2018-05-28 21:12:29 +02:00
|
|
|
#!/bin/bash
|
2012-09-26 03:10:42 +02:00
|
|
|
# $Id: MPlayer.SlackBuild,v 1.27 2012/07/01 13:07:08 root Exp root $
|
|
|
|
# Copyright 2006, 2007, 2008, 2010, 2011, 2012 Eric Hameleers, Eindhoven, NL
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
# Copyright 2013, 2018, 2024 Patrick J. Volkerding, Sebeka, MN, USA
|
2009-08-26 17:00:38 +02:00
|
|
|
# All rights reserved.
|
|
|
|
#
|
|
|
|
# Permission to use, copy, modify, and distribute this software for
|
|
|
|
# any purpose with or without fee is hereby granted, provided that
|
|
|
|
# the above copyright notice and this permission notice appear in all
|
|
|
|
# copies.
|
|
|
|
#
|
|
|
|
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
|
|
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
# IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
|
|
|
|
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
|
|
|
|
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
|
|
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
|
|
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
|
|
|
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
# SUCH DAMAGE.
|
|
|
|
|
2012-09-26 03:10:42 +02:00
|
|
|
# Set initial variables:
|
|
|
|
|
2018-05-28 21:12:29 +02:00
|
|
|
PKGNAM=MPlayer
|
2024-04-03 21:58:56 +02:00
|
|
|
VERSION=${VERSION:-20240403}
|
2018-05-28 21:12:29 +02:00
|
|
|
# Need to build trunk until there's a stable branch compatible with the
|
|
|
|
# latest ffmpeg stable release:
|
|
|
|
#BRANCH=${BRANCH:-1.3} # leave empty if you want to build MPlayer trunk
|
2024-05-04 19:37:11 +02:00
|
|
|
BUILD=${BUILD:-2}
|
2009-08-26 17:00:38 +02:00
|
|
|
TAG=${TAG:-}
|
2018-09-21 20:51:07 +02:00
|
|
|
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
|
2009-08-26 17:00:38 +02:00
|
|
|
|
2012-09-26 03:10:42 +02:00
|
|
|
# Show the branch version in the package name if we build from a branch:
|
|
|
|
[ -n "$BRANCH" ] && PKGVERSION=${BRANCH}_${VERSION} || PKGVERSION=${VERSION}
|
|
|
|
|
|
|
|
DOCS="AUTHORS Changelog Copyright LICENSE README VERSION DOCS/HTML DOCS/tech"
|
|
|
|
|
|
|
|
# MPlayer repository characteristics:
|
|
|
|
MPURI="svn://svn.mplayerhq.hu/mplayer/"
|
|
|
|
if [ -n "$BRANCH" ]; then
|
|
|
|
MPBRANCH="branches/$BRANCH"
|
|
|
|
else
|
|
|
|
MPBRANCH="trunk"
|
2010-05-19 10:58:23 +02:00
|
|
|
fi
|
|
|
|
|
2009-08-26 17:00:38 +02:00
|
|
|
DEFSKIN=${DEFSKIN:-"Blue"} # Download more skins at the following url:
|
2018-05-28 21:12:29 +02:00
|
|
|
SKINVER=${SKINVER:-"1.13"} # http://www.mplayerhq.hu/design7/dload.html
|
2009-08-26 17:00:38 +02:00
|
|
|
|
2012-09-26 03:10:42 +02:00
|
|
|
# Available languages: all cs de en es fr hu it pl ru zh_CN
|
|
|
|
LANGUAGES="en,de,es,fr"
|
|
|
|
|
|
|
|
# Automatically determine the architecture we're building on:
|
|
|
|
MARCH=$( uname -m )
|
|
|
|
if [ -z "$ARCH" ]; then
|
|
|
|
case "$MARCH" in
|
2016-06-30 22:26:57 +02:00
|
|
|
i?86) export ARCH=i586 ;;
|
2012-09-26 03:10:42 +02:00
|
|
|
armv7hl) export ARCH=$MARCH ;;
|
|
|
|
arm*) export ARCH=arm ;;
|
|
|
|
# Unless $ARCH is already set, use uname -m for all other archs:
|
|
|
|
*) export ARCH=$MARCH ;;
|
|
|
|
esac
|
|
|
|
fi
|
2009-08-26 17:00:38 +02:00
|
|
|
|
|
|
|
if [ "$ARCH" = "x86_64" ]; then
|
|
|
|
LIBDIRSUFFIX="64"
|
|
|
|
# --enable-runtime-cpudetection is supported only for x86, x86_64, and PPC
|
|
|
|
EXTRACONFIGUREOPTIONS="--enable-runtime-cpudetection"
|
|
|
|
elif [ "$ARCH" = "i486" -o \
|
|
|
|
"$ARCH" = "i586" -o \
|
|
|
|
"$ARCH" = "i686" ]; then
|
|
|
|
LIBDIRSUFFIX=""
