Commit graph

1308 commits

Author SHA1 Message Date
Patrick J Volkerding
4989eb7599 Sat Nov 18 19:26:33 UTC 2023
patches/packages/ca-certificates-20231117-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
2023-11-19 13:30:32 +01:00
Patrick J Volkerding
65d9c1e075 Thu Nov 16 20:51:47 UTC 2023
patches/packages/gegl-0.4.46-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release, needed by the GIMP upgrade.
patches/packages/gimp-2.10.36-x86_64-1_slack15.0.txz:  Upgraded.
  This release fixes security issues:
  If a user loads a malicious DDS, PSD, or PSP file, this could result in a
  program crash or possibly the execution of arbitrary code.
  Please note that this package also requires the updated gegl package.
  Thanks to henca for the heads-up.
  For more information, see:
    https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1592/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1593/
    https://www.zerodayinitiative.com/advisories/ZDI-23-1594/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444
  (* Security fix *)
2023-11-17 13:30:41 +01:00
Patrick J Volkerding
2aa4bf659d Wed Nov 15 22:01:26 UTC 2023
patches/packages/mozilla-thunderbird-115.4.3-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.3/releasenotes/
2023-11-16 13:39:48 +01:00
Patrick J Volkerding
808e02a014 Tue Nov 14 21:22:47 UTC 2023
patches/packages/mariadb-10.5.23-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Vulnerability allows high privileged attacker with network access via
  multiple protocols to compromise the server. Successful attacks of this
  vulnerability can result in unauthorized ability to cause a hang or
  frequently repeatable crash.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
  (* Security fix *)
2023-11-15 13:30:44 +01:00
Patrick J Volkerding
3dc2470097 Mon Nov 13 19:20:40 UTC 2023
extra/tigervnc/tigervnc-1.12.0-x86_64-4_slack15.0.txz:  Rebuilt.
  Recompiled against xorg-server-1.20.14, including patches for several
  security issues. Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-3550
    https://www.cve.org/CVERecord?id=CVE-2022-3551
    https://www.cve.org/CVERecord?id=CVE-2022-3553
    https://www.cve.org/CVERecord?id=CVE-2022-4283
    https://www.cve.org/CVERecord?id=CVE-2022-46340
    https://www.cve.org/CVERecord?id=CVE-2022-46341
    https://www.cve.org/CVERecord?id=CVE-2022-46342
    https://www.cve.org/CVERecord?id=CVE-2022-46343
    https://www.cve.org/CVERecord?id=CVE-2022-46344
    https://www.cve.org/CVERecord?id=CVE-2023-0494
    https://www.cve.org/CVERecord?id=CVE-2023-1393
    https://www.cve.org/CVERecord?id=CVE-2023-5367
    https://www.cve.org/CVERecord?id=CVE-2023-5380
  (* Security fix *)
2023-11-14 13:30:39 +01:00
Patrick J Volkerding
048a0f1ff7 Fri Nov 10 18:46:44 UTC 2023
patches/packages/whois-5.5.20-x86_64-1_slack15.0.txz:  Upgraded.
  Added the .gn TLD server.
  Removed 6 new gTLDs which are no longer active.
2023-11-11 13:30:40 +01:00
Patrick J Volkerding
4f54aa8e51 Wed Nov 8 22:04:25 UTC 2023
patches/packages/mozilla-thunderbird-115.4.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.2/releasenotes/
patches/packages/sudo-1.9.15p1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release:
  Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers
  from being able to read the ldap.conf file.
2023-11-09 13:30:50 +01:00
Patrick J Volkerding
206ee03fe7 Tue Nov 7 19:57:12 UTC 2023
patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txz:  Upgraded.
  The sudoers plugin has been modified to make it more resilient to ROWHAMMER
  attacks on authentication and policy matching.
