Sat Sep 30 21:33:49 UTC 202320230930213349

a/kmod-31-x86_64-1.txz:  Upgraded.
l/libvpx-1.13.1-x86_64-1.txz:  Upgraded.
  This release contains two security related fixes -- one each for VP8 and VP9.
  For more information, see:
    https://crbug.com/1486441
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)
n/conntrack-tools-1.4.8-x86_64-1.txz:  Upgraded.
x/libime-1.1.2-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-115.3.1-x86_64-1.txz:  Upgraded.
  This release contains a security fix for a critical heap buffer overflow in
  the libvpx VP8 encoder.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
    https://www.cve.org/CVERecord?id=CVE-2023-5217
  (* Security fix *)

3 files changed, 51 insertions, 2 deletions

diff --git a/source/a/kmod/kmod.SlackBuild b/source/a/kmod/kmod.SlackBuild
index 4c74220c1..104f7bfc1 100755
--- a/source/a/kmod/kmod.SlackBuild
+++ b/source/a/kmod/kmod.SlackBuild
@@ -26,8 +26,8 @@
 cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=kmod
-VERSION=${VERSION:-30}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-31}
+BUILD=${BUILD:-1}
 
 if [ -z "$ARCH" ]; then
   case "$( uname -m )" in
diff --git a/source/l/libvpx/0001-Relax-ABI-check.patch b/source/l/libvpx/0001-Relax-ABI-check.patch
new file mode 100644
index 000000000..2ebdaf25d
--- /dev/null
+++ b/source/l/libvpx/0001-Relax-ABI-check.patch
@@ -0,0 +1,45 @@
+From: Sebastian Ramacher <sramacher@debian.org>
+Date: Tue, 31 Aug 2021 08:53:52 +0200
+Subject: Relax ABI check
+
+We have symbol files and version dependencies to properly track this.
+---
+ vpx/src/vpx_decoder.c | 2 +-
+ vpx/src/vpx_encoder.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/vpx/src/vpx_decoder.c b/vpx/src/vpx_decoder.c
+index 427cd1b..eddbf1a 100644
+--- a/vpx/src/vpx_decoder.c
++++ b/vpx/src/vpx_decoder.c
+@@ -27,7 +27,7 @@ vpx_codec_err_t vpx_codec_dec_init_ver(vpx_codec_ctx_t *ctx,
+                                        vpx_codec_flags_t flags, int ver) {
+   vpx_codec_err_t res;
+ 
+-  if (ver != VPX_DECODER_ABI_VERSION)
++  if (ver > VPX_DECODER_ABI_VERSION)
+     res = VPX_CODEC_ABI_MISMATCH;
+   else if (!ctx || !iface)
+     res = VPX_CODEC_INVALID_PARAM;
+diff --git a/vpx/src/vpx_encoder.c b/vpx/src/vpx_encoder.c
+index f636b54..9f8eac9 100644
+--- a/vpx/src/vpx_encoder.c
++++ b/vpx/src/vpx_encoder.c
+@@ -32,7 +32,7 @@ vpx_codec_err_t vpx_codec_enc_init_ver(vpx_codec_ctx_t *ctx,
+                                        vpx_codec_flags_t flags, int ver) {
+   vpx_codec_err_t res;
+ 
+-  if (ver != VPX_ENCODER_ABI_VERSION)
++  if (ver > VPX_ENCODER_ABI_VERSION)
+     res = VPX_CODEC_ABI_MISMATCH;
+   else if (!ctx || !iface || !cfg)
+     res = VPX_CODEC_INVALID_PARAM;
+@@ -67,7 +67,7 @@ vpx_codec_err_t vpx_codec_enc_init_multi_ver(
+     int num_enc, vpx_codec_flags_t flags, vpx_rational_t *dsf, int ver) {
+   vpx_codec_err_t res = VPX_CODEC_OK;
+ 
+-  if (ver != VPX_ENCODER_ABI_VERSION)
++  if (ver > VPX_ENCODER_ABI_VERSION)
+     res = VPX_CODEC_ABI_MISMATCH;
+   else if (!ctx || !iface || !cfg || (num_enc > 16 || num_enc < 1))
+     res = VPX_CODEC_INVALID_PARAM;
diff --git a/source/l/libvpx/libvpx.SlackBuild b/source/l/libvpx/libvpx.SlackBuild
index b61b08bcb..5e301378d 100755
--- a/source/l/libvpx/libvpx.SlackBuild
+++ b/source/l/libvpx/libvpx.SlackBuild
@@ -81,6 +81,10 @@ find -L . \
  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
  -exec chmod 644 {} \+
 
+# Looks like this avoids possible problems with ffmpeg after a supposedly
+# ABI compatible libvpx upgrade. Probably doesn't hurt. Thanks to Debian.
+cat $CWD/0001-Relax-ABI-check.patch | patch -p1 --verbose || exit 1
+
 # out of tree build
 mkdir build-tmp
 cd build-tmp