Fri Sep 17 04:17:57 UTC 202120210917041757

a/cryptsetup-2.4.1-x86_64-1.txz:  Upgraded.
a/sysvinit-scripts-15.0-noarch-5.txz:  Rebuilt.
  Stop D-Bus after NFS partitions are unmounted to avoid a hang.
  Thanks to vulcan59 and bassmadrigal.
ap/sudo-1.9.8p1-x86_64-1.txz:  Upgraded.
l/fftw-3.3.10-x86_64-1.txz:  Upgraded.
l/libxkbcommon-1.3.1-x86_64-1.txz:  Upgraded.
l/pipewire-0.3.36-x86_64-1.txz:  Upgraded.
n/dhcpcd-9.4.0-x86_64-2.txz:  Rebuilt.
  Applied upstream patch:
  DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
  Thanks to marav.
n/httpd-2.4.49-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
  core: ap_escape_quotes buffer overflow
  mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
  core: null pointer dereference on malformed request
  mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
  (* Security fix *)
x/ibus-libpinyin-1.12.1-x86_64-1.txz:  Upgraded.
x/libpinyin-2.6.1-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-91.1.1-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/91.1.1/releasenotes/

3 files changed, 123 insertions, 3 deletions

diff --git a/source/n/dhcpcd/dhcpcd.SlackBuild b/source/n/dhcpcd/dhcpcd.SlackBuild
index 53cf1be4..c4efe43d 100755
--- a/source/n/dhcpcd/dhcpcd.SlackBuild
+++ b/source/n/dhcpcd/dhcpcd.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=dhcpcd
 VERSION=${VERSION:-$(echo dhcpcd-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
 
 # By default, Slackware builds dhcpcd with privilege separation, which improves
 # security by ensuring that any security vulnerabilies such as buffer overflows
@@ -94,6 +94,7 @@ find . \
 patch -p1 --verbose < $CWD/patches/dhcpcd.conf-Don-t-invoke-wpa_supplicant-by-default.patch || exit 1
 patch -p1 --verbose < $CWD/patches/use-hostname_short-in-dhcpcd.conf.patch || exit 1
 patch -p1 --verbose < $CWD/patches/dhcpcd.conf-request_ntp_server_by_default.patch || exit 1
+patch -p1 --verbose < $CWD/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch || exit 1
 
 # At this point, it should be safe to assume that /var will be mounted by the
 # time dhcpcd is called, as all non-root local filesystems are mounted from
diff --git a/source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch b/source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch
new file mode 100644
index 00000000..8f6a0075
--- /dev/null
+++ b/source/n/dhcpcd/patches/dhcpcd.2fae4a113c3e736d585dd300ca6c8fddae300503.patch
@@ -0,0 +1,119 @@
+From 2fae4a113c3e736d585dd300ca6c8fddae300503 Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Tue, 31 Aug 2021 10:57:44 +0100
+Subject: [PATCH] DHCP6: Only send FQDN for SOLICIT, REQUEST, RENEW, or REBIND messages.
+
+As per RFC 4704 section 5.
+Fixes #44.
+---
+ src/dhcp6.c |   79 +++++++++++++++++++++++++++++++++-------------------------
+ 1 files changed, 45 insertions(+), 34 deletions(-)
+
+diff --git a/src/dhcp6.c b/src/dhcp6.c
+index f355418..9c818b3 100644
+--- a/src/dhcp6.c
++++ b/src/dhcp6.c
+@@ -637,7 +637,7 @@ dhcp6_makemessage(struct interface *ifp)
+ 	uint8_t type;
+ 	uint16_t si_len, uni_len, n_options;
+ 	uint8_t *o_lenp;
+-	struct if_options *ifo;
++	struct if_options *ifo = ifp->options;
+ 	const struct dhcp_opt *opt, *opt2;
+ 	const struct ipv6_addr *ap;
+ 	char hbuf[HOSTNAME_MAX_LEN + 1];
+@@ -658,8 +658,50 @@ dhcp6_makemessage(struct interface *ifp)
+ 		state->send = NULL;
+ 	}
+ 
+-	ifo = ifp->options;
+-	fqdn = ifo->fqdn;
++	switch(state->state) {
++	case DH6S_INIT: /* FALLTHROUGH */
++	case DH6S_DISCOVER:
++		type = DHCP6_SOLICIT;
++		break;
++	case DH6S_REQUEST:
++		type = DHCP6_REQUEST;
++		break;
++	case DH6S_CONFIRM:
++		type = DHCP6_CONFIRM;
++		break;
++	case DH6S_REBIND:
++		type = DHCP6_REBIND;
++		break;
++	case DH6S_RENEW:
++		type = DHCP6_RENEW;
++		break;
++	case DH6S_INFORM:
++		type = DHCP6_INFORMATION_REQ;
++		break;
++	case DH6S_RELEASE:
++		type = DHCP6_RELEASE;
++		break;
++	case DH6S_DECLINE:
++		type = DHCP6_DECLINE;
++		break;
++	default:
++		errno = EINVAL;
++		return -1;
++	}
++
++	/* RFC 4704 Section 5 says we can only send FQDN for these
++	 * message types. */
++	switch(type) {
++	case DHCP6_SOLICIT:
++	case DHCP6_REQUEST:
++	case DHCP6_RENEW:
++	case DHCP6_REBIND:
++		fqdn = ifo->fqdn;
++		break;
++	default:
++		fqdn = FQDN_DISABLE;
++		break;
++	}
+ 
+ 	if (fqdn == FQDN_DISABLE && ifo->options & DHCPCD_HOSTNAME) {
+ 		/* We're sending the DHCPv4 hostname option, so send FQDN as
+@@ -823,37 +865,6 @@ dhcp6_makemessage(struct interface *ifp)
+ 	}
+ 
+ 	switch(state->state) {
+-	case DH6S_INIT: /* FALLTHROUGH */
+-	case DH6S_DISCOVER:
+-		type = DHCP6_SOLICIT;
+-		break;
+-	case DH6S_REQUEST:
+-		type = DHCP6_REQUEST;
+-		break;
+-	case DH6S_CONFIRM:
+-		type = DHCP6_CONFIRM;
+-		break;
+-	case DH6S_REBIND:
+-		type = DHCP6_REBIND;
+-		break;
+-	case DH6S_RENEW:
+-		type = DHCP6_RENEW;
+-		break;
+-	case DH6S_INFORM:
+-		type = DHCP6_INFORMATION_REQ;
+-		break;
+-	case DH6S_RELEASE:
+-		type = DHCP6_RELEASE;
+-		break;
+-	case DH6S_DECLINE:
+-		type = DHCP6_DECLINE;
+-		break;
+-	default:
+-		errno = EINVAL;
+-		return -1;
+-	}
+-
+-	switch(state->state) {
+ 	case DH6S_REQUEST: /* FALLTHROUGH */
+ 	case DH6S_RENEW:   /* FALLTHROUGH */
+ 	case DH6S_RELEASE:
+-- 
+1.7.1
+
+
diff --git a/source/n/httpd/httpd.url b/source/n/httpd/httpd.url
index 9dc6266c..08da5553 100644
--- a/source/n/httpd/httpd.url
+++ b/source/n/httpd/httpd.url
@@ -1,2 +1,2 @@
-http://www.apache.org/dist/httpd/httpd-2.4.48.tar.bz2
-http://www.apache.org/dist/httpd/httpd-2.4.48.tar.bz2.asc
+http://www.apache.org/dist/httpd/httpd-2.4.49.tar.bz2
+http://www.apache.org/dist/httpd/httpd-2.4.49.tar.bz2.asc