diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2024-01-30 22:01:28 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2024-01-30 23:34:34 +0100 |
| commit | 7b9b973e94adeb7444208efdd7ad577fce430e53 (patch) | |
| tree | 27ae0cb7aa48830b438f2ea3c939e85c5ab4fe36 /source/xap | |
| parent | 8713bd99bfb8ba7634cc8e1f998e4af24c345e35 (diff) | |
| download | current-7b9b973e94adeb7444208efdd7ad577fce430e53.tar.gz current-7b9b973e94adeb7444208efdd7ad577fce430e53.tar.xz | |
Tue Jan 30 22:01:28 UTC 202420240130220128
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
Diffstat (limited to 'source/xap')
| -rwxr-xr-x | source/xap/MPlayer/MPlayer.SlackBuild | 41 | ||||
| -rw-r--r-- | source/xap/MPlayer/po_charset.patch | 12 | ||||
| -rwxr-xr-x | source/xap/xine-lib/xine-lib.SlackBuild | 2 |
3 files changed, 28 insertions, 27 deletions
diff --git a/source/xap/MPlayer/MPlayer.SlackBuild b/source/xap/MPlayer/MPlayer.SlackBuild index 891497582..0c543eeac 100755 --- a/source/xap/MPlayer/MPlayer.SlackBuild +++ b/source/xap/MPlayer/MPlayer.SlackBuild @@ -1,7 +1,7 @@ #!/bin/bash # $Id: MPlayer.SlackBuild,v 1.27 2012/07/01 13:07:08 root Exp root $ # Copyright 2006, 2007, 2008, 2010, 2011, 2012 Eric Hameleers, Eindhoven, NL -# Copyright 2013, 2018 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2013, 2018, 2024 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Permission to use, copy, modify, and distribute this software for @@ -25,7 +25,7 @@ # Set initial variables: PKGNAM=MPlayer -VERSION=${VERSION:-20240127} +VERSION=${VERSION:-20240130} # Need to build trunk until there's a stable branch compatible with the # latest ffmpeg stable release: #BRANCH=${BRANCH:-1.3} # leave empty if you want to build MPlayer trunk @@ -179,9 +179,6 @@ OUTPUT=${OUTPUT:-$TMP} ## --- with a little luck, you won't have to edit below this point --- ## ## -# Exit the script on errors: -set -e -trap 'echo "$0 FAILED at line $LINENO!" | tee $OUTPUT/error-${PKGNAM}.log' ERR # Catch unitialized variables: set -u P1=${1:-1} @@ -210,7 +207,7 @@ for (( i = 0; i < ${#SOURCE[*]}; i++ )) ; do else # Try if we have a SVN/CVS download routine for ${SOURCE[$i]} echo "Will checkout sources to $(dirname $SOURCE[$i])" - src_checkout $i "${SOURCE[$i]}" 2>&1 > $OUTPUT/checkout-$(basename ${SOURCE[$i]}).log + src_checkout $i "${SOURCE[$i]}" || exit 1 fi if [ ! -f "${SOURCE[$i]}" -o ! -s "${SOURCE[$i]}" ]; then echo "File '$(basename ${SOURCE[$i]})' not available.. aborting the build." @@ -232,11 +229,11 @@ echo "++" cd $TMP/tmp-$PKGNAM echo "Extracting the source archive(s) for $PKGNAM..." -tar -xvf ${SOURCE[0]} +tar -xvf ${SOURCE[0]} || exit 1 chown -R root:root * chmod -R u+w,go+r-w,a+X-s * -cd ${PKGNAM}-${VERSION} +cd ${PKGNAM}-${VERSION} || exit 1 # Determine what X we're running (the modular X returns the prefix # in the next command, while older versions stay silent): @@ -251,9 +248,12 @@ else DO_PATENTED="" fi -# fix building against samba 4 +# fix building against samba 4: zcat $SRCDIR/include-samba-4.0.patch.gz | patch -p1 --verbose || exit 1 +# fix building against gettext-0.22.4: +zcat $SRCDIR/po_charset.patch.gz | patch -p1 --verbose || exit 1 + echo