Commit graph

1397 commits

Author SHA1 Message Date
Patrick J Volkerding
b9a3a17045 Tue Jul 2 19:31:00 UTC 2024
patches/packages/httpd-2.4.60-x86_64-2_slack15.0.txz:  Rebuilt.
  This update is to fix a regression and to note security issues that were not
  listed in the CHANGES file included with the source code.
  Fixed a regression where a config file using AddType rather than AddHandler
  could cause raw PHP files to be downloaded rather than processed.
  Thanks to Nobby6.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.60
    https://www.cve.org/CVERecord?id=CVE-2024-39573
    https://www.cve.org/CVERecord?id=CVE-2024-38477
    https://www.cve.org/CVERecord?id=CVE-2024-38476
    https://www.cve.org/CVERecord?id=CVE-2024-38475
    https://www.cve.org/CVERecord?id=CVE-2024-38474
    https://www.cve.org/CVERecord?id=CVE-2024-38473
    https://www.cve.org/CVERecord?id=CVE-2024-38472
    https://www.cve.org/CVERecord?id=CVE-2024-36387
  (* Security fix *)
patches/packages/ksh93-1.0.9-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2024-07-03 13:30:51 +02:00
Patrick J Volkerding
6c760751d7 Mon Jul 1 20:12:46 UTC 2024
patches/packages/httpd-2.4.60-x86_64-1_slack15.0.txz:  Upgraded.
  This is the latest release from the Apache HTTP Server 2.4.x stable branch.
patches/packages/openssh-9.8p1-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix race condition resulting in potential remote code execution.
  For more information, see:
    https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
    https://www.cve.org/CVERecord?id=CVE-2024-6387
  (* Security fix *)
2024-07-02 13:30:50 +02:00
Patrick J Volkerding
2ad12f43bc Wed Jun 26 20:06:09 UTC 2024
patches/packages/bluez-5.71-x86_64-3_slack15.0.txz:  Rebuilt.
  Fix a regression in bluez-5.71:
  [PATCH] audio: transport: Fix crash on A2DP suspend.
  Thanks to coltfire.
patches/packages/xcb-util-cursor-0.1.5-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  Thanks to Lockywolf.
2024-06-27 13:30:48 +02:00
Patrick J Volkerding
46995c4798 Sat Jun 22 20:05:28 UTC 2024
patches/packages/emacs-29.4-x86_64-1_slack15.0.txz:  Upgraded.
  Emacs 29.4 is an emergency bugfix release intended to fix a
  security vulnerability:
  Arbitrary shell commands are no longer run when turning on Org mode.
  This is for security reasons, to avoid running malicious commands.
  (* Security fix *)
2024-06-23 13:30:49 +02:00
Patrick J Volkerding
c60f8dd577 Tue Jun 18 21:05:48 UTC 2024
patches/packages/cups-2.4.10-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2024-06-19 13:30:49 +02:00
Patrick J Volkerding
8b116857fe Sun Jun 16 21:32:49 UTC 2024
patches/packages/linux-5.15.161/*:  Upgraded.
  These updates fix regressions with the 5.15.160 packages.
  Hopefully we do not get any new ones. :-)
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
2024-06-17 13:30:48 +02:00
Patrick J Volkerding
249e0a3900 Sat Jun 15 20:51:59 UTC 2024
patches/packages/ca-certificates-20240615-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
2024-06-16 13:30:48 +02:00
Patrick J Volkerding
0cec0ecfa1 Wed Jun 12 21:12:05 UTC 2024
patches/packages/mozilla-thunderbird-115.11.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.11.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/
    https://www.cve.org/CVERecord?id=CVE-2024-4367
    https://www.cve.org/CVERecord?id=CVE-2024-4767
    https://www.cve.org/CVERecord?id=CVE-2024-4768
    https://www.cve.org/CVERecord?id=CVE-2024-4769
    https://www.cve.org/CVERecord?id=CVE-2024-4770
    https://www.cve.org/CVERecord?id=CVE-2024-4777
  (* Security fix *)
2024-06-13 13:30:30 +02:00
Patrick J Volkerding
cfdd416e37 Tue Jun 11 21:09:01 UTC 2024
patches/packages/cups-2.4.9-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  When starting the cupsd server with a Listen configuration item pointing
  to a symbolic link, the cupsd process can be caused to perform an arbitrary
  chmod of the provided argument, providing world-writable access to the
  target.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-35235
  (* Security fix *)
patches/packages/mozilla-firefox-115.12.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.12.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-26/
    https://www.cve.org/CVERecord?id=CVE-2024-5702
    https://www.cve.org/CVERecord?id=CVE-2024-5688
    https://www.cve.org/CVERecord?id=CVE-2024-5690
    https://www.cve.org/CVERecord?id=CVE-2024-5691
    https://www.cve.org/CVERecord?id=CVE-2024-5692
    https://www.cve.org/CVERecord?id=CVE-2024-5693
    https://www.cve.org/CVERecord?id=CVE-2024-5696
    https://www.cve.org/CVERecord?id=CVE-2024-5700
  (* Security fix *)
2024-06-12 13:30:32 +02:00
Patrick J Volkerding
61eadccb16 Sat Jun 8 19:42:03 UTC 2024
patches/packages/kernel-firmware-20240606_90df68d-noarch-1.txz:  Upgraded.
