008-12-08 18:13 ./SPEAK_INSTALL.TXT
-rw-r--r-- 1 root root 57187 2022-02-01 19:37 ./Slackware-HOWTO
-rw-r--r-- 1 root root 8700 2022-01-26 05:44 ./UPGRADE.TXT
drwxr-xr-x 19 root root 4096 2023-01-07 01:41 ./extra
-rw-r--r-- 1 root root 49773 2023-01-07 01:41 ./extra/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-01-07 01:41 ./extra/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 62643 2023-01-07 01:41 ./extra/FILE_LIST
-rw-r--r-- 1 root root 1764212 2023-01-07 01:41 ./extra/MANIFEST.bz2
-rw-r--r-- 1 root root 36556 2023-01-07 01:41 ./extra/PACKAGES.TXT
drwxr-xr-x 19 root root 4096 2023-02-15 03:10 ./extra
-rw-r--r-- 1 root root 49773 2023-02-15 03:10 ./extra/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-02-15 03:10 ./extra/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 62643 2023-02-15 03:10 ./extra/FILE_LIST
-rw-r--r-- 1 root root 1828747 2023-02-15 03:10 ./extra/MANIFEST.bz2
-rw-r--r-- 1 root root 36556 2023-02-15 03:10 ./extra/PACKAGES.TXT
-rw-r--r-- 1 root root 149 2002-02-09 00:18 ./extra/README.TXT
drwxr-xr-x 2 root root 20480 2020-05-26 20:38 ./extra/aspell-word-lists
-rw-r--r-- 1 root root 171 2016-06-06 20:10 ./extra/aspell-word-lists/aspell-af-0.50_0-x86_64-5.txt
@ -348,14 +348,14 @@ drwxr-xr-x 2 root root 4096 2018-02-27 06:13 ./extra/google-chrome
-rwxr-xr-x 1 root root 4168 2019-09-18 22:18 ./extra/google-chrome/google-chrome.SlackBuild
-rw-r--r-- 1 root root 840 2018-02-27 06:13 ./extra/google-chrome/slack-desc
lrwxrwxrwx 1 root root 11 2012-07-30 20:41 ./extra/java -> source/java
drwxr-xr-x 2 root root 4096 2023-01-07 01:41 ./extra/php80
-rw-r--r-- 1 root root 369 2023-01-06 20:04 ./extra/php80/php80-8.0.27-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 6164516 2023-01-06 20:04 ./extra/php80/php80-8.0.27-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-01-06 20:04 ./extra/php80/php80-8.0.27-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 2 root root 4096 2023-01-07 01:41 ./extra/php81
-rw-r--r-- 1 root root 369 2023-01-06 20:01 ./extra/php81/php81-8.1.14-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 6284408 2023-01-06 20:01 ./extra/php81/php81-8.1.14-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-01-06 20:01 ./extra/php81/php81-8.1.14-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 2 root root 4096 2023-02-15 03:10 ./extra/php80
-rw-r--r-- 1 root root 369 2023-02-14 21:54 ./extra/php80/php80-8.0.28-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 6161100 2023-02-14 21:54 ./extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-02-14 21:54 ./extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 2 root root 4096 2023-02-15 03:10 ./extra/php81
-rw-r--r-- 1 root root 369 2023-02-14 21:51 ./extra/php81/php81-8.1.16-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 6295764 2023-02-14 21:51 ./extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-02-14 21:51 ./extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 2 root root 4096 2022-09-06 20:26 ./extra/rust-for-mozilla
-rw-r--r-- 1 root root 700 2022-01-27 20:31 ./extra/rust-for-mozilla/README
-rw-r--r-- 1 root root 426 2022-09-03 04:36 ./extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txt
@ -566,23 +566,23 @@ drwxr-xr-x 2 root root 4096 2012-07-30 18:44 ./extra/source/java/profile.d
-rwxr-xr-x 1 root root 80 2019-07-30 16:57 ./extra/source/java/profile.d/jre.sh
-rw-r--r-- 1 root root 817 2018-02-27 06:13 ./extra/source/java/slack-desc.jdk
-rw-r--r-- 1 root root 861 2018-02-27 06:13 ./extra/source/java/slack-desc.jre
drwxr-xr-x 2 root root 4096 2023-01-06 19:57 ./extra/source/php80
drwxr-xr-x 2 root root 4096 2023-02-14 21:50 ./extra/source/php80
-rw-r--r-- 1 root root 432 2020-12-21 16:28 ./extra/source/php80/doinst.sh.gz
-rwxr-xr-x 1 root root 120 2023-01-06 19:40 ./extra/source/php80/fetch-php.sh
-rwxr-xr-x 1 root root 120 2023-02-14 20:52 ./extra/source/php80/fetch-php.sh
-rw-r--r-- 1 root root 1020 2021-02-19 20:43 ./extra/source/php80/mod_php.conf.example
-rw-r--r-- 1 root root 10802096 2023-01-03 19:30 ./extra/source/php80/php-8.0.27.tar.xz
-rw-r--r-- 1 root root 866 2023-01-03 19:30 ./extra/source/php80/php-8.0.27.tar.xz.asc
-rw-r--r-- 1 root root 10801568 2023-02-14 14:30 ./extra/source/php80/php-8.0.28.tar.xz
-rw-r--r-- 1 root root 866 2023-02-14 14:30 ./extra/source/php80/php-8.0.28.tar.xz.asc
-rw-r--r-- 1 root root 387 2017-11-28 02:08 ./extra/source/php80/php-fpm.conf.diff.gz
-rw-r--r-- 1 root root 605 2020-03-17 21:22 ./extra/source/php80/php.imap.api.diff.gz
-rw-r--r-- 1 root root 805 2020-05-12 19:14 ./extra/source/php80/php.ini-development.diff.gz
-rwxr-xr-x 1 root root 10642 2022-02-18 04:51 ./extra/source/php80/php80.SlackBuild
-rw-r--r-- 1 root root 822 2021-12-03 05:20 ./extra/source/php80/slack-desc
drwxr-xr-x 2 root root 4096 2023-01-06 19:58 ./extra/source/php81
drwxr-xr-x 2 root root 4096 2023-02-14 21:48 ./extra/source/php81
-rw-r--r-- 1 root root 432 2020-12-21 16:28 ./extra/source/php81/doinst.sh.gz
-rwxr-xr-x 1 root root 120 2023-01-06 19:46 ./extra/source/php81/fetch-php.sh
-rwxr-xr-x 1 root root 120 2023-02-14 21:01 ./extra/source/php81/fetch-php.sh
-rw-r--r-- 1 root root 1020 2021-02-19 20:43 ./extra/source/php81/mod_php.conf.example
-rw-r--r-- 1 root root 11752004 2023-01-04 18:20 ./extra/source/php81/php-8.1.14.tar.xz
-rw-r--r-- 1 root root 833 2023-01-04 18:20 ./extra/source/php81/php-8.1.14.tar.xz.asc
-rw-r--r-- 1 root root 12198108 2023-02-14 17:50 ./extra/source/php81/php-8.1.16.tar.xz
-rw-r--r-- 1 root root 833 2023-02-14 17:50 ./extra/source/php81/php-8.1.16.tar.xz.asc
-rw-r--r-- 1 root root 387 2017-11-28 02:08 ./extra/source/php81/php-fpm.conf.diff.gz
-rw-r--r-- 1 root root 605 2020-03-17 21:22 ./extra/source/php81/php.imap.api.diff.gz
-rw-r--r-- 1 root root 806 2021-11-29 19:09 ./extra/source/php81/php.ini-development.diff.gz
@ -738,13 +738,13 @@ drwxr-xr-x 2 root root 4096 2008-05-07 05:21 ./pasture/source/php/pear
-rwxr-xr-x 1 root root 9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild
-rw-r--r-- 1 root root 775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz
-rw-r--r-- 1 root root 830 2005-12-09 05:18 ./pasture/source/php/slack-desc
drwxr-xr-x 4 root root 4096 2023-02-10 20:11 ./patches
-rw-r--r-- 1 root root 66024 2023-02-10 20:11 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-02-10 20:11 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 89566 2023-02-10 20:11 ./patches/FILE_LIST
-rw-r--r-- 1 root root 11987491 2023-02-10 20:11 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 47509 2023-02-10 20:11 ./patches/PACKAGES.TXT
drwxr-xr-x 3 root root 20480 2023-02-10 20:11 ./patches/packages
drwxr-xr-x 4 root root 4096 2023-02-15 03:10 ./patches
-rw-r--r-- 1 root root 66680 2023-02-15 03:10 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2023-02-15 03:10 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 90442 2023-02-15 03:10 ./patches/FILE_LIST
