Commit graph

199 commits

Author SHA1 Message Date
Patrick J Volkerding
b0fcf677c3 Mon Sep 18 18:40:04 UTC 2023
patches/packages/netatalk-3.1.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Validate data type in dalloc_value_for_key(). This flaw could allow a
  malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
  execute arbitrary code.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-42464
  (* Security fix *)
2023-09-19 13:30:40 +02:00
Patrick J Volkerding
5672ded1ee Fri Sep 15 19:48:39 UTC 2023
patches/packages/python3-3.9.18-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass
  of the TLS handshake and included protections (like certificate verification)
  and treating sent unencrypted data as if it were post-handshake TLS encrypted
  data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-40217
  (* Security fix *)
2023-09-16 13:39:10 +02:00
Patrick J Volkerding
41dd70fad9 Thu Sep 14 21:10:50 UTC 2023
patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz:  Upgraded.
  Security fix for lossless decoder (chromium: #1479274, CVE-2023-4863).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4863
  (* Security fix *)
2023-09-15 13:30:41 +02:00
Patrick J Volkerding
1c8e67398a Wed Sep 13 01:32:01 UTC 2023
patches/packages/mozilla-firefox-115.2.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.2.1/releasenotes/
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.2.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.2.1/releasenotes/
2023-09-13 13:30:41 +02:00
Patrick J Volkerding
466ae7e51f Mon Sep 11 20:19:30 UTC 2023
patches/packages/openssl-1.1.1w-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue that does not affect Linux:
  Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4807
patches/packages/openssl-solibs-1.1.1w-x86_64-1_slack15.0.txz:  Upgraded.
patches/packages/vim-9.0.1897-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed three use-after-free security issues.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4733
    https://www.cve.org/CVERecord?id=CVE-2023-4752
    https://www.cve.org/CVERecord?id=CVE-2023-4750
  (* Security fix *)
patches/packages/vim-gvim-9.0.1897-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed three use-after-free security issues.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-4733
    https://www.cve.org/CVERecord?id=CVE-2023-4752
    https://www.cve.org/CVERecord?id=CVE-2023-4750
  (* Security fix *)
2023-09-12 13:39:43 +02:00
Patrick J Volkerding
38f09f634f Sun Sep 3 19:37:21 UTC 2023
patches/packages/rocs-21.12.1-x86_64-2_slack15.0.txz:  Rebuilt.
  Fix crash on startup. Thanks to Lockywolf and ponce.
2023-09-04 13:30:46 +02:00
Patrick J Volkerding
7089a162f8 Wed Aug 30 21:58:04 UTC 2023
patches/packages/mozilla-firefox-115.2.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.2.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-36/
    https://www.cve.org/CVERecord?id=CVE-2023-4573
    https://www.cve.org/CVERecord?id=CVE-2023-4574
    https://www.cve.org/CVERecord?id=CVE-2023-4575
    https://www.cve.org/CVERecord?id=CVE-2023-4576
    https://www.cve.org/CVERecord?id=CVE-2023-4577
    https://www.cve.org/CVERecord?id=CVE-2023-4051
    https://www.cve.org/CVERecord?id=CVE-2023-4578
    https://www.cve.org/CVERecord?id=CVE-2023-4053
    https://www.cve.org/CVERecord?id=CVE-2023-4580
    https://www.cve.org/CVERecord?id=CVE-2023-4581
    https://www.cve.org/CVERecord?id=CVE-2023-4582
    https://www.cve.org/CVERecord?id=CVE-2023-4583
    https://www.cve.org/CVERecord?id=CVE-2023-4584
    https://www.cve.org/CVERecord?id=CVE-2023-4585
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.2.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.2.0/releasenotes/
  (* Security fix *)
2023-08-31 13:30:36 +02:00
Patrick J Volkerding
1676c6978a Wed Aug 16 20:45:00 UTC 2023
patches/packages/mozilla-thunderbird-115.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.1/releasenotes/
2023-08-17 13:30:35 +02:00
Patrick J Volkerding
8db417d304 Mon Aug 14 19:04:41 UTC 2023
patches/packages/mariadb-10.5.22-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://mariadb.com/kb/en/mariadb-10-5-22-changelog/
2023-08-15 13:30:34 +02:00
Patrick J Volkerding
d32f6bcf5a Mon Aug 7 19:22:02 UTC 2023
extra/php80/php80-8.0.30-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Security issue with external entity loading in XML without enabling it.
