Thu Apr 18 21:13:58 UTC 201920190418211358

ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded. ap/sysstat-12.1.4-x86_64-1.txz: Upgraded. l/gvfs-1.40.1-x86_64-2.txz: Rebuilt. Recompiled against libcdio-2.1.0. l/icu4c-64.2-x86_64-1.txz: Upgraded. l/libcddb-1.3.2-x86_64-6.txz: Rebuilt. Recompiled against libcdio-2.1.0. l/libcdio-2.1.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt. Recompiled against libcdio-2.1.0. l/zstd-1.4.0-x86_64-1.txz: Upgraded. n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded. n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded. This update fixes a security issue: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject header when OX push notification driver is used. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691 (* Security fix *) n/nghttp2-1.38.0-x86_64-1.txz: Upgraded. n/openssh-8.0p1-x86_64-1.txz: Upgraded. This release contains a mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111): when copying files from a remote system to a local directory, scp(1) did not verify that the filenames that the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files with attacker-controlled content. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 (* Security fix *) xap/MPlayer-20190418-x86_64-1.txz: Upgraded. Compiled against libcdio-2.1.0. xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt. Recompiled against libcdio-2.1.0. extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded. Compiled against libcdio-2.1.0. extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt. Recompiled against libcdio-2.1.0.
author: Patrick J Volkerding <volkerdi@slackware.com> 2019-04-18 21:13:58 +0000
committer: Eric Hameleers <alien@slackware.com> 2019-04-19 08:59:44 +0200
commit: e2bd8d238343cb913b44c1fa7bf662b7135afeb5 (patch)
tree: d595288d3ad1e2512cef499ce15c79b8f32a1a14 /source/n/openssh
parent: 4b4d2873bb2fcc2ea1ddb1caa3ae20765d895c91 (diff)
download: current-e2bd8d238343cb913b44c1fa7bf662b7135afeb5.tar.gz
1 files changed, 12 insertions, 12 deletions
diff --git a/source/n/openssh/openssh.tcp_wrappers.diff b/source/n/openssh/openssh.tcp_wrappers.diff
index 24a259c7..38e3b3b4 100644
--- a/source/n/openssh/openssh.tcp_wrappers.diff
+++ b/source/n/openssh/openssh.tcp_wrappers.diff
@@ -1,6 +1,6 @@
---- ./configure.ac.orig	2018-08-23 00:41:42.000000000 -0500
-+++ ./configure.ac	2018-08-25 19:14:10.706002529 -0500
-@@ -1502,6 +1502,62 @@
+--- ./configure.ac.orig	2019-04-17 17:52:57.000000000 -0500
++++ ./configure.ac	2019-04-18 15:13:25.404941727 -0500
+@@ -1494,6 +1494,62 @@
  	AC_MSG_RESULT([no])
  fi
  
@@ -63,7 +63,7 @@
  # Check whether user wants to use ldns
  LDNS_MSG="no"
  AC_ARG_WITH(ldns,
-@@ -5177,6 +5233,7 @@
+@@ -5245,6 +5301,7 @@
  echo "                   OSF SIA support: $SIA_MSG"
  echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
@@ -71,8 +71,8 @@
  echo "              MD5 password support: $MD5_MSG"
  echo "                   libedit support: $LIBEDIT_MSG"
  echo "                   libldns support: $LDNS_MSG"
---- ./sshd.c.orig	2018-08-23 00:41:42.000000000 -0500
-+++ ./sshd.c	2018-08-25 19:12:52.901002527 -0500
+--- ./sshd.c.orig	2019-04-17 17:52:57.000000000 -0500
++++ ./sshd.c	2019-04-18 15:13:25.406941726 -0500
 @@ -122,6 +122,12 @@
  #include "auth-options.h"
  #include "version.h"
@@ -86,16 +86,16 @@
  
  /* Re-exec fds */
  #define REEXEC_DEVCRYPTO_RESERVED_FD	(STDERR_FILENO + 1)
-@@ -2063,6 +2069,26 @@
- 	packet_set_server();
- 	ssh = active_state; /* XXX */
+@@ -2022,6 +2028,26 @@
+ 	the_active_state = ssh;
+ 	ssh_packet_set_server(ssh);
  
 +/* Moved LIBWRAP check here */
 +#ifdef LIBWRAP
 +        allow_severity = options.log_facility|LOG_INFO;
 +        deny_severity = options.log_facility|LOG_WARNING;
 +        /* Check whether logins are denied from this host. */
-+        if (packet_connection_is_on_socket()) {	/* This check must be after packet_set_connection() */
++        if (ssh_packet_connection_is_on_socket(ssh)) {	/* This check must be after ssh_packet_set_connection() */
 +		struct request_info req;
 +
 +		request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
@@ -113,8 +113,8 @@
  	check_ip_options(ssh);
  
  	/* Prepare the channels layer */
---- ./sshd.8.orig	2018-08-23 00:41:42.000000000 -0500
-+++ ./sshd.8	2018-08-25 19:12:52.899002527 -0500
+--- ./sshd.8.orig	2019-04-17 17:52:57.000000000 -0500
++++ ./sshd.8	2019-04-18 15:13:25.407941726 -0500
 @@ -873,6 +873,12 @@
  This file should be writable only by the user, and need not be
  readable by anyone else.
author	Patrick J Volkerding <volkerdi@slackware.com>	2019-04-18 21:13:58 +0000
committer	Eric Hameleers <alien@slackware.com>	2019-04-19 08:59:44 +0200
commit	e2bd8d238343cb913b44c1fa7bf662b7135afeb5 (patch)
tree	d595288d3ad1e2512cef499ce15c79b8f32a1a14 /source/n/openssh
parent	4b4d2873bb2fcc2ea1ddb1caa3ae20765d895c91 (diff)
download	current-e2bd8d238343cb913b44c1fa7bf662b7135afeb5.tar.gz