summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2024-04-04 20:49:23 +0000
committer Eric Hameleers <alien@slackware.com>2024-04-05 13:30:57 +0200
commit1e2fa38645e550d9b8193f67f1efe6eb19ea21a0 (patch)
tree57a1dc547278977aff89a6ff6d75727cb02e85da
parentd6e7dd04178ee9d5ce5a7f5ef057b28b54bba500 (diff)
downloadcurrent-1e2fa38645e550d9b8193f67f1efe6eb19ea21a0.tar.gz
current-1e2fa38645e550d9b8193f67f1efe6eb19ea21a0.tar.xz
Thu Apr 4 20:49:23 UTC 202420240404204923_15.0
patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HTTP/2 DoS by memory exhaustion on endless continuation frames. HTTP Response Splitting in multiple modules. HTTP response splitting. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.59 https://www.cve.org/CVERecord?id=CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2023-38709 (* Security fix *) patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it can accept after a HEADERS frame. For more information, see: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://www.kb.cert.org/vuls/id/421644 https://www.cve.org/CVERecord?id=CVE-2024-28182 (* Security fix *)
Diffstat
-rw-r--r--ChangeLog.rss37
-rw-r--r--ChangeLog.txt25
-rw-r--r--FILELIST.TXT54
-rw-r--r--patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txt (renamed from patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txt)0
-rw-r--r--patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txt (renamed from patches/packages/nghttp2-1.57.0-x86_64-1_slack15.0.txt)0
-rw-r--r--patches/source/httpd/httpd.url4
6 files changed, 89 insertions, 31 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index eff6ef6ce..0a5416083 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,43 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Wed, 3 Apr 2024 22:22:06 GMT</pubDate>
- <lastBuildDate>Thu, 4 Apr 2024 11:30:27 GMT</lastBuildDate>
+ <pubDate>Thu, 4 Apr 2024 20:49:23 GMT</pubDate>
+ <lastBuildDate>Fri, 5 Apr 2024 11:30:43 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
+ <title>Thu, 4 Apr 2024 20:49:23 GMT</title>
+ <pubDate>Thu, 4 Apr 2024 20:49:23 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20240404204923</link>
+ <guid isPermaLink="false">20240404204923</guid>
+ <description>
+ <![CDATA[<pre>
+patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
+ This update fixes security issues:
+ HTTP/2 DoS by memory exhaustion on endless continuation frames.
+ HTTP Response Splitting in multiple modules.
+ HTTP response splitting.
+ For more information, see:
+ https://downloads.apache.org/httpd/CHANGES_2.4.59
+ https://www.cve.org/CVERecord?id=CVE-2024-27316
+ https://www.cve.org/CVERecord?id=CVE-2024-24795
+ https://www.cve.org/CVERecord?id=CVE-2023-38709
+ (* Security fix *)
+patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded.
+ This update fixes security issues:
+ nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
+ frames even after a stream is reset to keep HPACK context in sync. This
+ causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
+ this vulnerability by limiting the number of CONTINUATION frames it can
+ accept after a HEADERS frame.
+ For more information, see:
+ https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
+ https://www.kb.cert.org/vuls/id/421644
+ https://www.cve.org/CVERecord?id=CVE-2024-28182
+ (* Security fix *)
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Wed, 3 Apr 2024 22:22:06 GMT</title>
<pubDate>Wed, 3 Apr 2024 22:22:06 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20240403222206</link>
diff --git a/ChangeLog.txt b/ChangeLog.txt
index b4c8ee052..6a570ee01 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,28 @@
+Thu Apr 4 20:49:23 UTC 2024
+patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
+ This update fixes security issues:
+ HTTP/2 DoS by memory exhaustion on endless continuation frames.
+ HTTP Response Splitting in multiple modules.
+ HTTP response splitting.
+ For more information, see:
+ https://downloads.apache.org/httpd/CHANGES_2.4.59
+ https://www.cve.org/CVERecord?id=CVE-2024-27316
+ https://www.cve.org/CVERecord?id=CVE-2024-24795
+ https://www.cve.org/CVERecord?id=CVE-2023-38709
+ (* Security fix *)
+patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded.