  Missing error check and insufficient random bytes in HTTP Digest
  authentication for SOAP.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247
  (* Security fix *)
patches/packages/vim-9.0.1678-x86_64-1_slack15.0.txz:  Upgraded.
  Applied the last patches from Bram Moolenaar.
  RIP Bram, and thanks for your great work on VIM and your kindness to the
  orphan children in Uganda.
  If you'd like to honor Bram with a donation to his charity, please visit:
  https://iccf-holland.org/
patches/packages/vim-gvim-9.0.1678-x86_64-1_slack15.0.txz:  Upgraded.
2023-08-08 13:30:34 +02:00
Patrick J Volkerding
79e6c8efb8 Fri Aug 4 20:17:36 UTC 2023
extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
  loading in XML without enabling it).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3823
  (* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz:  Added.
  We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
    https://www.cve.org/CVERecord?id=CVE-2023-4045
    https://www.cve.org/CVERecord?id=CVE-2023-4046
    https://www.cve.org/CVERecord?id=CVE-2023-4047
    https://www.cve.org/CVERecord?id=CVE-2023-4048
    https://www.cve.org/CVERecord?id=CVE-2023-4049
    https://www.cve.org/CVERecord?id=CVE-2023-4050
    https://www.cve.org/CVERecord?id=CVE-2023-4052
    https://www.cve.org/CVERecord?id=CVE-2023-4054
    https://www.cve.org/CVERecord?id=CVE-2023-4055
    https://www.cve.org/CVERecord?id=CVE-2023-4056
    https://www.cve.org/CVERecord?id=CVE-2023-4057
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz:  Upgraded.
  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
  branch because Windows has made changes that break Samba 4.15.x. The last
  4.15.x will be retained in /pasture as a fallback. There may be some
  required configuration changes with this, but we've kept using MIT Kerberos
  to try to have the behavior change as little as possible. Upgrade carefully.
  This update fixes security issues:
  When winbind is used for NTLM authentication, a maliciously crafted request
  can trigger an out-of-bounds read in winbind and possibly crash it.
  SMB2 packet signing is not enforced if an admin configured
  "server signing = required" or for SMB2 connections to Domain Controllers
  where SMB2 packet signing is mandatory.
  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
  triggered by an unauthenticated attacker by issuing a malformed RPC request.
  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
  used by an unauthenticated attacker to trigger a process crash in a shared
  RPC mdssvc worker process.
  As part of the Spotlight protocol Samba discloses the server-side absolute
  path of shares and files and directories in search results.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2127.html
    https://www.samba.org/samba/security/CVE-2023-3347.html
    https://www.samba.org/samba/security/CVE-2023-34966.html
    https://www.samba.org/samba/security/CVE-2023-34967.html
    https://www.samba.org/samba/security/CVE-2023-34968.html
    https://www.cve.org/CVERecord?id=CVE-2022-2127
    https://www.cve.org/CVERecord?id=CVE-2023-3347
    https://www.cve.org/CVERecord?id=CVE-2023-34966
    https://www.cve.org/CVERecord?id=CVE-2023-34967
    https://www.cve.org/CVERecord?id=CVE-2023-34968
  (* Security fix *)
2023-08-05 13:30:38 +02:00
Patrick J Volkerding
af3a1b13c3 Tue Aug 1 19:50:53 UTC 2023
patches/packages/openssl-1.1.1v-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Fix excessive time spent checking DH q parameter value.
  Fix DH_check() excessive time with over sized modulus.
  For more information, see:
    https://www.openssl.org/news/secadv/20230731.txt
    https://www.openssl.org/news/secadv/20230719.txt
    https://www.cve.org/CVERecord?id=CVE-2023-3817
    https://www.cve.org/CVERecord?id=CVE-2023-3446
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1v-x86_64-1_slack15.0.txz:  Upgraded.
