Second attempt to fix libwebp.

Apologies to anyone who picked up the first version of the patch.
2025-01-25 07:42:13 +08:00 · 2023-09-13 05:59:22 +01:00 · 2023-09-13 05:59:22 +01:00 · 5e3a62dffe
commit 5e3a62dffe
parent 11f671c80b
2 changed files with 8 additions and 4 deletions
--- a/general/graphlib/libwebp.xml
+++ b/general/graphlib/libwebp.xml
@ -71,7 +71,7 @@
      <listitem>
        <para>
          Required patch:
-          <ulink url="&patch-root;/libwebp-&libwebp-version;-security_update-1.patch"/>
+          <ulink url="&patch-root;/libwebp-&libwebp-version;-security_update-2.patch"/>
        </para>
      </listitem>
    </itemizedlist>
@ -97,13 +97,11 @@
  <sect2 role="installation">
    <title>Installation of libwebp</title>

-    <!-- CVE-2023-4863, critical, extracted from firefox-115.2.1 in the hope
-         it will be sufficient -->
    <para>
      Fix a security issue identified upstream:
    </para>

-<screen><userinput>patch -Np1 -i ../libwebp-&libwebp-version;-security_update-1.patch</userinput></screen>
+<screen><userinput>patch -Np1 -i ../libwebp-&libwebp-version;-security_update-2.patch</userinput></screen>

    <para>
      Install <application>libwebp</application> by running the following
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@ -42,6 +42,12 @@
    <listitem>
      <para>September 13th, 2023</para>
      <itemizedlist>
+        <listitem>
+          <para>[ken] - Updated the libwebp patch to version2, this adds
+          a second chromium commit which the debian bug pointed to.
+          Fixes
+          <ulink url="&blfs-ticket-root;18544">#18544</ulink>.</para>
+        </listitem>
        <listitem>
          <para>[ken] - Patch libwebp-1.3.1 for a critical vulnerability.
          This is not the official fix, which is not yet public, but was