diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2019-04-18 21:13:58 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2019-04-19 08:59:44 +0200 |
commit | e2bd8d238343cb913b44c1fa7bf662b7135afeb5 (patch) | |
tree | d595288d3ad1e2512cef499ce15c79b8f32a1a14 /source/n | |
parent | 4b4d2873bb2fcc2ea1ddb1caa3ae20765d895c91 (diff) | |
download | current-e2bd8d238343cb913b44c1fa7bf662b7135afeb5.tar.gz |
Thu Apr 18 21:13:58 UTC 201920190418211358
ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded.
ap/sysstat-12.1.4-x86_64-1.txz: Upgraded.
l/gvfs-1.40.1-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/icu4c-64.2-x86_64-1.txz: Upgraded.
l/libcddb-1.3.2-x86_64-6.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/libcdio-2.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/zstd-1.4.0-x86_64-1.txz: Upgraded.
n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded.
n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Trying to login with 8bit username containing invalid UTF8 input causes
auth process to crash if auth policy is enabled. This could be used rather
easily to cause a DoS. Similar crash also happens during mail delivery
when using invalid UTF8 in From or Subject header when OX push
notification driver is used.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
(* Security fix *)
n/nghttp2-1.38.0-x86_64-1.txz: Upgraded.
n/openssh-8.0p1-x86_64-1.txz: Upgraded.
This release contains a mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
(* Security fix *)
xap/MPlayer-20190418-x86_64-1.txz: Upgraded.
Compiled against libcdio-2.1.0.
xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded.
Compiled against libcdio-2.1.0.
extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
Diffstat (limited to 'source/n')
-rw-r--r-- | source/n/dhcpcd/dhcpcd-7.1.1.tar.xz.distinfo | 1 | ||||
-rw-r--r-- | source/n/dhcpcd/dhcpcd-7.2.0.tar.xz.distinfo | 1 | ||||
-rw-r--r-- | source/n/openssh/openssh.tcp_wrappers.diff | 24 |
3 files changed, 13 insertions, 13 deletions
diff --git a/source/n/dhcpcd/dhcpcd-7.1.1.tar.xz.distinfo b/source/n/dhcpcd/dhcpcd-7.1.1.tar.xz.distinfo deleted file mode 100644 index 14a69c65..00000000 --- a/source/n/dhcpcd/dhcpcd-7.1.1.tar.xz.distinfo +++ /dev/null @@ -1 +0,0 @@ -SHA256 (dhcpcd-7.1.1.tar.xz) = a27924873df92c47ad8b76a4fba4dfb41afaa3f90a4ba5f0e8e3ad446d792441 diff --git a/source/n/dhcpcd/dhcpcd-7.2.0.tar.xz.distinfo b/source/n/dhcpcd/dhcpcd-7.2.0.tar.xz.distinfo new file mode 100644 index 00000000..b8e5dd59 --- /dev/null +++ b/source/n/dhcpcd/dhcpcd-7.2.0.tar.xz.distinfo @@ -0,0 +1 @@ +SHA256 (dhcpcd-7.2.0.tar.xz) = 5fff553318a86acb422c63d5d8ba2e8ed73fcd7d1d32c4e5fb6b55797aecb242 diff --git a/source/n/openssh/openssh.tcp_wrappers.diff b/source/n/openssh/openssh.tcp_wrappers.diff index 24a259c7..38e3b3b4 100644 --- a/source/n/openssh/openssh.tcp_wrappers.diff +++ b/source/n/openssh/openssh.tcp_wrappers.diff @@ -1,6 +1,6 @@ ---- ./configure.ac.orig 2018-08-23 00:41:42.000000000 -0500 -+++ ./configure.ac 2018-08-25 19:14:10.706002529 -0500 -@@ -1502,6 +1502,62 @@ +--- ./configure.ac.orig 2019-04-17 17:52:57.000000000 -0500 ++++ ./configure.ac 2019-04-18 15:13:25.404941727 -0500 +@@ -1494,6 +1494,62 @@ AC_MSG_RESULT([no]) fi @@ -63,7 +63,7 @@ # Check whether user wants to use ldns LDNS_MSG="no" AC_ARG_WITH(ldns, -@@ -5177,6 +5233,7 @@ +@@ -5245,6 +5301,7 @@ echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" @@ -71,8 +71,8 @@ echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " libldns support: $LDNS_MSG" ---- ./sshd.c.orig 2018-08-23 00:41:42.000000000 -0500 -+++ ./sshd.c 2018-08-25 19:12:52.901002527 -0500 +--- ./sshd.c.orig 2019-04-17 17:52:57.000000000 -0500 ++++ ./sshd.c 2019-04-18 15:13:25.406941726 -0500 @@ -122,6 +122,12 @@ #include "auth-options.h" #include "version.h" @@ -86,16 +86,16 @@ /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) -@@ -2063,6 +2069,26 @@ - packet_set_server(); - ssh = active_state; /* XXX */ +@@ -2022,6 +2028,26 @@ + the_active_state = ssh; + ssh_packet_set_server(ssh); +/* Moved LIBWRAP check here */ +#ifdef LIBWRAP + allow_severity = options.log_facility|LOG_INFO; + deny_severity = options.log_facility|LOG_WARNING; + /* Check whether logins are denied from this host. */ -+ if (packet_connection_is_on_socket()) { /* This check must be after packet_set_connection() */ ++ if (ssh_packet_connection_is_on_socket(ssh)) { /* This check must be after ssh_packet_set_connection() */ + struct request_info req; + + request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); @@ -113,8 +113,8 @@ check_ip_options(ssh); /* Prepare the channels layer */ ---- ./sshd.8.orig 2018-08-23 00:41:42.000000000 -0500 -+++ ./sshd.8 2018-08-25 19:12:52.899002527 -0500 +--- ./sshd.8.orig 2019-04-17 17:52:57.000000000 -0500 ++++ ./sshd.8 2019-04-18 15:13:25.407941726 -0500 @@ -873,6 +873,12 @@ This file should be writable only by the user, and need not be readable by anyone else. |