Sun Oct 22 19:30:42 UTC 2023

patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
  gets(char*, int), which could lead to privilege escalation or application
  crash.
  A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
  application crash by maliciously crafted input file.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-32142
    https://www.cve.org/CVERecord?id=CVE-2023-1729
  (* Security fix *)

ChangeLog.rss

@@ -11,9 +11,30 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Thu, 19 Oct 2023 19:14:05 GMT</pubDate>
+      <pubDate>Sun, 22 Oct 2023 19:30:42 GMT</pubDate>
-      <lastBuildDate>Fri, 20 Oct 2023 11:30:31 GMT</lastBuildDate>
+      <lastBuildDate>Mon, 23 Oct 2023 11:30:26 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.17</generator>
+      <item>
+         <title>Sun, 22 Oct 2023 19:30:42 GMT</title>
+         <pubDate>Sun, 22 Oct 2023 19:30:42 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20231022193042</link>
+         <guid isPermaLink="false">20231022193042</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz:  Rebuilt.
+  This update fixes security issues:
+  A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
+  gets(char*, int), which could lead to privilege escalation or application
+  crash.
+  A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
+  application crash by maliciously crafted input file.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2021-32142
+    https://www.cve.org/CVERecord?id=CVE-2023-1729
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
       <item>
          <title>Thu, 19 Oct 2023 19:14:05 GMT</title>
          <pubDate>Thu, 19 Oct 2023 19:14:05 GMT</pubDate>

ChangeLog.txt

@@ -1,3 +1,16 @@
+Sun Oct 22 19:30:42 UTC 2023
+patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz:  Rebuilt.
+  This update fixes security issues:
+  A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
+  gets(char*, int), which could lead to privilege escalation or application
+  crash.
+  A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
+  application crash by maliciously crafted input file.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2021-32142
+    https://www.cve.org/CVERecord?id=CVE-2023-1729
+  (* Security fix *)
++--------------------------+
 Thu Oct 19 19:14:05 UTC 2023
 patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz:  Upgraded.
   This update fixes bugs and security issues:

FILELIST.TXT

@@ -1,20 +1,20 @@
-Thu Oct 19 19:20:38 UTC 2023
+Sun Oct 22 19:33:29 UTC 2023
 
 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.
 