  The sudoers plugin now constructs the user time stamp file path name using
  the user-ID instead of the user name. This avoids a potential problem with
  user names that contain a path separator ('/') being interpreted as part of
  the path name.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-42465
    https://www.cve.org/CVERecord?id=CVE-2023-42456
  (* Security fix *)
2023-11-08 13:30:36 +01:00
Patrick J Volkerding
6142170248 Tue Oct 31 18:49:18 UTC 2023
extra/php81/php81-8.1.25-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.25
2023-11-01 13:30:19 +01:00
Patrick J Volkerding
61c8c898a8 Thu Oct 26 19:55:16 UTC 2023
patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
    https://www.cve.org/CVERecord?id=CVE-2023-5721
    https://www.cve.org/CVERecord?id=CVE-2023-5732
    https://www.cve.org/CVERecord?id=CVE-2023-5724
    https://www.cve.org/CVERecord?id=CVE-2023-5725
    https://www.cve.org/CVERecord?id=CVE-2023-5726
    https://www.cve.org/CVERecord?id=CVE-2023-5727
    https://www.cve.org/CVERecord?id=CVE-2023-5728
    https://www.cve.org/CVERecord?id=CVE-2023-5730
  (* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  Use-after-free bug in DestroyWindow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
    https://www.cve.org/CVERecord?id=CVE-2023-5380
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
  (* Security fix *)
2023-10-27 13:30:41 +02:00
Patrick J Volkerding
6f3fcdc1d3 Tue Oct 24 22:26:20 UTC 2023
patches/packages/mozilla-firefox-115.4.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.4.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-46/
    https://www.cve.org/CVERecord?id=CVE-2023-5721
    https://www.cve.org/CVERecord?id=CVE-2023-5732
    https://www.cve.org/CVERecord?id=CVE-2023-5724
    https://www.cve.org/CVERecord?id=CVE-2023-5725
    https://www.cve.org/CVERecord?id=CVE-2023-5726
    https://www.cve.org/CVERecord?id=CVE-2023-5727
    https://www.cve.org/CVERecord?id=CVE-2023-5728
    https://www.cve.org/CVERecord?id=CVE-2023-5730
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.0/releasenotes/
patches/packages/vim-9.0.2063-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use-after-free security issue.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-5535
  (* Security fix *)
patches/packages/vim-gvim-9.0.2063-x86_64-1_slack15.0.txz:  Upgraded.
2023-10-25 13:30:39 +02:00
Patrick J Volkerding
fabd0327d1 Sun Oct 22 19:30:42 UTC 2023
patches/packages/LibRaw-0.20.2-x86_64-4_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  A Buffer Overflow vulnerability was found in LibRaw_buffer_datastream::
  gets(char*, int), which could lead to privilege escalation or application
  crash.
  A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
  application crash by maliciously crafted input file.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-32142
    https://www.cve.org/CVERecord?id=CVE-2023-1729
  (* Security fix *)
2023-10-23 13:30:40 +02:00
Patrick J Volkerding
6f8267e616 Thu Oct 19 19:14:05 UTC 2023
patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed
  right away on RST.
  low: mod_macro buffer over-read.
  low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.58
    https://www.cve.org/CVERecord?id=CVE-2023-45802
    https://www.cve.org/CVERecord?id=CVE-2023-31122
    https://www.cve.org/CVERecord?id=CVE-2023-43622
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.3.3-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.3/releasenotes/
2023-10-20 13:30:46 +02:00
Patrick J Volkerding
4940fc9a42 Tue Oct 17 19:34:56 UTC 2023
patches/packages/util-linux-2.37.4-x86_64-2_slack15.0.txz:  Rebuilt.
  Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's
  '-h' option, used (for example) by telnetd. If -h is used without
  /etc/pam.d/remote, pam will not be configured properly, and /etc/securetty
  will be ignored, possibly allowing root to login from a tty that is not
  considered secure. Of course, the usual disclaimers about the security of
  telnet/telnetd apply.
  Thanks to HytronBG and Petri Kaukasoina.
  (* Security fix *)
2023-10-18 13:30:40 +02:00
Patrick J Volkerding
8587721dc4 Wed Oct 11 22:22:40 UTC 2023
patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a crash bug (a crafted file defining width of zero leads to divide by
  zero and a crash). Seems to be merely a bug rather than a security issue, but
  I'd been meaning to get beta20 building so this was a good excuse.
  Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-0856
  (* Security fix *)
2023-10-12 13:30:43 +02:00
Patrick J Volkerding
3923d6b15d Tue Oct 10 19:27:56 UTC 2023
patches/packages/libcue-2.2.1-x86_64-4_slack15.0.txz:  Rebuilt.
  Fixed a bug which could allow memory corruption resulting in arbitrary
  code execution.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-43641
  (* Security fix *)
patches/packages/libnotify-0.8.3-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains a critical stability/minor security update which
  affects Electron applications that utilize Portal notifications (eg,
  through Flatpak). It is highly recommended that all users of libnotify
  0.8.x update to this release.
  (* Security fix *)
2023-10-11 13:30:18 +02:00
Patrick J Volkerding
8e8992f064 Mon Oct 9 18:10:01 UTC 2023
patches/packages/wayland-1.22.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/whois-5.5.19-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed english support for Japanese queries to not add again the /e argument
  if it had already been provided by the user. (Closes: #1050171)
  Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers.
  Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy,
  .a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao)
  TLD servers.
  Upgraded the TLD URLs to HTTPS whenever possible.
  Updated the charset for whois.jprs.jp.
  Removed 3 new gTLDs which are no longer active.
  Removed support for the obsolete as32 dot notation.
2023-10-10 13:30:39 +02:00
Patrick J Volkerding
6f6a8c672a Fri Oct 6 21:28:34 UTC 2023
patches/packages/netatalk-3.1.18-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Harden create_appledesktop_folder().
  For more information, see:
    https://netatalk.sourceforge.io/CVE-2022-22995.php
    https://www.cve.org/CVERecord?id=CVE-2022-22995
  (* Security fix *)
2023-10-07 13:30:36 +02:00
Patrick J Volkerding
2e4c4aae36 Tue Oct 3 22:19:10 UTC 2023
patches/packages/libX11-1.8.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  libX11: out-of-bounds memory access in _XkbReadKeySyms().
  libX11: stack exhaustion from infinite recursion in PutSubImage().
  libX11: integer overflow in XCreateImage() leading to a heap overflow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43785
    https://www.cve.org/CVERecord?id=CVE-2023-43786
    https://www.cve.org/CVERecord?id=CVE-2023-43787
  (* Security fix *)
patches/packages/libXpm-3.5.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
  libXpm: out of bounds read on XPM with corrupted colormap.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003424.html
    https://www.cve.org/CVERecord?id=CVE-2023-43788
    https://www.cve.org/CVERecord?id=CVE-2023-43789
  (* Security fix *)
2023-10-04 13:30:38 +02:00
Patrick J Volkerding
fa0445dbfe Sat Sep 30 21:33:49 UTC 2023
patches/packages/libvpx-1.12.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains two security related fixes -- one each for VP8 and VP9.
  For more information, see:
    https://crbug.com/1486441
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.3.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains a security fix for a critical heap buffer overflow in
  the libvpx VP8 encoder.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
2023-10-01 13:30:39 +02:00
Patrick J Volkerding
c0d3f6fb28 Thu Sep 28 21:37:06 UTC 2023
extra/php81/php81-8.1.24-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.24
patches/packages/mozilla-firefox-115.3.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains a security fix.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
2023-09-29 13:39:40 +02:00
Patrick J Volkerding
1690d47026 Wed Sep 27 23:51:07 UTC 2023
patches/packages/mozilla-thunderbird-115.3.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.0/releasenotes/
2023-09-28 13:39:40 +02:00
Patrick J Volkerding
766af50fb1 Tue Sep 26 19:30:21 UTC 2023
patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/mozilla-firefox-115.3.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.3.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/
    https://www.cve.org/CVERecord?id=CVE-2023-5168
    https://www.cve.org/CVERecord?id=CVE-2023-5169
    https://www.cve.org/CVERecord?id=CVE-2023-5171
    https://www.cve.org/CVERecord?id=CVE-2023-5174
    https://www.cve.org/CVERecord?id=CVE-2023-5176
  (* Security fix *)
2023-09-27 13:30:41 +02:00
Patrick J Volkerding
9615afc308 Thu Sep 21 19:32:42 UTC 2023
patches/packages/bind-9.16.44-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Limit the amount of recursion that can be performed by isccc_cc_fromwire.