-rw-r--r-- 1 root root 11960187 2023-02-15 03:10 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 47976 2023-02-15 03:10 ./patches/PACKAGES.TXT
drwxr-xr-x 3 root root 20480 2023-02-15 03:10 ./patches/packages
-rw-r--r-- 1 root root 327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt
-rw-r--r-- 1 root root 10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc
@ -817,6 +817,9 @@ drwxr-xr-x 3 root root 20480 2023-02-10 20:11 ./patches/packages
-rw-r--r-- 1 root root 513 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 312136 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 316 2023-02-15 00:30 ./patches/packages/hwdata-0.367-noarch-1_slack15.0.txt
-rw-r--r-- 1 root root 1533228 2023-02-15 00:30 ./patches/packages/hwdata-0.367-noarch-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-02-15 00:30 ./patches/packages/hwdata-0.367-noarch-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 422 2022-11-27 20:50 ./patches/packages/kernel-firmware-20221123_cdf9499-noarch-1.txt
-rw-r--r-- 1 root root 266168620 2022-11-27 20:50 ./patches/packages/kernel-firmware-20221123_cdf9499-noarch-1.txz
-rw-r--r-- 1 root root 163 2022-11-27 20:50 ./patches/packages/kernel-firmware-20221123_cdf9499-noarch-1.txz.asc
@ -863,9 +866,9 @@ drwxr-xr-x 2 root root 4096 2022-11-29 21:00 ./patches/packages/linux-5.15
-rw-r--r-- 1 root root 369 2022-11-08 20:39 ./patches/packages/mariadb-10.5.18-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 29412112 2022-11-08 20:39 ./patches/packages/mariadb-10.5.18-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-11-08 20:39 ./patches/packages/mariadb-10.5.18-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 570 2023-01-17 21:36 ./patches/packages/mozilla-firefox-102.7.0esr-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 59257416 2023-01-17 21:36 ./patches/packages/mozilla-firefox-102.7.0esr-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-01-17 21:36 ./patches/packages/mozilla-firefox-102.7.0esr-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 570 2023-02-14 21:28 ./patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 59272020 2023-02-14 21:28 ./patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-02-14 21:28 ./patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 564 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 1838968 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz.asc
@ -890,9 +893,9 @@ drwxr-xr-x 2 root root 4096 2022-11-29 21:00 ./patches/packages/linux-5.15
-rw-r--r-- 1 root root 544 2022-07-25 18:03 ./patches/packages/perl-5.34.0-x86_64-2_slack15.0.txt
-rw-r--r-- 1 root root 17057236 2022-07-25 18:03 ./patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-07-25 18:03 ./patches/packages/perl-5.34.0-x86_64-2_slack15.0.txz.asc
-rw-r--r-- 1 root root 345 2023-01-06 20:06 ./patches/packages/php-7.4.33-x86_64-2_slack15.0.txt
-rw-r--r-- 1 root root 5824740 2023-01-06 20:06 ./patches/packages/php-7.4.33-x86_64-2_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-01-06 20:06 ./patches/packages/php-7.4.33-x86_64-2_slack15.0.txz.asc
-rw-r--r-- 1 root root 345 2023-02-14 21:56 ./patches/packages/php-7.4.33-x86_64-3_slack15.0.txt
-rw-r--r-- 1 root root 5830420 2023-02-14 21:56 ./patches/packages/php-7.4.33-x86_64-3_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-02-14 21:56 ./patches/packages/php-7.4.33-x86_64-3_slack15.0.txz.asc
-rw-r--r-- 1 root root 457 2022-06-04 18:23 ./patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 5828060 2022-06-04 18:23 ./patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-06-04 18:23 ./patches/packages/pidgin-2.14.10-x86_64-1_slack15.0.txz.asc
@ -971,7 +974,7 @@ drwxr-xr-x 2 root root 4096 2022-11-29 21:00 ./patches/packages/linux-5.15
-rw-r--r-- 1 root root 388 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 105356 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 67 root root 4096 2023-02-10 19:57 ./patches/source
drwxr-xr-x 68 root root 4096 2023-02-15 00:42 ./patches/source
drwxr-xr-x 2 root root 4096 2022-01-16 05:07 ./patches/source/aaa_base
-rw-r--r-- 1 root root 11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz
-rwxr-xr-x 1 root root 3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild
@ -1166,6 +1169,10 @@ drwxr-xr-x 2 root root 4096 2022-08-23 03:03 ./patches/source/hunspell
-rwxr-xr-x 1 root root 4301 2022-08-23 03:06 ./patches/source/hunspell/hunspell.SlackBuild
-rw-r--r-- 1 root root 37 2022-08-23 03:02 ./patches/source/hunspell/hunspell.url
-rw-r--r-- 1 root root 965 2021-06-29 18:41 ./patches/source/hunspell/slack-desc
drwxr-xr-x 2 root root 4096 2023-02-03 17:43 ./patches/source/hwdata
-rw-r--r-- 1 root root 1509899 2023-02-02 08:57 ./patches/source/hwdata/hwdata-0.367.tar.lz
-rwxr-xr-x 1 root root 4023 2023-02-14 23:48 ./patches/source/hwdata/hwdata.SlackBuild
-rw-r--r-- 1 root root 802 2018-02-27 06:13 ./patches/source/hwdata/slack-desc
drwxr-xr-x 3 root root 4096 2022-11-16 19:45 ./patches/source/krb5
-rw-r--r-- 1 root root 1558 2022-11-16 19:44 ./patches/source/krb5/5ad465bc8e0d957a4945218bea487b77622bf433.patch
drwxr-xr-x 2 root root 4096 2020-01-21 18:39 ./patches/source/krb5/conf
@ -1303,7 +1310,7 @@ drwxr-xr-x 2 root root 4096 2022-11-08 20:23 ./patches/source/mariadb
-rw-r--r-- 1 root root 34 2015-05-07 18:51 ./patches/source/mariadb/mirror.url
-rw-r--r-- 1 root root 1208 2021-04-23 17:54 ./patches/source/mariadb/rc.mysqld.gz
-rw-r--r-- 1 root root 824 2018-02-27 06:12 ./patches/source/mariadb/slack-desc
drwxr-xr-x 3 root root 4096 2023-01-17 20:35 ./patches/source/mozilla-firefox
drwxr-xr-x 3 root root 4096 2023-02-14 20:33 ./patches/source/mozilla-firefox
-rw-r--r-- 1 root root 693 2021-03-22 17:58 ./patches/source/mozilla-firefox/0027-LTO-Only-enable-LTO-for-Rust-when-complete-build-use.patch.gz
drwxr-xr-x 5 root root 4096 2021-08-13 18:36 ./patches/source/mozilla-firefox/build-deps
-rwxr-xr-x 1 root root 1919 2019-07-09 19:35 ./patches/source/mozilla-firefox/build-deps.sh
@ -1315,14 +1322,14 @@ drwxr-xr-x 2 root root 4096 2022-06-13 00:06 ./patches/source/mozilla-fire
-rw-r--r-- 1 root root 150253 2022-04-21 16:48 ./patches/source/mozilla-firefox/build-deps/cbindgen/cbindgen-0.23.0.tar.lz
-rwxr-xr-x 1 root root 2032 2022-06-14 16:39 ./patches/source/mozilla-firefox/build-deps/cbindgen/cbindgen.build
-rw-r--r-- 1 root root 35 2021-06-25 03:11 ./patches/source/mozilla-firefox/build-deps/cbindgen/cbindgen.url
drwxr-xr-x 2 root root 4096 2023-01-06 19:24 ./patches/source/mozilla-firefox/build-deps/nodejs
-rw-r--r-- 1 root root 40703740 2023-01-05 21:29 ./patches/source/mozilla-firefox/build-deps/nodejs/node-v19.4.0.tar.xz
drwxr-xr-x 2 root root 4096 2023-02-02 18:27 ./patches/source/mozilla-firefox/build-deps/nodejs
-rw-r--r-- 1 root root 40581092 2023-02-01 18:48 ./patches/source/mozilla-firefox/build-deps/nodejs/node-v19.6.0.tar.xz
-rwxr-xr-x 1 root root 3003 2022-08-10 17:53 ./patches/source/mozilla-firefox/build-deps/nodejs/nodejs.build
-rw-r--r-- 1 root root 86 2019-07-08 21:02 ./patches/source/mozilla-firefox/build-deps/nodejs/nodejs.url