|
2018-05-28 21:12:29 +02:00
|
|
|
# --enable-runtime-cpudetection is failing on 32-bit, so we'll set -march=i586
|
|
|
|
# manually after ./configure.
|
|
|
|
#EXTRACONFIGUREOPTIONS="--enable-runtime-cpudetection"
|
|
|
|
EXTRACONFIGUREOPTIONS=""
|
2009-08-26 17:00:38 +02:00
|
|
|
else
|
|
|
|
LIBDIRSUFFIX=""
|
|
|
|
EXTRACONFIGUREOPTIONS=""
|
|
|
|
fi
|
|
|
|
|
2018-05-28 21:12:29 +02:00
|
|
|
# If this package is being built for ALSA (no PulseAudio), use the _alsa $TAG:
|
|
|
|
if [ ! -r /usr/lib${LIBDIRSUFFIX}/pkgconfig/libpulse.pc ]; then
|
|
|
|
TAG="_alsa"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
|
|
|
|
# the name of the created package would be, and then exit. This information
|
|
|
|
# could be useful to other scripts.
|
|
|
|
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
|
|
|
|
echo "${PKGNAM}-${PKGVERSION}-${ARCH}-${BUILD}${TAG}.txz"
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
2012-09-26 03:10:42 +02:00
|
|
|
# Where the WIN32 codecs are expectedfor instance
|
|
|
|
CODECSDIR=/usr/lib${LIBDIRSUFFIX}/codecs
|
2009-08-26 17:00:38 +02:00
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
# -- PATENT ALERT! --
|
2018-05-28 21:12:29 +02:00
|
|
|
# MPLayer can be built with AMR audio encoders
|
2009-08-26 17:00:38 +02:00
|
|
|
# (needed for FLV and .3GP videos) but these libraries are 'contaminated'
|
2018-05-28 21:12:29 +02:00
|
|
|
# with patents from 3GPP.
|
2009-08-26 17:00:38 +02:00
|
|
|
# Also, the AAC encoder has patent issues.
|
2012-09-26 03:10:42 +02:00
|
|
|
# You can build these patended algorithms into ffmpeg, and if you are an
|
|
|
|
# ordinary end user, no one will bother you for using them.
|
|
|
|
# For the binaries based on this SlackBuild that I distribute, it is a
|
|
|
|
# different story. I am not allowed to distribute binary packages that
|
|
|
|
# incorporate patented code. So here you go. My Slackware package was
|
|
|
|
# built with "USE_PATENTS=NO" i.e. without using
|
2018-05-28 21:12:29 +02:00
|
|
|
# the faac, AMR and dvdcss libraries.
|
2009-08-26 17:00:38 +02:00
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
USE_PATENTS=${USE_PATENTS:-"NO"}
|
|
|
|
|
|
|
|
# MPlayer will try to use one of the TrueType fonts present on the target
|
|
|
|
# system for it's On Screen Display (OSD) font.
|
|
|
|
# Slackware 11.0 ships with the Vera and DejaVu fonts, you may want to add
|
|
|
|
# more fonts to this list. The first font found will be used by creating a
|
|
|
|
# symbolic link "/usr/share/mplayer/subfont.ttf" to it.
|
