Tue Oct 18 20:29:54 UTC 2022

ap/vim-9.0.0790-x86_64-1.txz: Upgraded. d/ccache-4.7-x86_64-1.txz: Upgraded. d/git-2.38.1-x86_64-1.txz: Upgraded. This release fixes two security issues: * CVE-2022-39253: When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories that have symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default. * CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260 (* Security fix *) kde/bluedevil-5.26.1-x86_64-1.txz: Upgraded. kde/breeze-5.26.1-x86_64-1.txz: Upgraded. kde/breeze-grub-5.26.1-x86_64-1.txz: Upgraded. kde/breeze-gtk-5.26.1-x86_64-1.txz: Upgraded. kde/drkonqi-5.26.1-x86_64-1.txz: Upgraded. kde/kactivitymanagerd-5.26.1-x86_64-1.txz: Upgraded. kde/kde-cli-tools-5.26.1-x86_64-1.txz: Upgraded. kde/kde-gtk-config-5.26.1-x86_64-1.txz: Upgraded. kde/kdecoration-5.26.1-x86_64-1.txz: Upgraded. kde/kdeplasma-addons-5.26.1-x86_64-1.txz: Upgraded. kde/kgamma5-5.26.1-x86_64-1.txz: Upgraded. kde/khotkeys-5.26.1-x86_64-1.txz: Upgraded. kde/kinfocenter-5.26.1-x86_64-1.txz: Upgraded. kde/kmenuedit-5.26.1-x86_64-1.txz: Upgraded. kde/kpipewire-5.26.1-x86_64-1.txz: Upgraded. kde/kscreen-5.26.1-x86_64-1.txz: Upgraded. kde/kscreenlocker-5.26.1-x86_64-1.txz: Upgraded. kde/ksshaskpass-5.26.1-x86_64-1.txz: Upgraded. kde/ksystemstats-5.26.1-x86_64-1.txz: Upgraded. kde/kwallet-pam-5.26.1-x86_64-1.txz: Upgraded. kde/kwayland-integration-5.26.1-x86_64-1.txz: Upgraded. kde/kwin-5.26.1-x86_64-1.txz: Upgraded. kde/kwrited-5.26.1-x86_64-1.txz: Upgraded. kde/layer-shell-qt-5.26.1-x86_64-1.txz: Upgraded. kde/libkscreen-5.26.1-x86_64-1.txz: Upgraded. kde/libksysguard-5.26.1-x86_64-1.txz: Upgraded. kde/milou-5.26.1-x86_64-1.txz: Upgraded. kde/oxygen-5.26.1-x86_64-1.txz: Upgraded. kde/oxygen-sounds-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-browser-integration-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-desktop-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-disks-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-firewall-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-integration-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-nm-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-pa-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-sdk-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-systemmonitor-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-vault-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-workspace-5.26.1-x86_64-1.txz: Upgraded. kde/plasma-workspace-wallpapers-5.26.1-x86_64-1.txz: Upgraded. kde/polkit-kde-agent-1-5.26.1-x86_64-1.txz: Upgraded. kde/powerdevil-5.26.1-x86_64-1.txz: Upgraded. kde/qqc2-breeze-style-5.26.1-x86_64-1.txz: Upgraded. kde/sddm-kcm-5.26.1-x86_64-1.txz: Upgraded. kde/systemsettings-5.26.1-x86_64-1.txz: Upgraded. kde/xdg-desktop-portal-kde-5.26.1-x86_64-1.txz: Upgraded. l/libical-3.0.16-x86_64-1.txz: Upgraded. l/nodejs-19.0.0-x86_64-1.txz: Upgraded. n/NetworkManager-1.40.2-x86_64-1.txz: Upgraded. n/whois-5.5.14-x86_64-1.txz: Upgraded. x/libXmu-1.1.4-x86_64-1.txz: Upgraded. x/libXpresent-1.0.1-x86_64-1.txz: Upgraded. x/libpciaccess-0.17-x86_64-1.txz: Upgraded. x/libxkbfile-1.1.1-x86_64-1.txz: Upgraded. x/libxshmfence-1.3.1-x86_64-1.txz: Upgraded. x/pixman-0.42.0-x86_64-1.txz: Upgraded. x/xcb-util-cursor-0.1.4-x86_64-1.txz: Upgraded. xap/mozilla-firefox-106.0-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/106.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2022-44/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42930 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42931 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932 (* Security fix *) xap/vim-gvim-9.0.0790-x86_64-1.txz: Upgraded.