+ This update fixes security issues:
+ nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
+ frames even after a stream is reset to keep HPACK context in sync. This
+ causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
+ this vulnerability by limiting the number of CONTINUATION frames it can
+ accept after a HEADERS frame.
+ For more information, see:
+ https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
+ https://www.kb.cert.org/vuls/id/421644
+ https://www.cve.org/CVERecord?id=CVE-2024-28182
+ (* Security fix *)
++--------------------------+
Wed Apr 3 22:22:06 UTC 2024
patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz: Rebuilt.
This update fixes security issues:
diff --git a/FILELIST.TXT b/FILELIST.TXT
index 75809da58..f1a700cd9 100644
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@@ -1,20 +1,20 @@
-Wed Apr 3 22:24:45 UTC 2024
+Thu Apr 4 20:51:47 UTC 2024
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
-drwxr-xr-x 12 root root 4096 2024-04-03 22:22 .
+drwxr-xr-x 12 root root 4096 2024-04-04 20:49 .
-rw-r--r-- 1 root root 5767 2022-02-02 22:44 ./ANNOUNCE.15.0
-rw-r--r-- 1 root root 16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
--rw-r--r-- 1 root root 1229179 2024-04-03 20:02 ./CHECKSUMS.md5
--rw-r--r-- 1 root root 195 2024-04-03 20:02 ./CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 1229887 2024-04-04 19:11 ./CHECKSUMS.md5
+-rw-r--r-- 1 root root 195 2024-04-04 19:11 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r-- 1 root root 2106812 2024-04-03 22:22 ./ChangeLog.txt
+-rw-r--r-- 1 root root 2108035 2024-04-04 20:49 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rw-r--r-- 1 root root 1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@@ -25,7 +25,7 @@ drwxr-xr-x 2 root root 4096 2022-02-02 08:21 ./EFI/BOOT
-rwxr-xr-x 1 root root 2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r-- 1 root root 1605769 2024-04-03 20:02 ./FILELIST.TXT
+-rw-r--r-- 1 root root 1606587 2024-04-04 19:11 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
-rw-r--r-- 1 root root 864745 2022-02-02 08:25 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8034 2022-02-02 03:36 ./README.TXT
@@ -828,13 +828,13 @@ drwxr-xr-x 2 root root 4096 2022-12-17 19:52 ./pasture/source/samba
-rw-r--r-- 1 root root 7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
-rw-r--r-- 1 root root 7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
-rw-r--r-- 1 root root 536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
-drwxr-xr-x 4 root root 4096 2024-04-03 22:24 ./patches
--rw-r--r-- 1 root root 111814 2024-04-03 22:24 ./patches/CHECKSUMS.md5
--rw-r--r-- 1 root root 195 2024-04-03 22:24 ./patches/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 152487 2024-04-03 22:24 ./patches/FILE_LIST
--rw-r--r-- 1 root root 15370039 2024-04-03 22:24 ./patches/MANIFEST.bz2
--rw-r--r-- 1 root root 78327 2024-04-03 22:24 ./patches/PACKAGES.TXT
-drwxr-xr-x 5 root root 32768 2024-04-03 22:24 ./patches/packages
+drwxr-xr-x 4 root root 4096 2024-04-04 19:11 ./patches
+-rw-r--r-- 1 root root 111814 2024-04-04 19:11 ./patches/CHECKSUMS.md5
+-rw-r--r-- 1 root root 195 2024-04-04 19:11 ./patches/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 152487 2024-04-04 19:11 ./patches/FILE_LIST
+-rw-r--r-- 1 root root 15352234 2024-04-04 19:11 ./patches/MANIFEST.bz2
+-rw-r--r-- 1 root root 78327 2024-04-04 19:11 ./patches/PACKAGES.TXT
+drwxr-xr-x 5 root root 32768 2024-04-04 19:11 ./patches/packages
-rw-r--r-- 1 root root 360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@@ -931,9 +931,9 @@ drwxr-xr-x 5 root root 32768 2024-04-03 22:24 ./patches/packages
-rw-r--r-- 1 root root 314 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 111208 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-04-14 21:04 ./patches/packages/gzip-1.12-x86_64-1_slack15.0.txz.asc
--rw-r--r-- 1 root root 513 2023-10-19 19:02 ./patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txt
--rw-r--r-- 1 root root 3907716 2023-10-19 19:02 ./patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz
--rw-r--r-- 1 root root 163 2023-10-19 19:02 ./patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txz.asc
+-rw-r--r-- 1 root root 513 2024-04-04 16:57 ./patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txt
+-rw-r--r-- 1 root root 3913144 2024-04-04 16:57 ./patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz
+-rw-r--r-- 1 root root 195 2024-04-04 16:57 ./patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 513 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 312136 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2022-08-23 03:07 ./patches/packages/hunspell-1.7.1-x86_64-1_slack15.0.txz.asc
@@ -1037,9 +1037,9 @@ drwxr-xr-x 2 root root 4096 2023-12-26 00:24 ./patches/packages/linux-5.1
-rw-r--r-- 1 root root 582 2023-06-26 18:57 ./patches/packages/network-scripts-15.0-noarch-19_slack15.0.txt
-rw-r--r-- 1 root root 40028 2023-06-26 18:57 ./patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-06-26 18:57 ./patches/packages/network-scripts-15.0-noarch-19_slack15.0.txz.asc
--rw-r--r-- 1 root root 297 2023-10-10 23:31 ./patches/packages/nghttp2-1.57.0-x86_64-1_slack15.0.txt
--rw-r--r-- 1 root root 112612 2023-10-10 23:31 ./patches/packages/nghttp2-1.57.0-x86_64-1_slack15.0.txz
--rw-r--r-- 1 root root 163 2023-10-10 23:31 ./patches/packages/nghttp2-1.57.0-x86_64-1_slack15.0.txz.asc
+-rw-r--r-- 1 root root 297 2024-04-04 17:00 ./patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txt
+-rw-r--r-- 1 root root 117908 2024-04-04 17:00 ./patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz
+-rw-r--r-- 1 root root 195 2024-04-04 17:00 ./patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz.asc
-rw-r--r-- 1 root root 550 2023-05-25 18:24 ./patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 466552 2023-05-25 18:24 ./patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-05-25 18:24 ./patches/packages/ntfs-3g-2022.10.3-x86_64-1_slack15.0.txz.asc
@@ -1216,7 +1216,7 @@ drwxr-xr-x 2 root root 4096 2023-11-21 21:09 ./patches/packages/old-linux
-rw-r--r-- 1 root root 463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
-rw-r--r-- 1 root root 459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
-rw-r--r-- 1 root root 163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 111 root root 4096 2024-04-03 22:20 ./patches/source
+drwxr-xr-x 111 root root 4096 2024-04-04 18:18 ./patches/source
drwxr-xr-x 2 root root 4096 2023-09-26 19:22 ./patches/source/Cython
-rw-r--r-- 1 root root 1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
-rwxr-xr-x 1 root root 3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@@ -1469,13 +1469,13 @@ drwxr-xr-x 2 root root 4096 2022-04-07 21:51 ./patches/source/gzip
-rw-r--r-- 1 root root 833 2022-04-07 17:00 ./patches/source/gzip/gzip-1.12.tar.xz.sig
-rwxr-xr-x 1 root root 5170 2022-04-14 20:41 ./patches/source/gzip/gzip.SlackBuild