|
|
|
# The use of bitmapped fonts is considered deprecated, but you can still use
|
|
|
|
# those if you want. Read http://www.mplayerhq.hu/DOCS/HTML/en/fonts-osd.html
|
|
|
|
# if you want to know more about OSD font configuration.
|
|
|
|
OSDFONTS="LiberationSans-Regular.ttf \
|
|
|
|
Arialuni.ttf arial.ttf \
|
|
|
|
DejaVuSans.ttf Vera.ttf"
|
|
|
|
|
|
|
|
# Where do we look for sources?
|
2018-05-28 21:12:29 +02:00
|
|
|
cd $(dirname $0) ; SRCDIR=$(pwd)
|
2009-08-26 17:00:38 +02:00
|
|
|
|
2018-05-28 21:12:29 +02:00
|
|
|
SOURCE[0]="$SRCDIR/${PKGNAM}-${VERSION}.tar.xz"
|
2009-08-26 17:00:38 +02:00
|
|
|
SRCURL[0]=""
|
|
|
|
|
|
|
|
# The default skin to use (we need to add at least one)
|
|
|
|
SOURCE[1]="$SRCDIR/${DEFSKIN}-${SKINVER}.tar.bz2"
|
|
|
|
SRCURL[1]="http://www.mplayerhq.hu/MPlayer/skins/${DEFSKIN}-${SKINVER}.tar.bz2"
|
|
|
|
|
|
|
|
# Use the src_checkout() function if no downloadable tarball exists.
|
|
|
|
# This function checks out sources from SVN/CVS and creates a tarball of them.
|
|
|
|
src_checkout() {
|
|
|
|
# Param #1 : index in the SOURCE[] array.
|
|
|
|
# Param #2 : full path to where SOURCE[$1] tarball should be created.
|
|
|
|
# Determine the tarball extension:
|
|
|
|
PEXT=$(echo "${2}" | sed -r -e 's/.*[^.].(tar.xz|tar.gz|tar.bz2|tgz).*/\1/')
|
|
|
|
case "$PEXT" in
|
|
|
|
"tar.xz") TARCOMP="J" ;;
|
|
|
|
"tar.gz") TARCOMP="z" ;;
|
|
|
|
"tgz") TARCOMP="z" ;;
|
|
|
|
"tar.bz2") TARCOMP="j" ;;
|
|
|
|
*) echo "Archive can only have extension 'tar.xz', '.tar.gz' '.tar.bz2' or '.tgz'" ; exit 1 ;;
|
|
|
|
esac
|
|
|
|
case ${1} in
|
|
|
|
0) # mplayer
|
|
|
|
if [ "$(echo ${VERSION}|cut -c1)" == 'r' ]; then # revision instead of date
|
2012-09-26 03:10:42 +02:00
|
|
|
echo "Only supported VERSION is a date - yyyymmdd - or 'HEAD'"
|
2009-08-26 17:00:38 +02:00
|
|
|
else
|
|
|
|
REV="{${VERSION}}"
|
|
|
|
fi
|
|
|
|
mkdir MPlayer-${VERSION} \
|
|
|
|
&& cd MPlayer-${VERSION} \
|
2012-09-26 03:10:42 +02:00
|
|
|
&& svn checkout --revision $REV ${MPURI}/${MPBRANCH} . \
|
2010-05-19 10:58:23 +02:00
|
|
|
&& svn propget svn:externals | sed -e 's/[[:space:]].*$//g' | xargs svn up --revision $REV \
|
2009-08-26 17:00:38 +02:00
|
|
|
&& chown -R root:root . \
|
|
|
|
&& cd .. \
|
2016-06-30 22:26:57 +02:00
|
|
|
&& tar --exclude-vcs -${TARCOMP}cf ${2} MPlayer-${VERSION}
|
2009-08-26 17:00:38 +02:00
|
|
|
rm -rf MPlayer-${VERSION}
|
|
|
|
;;
|
|
|
|
*) # Do nothing
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
|
|
|