  Updated to the latest kernel firmware.
patches/packages/linux-5.15.160/*:  Upgraded.
  These updates fix a regression with the first 5.15.160 packages:
  Subject: [PATCH] Revert "drm/amdgpu: init iommu after amdkfd device init"
  This reverts commit 56b522f4668167096a50c39446d6263c96219f5f.
  A user reported that this commit breaks the integrated gpu of his
  notebook, causing a black screen. He was able to bisect the problematic
  commit and verified that by reverting it the notebook works again.
  He also confirmed that kernel 6.8.1 also works on his device, so the
  upstream commit itself seems to be ok.
  An amdgpu developer (Alex Deucher) confirmed that this patch should
  have never been ported to 5.15 in the first place, so revert this
  commit from the 5.15 stable series.
  Thanks to fsLeg.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
2024-06-09 13:30:34 +02:00
Patrick J Volkerding
dfa4788e03 Thu Jun 6 19:44:49 UTC 2024
extra/php81/php81-8.1.29-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Bypass of CVE-2012-1823, Argument Injection in PHP-CGI.
  Filter bypass in filter_var FILTER_VALIDATE_URL.
  Bypass of CVE-2024-1874.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.29
    https://www.cve.org/CVERecord?id=CVE-2024-4577
    https://www.cve.org/CVERecord?id=CVE-2024-5458
    https://www.cve.org/CVERecord?id=CVE-2024-5585
  (* Security fix *)
2024-06-07 13:30:44 +02:00
Patrick J Volkerding
e53c2323e1 Wed Jun 5 19:06:36 UTC 2024
patches/packages/ca-certificates-20240604-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
patches/packages/kernel-firmware-20240604_22643bb-noarch-1.txz:  Upgraded.
  Updated to the latest kernel firmware.
patches/packages/linux-5.15.160/*:  Upgraded.
  These updates fix various bugs and security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 5.15.147:
    https://www.cve.org/CVERecord?id=CVE-2023-52340
    https://www.cve.org/CVERecord?id=CVE-2023-6040
    https://www.cve.org/CVERecord?id=CVE-2024-0646
    Fixed in 5.15.148:
    https://www.cve.org/CVERecord?id=CVE-2023-46838
    https://www.cve.org/CVERecord?id=CVE-2023-52436
    https://www.cve.org/CVERecord?id=CVE-2023-52438
    https://www.cve.org/CVERecord?id=CVE-2023-52439
    https://www.cve.org/CVERecord?id=CVE-2023-52443
    https://www.cve.org/CVERecord?id=CVE-2023-52444
    https://www.cve.org/CVERecord?id=CVE-2023-52445
    https://www.cve.org/CVERecord?id=CVE-2023-52448
    https://www.cve.org/CVERecord?id=CVE-2023-52449
    https://www.cve.org/CVERecord?id=CVE-2023-52451
    https://www.cve.org/CVERecord?id=CVE-2023-52454
    https://www.cve.org/CVERecord?id=CVE-2023-52456
    https://www.cve.org/CVERecord?id=CVE-2023-52458
    https://www.cve.org/CVERecord?id=CVE-2023-52463
    https://www.cve.org/CVERecord?id=CVE-2023-52464
    https://www.cve.org/CVERecord?id=CVE-2023-52467
    https://www.cve.org/CVERecord?id=CVE-2023-52469
    https://www.cve.org/CVERecord?id=CVE-2023-52470
    https://www.cve.org/CVERecord?id=CVE-2023-52609
    https://www.cve.org/CVERecord?id=CVE-2023-52610
    https://www.cve.org/CVERecord?id=CVE-2023-52612
    https://www.cve.org/CVERecord?id=CVE-2023-6356
    https://www.cve.org/CVERecord?id=CVE-2023-6536
    https://www.cve.org/CVERecord?id=CVE-2023-6915
    https://www.cve.org/CVERecord?id=CVE-2024-1085
    https://www.cve.org/CVERecord?id=CVE-2024-24860
    https://www.cve.org/CVERecord?id=CVE-2024-26586
    https://www.cve.org/CVERecord?id=CVE-2024-26589
    https://www.cve.org/CVERecord?id=CVE-2024-26591
    https://www.cve.org/CVERecord?id=CVE-2024-26597
    https://www.cve.org/CVERecord?id=CVE-2024-26598
    https://www.cve.org/CVERecord?id=CVE-2024-26631
    https://www.cve.org/CVERecord?id=CVE-2024-26633
    Fixed in 5.15.149:
    https://www.cve.org/CVERecord?id=CVE-2023-52429
    https://www.cve.org/CVERecord?id=CVE-2023-52435
    https://www.cve.org/CVERecord?id=CVE-2023-52486
    https://www.cve.org/CVERecord?id=CVE-2023-52489
