diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-01-27 22:43:13 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-01-28 08:59:57 +0100 |
commit | 131d525a4725408e03739c47eab762874f77fd55 (patch) | |
tree | 6d8453cff16fa00c92d5b71d1c9fd59696de33d2 /source/l | |
parent | 8a82997b2e8f0b7c191f233a196c4d9190c170c9 (diff) | |
download | current-131d525a4725408e03739c47eab762874f77fd55.tar.gz |
Thu Jan 27 22:43:13 UTC 202220220127224313
a/aaa_libraries-15.0-x86_64-18.txz: Rebuilt.
Rebuilt to pick up the patched libexpat.so.1.8.3.
a/kernel-generic-5.15.17-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.17-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.17-x86_64-1.txz: Upgraded.
a/lzlib-1.13-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.0-noarch-8.txz: Rebuilt.
rc.S: clear /var/lock/subsys before starting libcgroup services.
Thanks to pyllyukko.
ap/pamixer-1.5-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
d/kernel-headers-5.15.17-x86-1.txz: Upgraded.
k/kernel-source-5.15.17-noarch-1.txz: Upgraded.
kde/kig-21.12.1-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
kde/kopeninghours-21.12.1-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
kde/krita-5.0.2-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.78.0.
l/boost-1.78.0-x86_64-1.txz: Upgraded.
I hadn't planned to update this at such a late stage, but POV-Ray needs it
and everything we ship builds fine against it. Thanks to bender647.
Shared library .so-version bump.
l/cryfs-0.10.3-x86_64-4.txz: Rebuilt.
Recompiled against boost-1.78.0.
l/expat-2.4.3-x86_64-3.txz: Rebuilt.
Prevent integer overflow in doProlog.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990
(* Security fix *)
l/netpbm-10.97.03-x86_64-1.txz: Upgraded.
l/openexr-2.5.7-x86_64-5.txz: Rebuilt.
Recompiled against boost-1.78.0.
l/pipewire-0.3.44-x86_64-1.txz: Upgraded.
n/fetchmail-6.4.27-x86_64-1.txz: Upgraded.
n/libgpg-error-1.44-x86_64-1.txz: Upgraded.
x/mesa-21.3.5-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-91.5.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/91.5.1/releasenotes/
(* Security fix *)
extra/rust-for-mozilla/rust-1.54.0-x86_64-4.txz: Rebuilt.
Removed duplicated libLLVM shared library.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/l')
-rwxr-xr-x | source/l/boost/boost.SlackBuild | 2 | ||||
-rwxr-xr-x | source/l/cryfs/cryfs.SlackBuild | 2 | ||||
-rw-r--r-- | source/l/expat/5c168279c5ad4668e5e48fe13374fe7a7de4b573.patch | 75 | ||||
-rwxr-xr-x | source/l/expat/expat.SlackBuild | 3 | ||||
-rwxr-xr-x | source/l/openexr/openexr.SlackBuild | 2 |
5 files changed, 80 insertions, 4 deletions
diff --git a/source/l/boost/boost.SlackBuild b/source/l/boost/boost.SlackBuild index d0e8a1b0..8329ba15 100755 --- a/source/l/boost/boost.SlackBuild +++ b/source/l/boost/boost.SlackBuild @@ -30,7 +30,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=boost VERSION=${VERSION:-$(echo $PKGNAM_*.tar.?z | rev | cut -f 3- -d . | rev | cut -f 2- -d _)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} PKG_VERSION=$(echo $VERSION | tr _ .) # Leave this alone NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} diff --git a/source/l/cryfs/cryfs.SlackBuild b/source/l/cryfs/cryfs.SlackBuild index e37b529b..425de608 100755 --- a/source/l/cryfs/cryfs.SlackBuild +++ b/source/l/cryfs/cryfs.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=cryfs VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-4} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/l/expat/5c168279c5ad4668e5e48fe13374fe7a7de4b573.patch b/source/l/expat/5c168279c5ad4668e5e48fe13374fe7a7de4b573.patch new file mode 100644 index 00000000..da0875ab --- /dev/null +++ b/source/l/expat/5c168279c5ad4668e5e48fe13374fe7a7de4b573.patch @@ -0,0 +1,75 @@ +From ede41d1e186ed2aba88a06e84cac839b770af3a1 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Wed, 26 Jan 2022 02:36:43 +0100 +Subject: [PATCH 1/2] lib: Prevent integer overflow in doProlog + (CVE-2022-23990) + +The change from "int nameLen" to "size_t nameLen" +addresses the overflow on "nameLen++" in code +"for (; name[nameLen++];)" right above the second +change in the patch. +--- + expat/lib/xmlparse.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 5ce31402..d1d17005 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -5372,7 +5372,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, + if (dtd->in_eldecl) { + ELEMENT_TYPE *el; + const XML_Char *name; +- int nameLen; ++ size_t nameLen; + const char *nxt + = (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar); + int myindex = nextScaffoldPart(parser); +@@ -5388,7 +5388,13 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, + nameLen = 0; + for (; name[nameLen++];) + ; +- dtd->contentStringLen += nameLen; ++ ++ /* Detect and prevent integer overflow */ ++ if (nameLen > UINT_MAX - dtd->contentStringLen) { ++ return XML_ERROR_NO_MEMORY; ++ } ++ ++ dtd->contentStringLen += (unsigned)nameLen; + if (parser->m_elementDeclHandler) + handleDefault = XML_FALSE; + } + +From 6e3449594fb2f61c92fc561f51f82196fdd15d63 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Wed, 26 Jan 2022 02:51:39 +0100 +Subject: [PATCH 2/2] Changes: Document CVE-2022-23990 + +--- + expat/Changes | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/expat/Changes b/expat/Changes +index 5ff5da5e..ec1f7604 100644 +--- a/expat/Changes ++++ b/expat/Changes +@@ -10,12 +10,18 @@ Release x.x.x xxx xxxxxxx xx xxxx + for when XML_CONTEXT_BYTES is defined to >0 (which is both + common and default). + Impact is denial of service or more. ++ #551 CVE-2022-23990 -- Fix unsigned integer overflow in function ++ doProlog triggered by large content in element type ++ declarations when there is an element declaration handler ++ present (from a prior call to XML_SetElementDeclHandler). ++ Impact is denial of service or more. + + Bug fixes: + #544 #545 xmlwf: Fix a memory leak on output file opening error + + Special thanks to: + hwt0415 ++ Roland Illig + Samanta Navarro + and + Clang LeakSan and the Clang team diff --git a/source/l/expat/expat.SlackBuild b/source/l/expat/expat.SlackBuild index e0ec9085..3a26b2b9 100755 --- a/source/l/expat/expat.SlackBuild +++ b/source/l/expat/expat.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=expat VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -76,6 +76,7 @@ find . -perm 664 -exec chmod 644 {} \+ zcat $CWD/178d26f50af21ec23d6e43814b9b602590b5865c.patch.gz | patch -p2 --verbose || exit 1 zcat $CWD/5f100ffa78b74da8020b71d1582a8979193c1359.patch.gz | patch -p2 --verbose || exit 1 +zcat $CWD/5c168279c5ad4668e5e48fe13374fe7a7de4b573.patch.gz | patch -p2 --verbose || exit 1 CFLAGS="$SLKCFLAGS" \ ./configure \ diff --git a/source/l/openexr/openexr.SlackBuild b/source/l/openexr/openexr.SlackBuild index 2600b9bc..3a496355 100755 --- a/source/l/openexr/openexr.SlackBuild +++ b/source/l/openexr/openexr.SlackBuild @@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=openexr VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-4} +BUILD=${BUILD:-5} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then |