diff options
| author | Adrien Nader <adrien@notk.org> | 2013-12-17 05:53:15 +0100 |
|---|---|---|
| committer | Adrien Nader <adrien@notk.org> | 2013-12-17 05:53:15 +0100 |
| commit | 0feb1a884f9fa2d2021b09da866c1578bfab6d13 (patch) | |
| tree | a326cfb2966023f3340e4a684baa7829ef8f3961 | |
| parent | 66eee39f66146638fa5cee8ea77fd8b615162c5e (diff) | |
Mon Dec 16 20:51:01 UTC 2013
d/llvm-3.3-x86_64-3.txz: Rebuilt.
The LLVM package included binaries with an rpath pointing to the build
location in /tmp. This allows an attacker with write access to /tmp to
add modified libraries (and execute arbitrary code) as any user running
the LLVM binaries. This updated package rebuilds LLVM to exclude the
build directories from the rpath information.
Thanks to Christopher Oliver for the bug report.
(* Security fix *)
d/ruby-1.9.3_p484-x86_64-1.txz: Upgraded.
This update fixes a heap overflow in floating point parsing. A specially
crafted string could cause a heap overflow leading to a denial of service
attack via segmentation faults and possibly arbitrary code execution.
For more information, see:
https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
(* Security fix *)
l/cairo-1.12.16-x86_64-1.txz: Upgraded.
Removed --enable-xcb-shm (may cause instability with GTK+3).
Removed --enable-xlib-xcb (causes GIMP slowdown).
Added --enable-ft and --enable-gl.
If there are no problems reported with this update, perhaps it should be
issued as a 14.1 bugfix?
l/libiodbc-3.52.8-x86_64-1.txz: Upgraded.
This update fixes an rpath pointing to a location in /tmp that was found in
two test programs (iodbctest and iodbctestw). This could have allowed a
local attacker with write access to /tmp to add modified libraries (and
execute arbitrary code) as any user running the test programs.
Thanks to Christopher Oliver for the bug report.
(* Security fix *)
l/libjpeg-v8a-x86_64-2.txz: Rebuilt.
Fix use of uninitialized memory when decoding images with missing SOS data
for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
This could allow remote attackers to obtain sensitive information from
uninitialized memory locations via a crafted JPEG image.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
(* Security fix *)
l/seamonkey-solibs-2.23-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-26.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)
xap/mozilla-thunderbird-24.2.0-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
(* Security fix *)
xap/seamonkey-2.23-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
| -rwxr-xr-x | l/cairo/cairo.SlackBuild | 9 | ||||
| -rw-r--r-- | l/libjpeg/jpeg.CVE-2013-6629.diff.gz | bin | 0 -> 694 bytes | |||
| -rwxr-xr-x | l/libjpeg/libjpeg.SlackBuild | 6 |
3 files changed, 8 insertions, 7 deletions
diff --git a/l/cairo/cairo.SlackBuild b/l/cairo/cairo.SlackBuild index 1b83433..f92b8f2 100755 --- a/l/cairo/cairo.SlackBuild +++ b/l/cairo/cairo.SlackBuild @@ -81,26 +81,25 @@ CFLAGS="$SLKCFLAGS" \ --disable-trace \ --enable-xlib \ --enable-xcb \ - --enable-xcb-shm \ - --enable-xlib-xcb \ --enable-ps \ --enable-pdf \ --enable-svg \ --enable-tee \ + --enable-ft \ + --enable-gl \ --enable-gobject \ --enable-xml \ --build=$ARCH-slackware-linux # None of these are 'stable' yet... # --enable-qt \ -# --enable-gl \ # --enable-drm \ -# --enable-xlib-xcb \ -# --enable-xcb-shm \ # Not sure if these two are needed / useful yet; --enable-xcb is now default # --enable-xcb-shm \ +# ^^ may cause GTK+3 instability # --enable-xlib-xcb \ +# ^^ this one caused a GIMP slowdown # Skipping this, because it causes a dependency on the specific # version of binutils installed at compile time: diff --git a/l/libjpeg/jpeg.CVE-2013-6629.diff.gz b/l/libjpeg/jpeg.CVE-2013-6629.diff.gz Binary files differnew file mode 100644 index 0000000..595588b --- /dev/null +++ b/l/libjpeg/jpeg.CVE-2013-6629.diff.gz diff --git a/l/libjpeg/libjpeg.SlackBuild b/l/libjpeg/libjpeg.SlackBuild index a5d3783..9083841 100755 --- a/l/libjpeg/libjpeg.SlackBuild +++ b/l/libjpeg/libjpeg.SlackBuild @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2008, 2009, 2010 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2013 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -22,7 +22,7 @@ VERSION=${VERSION:-v8a} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -69,6 +69,8 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \; +zcat $CWD/jpeg.CVE-2013-6629.diff.gz | patch -p1 --verbose || exit 1 + export CFLAGS="$SLKCFLAGS" ./configure \ --prefix=/usr \ |