1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-14 08:01:11 +01:00

Wed Apr 27 21:43:51 UTC 2022

patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  OAUTH2 bearer bypass in connection re-use.
  Credential leak on redirect.
  Bad local IPv6 connection reuse.
  Auth/cookie leak on redirect.
  For more information, see:
    https://curl.se/docs/CVE-2022-22576.html
    https://curl.se/docs/CVE-2022-27774.html
    https://curl.se/docs/CVE-2022-27775.html
    https://curl.se/docs/CVE-2022-27776.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
  (* Security fix *)
This commit is contained in:
Patrick J Volkerding 2022-04-27 21:43:51 +00:00 committed by Eric Hameleers
parent dfafa37940
commit cf5d757506
7 changed files with 277 additions and 35 deletions

View file

@ -11,9 +11,35 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
<pubDate>Mon, 25 Apr 2022 20:55:17 GMT</pubDate>
<lastBuildDate>Tue, 26 Apr 2022 11:29:53 GMT</lastBuildDate>
<pubDate>Wed, 27 Apr 2022 21:43:51 GMT</pubDate>
<lastBuildDate>Thu, 28 Apr 2022 11:29:38 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
<title>Wed, 27 Apr 2022 21:43:51 GMT</title>
<pubDate>Wed, 27 Apr 2022 21:43:51 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20220427214351</link>
<guid isPermaLink="false">20220427214351</guid>
<description>
<![CDATA[<pre>
patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
OAUTH2 bearer bypass in connection re-use.
Credential leak on redirect.
Bad local IPv6 connection reuse.
Auth/cookie leak on redirect.
For more information, see:
https://curl.se/docs/CVE-2022-22576.html
https://curl.se/docs/CVE-2022-27774.html
https://curl.se/docs/CVE-2022-27775.html
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
(* Security fix *)
</pre>]]>
</description>
</item>
<item>
<title>Mon, 25 Apr 2022 20:55:17 GMT</title>
<pubDate>Mon, 25 Apr 2022 20:55:17 GMT</pubDate>

View file

@ -1,3 +1,21 @@
Wed Apr 27 21:43:51 UTC 2022
patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
OAUTH2 bearer bypass in connection re-use.
Credential leak on redirect.
Bad local IPv6 connection reuse.
Auth/cookie leak on redirect.
For more information, see:
https://curl.se/docs/CVE-2022-22576.html
https://curl.se/docs/CVE-2022-27774.html
https://curl.se/docs/CVE-2022-27775.html
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
(* Security fix *)
+--------------------------+
Mon Apr 25 20:55:17 UTC 2022
patches/packages/freerdp-2.7.0-x86_64-1_slack15.0.txz: Upgraded.
This update is a security and maintenance release.