# Place to build (TMP) package (PKG) and output (OUTPUT) the program:
|
2022-11-29 21:56:03 +01:00
|
|
|
TMP=${TMP:-/tmp}
|
2018-05-28 21:12:29 +02:00
|
|
|
PKG=$TMP/package-$PKGNAM
|
2022-11-21 21:23:13 +01:00
|
|
|
OUTPUT=${OUTPUT:-$TMP}
|
2009-08-26 17:00:38 +02:00
|
|
|
|
|
|
|
##
|
|
|
|
## --- with a little luck, you won't have to edit below this point --- ##
|
|
|
|
##
|
|
|
|
|
|
|
|
# Catch unitialized variables:
|
|
|
|
set -u
|
|
|
|
P1=${1:-1}
|
|
|
|
|
|
|
|
# Create working directories:
|
2018-05-28 21:12:29 +02:00
|
|
|
mkdir -p $TMP/tmp-$PKGNAM # location to build the source
|
|
|
|
rm -rf $TMP/tmp-$PKGNAM/* # remove the remnants of previous build
|
2009-08-26 17:00:38 +02:00
|
|
|
mkdir -p $PKG # place for the package to be built
|
|
|
|
rm -rf $PKG/* # erase old package's contents
|
|
|
|
mkdir -p $OUTPUT # place for the package to be saved
|
|
|
|
|
|
|
|
# Source file availability:
|
|
|
|
for (( i = 0; i < ${#SOURCE[*]}; i++ )) ; do
|
|
|
|
if ! [ -f ${SOURCE[$i]} ]; then
|
|
|
|
echo "Source '$(basename ${SOURCE[$i]})' not available yet..."
|
|
|
|
# Check if the $SRCDIR is writable at all - if not, download to $OUTPUT
|
|
|
|
[ -w "$SRCDIR" ] || SOURCE[$i]="$OUTPUT/$(basename ${SOURCE[$i]})"
|
|
|
|
if ! [ "x${SRCURL[$i]}" == "x" ]; then
|
|
|
|
echo "Will download file to $(dirname $SOURCE[$i])"
|
|
|
|
wget -nv -T 20 -O "${SOURCE[$i]}" "${SRCURL[$i]}" || true
|
|
|
|
if [ $? -ne 0 -o ! -s "${SOURCE[$i]}" ]; then
|
|
|
|
echo "Downloading '$(basename ${SOURCE[$i]})' failed.. aborting the build."
|
|
|
|
mv -f "${SOURCE[$i]}" "${SOURCE[$i]}".FAIL
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
# Try if we have a SVN/CVS download routine for ${SOURCE[$i]}
|
|
|
|
echo "Will checkout sources to $(dirname $SOURCE[$i])"
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
src_checkout $i "${SOURCE[$i]}" || exit 1
|
2009-08-26 17:00:38 +02:00
|
|
|
fi
|
|
|
|
if [ ! -f "${SOURCE[$i]}" -o ! -s "${SOURCE[$i]}" ]; then
|
|
|
|
echo "File '$(basename ${SOURCE[$i]})' not available.. aborting the build."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
if [ "$P1" == "--download" ]; then
|
|
|
|
echo "Download complete."
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
# --- PACKAGE BUILDING ---
|
|
|
|
|
|
|
|
echo "++"
|
2018-05-28 21:12:29 +02:00
|
|
|
echo "|| $PKGNAM-$VERSION"
|
2009-08-26 17:00:38 +02:00
|
|
|
echo "++"
|
|
|
|
|
2018-05-28 21:12:29 +02:00
|
|
|
cd $TMP/tmp-$PKGNAM
|
|
|
|
echo "Extracting the source archive(s) for $PKGNAM..."