2023-08-02 13:30:35 +02:00
Patrick J Volkerding
b64d3ecbf3 Mon Jul 31 21:52:46 UTC 2023
patches/packages/mozilla-thunderbird-102.13.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.13.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/
    https://www.cve.org/CVERecord?id=CVE-2023-3417
  (* Security fix *)
patches/packages/seamonkey-2.53.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.seamonkey-project.org/releases/seamonkey2.53.17
  (* Security fix *)
2023-08-01 13:30:32 +02:00
Patrick J Volkerding
b15eb44ef7 Wed Jul 26 19:26:39 UTC 2023
patches/packages/curl-8.2.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
testing/packages/mozilla-firefox-115.0.3esr-x86_64-1_slack15.0.txz:  Added.
  This seems good to go, but a little testing won't hurt.
testing/packages/mozilla-thunderbird-115.0.1-x86_64-1_slack15.0.txz:  Added.
  Here, like in -current, we're going to wait until upstream deems this ready
  to trigger the automatic update from earlier versions.
testing/packages/rust-1.70.0-x86_64-1_slack15.0.txz:  Added.
  This will replace the package in /extra/rust-for-mozilla/ when the 115.x
  versions of Firefox and Thunderbird become the main ones in Slackware 15.0.
2023-07-27 13:30:35 +02:00
Patrick J Volkerding
18a15de6ae Tue Jul 25 19:45:27 UTC 2023
patches/packages/kernel-firmware-20230725_b6ea35f-noarch-1.txz:  Upgraded.
  Restored license files and other documentation. Thanks to drumz.
2023-07-26 13:30:35 +02:00
Patrick J Volkerding
0ac01cde03 Mon Jul 24 22:07:56 UTC 2023
patches/packages/kernel-firmware-20230724_59fbffa-noarch-1.txz:  Upgraded.
  AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
  From Tavis Ormandy's annoucement of the issue:
    "The practical result here is that you can spy on the registers of other
    processes. No system calls or privileges are required.
    It works across virtual machines and affects all operating systems.
    I have written a poc for this issue that's fast enough to reconstruct
    keys and passwords as users log in."
  For more information, see:
    https://seclists.org/oss-sec/2023/q3/59
    https://www.cve.org/CVERecord?id=CVE-2023-20593
  (* Security fix *)
2023-07-25 13:30:36 +02:00
Patrick J Volkerding
7dde293aa0 Mon Jul 24 00:17:18 UTC 2023
patches/packages/whois-5.5.18-x86_64-1_slack15.0.txz:  Upgraded.
  Updated the .ga TLD server.
  Added new recovered IPv4 allocations.
  Removed the delegation of 43.0.0.0/8 to JPNIC.
  Removed 12 new gTLDs which are no longer active.
  Improved the man page source, courtesy of Bjarni Ingi Gislason.
  Added the .edu.za SLD server.
  Updated the .alt.za SLD server.
  Added the -ru and -su NIC handles servers.
2023-07-24 13:30:35 +02:00
Patrick J Volkerding
679a5342b0 Fri Jul 21 19:35:45 UTC 2023
patches/packages/ca-certificates-20230721-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
2023-07-22 13:30:33 +02:00
Patrick J Volkerding
b9cb99a88e Wed Jul 19 20:36:46 UTC 2023
patches/packages/curl-8.2.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  fopen race condition.
  For more information, see:
    https://curl.se/docs/CVE-2023-32001.html
    https://www.cve.org/CVERecord?id=CVE-2023-32001
  (* Security fix *)
patches/packages/openssh-9.3p2-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
  execution relating to PKCS#11 providers.
  The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
  execution via a forwarded agent socket if the following conditions are met:
  * Exploitation requires the presence of specific libraries on the victim
    system.
  * Remote exploitation requires that the agent was forwarded to an
    attacker-controlled system.
  Exploitation can also be prevented by starting ssh-agent(1) with an empty
  PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
  contains only specific provider libraries.
  This vulnerability was discovered and demonstrated to be exploitable by the
  Qualys Security Advisory team.
  Potentially-incompatible changes:
  * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
  issued by remote clients by default. A flag has been added to restore the
  previous behaviour: "-Oallow-remote-pkcs11".