  For more information, see:
    https://kb.isc.org/docs/cve-2023-3341
    https://www.cve.org/CVERecord?id=CVE-2023-3341
  (* Security fix *)
patches/packages/cups-2.4.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Fixed Heap-based buffer overflow when reading Postscript in PPD files.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4504
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.2.3-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.2.3/releasenotes/
patches/packages/seamonkey-2.53.17.1-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.17.1
    https://www.cve.org/CVERecord?id=CVE-2023-4863
  (* Security fix *)
testing/packages/bind-9.18.19-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Limit the amount of recursion that can be performed by isccc_cc_fromwire.
  Fix use-after-free error in TLS DNS code when sending data.
  For more information, see:
    https://kb.isc.org/docs/cve-2023-3341
    https://www.cve.org/CVERecord?id=CVE-2023-3341
    https://kb.isc.org/docs/cve-2023-4236
    https://www.cve.org/CVERecord?id=CVE-2023-4236
  (* Security fix *)
2023-09-22 13:30:41 +02:00
Patrick J Volkerding
b0fcf677c3 Mon Sep 18 18:40:04 UTC 2023
patches/packages/netatalk-3.1.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Validate data type in dalloc_value_for_key(). This flaw could allow a
  malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
  execute arbitrary code.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-42464
  (* Security fix *)
2023-09-19 13:30:40 +02:00
Patrick J Volkerding
5672ded1ee Fri Sep 15 19:48:39 UTC 2023
patches/packages/python3-3.9.18-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass
  of the TLS handshake and included protections (like certificate verification)
  and treating sent unencrypted data as if it were post-handshake TLS encrypted
  data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-40217
  (* Security fix *)
2023-09-16 13:39:10 +02:00
Patrick J Volkerding
41dd70fad9 Thu Sep 14 21:10:50 UTC 2023
patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz:  Upgraded.
  Security fix for lossless decoder (chromium: #1479274, CVE-2023-4863).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4863
  (* Security fix *)
2023-09-15 13:30:41 +02:00
Patrick J Volkerding
1c8e67398a Wed Sep 13 01:32:01 UTC 2023
patches/packages/mozilla-firefox-115.2.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.2.1/releasenotes/
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.2.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.2.1/releasenotes/
2023-09-13 13:30:41 +02:00
Patrick J Volkerding
466ae7e51f Mon Sep 11 20:19:30 UTC 2023
patches/packages/openssl-1.1.1w-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue that does not affect Linux:
  Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4807
patches/packages/openssl-solibs-1.1.1w-x86_64-1_slack15.0.txz:  Upgraded.
patches/packages/vim-9.0.1897-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed three use-after-free security issues.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4733
    https://www.cve.org/CVERecord?id=CVE-2023-4752
    https://www.cve.org/CVERecord?id=CVE-2023-4750
  (* Security fix *)
patches/packages/vim-gvim-9.0.1897-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed three use-after-free security issues.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4733
    https://www.cve.org/CVERecord?id=CVE-2023-4752
    https://www.cve.org/CVERecord?id=CVE-2023-4750
  (* Security fix *)
2023-09-12 13:39:43 +02:00
Patrick J Volkerding
38f09f634f Sun Sep 3 19:37:21 UTC 2023
patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txz:  Rebuilt.
  Fix crash on startup. Thanks to Lockywolf and ponce.
