SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A vulnerability classified as problematic has been found in ffmpeg.
This affects an unknown part of the file libavcodec/rpzaenc.c of the
component QuickTime RPZA Video Encoder.
The manipulation of the argument y_size leads to out-of-bounds read.
It is possible to initiate the attack remotely.
The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984.
It is recommended to apply a patch to fix this issue.
The associated identifier of this vulnerability is VDB-213543.
A vulnerability classified as problematic was found in ffmpeg.
This vulnerability affects the function smc_encode_stream of the file
libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder.
The manipulation of the argument y_size leads to out-of-bounds read.
The attack can be initiated remotely.
The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd.
It is recommended to apply a patch to fix this issue.
The identifier of this vulnerability is VDB-213544.
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3
release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence
version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
Also ignore trailing dots in both host name and comparison pattern.
Regression in 7.86.0 (from 1e9a538)
Extended test 1614 to verify better.
Reported-by: Henning Schild
Fixes #9821
Closes #9822
If the host name is an IP address and the noproxy string contained that
IP address with a following comma, it would erroneously not match.
Extended test 1614 to verify this combo as well.
Reported-by: Henning Schild
Fixes #9813
Closes #9814
Understood, Your kernel SlackBuilds makes adding this patch a piece of cake anyway for us DIY'ers, so this is a non-issue for me personally. I am also slightly perplexed on why they haven't backported this yet given its simplicity and it does make a noticeable improvement under the right conditions.
Thanks for the consideration.
note: patch included in 6.0.8
5.15.63v3 is with processor_idle.c patch, 63v2 without, no other changes
kernel compile == 92.8 seconds vs 105, almost 15% gain.
'make clean; /usr/bin/time make -j16 bzImage'
recent zenbook pro (laptop), performance governor, mitigations=off
Code:
###
Kernel: arch/x86/boot/bzImage is ready (#17)
1149.70user 116.45system 1:33.26elapsed 1357%CPU (0avgtext+0avgdata 337928maxresident)k
199296inputs+1139240outputs (1630major+39558843minor)pagefaults 0swaps
Linux zen 5.15.63v3 #16 SMP PREEMPT Mon Nov 14 20:35:58 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux
Kernel: arch/x86/boot/bzImage is ready (#19)
1130.75user 112.22system 1:31.10elapsed 1364%CPU (0avgtext+0avgdata 338044maxresident)k
128424inputs+1139208outputs (1560major+39560793minor)pagefaults 0swaps
Linux zen 5.15.63v3 #16 SMP PREEMPT Mon Nov 14 20:35:58 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux
Kernel: arch/x86/boot/bzImage is ready (#20)
1129.37user 112.11system 1:31.04elapsed 1363%CPU (0avgtext+0avgdata 337964maxresident)k
0inputs+1139240outputs (1434major+39553868minor)pagefaults 0swaps
Linux zen 5.15.63v3 #16 SMP PREEMPT Mon Nov 14 20:35:58 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux
###
Kernel: arch/x86/boot/bzImage is ready (#18)
1213.51user 118.30system 1:42.06elapsed 1304%CPU (0avgtext+0avgdata 337916maxresident)k
99216inputs+1139232outputs (1374major+39553967minor)pagefaults 0swaps
Linux zen 5.15.63v2 #15 SMP PREEMPT Mon Nov 14 11:00:16 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux
Kernel: arch/x86/boot/bzImage is ready (#21)
1199.79user 115.20system 1:47.08elapsed 1228%CPU (0avgtext+0avgdata 337904maxresident)k
201960inputs+1139240outputs (1546major+39553843minor)pagefaults 0swaps
Linux zen 5.15.63v2 #15 SMP PREEMPT Mon Nov 14 11:00:16 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux
Kernel: arch/x86/boot/bzImage is ready (#22)
1195.48user 115.14system 1:46.02elapsed 1236%CPU (0avgtext+0avgdata 338056maxresident)k
0inputs+1139232outputs (1342major+39553005minor)pagefaults 0swaps
Linux zen 5.15.63v2 #15 SMP PREEMPT Mon Nov 14 11:00:16 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists
in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted,
unreasonably long name being presented to the decoder could lead to a CPU denial of service.
Hostnames are often supplied by remote servers that could be controlled by a malicious actor;
in such a scenario, they could trigger excessive CPU consumption on the client attempting to
make use of an attacker-supplied supposed hostname. For example, the attack payload could be
placed in the Location header of an HTTP response with status code 302.
From: Daniel Kiper Subject: [SECURITY PATCH 00/13] Multiple GRUB2 vulnerabilities - 2022/11/15 Date: Tue, 15 Nov 2022 19:00:20 +0100
Hi all, This patch set contains a bundle of fixes for various security flaws discovered in the GRUB2 font code during last few months. The most severe ones, i.e. potentially exploitable, have CVEs assigned and are listed at the end of this email. Details of exactly what needs updating will be provided by the respective distros and vendors when updates become available. Here [1] we are listing at least some links to the messaging known at the time of this posting.
If/how to apply this patch set is is up to Patrick. For Slint I have put this in the SlackBuild:
audioadapter: perform setup again after a PortConfig
Code:
After the ports are reconfigured, we need to perform the setup again so
that buffers and processing can happen with the right settings.
This fixes an issue when autoswitching between A2DP and HFP with
bluetooth headsets when there is also a stereo capture device available.
The input stream of the browser is quickly reconfigured between stereo
and mono with only a Pause command in between, clearing the setup state
is enough to redo the setup when going back to Playing.
[PATCH] Client: Ensure that wl_surface lives as long as qtquick render thread needs it
Code:
wl_surface can be destroyed while qtquick render thread still uses it.
That can end up in eglSwapBuffers() using defunct wl_surface, which will
eventually lead to a crash due to the compositor posting an error.
Nate Graham <nate@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version Fixed In| |5.26.4
shell: Use the basic scene graph rendering loop on wayland
Code:
This avoids crashing Plasma when a surface gets destroyed too early
while still in use by the threaded loop. To avoid leaking things into
child processes, we clear the environment variable again after we've
created the initial views for the shell.
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead
to additional headers being passed to thunderbird that should not be included per RFC 2368.
An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach
files when clicked.
In libarchive 3.6.1, the software does not check for an error after calling calloc function
that can return with a NULL pointer if the function fails, which leads to a resultant NULL
pointer dereference or, in some cases, even arbitrary code execution.
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML
document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow.
This results in an attempt to access an array at a negative 2GB offset, typically leading to
a segmentation fault.
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity
definitions can corrupt a hash table key, potentially leading to subsequent
logic errors. In one case, a double-free can be provoked.
sed -e '/ifdef SIGPIPE/,+2 d' \
-e '/undef FATAL_SIG/i FATAL_SIG (SIGPIPE);' \
-i src/main.c
either by a patch:
Code:
commit 0370a7a40fe9523ea334dcb8a2a60f1418595b49
Author: Dmitry Goncharov <dgoncharov@users.sf.net>
Date: Sun Nov 6 07:36:26 2022 -0500
[SV 63307] Spawn children with the default disposition of sigpipe.
* src/main.c (main): Set sigpipe disposition to a handler, rather than
SIG_IGN, in order for children to have the default sigpipe disposition.
* tests/scripts/misc/sigpipe: Add sigpipe tests.
diff --git a/src/main.c b/src/main.c
index eec93656..d8857696 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1152,6 +1152,15 @@ temp_stdin_unlink ()
}
}
+#ifdef SIGPIPE
+static void
+handle_sigpipe (int sig)
+{
+ /* Suppress unused variable warning. */
+ sig = sig;
+}
+#endif
+
#ifdef _AMIGA
int
main (int argc, char **argv)
@@ -1182,9 +1191,15 @@ main (int argc, char **argv, char **envp)
/* Useful for attaching debuggers, etc. */
SPIN ("main-entry");
- /* Don't die if our stdout sends us SIGPIPE. */
+ /* Don't die if our stdout sends us SIGPIPE to get temporary files removed.
+ * If make has inherited SIG_IGN, keep running with SIG_IGN to let make's
+ * children inherit SIG_IGN.
+ * Othwerwise, set sigpipe disposition to a handler, in order for children to
+ * have the default sigpipe disposition. */
+
#ifdef SIGPIPE
- bsd_signal (SIGPIPE, SIG_IGN);
+ if (bsd_signal (SIGPIPE, handle_sigpipe) == SIG_IGN)
+ bsd_signal (SIGPIPE, SIG_IGN);
#endif
#ifdef HAVE_ATEXIT
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.