-drwxr-xr-x 12 root root      4096 2023-10-19 19:14 .
+drwxr-xr-x 12 root root      4096 2023-10-22 19:30 .
 -rw-r--r--  1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--  1 root root     16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
--rw-r--r--  1 root root   1194346 2023-10-17 19:38 ./CHECKSUMS.md5
+-rw-r--r--  1 root root   1194346 2023-10-19 19:20 ./CHECKSUMS.md5
--rw-r--r--  1 root root       163 2023-10-17 19:38 ./CHECKSUMS.md5.asc
+-rw-r--r--  1 root root       163 2023-10-19 19:20 ./CHECKSUMS.md5.asc
 -rw-r--r--  1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--  1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--  1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--  1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r--  1 root root   2054239 2023-10-19 19:14 ./ChangeLog.txt
+-rw-r--r--  1 root root   2054841 2023-10-22 19:30 ./ChangeLog.txt
 drwxr-xr-x  3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--  1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@@ -25,7 +25,7 @@ drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x  1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--  1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--  1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r--  1 root root   1561939 2023-10-17 19:37 ./FILELIST.TXT
+-rw-r--r--  1 root root   1561939 2023-10-19 19:20 ./FILELIST.TXT
 -rw-r--r--  1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--  1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--  1 root root      8034 2022-02-02 03:36 ./README.TXT
@@ -752,16 +752,19 @@ drwxr-xr-x  2 root root      4096 2022-12-17 19:52 ./pasture/source/samba
 -rw-r--r--  1 root root      7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
 -rw-r--r--  1 root root      7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
 -rw-r--r--  1 root root       536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
-drwxr-xr-x  4 root root      4096 2023-10-19 19:20 ./patches
+drwxr-xr-x  4 root root      4096 2023-10-22 19:33 ./patches
--rw-r--r--  1 root root     85550 2023-10-19 19:20 ./patches/CHECKSUMS.md5
+-rw-r--r--  1 root root     86255 2023-10-22 19:33 ./patches/CHECKSUMS.md5
--rw-r--r--  1 root root       163 2023-10-19 19:20 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--  1 root root       163 2023-10-22 19:33 ./patches/CHECKSUMS.md5.asc
--rw-r--r--  1 root root    116859 2023-10-19 19:20 ./patches/FILE_LIST
+-rw-r--r--  1 root root    117784 2023-10-22 19:33 ./patches/FILE_LIST
--rw-r--r--  1 root root  13182579 2023-10-19 19:20 ./patches/MANIFEST.bz2
+-rw-r--r--  1 root root  13178418 2023-10-22 19:33 ./patches/MANIFEST.bz2
--rw-r--r--  1 root root     61884 2023-10-19 19:20 ./patches/PACKAGES.TXT
+-rw-r--r--  1 root root     62618 2023-10-22 19:33 ./patches/PACKAGES.TXT
-drwxr-xr-x  3 root root     24576 2023-10-19 19:20 ./patches/packages
+drwxr-xr-x  3 root root     24576 2023-10-22 19:33 ./patches/packages
 -rw-r--r--  1 root root       360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
+-rw-r--r--  1 root root       551 2023-10-22 18:30 ./patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txt
+-rw-r--r--  1 root root    394492 2023-10-22 18:30 ./patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-10-22 18:30 ./patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz.asc
 -rw-r--r--  1 root root       327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt
 -rw-r--r--  1 root root     10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc
@@ -1057,12 +1060,19 @@ drwxr-xr-x  2 root root      4096 2023-06-23 18:50 ./patches/packages/linux-5.15
 -rw-r--r--  1 root root       463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 92 root root      4096 2023-10-19 19:13 ./patches/source
+drwxr-xr-x 93 root root      4096 2023-10-22 19:06 ./patches/source
 drwxr-xr-x  2 root root      4096 2023-09-26 19:22 ./patches/source/Cython
 -rw-r--r--  1 root root   1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
 -rwxr-xr-x  1 root root      3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
 -rw-r--r--  1 root root        36 2017-09-11 18:25 ./patches/source/Cython/Cython.url
 -rw-r--r--  1 root root       846 2018-02-27 06:13 ./patches/source/Cython/slack-desc
+drwxr-xr-x  2 root root      4096 2023-10-22 18:23 ./patches/source/LibRaw
+-rw-r--r--  1 root root       810 2023-10-22 18:22 ./patches/source/LibRaw/9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch
+-rw-r--r--  1 root root    675087 2020-10-15 05:18 ./patches/source/LibRaw/LibRaw-0.20.2.tar.lz
+-rwxr-xr-x  1 root root      4351 2023-10-22 18:27 ./patches/source/LibRaw/LibRaw.SlackBuild
+-rw-r--r--  1 root root        32 2020-10-15 02:03 ./patches/source/LibRaw/LibRaw.url
+-rw-r--r--  1 root root      1096 2023-10-22 18:22 ./patches/source/LibRaw/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49.patch
+-rw-r--r--  1 root root      1037 2019-11-10 02:53 ./patches/source/LibRaw/slack-desc
 drwxr-xr-x  2 root root      4096 2022-01-16 05:07 ./patches/source/aaa_base
 -rw-r--r--  1 root root     11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz
 -rwxr-xr-x  1 root root      3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild

patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txt

@@ -0,0 +1,11 @@
+LibRaw: LibRaw (library for decoding raw digital photos)
+LibRaw:
+LibRaw: LibRaw is a library for reading RAW files from digital photo cameras
+LibRaw: (CRW/CR2, NEF, RAF, DNG, MOS, KDC, DCR, etc, virtually all RAW formats
+LibRaw: are supported). It pays special attention to correct retrieval of data
+LibRaw: required for subsequent RAW conversion. The library is intended for
+LibRaw: embedding in RAW converters, data analyzers, and other programs using
+LibRaw: RAW files as the initial data.
+LibRaw:
+LibRaw: Homepage: https://www.libraw.org/
+LibRaw:

patches/source/LibRaw/9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch

@@ -0,0 +1,22 @@
+From 9ab70f6dca19229cb5caad7cc31af4e7501bac93 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Sat, 14 Jan 2023 18:32:59 +0300
+Subject: [PATCH] do not set shrink flag for 3/4 component images
+
+---
+ src/preprocessing/raw2image.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/preprocessing/raw2image.cpp b/src/preprocessing/raw2image.cpp
+index e65e2ad7..702cf290 100644
+--- a/src/preprocessing/raw2image.cpp
++++ b/src/preprocessing/raw2image.cpp
+@@ -43,6 +43,8 @@ void LibRaw::raw2image_start()
+ 
+   // adjust for half mode!
+   IO.shrink =
++	  !imgdata.rawdata.color4_image && !imgdata.rawdata.color3_image &&
++	  !imgdata.rawdata.float4_image && !imgdata.rawdata.float3_image &&
+       P1.filters &&
+       (O.half_size || ((O.threshold || O.aber[0] != 1 || O.aber[2] != 1)));
+ 