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
tar -xvf ${SOURCE[0]} || exit 1
|
2016-06-30 22:26:57 +02:00
|
|
|
|
2009-08-26 17:00:38 +02:00
|
|
|
chown -R root:root *
|
2012-09-26 03:10:42 +02:00
|
|
|
chmod -R u+w,go+r-w,a+X-s *
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
cd ${PKGNAM}-${VERSION} || exit 1
|
2009-08-26 17:00:38 +02:00
|
|
|
|
|
|
|
# Determine what X we're running (the modular X returns the prefix
|
|
|
|
# in the next command, while older versions stay silent):
|
|
|
|
XPREF=$(pkg-config --variable=prefix x11) || true
|
|
|
|
[ "$XPREF" == "" ] && XPREF='/usr/X11R6'
|
|
|
|
|
|
|
|
# Remove support for patent encumbered and possibly illegal code:
|
|
|
|
if [ "$USE_PATENTS" != "YES" ]; then
|
2018-05-28 21:12:29 +02:00
|
|
|
DO_PATENTED="--disable-libopencore_amrnb \
|
2010-05-19 10:58:23 +02:00
|
|
|
--disable-libopencore_amrwb"
|
2009-08-26 17:00:38 +02:00
|
|
|
else
|
|
|
|
DO_PATENTED=""
|
|
|
|
fi
|
|
|
|
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
# fix building against samba 4:
|
2016-06-30 22:26:57 +02:00
|
|
|
zcat $SRCDIR/include-samba-4.0.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
# fix building against gettext-0.22.4:
|
|
|
|
zcat $SRCDIR/po_charset.patch.gz | patch -p1 --verbose || exit 1
|
|
|
|
|
2009-08-26 17:00:38 +02:00
|
|
|
echo Building ...
|
|
|
|
# MPlayer wants to automatically determine compiler flags,
|
2012-09-26 03:10:42 +02:00
|
|
|
# so we don't provide CFLAGS.
|
|
|
|
./configure \
|
|
|
|
--prefix=/usr \
|
|
|
|
--mandir=/usr/man \
|
|
|
|
--confdir=/etc/mplayer \
|
|
|
|
--enable-gui \
|
2024-04-03 21:58:56 +02:00
|
|
|
--enable-libaom-lavc \
|
|
|
|
--enable-libdav1d-lavc \
|
2012-09-26 03:10:42 +02:00
|
|
|
--enable-menu \
|
2016-06-30 22:26:57 +02:00
|
|
|
--enable-vdpau \
|
2012-09-26 03:10:42 +02:00
|
|
|
--disable-arts \
|
2016-06-30 22:26:57 +02:00
|
|
|
--disable-ossaudio \
|
2012-09-26 03:10:42 +02:00
|
|
|
--disable-bitmap-font \
|
2018-05-28 21:12:29 +02:00
|
|
|
--disable-ffmpeg_a \
|
2012-09-26 03:10:42 +02:00
|
|
|
--codecsdir=${CODECSDIR} \
|
|
|
|
--language="${LANGUAGES}" \
|
|
|
|
${EXTRACONFIGUREOPTIONS} \
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