-rwxr-xr-x 1 root root 840 2018-03-13 12:55 ./patches/source/mozilla-firefox/fetch-and-repack.sh
-rw-r--r-- 1 root root 330 2019-07-08 18:41 ./patches/source/mozilla-firefox/ff.ui.scrollToClick.diff.gz
-rw-r--r-- 1 root root 479538092 2023-01-16 09:54 ./patches/source/mozilla-firefox/firefox-102.7.0esr.source.tar.xz
-rw-r--r-- 1 root root 833 2023-01-16 09:54 ./patches/source/mozilla-firefox/firefox-102.7.0esr.source.tar.xz.asc
-rw-r--r-- 1 root root 479172816 2023-02-14 13:05 ./patches/source/mozilla-firefox/firefox-102.8.0esr.source.tar.xz
-rw-r--r-- 1 root root 833 2023-02-14 13:04 ./patches/source/mozilla-firefox/firefox-102.8.0esr.source.tar.xz.asc
-rw-r--r-- 1 root root 327 2008-06-17 17:19 ./patches/source/mozilla-firefox/firefox.moz_plugin_path.diff.gz
-rw-r--r-- 1 root root 518 2021-03-15 17:43 ./patches/source/mozilla-firefox/gkrust.a.no.networking.check.diff.gz
-rw-r--r-- 1 root root 462 2009-07-01 06:05 ./patches/source/mozilla-firefox/mimeTypes.rdf.gz
@ -1435,15 +1442,18 @@ drwxr-xr-x 2 root root 4096 2022-07-25 17:58 ./patches/source/perl
-rwxr-xr-x 1 root root 18123 2022-07-25 17:58 ./patches/source/perl/perl.SlackBuild
-rw-r--r-- 1 root root 606 2008-09-21 00:04 ./patches/source/perl/perl.configure.multilib.patch.gz
-rw-r--r-- 1 root root 996 2021-05-21 04:51 ./patches/source/perl/slack-desc
drwxr-xr-x 2 root root 4096 2023-01-06 19:52 ./patches/source/php
drwxr-xr-x 2 root root 4096 2023-02-14 21:46 ./patches/source/php
-rw-r--r-- 1 root root 961 2023-01-06 19:52 ./patches/source/php/CVE-2022-31631.patch.gz
-rw-r--r-- 1 root root 1532 2023-02-14 21:25 ./patches/source/php/CVE-2023-0567.patch.gz
-rw-r--r-- 1 root root 1153 2023-02-14 21:28 ./patches/source/php/CVE-2023-0568.patch.gz
-rw-r--r-- 1 root root 3661 2023-02-14 21:42 ./patches/source/php/CVE-2023-0662.patch.gz
-rw-r--r-- 1 root root 432 2020-12-21 16:28 ./patches/source/php/doinst.sh.gz
-rwxr-xr-x 1 root root 120 2022-11-10 19:17 ./patches/source/php/fetch-php.sh
-rw-r--r-- 1 root root 1022 2017-11-28 18:32 ./patches/source/php/mod_php.conf.example
-rw-r--r-- 1 root root 10420144 2022-10-31 15:10 ./patches/source/php/php-7.4.33.tar.xz
-rw-r--r-- 1 root root 833 2022-10-31 15:10 ./patches/source/php/php-7.4.33.tar.xz.asc
-rw-r--r-- 1 root root 387 2017-11-28 02:08 ./patches/source/php/php-fpm.conf.diff.gz
-rwxr-xr-x 1 root root 10878 2023-01-06 19:56 ./patches/source/php/php.SlackBuild
-rwxr-xr-x 1 root root 11073 2023-02-14 21:51 ./patches/source/php/php.SlackBuild
-rw-r--r-- 1 root root 855 2021-06-29 20:14 ./patches/source/php/php.enchant-2.patch.gz
-rw-r--r-- 1 root root 605 2020-03-17 21:22 ./patches/source/php/php.imap.api.diff.gz
-rw-r--r-- 1 root root 805 2020-05-12 19:14 ./patches/source/php/php.ini-development.diff.gz
@ -2737,16 +2747,16 @@ drwxr-xr-x 2 root root 69632 2022-02-01 08:29 ./slackware64/kde
-rw-r--r-- 1 root root 239580 2022-01-06 21:51 ./slackware64/kde/grantlee-editor-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 21:51 ./slackware64/kde/grantlee-editor-21.12.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 263 2022-01-06 21:38 ./slackware64/kde/grantleetheme-21.12.1-x86_64-1.txt
-rw-r--r-- 1 root root 65892 2022-01-06 21:38 ./slackware64/kde/grantleetheme-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 21:38 ./slackware64/kde/grantleetheme-21.12.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 292 2022-01-06 21:57 ./slackware64/kde/gwenview-21.12.1-x86_64-1.txt
-rw-r--r-- 1 root root 6935592 2022-01-06 21:57 ./slackware64/kde/gwenview-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 21:57 ./slackware64/kde/gwenview-21.12.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 271 2022-01-06 21:43 ./slackware64/kde/incidenceeditor-21.12.1-x86_64-1.txt
-rw-r--r-- 1 root root 540448 2022-01-06 21:43 ./slackware64/kde/incidenceeditor-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 21:43 ./slackware64/kde/incidenceeditor-21.12.1-x86_64-1.txz.asc
-rwxr-xr-x 1 root root 2897 2009-06-24 22:06 ./slackware64/kde/install-packages
-rw-r--r-- 1 root root 446 2006-09-18 10:41 ./slackware64/kde/install.end
-rw-r--r-- 1 root root 65892 2022-01-06 21:38 ./slackware64/kde/grantleetheme-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 21:38 ./slackware64/kde/grantleetheme-21.12.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 292 2022-01-06 21:57 ./slackware64/kde/gwenview-21.12.1-x86_64-1.txt
-rw-r--r-- 1 root root 6935592 2022-01-06 21:57 ./slackware64/kde/gwenview-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 21:57 ./slackware64/kde/gwenview-21.12.1-x86_64-1.txz.asc
-rw-r--r-- 1 root root 271 2022-01-06 21:43 ./slackware64/kde/incidenceeditor-21.12.1-x86_64-1.txt
-rw-r--r-- 1 root root 540448 2022-01-06 21:43 ./slackware64/kde/incidenceeditor-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 21:43 ./slackware64/kde/incidenceeditor-21.12.1-x86_64-1.txz.asc
-rwxr-xr-x 1 root root 2897 2009-06-24 22:06 ./slackware64/kde/install-packages
-rw-r--r-- 1 root root 446 2006-09-18 10:41 ./slackware64/kde/install.end
-rw-r--r-- 1 root root 308 2022-01-06 22:57 ./slackware64/kde/itinerary-21.12.1-x86_64-1.txt
-rw-r--r-- 1 root root 591088 2022-01-06 22:57 ./slackware64/kde/itinerary-21.12.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2022-01-06 22:57 ./slackware64/kde/itinerary-21.12.1-x86_64-1.txz.asc
@ -5470,15 +5480,15 @@ drwxr-xr-x 2 root root 65536 2022-02-01 04:47 ./slackware64/x
-rw-r--r-- 1 root root 169444 2021-02-13 13:19 ./slackware64/x/font-bitstream-100dpi-1.0.3-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:19 ./slackware64/x/font-bitstream-100dpi-1.0.3-noarch-5.txz.asc
-rw-r--r-- 1 root root 475 2021-02-13 13:19 ./slackware64/x/font-bitstream-75dpi-1.0.3-noarch-5.txt
-rw-r--r-- 1 root root 149232 2021-02-13 13:19 ./slackware64/x/font-bitstream-75dpi-1.0.3-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:19 ./slackware64/x/font-bitstream-75dpi-1.0.3-noarch-5.txz.asc
-rw-r--r-- 1 root root 490 2021-02-13 13:19 ./slackware64/x/font-bitstream-speedo-1.0.2-noarch-5.txt
-rw-r--r-- 1 root root 245268 2021-02-13 13:19 ./slackware64/x/font-bitstream-speedo-1.0.2-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:19 ./slackware64/x/font-bitstream-speedo-1.0.2-noarch-5.txz.asc
-rw-r--r-- 1 root root 477 2021-02-13 13:19 ./slackware64/x/font-bitstream-type1-1.0.3-noarch-5.txt
-rw-r--r-- 1 root root 307924 2021-02-13 13:19 ./slackware64/x/font-bitstream-type1-1.0.3-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:19 ./slackware64/x/font-bitstream-type1-1.0.3-noarch-5.txz.asc
-rw-r--r-- 1 root root 475 2021-02-13 13:19 ./slackware64/x/font-cronyx-cyrillic-1.0.3-noarch-5.txt
-rw-r--r-- 1 root root 149232 2021-02-13 13:19 ./slackware64/x/font-bitstream-75dpi-1.0.3-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:19 ./slackware64/x/font-bitstream-75dpi-1.0.3-noarch-5.txz.asc
-rw-r--r-- 1 root root 490 2021-02-13 13:19 ./slackware64/x/font-bitstream-speedo-1.0.2-noarch-5.txt