    https://www.cve.org/CVERecord?id=CVE-2023-52491
    https://www.cve.org/CVERecord?id=CVE-2023-52492
    https://www.cve.org/CVERecord?id=CVE-2023-52493
    https://www.cve.org/CVERecord?id=CVE-2023-52494
    https://www.cve.org/CVERecord?id=CVE-2023-52498
    https://www.cve.org/CVERecord?id=CVE-2023-52583
    https://www.cve.org/CVERecord?id=CVE-2023-52587
    https://www.cve.org/CVERecord?id=CVE-2023-52588
    https://www.cve.org/CVERecord?id=CVE-2023-52594
    https://www.cve.org/CVERecord?id=CVE-2023-52595
    https://www.cve.org/CVERecord?id=CVE-2023-52597
    https://www.cve.org/CVERecord?id=CVE-2023-52598
    https://www.cve.org/CVERecord?id=CVE-2023-52599
    https://www.cve.org/CVERecord?id=CVE-2023-52600
    https://www.cve.org/CVERecord?id=CVE-2023-52601
    https://www.cve.org/CVERecord?id=CVE-2023-52602
    https://www.cve.org/CVERecord?id=CVE-2023-52603
    https://www.cve.org/CVERecord?id=CVE-2023-52604
    https://www.cve.org/CVERecord?id=CVE-2023-52606
    https://www.cve.org/CVERecord?id=CVE-2023-52607
    https://www.cve.org/CVERecord?id=CVE-2023-52608
    https://www.cve.org/CVERecord?id=CVE-2023-52614
    https://www.cve.org/CVERecord?id=CVE-2023-52615
    https://www.cve.org/CVERecord?id=CVE-2023-52616
    https://www.cve.org/CVERecord?id=CVE-2023-52617
    https://www.cve.org/CVERecord?id=CVE-2023-52618
    https://www.cve.org/CVERecord?id=CVE-2023-52619
    https://www.cve.org/CVERecord?id=CVE-2023-52622
    https://www.cve.org/CVERecord?id=CVE-2023-52623
    https://www.cve.org/CVERecord?id=CVE-2023-52627
    https://www.cve.org/CVERecord?id=CVE-2023-52630
    https://www.cve.org/CVERecord?id=CVE-2023-52631
    https://www.cve.org/CVERecord?id=CVE-2023-52633
    https://www.cve.org/CVERecord?id=CVE-2023-52635
    https://www.cve.org/CVERecord?id=CVE-2023-52637
    https://www.cve.org/CVERecord?id=CVE-2023-52638
    https://www.cve.org/CVERecord?id=CVE-2024-0340
    https://www.cve.org/CVERecord?id=CVE-2024-1086
    https://www.cve.org/CVERecord?id=CVE-2024-1151
    https://www.cve.org/CVERecord?id=CVE-2024-23849
    https://www.cve.org/CVERecord?id=CVE-2024-23850
    https://www.cve.org/CVERecord?id=CVE-2024-23851
    https://www.cve.org/CVERecord?id=CVE-2024-26592
    https://www.cve.org/CVERecord?id=CVE-2024-26593
    https://www.cve.org/CVERecord?id=CVE-2024-26594
    https://www.cve.org/CVERecord?id=CVE-2024-26600
    https://www.cve.org/CVERecord?id=CVE-2024-26602
    https://www.cve.org/CVERecord?id=CVE-2024-26606
    https://www.cve.org/CVERecord?id=CVE-2024-26608
    https://www.cve.org/CVERecord?id=CVE-2024-26610
    https://www.cve.org/CVERecord?id=CVE-2024-26614
    https://www.cve.org/CVERecord?id=CVE-2024-26615
    https://www.cve.org/CVERecord?id=CVE-2024-26625
    https://www.cve.org/CVERecord?id=CVE-2024-26627
    https://www.cve.org/CVERecord?id=CVE-2024-26635
    https://www.cve.org/CVERecord?id=CVE-2024-26636
    https://www.cve.org/CVERecord?id=CVE-2024-26640
    https://www.cve.org/CVERecord?id=CVE-2024-26641
    https://www.cve.org/CVERecord?id=CVE-2024-26644
    https://www.cve.org/CVERecord?id=CVE-2024-26645
    https://www.cve.org/CVERecord?id=CVE-2024-26660
    https://www.cve.org/CVERecord?id=CVE-2024-26663
    https://www.cve.org/CVERecord?id=CVE-2024-26664
    https://www.cve.org/CVERecord?id=CVE-2024-26665
    https://www.cve.org/CVERecord?id=CVE-2024-26668
    https://www.cve.org/CVERecord?id=CVE-2024-26671
    https://www.cve.org/CVERecord?id=CVE-2024-26673
    https://www.cve.org/CVERecord?id=CVE-2024-26675
    https://www.cve.org/CVERecord?id=CVE-2024-26676
    https://www.cve.org/CVERecord?id=CVE-2024-26679
    https://www.cve.org/CVERecord?id=CVE-2024-26684
    https://www.cve.org/CVERecord?id=CVE-2024-26685
    https://www.cve.org/CVERecord?id=CVE-2024-26689
    https://www.cve.org/CVERecord?id=CVE-2024-26696
    https://www.cve.org/CVERecord?id=CVE-2024-26697
    https://www.cve.org/CVERecord?id=CVE-2024-26698
    https://www.cve.org/CVERecord?id=CVE-2024-26702