patches/source/LibRaw/LibRaw.SlackBuild

@@ -0,0 +1,138 @@
+#!/bin/bash
+
+# Copyright 2013, 2015, 2016, 2018, 2023  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2013  Eric Hameleers, Eindhoven, NL
+# All rights reserved.
+
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=LibRaw
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-4_slack15.0}
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+# Automatically determine the architecture we're building on:
+MARCH=$( uname -m )
+if [ -z "$ARCH" ]; then
+  case "$MARCH" in
+    i?86)    export ARCH=i586 ;;
+    armv7hl) export ARCH=$MARCH ;;
+    arm*)    export ARCH=arm ;;
+    # Unless $ARCH is already set, use uname -m for all other archs:
+    *)       export ARCH=$MARCH ;;
+  esac
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+  exit 0
+fi
+
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "armv7hl" ]; then
+  SLKCFLAGS="-O2 -march=armv7-a -mfpu=vfpv3-d16"
+  LIBDIRSUFFIX=""
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+case "$ARCH" in
+    arm*) TARGET=$ARCH-slackware-linux-gnueabi ;;
+    *)    TARGET=$ARCH-slackware-linux ;;
+esac
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+cd $TMP
+rm -rf $PKGNAM-$VERSION-build
+mkdir $PKGNAM-$VERSION-build
+cd $PKGNAM-$VERSION-build
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+# Don't use icecream:
+PATH=$(echo $PATH | sed "s|/usr/libexec/icecc/bin||g" | tr -s : | sed "s/^://g" | sed "s/:$//g")
+
+# CVE-2023-1729:
+cat $CWD/9ab70f6dca19229cb5caad7cc31af4e7501bac93.patch | patch -p1 --verbose || exit 1
+# CVE-2023-32142:
+cat $CWD/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49.patch | patch -p1 --verbose || exit 1
+
+autoreconf -vif
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --mandir=/usr/man \
+  --docdir=/usr/doc/$PKGNAM-$VERSION \
+  --disable-static \
+  --enable-jasper \
+  --enable-lcms \
+  --disable-examples \
+  --build=$TARGET || exit 1
+
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+find $PKG | xargs file | grep -e "executable" -e "shared object" \
+  | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
+cp -a \
+  COPYRIGHT Changelog.txt LICENSE* README* doc \
+  $PKG/usr/doc/$PKGNAM-$VERSION
+mv $PKG/usr/doc/$PKGNAM-$VERSION/doc $PKG/usr/doc/$PKGNAM-$VERSION/html
+find $PKG/usr/doc/$PKGNAM-$VERSION -type f -exec chmod 0644 {} \+
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz

patches/source/LibRaw/LibRaw.url

@@ -0,0 +1 @@
+https://www.libraw.org/download

patches/source/LibRaw/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49.patch

@@ -0,0 +1,37 @@
+From bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Mon, 12 Apr 2021 13:21:52 +0300
+Subject: [PATCH] check for input buffer size on datastream::gets
+
+---
+ src/libraw_datastream.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
+index a5c1a84a..a31ae9dd 100644
+--- a/src/libraw_datastream.cpp
++++ b/src/libraw_datastream.cpp
+@@ -287,6 +287,7 @@ INT64 LibRaw_file_datastream::tell()
+ 
+ char *LibRaw_file_datastream::gets(char *str, int sz)
+ {
++  if(sz<1) return NULL;
+   LR_STREAM_CHK();
+   std::istream is(f.get());
+   is.getline(str, sz);
+@@ -421,6 +422,7 @@ INT64 LibRaw_buffer_datastream::tell()
+ 
+ char *LibRaw_buffer_datastream::gets(char *s, int sz)
+ {
++  if(sz<1) return NULL;
+   unsigned char *psrc, *pdest, *str;
+   str = (unsigned char *)s;
+   psrc = buf + streampos;
+@@ -618,6 +620,7 @@ INT64 LibRaw_bigfile_datastream::tell()
+ 
+ char *LibRaw_bigfile_datastream::gets(char *str, int sz)
+ {
++  if(sz<1) return NULL;
+   LR_BF_CHK();
+   return fgets(str, sz, f);
+ }

patches/source/LibRaw/slack-desc

@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+      |-----handy-ruler------------------------------------------------------|
+LibRaw: LibRaw (library for decoding raw digital photos)
+LibRaw:
+LibRaw: LibRaw is a library for reading RAW files from digital photo cameras
+LibRaw: (CRW/CR2, NEF, RAF, DNG, MOS, KDC, DCR, etc, virtually all RAW formats
+LibRaw: are supported). It pays special attention to correct retrieval of data
+LibRaw: required for subsequent RAW conversion. The library is intended for
+LibRaw: embedding in RAW converters, data analyzers, and other programs using
+LibRaw: RAW files as the initial data.
+LibRaw:
+LibRaw: Homepage: https://www.libraw.org/
+LibRaw: