slackware-current

Miroirs/slackware-current

Fork 0

mirror of git://slackware.nl/current.git synced 2024-12-27 09:59:16 +01:00

Commit graph

Author	SHA1	Message	Date
Patrick J Volkerding	1e755d579a	Tue Oct 1 18:01:38 UTC 2024 Several ELF objects were found to have rpaths pointing into /tmp, a world writable directory. This could have allowed a local attacker to launch denial of service attacks or execute arbitrary code when the affected binaries are run by placing crafted ELF objects in the /tmp rpath location. All rpaths with an embedded /tmp path have been scrubbed from the binaries, and makepkg has gained a lint feature to detect these so that they won't creep back in. a/kernel-firmware-20241001_95bfe08-noarch-1.txz: Upgraded. a/kernel-generic-6.10.12-x86_64-1.txz: Upgraded. a/pkgtools-15.1-noarch-12.txz: Rebuilt. makepkg: when looking for ELF objects with --remove-rpaths or --remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part of the directory or filename. Also warn about /tmp rpaths after the package is built. ap/cups-2.4.11-x86_64-1.txz: Upgraded. ap/cups-browsed-2.0.1-x86_64-2.txz: Rebuilt. Mitigate security issue that could lead to a denial of service or the execution of arbitrary code. Rebuilt with --with-browseremoteprotocols=none to disable incoming connections, since this daemon has been shown to be insecure. If you actually use cups-browsed, be sure to install the new /etc/cups/cups-browsed.conf.new containing this line: BrowseRemoteProtocols none For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 (* Security fix ) d/kernel-headers-6.10.12-x86-1.txz: Upgraded. d/llvm-18.1.8-x86_64-3.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) d/luajit-2.1.1727621189-x86_64-1.txz: Upgraded. d/ruby-3.3.5-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) k/kernel-source-6.10.12-noarch-1.txz: Upgraded. kde/kimageformats-5.116.0-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. kde/kio-extras-23.08.5-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. kde/krita-5.2.5-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. kde/libindi-2.1.0-x86_64-1.txz: Upgraded. l/cryfs-0.10.3-x86_64-13.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) l/espeak-ng-1.51.1-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) l/ffmpeg-7.1-x86_64-1.txz: Upgraded. l/gegl-0.4.48-x86_64-3.txz: Rebuilt. Recompiled against openexr-3.3.0. l/gst-plugins-bad-free-1.24.8-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. l/imagemagick-7.1.1_38-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. l/libgsf-1.14.53-x86_64-1.txz: Upgraded. l/librsvg-2.58.5-x86_64-1.txz: Upgraded. l/libvncserver-0.9.14-x86_64-3.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) l/mozjs128-128.3.0esr-x86_64-1.txz: Upgraded. l/netpbm-11.08.00-x86_64-1.txz: Upgraded. l/opencv-4.10.0-x86_64-3.txz: Rebuilt. Recompiled against openexr-3.3.0. l/openexr-3.3.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/python-glad2-2.0.8-x86_64-1.txz: Upgraded. l/python-pyproject-hooks-1.2.0-x86_64-1.txz: Upgraded. l/spirv-llvm-translator-18.1.4-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) l/woff2-20231106_0f4d304-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) n/openobex-1.7.2-x86_64-6.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) x/marisa-0.2.6-x86_64-11.txz: Rebuilt. Remove rpaths from binaries. ( Security fix ) xap/gimp-2.10.38-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. xap/mozilla-firefox-128.3.0esr-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-47 https://www.cve.org/CVERecord?id=CVE-2024-9392 https://www.cve.org/CVERecord?id=CVE-2024-9393 https://www.cve.org/CVERecord?id=CVE-2024-9394 https://www.cve.org/CVERecord?id=CVE-2024-8900 https://www.cve.org/CVERecord?id=CVE-2024-9396 https://www.cve.org/CVERecord?id=CVE-2024-9397 https://www.cve.org/CVERecord?id=CVE-2024-9398 https://www.cve.org/CVERecord?id=CVE-2024-9399 https://www.cve.org/CVERecord?id=CVE-2024-9400 https://www.cve.org/CVERecord?id=CVE-2024-9401 https://www.cve.org/CVERecord?id=CVE-2024-9402 ( Security fix ) xap/xlockmore-5.80-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/: Upgraded. testing/packages/kernel-generic-6.11.1-x86_64-1.txz: Upgraded. testing/packages/kernel-headers-6.11.1-x86-1.txz: Upgraded. testing/packages/kernel-source-6.11.1-noarch-1.txz: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.	2024-10-01 22:04:37 +02:00
Patrick J Volkerding	34db2b9001	Thu Aug 15 20:07:37 UTC 2024 a/aaa_libraries-15.1-x86_64-33.txz: Rebuilt. Upgraded: libcares.so.2.18.0, libtdb.so.1.4.12. Added (temporarily): libboost_*.so.1.85.0. a/btrfs-progs-6.10.1-x86_64-1.txz: Upgraded. ap/cups-browsed-2.0.1-x86_64-1.txz: Upgraded. ap/cups-filters-2.0.1-x86_64-1.txz: Upgraded. kde/kig-23.08.5-x86_64-5.txz: Rebuilt. Recompiled against boost-1.86.0. kde/kopeninghours-23.08.5-x86_64-5.txz: Rebuilt. Recompiled against boost-1.86.0. l/boost-1.86.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/cryfs-0.10.3-x86_64-12.txz: Rebuilt. Recompiled against boost-1.86.0. l/enchant-2.8.2-x86_64-1.txz: Upgraded. n/gnutls-3.8.7.1-x86_64-1.txz: Upgraded. x/fcitx5-chinese-addons-5.1.6-x86_64-2.txz: Rebuilt. Recompiled against boost-1.86.0. x/libime-1.1.8-x86_64-2.txz: Rebuilt. Recompiled against boost-1.86.0.	2024-08-15 23:02:34 +02:00
Patrick J Volkerding	ff95264870	Fri Apr 26 20:12:32 UTC 2024 a/kernel-firmware-20240426_fc21f47-noarch-1.txz: Upgraded. ap/cups-2.4.7-x86_64-3.txz: Rebuilt. Rebuild using --with-rundir=/run/cups. ap/cups-browsed-2.0.0-x86_64-1.txz: Added. This is the CUPS/IPP print queue browser daemon, previously part of the cups-filters package. ap/cups-filters-2.0.0-x86_64-1.txz: Upgraded. l/libarchive-3.7.4-x86_64-1.txz: Upgraded. l/libcupsfilters-2.0.0-x86_64-1.txz: Added. This is required by cups-filters-2.0.0. l/libppd-2.0.0-x86_64-1.txz: Added. This is required by cups-filters-2.0.0. l/libproxy-0.5.6-x86_64-1.txz: Upgraded. x/wayland-protocols-1.36-noarch-1.txz: Upgraded. xap/mozilla-firefox-125.0.2-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-125.0-x86_64-1.txz: Upgraded. extra/rust-for-mozilla/rust-1.70.0-x86_64-4.txz: Removed.	2024-04-26 23:57:49 +02:00

Author

SHA1

Message

Date

Patrick J Volkerding

1e755d579a

Tue Oct 1 18:01:38 UTC 2024

Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
a/kernel-firmware-20241001_95bfe08-noarch-1.txz:  Upgraded.
a/kernel-generic-6.10.12-x86_64-1.txz:  Upgraded.
a/pkgtools-15.1-noarch-12.txz:  Rebuilt.
  makepkg: when looking for ELF objects with --remove-rpaths or
  --remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
  of the directory or filename.
  Also warn about /tmp rpaths after the package is built.
ap/cups-2.4.11-x86_64-1.txz:  Upgraded.
ap/cups-browsed-2.0.1-x86_64-2.txz:  Rebuilt.
  Mitigate security issue that could lead to a denial of service or
  the execution of arbitrary code.
  Rebuilt with --with-browseremoteprotocols=none to disable incoming
  connections, since this daemon has been shown to be insecure. If you
  actually use cups-browsed, be sure to install the new
  /etc/cups/cups-browsed.conf.new containing this line:
  BrowseRemoteProtocols none
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-47176
  (* Security fix *)
d/kernel-headers-6.10.12-x86-1.txz:  Upgraded.
d/llvm-18.1.8-x86_64-3.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
d/luajit-2.1.1727621189-x86_64-1.txz:  Upgraded.
d/ruby-3.3.5-x86_64-2.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
k/kernel-source-6.10.12-noarch-1.txz:  Upgraded.
kde/kimageformats-5.116.0-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
kde/kio-extras-23.08.5-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
kde/krita-5.2.5-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
kde/libindi-2.1.0-x86_64-1.txz:  Upgraded.
l/cryfs-0.10.3-x86_64-13.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
l/espeak-ng-1.51.1-x86_64-2.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
l/ffmpeg-7.1-x86_64-1.txz:  Upgraded.
l/gegl-0.4.48-x86_64-3.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
l/gst-plugins-bad-free-1.24.8-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
l/imagemagick-7.1.1_38-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
l/libgsf-1.14.53-x86_64-1.txz:  Upgraded.
l/librsvg-2.58.5-x86_64-1.txz:  Upgraded.
l/libvncserver-0.9.14-x86_64-3.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
l/mozjs128-128.3.0esr-x86_64-1.txz:  Upgraded.
l/netpbm-11.08.00-x86_64-1.txz:  Upgraded.
l/opencv-4.10.0-x86_64-3.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
l/openexr-3.3.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/python-glad2-2.0.8-x86_64-1.txz:  Upgraded.
l/python-pyproject-hooks-1.2.0-x86_64-1.txz:  Upgraded.
l/spirv-llvm-translator-18.1.4-x86_64-2.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
l/woff2-20231106_0f4d304-x86_64-2.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
n/openobex-1.7.2-x86_64-6.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
x/marisa-0.2.6-x86_64-11.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
xap/gimp-2.10.38-x86_64-2.txz:  Rebuilt.
  Recompiled against openexr-3.3.0.
xap/mozilla-firefox-128.3.0esr-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-47
    https://www.cve.org/CVERecord?id=CVE-2024-9392
    https://www.cve.org/CVERecord?id=CVE-2024-9393
    https://www.cve.org/CVERecord?id=CVE-2024-9394
    https://www.cve.org/CVERecord?id=CVE-2024-8900
    https://www.cve.org/CVERecord?id=CVE-2024-9396
    https://www.cve.org/CVERecord?id=CVE-2024-9397
    https://www.cve.org/CVERecord?id=CVE-2024-9398
    https://www.cve.org/CVERecord?id=CVE-2024-9399
    https://www.cve.org/CVERecord?id=CVE-2024-9400
    https://www.cve.org/CVERecord?id=CVE-2024-9401
    https://www.cve.org/CVERecord?id=CVE-2024-9402
  (* Security fix *)
xap/xlockmore-5.80-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/kernel-generic-6.11.1-x86_64-1.txz:  Upgraded.
testing/packages/kernel-headers-6.11.1-x86-1.txz:  Upgraded.
testing/packages/kernel-source-6.11.1-noarch-1.txz:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.

2024-10-01 22:04:37 +02:00

Patrick J Volkerding

34db2b9001

Thu Aug 15 20:07:37 UTC 2024

a/aaa_libraries-15.1-x86_64-33.txz:  Rebuilt.
  Upgraded:  libcares.so.2.18.0, libtdb.so.1.4.12.
  Added (temporarily):  libboost_*.so.1.85.0.
a/btrfs-progs-6.10.1-x86_64-1.txz:  Upgraded.
ap/cups-browsed-2.0.1-x86_64-1.txz:  Upgraded.
ap/cups-filters-2.0.1-x86_64-1.txz:  Upgraded.
kde/kig-23.08.5-x86_64-5.txz:  Rebuilt.
  Recompiled against boost-1.86.0.
kde/kopeninghours-23.08.5-x86_64-5.txz:  Rebuilt.
  Recompiled against boost-1.86.0.
l/boost-1.86.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/cryfs-0.10.3-x86_64-12.txz:  Rebuilt.
  Recompiled against boost-1.86.0.
l/enchant-2.8.2-x86_64-1.txz:  Upgraded.
n/gnutls-3.8.7.1-x86_64-1.txz:  Upgraded.
x/fcitx5-chinese-addons-5.1.6-x86_64-2.txz:  Rebuilt.
  Recompiled against boost-1.86.0.
x/libime-1.1.8-x86_64-2.txz:  Rebuilt.
  Recompiled against boost-1.86.0.

2024-08-15 23:02:34 +02:00

Patrick J Volkerding

ff95264870

Fri Apr 26 20:12:32 UTC 2024

a/kernel-firmware-20240426_fc21f47-noarch-1.txz:  Upgraded.
ap/cups-2.4.7-x86_64-3.txz:  Rebuilt.
  Rebuild using --with-rundir=/run/cups.
ap/cups-browsed-2.0.0-x86_64-1.txz:  Added.
  This is the CUPS/IPP print queue browser daemon, previously part of the
  cups-filters package.
ap/cups-filters-2.0.0-x86_64-1.txz:  Upgraded.
l/libarchive-3.7.4-x86_64-1.txz:  Upgraded.
l/libcupsfilters-2.0.0-x86_64-1.txz:  Added.
  This is required by cups-filters-2.0.0.
l/libppd-2.0.0-x86_64-1.txz:  Added.
  This is required by cups-filters-2.0.0.
l/libproxy-0.5.6-x86_64-1.txz:  Upgraded.
x/wayland-protocols-1.36-noarch-1.txz:  Upgraded.
xap/mozilla-firefox-125.0.2-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-125.0-x86_64-1.txz:  Upgraded.
extra/rust-for-mozilla/rust-1.70.0-x86_64-4.txz:  Removed.

2024-04-26 23:57:49 +02:00

3 commits