mirror of
git://slackware.nl/current.git
synced 2025-01-03 23:03:22 +01:00
131d525a47
a/aaa_libraries-15.0-x86_64-18.txz: Rebuilt.
Rebuilt to pick up the patched libexpat.so.1.8.3.
a/kernel-generic-5.15.17-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.17-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.17-x86_64-1.txz: Upgraded.
a/lzlib-1.13-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.0-noarch-8.txz: Rebuilt.
rc.S: clear /var/lock/subsys before starting libcgroup services.
Thanks to pyllyukko.
ap/pamixer-1.5-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
d/kernel-headers-5.15.17-x86-1.txz: Upgraded.
k/kernel-source-5.15.17-noarch-1.txz: Upgraded.
kde/kig-21.12.1-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
kde/kopeninghours-21.12.1-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
kde/krita-5.0.2-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
l/boost-1.78.0-x86_64-1.txz: Upgraded.
I hadn't planned to update this at such a late stage, but POV-Ray needs it
and everything we ship builds fine against it. Thanks to bender647.
Shared library .so-version bump.
l/cryfs-0.10.3-x86_64-4.txz: Rebuilt.
Recompiled against boost-1.78.0.
l/expat-2.4.3-x86_64-3.txz: Rebuilt.
Prevent integer overflow in doProlog.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990
(* Security fix *)
l/netpbm-10.97.03-x86_64-1.txz: Upgraded.
l/openexr-2.5.7-x86_64-5.txz: Rebuilt.
Recompiled against boost-1.78.0.
l/pipewire-0.3.44-x86_64-1.txz: Upgraded.
n/fetchmail-6.4.27-x86_64-1.txz: Upgraded.
n/libgpg-error-1.44-x86_64-1.txz: Upgraded.
x/mesa-21.3.5-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-91.5.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.5.1/releasenotes/
(* Security fix *)
extra/rust-for-mozilla/rust-1.54.0-x86_64-4.txz: Rebuilt.
Removed duplicated libLLVM shared library.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
75 lines
2.8 KiB
Diff
75 lines
2.8 KiB
Diff
From ede41d1e186ed2aba88a06e84cac839b770af3a1 Mon Sep 17 00:00:00 2001
|
|
From: Sebastian Pipping <sebastian@pipping.org>
|
|
Date: Wed, 26 Jan 2022 02:36:43 +0100
|
|
Subject: [PATCH 1/2] lib: Prevent integer overflow in doProlog
|
|
(CVE-2022-23990)
|
|
|
|
The change from "int nameLen" to "size_t nameLen"
|
|
addresses the overflow on "nameLen++" in code
|
|
"for (; name[nameLen++];)" right above the second
|
|
change in the patch.
|
|
---
|
|
expat/lib/xmlparse.c | 10 ++++++++--
|
|
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
|
|
index 5ce31402..d1d17005 100644
|
|
--- a/expat/lib/xmlparse.c
|
|
+++ b/expat/lib/xmlparse.c
|
|
@@ -5372,7 +5372,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
|
|
if (dtd->in_eldecl) {
|
|
ELEMENT_TYPE *el;
|
|
const XML_Char *name;
|
|
- int nameLen;
|
|
+ size_t nameLen;
|
|
const char *nxt
|
|
= (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar);
|
|
int myindex = nextScaffoldPart(parser);
|
|
@@ -5388,7 +5388,13 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
|
|
nameLen = 0;
|
|
for (; name[nameLen++];)
|
|
;
|
|
- dtd->contentStringLen += nameLen;
|
|
+
|
|
+ /* Detect and prevent integer overflow */
|
|
+ if (nameLen > UINT_MAX - dtd->contentStringLen) {
|
|
+ return XML_ERROR_NO_MEMORY;
|
|
+ }
|
|
+
|
|
+ dtd->contentStringLen += (unsigned)nameLen;
|
|
if (parser->m_elementDeclHandler)
|
|
handleDefault = XML_FALSE;
|
|
}
|
|
|
|
From 6e3449594fb2f61c92fc561f51f82196fdd15d63 Mon Sep 17 00:00:00 2001
|
|
From: Sebastian Pipping <sebastian@pipping.org>
|
|
Date: Wed, 26 Jan 2022 02:51:39 +0100
|
|
Subject: [PATCH 2/2] Changes: Document CVE-2022-23990
|
|
|
|
---
|
|
expat/Changes | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/expat/Changes b/expat/Changes
|
|
index 5ff5da5e..ec1f7604 100644
|
|
--- a/expat/Changes
|
|
+++ b/expat/Changes
|
|
@@ -10,12 +10,18 @@ Release x.x.x xxx xxxxxxx xx xxxx
|
|
for when XML_CONTEXT_BYTES is defined to >0 (which is both
|
|
common and default).
|
|
Impact is denial of service or more.
|
|
+ #551 CVE-2022-23990 -- Fix unsigned integer overflow in function
|
|
+ doProlog triggered by large content in element type
|
|
+ declarations when there is an element declaration handler
|
|
+ present (from a prior call to XML_SetElementDeclHandler).
|
|
+ Impact is denial of service or more.
|
|
|
|
Bug fixes:
|
|
#544 #545 xmlwf: Fix a memory leak on output file opening error
|
|
|
|
Special thanks to:
|
|
hwt0415
|
|
+ Roland Illig
|
|
Samanta Navarro
|
|
and
|
|
Clang LeakSan and the Clang team
|