2024-12-26 09:58:59 +01:00 · 2022-10-18 20:29:54 +00:00 · 2022-10-18 20:29:54 +00:00 · f342454223
commit f342454223
parent 717971ecd6
10 changed files with 585 additions and 375 deletions
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@ -11,9 +11,118 @@
      <description>Tracking Slackware development in git.</description>
      <language>en-us</language>
      <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Mon, 17 Oct 2022 19:31:45 GMT</pubDate>
-      <lastBuildDate>Tue, 18 Oct 2022 05:00:16 GMT</lastBuildDate>
+      <pubDate>Tue, 18 Oct 2022 20:29:54 GMT</pubDate>
+      <lastBuildDate>Wed, 19 Oct 2022 05:00:54 GMT</lastBuildDate>
      <generator>maintain_current_git.sh v 1.17</generator>
+      <item>
+         <title>Tue, 18 Oct 2022 20:29:54 GMT</title>
+         <pubDate>Tue, 18 Oct 2022 20:29:54 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20221018202954</link>
+         <guid isPermaLink="false">20221018202954</guid>
+         <description>
+           <![CDATA[<pre>
+ap/vim-9.0.0790-x86_64-1.txz:  Upgraded.
+d/ccache-4.7-x86_64-1.txz:  Upgraded.
+d/git-2.38.1-x86_64-1.txz:  Upgraded.
+  This release fixes two security issues:
+  * CVE-2022-39253:
+  When relying on the `--local` clone optimization, Git dereferences
+  symbolic links in the source repository before creating hardlinks
+  (or copies) of the dereferenced link in the destination repository.
+  This can lead to surprising behavior where arbitrary files are
+  present in a repository's `$GIT_DIR` when cloning from a malicious
+  repository.
+  Git will no longer dereference symbolic links via the `--local`
+  clone mechanism, and will instead refuse to clone repositories that
+  have symbolic links present in the `$GIT_DIR/objects` directory.
+  Additionally, the value of `protocol.file.allow` is changed to be
+  "user" by default.
+  * CVE-2022-39260:
+  An overly-long command string given to `git shell` can result in
+  overflow in `split_cmdline()`, leading to arbitrary heap writes and
+  remote code execution when `git shell` is exposed and the directory
+  `$HOME/git-shell-commands` exists.
+  `git shell` is taught to refuse interactive commands that are
+  longer than 4MiB in size. `split_cmdline()` is hardened to reject
+  inputs larger than 2GiB.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
+  (* Security fix *)
+kde/bluedevil-5.26.1-x86_64-1.txz:  Upgraded.
+kde/breeze-5.26.1-x86_64-1.txz:  Upgraded.
+kde/breeze-grub-5.26.1-x86_64-1.txz:  Upgraded.
+kde/breeze-gtk-5.26.1-x86_64-1.txz:  Upgraded.
+kde/drkonqi-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kactivitymanagerd-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kde-cli-tools-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kde-gtk-config-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kdecoration-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kdeplasma-addons-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kgamma5-5.26.1-x86_64-1.txz:  Upgraded.
+kde/khotkeys-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kinfocenter-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kmenuedit-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kpipewire-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kscreen-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kscreenlocker-5.26.1-x86_64-1.txz:  Upgraded.
+kde/ksshaskpass-5.26.1-x86_64-1.txz:  Upgraded.
+kde/ksystemstats-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kwallet-pam-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kwayland-integration-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kwin-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kwrited-5.26.1-x86_64-1.txz:  Upgraded.
+kde/layer-shell-qt-5.26.1-x86_64-1.txz:  Upgraded.
+kde/libkscreen-5.26.1-x86_64-1.txz:  Upgraded.
+kde/libksysguard-5.26.1-x86_64-1.txz:  Upgraded.
+kde/milou-5.26.1-x86_64-1.txz:  Upgraded.
+kde/oxygen-5.26.1-x86_64-1.txz:  Upgraded.
+kde/oxygen-sounds-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-browser-integration-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-desktop-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-disks-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-firewall-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-integration-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-nm-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-pa-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-sdk-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-systemmonitor-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-vault-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-workspace-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-workspace-wallpapers-5.26.1-x86_64-1.txz:  Upgraded.