2023-09-04 13:30:46 +02:00
Patrick J Volkerding
43cd17b912 Fri Sep 1 20:16:14 UTC 2023
extra/php81/php81-8.1.23-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.23
2023-09-02 13:30:37 +02:00
Patrick J Volkerding
7089a162f8 Wed Aug 30 21:58:04 UTC 2023
patches/packages/mozilla-firefox-115.2.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.2.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-36/
    https://www.cve.org/CVERecord?id=CVE-2023-4573
    https://www.cve.org/CVERecord?id=CVE-2023-4574
    https://www.cve.org/CVERecord?id=CVE-2023-4575
    https://www.cve.org/CVERecord?id=CVE-2023-4576
    https://www.cve.org/CVERecord?id=CVE-2023-4577
    https://www.cve.org/CVERecord?id=CVE-2023-4051
    https://www.cve.org/CVERecord?id=CVE-2023-4578
    https://www.cve.org/CVERecord?id=CVE-2023-4053
    https://www.cve.org/CVERecord?id=CVE-2023-4580
    https://www.cve.org/CVERecord?id=CVE-2023-4581
    https://www.cve.org/CVERecord?id=CVE-2023-4582
    https://www.cve.org/CVERecord?id=CVE-2023-4583
    https://www.cve.org/CVERecord?id=CVE-2023-4584
    https://www.cve.org/CVERecord?id=CVE-2023-4585
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.2.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.2.0/releasenotes/
  (* Security fix *)
2023-08-31 13:30:36 +02:00
Patrick J Volkerding
1676c6978a Wed Aug 16 20:45:00 UTC 2023
patches/packages/mozilla-thunderbird-115.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.1/releasenotes/
2023-08-17 13:30:35 +02:00
Patrick J Volkerding
8db417d304 Mon Aug 14 19:04:41 UTC 2023
patches/packages/mariadb-10.5.22-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://mariadb.com/kb/en/mariadb-10-5-22-changelog/
2023-08-15 13:30:34 +02:00
Patrick J Volkerding
d32f6bcf5a Mon Aug 7 19:22:02 UTC 2023
extra/php80/php80-8.0.30-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Security issue with external entity loading in XML without enabling it.
  Missing error check and insufficient random bytes in HTTP Digest
  authentication for SOAP.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247
  (* Security fix *)
patches/packages/vim-9.0.1678-x86_64-1_slack15.0.txz:  Upgraded.
  Applied the last patches from Bram Moolenaar.
  RIP Bram, and thanks for your great work on VIM and your kindness to the
  orphan children in Uganda.
  If you'd like to honor Bram with a donation to his charity, please visit:
  https://iccf-holland.org/
patches/packages/vim-gvim-9.0.1678-x86_64-1_slack15.0.txz:  Upgraded.
2023-08-08 13:30:34 +02:00
Patrick J Volkerding
79e6c8efb8 Fri Aug 4 20:17:36 UTC 2023
extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
  loading in XML without enabling it).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3823
  (* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz:  Added.
  We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
    https://www.cve.org/CVERecord?id=CVE-2023-4045
    https://www.cve.org/CVERecord?id=CVE-2023-4046
    https://www.cve.org/CVERecord?id=CVE-2023-4047
    https://www.cve.org/CVERecord?id=CVE-2023-4048
    https://www.cve.org/CVERecord?id=CVE-2023-4049
    https://www.cve.org/CVERecord?id=CVE-2023-4050
    https://www.cve.org/CVERecord?id=CVE-2023-4052
    https://www.cve.org/CVERecord?id=CVE-2023-4054
    https://www.cve.org/CVERecord?id=CVE-2023-4055
    https://www.cve.org/CVERecord?id=CVE-2023-4056
    https://www.cve.org/CVERecord?id=CVE-2023-4057
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz:  Upgraded.
  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
  branch because Windows has made changes that break Samba 4.15.x. The last
  4.15.x will be retained in /pasture as a fallback. There may be some
  required configuration changes with this, but we've kept using MIT Kerberos
  to try to have the behavior change as little as possible. Upgrade carefully.
  This update fixes security issues:
  When winbind is used for NTLM authentication, a maliciously crafted request
  can trigger an out-of-bounds read in winbind and possibly crash it.
  SMB2 packet signing is not enforced if an admin configured
  "server signing = required" or for SMB2 connections to Domain Controllers
  where SMB2 packet signing is mandatory.
  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
  triggered by an unauthenticated attacker by issuing a malformed RPC request.
  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
  used by an unauthenticated attacker to trigger a process crash in a shared
  RPC mdssvc worker process.
