diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2023-11-16 20:51:47 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2023-11-17 13:30:41 +0100 |
| commit | 65d9c1e075af3943292ff2187303f6951ddd6ba6 (patch) | |
| tree | 8834f4db84cdc5b0e90fe5b9d43e0b9ed7aa034b /patches/source/gegl/gegl.no.runtime.dot.check.diff | |
| parent | 2aa4bf659d5d93805e81f555da0ec5455357f040 (diff) | |
| download | current-65d9c1e075af3943292ff2187303f6951ddd6ba6.tar.gz current-65d9c1e075af3943292ff2187303f6951ddd6ba6.tar.xz | |
Thu Nov 16 20:51:47 UTC 202320231116205147_15.0
patches/packages/gegl-0.4.46-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release, needed by the GIMP upgrade.
patches/packages/gimp-2.10.36-x86_64-1_slack15.0.txz: Upgraded.
This release fixes security issues:
If a user loads a malicious DDS, PSD, or PSP file, this could result in a
program crash or possibly the execution of arbitrary code.
Please note that this package also requires the updated gegl package.
Thanks to henca for the heads-up.
For more information, see:
https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/
https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
https://www.zerodayinitiative.com/advisories/ZDI-23-1592/
https://www.zerodayinitiative.com/advisories/ZDI-23-1593/
https://www.zerodayinitiative.com/advisories/ZDI-23-1594/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444
(* Security fix *)
Diffstat (limited to 'patches/source/gegl/gegl.no.runtime.dot.check.diff')
| -rw-r--r-- | patches/source/gegl/gegl.no.runtime.dot.check.diff | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/patches/source/gegl/gegl.no.runtime.dot.check.diff b/patches/source/gegl/gegl.no.runtime.dot.check.diff new file mode 100644 index 000000000..f6dd7f6fe --- /dev/null +++ b/patches/source/gegl/gegl.no.runtime.dot.check.diff @@ -0,0 +1,26 @@ +--- ./operations/common/introspect.c.orig 2020-12-20 06:16:48.799965900 -0600 ++++ ./operations/common/introspect.c 2020-12-21 15:41:14.459774463 -0600 +@@ -48,7 +48,7 @@ + + dot = g_find_program_in_path ("dot"); + +- if (! dot || op_introspect->user_data || op_introspect->node == NULL) ++ if (op_introspect->user_data || op_introspect->node == NULL) + return; + + /* Construct temp filenames */ +@@ -175,12 +175,9 @@ + gegl_introspect_is_available (void) + { + gchar *dot; +- gboolean found = FALSE; +- +- dot = g_find_program_in_path ("dot"); +- found = (dot != NULL); +- g_free (dot); ++ gboolean found = TRUE; + ++ /* always return TRUE to avoid a runtime check on dot */ + return found; + } + |