+kde/polkit-kde-agent-1-5.26.1-x86_64-1.txz:  Upgraded.
+kde/powerdevil-5.26.1-x86_64-1.txz:  Upgraded.
+kde/qqc2-breeze-style-5.26.1-x86_64-1.txz:  Upgraded.
+kde/sddm-kcm-5.26.1-x86_64-1.txz:  Upgraded.
+kde/systemsettings-5.26.1-x86_64-1.txz:  Upgraded.
+kde/xdg-desktop-portal-kde-5.26.1-x86_64-1.txz:  Upgraded.
+l/libical-3.0.16-x86_64-1.txz:  Upgraded.
+l/nodejs-19.0.0-x86_64-1.txz:  Upgraded.
+n/NetworkManager-1.40.2-x86_64-1.txz:  Upgraded.
+n/whois-5.5.14-x86_64-1.txz:  Upgraded.
+x/libXmu-1.1.4-x86_64-1.txz:  Upgraded.
+x/libXpresent-1.0.1-x86_64-1.txz:  Upgraded.
+x/libpciaccess-0.17-x86_64-1.txz:  Upgraded.
+x/libxkbfile-1.1.1-x86_64-1.txz:  Upgraded.
+x/libxshmfence-1.3.1-x86_64-1.txz:  Upgraded.
+x/pixman-0.42.0-x86_64-1.txz:  Upgraded.
+x/xcb-util-cursor-0.1.4-x86_64-1.txz:  Upgraded.
+xap/mozilla-firefox-106.0-x86_64-1.txz:  Upgraded.
+  This update contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/firefox/106.0/releasenotes/
+    https://www.mozilla.org/security/advisories/mfsa2022-44/
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42930
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42931
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932
+  (* Security fix *)
+xap/vim-gvim-9.0.0790-x86_64-1.txz:  Upgraded.
+           </pre>]]>
+         </description>
+      </item>
      <item>
         <title>Mon, 17 Oct 2022 19:31:45 GMT</title>
         <pubDate>Mon, 17 Oct 2022 19:31:45 GMT</pubDate>
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,3 +1,104 @@
+Tue Oct 18 20:29:54 UTC 2022
+ap/vim-9.0.0790-x86_64-1.txz:  Upgraded.
+d/ccache-4.7-x86_64-1.txz:  Upgraded.
+d/git-2.38.1-x86_64-1.txz:  Upgraded.
+  This release fixes two security issues:
+  * CVE-2022-39253:
+  When relying on the `--local` clone optimization, Git dereferences
+  symbolic links in the source repository before creating hardlinks
+  (or copies) of the dereferenced link in the destination repository.
+  This can lead to surprising behavior where arbitrary files are
+  present in a repository's `$GIT_DIR` when cloning from a malicious
+  repository.
+  Git will no longer dereference symbolic links via the `--local`
+  clone mechanism, and will instead refuse to clone repositories that
+  have symbolic links present in the `$GIT_DIR/objects` directory.
+  Additionally, the value of `protocol.file.allow` is changed to be
+  "user" by default.
+  * CVE-2022-39260:
+  An overly-long command string given to `git shell` can result in
+  overflow in `split_cmdline()`, leading to arbitrary heap writes and
+  remote code execution when `git shell` is exposed and the directory
+  `$HOME/git-shell-commands` exists.
+  `git shell` is taught to refuse interactive commands that are
+  longer than 4MiB in size. `split_cmdline()` is hardened to reject
+  inputs larger than 2GiB.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
+  (* Security fix *)
+kde/bluedevil-5.26.1-x86_64-1.txz:  Upgraded.
+kde/breeze-5.26.1-x86_64-1.txz:  Upgraded.
+kde/breeze-grub-5.26.1-x86_64-1.txz:  Upgraded.
+kde/breeze-gtk-5.26.1-x86_64-1.txz:  Upgraded.
+kde/drkonqi-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kactivitymanagerd-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kde-cli-tools-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kde-gtk-config-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kdecoration-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kdeplasma-addons-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kgamma5-5.26.1-x86_64-1.txz:  Upgraded.
