slackware-current/patches/source/mozilla-firefox/build-deps.sh
Patrick J Volkerding 79e6c8efb8 Fri Aug 4 20:17:36 UTC 2023
extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
  loading in XML without enabling it).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3823
  (* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz:  Added.
  We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
    https://www.cve.org/CVERecord?id=CVE-2023-4045
    https://www.cve.org/CVERecord?id=CVE-2023-4046
    https://www.cve.org/CVERecord?id=CVE-2023-4047
    https://www.cve.org/CVERecord?id=CVE-2023-4048
    https://www.cve.org/CVERecord?id=CVE-2023-4049
    https://www.cve.org/CVERecord?id=CVE-2023-4050
    https://www.cve.org/CVERecord?id=CVE-2023-4052
    https://www.cve.org/CVERecord?id=CVE-2023-4054
    https://www.cve.org/CVERecord?id=CVE-2023-4055
    https://www.cve.org/CVERecord?id=CVE-2023-4056
    https://www.cve.org/CVERecord?id=CVE-2023-4057
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz:  Upgraded.
  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
  branch because Windows has made changes that break Samba 4.15.x. The last
  4.15.x will be retained in /pasture as a fallback. There may be some
  required configuration changes with this, but we've kept using MIT Kerberos
  to try to have the behavior change as little as possible. Upgrade carefully.
  This update fixes security issues:
  When winbind is used for NTLM authentication, a maliciously crafted request
  can trigger an out-of-bounds read in winbind and possibly crash it.
  SMB2 packet signing is not enforced if an admin configured
  "server signing = required" or for SMB2 connections to Domain Controllers
  where SMB2 packet signing is mandatory.
  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
  triggered by an unauthenticated attacker by issuing a malformed RPC request.
  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
  used by an unauthenticated attacker to trigger a process crash in a shared
  RPC mdssvc worker process.
  As part of the Spotlight protocol Samba discloses the server-side absolute
  path of shares and files and directories in search results.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2127.html
    https://www.samba.org/samba/security/CVE-2023-3347.html
    https://www.samba.org/samba/security/CVE-2023-34966.html
    https://www.samba.org/samba/security/CVE-2023-34967.html
    https://www.samba.org/samba/security/CVE-2023-34968.html
    https://www.cve.org/CVERecord?id=CVE-2022-2127
    https://www.cve.org/CVERecord?id=CVE-2023-3347
    https://www.cve.org/CVERecord?id=CVE-2023-34966
    https://www.cve.org/CVERecord?id=CVE-2023-34967
    https://www.cve.org/CVERecord?id=CVE-2023-34968
  (* Security fix *)
2023-08-05 13:30:38 +02:00

45 lines
2 KiB
Bash
Executable file

#!/bin/bash
# Copyright 2019, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Clear out any existing build deps:
rm -rf $TMP/mozilla-firefox-build-deps
mkdir -p $TMP/mozilla-firefox-build-deps
# This will be at the beginning of the $PATH, so protect against nonsense
# happening in /tmp:
chmod 700 $TMP/mozilla-firefox-build-deps
PATH=$TMP/mozilla-firefox-build-deps/usr/bin:$HOME/.cargo/bin:$PATH
# cbindgen is a build-time dependency:
if [ ! -x /usr/bin/cbindgen ]; then
( cd $CWD/build-deps/cbindgen ; ./cbindgen.build ) || exit 1
fi
if /bin/ls build-deps*.txz 1> /dev/null 2> /dev/null ; then # use prebuilt autoconf/nodejs
( cd $TMP/mozilla-firefox-build-deps ; tar xf $CWD/build-deps*.txz )
else
# We need to use the incredibly ancient autoconf-2.13 for this :/
( cd $CWD/build-deps/autoconf ; ./autoconf.build ) || exit 1
# And node.js...
if [ ! -x /usr/bin/node ]; then
( cd $CWD/build-deps/nodejs ; ./nodejs.build ) || exit 1
fi
fi