    https://www.cve.org/CVERecord?id=CVE-2024-26704
    https://www.cve.org/CVERecord?id=CVE-2024-26707
    https://www.cve.org/CVERecord?id=CVE-2024-26712
    https://www.cve.org/CVERecord?id=CVE-2024-26715
    https://www.cve.org/CVERecord?id=CVE-2024-26717
    https://www.cve.org/CVERecord?id=CVE-2024-26720
    https://www.cve.org/CVERecord?id=CVE-2024-26727
    https://www.cve.org/CVERecord?id=CVE-2024-26808
    Fixed in 5.15.150:
    https://www.cve.org/CVERecord?id=CVE-2023-52434
    https://www.cve.org/CVERecord?id=CVE-2023-52497
    https://www.cve.org/CVERecord?id=CVE-2023-52640
    https://www.cve.org/CVERecord?id=CVE-2023-52641
    https://www.cve.org/CVERecord?id=CVE-2024-0565
    https://www.cve.org/CVERecord?id=CVE-2024-26601
    https://www.cve.org/CVERecord?id=CVE-2024-26603
    https://www.cve.org/CVERecord?id=CVE-2024-26733
    https://www.cve.org/CVERecord?id=CVE-2024-26735
    https://www.cve.org/CVERecord?id=CVE-2024-26736
    https://www.cve.org/CVERecord?id=CVE-2024-26737
    https://www.cve.org/CVERecord?id=CVE-2024-26743
    https://www.cve.org/CVERecord?id=CVE-2024-26744
    https://www.cve.org/CVERecord?id=CVE-2024-26747
    https://www.cve.org/CVERecord?id=CVE-2024-26748
    https://www.cve.org/CVERecord?id=CVE-2024-26749
    https://www.cve.org/CVERecord?id=CVE-2024-26751
    https://www.cve.org/CVERecord?id=CVE-2024-26752
    https://www.cve.org/CVERecord?id=CVE-2024-26754
    https://www.cve.org/CVERecord?id=CVE-2024-26763
    https://www.cve.org/CVERecord?id=CVE-2024-26764
    https://www.cve.org/CVERecord?id=CVE-2024-26766
    https://www.cve.org/CVERecord?id=CVE-2024-26769
    https://www.cve.org/CVERecord?id=CVE-2024-26771
    https://www.cve.org/CVERecord?id=CVE-2024-26772
    https://www.cve.org/CVERecord?id=CVE-2024-26773
    https://www.cve.org/CVERecord?id=CVE-2024-26774
    https://www.cve.org/CVERecord?id=CVE-2024-26776
    https://www.cve.org/CVERecord?id=CVE-2024-26777
    https://www.cve.org/CVERecord?id=CVE-2024-26778
    https://www.cve.org/CVERecord?id=CVE-2024-26779
    Fixed in 5.15.151:
    https://www.cve.org/CVERecord?id=CVE-2023-52620
    https://www.cve.org/CVERecord?id=CVE-2024-0841
    https://www.cve.org/CVERecord?id=CVE-2024-26622
    https://www.cve.org/CVERecord?id=CVE-2024-26688
    https://www.cve.org/CVERecord?id=CVE-2024-26782
    https://www.cve.org/CVERecord?id=CVE-2024-26788
    https://www.cve.org/CVERecord?id=CVE-2024-26790
    https://www.cve.org/CVERecord?id=CVE-2024-26791
    https://www.cve.org/CVERecord?id=CVE-2024-26793
    https://www.cve.org/CVERecord?id=CVE-2024-26795
    https://www.cve.org/CVERecord?id=CVE-2024-26798
    https://www.cve.org/CVERecord?id=CVE-2024-26801
    https://www.cve.org/CVERecord?id=CVE-2024-26802
    https://www.cve.org/CVERecord?id=CVE-2024-26803
    https://www.cve.org/CVERecord?id=CVE-2024-26804
    https://www.cve.org/CVERecord?id=CVE-2024-26805
    Fixed in 5.15.152:
    https://www.cve.org/CVERecord?id=CVE-2024-26659
    https://www.cve.org/CVERecord?id=CVE-2024-26787
    Fixed in 5.15.153:
    https://www.cve.org/CVERecord?id=CVE-2023-52447
    https://www.cve.org/CVERecord?id=CVE-2023-6270
    https://www.cve.org/CVERecord?id=CVE-2023-7042
    https://www.cve.org/CVERecord?id=CVE-2024-22099
    https://www.cve.org/CVERecord?id=CVE-2024-26651
    https://www.cve.org/CVERecord?id=CVE-2024-26809
  (* Security fix *)
2024-06-06 13:30:38 +02:00
Patrick J Volkerding
e5301d4448 Sat Jun 1 19:52:37 UTC 2024
patches/packages/ntp-4.2.8p18-x86_64-2_slack15.0.txz:  Rebuilt.
  This is a bugfix release to fix a possible regression. In some cases ntpd
  gets an error on mixed ipv4/ipv6 networks, so we'll make it possible to
  easily configure ntpd to use ipv4 only or ipv6 only (as well as to change
  any other ntpd options).
  rc.ntp: properly create the PID file on start.
  Add /etc/default/ntp to configure ntpd startup options since some people are
  needing to add -4 to avoid an error.
  Thanks to rkelsen and teoberi.
