Wed Jul 19 20:36:46 UTC 2023

patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: fopen race condition. For more information, see: https://curl.se/docs/CVE-2023-32001.html https://www.cve.org/CVERecord?id=CVE-2023-32001 (* Security fix *) patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz: Upgraded. This update fixes a security issue: ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code execution relating to PKCS#11 providers. The PKCS#11 support ssh-agent(1) could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team. Potentially-incompatible changes: * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behaviour: "-Oallow-remote-pkcs11". For more information, see: https://www.openssh.com/txt/release-9.3p2 https://www.cve.org/CVERecord?id=CVE-2023-38408 (* Security fix *)
2025-01-29 08:36:40 +01:00 · 2023-07-19 20:36:46 +00:00 · 2023-07-19 20:36:46 +00:00 · b9cb99a88e
commit b9cb99a88e
parent 1b65c2bfe3
5 changed files with 100 additions and 28 deletions
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@ -11,9 +11,49 @@
      <description>Tracking Slackware development in git.</description>
      <language>en-us</language>
      <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Mon, 17 Jul 2023 19:17:19 GMT</pubDate>
-      <lastBuildDate>Tue, 18 Jul 2023 11:30:21 GMT</lastBuildDate>
+      <pubDate>Wed, 19 Jul 2023 20:36:46 GMT</pubDate>
+      <lastBuildDate>Fri, 21 Jul 2023 11:30:19 GMT</lastBuildDate>
      <generator>maintain_current_git.sh v 1.17</generator>
+      <item>
+         <title>Wed, 19 Jul 2023 20:36:46 GMT</title>
+         <pubDate>Wed, 19 Jul 2023 20:36:46 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20230719203646</link>
+         <guid isPermaLink="false">20230719203646</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes a security issue:
+  fopen race condition.
+  For more information, see:
+    https://curl.se/docs/CVE-2023-32001.html
+    https://www.cve.org/CVERecord?id=CVE-2023-32001
+  (* Security fix *)
+patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes a security issue:
+  ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
+  execution relating to PKCS#11 providers.
+  The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
+  execution via a forwarded agent socket if the following conditions are met:
+  * Exploitation requires the presence of specific libraries on the victim
+    system.
+  * Remote exploitation requires that the agent was forwarded to an
+    attacker-controlled system.
+  Exploitation can also be prevented by starting ssh-agent(1) with an empty
+  PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
+  contains only specific provider libraries.
+  This vulnerability was discovered and demonstrated to be exploitable by the
+  Qualys Security Advisory team.
+  Potentially-incompatible changes:
+  * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
+  issued by remote clients by default. A flag has been added to restore the
+  previous behaviour: "-Oallow-remote-pkcs11".
+  For more information, see:
+    https://www.openssh.com/txt/release-9.3p2
+    https://www.cve.org/CVERecord?id=CVE-2023-38408
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
      <item>
         <title>Mon, 17 Jul 2023 19:17:19 GMT</title>
         <pubDate>Mon, 17 Jul 2023 19:17:19 GMT</pubDate>
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,3 +1,35 @@
+Wed Jul 19 20:36:46 UTC 2023
+patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes a security issue:
+  fopen race condition.
+  For more information, see:
+    https://curl.se/docs/CVE-2023-32001.html
+    https://www.cve.org/CVERecord?id=CVE-2023-32001
+  (* Security fix *)
+patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes a security issue:
+  ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
+  execution relating to PKCS#11 providers.
+  The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
+  execution via a forwarded agent socket if the following conditions are met:
+  * Exploitation requires the presence of specific libraries on the victim
+    system.
+  * Remote exploitation requires that the agent was forwarded to an
+    attacker-controlled system.
+  Exploitation can also be prevented by starting ssh-agent(1) with an empty
+  PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
+  contains only specific provider libraries.
+  This vulnerability was discovered and demonstrated to be exploitable by the
+  Qualys Security Advisory team.
+  Potentially-incompatible changes:
+  * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
+  issued by remote clients by default. A flag has been added to restore the
+  previous behaviour: "-Oallow-remote-pkcs11".
+  For more information, see:
+    https://www.openssh.com/txt/release-9.3p2
+    https://www.cve.org/CVERecord?id=CVE-2023-38408
+  (* Security fix *)
+--------------------------+
 Mon Jul 17 19:17:19 UTC 2023
 patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@ -1,20 +1,20 @@
-Mon Jul 17 19:22:32 UTC 2023
+Wed Jul 19 20:43:15 UTC 2023

 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.

-drwxr-xr-x 12 root root      4096 2023-07-17 19:17 .