View file

@ -1,20 +1,20 @@
Mon Apr 25 20:58:18 UTC 2022
Wed Apr 27 21:49:27 UTC 2022
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
drwxr-xr-x 12 root root 4096 2022-04-25 20:55 .
drwxr-xr-x 12 root root 4096 2022-04-27 21:43 .
-rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0
-rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r-- 1 root root 1133909 2022-04-21 19:15 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2022-04-21 19:15 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 1134482 2022-04-25 20:58 ./CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2022-04-25 20:58 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r-- 1 root root 1888901 2022-04-25 20:55 ./ChangeLog.txt
-rw-r--r-- 1 root root 1889697 2022-04-27 21:43 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r-- 1 root root 1480036 2022-04-21 19:15 ./FILELIST.TXT
-rw-r--r-- 1 root root 1480802 2022-04-25 20:58 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT
@ -737,13 +737,13 @@ drwxr-xr-x 2 root root 4096 2008-05-07 05:21 ./pasture/source/php/pear
-rwxr-xr-x 1 root root 9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild
-rw-r--r-- 1 root root 775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz
-rw-r--r-- 1 root root 830 2005-12-09 05:18 ./pasture/source/php/slack-desc
drwxr-xr-x 4 root root 4096 2022-04-25 20:58 ./patches
-rw-r--r-- 1 root root 32126 2022-04-25 20:58 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2022-04-25 20:58 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 43016 2022-04-25 20:58 ./patches/FILE_LIST
-rw-r--r-- 1 root root 11231034 2022-04-25 20:58 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 23449 2022-04-25 20:58 ./patches/PACKAGES.TXT
drwxr-xr-x 3 root root 12288 2022-04-25 20:58 ./patches/packages
drwxr-xr-x 4 root root 4096 2022-04-27 21:49 ./patches
-rw-r--r-- 1 root root 32688 2022-04-27 21:49 ./patches/CHECKSUMS.md5
-rw-r--r-- 1 root root 163 2022-04-27 21:49 ./patches/CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 43779 2022-04-27 21:49 ./patches/FILE_LIST
-rw-r--r-- 1 root root 11261702 2022-04-27 21:49 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 24183 2022-04-27 21:49 ./patches/PACKAGES.TXT
drwxr-xr-x 3 root root 12288 2022-04-27 21:49 ./patches/packages
-rw-r--r-- 1 root root 327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt
-rw-r--r-- 1 root root 10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc
@ -762,6 +762,9 @@ drwxr-xr-x 3 root root 12288 2022-04-25 20:58 ./patches/packages
-rw-r--r-- 1 root root 367 2022-04-03 19:25 ./patches/packages/ca-certificates-20220403-noarch-1_slack15.0.txt
-rw-r--r-- 1 root root 131392 2022-04-03 19:25 ./patches/packages/ca-certificates-20220403-noarch-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-04-03 19:25 ./patches/packages/ca-certificates-20220403-noarch-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 552 2022-04-27 18:36 ./patches/packages/curl-7.83.0-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 1293220 2022-04-27 18:36 ./patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-04-27 18:36 ./patches/packages/curl-7.83.0-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 373 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 993108 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-02-24 19:12 ./patches/packages/cyrus-sasl-2.1.28-x86_64-1_slack15.0.txz.asc
@ -862,7 +865,7 @@ drwxr-xr-x 2 root root 4096 2022-03-09 04:17 ./patches/packages/linux-5.15
-rw-r--r-- 1 root root 388 2022-03-28 19:09 ./patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 105204 2022-03-28 19:09 ./patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-03-28 19:09 ./patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz.asc
drwxr-xr-x 34 root root 4096 2022-04-25 20:55 ./patches/source
drwxr-xr-x 35 root root 4096 2022-04-27 19:34 ./patches/source
drwxr-xr-x 2 root root 4096 2022-01-16 05:07 ./patches/source/aaa_base
-rw-r--r-- 1 root root 11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz
-rwxr-xr-x 1 root root 3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild
@ -923,6 +926,12 @@ drwxr-xr-x 2 root root 4096 2022-04-03 19:24 ./patches/source/ca-certifica
-rw-r--r-- 1 root root 128 2012-09-11 21:12 ./patches/source/ca-certificates/setup.11.cacerts
-rw-r--r-- 1 root root 829 2019-02-26 23:30 ./patches/source/ca-certificates/slack-desc
-rw-r--r-- 1 root root 229 2019-02-26 20:33 ./patches/source/ca-certificates/update-ca-certificates.c_rehash.diff.gz
drwxr-xr-x 2 root root 4096 2022-04-27 18:29 ./patches/source/curl
-rw-r--r-- 1 root root 2472560 2022-04-27 06:17 ./patches/source/curl/curl-7.83.0.tar.xz
-rw-r--r-- 1 root root 488 2022-04-27 06:17 ./patches/source/curl/curl-7.83.0.tar.xz.asc
-rwxr-xr-x 1 root root 4861 2022-04-27 18:34 ./patches/source/curl/curl.SlackBuild
-rw-r--r-- 1 root root 30 2018-04-20 16:49 ./patches/source/curl/curl.url
-rw-r--r-- 1 root root 1004 2019-02-06 21:57 ./patches/source/curl/slack-desc
drwxr-xr-x 2 root root 4096 2022-02-24 19:09 ./patches/source/cyrus-sasl
-rw-r--r-- 1 root root 1577929 2022-02-22 18:04 ./patches/source/cyrus-sasl/cyrus-sasl-2.1.28.tar.lz
-rwxr-xr-x 1 root root 4575 2022-02-24 19:11 ./patches/source/cyrus-sasl/cyrus-sasl.SlackBuild