  For more information, see:
    https://www.openssh.com/txt/release-9.3p2
    https://www.cve.org/CVERecord?id=CVE-2023-38408
  (* Security fix *)
2023-07-21 13:30:33 +02:00
Patrick J Volkerding
1b65c2bfe3 Mon Jul 17 19:17:19 UTC 2023
patches/packages/sudo-1.9.14p2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-07-18 13:30:35 +02:00
Patrick J Volkerding
08b21a9944 Wed Jul 12 20:41:16 UTC 2023
patches/packages/krb5-1.19.2-x86_64-4_slack15.0.txz:  Rebuilt.
  Fix potential uninitialized pointer free in kadm5 XDR parsing.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-36054
  (* Security fix *)
patches/packages/sudo-1.9.14p1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-07-13 13:30:36 +02:00
Patrick J Volkerding
3b203b36ef Fri Jul 7 23:06:07 UTC 2023
patches/packages/mozilla-thunderbird-102.13.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.13.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/
    https://www.cve.org/CVERecord?id=CVE-2023-37201
    https://www.cve.org/CVERecord?id=CVE-2023-37202
    https://www.cve.org/CVERecord?id=CVE-2023-37207
    https://www.cve.org/CVERecord?id=CVE-2023-37208
    https://www.cve.org/CVERecord?id=CVE-2023-37211
  (* Security fix *)
2023-07-08 13:30:33 +02:00
Patrick J Volkerding
60f93d86ab Tue Jul 4 20:26:12 UTC 2023
patches/packages/mozilla-firefox-102.13.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.13.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-23/
    https://www.cve.org/CVERecord?id=CVE-2023-37201
    https://www.cve.org/CVERecord?id=CVE-2023-37202
    https://www.cve.org/CVERecord?id=CVE-2023-37207
    https://www.cve.org/CVERecord?id=CVE-2023-37208
    https://www.cve.org/CVERecord?id=CVE-2023-37211
  (* Security fix *)
2023-07-05 13:30:32 +02:00
Patrick J Volkerding
57f9e5505b Mon Jun 26 19:44:44 UTC 2023
patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz:  Rebuilt.
  This update fixes a bug and adds a new feature:
  Re-add support for the DHCP_IPADDR parameter from rc.inet1.conf.
  Expand the help text for DHCP_IPADDR in rc.inet1.conf.
  Add support for a DHCP_OPTS parameter.
  Thanks to ljb643 and Darren 'Tadgy' Austin.
patches/packages/vim-9.0.1667-x86_64-1_slack15.0.txz:  Upgraded.
  This fixes a rare divide-by-zero bug that could cause vim to crash. In an
  interactive program such as vim, I can't really see this qualifying as a
  security issue, but since it was brought up as such on LQ we'll just go
  along with it this time. :)
  Thanks to marav for the heads-up.
  (* Security fix *)
patches/packages/vim-gvim-9.0.1667-x86_64-1_slack15.0.txz:  Upgraded.
2023-06-27 13:30:30 +02:00
Patrick J Volkerding
f6bfd21627 Sat Jun 24 00:16:22 UTC 2023
patches/packages/linux-5.15.117/*:  Upgraded.
  We're going to back up one version to avoid an amdgpu regression in 5.15.118.
  If you're already using 5.15.118 without issues, feel free to stick with it.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
2023-06-24 13:30:39 +02:00
Patrick J Volkerding
34bab33421 Thu Jun 22 19:07:50 UTC 2023
patches/packages/cups-2.4.6-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use-after-free when logging warnings in case of failures
  in cupsdAcceptClient().
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-34241
  (* Security fix *)
2023-06-23 13:30:32 +02:00
Patrick J Volkerding
5f7ce6cd72 Thu Jun 15 18:59:33 UTC 2023
patches/packages/libX11-1.8.6-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes buffer overflows in InitExt.c that could at least cause
  the client to crash due to memory corruption.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3138
  (* Security fix *)
2023-06-16 13:30:31 +02:00
Patrick J Volkerding
f867575c66 Wed Jun 14 21:43:32 UTC 2023
patches/packages/cups-2.4.5-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/ksh93-1.0.6-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-06-15 13:30:29 +02:00
Patrick J Volkerding
e23d784811 Fri Jun 9 01:06:21 UTC 2023
extra/php81/php81-8.1.20-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.20
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.12.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.12.0/releasenotes/
  (* Security fix *)
patches/packages/python3-3.9.17-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  urllib.parse.urlsplit() now strips leading C0 control and space characters
  following the specification for URLs defined by WHATWG.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-24329
  (* Security fix *)
2023-06-09 13:30:37 +02:00
Patrick J Volkerding
da0323f6eb Wed Jun 7 21:12:41 UTC 2023
patches/packages/cups-2.4.4-x86_64-1_slack15.0.txz:  Upgraded.