+kde/khotkeys-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kinfocenter-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kmenuedit-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kpipewire-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kscreen-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kscreenlocker-5.26.1-x86_64-1.txz:  Upgraded.
+kde/ksshaskpass-5.26.1-x86_64-1.txz:  Upgraded.
+kde/ksystemstats-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kwallet-pam-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kwayland-integration-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kwin-5.26.1-x86_64-1.txz:  Upgraded.
+kde/kwrited-5.26.1-x86_64-1.txz:  Upgraded.
+kde/layer-shell-qt-5.26.1-x86_64-1.txz:  Upgraded.
+kde/libkscreen-5.26.1-x86_64-1.txz:  Upgraded.
+kde/libksysguard-5.26.1-x86_64-1.txz:  Upgraded.
+kde/milou-5.26.1-x86_64-1.txz:  Upgraded.
+kde/oxygen-5.26.1-x86_64-1.txz:  Upgraded.
+kde/oxygen-sounds-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-browser-integration-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-desktop-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-disks-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-firewall-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-integration-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-nm-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-pa-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-sdk-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-systemmonitor-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-vault-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-workspace-5.26.1-x86_64-1.txz:  Upgraded.
+kde/plasma-workspace-wallpapers-5.26.1-x86_64-1.txz:  Upgraded.
+kde/polkit-kde-agent-1-5.26.1-x86_64-1.txz:  Upgraded.
+kde/powerdevil-5.26.1-x86_64-1.txz:  Upgraded.
+kde/qqc2-breeze-style-5.26.1-x86_64-1.txz:  Upgraded.
+kde/sddm-kcm-5.26.1-x86_64-1.txz:  Upgraded.
+kde/systemsettings-5.26.1-x86_64-1.txz:  Upgraded.
+kde/xdg-desktop-portal-kde-5.26.1-x86_64-1.txz:  Upgraded.
+l/libical-3.0.16-x86_64-1.txz:  Upgraded.
+l/nodejs-19.0.0-x86_64-1.txz:  Upgraded.
+n/NetworkManager-1.40.2-x86_64-1.txz:  Upgraded.
+n/whois-5.5.14-x86_64-1.txz:  Upgraded.
+x/libXmu-1.1.4-x86_64-1.txz:  Upgraded.
+x/libXpresent-1.0.1-x86_64-1.txz:  Upgraded.
+x/libpciaccess-0.17-x86_64-1.txz:  Upgraded.
+x/libxkbfile-1.1.1-x86_64-1.txz:  Upgraded.
+x/libxshmfence-1.3.1-x86_64-1.txz:  Upgraded.
+x/pixman-0.42.0-x86_64-1.txz:  Upgraded.
+x/xcb-util-cursor-0.1.4-x86_64-1.txz:  Upgraded.
+xap/mozilla-firefox-106.0-x86_64-1.txz:  Upgraded.
+  This update contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/firefox/106.0/releasenotes/
+    https://www.mozilla.org/security/advisories/mfsa2022-44/
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42930
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42931
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932
+  (* Security fix *)
+xap/vim-gvim-9.0.0790-x86_64-1.txz:  Upgraded.
+--------------------------+
 Mon Oct 17 19:31:45 UTC 2022
 l/libqalculate-4.4.0-x86_64-1.txz:  Upgraded.
 l/netpbm-11.00.01-x86_64-1.txz:  Upgraded.
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
--- a/source/x/x11/build/libXmu
+++ b/source/x/x11/build/libXmu
@ -1 +1 @@
-3
+1
--- a/source/x/x11/build/libXpresent
+++ b/source/x/x11/build/libXpresent
@ -1 +1 @@
-4
+1
--- a/source/x/x11/build/libpciaccess
+++ b/source/x/x11/build/libpciaccess
@ -1 +1 @@
-3
+1
--- a/source/x/x11/build/libxkbfile
+++ b/source/x/x11/build/libxkbfile
@ -1 +1 @@
-3
+1
--- a/source/x/x11/build/libxshmfence
+++ b/source/x/x11/build/libxshmfence
@ -1 +1 @@
-4
+1
--- a/source/x/x11/build/pixman
+++ b/source/x/x11/build/pixman
@ -1 +1 @@
-3
+1
--- a/source/x/x11/build/xcb-util-cursor
+++ b/source/x/x11/build/xcb-util-cursor
@ -1 +1 @@
-4
+1