Building ... # MPlayer wants to automatically determine compiler flags, # so we don't provide CFLAGS. @@ -271,8 +271,7 @@ echo Building ... --codecsdir=${CODECSDIR} \ --language="${LANGUAGES}" \ ${EXTRACONFIGUREOPTIONS} \ - ${DO_PATENTED} \ - 2>&1 | tee $OUTPUT/configure-${PKGNAM}.log + ${DO_PATENTED} || exit 1 # So that MPlayer does not report "UNKNOWN" as it's version: if [ ! -f VERSION ]; then @@ -286,17 +285,17 @@ if [ "$ARCH" = "i586" ]; then sed -i "s/mtune=native/mtune=generic/g" config.mak fi -make $NUMJOBS 2>&1 | tee $OUTPUT/make-${PKGNAM}.log -make DESTDIR=$PKG install 2>&1 |tee $OUTPUT/install-${PKGNAM}.log +make $NUMJOBS || exit 1 +make DESTDIR=$PKG install || exit 1 # Build the html documentation (not all languages are available): if [ "$LANGUAGES" = "all" ]; then # make html-chunked - make html-single + make html-single || exit 1 else for i in $(echo $LANGUAGES | tr , ' ') ; do # make html-chunked-$i ; - make html-single-$i ; + make html-single-$i || exit 1 done fi @@ -377,12 +376,6 @@ mv $PKG/usr/doc/$PKGNAM-$PKGVERSION/HTML $PKG/usr/doc/$PKGNAM-$PKGVERSION/html for i in etc/*.conf ; do cp $i $PKG/usr/doc/$PKGNAM-$PKGVERSION/$(basename $i)-sample done -# Save a transcript of all configured options for this specific build: -if [ -n $OUTPUT/configure-${PKGNAM}.log ]; then - cat $OUTPUT/configure-${PKGNAM}.log \ - | sed -n "/^Config files successfully generated/,/^'config.h' and 'config.mak' contain your configuration options./p" \ - > $PKG/usr/doc/$PKGNAM-$PKGVERSION/${PKGNAM}.configuration -fi find $PKG/usr/doc -type f -exec chmod 644 {} \+ # Compress the man page(s): @@ -404,9 +397,5 @@ fi # Build the package: cd $PKG -makepkg --linkadd y --chown n $OUTPUT/${PKGNAM}-${PKGVERSION}-${ARCH}-${BUILD}${TAG}.txz 2>&1 | tee $OUTPUT/makepkg-${PKGNAM}.log -cd $OUTPUT -md5sum ${PKGNAM}-${PKGVERSION}-${ARCH}-${BUILD}${TAG}.txz > ${PKGNAM}-${PKGVERSION}-${ARCH}-${BUILD}${TAG}.txz.md5 -cd - -cat $PKG/install/slack-desc | grep "^${PKGNAM}" > $OUTPUT/${PKGNAM}-${PKGVERSION}-${ARCH}-${BUILD}${TAG}.txt +makepkg --linkadd y --chown n $OUTPUT/${PKGNAM}-${PKGVERSION}-${ARCH}-${BUILD}${TAG}.txz diff --git a/source/xap/MPlayer/po_charset.patch b/source/xap/MPlayer/po_charset.patch new file mode 100644 index 000000000..4d7619071 --- /dev/null +++ b/source/xap/MPlayer/po_charset.patch @@ -0,0 +1,12 @@ +--- ./help/help_create_po.pl.orig 2024-01-30 14:09:03.000000000 -0600 ++++ ./help/help_create_po.pl 2024-01-30 14:10:33.423012066 -0600 +@@ -56,6 +56,9 @@ + open(po, "> $ARGV[1]") or die "Cannot open $ARGV[1]"; + + print po "# DO NOT EDIT - this file is generated from $ARGV[0]\n"; ++print po "msgid \"\"\n"; ++print po "msgstr \"\"\n"; ++print po "\"Content-Type: text/plain; charset=UTF-8\"\n"; + + foreach my $id (keys %podefs) + { diff --git a/source/xap/xine-lib/xine-lib.SlackBuild b/source/xap/xine-lib/xine-lib.SlackBuild index 1f03f2619..f6b796fbc 100755 --- a/source/xap/xine-lib/xine-lib.SlackBuild +++ b/source/xap/xine-lib/xine-lib.SlackBuild @@ -32,7 +32,7 @@ DIRVER=1.2.13 # Version used for the Slackware package PKGVER=1.2.13 -BUILD=${BUILD:-6} +BUILD=${BUILD:-7} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then |