Slackware 1078 Published by

The following updates has been released for Slackware Linux:

git (SSA:2017-223-01)
libsoup (SSA:2017-223-02)
mercurial (SSA:2017-223-03)
subversion (SSA:2017-223-04)



git (SSA:2017-223-01)

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/git-2.14.1-i586-1_slack14.2.txz: Upgraded.
Fixes security issues:
A "ssh://..." URL can result in a "ssh" command line with a hostname that
begins with a dash "-", which would cause the "ssh" command to instead
(mis)treat it as an option. This is now prevented by forbidding such a
hostname (which should not impact any real-world usage).
Similarly, when GIT_PROXY_COMMAND is configured, the command is run with
host and port that are parsed out from "ssh://..." URL; a poorly written
GIT_PROXY_COMMAND could be tricked into treating a string that begins with a
dash "-" as an option. This is now prevented by forbidding such a hostname
and port number (again, which should not impact any real-world usage).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/git-2.14.1-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/git-2.14.1-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/git-2.14.1-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/git-2.14.1-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/git-2.14.1-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/git-2.14.1-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.14.1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.14.1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.14.1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.14.1-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.14.1-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.14.1-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.14.1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.14.1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
eb09b59fc1bb219e829caa8fc3619bd6 git-2.14.1-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
1a31cef1c6c5a81a09635d25ea3090ff git-2.14.1-x86_64-1_slack13.0.txz

Slackware 13.1 package:
77c2adf3715328fd28a075d19b636fc1 git-2.14.1-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
b382a2bde0bad0f83e13788c4e2dd9b2 git-2.14.1-x86_64-1_slack13.1.txz

Slackware 13.37 package:
7858189706b9da7a8822b43fcc57038e git-2.14.1-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
951d45486e41bfca03a99b52dbe82f2c git-2.14.1-x86_64-1_slack13.37.txz

Slackware 14.0 package:
e1d681ce44de2459fcd2e1f06b83fb7e git-2.14.1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
6eb717a73dc54f4c5dcdad9710636a38 git-2.14.1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
211e9d242f3044bc2f3920d978c148d1 git-2.14.1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
4e0d3510b71bf1e5a0ede2b6f41e330e git-2.14.1-x86_64-1_slack14.1.txz

Slackware 14.2 package:
f065edb1ef108a8cefe74292441ad77b git-2.14.1-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
c29b1e8d760661c0c1cb62cccb316f55 git-2.14.1-x86_64-1_slack14.2.txz

Slackware -current package:
e7765505e32c34d6b23160dc207932af d/git-2.14.1-i586-1.txz

Slackware x86_64 -current package:
9659eaf46710b5514ca804f44b451910 d/git-2.14.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg git-2.14.1-i586-1_slack14.2.txz

libsoup (SSA:2017-223-02)

New libsoup packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libsoup-2.52.2-i586-3_slack14.2.txz: Rebuilt.
Fixed a chunked decoding buffer overrun that could be exploited against
either clients or servers.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2885
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libsoup-2.42.2-i486-2_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libsoup-2.42.2-x86_64-2_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libsoup-2.52.2-i586-3_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libsoup-2.52.2-x86_64-3_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libsoup-2.58.2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libsoup-2.58.2-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.1 package:
8f24024c05fce40e41c489e54ec925c5 libsoup-2.42.2-i486-2_slack14.1.txz

Slackware x86_64 14.1 package:
cd61c03801be0232ee54ec8bd17bbda3 libsoup-2.42.2-x86_64-2_slack14.1.txz

Slackware 14.2 package:
bb1cb37da83b6bca49acd4d724c4f6a4 libsoup-2.52.2-i586-3_slack14.2.txz

Slackware x86_64 14.2 package:
c09f4ec321943ad66e26761e13266271 libsoup-2.52.2-x86_64-3_slack14.2.txz

Slackware -current package:
5e2c65829523cfc426291bbbcee6f3f0 l/libsoup-2.58.2-i586-1.txz

Slackware x86_64 -current package:
1dfde8ba37ef626288b7cb793c4e9420 l/libsoup-2.58.2-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libsoup-2.52.2-i586-3_slack14.2.txz

mercurial (SSA:2017-223-03)

New mercurial packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mercurial-4.3.1-i586-1_slack14.2.txz: Upgraded.
Fixes security issues:
Mercurial's symlink auditing was incomplete prior to 4.3, and could
be abused to write to files outside the repository.
Mercurial was not sanitizing hostnames passed to ssh, allowing
shell injection attacks on clients by specifying a hostname starting
with -oProxyCommand.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mercurial-4.3.1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mercurial-4.3.1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mercurial-4.3.1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mercurial-4.3.1-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mercurial-4.3.1-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mercurial-4.3.1-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/mercurial-4.3.1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/mercurial-4.3.1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
4d9a2a90109202aa2023ff758f8e2b88 mercurial-4.3.1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
c949af25a3a61ba5b88780b2e10b02d5 mercurial-4.3.1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
9260d7fa714eea9a81fb9bc6d56708d4 mercurial-4.3.1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
f0525de8c1497f154f280dbafcdcd25b mercurial-4.3.1-x86_64-1_slack14.1.txz

Slackware 14.2 package:
cf70802f8f9a1ec306ebde94eac246fc mercurial-4.3.1-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
c44f92967f03ac8724f898451d2b4f2f mercurial-4.3.1-x86_64-1_slack14.2.txz

Slackware -current package:
b81fe0b2ec0d3923ce12b5d374b21d7e d/mercurial-4.3.1-i586-1.txz

Slackware x86_64 -current package:
84c3d7646ed899df599435fa32270c83 d/mercurial-4.3.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mercurial-4.3.1-i586-1_slack14.2.txz

subversion (SSA:2017-223-04)

New subversion packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/subversion-1.9.7-i586-1_slack14.2.txz: Upgraded.
Fixed client side arbitrary code execution vulnerability.
For more information, see:
https://subversion.apache.org/security/CVE-2017-9800-advisory.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-):

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/subversion-1.7.22-i486-3_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/subversion-1.7.22-x86_64-3_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/subversion-1.7.22-i486-3_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/subversion-1.7.22-x86_64-3_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/subversion-1.9.7-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/subversion-1.9.7-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/subversion-1.9.7-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/subversion-1.9.7-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
ba390e5f5609094f4e3ce2ee8047dce8 subversion-1.7.22-i486-3_slack14.0.txz

Slackware x86_64 14.0 package:
672d2bfcf3addd313d4fcf55dbf88048 subversion-1.7.22-x86_64-3_slack14.0.txz

Slackware 14.1 package:
cb2f2d08a49f67c2a61c96632f63a711 subversion-1.7.22-i486-3_slack14.1.txz

Slackware x86_64 14.1 package:
82ff7d36ff742f3a24663c29c0f83d20 subversion-1.7.22-x86_64-3_slack14.1.txz

Slackware 14.2 package:
aed0de51428d012a2a05a3bfb928d41b subversion-1.9.7-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
389b78aefddb4a95eed134ef08f28ac2 subversion-1.9.7-x86_64-1_slack14.2.txz

Slackware -current package:
7c60bcd2a8b97230330731eefd6214ca d/subversion-1.9.7-i586-1.txz

Slackware x86_64 -current package:
d9029266051d05f5bd8f9f0b7fef9088 d/subversion-1.9.7-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg subversion-1.9.7-i586-1_slack14.2.txz