  This update is a hotfix for a segfault in cupsGetNamedDest(), when caller
  tries to find the default destination and the default destination is not set
  on the machine.
patches/packages/ksh93-1.0.5_20230607_9b251344-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix and robustness enhancement release.
  Thanks to McDutchie for the great work!
  Thanks to pghvlaans for improvements to the build script.
2023-06-08 13:30:33 +02:00
Patrick J Volkerding
372badc1d4 Tue Jun 6 20:26:59 UTC 2023
extra/sendmail/sendmail-8.17.2-x86_64-2_slack15.0.txz:  Rebuilt.
  Recompiled without -DUSE_EAI or ICU libraries as this experimental option
  is still leading to regressions.
extra/sendmail/sendmail-cf-8.17.2-noarch-2_slack15.0.txz:  Rebuilt.
patches/packages/mozilla-firefox-102.12.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.12.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-19/
    https://www.cve.org/CVERecord?id=CVE-2023-34414
    https://www.cve.org/CVERecord?id=CVE-2023-34416
  (* Security fix *)
patches/packages/ntp-4.2.8p17-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-06-07 13:30:31 +02:00
Patrick J Volkerding
d839987e86 Sun Jun 4 19:16:13 UTC 2023
extra/sendmail/sendmail-8.17.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
extra/sendmail/sendmail-cf-8.17.2-noarch-1_slack15.0.txz:  Upgraded.
patches/packages/libmilter-8.17.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-06-05 13:39:22 +02:00
Patrick J Volkerding
3f544e903a Fri Jun 2 20:56:35 UTC 2023
patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
  cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
  attacker to launch a denial of service (DoS) attack, or possibly execute
  arbirary code.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32324
  (* Security fix *)
patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-26551
    https://www.cve.org/CVERecord?id=CVE-2023-26552
    https://www.cve.org/CVERecord?id=CVE-2023-26553
    https://www.cve.org/CVERecord?id=CVE-2023-26554
    https://www.cve.org/CVERecord?id=CVE-2023-26555
  (* Security fix *)
2023-06-03 13:30:32 +02:00
Patrick J Volkerding
f33a393b0f Wed May 31 01:29:12 UTC 2023
patches/packages/curl-8.1.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/openssl-1.1.1u-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Possible DoS translating ASN.1 object identifiers.
  For more information, see:
    https://www.openssl.org/news/secadv/20230530.txt
    https://www.cve.org/CVERecord?id=CVE-2023-2650
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1u-x86_64-1_slack15.0.txz:  Upgraded.
2023-05-31 13:30:29 +02:00
Patrick J Volkerding
c1766a73e4 Sat May 27 20:42:29 UTC 2023
patches/packages/mozilla-thunderbird-102.11.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.11.2/releasenotes/
2023-05-28 13:30:27 +02:00
Patrick J Volkerding
51a1adf992 Thu May 25 19:04:56 UTC 2023
patches/packages/mozilla-thunderbird-102.11.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.11.1/releasenotes/
patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed vulnerabilities that may allow an attacker using a maliciously
  crafted NTFS-formatted image file or external storage to potentially
  execute arbitrary privileged code or cause a denial of service.
  Thanks to opty.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40284
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
  (* Security fix *)
2023-05-26 13:30:27 +02:00
Patrick J Volkerding
73b668742a Thu May 25 00:24:33 UTC 2023
patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
  compiling a TeX file obtained from an untrusted source. This occurs
  because luatex-core.lua lets the original io.popen be accessed. This also
  affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
  Thanks to Johannes Schoepfer.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32700
  (* Security fix *)
2023-05-25 13:30:31 +02:00
Patrick J Volkerding
8e0b115ff3 Mon May 22 19:05:02 UTC 2023
patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  0-byte UDP payload causes Denial of Service.