${DO_PATENTED} || exit 1
|
2018-05-28 21:12:29 +02:00
|
|
|
|
2009-08-26 17:00:38 +02:00
|
|
|
# So that MPlayer does not report "UNKNOWN" as it's version:
|
2012-09-26 03:10:42 +02:00
|
|
|
if [ ! -f VERSION ]; then
|
|
|
|
echo $VERSION > VERSION
|
|
|
|
fi
|
2018-05-28 21:12:29 +02:00
|
|
|
|
|
|
|
# Set -march/-mtune manually since runtime cpu detection causes a compile error
|
|
|
|
# on 32-bit x86:
|
|
|
|
if [ "$ARCH" = "i586" ]; then
|
|
|
|
sed -i "s/march=native/march=i586/g" config.mak
|
|
|
|
sed -i "s/mtune=native/mtune=generic/g" config.mak
|
|
|
|
fi
|
|
|
|
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
make $NUMJOBS || exit 1
|
|
|
|
make DESTDIR=$PKG install || exit 1
|
2009-08-26 17:00:38 +02:00
|
|
|
|
|
|
|
# Build the html documentation (not all languages are available):
|
2012-09-26 03:10:42 +02:00
|
|
|
if [ "$LANGUAGES" = "all" ]; then
|
|
|
|
# make html-chunked
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
make html-single || exit 1
|
2012-09-26 03:10:42 +02:00
|
|
|
else
|
2016-06-30 22:26:57 +02:00
|
|
|
for i in $(echo $LANGUAGES | tr , ' ') ; do
|
2012-09-26 03:10:42 +02:00
|
|
|
# make html-chunked-$i ;
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
make html-single-$i || exit 1
|
2009-08-26 17:00:38 +02:00
|
|
|
done
|
2012-09-26 03:10:42 +02:00
|
|
|
fi
|
2009-08-26 17:00:38 +02:00
|
|
|
|
|
|
|
# Prepare the configfile:
|
|
|
|
mkdir -p $PKG/etc/mplayer
|
|
|
|
cp etc/example.conf $PKG/etc/mplayer/mplayer.conf.new
|
|
|
|
|
|
|
|
# Install our default skin:
|
2023-08-29 02:06:09 +02:00
|
|
|
mkdir -p $PKG/usr/share/mplayer/skins
|
2009-08-26 17:00:38 +02:00
|
|
|
cd $PKG/usr/share/mplayer/skins
|
|
|
|
tar -xvf ${SOURCE[1]}
|
|
|
|
chown -R root:root *
|
2012-09-26 03:10:42 +02:00
|
|
|
chmod -R u+w,go+r-w,a+X-s *
|
2009-08-26 17:00:38 +02:00
|
|
|
ln -s ${DEFSKIN} default
|
|
|
|
cd -
|
|
|
|
|
|
|
|
# Add this to the doinst.sh:
|
2012-09-26 03:10:42 +02:00
|
|
|
mkdir -p $PKG/install
|
2009-08-26 17:00:38 +02:00
|
|
|
cat <<EOINS >> $PKG/install/doinst.sh
|
|
|
|
# Handle the incoming configuration files:
|
|
|
|
config() {
|
|
|
|
for infile in \$1; do
|
|
|
|
NEW="\$infile"
|
|
|
|
OLD="\`dirname \$NEW\`/\`basename \$NEW .new\`"
