diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-09-30 21:33:49 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-10-01 00:00:43 +0200 |
commit | 7991e75613129c8072103bbc1854ce6b7a8420fd (patch) | |
tree | a3aa86b2d2ea77b92f172a010c0318b009002a2e /source | |
parent | 83bf1d11eee59ddcea5d9b9d2487c163d862a414 (diff) | |
download | current-7991e75613129c8072103bbc1854ce6b7a8420fd.tar.gz current-7991e75613129c8072103bbc1854ce6b7a8420fd.tar.xz |
Sat Sep 30 21:33:49 UTC 202320230930213349
a/kmod-31-x86_64-1.txz: Upgraded.
l/libvpx-1.13.1-x86_64-1.txz: Upgraded.
This release contains two security related fixes -- one each for VP8 and VP9.
For more information, see:
https://crbug.com/1486441
https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
n/conntrack-tools-1.4.8-x86_64-1.txz: Upgraded.
x/libime-1.1.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.3.1-x86_64-1.txz: Upgraded.
This release contains a security fix for a critical heap buffer overflow in
the libvpx VP8 encoder.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
Diffstat (limited to 'source')
-rwxr-xr-x | source/a/kmod/kmod.SlackBuild | 4 | ||||
-rw-r--r-- | source/l/libvpx/0001-Relax-ABI-check.patch | 45 | ||||
-rwxr-xr-x | source/l/libvpx/libvpx.SlackBuild | 4 |
3 files changed, 51 insertions, 2 deletions
diff --git a/source/a/kmod/kmod.SlackBuild b/source/a/kmod/kmod.SlackBuild index 4c74220c1..104f7bfc1 100755 --- a/source/a/kmod/kmod.SlackBuild +++ b/source/a/kmod/kmod.SlackBuild @@ -26,8 +26,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=kmod -VERSION=${VERSION:-30} -BUILD=${BUILD:-2} +VERSION=${VERSION:-31} +BUILD=${BUILD:-1} if [ -z "$ARCH" ]; then case "$( uname -m )" in diff --git a/source/l/libvpx/0001-Relax-ABI-check.patch b/source/l/libvpx/0001-Relax-ABI-check.patch new file mode 100644 index 000000000..2ebdaf25d --- /dev/null +++ b/source/l/libvpx/0001-Relax-ABI-check.patch @@ -0,0 +1,45 @@ +From: Sebastian Ramacher <sramacher@debian.org> +Date: Tue, 31 Aug 2021 08:53:52 +0200 +Subject: Relax ABI check + +We have symbol files and version dependencies to properly track this. +--- + vpx/src/vpx_decoder.c | 2 +- + vpx/src/vpx_encoder.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/vpx/src/vpx_decoder.c b/vpx/src/vpx_decoder.c +index 427cd1b..eddbf1a 100644 +--- a/vpx/src/vpx_decoder.c ++++ b/vpx/src/vpx_decoder.c +@@ -27,7 +27,7 @@ vpx_codec_err_t vpx_codec_dec_init_ver(vpx_codec_ctx_t *ctx, + vpx_codec_flags_t flags, int ver) { + vpx_codec_err_t res; + +- if (ver != VPX_DECODER_ABI_VERSION) ++ if (ver > VPX_DECODER_ABI_VERSION) + res = VPX_CODEC_ABI_MISMATCH; + else if (!ctx || !iface) + res = VPX_CODEC_INVALID_PARAM; +diff --git a/vpx/src/vpx_encoder.c b/vpx/src/vpx_encoder.c +index f636b54..9f8eac9 100644 +--- a/vpx/src/vpx_encoder.c ++++ b/vpx/src/vpx_encoder.c +@@ -32,7 +32,7 @@ vpx_codec_err_t vpx_codec_enc_init_ver(vpx_codec_ctx_t *ctx, + vpx_codec_flags_t flags, int ver) { + vpx_codec_err_t res; + +- if (ver != VPX_ENCODER_ABI_VERSION) ++ if (ver > VPX_ENCODER_ABI_VERSION) + res = VPX_CODEC_ABI_MISMATCH; + else if (!ctx || !iface || !cfg) + res = VPX_CODEC_INVALID_PARAM; +@@ -67,7 +67,7 @@ vpx_codec_err_t vpx_codec_enc_init_multi_ver( + int num_enc, vpx_codec_flags_t flags, vpx_rational_t *dsf, int ver) { + vpx_codec_err_t res = VPX_CODEC_OK; + +- if (ver != VPX_ENCODER_ABI_VERSION) ++ if (ver > VPX_ENCODER_ABI_VERSION) + res = VPX_CODEC_ABI_MISMATCH; + else if (!ctx || !iface || !cfg || (num_enc > 16 || num_enc < 1)) + res = VPX_CODEC_INVALID_PARAM; diff --git a/source/l/libvpx/libvpx.SlackBuild b/source/l/libvpx/libvpx.SlackBuild index b61b08bcb..5e301378d 100755 --- a/source/l/libvpx/libvpx.SlackBuild +++ b/source/l/libvpx/libvpx.SlackBuild @@ -81,6 +81,10 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ +# Looks like this avoids possible problems with ffmpeg after a supposedly +# ABI compatible libvpx upgrade. Probably doesn't hurt. Thanks to Debian. +cat $CWD/0001-Relax-ABI-check.patch | patch -p1 --verbose || exit 1 + # out of tree build mkdir build-tmp cd build-tmp |