mirror of
git://slackware.nl/current.git
synced 2024-12-27 09:59:16 +01:00
88d937fb4e
a/kernel-firmware-20230214_a253a37-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.12-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.12-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.12-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.12-x86-1.txz: Upgraded.
d/rust-1.66.1-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.12-noarch-1.txz: Upgraded.
kde/bluedevil-5.27.0-x86_64-1.txz: Upgraded.
kde/breeze-5.27.0-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.27.0-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.27.0-x86_64-1.txz: Upgraded.
kde/drkonqi-5.27.0-x86_64-1.txz: Upgraded.
kde/kactivitymanagerd-5.27.0-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.27.0-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.27.0-x86_64-1.txz: Upgraded.
kde/kdecoration-5.27.0-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.27.0-x86_64-1.txz: Upgraded.
kde/kgamma5-5.27.0-x86_64-1.txz: Upgraded.
kde/khotkeys-5.27.0-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.27.0-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.27.0-x86_64-1.txz: Upgraded.
kde/kpipewire-5.27.0-x86_64-1.txz: Upgraded.
kde/kscreen-5.27.0-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.27.0-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.27.0-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.27.0-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.27.0-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.27.0-x86_64-1.txz: Upgraded.
kde/kwin-5.27.0-x86_64-1.txz: Upgraded.
kde/kwrited-5.27.0-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.27.0-x86_64-1.txz: Upgraded.
kde/libkscreen-5.27.0-x86_64-1.txz: Upgraded.
kde/libksysguard-5.27.0-x86_64-1.txz: Upgraded.
kde/milou-5.27.0-x86_64-1.txz: Upgraded.
kde/oxygen-5.27.0-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-browser-integration-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.27.0-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.27.0-x86_64-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.27.0-x86_64-1.txz: Upgraded.
kde/powerdevil-5.27.0-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.27.0-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.27.0-x86_64-1.txz: Upgraded.
kde/systemsettings-5.27.0-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.27.0-x86_64-1.txz: Upgraded.
l/mozjs102-102.8.0esr-x86_64-1.txz: Upgraded.
n/php-7.4.33-x86_64-3.txz: Rebuilt.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
xap/mozilla-firefox-110.0-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/110.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
https://www.cve.org/CVERecord?id=CVE-2023-25728
https://www.cve.org/CVERecord?id=CVE-2023-25730
https://www.cve.org/CVERecord?id=CVE-2023-25743
https://www.cve.org/CVERecord?id=CVE-2023-0767
https://www.cve.org/CVERecord?id=CVE-2023-25735
https://www.cve.org/CVERecord?id=CVE-2023-25737
https://www.cve.org/CVERecord?id=CVE-2023-25738
https://www.cve.org/CVERecord?id=CVE-2023-25739
https://www.cve.org/CVERecord?id=CVE-2023-25729
https://www.cve.org/CVERecord?id=CVE-2023-25732
https://www.cve.org/CVERecord?id=CVE-2023-25734
https://www.cve.org/CVERecord?id=CVE-2023-25740
https://www.cve.org/CVERecord?id=CVE-2023-25731
https://www.cve.org/CVERecord?id=CVE-2023-25733
https://www.cve.org/CVERecord?id=CVE-2023-25736
https://www.cve.org/CVERecord?id=CVE-2023-25741
https://www.cve.org/CVERecord?id=CVE-2023-25742
https://www.cve.org/CVERecord?id=CVE-2023-25744
https://www.cve.org/CVERecord?id=CVE-2023-25745
(* Security fix *)
extra/php80/php80-8.0.28-x86_64-1.txz: Upgraded.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
extra/php81/php81-8.1.16-x86_64-1.txz: Upgraded.
This update fixes security issues:
Core: Password_verify() always return true with some hash.
Core: 1-byte array overrun in common path resolve code.
SAPI: DOS vulnerability when parsing multipart request body.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0662
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.67.1-x86_64-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
62 lines
2.4 KiB
Diff
62 lines
2.4 KiB
Diff
From c0fceebfa195b8e56a7108cb731b5ea7afbef70c Mon Sep 17 00:00:00 2001
|
|
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
|
Date: Fri, 27 Jan 2023 19:28:27 +0100
|
|
Subject: [PATCH] Fix array overrun when appending slash to paths
|
|
|
|
Fix it by extending the array sizes by one character. As the input is
|
|
limited to the maximum path length, there will always be place to append
|
|
the slash. As the php_check_specific_open_basedir() simply uses the
|
|
strings to compare against each other, no new failures related to too
|
|
long paths are introduced.
|
|
We'll let the DOM and XML case handle a potentially too long path in the
|
|
library code.
|
|
---
|
|
ext/dom/document.c | 2 +-
|
|
ext/xmlreader/php_xmlreader.c | 2 +-
|
|
main/fopen_wrappers.c | 6 +++---
|
|
3 files changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/ext/dom/document.c b/ext/dom/document.c
|
|
index 4dee5548f188..c60198a3be11 100644
|
|
--- a/ext/dom/document.c
|
|
+++ b/ext/dom/document.c
|
|
@@ -1182,7 +1182,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so
|
|
int validate, recover, resolve_externals, keep_blanks, substitute_ent;
|
|
int resolved_path_len;
|
|
int old_error_reporting = 0;
|
|
- char *directory=NULL, resolved_path[MAXPATHLEN];
|
|
+ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
|
|
|
|
if (id != NULL) {
|
|
intern = Z_DOMOBJ_P(id);
|
|
diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
|
|
index c17884d960cb..39141c8c1223 100644
|
|
--- a/ext/xmlreader/php_xmlreader.c
|
|
+++ b/ext/xmlreader/php_xmlreader.c
|
|
@@ -1017,7 +1017,7 @@ PHP_METHOD(XMLReader, XML)
|
|
xmlreader_object *intern = NULL;
|
|
char *source, *uri = NULL, *encoding = NULL;
|
|
int resolved_path_len, ret = 0;
|
|
- char *directory=NULL, resolved_path[MAXPATHLEN];
|
|
+ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
|
|
xmlParserInputBufferPtr inputbfr;
|
|
xmlTextReaderPtr reader;
|
|
|
|
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
|
|
index f6ce26e104be..12cc9c8b10c0 100644
|
|
--- a/main/fopen_wrappers.c
|
|
+++ b/main/fopen_wrappers.c
|
|
@@ -129,10 +129,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
|
|
*/
|
|
PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
|
|
{
|
|
- char resolved_name[MAXPATHLEN];
|
|
- char resolved_basedir[MAXPATHLEN];
|
|
+ char resolved_name[MAXPATHLEN + 1];
|
|
+ char resolved_basedir[MAXPATHLEN + 1];
|
|
char local_open_basedir[MAXPATHLEN];
|
|
- char path_tmp[MAXPATHLEN];
|
|
+ char path_tmp[MAXPATHLEN + 1];
|
|
char *path_file;
|
|
size_t resolved_basedir_len;
|
|
size_t resolved_name_len;
|