  Insufficient randomness in generation of DNS query IDs.
  Buffer Underwrite in ares_inet_net_pton().
  AutoTools does not set CARES_RANDOM_FILE during cross compilation.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32067
    https://www.cve.org/CVERecord?id=CVE-2023-31147
    https://www.cve.org/CVERecord?id=CVE-2023-31130
    https://www.cve.org/CVERecord?id=CVE-2023-31124
  (* Security fix *)
2023-05-23 13:30:29 +02:00
Patrick J Volkerding
837ec54cfe Fri May 19 18:59:24 UTC 2023
patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz:  Upgraded.
  [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
  With execv() command line arguments are passed as separate strings and
  not the full command line in a single string. This prevents arbitrary
  command execution by escaping the quoting of the arguments in a job
  with forged job title.
  Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-24805
  (* Security fix *)
2023-05-20 13:39:15 +02:00
Patrick J Volkerding
907d5f4ae7 Wed May 17 20:59:51 UTC 2023
patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  more POST-after-PUT confusion.
  IDN wildcard match.
  siglongjmp race condition.
  UAF in SSH sha256 fingerprint check.
  For more information, see:
    https://curl.se/docs/CVE-2023-28322.html
    https://curl.se/docs/CVE-2023-28321.html
    https://curl.se/docs/CVE-2023-28320.html
    https://curl.se/docs/CVE-2023-28319.html
    https://www.cve.org/CVERecord?id=CVE-2023-28322
    https://www.cve.org/CVERecord?id=CVE-2023-28321
    https://www.cve.org/CVERecord?id=CVE-2023-28320
    https://www.cve.org/CVERecord?id=CVE-2023-28319
  (* Security fix *)
patches/packages/bind-9.16.41-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
testing/packages/bind-9.18.15-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-05-18 13:30:28 +02:00
Patrick J Volkerding
b011fbb2cd Wed May 10 23:42:53 UTC 2023
patches/packages/mozilla-thunderbird-102.11.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.11.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/
    https://www.cve.org/CVERecord?id=CVE-2023-32206
    https://www.cve.org/CVERecord?id=CVE-2023-32207
    https://www.cve.org/CVERecord?id=CVE-2023-32211
    https://www.cve.org/CVERecord?id=CVE-2023-32212
    https://www.cve.org/CVERecord?id=CVE-2023-32213
    https://www.cve.org/CVERecord?id=CVE-2023-32214
    https://www.cve.org/CVERecord?id=CVE-2023-32215
  (* Security fix *)
2023-05-11 13:30:34 +02:00
Patrick J Volkerding
816b4dfd10 Tue May 9 20:11:22 UTC 2023
patches/packages/mozilla-firefox-102.11.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-17/
    https://www.cve.org/CVERecord?id=CVE-2023-32205
    https://www.cve.org/CVERecord?id=CVE-2023-32206
    https://www.cve.org/CVERecord?id=CVE-2023-32207
    https://www.cve.org/CVERecord?id=CVE-2023-32211
    https://www.cve.org/CVERecord?id=CVE-2023-32212
    https://www.cve.org/CVERecord?id=CVE-2023-32213
    https://www.cve.org/CVERecord?id=CVE-2023-32214
    https://www.cve.org/CVERecord?id=CVE-2023-32215
  (* Security fix *)
2023-05-10 13:30:32 +02:00
Patrick J Volkerding
30471e5bcd Sat May 6 19:01:04 UTC 2023
patches/packages/ca-certificates-20230506-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
2023-05-07 13:30:32 +02:00
Patrick J Volkerding
023fbe6eef Thu May 4 19:02:58 UTC 2023
patches/packages/libssh-0.10.5-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  A NULL dereference during rekeying with algorithm guessing.
  A possible authorization bypass in pki_verify_data_signature under
  low-memory conditions.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-1667
    https://www.cve.org/CVERecord?id=CVE-2023-2283
  (* Security fix *)
2023-05-05 13:39:54 +02:00
Patrick J Volkerding
9fce1d7977 Wed May 3 19:33:18 UTC 2023
patches/packages/whois-5.5.17-x86_64-1_slack15.0.txz:  Upgraded.
