mirror of
git://slackware.nl/current.git
synced 2024-12-31 10:28:29 +01:00
45ec128def
patches/packages/krb5-1.19.2-x86_64-3_slack15.0.txz: Rebuilt.
Fixed integer overflows in PAC parsing.
Fixed memory leak in OTP kdcpreauth module.
Fixed PKCS11 module path search.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-42898
(* Security fix *)
patches/packages/mozilla-firefox-102.5.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/102.5.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2022-48/
https://www.cve.org/CVERecord?id=CVE-2022-45403
https://www.cve.org/CVERecord?id=CVE-2022-45404
https://www.cve.org/CVERecord?id=CVE-2022-45405
https://www.cve.org/CVERecord?id=CVE-2022-45406
https://www.cve.org/CVERecord?id=CVE-2022-45408
https://www.cve.org/CVERecord?id=CVE-2022-45409
https://www.cve.org/CVERecord?id=CVE-2022-45410
https://www.cve.org/CVERecord?id=CVE-2022-45411
https://www.cve.org/CVERecord?id=CVE-2022-45412
https://www.cve.org/CVERecord?id=CVE-2022-45416
https://www.cve.org/CVERecord?id=CVE-2022-45418
https://www.cve.org/CVERecord?id=CVE-2022-45420
https://www.cve.org/CVERecord?id=CVE-2022-45421
(* Security fix *)
patches/packages/mozilla-thunderbird-102.5.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.5.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/
https://www.cve.org/CVERecord?id=CVE-2022-45403
https://www.cve.org/CVERecord?id=CVE-2022-45404
https://www.cve.org/CVERecord?id=CVE-2022-45405
https://www.cve.org/CVERecord?id=CVE-2022-45406
https://www.cve.org/CVERecord?id=CVE-2022-45408
https://www.cve.org/CVERecord?id=CVE-2022-45409
https://www.cve.org/CVERecord?id=CVE-2022-45410
https://www.cve.org/CVERecord?id=CVE-2022-45411
https://www.cve.org/CVERecord?id=CVE-2022-45412
https://www.cve.org/CVERecord?id=CVE-2022-45416
https://www.cve.org/CVERecord?id=CVE-2022-45418
https://www.cve.org/CVERecord?id=CVE-2022-45420
https://www.cve.org/CVERecord?id=CVE-2022-45421
(* Security fix *)
patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz: Upgraded.
Fixed a security issue where Samba's Kerberos libraries and AD DC failed
to guard against integer overflows when parsing a PAC on a 32-bit system,
which allowed an attacker with a forged PAC to corrupt the heap.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-42898.html
https://www.cve.org/CVERecord?id=CVE-2022-42898
(* Security fix *)
patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz: Upgraded.
This update fixes regressions in the previous security fix:
mime-settings: Properly quote command parameters.
Revert "Escape characters which do not belong into an URI/URL (Issue #390)."
65 lines
2.2 KiB
Diff
65 lines
2.2 KiB
Diff
From e134d9a6b6332bd085093e9075c949ece784fcd0 Mon Sep 17 00:00:00 2001
|
|
From: sashan <anedvedicky@gmail.com>
|
|
Date: Sat, 18 Jun 2022 00:05:32 +0200
|
|
Subject: [PATCH] Fix PKCS11 module path search
|
|
|
|
Commit c5c11839e02c7993eb78f2c94c75c10cf93f2195 switched the loading
|
|
of the PKCS#11 module from dlopen() to krb5int_open_plugin(). Because
|
|
krb5int_open_plugin() includes a stat() test, this change has the
|
|
unintended consequence of requiring the module name to be an absolute
|
|
or relative path to the library, not a filename within the dynamic
|
|
linker search path.
|
|
|
|
Within krb5int_open_plugin(), only stat() the filename on the
|
|
platforms which will use the file type.
|
|
|
|
[ghudson@mit.edu: adjusted conditionals to call stat() on Windows;
|
|
rewrote commit message]
|
|
|
|
ticket: 9067 (new)
|
|
tags: pullup
|
|
target_version: 1.20-next
|
|
---
|
|
src/util/support/plugins.c | 11 +++++++----
|
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/util/support/plugins.c b/src/util/support/plugins.c
|
|
index 1ff10c354d0..c6a9a21d57c 100644
|
|
--- a/src/util/support/plugins.c
|
|
+++ b/src/util/support/plugins.c
|
|
@@ -189,9 +189,10 @@ long KRB5_CALLCONV
|
|
krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct errinfo *ep)
|
|
{
|
|
long err = 0;
|
|
- struct stat statbuf;
|
|
struct plugin_file_handle *htmp = NULL;
|
|
int got_plugin = 0;
|
|
+#if defined(USE_CFBUNDLE) || defined(_WIN32)
|
|
+ struct stat statbuf;
|
|
|
|
if (!err) {
|
|
if (stat (filepath, &statbuf) < 0) {
|
|
@@ -201,6 +202,7 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct
|
|
filepath, strerror(err));
|
|
}
|
|
}
|
|
+#endif
|
|
|
|
if (!err) {
|
|
htmp = calloc (1, sizeof (*htmp)); /* calloc initializes ptrs to NULL */
|
|
@@ -208,11 +210,12 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct
|
|
}
|
|
|
|
#if USE_DLOPEN
|
|
- if (!err && ((statbuf.st_mode & S_IFMT) == S_IFREG
|
|
+ if (!err
|
|
#if USE_CFBUNDLE
|
|
- || (statbuf.st_mode & S_IFMT) == S_IFDIR
|
|
+ && ((statbuf.st_mode & S_IFMT) == S_IFREG
|
|
+ || (statbuf.st_mode & S_IFMT) == S_IFDIR)
|
|
#endif /* USE_CFBUNDLE */
|
|
- )) {
|
|
+ ) {
|
|
void *handle = NULL;
|
|
|
|
#if USE_CFBUNDLE
|