2024-06-02 13:30:47 +02:00
Patrick J Volkerding
dd5b1ba2c4 Sun May 26 00:07:39 UTC 2024
patches/packages/ntp-4.2.8p18-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2024-05-26 13:30:49 +02:00
Patrick J Volkerding
97a6982d2b Wed May 22 18:57:13 UTC 2024
patches/packages/curl-8.8.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2024-05-23 13:30:44 +02:00
Patrick J Volkerding
e10e8c9854 Mon May 20 18:42:49 UTC 2024
patches/packages/mariadb-10.5.25-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and a security issue:
  Difficult to exploit vulnerability allows unauthenticated attacker with
  logon to the infrastructure where MariaDB Server executes to compromise the
  server. This could result in unauthorized update, insert or delete access
  to some of the data as well as unauthorized read access to a subset of the
  data and unauthorized ability to cause a partial denial of service.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-21096
  (* Security fix *)
2024-05-21 13:30:45 +02:00
Patrick J Volkerding
fb146f18cf Thu May 16 02:31:40 UTC 2024
patches/packages/gdk-pixbuf2-2.42.12-x86_64-1_slack15.0.txz:  Upgraded.
  ani: Reject files with multiple INA or IART chunks.
  ani: Reject files with multiple anih chunks.
  ani: validate chunk size.
  Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-48622
  (* Security fix *)
patches/packages/git-2.39.4-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Recursive clones on case-insensitive filesystems that support symbolic
  links are susceptible to case confusion that can be exploited to
  execute just-cloned code during the clone operation.
  Repositories can be configured to execute arbitrary code during local
  clones. To address this, the ownership checks introduced in v2.30.3
  are now extended to cover cloning local repositories.
  Local clones may end up hardlinking files into the target repository's
  object database when source and target repository reside on the same
  disk. If the source repository is owned by a different user, then
  those hardlinked files may be rewritten at any point in time by the
  untrusted user.
  When cloning a local source repository that contains symlinks via the
  filesystem, Git may create hardlinks to arbitrary user-readable files
  on the same filesystem as the target repository in the objects/
  directory.
  It is supposed to be safe to clone untrusted repositories, even those
  unpacked from zip archives or tarballs originating from untrusted
  sources, but Git can be tricked to run arbitrary code as part of the
  clone.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-32002
    https://www.cve.org/CVERecord?id=CVE-2024-32004
    https://www.cve.org/CVERecord?id=CVE-2024-32020
    https://www.cve.org/CVERecord?id=CVE-2024-32021
    https://www.cve.org/CVERecord?id=CVE-2024-32465
  (* Security fix *)
patches/packages/popa3d-1.0.3-x86_64-7_slack15.0.txz:  Rebuilt.
  This is a bugfix release:
  Build with AUTH_PAM, not AUTH_SHADOW.
  Thanks to jayjwa.
testing/packages/bind-9.18.27-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2024-05-17 13:40:17 +02:00
Patrick J Volkerding
a86246c0dd Tue May 14 19:07:51 UTC 2024
patches/packages/mozilla-firefox-115.11.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-22/
    https://www.cve.org/CVERecord?id=CVE-2024-4367
    https://www.cve.org/CVERecord?id=CVE-2024-4767
    https://www.cve.org/CVERecord?id=CVE-2024-4768
    https://www.cve.org/CVERecord?id=CVE-2024-4769
    https://www.cve.org/CVERecord?id=CVE-2024-4770
    https://www.cve.org/CVERecord?id=CVE-2024-4777
  (* Security fix *)
2024-05-15 13:30:44 +02:00
Patrick J Volkerding
e00e146d20 Mon May 13 18:22:20 UTC 2024
patches/packages/libxml2-2.11.8-x86_64-1_slack15.0.txz:  Upgraded.
  Fix buffer overread with "xmllint --htmlout".
  xmllint: Fix --pedantic option.
  save: Handle invalid parent pointers in xhtmlNodeDumpOutput.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-34459
  (* Security fix *)
2024-05-14 13:40:19 +02:00
Patrick J Volkerding
39da3ef43f Sun May 12 19:10:12 UTC 2024
patches/packages/whois-5.5.23-x86_64-1_slack15.0.txz:  Upgraded.
  Updated the .sc, .********* (.xn--yfro4i67o, Singapore)
  and .********************************* (.xn--clchc0ea0b2g2a9gcd, Singapore)
  TLD servers.
2024-05-13 13:30:45 +02:00
Patrick J Volkerding
bc6a73dcbb Thu May 9 19:26:51 UTC 2024
patches/packages/sg3_utils-1.47-x86_64-2_slack15.0.txz:  Rebuilt.
  This is a bugfix release to fix a regression in rescan-scsi-bus.sh that
  causes all SCSI devices to be removed from the system when the '-r'
  option is used. Thanks to jwoithe for the link to the upstream patch.
2024-05-10 13:30:43 +02:00
Patrick J Volkerding
1163276b19 Thu Apr 25 17:58:17 UTC 2024
patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txz:  Rebuilt.
  Patched an out-of-bound error in the rar e8 filter that could allow for
  the execution of arbitrary code.
  Thanks to gmgf for the heads-up.
  For more information, see:
    https://github.com/advisories/GHSA-2jc9-36w4-pmqw
    https://www.cve.org/CVERecord?id=CVE-2024-26256
  (* Security fix *)
2024-04-26 13:30:48 +02:00
Patrick J Volkerding
88c375df6b Tue Apr 23 22:24:03 UTC 2024
patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Arbitrary memory address read vulnerability with Regex search.
  RCE vulnerability with .rdoc_options in RDoc.
  Buffer overread vulnerability in StringIO.
