diff --git a/libvpx-1.7.0-leave-fortify-source-on.patch b/libvpx-1.7.0-leave-fortify-source-on.patch new file mode 100644 index 0000000000000000000000000000000000000000..23099da6454c8d673f78811144d555d580dad29a --- /dev/null +++ b/libvpx-1.7.0-leave-fortify-source-on.patch @@ -0,0 +1,12 @@ +diff -up libvpx-1.7.0/build/make/configure.sh.leave-fs-on libvpx-1.7.0/build/make/configure.sh +--- libvpx-1.7.0/build/make/configure.sh.leave-fs-on 2018-01-26 15:02:18.767645332 -0500 ++++ libvpx-1.7.0/build/make/configure.sh 2018-01-26 15:02:28.594420775 -0500 +@@ -1440,7 +1440,7 @@ EOF + + # Work around longjmp interception on glibc >= 2.11, to improve binary + # compatibility. See http://code.google.com/p/webm/issues/detail?id=166 +- enabled linux && check_add_cflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 ++ # enabled linux && check_add_cflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 + + # Check for strip utility variant + ${STRIP} -V 2>/dev/null | grep GNU >/dev/null && enable_feature gnu_strip diff --git a/libvpx.spec b/libvpx.spec index 3c8fe6f7fbfa3999402848fc632f868c4ad06721..001250b90d03c03e4a7f5a896a3a6cc1863195c2 100644 --- a/libvpx.spec +++ b/libvpx.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 3 %global somajor 9 %global sominor 0 %global sotiny 0 @@ -16,17 +16,19 @@ Name: libvpx Summary: VP8/VP9 Video Codec SDK -Version: 1.14.1 +Version: 1.14.1 Release: %{anolis_release}%{?dist} License: BSD URL: http://www.webmproject.org/code/ -Source0: https://github.com/webmproject/libvpx/archive/v%{version}.tar.gz -Source1: vpx_config.h -Source2: libvpx.ver +Source0: https://github.com/webmproject/libvpx/archive/v1.14.1.tar.gz +Source1: vpx_config.h +Source2: libvpx.ver BuildRequires: make gcc gcc-c++ yasm doxygen php-cli perl(Getopt::Long) +BuildRequires: nasm # From https://salsa.debian.org/multimedia-team/libvpx/-/merge_requests/5/diffs Patch0: 0001-CVE-2025-5283.patch +Patch1: libvpx-1.7.0-leave-fortify-source-on.patch %description libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications @@ -127,6 +129,8 @@ rm -rf %{buildroot}%{_prefix}/src %doc AUTHORS CHANGELOG README %changelog +* Wed Dec 03 2025 wency_cn - 1.14.1-3 +- Re-enable _FORTIFY_SOURCE to strengthen runtime buffer overflow protections on Linux * Mon Jun 18 2025 lzq11122 - 1.14.1-2 - add patch to fix CVE-2025-5283 @@ -149,4 +153,3 @@ rm -rf %{buildroot}%{_prefix}/src * Thu Apr 07 2022 mgb01105731 - 1.11.0-1 - Init from upstream version 1.11.0 -