-rw-r--r-- 1 root root 245268 2021-02-13 13:19 ./slackware64/x/font-bitstream-speedo-1.0.2-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:19 ./slackware64/x/font-bitstream-speedo-1.0.2-noarch-5.txz.asc
-rw-r--r-- 1 root root 477 2021-02-13 13:19 ./slackware64/x/font-bitstream-type1-1.0.3-noarch-5.txt
-rw-r--r-- 1 root root 307924 2021-02-13 13:19 ./slackware64/x/font-bitstream-type1-1.0.3-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:19 ./slackware64/x/font-bitstream-type1-1.0.3-noarch-5.txz.asc
-rw-r--r-- 1 root root 475 2021-02-13 13:19 ./slackware64/x/font-cronyx-cyrillic-1.0.3-noarch-5.txt
-rw-r--r-- 1 root root 310496 2021-02-13 13:19 ./slackware64/x/font-cronyx-cyrillic-1.0.3-noarch-5.txz
-rw-r--r-- 1 root root 163 2021-02-13 13:19 ./slackware64/x/font-cronyx-cyrillic-1.0.3-noarch-5.txz.asc
-rw-r--r-- 1 root root 423 2021-02-13 13:19 ./slackware64/x/font-cursor-misc-1.0.3-noarch-5.txt
@ -8634,24 +8644,24 @@ drwxr-xr-x 2 root root 4096 2022-01-16 02:41 ./source/d/python3
-rw-r--r-- 1 root root 1150 2018-02-27 06:13 ./source/d/python3/slack-desc
drwxr-xr-x 2 root root 4096 2021-02-13 05:31 ./source/d/rcs
-rw-r--r-- 1 root root 890872 2020-10-20 04:27 ./source/d/rcs/rcs-5.10.0.tar.xz
-rw-r--r-- 1 root root 95 2020-10-20 04:27 ./source/d/rcs/rcs-5.10.0.tar.xz.sig
-rwxr-xr-x 1 root root 4825 2021-02-13 05:31 ./source/d/rcs/rcs.SlackBuild
-rw-r--r-- 1 root root 772 2018-02-27 06:13 ./source/d/rcs/slack-desc
drwxr-xr-x 2 root root 4096 2021-08-03 05:36 ./source/d/re2c
-rw-r--r-- 1 root root 1273199 2021-08-01 09:25 ./source/d/re2c/re2c-2.2.tar.lz
-rwxr-xr-x 1 root root 4242 2021-03-27 18:18 ./source/d/re2c/re2c.SlackBuild
-rw-r--r-- 1 root root 33 2019-08-03 18:41 ./source/d/re2c/re2c.url
-rw-r--r-- 1 root root 989 2018-02-27 06:13 ./source/d/re2c/slack-desc
drwxr-xr-x 2 root root 4096 2021-09-06 18:01 ./source/d/rinutils
-rw-r--r-- 1 root root 17268 2021-09-06 06:30 ./source/d/rinutils/rinutils-0.10.0.tar.xz
-rwxr-xr-x 1 root root 3809 2021-09-06 18:01 ./source/d/rinutils/rinutils.SlackBuild
-rw-r--r-- 1 root root 36 2020-11-12 19:40 ./source/d/rinutils/rinutils.url
-rw-r--r-- 1 root root 944 2020-11-12 20:33 ./source/d/rinutils/slack-desc
drwxr-xr-x 2 root root 4096 2021-11-24 18:43 ./source/d/ruby
-rw-r--r-- 1 root root 14656102 2021-11-24 12:32 ./source/d/ruby/ruby-3.0.3.tar.lz
-rwxr-xr-x 1 root root 4807 2021-04-05 18:26 ./source/d/ruby/ruby.SlackBuild
-rw-r--r-- 1 root root 837 2019-03-13 16:43 ./source/d/ruby/slack-desc
drwxr-xr-x 2 root root 4096 2022-01-21 03:50 ./source/d/rust
-rw-r--r-- 1 root root 95 2020-10-20 04:27 ./source/d/rcs/rcs-5.10.0.tar.xz.sig
-rwxr-xr-x 1 root root 4825 2021-02-13 05:31 ./source/d/rcs/rcs.SlackBuild
-rw-r--r-- 1 root root 772 2018-02-27 06:13 ./source/d/rcs/slack-desc
drwxr-xr-x 2 root root 4096 2021-08-03 05:36 ./source/d/re2c
-rw-r--r-- 1 root root 1273199 2021-08-01 09:25 ./source/d/re2c/re2c-2.2.tar.lz
-rwxr-xr-x 1 root root 4242 2021-03-27 18:18 ./source/d/re2c/re2c.SlackBuild
-rw-r--r-- 1 root root 33 2019-08-03 18:41 ./source/d/re2c/re2c.url
-rw-r--r-- 1 root root 989 2018-02-27 06:13 ./source/d/re2c/slack-desc
drwxr-xr-x 2 root root 4096 2021-09-06 18:01 ./source/d/rinutils
-rw-r--r-- 1 root root 17268 2021-09-06 06:30 ./source/d/rinutils/rinutils-0.10.0.tar.xz
-rwxr-xr-x 1 root root 3809 2021-09-06 18:01 ./source/d/rinutils/rinutils.SlackBuild
-rw-r--r-- 1 root root 36 2020-11-12 19:40 ./source/d/rinutils/rinutils.url
-rw-r--r-- 1 root root 944 2020-11-12 20:33 ./source/d/rinutils/slack-desc
drwxr-xr-x 2 root root 4096 2021-11-24 18:43 ./source/d/ruby
-rw-r--r-- 1 root root 14656102 2021-11-24 12:32 ./source/d/ruby/ruby-3.0.3.tar.lz
-rwxr-xr-x 1 root root 4807 2021-04-05 18:26 ./source/d/ruby/ruby.SlackBuild
-rw-r--r-- 1 root root 837 2019-03-13 16:43 ./source/d/ruby/slack-desc
drwxr-xr-x 2 root root 4096 2022-01-21 03:50 ./source/d/rust
-rw-r--r-- 1 root root 261 2020-11-19 19:46 ./source/d/rust/link_libffi.diff.gz
-rwxr-xr-x 1 root root 9873 2022-01-27 22:24 ./source/d/rust/rust.SlackBuild
-rw-r--r-- 1 root root 1670 2022-01-21 02:45 ./source/d/rust/rust.url
@ -15063,20 +15073,20 @@ drwxr-xr-x 2 root root 12288 2020-05-18 17:50 ./source/x/x11/slack-desc
-rw-r--r-- 1 root root 808 2013-09-07 20:11 ./source/x/x11/slack-desc/xcb-util-cursor
-rw-r--r-- 1 root root 1011 2015-04-27 03:32 ./source/x/x11/slack-desc/xcb-util-errors
-rw-r--r-- 1 root root 778 2012-04-08 01:14 ./source/x/x11/slack-desc/xcb-util-image
-rw-r--r-- 1 root root 827 2012-04-08 01:18 ./source/x/x11/slack-desc/xcb-util-keysyms
-rw-r--r-- 1 root root 871 2012-04-08 03:49 ./source/x/x11/slack-desc/xcb-util-renderutil
-rw-r--r-- 1 root root 774 2012-04-08 03:51 ./source/x/x11/slack-desc/xcb-util-wm
-rw-r--r-- 1 root root 888 2018-02-26 22:58 ./source/x/x11/slack-desc/xclipboard
-rw-r--r-- 1 root root 747 2018-02-26 22:59 ./source/x/x11/slack-desc/xclock
-rw-r--r-- 1 root root 838 2012-04-08 03:52 ./source/x/x11/slack-desc/xcmiscproto
-rw-r--r-- 1 root root 824 2012-04-08 03:54 ./source/x/x11/slack-desc/xcmsdb
-rw-r--r-- 1 root root 760 2018-02-26 22:59 ./source/x/x11/slack-desc/xcompmgr
-rw-r--r-- 1 root root 679 2018-02-26 22:59 ./source/x/x11/slack-desc/xconsole
-rw-r--r-- 1 root root 844 2012-04-08 03:54 ./source/x/x11/slack-desc/xcursor-themes
-rw-r--r-- 1 root root 834 2012-04-08 03:54 ./source/x/x11/slack-desc/xcursorgen
-rw-r--r-- 1 root root 714 2012-04-08 03:55 ./source/x/x11/slack-desc/xdbedizzy
-rw-r--r-- 1 root root 797 2012-04-08 03:55 ./source/x/x11/slack-desc/xditview
-rw-r--r-- 1 root root 707 2012-04-08 03:55 ./source/x/x11/slack-desc/xdm
-rw-r--r-- 1 root root 827 2012-04-08 01:18 ./source/x/x11/slack-desc/xcb-util-keysyms
-rw-r--r-- 1 root root 871 2012-04-08 03:49 ./source/x/x11/slack-desc/xcb-util-renderutil
-rw-r--r-- 1 root root 774 2012-04-08 03:51 ./source/x/x11/slack-desc/xcb-util-wm
-rw-r--r-- 1 root root 888 2018-02-26 22:58 ./source/x/x11/slack-desc/xclipboard
-rw-r--r-- 1 root root 747 2018-02-26 22:59 ./source/x/x11/slack-desc/xclock
-rw-r--r-- 1 root root 838 2012-04-08 03:52 ./source/x/x11/slack-desc/xcmiscproto
-rw-r--r-- 1 root root 824 2012-04-08 03:54 ./source/x/x11/slack-desc/xcmsdb
-rw-r--r-- 1 root root 760 2018-02-26 22:59 ./source/x/x11/slack-desc/xcompmgr
-rw-r--r-- 1 root root 679 2018-02-26 22:59 ./source/x/x11/slack-desc/xconsole
-rw-r--r-- 1 root root 844 2012-04-08 03:54 ./source/x/x11/slack-desc/xcursor-themes
-rw-r--r-- 1 root root 834 2012-04-08 03:54 ./source/x/x11/slack-desc/xcursorgen
-rw-r--r-- 1 root root 714 2012-04-08 03:55 ./source/x/x11/slack-desc/xdbedizzy
-rw-r--r-- 1 root root 797 2012-04-08 03:55 ./source/x/x11/slack-desc/xditview
-rw-r--r-- 1 root root 707 2012-04-08 03:55 ./source/x/x11/slack-desc/xdm
-rw-r--r-- 1 root root 810 2012-04-08 03:56 ./source/x/x11/slack-desc/xdpyinfo
-rw-r--r-- 1 root root 808 2012-04-08 03:56 ./source/x/x11/slack-desc/xdriinfo
-rw-r--r-- 1 root root 740 2012-04-08 03:57 ./source/x/x11/slack-desc/xedit