  For more information, see:
    https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
    https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
    https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
    https://www.cve.org/CVERecord?id=CVE-2024-27282
    https://www.cve.org/CVERecord?id=CVE-2024-27281
    https://www.cve.org/CVERecord?id=CVE-2024-27280
  (* Security fix *)
2024-04-24 13:30:50 +02:00
Patrick J Volkerding
9e65079da6 Mon Apr 22 19:36:38 UTC 2024
patches/packages/freerdp-2.11.7-x86_64-1_slack15.0.txz:  Upgraded.
  This release eliminates a bunch of issues detected during oss-fuzz runs.
  (* Security fix *)
2024-04-23 13:30:50 +02:00
Patrick J Volkerding
54a8f66b49 Fri Apr 19 19:36:17 UTC 2024
patches/packages/freerdp-2.11.6-x86_64-1_slack15.0.txz:  Upgraded.
  This release is a security release and addresses multiple issues:
  [Low] OutOfBound Read in zgfx_decompress_segment.
  [Moderate] Integer overflow & OutOfBound Write in
  clear_decompress_residual_data.
  [Low] integer underflow in nsc_rle_decode.
  [Low] OutOfBound Read in planar_skip_plane_rle.
  [Low] OutOfBound Read in ncrush_decompress.
  [Low] OutOfBound Read in interleaved_decompress.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-32041
    https://www.cve.org/CVERecord?id=CVE-2024-32039
    https://www.cve.org/CVERecord?id=CVE-2024-32040
    https://www.cve.org/CVERecord?id=CVE-2024-32458
    https://www.cve.org/CVERecord?id=CVE-2024-32459
    https://www.cve.org/CVERecord?id=CVE-2024-32460
  (* Security fix *)
2024-04-20 13:30:46 +02:00
Patrick J Volkerding
d3c452d720 Thu Apr 18 19:17:30 UTC 2024
patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz:  Rebuilt.
patches/packages/glibc-2.33-x86_64-6_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  The iconv() function in the GNU C Library versions 2.39 and older may
  overflow the output buffer passed to it by up to 4 bytes when converting
  strings to the ISO-2022-CN-EXT character set, which may be used to crash
  an application or overwrite a neighbouring variable.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-2961
  (* Security fix *)
patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz:  Rebuilt.
patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz:  Rebuilt.
testing/packages/bind-9.18.26-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2024-04-19 13:30:41 +02:00
Patrick J Volkerding
2a933a7e4f Wed Apr 17 20:35:48 UTC 2024
patches/packages/mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird115.10
  (* Security fix *)
2024-04-18 13:30:45 +02:00
Patrick J Volkerding
7165f6f4db Tue Apr 16 18:50:13 UTC 2024
patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-19/
    https://www.cve.org/CVERecord?id=CVE-2024-3852
    https://www.cve.org/CVERecord?id=CVE-2024-3854
    https://www.cve.org/CVERecord?id=CVE-2024-3857
    https://www.cve.org/CVERecord?id=CVE-2024-2609
    https://www.cve.org/CVERecord?id=CVE-2024-3859
    https://www.cve.org/CVERecord?id=CVE-2024-3861
    https://www.cve.org/CVERecord?id=CVE-2024-3863
    https://www.cve.org/CVERecord?id=CVE-2024-3302
    https://www.cve.org/CVERecord?id=CVE-2024-3864
  (* Security fix *)
2024-04-17 13:30:44 +02:00
Patrick J Volkerding
1d9ca96a22 Sun Apr 14 18:35:32 UTC 2024
patches/packages/less-653-x86_64-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  less through 653 allows OS command execution via a newline character in the
  name of a file, because quoting is mishandled in filename.c. Exploitation
  typically requires use with attacker-controlled file names, such as the files
  extracted from an untrusted archive. Exploitation also requires the LESSOPEN
  environment variable, but this is set by default in many common cases.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-32487
  (* Security fix *)
2024-04-15 13:30:43 +02:00
Patrick J Volkerding
47084e3f2f Fri Apr 12 19:08:59 UTC 2024
extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Command injection via array-ish $command parameter of proc_open.
  __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
  Password_verify can erroneously return true, opening ATO risk.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.28
    https://www.cve.org/CVERecord?id=CVE-2024-1874
    https://www.cve.org/CVERecord?id=CVE-2024-2756
    https://www.cve.org/CVERecord?id=CVE-2024-3096
  (* Security fix *)
2024-04-13 13:30:41 +02:00
Patrick J Volkerding
971e161e46 Mon Apr 8 18:44:37 UTC 2024
patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fix possible vulnerability in tar error reporting introduced in f27c173
  by JiaT75.
  For more information, see:
    f27c173d17
    https://github.com/libarchive/libarchive/pull/2101
  (* Security fix *)
2024-04-09 13:30:46 +02:00
Patrick J Volkerding
d5ca6849f8 Fri Apr 5 20:11:23 UTC 2024
extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz:  Rebuilt.