|
|
|
|
# If there's no config file by that name, mv it over:
|
|
|
|
if [ ! -r \$OLD ]; then
|
|
|
|
mv \$NEW \$OLD
|
|
|
|
elif [ "\`cat \$OLD | md5sum\`" = "\`cat \$NEW | md5sum\`" ]; then
|
|
|
|
# toss the redundant copy
|
|
|
|
rm \$NEW
|
|
|
|
fi
|
|
|
|
# Otherwise, we leave the .new copy for the admin to consider...
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
# Installing a bitmap font is considered deprecated; use a TTF font instead.
|
|
|
|
# We try to link to an installed TTF font at install time.
|
|
|
|
# Configure a default TrueType font to use for the OSD :
|
|
|
|
if [ ! -f usr/share/mplayer/subfont.ttf ]; then
|
|
|
|
for font in ${OSDFONTS}; do
|
|
|
|
if [ -f .${XPREF}/lib${LIBDIRSUFFIX}/X11/fonts/TTF/\${font} ]; then
|
|
|
|
( cd usr/share/mplayer/
|
|
|
|
ln -sf ${XPREF}/lib${LIBDIRSUFFIX}/X11/fonts/TTF/\${font} subfont.ttf
|
|
|
|
)
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Prepare the new configuration file
|
|
|
|
config etc/mplayer/mplayer.conf.new
|
|
|
|
|
2012-09-26 03:10:42 +02:00
|
|
|
# Update the desktop database:
|
|
|
|
if [ -x usr/bin/update-desktop-database ]; then
|
|
|
|
chroot . /usr/bin/update-desktop-database usr/share/applications 1> /dev/null 2> /dev/null
|
2009-08-26 17:00:38 +02:00
|
|
|
fi
|
|
|
|
|
2012-09-26 03:10:42 +02:00
|
|
|
# Update hicolor theme cache:
|
2009-08-26 17:00:38 +02:00
|
|
|
if [ -e usr/share/icons/hicolor/icon-theme.cache ]; then
|
|
|
|
if [ -x usr/bin/gtk-update-icon-cache ]; then
|
2012-09-26 03:10:42 +02:00
|
|
|
chroot . /usr/bin/gtk-update-icon-cache /usr/share/icons/hicolor >/dev/null 2>&1
|
2009-08-26 17:00:38 +02:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2012-09-26 03:10:42 +02:00
|
|
|
# Update the mime database:
|
|
|
|
if [ -x usr/bin/update-mime-database ]; then
|
|
|
|
chroot . /usr/bin/update-mime-database usr/share/mime >/dev/null 2>&1
|
|
|
|
fi
|
|
|
|
|
2009-08-26 17:00:38 +02:00
|
|
|
EOINS
|
|
|
|
|
|
|
|
# Add documentation:
|
2018-05-28 21:12:29 +02:00
|
|
|
mkdir -p $PKG/usr/doc/$PKGNAM-$PKGVERSION
|
|
|
|
cp -a $DOCS $PKG/usr/doc/$PKGNAM-$PKGVERSION || true
|
|
|
|
cp -a $SRCDIR/$(basename $0) $PKG/usr/doc/$PKGNAM-$PKGVERSION/$PKGNAM.SlackBuild
|
|
|
|
mv $PKG/usr/doc/$PKGNAM-$PKGVERSION/HTML $PKG/usr/doc/$PKGNAM-$PKGVERSION/html
|
2009-08-26 17:00:38 +02:00
|
|
|
# Save a sample of all configuration files:
|
|
|
|
for i in etc/*.conf ; do
|
2018-05-28 21:12:29 +02:00
|
|
|
cp $i $PKG/usr/doc/$PKGNAM-$PKGVERSION/$(basename $i)-sample
|
2009-08-26 17:00:38 +02:00
|
|
|
done
|
2019-09-30 23:08:32 +02:00
|
|
|
find $PKG/usr/doc -type f -exec chmod 644 {} \+
|
2009-08-26 17:00:38 +02:00
|
|
|
|
|
|
|
# Compress the man page(s):
|
|
|
|
if [ -d $PKG/usr/man ]; then
|
2019-09-30 23:08:32 +02:00
|
|
|
find $PKG/usr/man -type f -name "*.?" -exec gzip -9f {} \+
|
2009-08-26 17:00:38 +02:00
|
|
|
for i in $(find $PKG/usr/man -type l -name "*.?") ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Strip binaries:
|
|
|
|
( find $PKG | xargs file | grep -e "executable" -e "shared object" \
|
|
|
|
| grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null )
|
|
|
|
|
|
|
|
# Add a package description:
|
|
|
|
mkdir -p $PKG/install
|
|
|
|
cat $SRCDIR/slack-desc > $PKG/install/slack-desc
|
|
|
|
if [ -f $SRCDIR/doinst.sh ]; then
|
|
|
|
cat $SRCDIR/doinst.sh >> $PKG/install/doinst.sh
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Build the package:
|
|
|
|
cd $PKG
|
Tue Jan 30 22:01:28 UTC 2024
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727
https://www.cve.org/CVERecord?id=CVE-2023-6237
https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
2024-01-30 23:01:28 +01:00
|
|
|
makepkg --linkadd y --chown n $OUTPUT/${PKGNAM}-${PKGVERSION}-${ARCH}-${BUILD}${TAG}.txz
|
2009-08-26 17:00:38 +02:00
|
|
|
|