+drwxr-xr-x 12 root root      4096 2023-07-19 20:36 .
 -rw-r--r--  1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--  1 root root     16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r--  1 root root   1186350 2023-07-12 20:48 ./CHECKSUMS.md5
-rw-r--r--  1 root root       163 2023-07-12 20:48 ./CHECKSUMS.md5.asc
+-rw-r--r--  1 root root   1186350 2023-07-17 19:22 ./CHECKSUMS.md5
+-rw-r--r--  1 root root       163 2023-07-17 19:22 ./CHECKSUMS.md5.asc
 -rw-r--r--  1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--  1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--  1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--  1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r--  1 root root   2026666 2023-07-17 19:17 ./ChangeLog.txt
+-rw-r--r--  1 root root   2028254 2023-07-19 20:36 ./ChangeLog.txt
 drwxr-xr-x  3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--  1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x  1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--  1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--  1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r--  1 root root   1550666 2023-07-12 20:47 ./FILELIST.TXT
+-rw-r--r--  1 root root   1550666 2023-07-17 19:22 ./FILELIST.TXT
 -rw-r--r--  1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--  1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--  1 root root      8034 2022-02-02 03:36 ./README.TXT
@ -737,13 +737,13 @@ drwxr-xr-x  2 root root      4096 2008-05-07 05:21 ./pasture/source/php/pear
 -rwxr-xr-x  1 root root      9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild
 -rw-r--r--  1 root root       775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz
 -rw-r--r--  1 root root       830 2005-12-09 05:18 ./pasture/source/php/slack-desc
-drwxr-xr-x  4 root root      4096 2023-07-17 19:22 ./patches
-rw-r--r--  1 root root     79302 2023-07-17 19:22 ./patches/CHECKSUMS.md5
-rw-r--r--  1 root root       163 2023-07-17 19:22 ./patches/CHECKSUMS.md5.asc
-rw-r--r--  1 root root    107835 2023-07-17 19:22 ./patches/FILE_LIST
-rw-r--r--  1 root root  12615428 2023-07-17 19:22 ./patches/MANIFEST.bz2
-rw-r--r--  1 root root     56668 2023-07-17 19:22 ./patches/PACKAGES.TXT
-drwxr-xr-x  3 root root     20480 2023-07-17 19:22 ./patches/packages
+drwxr-xr-x  4 root root      4096 2023-07-19 20:43 ./patches
+-rw-r--r--  1 root root     79302 2023-07-19 20:43 ./patches/CHECKSUMS.md5
+-rw-r--r--  1 root root       163 2023-07-19 20:43 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--  1 root root    107835 2023-07-19 20:43 ./patches/FILE_LIST
+-rw-r--r--  1 root root  12615435 2023-07-19 20:43 ./patches/MANIFEST.bz2
+-rw-r--r--  1 root root     56668 2023-07-19 20:43 ./patches/PACKAGES.TXT
+drwxr-xr-x  3 root root     20480 2023-07-19 20:43 ./patches/packages
 -rw-r--r--  1 root root       327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt
 -rw-r--r--  1 root root     10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc
@ -777,9 +777,9 @@ drwxr-xr-x  3 root root     20480 2023-07-17 19:22 ./patches/packages
 -rw-r--r--  1 root root       416 2023-05-19 18:13 ./patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    827024 2023-05-19 18:13 ./patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-05-19 18:13 ./patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz.asc
-rw-r--r--  1 root root       552 2023-05-30 17:36 ./patches/packages/curl-8.1.2-x86_64-1_slack15.0.txt
-rw-r--r--  1 root root   1347056 2023-05-30 17:36 ./patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz
-rw-r--r--  1 root root       163 2023-05-30 17:36 ./patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz.asc
+-rw-r--r--  1 root root       552 2023-07-19 19:33 ./patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt
+-rw-r--r--  1 root root   1365332 2023-07-19 19:33 ./patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-07-19 19:33 ./patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz.asc
 -rw-r--r--  1 root root       373 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    993108 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz.asc
@ -910,9 +910,9 @@ drwxr-xr-x  2 root root      4096 2023-06-23 18:50 ./patches/packages/linux-5.15