  Recompiled against xorg-server-1.20.14, including the latest patches for
  several security issues:
  Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
  Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
  Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
  Use-after-free in ProcRenderAddGlyphs.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-April/003497.html
    https://www.cve.org/CVERecord?id=CVE-2024-31080
    https://www.cve.org/CVERecord?id=CVE-2024-31081
    https://www.cve.org/CVERecord?id=CVE-2024-31082
    https://www.cve.org/CVERecord?id=CVE-2024-31083
  (* Security fix *)
2024-04-06 13:30:47 +02:00
Patrick J Volkerding
1e2fa38645 Thu Apr 4 20:49:23 UTC 2024
patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  HTTP/2 DoS by memory exhaustion on endless continuation frames.
  HTTP Response Splitting in multiple modules.
  HTTP response splitting.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.59
    https://www.cve.org/CVERecord?id=CVE-2024-27316
    https://www.cve.org/CVERecord?id=CVE-2024-24795
    https://www.cve.org/CVERecord?id=CVE-2023-38709
  (* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
  frames even after a stream is reset to keep HPACK context in sync. This
  causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
  this vulnerability by limiting the number of CONTINUATION frames it can
  accept after a HEADERS frame.
  For more information, see:
    https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
    https://www.kb.cert.org/vuls/id/421644
    https://www.cve.org/CVERecord?id=CVE-2024-28182
  (* Security fix *)
2024-04-05 13:30:57 +02:00
Patrick J Volkerding
d6e7dd0417 Wed Apr 3 22:22:06 UTC 2024
patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
  Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
  Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
  Use-after-free in ProcRenderAddGlyphs.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-April/003497.html
    https://www.cve.org/CVERecord?id=CVE-2024-31080
    https://www.cve.org/CVERecord?id=CVE-2024-31081
    https://www.cve.org/CVERecord?id=CVE-2024-31082
    https://www.cve.org/CVERecord?id=CVE-2024-31083
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
  Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
  Use-after-free in ProcRenderAddGlyphs.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2024-April/003497.html
    https://www.cve.org/CVERecord?id=CVE-2024-31080
    https://www.cve.org/CVERecord?id=CVE-2024-31081
    https://www.cve.org/CVERecord?id=CVE-2024-31083
  (* Security fix *)
2024-04-04 13:30:42 +02:00
Patrick J Volkerding
3874039d9c Fri Mar 29 02:25:21 UTC 2024
patches/packages/coreutils-9.5-x86_64-1_slack15.0.txz:  Upgraded.
  chmod -R now avoids a race where an attacker may replace a traversed file
  with a symlink, causing chmod to operate on an unintended file.
  [This bug was present in "the beginning".]
  split --line-bytes with a mixture of very long and short lines no longer
  overwrites the heap.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-0684
  (* Security fix *)
2024-03-29 13:30:42 +01:00
Patrick J Volkerding
9146b9762b Wed Mar 27 19:16:09 UTC 2024
patches/packages/curl-8.7.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release fixes the following security issues:
  TLS certificate check bypass with mbedTLS.
  HTTP/2 push headers memory-leak.
  QUIC certificate check bypass with wolfSSL.
  Usage of disabled protocol.
  For more information, see:
    https://curl.se/docs/CVE-2024-2466.html
    https://curl.se/docs/CVE-2024-2398.html
    https://curl.se/docs/CVE-2024-2379.html
    https://curl.se/docs/CVE-2024-2004.html
    https://www.cve.org/CVERecord?id=CVE-2024-2466
    https://www.cve.org/CVERecord?id=CVE-2024-2398
    https://www.cve.org/CVERecord?id=CVE-2024-2379
    https://www.cve.org/CVERecord?id=CVE-2024-2004
  (* Security fix *)
2024-03-28 13:30:39 +01:00
Patrick J Volkerding
9543d326f2 Sun Mar 24 18:21:46 UTC 2024
patches/packages/emacs-29.3-x86_64-1_slack15.0.txz:  Upgraded.
  GNU Emacs through 28.2 allows attackers to execute commands via shell
  metacharacters in the name of a source-code file, because lib-src/etags.c
  uses the system C library function in its implementation of the ctags
  program. For example, a victim may use the "ctags *" command (suggested in
  the ctags documentation) in a situation where the current working directory
  has contents that depend on untrusted input.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-45939
  (* Security fix *)
2024-03-25 13:30:45 +01:00
Patrick J Volkerding
fca48db86c Sat Mar 23 19:34:02 UTC 2024
patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a critical security issue:
  An attacker was able to inject an event handler into a privileged object
  that would allow arbitrary JavaScript execution in the parent process.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-16/
    https://www.cve.org/CVERecord?id=CVE-2024-29944
  (* Security fix *)
2024-03-24 13:30:44 +01:00
Patrick J Volkerding
7fee55d3d8 Wed Mar 20 21:10:30 UTC 2024
patches/packages/bind-9.16.49-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  bundled libexpat was updated to 2.6.0.
  zipfile is now protected from the "quoted-overlap" zipbomb.
  tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
  working around file system permission errors.
  For more information, see:
    https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.html
    https://www.cve.org/CVERecord?id=CVE-2023-52425
    https://www.cve.org/CVERecord?id=CVE-2024-0450
    https://www.cve.org/CVERecord?id=CVE-2023-6597
  (* Security fix *)
testing/packages/bind-9.18.25-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2024-03-21 13:30:40 +01:00
Patrick J Volkerding
56c5869402 Wed Mar 20 00:08:59 UTC 2024
patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes two medium severity security issues:
  libgnutls: Fix side-channel in the deterministic ECDSA.