-rw-r--r-- 1 root root 766 2018-02-27 06:13 ./patches/source/gzip/slack-desc
-drwxr-xr-x 2 root root 4096 2023-10-19 18:58 ./patches/source/httpd
+drwxr-xr-x 2 root root 4096 2024-04-04 16:56 ./patches/source/httpd
-rw-r--r-- 1 root root 931 2018-09-24 18:58 ./patches/source/httpd/doinst.sh.gz
--rw-r--r-- 1 root root 7485817 2023-10-19 09:09 ./patches/source/httpd/httpd-2.4.58.tar.bz2
--rw-r--r-- 1 root root 874 2023-10-19 09:09 ./patches/source/httpd/httpd-2.4.58.tar.bz2.asc
+-rw-r--r-- 1 root root 7503198 2024-04-04 13:33 ./patches/source/httpd/httpd-2.4.59.tar.bz2
+-rw-r--r-- 1 root root 833 2024-04-04 13:33 ./patches/source/httpd/httpd-2.4.59.tar.bz2.asc
-rwxr-xr-x 1 root root 9115 2022-03-14 17:38 ./patches/source/httpd/httpd.SlackBuild
-rw-r--r-- 1 root root 260 2012-04-13 02:17 ./patches/source/httpd/httpd.runasapache.diff.gz
--rw-r--r-- 1 root root 112 2023-10-19 18:51 ./patches/source/httpd/httpd.url
+-rw-r--r-- 1 root root 112 2024-04-04 16:46 ./patches/source/httpd/httpd.url
-rw-r--r-- 1 root root 171 2021-05-23 19:15 ./patches/source/httpd/logrotate.httpd
-rw-r--r-- 1 root root 1001 2023-08-16 16:41 ./patches/source/httpd/rc.httpd
-rw-r--r-- 1 root root 966 2018-02-27 06:13 ./patches/source/httpd/slack-desc
@@ -1834,9 +1834,9 @@ drwxr-xr-x 2 root root 4096 2021-04-01 20:21 ./patches/source/network-scr
-rw-r--r-- 1 root root 19 1999-01-28 01:15 ./patches/source/network-scripts/scripts/resolv.conf
-rw-r--r-- 1 root root 349 2003-02-18 23:53 ./patches/source/network-scripts/scripts/setup.netconfig
-rw-r--r-- 1 root root 1045 2018-02-27 06:13 ./patches/source/network-scripts/slack-desc
-drwxr-xr-x 2 root root 4096 2023-10-10 23:26 ./patches/source/nghttp2
--rw-r--r-- 1 root root 1543568 2023-10-10 14:12 ./patches/source/nghttp2/nghttp2-1.57.0.tar.xz
--rw-r--r-- 1 root root 195 2023-10-10 14:12 ./patches/source/nghttp2/nghttp2-1.57.0.tar.xz.asc
+drwxr-xr-x 2 root root 4096 2024-04-04 16:59 ./patches/source/nghttp2
+-rw-r--r-- 1 root root 1645808 2024-04-04 08:43 ./patches/source/nghttp2/nghttp2-1.61.0.tar.xz
+-rw-r--r-- 1 root root 833 2024-04-04 08:43 ./patches/source/nghttp2/nghttp2-1.61.0.tar.xz.asc
-rwxr-xr-x 1 root root 4616 2023-10-10 23:31 ./patches/source/nghttp2/nghttp2.SlackBuild
-rw-r--r-- 1 root root 118 2023-10-10 23:25 ./patches/source/nghttp2/nghttp2.url
-rw-r--r-- 1 root root 784 2018-03-26 18:26 ./patches/source/nghttp2/slack-desc
diff --git a/patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txt b/patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txt
index 3185f84d3..3185f84d3 100644
--- a/patches/packages/httpd-2.4.58-x86_64-1_slack15.0.txt
+++ b/patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txt
diff --git a/patches/packages/nghttp2-1.57.0-x86_64-1_slack15.0.txt b/patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txt
index 9f41ff210..9f41ff210 100644
--- a/patches/packages/nghttp2-1.57.0-x86_64-1_slack15.0.txt
+++ b/patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txt
diff --git a/patches/source/httpd/httpd.url b/patches/source/httpd/httpd.url
index fdbabad99..c60672025 100644
--- a/patches/source/httpd/httpd.url
+++ b/patches/source/httpd/httpd.url
@@ -1,2 +1,2 @@
-http://www.apache.org/dist/httpd/httpd-2.4.58.tar.bz2
-http://www.apache.org/dist/httpd/httpd-2.4.58.tar.bz2.asc
+http://www.apache.org/dist/httpd/httpd-2.4.59.tar.bz2
+http://www.apache.org/dist/httpd/httpd-2.4.59.tar.bz2.asc
generated by cgit v1.2.3-65-gdbad (git 2.45.1) at 2024-06-19 00:54:34 +0000