11
patches/packages/hwdata-0.367-noarch-1_slack15.0.txt Normal file
View file

@ -0,0 +1,11 @@
hwdata: hwdata (hardware identification and configuration data)
hwdata:
hwdata: hwdata contains various hardware identification and configuration
hwdata: data, such as the pci.ids database and MonitorsDB databases.
hwdata:
hwdata: Homepage: https://github.com/vcrhonek/hwdata
hwdata:
hwdata:
hwdata:
hwdata:
hwdata:

0
patches/packages/mozilla-firefox-102.7.0esr-x86_64-1_slack15.0.txt → patches/packages/mozilla-firefox-102.8.0esr-x86_64-1_slack15.0.txt
View file

0
patches/packages/php-7.4.33-x86_64-2_slack15.0.txt → patches/packages/php-7.4.33-x86_64-3_slack15.0.txt
View file

122
patches/source/hwdata/hwdata.SlackBuild Executable file
View file

@ -0,0 +1,122 @@
#!/bin/bash
# Slackware build script for hwdata
# Copyright 2015, 2017 Robby Workman, Tuscaloosa, Alabama, USA
# Copyright 2018, 2022 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=hwdata
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1_slack15.0}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) ARCH=i586 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-noarch-$BUILD.txz"
exit 0
fi
TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
# Override $ARCH, since there are no binaries included at this time:
ARCH=noarch
rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf $PKGNAM-$VERSION
tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
cd $PKGNAM-$VERSION || exit 1
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
# Grab latest copies of pci and usb ids:
rm -f usb.ids pci.ids
lftpget https://pci-ids.ucw.cz/v2.2/pci.ids http://www.linux-usb.org/usb.ids
./configure --libdir=/lib || exit 1
#make download # grab latest copies of everything
make install DESTDIR=$PKG || exit 1
# Put compat symlinks in place for stuff that doesn't know about pkgconfig
for file in iab.txt oui.txt pci.ids pnp.ids usb.ids; do
if [ -r $PKG/usr/share/hwdata/$file ]; then
ln -s hwdata/$file $PKG/usr/share/$file
fi
done
# Move the provided blacklist stuff to the docs.
# Ideally, we have that info in udev package.
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a \
COPYING* LICENSE README* \
$PKG/usr/doc/$PKGNAM-$VERSION
mv $PKG/lib/modprobe.d/dist-blacklist.conf $PKG/usr/doc/$PKGNAM-$VERSION
# Remove the usused directories /lib/modprobe.d and /lib one at a time
# so we'll notice if anything new is added there:
#rm -rf $PKG/lib
rmdir $PKG/lib/modprobe.d || exit 1
rmdir $PKG/lib || exit 1
# If there's a ChangeLog, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r ChangeLog ]; then
DOCSDIR=$(echo $PKG/usr/doc/*-$VERSION)
cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
touch -r ChangeLog $DOCSDIR/ChangeLog
fi
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz

19
patches/source/hwdata/slack-desc Normal file
View file

@ -0,0 +1,19 @@
# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description.
# Line up the first '|' above the ':' following the base package name, and
# the '|' on the right side marks the last column you can put a character in.
# You must make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':' except on otherwise blank lines.
|-----handy-ruler------------------------------------------------------|
hwdata: hwdata (hardware identification and configuration data)
hwdata:
hwdata: hwdata contains various hardware identification and configuration
hwdata: data, such as the pci.ids database and MonitorsDB databases.
hwdata:
hwdata: Homepage: https://github.com/vcrhonek/hwdata
hwdata:
hwdata:
hwdata:
hwdata:
hwdata:

142
patches/source/php/CVE-2023-0567.patch Normal file
View file

@ -0,0 +1,142 @@
From 7882d12ff2d8d8c5a4af821464e0a5ac2cde2002 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
Date: Mon, 23 Jan 2023 21:15:24 +0100
Subject: [PATCH] crypt: Fix validation of malformed BCrypt hashes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
PHPs implementation of crypt_blowfish differs from the upstream Openwall
version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt
by including a `$` character within the characters that represent the salt.
Hashes that are affected by the “PHP Hack” may erroneously validate any
password as valid when used with `password_verify` and when comparing the
return value of `crypt()` against the input.
The PHP Hack exists since the first version of PHPs own crypt_blowfish
implementation that was added in 1e820eca02dcf322b41fd2fe4ed2a6b8309f8ab5.
No clear reason is given for the PHP Hacks existence. This commit removes it,
because BCrypt hashes containing a `$` character in their salt are not valid
BCrypt hashes.
---
ext/standard/crypt_blowfish.c | 8 --
.../tests/crypt/bcrypt_salt_dollar.phpt | 82 +++++++++++++++++++
2 files changed, 82 insertions(+), 8 deletions(-)
create mode 100644 ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c
index 3806a290aee4..351d40308089 100644
--- a/ext/standard/crypt_blowfish.c
+++ b/ext/standard/crypt_blowfish.c
@@ -371,7 +371,6 @@ static const unsigned char BF_atoi64[0x60] = {
#define BF_safe_atoi64(dst, src) \
{ \
tmp = (unsigned char)(src); \
- if (tmp == '$') break; /* PHP hack */ \
if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
tmp = BF_atoi64[tmp]; \
if (tmp > 63) return -1; \
@@ -399,13 +398,6 @@ static int BF_decode(BF_word *dst, const char *src, int size)
*dptr++ = ((c3 & 0x03) << 6) | c4;
} while (dptr < end);
- if (end - dptr == size) {
- return -1;
- }
-
- while (dptr < end) /* PHP hack */
- *dptr++ = 0;
-
return 0;
}
diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
new file mode 100644
index 000000000000..32e335f4b087
--- /dev/null
+++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
@@ -0,0 +1,82 @@
+--TEST--
+bcrypt correctly rejects salts containing $
+--FILE--
+<?php
+for ($i = 0; $i < 23; $i++) {
+ $salt = '$2y$04$' . str_repeat('0', $i) . '$';
+ $result = crypt("foo", $salt);
+ var_dump($salt);
+ var_dump($result);
+ var_dump($result === $salt);
+}
+?>
+--EXPECT--
+string(8) "$2y$04$$"
+string(2) "*0"
+bool(false)
+string(9) "$2y$04$0$"
+string(2) "*0"
+bool(false)
+string(10) "$2y$04$00$"
+string(2) "*0"
+bool(false)
+string(11) "$2y$04$000$"
+string(2) "*0"
+bool(false)
+string(12) "$2y$04$0000$"
+string(2) "*0"
+bool(false)
+string(13) "$2y$04$00000$"
+string(2) "*0"
+bool(false)
+string(14) "$2y$04$000000$"
+string(2) "*0"
+bool(false)
+string(15) "$2y$04$0000000$"
+string(2) "*0"
+bool(false)
+string(16) "$2y$04$00000000$"
+string(2) "*0"
+bool(false)
+string(17) "$2y$04$000000000$"
+string(2) "*0"
+bool(false)
+string(18) "$2y$04$0000000000$"
+string(2) "*0"
+bool(false)
+string(19) "$2y$04$00000000000$"
+string(2) "*0"
+bool(false)
+string(20) "$2y$04$000000000000$"
+string(2) "*0"
+bool(false)
+string(21) "$2y$04$0000000000000$"
+string(2) "*0"
+bool(false)
+string(22) "$2y$04$00000000000000$"
+string(2) "*0"
+bool(false)
+string(23) "$2y$04$000000000000000$"
+string(2) "*0"
+bool(false)
+string(24) "$2y$04$0000000000000000$"
+string(2) "*0"
+bool(false)
+string(25) "$2y$04$00000000000000000$"
+string(2) "*0"
+bool(false)
+string(26) "$2y$04$000000000000000000$"
+string(2) "*0"
+bool(false)
+string(27) "$2y$04$0000000000000000000$"
+string(2) "*0"
+bool(false)
+string(28) "$2y$04$00000000000000000000$"
+string(2) "*0"
+bool(false)
+string(29) "$2y$04$000000000000000000000$"
+string(2) "*0"
+bool(false)
+string(30) "$2y$04$0000000000000000000000$"
+string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K"
+bool(false)

62
patches/source/php/CVE-2023-0568.patch Normal file
View file

@ -0,0 +1,62 @@
From c0fceebfa195b8e56a7108cb731b5ea7afbef70c Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 27 Jan 2023 19:28:27 +0100
Subject: [PATCH] Fix array overrun when appending slash to paths
Fix it by extending the array sizes by one character. As the input is
limited to the maximum path length, there will always be place to append
the slash. As the php_check_specific_open_basedir() simply uses the
strings to compare against each other, no new failures related to too
long paths are introduced.
We'll let the DOM and XML case handle a potentially too long path in the
library code.
---
ext/dom/document.c | 2 +-
ext/xmlreader/php_xmlreader.c | 2 +-
main/fopen_wrappers.c | 6 +++---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/ext/dom/document.c b/ext/dom/document.c
index 4dee5548f188..c60198a3be11 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -1182,7 +1182,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so
int validate, recover, resolve_externals, keep_blanks, substitute_ent;
int resolved_path_len;
int old_error_reporting = 0;
- char *directory=NULL, resolved_path[MAXPATHLEN];
+ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
if (id != NULL) {
intern = Z_DOMOBJ_P(id);
diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
index c17884d960cb..39141c8c1223 100644
--- a/ext/xmlreader/php_xmlreader.c
+++ b/ext/xmlreader/php_xmlreader.c
@@ -1017,7 +1017,7 @@ PHP_METHOD(XMLReader, XML)
xmlreader_object *intern = NULL;
char *source, *uri = NULL, *encoding = NULL;
int resolved_path_len, ret = 0;
- char *directory=NULL, resolved_path[MAXPATHLEN];
+ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
xmlParserInputBufferPtr inputbfr;
xmlTextReaderPtr reader;
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index f6ce26e104be..12cc9c8b10c0 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -129,10 +129,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
*/
PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
{
- char resolved_name[MAXPATHLEN];
- char resolved_basedir[MAXPATHLEN];
+ char resolved_name[MAXPATHLEN + 1];
+ char resolved_basedir[MAXPATHLEN + 1];
char local_open_basedir[MAXPATHLEN];
- char path_tmp[MAXPATHLEN];
+ char path_tmp[MAXPATHLEN + 1];
char *path_file;
size_t resolved_basedir_len;
size_t resolved_name_len;