  Reported by George Pantelakis (#1516).
  libgnutls: Fixed a bug where certtool crashed when verifying a certificate
  chain with more than 16 certificates. Reported by William Woodruff (#1525)
  and yixiangzhike (#1527).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-28834
    https://www.cve.org/CVERecord?id=CVE-2024-28835
  (* Security fix *)
patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-13/
    https://www.cve.org/CVERecord?id=CVE-2024-0743
    https://www.cve.org/CVERecord?id=CVE-2024-2605
    https://www.cve.org/CVERecord?id=CVE-2024-2607
    https://www.cve.org/CVERecord?id=CVE-2024-2608
    https://www.cve.org/CVERecord?id=CVE-2024-2616
    https://www.cve.org/CVERecord?id=CVE-2023-5388
    https://www.cve.org/CVERecord?id=CVE-2024-2610
    https://www.cve.org/CVERecord?id=CVE-2024-2611
    https://www.cve.org/CVERecord?id=CVE-2024-2612
    https://www.cve.org/CVERecord?id=CVE-2024-2614
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
    https://www.cve.org/CVERecord?id=CVE-2024-0743
    https://www.cve.org/CVERecord?id=CVE-2024-2605
    https://www.cve.org/CVERecord?id=CVE-2024-2607
    https://www.cve.org/CVERecord?id=CVE-2024-2608
    https://www.cve.org/CVERecord?id=CVE-2024-2616
    https://www.cve.org/CVERecord?id=CVE-2023-5388
    https://www.cve.org/CVERecord?id=CVE-2024-2610
    https://www.cve.org/CVERecord?id=CVE-2024-2611
    https://www.cve.org/CVERecord?id=CVE-2024-2612
    https://www.cve.org/CVERecord?id=CVE-2024-2614
  (* Security fix *)
2024-03-20 13:30:42 +01:00
Patrick J Volkerding
735bb1f74b Wed Mar 13 19:46:48 UTC 2024
patches/packages/expat-2.6.2-x86_64-1_slack15.0.txz:  Upgraded.
  Prevent billion laughs attacks with isolated use of external parsers.
  For more information, see:
    1d50b80cf3
    https://www.cve.org/CVERecord?id=CVE-2024-28757
  (* Security fix *)
2024-03-14 13:30:42 +01:00
Patrick J Volkerding
c131b21d96 Fri Mar 8 19:20:11 UTC 2024
patches/packages/xfce4-weather-plugin-0.11.2-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2024-03-09 13:30:47 +01:00
Patrick J Volkerding
9f285815b9 Thu Mar 7 20:40:08 UTC 2024
patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txz:  Rebuilt.
  Fixes security issues:
  A vulnerability was identified in the way Ghostscript/GhostPDL called
  tesseract for the OCR devices, which could allow arbitrary code execution.
  Thanks to J_W for the heads-up.
  Mishandling of permission validation for pipe devices could allow arbitrary
  code execution.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
  (* Security fix *)
2024-03-08 13:30:42 +01:00
Patrick J Volkerding
f4d1d3ac7d Tue Mar 5 21:16:50 UTC 2024
patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
    https://www.cve.org/CVERecord?id=CVE-2024-1936
  (* Security fix *)
patches/packages/postfix-3.6.15-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.postfix.org/announcements/postfix-3.8.6.html
2024-03-06 13:30:42 +01:00
Patrick J Volkerding
ce64f0a935 Fri Mar 1 22:13:28 UTC 2024
patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
2024-03-02 13:31:26 +01:00
Patrick J Volkerding
cec16b4f7e Thu Feb 29 19:11:19 UTC 2024
patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a regression in openjpeg-2.5.1:
  API breakage / openjpeg version no longer detected (openjpeg.h no longer
  includes opj_config.h).
2024-03-01 13:30:44 +01:00
Patrick J Volkerding
970e55afb6 Wed Feb 28 18:36:48 UTC 2024
patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz:  Rebuilt.
  Patched the implementation of PEAP in wpa_supplicant to prevent an
  authentication bypass. For a successful attack, wpa_supplicant must be
  configured to not verify the network's TLS certificate during Phase 1
  authentication, and an eap_peap_decrypt vulnerability can then be abused
  to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
  Success packet instead of starting Phase 2. This allows an adversary to
  impersonate Enterprise Wi-Fi networks.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-52160
  (* Security fix *)
2024-02-29 13:30:42 +01:00
Patrick J Volkerding
6008910371 Mon Feb 26 20:09:43 UTC 2024
patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
  sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
  this to execute arbitrary code with the permissions of the application
  compiled against openjpeg.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-3575
  (* Security fix *)
2024-02-27 13:30:41 +01:00
Patrick J Volkerding
76371c76c5 Sun Feb 25 19:16:52 UTC 2024
patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz:  Upgraded.
  Updated the .cv and .sd TLD servers.
  Removed 4 new gTLDs which are no longer active.
2024-02-26 13:30:47 +01:00
Patrick J Volkerding
c33fb28229 Fri Feb 23 20:37:29 UTC 2024
patches/packages/dcron-4.5-x86_64-13_slack15.0.txz:  Rebuilt.
  This is a bugfix release.
  run-parts.8: document skiping *.orig files. Thanks to metaed.
2024-02-24 13:30:44 +01:00