 -rw-r--r--  1 root root       562 2023-06-06 17:07 ./patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   2046784 2023-06-06 17:07 ./patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-06-06 17:07 ./patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz.asc
-rw-r--r--  1 root root       672 2023-03-16 16:37 ./patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txt
-rw-r--r--  1 root root   1061424 2023-03-16 16:37 ./patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txz
-rw-r--r--  1 root root       163 2023-03-16 16:37 ./patches/packages/openssh-9.3p1-x86_64-1_slack15.0.txz.asc
+-rw-r--r--  1 root root       672 2023-07-19 19:50 ./patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txt
+-rw-r--r--  1 root root   1062080 2023-07-19 19:50 ./patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-07-19 19:50 ./patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz.asc
 -rw-r--r--  1 root root       559 2023-05-30 17:46 ./patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   3605164 2023-05-30 17:46 ./patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-05-30 17:46 ./patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz.asc
@ -1015,7 +1015,7 @@ drwxr-xr-x  2 root root      4096 2023-06-23 18:50 ./patches/packages/linux-5.15
 -rw-r--r--  1 root root       463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 82 root root      4096 2023-07-17 19:11 ./patches/source
+drwxr-xr-x 82 root root      4096 2023-07-19 20:33 ./patches/source
 drwxr-xr-x  2 root root      4096 2022-01-16 05:07 ./patches/source/aaa_base
 -rw-r--r--  1 root root     11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz
 -rwxr-xr-x  1 root root      3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild
@ -1102,9 +1102,9 @@ drwxr-xr-x  2 root root      4096 2023-05-19 18:08 ./patches/source/cups-filters
 -rw-r--r--  1 root root        46 2021-06-29 19:51 ./patches/source/cups/cups.url
 -rw-r--r--  1 root root       454 2021-04-26 18:11 ./patches/source/cups/doinst.sh.gz
 -rw-r--r--  1 root root      1094 2018-11-29 19:15 ./patches/source/cups/slack-desc
-drwxr-xr-x  2 root root      4096 2023-05-30 17:34 ./patches/source/curl
-rw-r--r--  1 root root   2612652 2023-05-30 06:17 ./patches/source/curl/curl-8.1.2.tar.xz
-rw-r--r--  1 root root       488 2023-05-30 06:17 ./patches/source/curl/curl-8.1.2.tar.xz.asc
+drwxr-xr-x  2 root root      4096 2023-07-19 19:31 ./patches/source/curl
+-rw-r--r--  1 root root   2637208 2023-07-19 06:16 ./patches/source/curl/curl-8.2.0.tar.xz
+-rw-r--r--  1 root root       488 2023-07-19 06:16 ./patches/source/curl/curl-8.2.0.tar.xz.asc
 -rwxr-xr-x  1 root root      4861 2022-04-27 18:34 ./patches/source/curl/curl.SlackBuild
 -rw-r--r--  1 root root        30 2018-04-20 16:49 ./patches/source/curl/curl.url
 -rw-r--r--  1 root root      1004 2019-02-06 21:57 ./patches/source/curl/slack-desc
@ -1540,10 +1540,10 @@ drwxr-xr-x  2 root root      4096 2023-06-06 17:05 ./patches/source/ntp
 -rw-r--r--  1 root root      2483 2018-02-15 11:45 ./patches/source/ntp/ntpdate.8.gz
 -rw-r--r--  1 root root       805 2021-02-16 19:01 ./patches/source/ntp/rc.ntpd
 -rw-r--r--  1 root root      1013 2023-06-02 18:24 ./patches/source/ntp/slack-desc
-drwxr-xr-x  2 root root      4096 2023-03-16 16:36 ./patches/source/openssh
+drwxr-xr-x  2 root root      4096 2023-07-19 19:39 ./patches/source/openssh
 -rw-r--r--  1 root root       593 2020-02-07 03:05 ./patches/source/openssh/doinst.sh.gz
-rw-r--r--  1 root root   1856839 2023-03-15 21:50 ./patches/source/openssh/openssh-9.3p1.tar.gz
-rw-r--r--  1 root root       833 2023-03-15 21:50 ./patches/source/openssh/openssh-9.3p1.tar.gz.asc
+-rw-r--r--  1 root root   1835850 2023-07-19 13:55 ./patches/source/openssh/openssh-9.3p2.tar.gz
+-rw-r--r--  1 root root       833 2023-07-19 13:55 ./patches/source/openssh/openssh-9.3p2.tar.gz.asc
 -rwxr-xr-x  1 root root      6297 2023-02-02 20:04 ./patches/source/openssh/openssh.SlackBuild
 -rw-r--r--  1 root root      1658 2022-02-24 19:30 ./patches/source/openssh/openssh.tcp_wrappers.diff.gz
 -rw-r--r--  1 root root        54 2020-02-14 19:40 ./patches/source/openssh/openssh.url
--- a/patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt
+++ b/patches/packages/curl-8.2.0-x86_64-1_slack15.0.txt
--- a/patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txt
+++ b/patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txt