  As part of the Spotlight protocol Samba discloses the server-side absolute
  path of shares and files and directories in search results.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2127.html
    https://www.samba.org/samba/security/CVE-2023-3347.html
    https://www.samba.org/samba/security/CVE-2023-34966.html
    https://www.samba.org/samba/security/CVE-2023-34967.html
    https://www.samba.org/samba/security/CVE-2023-34968.html
    https://www.cve.org/CVERecord?id=CVE-2022-2127
    https://www.cve.org/CVERecord?id=CVE-2023-3347
    https://www.cve.org/CVERecord?id=CVE-2023-34966
    https://www.cve.org/CVERecord?id=CVE-2023-34967
    https://www.cve.org/CVERecord?id=CVE-2023-34968
  (* Security fix *)
2023-08-05 13:30:38 +02:00
Patrick J Volkerding
af3a1b13c3 Tue Aug 1 19:50:53 UTC 2023
patches/packages/openssl-1.1.1v-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Fix excessive time spent checking DH q parameter value.
  Fix DH_check() excessive time with over sized modulus.
  For more information, see:
    https://www.openssl.org/news/secadv/20230731.txt
    https://www.openssl.org/news/secadv/20230719.txt
    https://www.cve.org/CVERecord?id=CVE-2023-3817
    https://www.cve.org/CVERecord?id=CVE-2023-3446
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1v-x86_64-1_slack15.0.txz:  Upgraded.
2023-08-02 13:30:35 +02:00
Patrick J Volkerding
b64d3ecbf3 Mon Jul 31 21:52:46 UTC 2023
patches/packages/mozilla-thunderbird-102.13.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.13.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/
    https://www.cve.org/CVERecord?id=CVE-2023-3417
  (* Security fix *)
patches/packages/seamonkey-2.53.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.17
  (* Security fix *)
2023-08-01 13:30:32 +02:00
Patrick J Volkerding
b15eb44ef7 Wed Jul 26 19:26:39 UTC 2023
patches/packages/curl-8.2.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
testing/packages/mozilla-firefox-115.0.3esr-x86_64-1_slack15.0.txz:  Added.
  This seems good to go, but a little testing won't hurt.
testing/packages/mozilla-thunderbird-115.0.1-x86_64-1_slack15.0.txz:  Added.
  Here, like in -current, we're going to wait until upstream deems this ready
  to trigger the automatic update from earlier versions.
testing/packages/rust-1.70.0-x86_64-1_slack15.0.txz:  Added.
  This will replace the package in /extra/rust-for-mozilla/ when the 115.x
  versions of Firefox and Thunderbird become the main ones in Slackware 15.0.
2023-07-27 13:30:35 +02:00
Patrick J Volkerding
18a15de6ae Tue Jul 25 19:45:27 UTC 2023
patches/packages/kernel-firmware-20230725_b6ea35f-noarch-1.txz:  Upgraded.
  Restored license files and other documentation. Thanks to drumz.
2023-07-26 13:30:35 +02:00
Patrick J Volkerding
0ac01cde03 Mon Jul 24 22:07:56 UTC 2023
patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz:  Upgraded.
  AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
  From Tavis Ormandy's annoucement of the issue:
    "The practical result here is that you can spy on the registers of other
    processes. No system calls or privileges are required.
    It works across virtual machines and affects all operating systems.
    I have written a poc for this issue that's fast enough to reconstruct
    keys and passwords as users log in."
  For more information, see:
    https://seclists.org/oss-sec/2023/q3/59
    https://www.cve.org/CVERecord?id=CVE-2023-20593
  (* Security fix *)
2023-07-25 13:30:36 +02:00
Patrick J Volkerding
7dde293aa0 Mon Jul 24 00:17:18 UTC 2023
patches/packages/whois-5.5.18-x86_64-1_slack15.0.txz:  Upgraded.
  Updated the .ga TLD server.
  Added new recovered IPv4 allocations.
  Removed the delegation of 43.0.0.0/8 to JPNIC.
  Removed 12 new gTLDs which are no longer active.
  Improved the man page source, courtesy of Bjarni Ingi Gislason.
  Added the .edu.za SLD server.
  Updated the .alt.za SLD server.
  Added the -ru and -su NIC handles servers.
2023-07-24 13:30:35 +02:00
Patrick J Volkerding
679a5342b0 Fri Jul 21 19:35:45 UTC 2023
patches/packages/ca-certificates-20230721-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
2023-07-22 13:30:33 +02:00
Patrick J Volkerding
b9cb99a88e Wed Jul 19 20:36:46 UTC 2023
patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  fopen race condition.
  For more information, see:
    https://curl.se/docs/CVE-2023-32001.html
    https://www.cve.org/CVERecord?id=CVE-2023-32001
  (* Security fix *)
patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
  execution relating to PKCS#11 providers.
  The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
  execution via a forwarded agent socket if the following conditions are met:
  * Exploitation requires the presence of specific libraries on the victim
    system.
  * Remote exploitation requires that the agent was forwarded to an
    attacker-controlled system.
  Exploitation can also be prevented by starting ssh-agent(1) with an empty
  PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
  contains only specific provider libraries.
  This vulnerability was discovered and demonstrated to be exploitable by the
  Qualys Security Advisory team.
  Potentially-incompatible changes:
  * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
  issued by remote clients by default. A flag has been added to restore the
  previous behaviour: "-Oallow-remote-pkcs11".
  For more information, see:
    https://www.openssh.com/txt/release-9.3p2
    https://www.cve.org/CVERecord?id=CVE-2023-38408
  (* Security fix *)
2023-07-21 13:30:33 +02:00
Patrick J Volkerding
1b65c2bfe3 Mon Jul 17 19:17:19 UTC 2023
patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-07-18 13:30:35 +02:00
Patrick J Volkerding
08b21a9944 Wed Jul 12 20:41:16 UTC 2023
patches/packages/krb5-1.19.2-x86_64-4_slack15.0.txz:  Rebuilt.
  Fix potential uninitialized pointer free in kadm5 XDR parsing.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-36054
  (* Security fix *)
patches/packages/sudo-1.9.14p1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-07-13 13:30:36 +02:00
Patrick J Volkerding
3b203b36ef Fri Jul 7 23:06:07 UTC 2023
patches/packages/mozilla-thunderbird-102.13.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.13.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/
    https://www.cve.org/CVERecord?id=CVE-2023-37201
    https://www.cve.org/CVERecord?id=CVE-2023-37202
    https://www.cve.org/CVERecord?id=CVE-2023-37207
    https://www.cve.org/CVERecord?id=CVE-2023-37208
    https://www.cve.org/CVERecord?id=CVE-2023-37211
  (* Security fix *)
2023-07-08 13:30:33 +02:00
Patrick J Volkerding
60f93d86ab Tue Jul 4 20:26:12 UTC 2023
patches/packages/mozilla-firefox-102.13.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.13.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-23/
    https://www.cve.org/CVERecord?id=CVE-2023-37201
    https://www.cve.org/CVERecord?id=CVE-2023-37202
    https://www.cve.org/CVERecord?id=CVE-2023-37207
    https://www.cve.org/CVERecord?id=CVE-2023-37208
    https://www.cve.org/CVERecord?id=CVE-2023-37211
  (* Security fix *)
2023-07-05 13:30:32 +02:00
Patrick J Volkerding
57f9e5505b Mon Jun 26 19:44:44 UTC 2023
patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz:  Rebuilt.
  This update fixes a bug and adds a new feature:
  Re-add support for the DHCP_IPADDR parameter from rc.inet1.conf.
  Expand the help text for DHCP_IPADDR in rc.inet1.conf.
  Add support for a DHCP_OPTS parameter.
  Thanks to ljb643 and Darren 'Tadgy' Austin.
patches/packages/vim-9.0.1667-x86_64-1_slack15.0.txz:  Upgraded.
  This fixes a rare divide-by-zero bug that could cause vim to crash. In an
  interactive program such as vim, I can't really see this qualifying as a
  security issue, but since it was brought up as such on LQ we'll just go
  along with it this time. :)
  Thanks to marav for the heads-up.
  (* Security fix *)
patches/packages/vim-gvim-9.0.1667-x86_64-1_slack15.0.txz:  Upgraded.
2023-06-27 13:30:30 +02:00
Patrick J Volkerding
f6bfd21627 Sat Jun 24 00:16:22 UTC 2023
patches/packages/linux-5.15.117/*:  Upgraded.
  We're going to back up one version to avoid an amdgpu regression in 5.15.118.
  If you're already using 5.15.118 without issues, feel free to stick with it.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
2023-06-24 13:30:39 +02:00