  Added the .cd TLD server.
  Updated the -kg NIC handles server name.
  Removed 2 new gTLDs which are no longer active.
2023-05-04 13:30:36 +02:00
Patrick J Volkerding
9e1144117c Mon May 1 20:22:43 UTC 2023
patches/packages/netatalk-3.1.15-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues, including a critical vulnerability that
  allows remote attackers to execute arbitrary code on affected installations
  of Netatalk. Authentication is not required to exploit this vulnerability.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-43634
    https://www.cve.org/CVERecord?id=CVE-2022-45188
  (* Security fix *)
2023-05-02 13:30:34 +02:00
Patrick J Volkerding
2093f0f263 Tue Apr 25 21:20:19 UTC 2023
patches/packages/git-2.35.8-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  By feeding specially crafted input to `git apply --reject`, a
  path outside the working tree can be overwritten with partially
  controlled contents (corresponding to the rejected hunk(s) from
  the given patch).
  When Git is compiled with runtime prefix support and runs without
  translated messages, it still used the gettext machinery to
  display messages, which subsequently potentially looked for
  translated messages in unexpected places. This allowed for
  malicious placement of crafted messages.
  When renaming or deleting a section from a configuration file,
  certain malicious configuration values may be misinterpreted as
  the beginning of a new configuration section, leading to arbitrary
  configuration injection.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-25652
    https://www.cve.org/CVERecord?id=CVE-2023-25815
    https://www.cve.org/CVERecord?id=CVE-2023-29007
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.10.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.10.1/releasenotes/
2023-04-26 13:30:34 +02:00
Patrick J Volkerding
3a86ead054 Wed Apr 19 19:17:14 UTC 2023
patches/packages/bind-9.16.40-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
testing/packages/bind-9.18.14-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2023-04-20 13:40:07 +02:00
Patrick J Volkerding
314bf21acc Thu Apr 13 01:10:27 UTC 2023
patches/packages/mozilla-thunderbird-102.10.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.10.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#MFSA-TMP-2023-0001
    https://www.cve.org/CVERecord?id=CVE-2023-29531
    https://www.cve.org/CVERecord?id=CVE-2023-29532
    https://www.cve.org/CVERecord?id=CVE-2023-29533
    https://www.cve.org/CVERecord?id=CVE-2023-29535
    https://www.cve.org/CVERecord?id=CVE-2023-29536
    https://www.cve.org/CVERecord?id=CVE-2023-0547
    https://www.cve.org/CVERecord?id=CVE-2023-29479
    https://www.cve.org/CVERecord?id=CVE-2023-29539
    https://www.cve.org/CVERecord?id=CVE-2023-29541
    https://www.cve.org/CVERecord?id=CVE-2023-29542
    https://www.cve.org/CVERecord?id=CVE-2023-29545
    https://www.cve.org/CVERecord?id=CVE-2023-1945
    https://www.cve.org/CVERecord?id=CVE-2023-29548
    https://www.cve.org/CVERecord?id=CVE-2023-29550
  (* Security fix *)
2023-04-13 13:30:36 +02:00
Patrick J Volkerding
364385c492 Tue Apr 11 18:49:02 UTC 2023
patches/packages/mozilla-firefox-102.10.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.10.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-14
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#MFSA-TMP-2023-0001
    https://www.cve.org/CVERecord?id=CVE-2023-29531
    https://www.cve.org/CVERecord?id=CVE-2023-29532
    https://www.cve.org/CVERecord?id=CVE-2023-29533
    https://www.cve.org/CVERecord?id=CVE-2023-29535
    https://www.cve.org/CVERecord?id=CVE-2023-29536
    https://www.cve.org/CVERecord?id=CVE-2023-29539
    https://www.cve.org/CVERecord?id=CVE-2023-29541
    https://www.cve.org/CVERecord?id=CVE-2023-29545
    https://www.cve.org/CVERecord?id=CVE-2023-1945
    https://www.cve.org/CVERecord?id=CVE-2023-29548
    https://www.cve.org/CVERecord?id=CVE-2023-29550
  (* Security fix *)
2023-04-12 13:30:39 +02:00