411
patches/source/php/CVE-2023-0662.patch Normal file
View file

@ -0,0 +1,411 @@
From 716de0cff539f46294ef70fe75d548cd66766370 Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Thu, 19 Jan 2023 14:31:25 +0000
Subject: [PATCH] Introduce max_multipart_body_parts INI
This fixes GHSA-54hq-v5wp-fqgv DOS vulnerabality by limitting number of
parsed multipart body parts as currently all parts were always parsed.
---
main/main.c | 1 +
main/rfc1867.c | 11 ++
...-54hq-v5wp-fqgv-max-body-parts-custom.phpt | 53 +++++++++
...54hq-v5wp-fqgv-max-body-parts-default.phpt | 54 +++++++++
.../ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt | 52 +++++++++
sapi/fpm/tests/tester.inc | 106 +++++++++++++++---
6 files changed, 262 insertions(+), 15 deletions(-)
create mode 100644 sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt
create mode 100644 sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt
create mode 100644 sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt
diff --git a/main/main.c b/main/main.c
index 40684f32dc14..c58ea58bf5ac 100644
--- a/main/main.c
+++ b/main/main.c
@@ -751,6 +751,7 @@ PHP_INI_BEGIN()
PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL)
PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL)
PHP_INI_ENTRY("max_file_uploads", "20", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL)
+ PHP_INI_ENTRY("max_multipart_body_parts", "-1", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL)
STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals)
diff --git a/main/rfc1867.c b/main/rfc1867.c
index b43cfae5a1e2..3086e8da3dbe 100644
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -687,6 +687,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
void *event_extra_data = NULL;
unsigned int llen = 0;
int upload_cnt = INI_INT("max_file_uploads");
+ int body_parts_cnt = INI_INT("max_multipart_body_parts");
const zend_encoding *internal_encoding = zend_multibyte_get_internal_encoding();
php_rfc1867_getword_t getword;
php_rfc1867_getword_conf_t getword_conf;
@@ -708,6 +709,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
return;
}
+ if (body_parts_cnt < 0) {
+ body_parts_cnt = PG(max_input_vars) + upload_cnt;
+ }
+ int body_parts_limit = body_parts_cnt;
+
/* Get the boundary */
boundary = strstr(content_type_dup, "boundary");
if (!boundary) {
@@ -792,6 +798,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
char *pair = NULL;
int end = 0;
+ if (--body_parts_cnt < 0) {
+ php_error_docref(NULL, E_WARNING, "Multipart body parts limit exceeded %d. To increase the limit change max_multipart_body_parts in php.ini.", body_parts_limit);
+ goto fileupload_done;
+ }
+
while (isspace(*cd)) {
++cd;
}
#diff --git a/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt
#new file mode 100644
#index 000000000000..d2239ac3c410
#--- /dev/null
#+++ b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt
#@@ -0,0 +1,53 @@
#+--TEST--
#+FPM: GHSA-54hq-v5wp-fqgv - max_multipart_body_parts ini custom value
#+--SKIPIF--
#+<?php include "skipif.inc"; ?>
#+--FILE--
#+<?php
#+
#+require_once "tester.inc";
#+
#+$cfg = <<<EOT
#+[global]
#+error_log = {{FILE:LOG}}
#+[unconfined]
#+listen = {{ADDR}}
#+pm = dynamic
#+pm.max_children = 5
#+pm.start_servers = 1
#+pm.min_spare_servers = 1
#+pm.max_spare_servers = 3
#+php_admin_value[html_errors] = false
#+php_admin_value[max_input_vars] = 20
#+php_admin_value[max_file_uploads] = 5
#+php_admin_value[max_multipart_body_parts] = 10
#+php_flag[display_errors] = On
#+EOT;
#+
#+$code = <<<EOT
#+<?php
#+var_dump(count(\$_POST));
#+EOT;
#+
#+$tester = new FPM\Tester($cfg, $code);
#+$tester->start();
#+$tester->expectLogStartNotices();
#+echo $tester
#+ ->request(stdin: [
#+ 'parts' => [
#+ 'count' => 30,
#+ ]
#+ ])
#+ ->getBody();
#+$tester->terminate();
#+$tester->close();
#+
#+?>
#+--EXPECT--
#+Warning: Unknown: Multipart body parts limit exceeded 10. To increase the limit change max_multipart_body_parts in php.ini. in Unknown on line 0
#+int(10)
#+--CLEAN--
#+<?php
#+require_once "tester.inc";
#+FPM\Tester::clean();
#+?>
#diff --git a/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt
#new file mode 100644
#index 000000000000..42b5afbf9ee7
#--- /dev/null
#+++ b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt
#@@ -0,0 +1,54 @@
#+--TEST--
#+FPM: GHSA-54hq-v5wp-fqgv - max_multipart_body_parts ini default
#+--SKIPIF--
#+<?php include "skipif.inc"; ?>
#+--FILE--
#+<?php
#+
#+require_once "tester.inc";
#+
#+$cfg = <<<EOT
#+[global]
#+error_log = {{FILE:LOG}}
#+[unconfined]
#+listen = {{ADDR}}
#+pm = dynamic
#+pm.max_children = 5
#+pm.start_servers = 1
#+pm.min_spare_servers = 1
#+pm.max_spare_servers = 3
#+php_admin_value[html_errors] = false
#+php_admin_value[max_input_vars] = 20
#+php_admin_value[max_file_uploads] = 5
#+php_flag[display_errors] = On
#+EOT;
#+
#+$code = <<<EOT
#+<?php
#+var_dump(count(\$_POST));
#+EOT;
#+
#+$tester = new FPM\Tester($cfg, $code);
#+$tester->start();
#+$tester->expectLogStartNotices();
#+echo $tester
#+ ->request(stdin: [
#+ 'parts' => [
#+ 'count' => 30,
#+ ]
#+ ])
#+ ->getBody();
#+$tester->terminate();
#+$tester->close();
#+
#+?>
#+--EXPECT--
#+Warning: Unknown: Input variables exceeded 20. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
#+
#+Warning: Unknown: Multipart body parts limit exceeded 25. To increase the limit change max_multipart_body_parts in php.ini. in Unknown on line 0
#+int(20)
#+--CLEAN--
#+<?php
#+require_once "tester.inc";
#+FPM\Tester::clean();
#+?>
#diff --git a/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt
#new file mode 100644
#index 000000000000..da81174c7280
#--- /dev/null
#+++ b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt
#@@ -0,0 +1,52 @@
#+--TEST--
#+FPM: GHSA-54hq-v5wp-fqgv - exceeding max_file_uploads
#+--SKIPIF--
#+<?php include "skipif.inc"; ?>
#+--FILE--
#+<?php
#+
#+require_once "tester.inc";
#+
#+$cfg = <<<EOT
#+[global]
#+error_log = {{FILE:LOG}}
#+[unconfined]
#+listen = {{ADDR}}
#+pm = dynamic
#+pm.max_children = 5
#+pm.start_servers = 1
#+pm.min_spare_servers = 1
#+pm.max_spare_servers = 3
#+php_admin_value[html_errors] = false
#+php_admin_value[max_file_uploads] = 5
#+php_flag[display_errors] = On
#+EOT;
#+
#+$code = <<<EOT
#+<?php
#+var_dump(count(\$_FILES));
#+EOT;
#+
#+$tester = new FPM\Tester($cfg, $code);
#+$tester->start();
#+$tester->expectLogStartNotices();
#+echo $tester
#+ ->request(stdin: [
#+ 'parts' => [
#+ 'count' => 10,
#+ 'param' => 'filename'
#+ ]
#+ ])
#+ ->getBody();
#+$tester->terminate();
#+$tester->close();
#+
#+?>
#+--EXPECT--
#+Warning: Maximum number of allowable file uploads has been exceeded in Unknown on line 0
#+int(5)
#+--CLEAN--
#+<?php
#+require_once "tester.inc";
#+FPM\Tester::clean();
#+?>
##diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc
##index 6197cdba53f5..e51aa0f69143 100644
##--- a/sapi/fpm/tests/tester.inc
##+++ b/sapi/fpm/tests/tester.inc
#@@ -567,13 +567,17 @@ class Tester
# * @param string $query
# * @param array $headers
# * @param string|null $uri
#+ * @param string|null $scriptFilename
#+ * @param string|null $stdin
# *
# * @return array
# */
# private function getRequestParams(
# string $query = '',
# array $headers = [],
#- string $uri = null
#+ string $uri = null,
#+ string $scriptFilename = null,
#+ ?string $stdin = null
# ): array {
# if (is_null($uri)) {
# $uri = $this->makeSourceFile();
3@@ -582,8 +586,8 @@ class Tester
# $params = array_merge(
# [
# 'GATEWAY_INTERFACE' => 'FastCGI/1.0',
#- 'REQUEST_METHOD' => 'GET',
#- 'SCRIPT_FILENAME' => $uri,
#+ 'REQUEST_METHOD' => is_null($stdin) ? 'GET' : 'POST',
#+ 'SCRIPT_FILENAME' => $scriptFilename ?: $uri,
# 'SCRIPT_NAME' => $uri,
# 'QUERY_STRING' => $query,
# 'REQUEST_URI' => $uri . ($query ? '?' . $query : ""),
#@@ -597,7 +601,7 @@ class Tester
# 'SERVER_PROTOCOL' => 'HTTP/1.1',
# 'DOCUMENT_ROOT' => __DIR__,
# 'CONTENT_TYPE' => '',
#- 'CONTENT_LENGTH' => 0
#+ 'CONTENT_LENGTH' => strlen($stdin ?? "") // Default to 0
# ],
# $headers
# );
#@@ -607,20 +611,86 @@ class Tester
# });
# }
#
#+ /**
#+ * Parse stdin and generate data for multipart config.
#+ *
#+ * @param array $stdin
#+ * @param array $headers
#+ *
#+ * @return void
#+ * @throws \Exception
#+ */
#+ private function parseStdin(array $stdin, array &$headers)
#+ {
#+ $parts = $stdin['parts'] ?? null;
#+ if (empty($parts)) {
#+ throw new \Exception('The stdin array needs to contain parts');
#+ }
#+ $boundary = $stdin['boundary'] ?? 'AaB03x';
#+ if ( ! isset($headers['CONTENT_TYPE'])) {
#+ $headers['CONTENT_TYPE'] = 'multipart/form-data; boundary=' . $boundary;
#+ }
#+ $count = $parts['count'] ?? null;
#+ if ( ! is_null($count)) {
#+ $dispositionType = $parts['disposition'] ?? 'form-data';
#+ $dispositionParam = $parts['param'] ?? 'name';
#+ $namePrefix = $parts['prefix'] ?? 'f';
#+ $nameSuffix = $parts['suffix'] ?? '';
#+ $value = $parts['value'] ?? 'test';
#+ $parts = [];
#+ for ($i = 0; $i < $count; $i++) {
#+ $parts[] = [
#+ 'disposition' => $dispositionType,
#+ 'param' => $dispositionParam,
#+ 'name' => "$namePrefix$i$nameSuffix",
#+ 'value' => $value
#+ ];
#+ }
#+ }
#+ $out = '';
#+ $nl = "\r\n";
#+ foreach ($parts as $part) {
#+ if (!is_array($part)) {
#+ $part = ['name' => $part];
#+ } elseif ( ! isset($part['name'])) {
#+ throw new \Exception('Each part has to have a name');
#+ }
#+ $name = $part['name'];
#+ $dispositionType = $part['disposition'] ?? 'form-data';
#+ $dispositionParam = $part['param'] ?? 'name';
#+ $value = $part['value'] ?? 'test';
#+ $partHeaders = $part['headers'] ?? [];
#+
#+ $out .= "--$boundary$nl";
#+ $out .= "Content-disposition: $dispositionType; $dispositionParam=\"$name\"$nl";
#+ foreach ($partHeaders as $headerName => $headerValue) {
#+ $out .= "$headerName: $headerValue$nl";
#+ }
#+ $out .= $nl;
#+ $out .= "$value$nl";
#+ }
#+ $out .= "--$boundary--$nl";
#+
#+ return $out;
#+ }
#+
# /**
# * Execute request.
# *
#- * @param string $query
#- * @param array $headers
#- * @param string|null $uri
#- * @param string|null $address
#- * @param string|null $successMessage
#- * @param string|null $errorMessage
#- * @param bool $connKeepAlive
#- * @param bool $expectError
#- * @param int $readLimit
#+ * @param string $query
#+ * @param array $headers
#+ * @param string|null $uri
#+ * @param string|null $address
#+ * @param string|null $successMessage
#+ * @param string|null $errorMessage
#+ * @param bool $connKeepAlive
#+ * @param string|null $scriptFilename = null
#+ * @param string|array|null $stdin = null
#+ * @param bool $expectError
#+ * @param int $readLimit
# *
# * @return Response
#+ * @throws \Exception
# */
# public function request(
# string $query = '',
#@@ -630,6 +700,8 @@ class Tester
# string $successMessage = null,
# string $errorMessage = null,
# bool $connKeepAlive = false,
#+ string $scriptFilename = null,
#+ string|array $stdin = null,
# bool $expectError = false,
# int $readLimit = -1,
# ): Response {
#@@ -637,12 +709,16 @@ class Tester
# return new Response(null, true);
# }
#
#- $params = $this->getRequestParams($query, $headers, $uri);
#+ if (is_array($stdin)) {
#+ $stdin = $this->parseStdin($stdin, $headers);
#+ }
#+
#+ $params = $this->getRequestParams($query, $headers, $uri, $scriptFilename, $stdin);
# $this->trace('Request params', $params);
#
# try {
# $this->response = new Response(
#- $this->getClient($address, $connKeepAlive)->request_data($params, false, $readLimit)
#+ $this->getClient($address, $connKeepAlive)->request_data($params, $stdin, $readLimit)
# );
# if ($expectError) {
# $this->error('Expected request error but the request was successful');

5
patches/source/php/php.SlackBuild
View file

@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=php
VERSION=${VERSION:-$(echo php-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
ALPINE=2.26
BUILD=${BUILD:-2_slack15.0}
BUILD=${BUILD:-3_slack15.0}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@ -128,6 +128,9 @@ tar xvf $CWD/php-$VERSION.tar.xz || exit 1
cd php-$VERSION || exit 1
zcat $CWD/CVE-2022-31631.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2023-0567.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2023-0568.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/CVE-2023-0662.patch.gz | patch -p1 --verbose || exit 1
# cleanup:
find . -name "*.orig" -delete

3
recompress.sh
View file

@ -1266,8 +1266,11 @@ gzip ./patches/source/libtiff/patches/CVE-2022-2056_2057_2058.patch
gzip ./patches/source/libtiff/patches/CVE-2022-34526.patch
gzip ./patches/source/libtiff/patches/CVE-2022-3970.patch
gzip ./patches/source/php/php-fpm.conf.diff
gzip ./patches/source/php/CVE-2023-0662.patch
gzip ./patches/source/php/php.enchant-2.patch
gzip ./patches/source/php/CVE-2022-31631.patch
gzip ./patches/source/php/CVE-2023-0568.patch
gzip ./patches/source/php/CVE-2023-0567.patch
gzip ./patches/source/php/doinst.sh
gzip ./patches/source/php/php.imap.api.diff
gzip ./patches/source/php/php.ini-development.diff