View file

@ -0,0 +1,11 @@
curl: curl (command line URL data transfer tool)
curl:
curl: Curl is a command line tool for transferring data specified with URL
curl: syntax. The command is designed to work without user interaction or
curl: any kind of interactivity. Curl offers a busload of useful tricks
curl: like proxy support, user authentication, ftp upload, HTTP post, SSL
curl: (https:) connections, cookies, file transfer resume and more.
curl:
curl: libcurl is a library that Curl uses to do its job. It is readily
curl: available to be used by your software, too.
curl:

View file

@ -0,0 +1,158 @@
#!/bin/bash
# Copyright 2008, 2009, 2010, 2011, 2013, 2014, 2016, 2017, 2018, 2020, 2021 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=curl
VERSION=${VERSION:-$(echo curl-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1_slack15.0}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) export ARCH=i586 ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
TMP=${TMP:-/tmp}
PKG=$TMP/package-curl
# Set this variable to "--without-ssl" to build a no-SSL version:
SSLOPT=${SSLOPT:-"--with-openssl"}
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
rm -rf $PKG
mkdir -p $PKG
cd $TMP
rm -rf curl-$VERSION
tar xvf $CWD/curl-$VERSION.tar.xz || exit 1
cd curl-$VERSION || exit 1
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
CFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--mandir=/usr/man \
--with-libssh2 \
--with-gssapi \
--enable-ares \
--enable-static=no \
--without-ca-bundle \
--with-ca-path=/etc/ssl/certs \
$SSLOPT || exit 1
make $NUMJOBS || make || exit 1
make install DESTDIR=$PKG || exit 1
# Don't ship .la files:
rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
# We have always installed the man3 documentation, so we'll keep doing it
# even though these are no longer installed by default. No || exit 1, if
# it works, it works, and if it doesn't, we tried.
( cd docs/libcurl
make install-man3 DESTDIR=$PKG
cd opts
make install-man3 DESTDIR=$PKG
)
# We don't ship the related perl script (yet):
rm -f $PKG/usr/man/man1/mk-ca-bundle.1
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
strip -g $PKG/usr/lib${LIBDIRSUFFIX}/libcurl.a
mkdir -p $PKG/usr/doc/curl-$VERSION
cp -a \
COPYING* README* UPGRADE \
$PKG/usr/doc/curl-$VERSION
( cd docs
cp -a \
BUGS CONTRIBUTE FAQ FEATURES INSTALL INTERNALS MANUAL README* RESOURCES THANKS TODO examples \
$PKG/usr/doc/curl-$VERSION )
# Get rid of .deps cruft:
rm -rf $PKG/usr/doc/curl-$VERSION/examples/.deps
# If there's a CHANGES file, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r CHANGES ]; then
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
cat CHANGES | head -n 1000 > $DOCSDIR/ChangeLog
touch -r CHANGES $DOCSDIR/ChangeLog
fi
# Compress and if needed symlink the man pages:
if [ -d $PKG/usr/man ]; then
( cd $PKG/usr/man
for manpagedir in $(find . -type d -name "man*") ; do
( cd $manpagedir
for eachpage in $( find . -type l -maxdepth 1) ; do
ln -s $( readlink $eachpage ).gz $eachpage.gz
rm $eachpage
done
gzip -9 *.?
)
done
)
fi
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $TMP/curl-$VERSION-$ARCH-$BUILD.txz

View file

@ -0,0 +1 @@
https://curl.haxx.se/download

View file

@ -0,0 +1,19 @@
# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|'
# on the right side marks the last column you can put a character in. You must
# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
curl: curl (command line URL data transfer tool)
curl:
curl: Curl is a command line tool for transferring data specified with URL
curl: syntax. The command is designed to work without user interaction or
curl: any kind of interactivity. Curl offers a busload of useful tricks
curl: like proxy support, user authentication, ftp upload, HTTP post, SSL
curl: (https:) connections, cookies, file transfer resume and more.
curl:
curl: libcurl is a library that Curl uses to do its job. It is readily
curl: available to be used by your software, too.
curl: