OpenSuSE has issued an advisory today (September 6): http://lists.opensuse.org/opensuse-updates/2012-09/msg00036.html Olivier Blin has said he'll fix it in Cauldron. Mageia 1 is not affected, as the affected code was introduced in 8.0. I have submitted a patched mesa-8.0.2-2.1.mga2 to Mageia 2 to fix it.
CC: (none) => mageia
Note to self to submit the build to tainted as well.
Severity: normal => major
Patched package uploaded for Mageia 2. Advisory: ======================== Updated mesa packages fix security vulnerability: The glsl shaders are vulnerable to a buffer overrun in parcel_out_uniform_storage::visit_field. When too many uniforms are used, the error will now be caught in check_resources (src/glsl/linker.cpp) (CVE-2012-2864). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864 http://lists.opensuse.org/opensuse-updates/2012-09/msg00036.html ======================== Updated packages in {core,tainted}/updates_testing: ======================== mesa-8.0.2-2.1.mga2 libmesagl1-8.0.2-2.1.mga2 libdri-drivers-8.0.2-2.1.mga2 libmesagl1-devel-8.0.2-2.1.mga2 libmesaglu1-8.0.2-2.1.mga2 libmesaglu1-devel-8.0.2-2.1.mga2 libmesaegl1-8.0.2-2.1.mga2 libmesaegl1-devel-8.0.2-2.1.mga2 libglapi0-8.0.2-2.1.mga2 libglapi0-devel-8.0.2-2.1.mga2 libmesaglesv1_1-8.0.2-2.1.mga2 libmesaglesv1_1-devel-8.0.2-2.1.mga2 libmesaglesv2_2-8.0.2-2.1.mga2 libmesaglesv2_2-devel-8.0.2-2.1.mga2 libmesaopenvg1-8.0.2-2.1.mga2 libmesaopenvg1-devel-8.0.2-2.1.mga2 libgbm1-8.0.2-2.1.mga2 libgbm1-devel-8.0.2-2.1.mga2 libwayland-egl1-8.0.2-2.1.mga2 libwayland-egl1-devel-8.0.2-2.1.mga2 mesa-common-devel-8.0.2-2.1.mga2 from mesa-8.0.2-2.1.mga2.src.rpm
Assignee: bugsquad => qa-bugsSeverity: major => critical
I've updated it to 8.0.4 to both core & tainted's updates_testing (many bug fixes and only that) http://mesa3d.org/relnotes-8.0.3.html http://cgit.freedesktop.org/mesa/mesa/plain/docs/relnotes-8.0.4.html
CC: (none) => thierry.vignaudDepends on: (none) => 6674
(In reply to comment #3) > I've updated it to 8.0.4 to both core & tainted's updates_testing (many bug > fixes and only that) Thanks. You forgot to remove the subrel and set the release tag back to 1.
Depends on: 6674 => (none)
I installed 8.0.4 tainted for test! Mageia 2 x86_64
CC: (none) => frateraecHardware: i586 => All
Blocks: (none) => 6674
*** Bug 6674 has been marked as a duplicate of this bug. ***
Blocks: 6674 => (none)CC: (none) => micheelsen
Why lib64mesaglw1 is at version 7.11.2-5.mga2.tainted yet? Source: mesa-7.11.2-5.mga2.tainted.src.rpm No longer exists this package in versions 8.0.x?
There is no libmesaglw1 provided by this package, so I guess it should have been Obsoleted. Does any package depend on libmesaglw1?
Apparently is the only package that supports: "GLw adds Motif bindings to the OpenGL "canvas" (Xt/Motif/OpenGL widget code)."
I just checked, and there is no libmesaglw1 package in Mageia 2. It must be a leftover on your system from Mageia 1. You should be able to safely remove it. As a matter of fact, nothing required it in Mageia 1 either.
No, it is in the repository Mageia 2 Yes, see: http://pkgs.org/search/?keyword=libmesaglw1&search_on=name&distro=118&arch=32-bit or http://mirror.yandex.ru/mageia/distrib/2/i586/media/tainted/release/libmesaglw1-7.11.2-5.mga2.tainted.i586.rpm Browse the repository Tainted Release (distrib21) and you will find the package libmesaglw1 in Mageia 2!
Ahh, well it's not in core, so it should have been deleted from tainted before the release.
Testing complete on Mageia 2 x86-64. Just testing that speed-dreams works.
CC: (none) => davidwhodginsWhiteboard: (none) => MGA2-64-OK
Testing complete on Mageia 2 i586. Could someone from the sysadmin team push the srpm mesa-8.0.4-2.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm mesa-8.0.4-2.1.mga2.tainted.src.rpm from Tainted Updates Testing to Tainted Updates. Advisory: Updated mesa packages fix security vulnerability: The glsl shaders are vulnerable to a buffer overrun in parcel_out_uniform_storage::visit_field. When too many uniforms are used, the error will now be caught in check_resources (src/glsl/linker.cpp) (CVE-2012-2864). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864 http://lists.opensuse.org/opensuse-updates/2012-09/msg00036.html https://bugs.mageia.org/show_bug.cgi?id=7381
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA2-64-OK => MGA2-64-OK MGA2-32-OK
Addendum to the advisory: Additionally, Mesa has been updated to 8.0.4, fixing several bugs. References: http://mesa3d.org/relnotes-8.0.3.html http://cgit.freedesktop.org/mesa/mesa/plain/docs/relnotes-8.0.4.html
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0264
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
i'm afraid that lib64mesagl1 seems to require lib64txc-dxtn (only 64bit does that for some weird reason) this breaks updates...
Status: RESOLVED => REOPENEDCC: (none) => alienResolution: FIXED => (none)
Would this be the core or tainted version? I guess that means it will require linking.
Problems reported with updates to tainted, adding bug 2317 to depends and running through depcheck
Status: REOPENED => RESOLVEDDepends on: (none) => 2317Resolution: (none) => FIXED
Sorry, didn't mean to close it
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
The problems seem to stem from an update from Tainted Release to Tainted Updates. Heres the list.. glibc-devel-2.14.1-8.mga2 (Core 32bit Release) glibc-devel-2.14.1-8.mga2 (Core Release) lib64drm-devel-2.4.33-1.mga2 (Core Release) lib64ffi5-devel-3.0.10-1.mga2 (Core Release) lib64kms1-2.4.33-1.mga2 (Core Release) lib64pciaccess-devel-0.13-1.mga2 (Core Release) lib64uClibc-devel-0.9.30.3-2.mga1 (Core Release) lib64udev0-devel-181-8.mga2 (Core Release) lib64wayland-client0-0.85.0-4.mga2 (Core Release) lib64wayland-devel-0.85.0-4.mga2 (Core Release) lib64wayland-server0-0.85.0-4.mga2 (Core Release) lib64x11_6-devel-1.4.99.1-4.mga2 (Core Release) lib64xau6-devel-1.0.7-1.mga2 (Core Release) lib64xcb-composite0-1.8.1-1.mga2 (Core Release) lib64xcb-damage0-1.8.1-1.mga2 (Core Release) lib64xcb-devel-1.8.1-1.mga2 (Core Release) lib64xcb-dpms0-1.8.1-1.mga2 (Core Release) lib64xcb-randr0-1.8.1-1.mga2 (Core Release) lib64xcb-record0-1.8.1-1.mga2 (Core Release) lib64xcb-render0-1.8.1-1.mga2 (Core Release) lib64xcb-res0-1.8.1-1.mga2 (Core Release) lib64xcb-screensaver0-1.8.1-1.mga2 (Core Release) lib64xcb-shape0-1.8.1-1.mga2 (Core Release) lib64xcb-shm0-1.8.1-1.mga2 (Core Release) lib64xcb-sync0-1.8.1-1.mga2 (Core Release) lib64xcb-xevie0-1.8.1-1.mga2 (Core Release) lib64xcb-xf86dri0-1.8.1-1.mga2 (Core Release) lib64xcb-xfixes0-1.8.1-1.mga2 (Core Release) lib64xcb-xinerama0-1.8.1-1.mga2 (Core Release) lib64xcb-xprint0-1.8.1-1.mga2 (Core Release) lib64xcb-xtest0-1.8.1-1.mga2 (Core Release) lib64xcb-xv0-1.8.1-1.mga2 (Core Release) lib64xcb-xvmc0-1.8.1-1.mga2 (Core Release) lib64xdmcp6-devel-1.1.1-1.mga2 (Core Release) libpthread-stubs-0.3-1.mga1 (Core 32bit Release) libpthread-stubs-0.3-1.mga1 (Core Release) x11-proto-devel-7.6-17.mga2 (Core 32bit Release) x11-proto-devel-7.6-17.mga2 (Core Release)
(In reply to comment #21) > Heres the list.. I don't see lib64txc-dxtn in that list...
(In reply to comment #22) > (In reply to comment #21) > > Heres the list.. > > I don't see lib64txc-dxtn in that list... That's because I already linked it when it was reported on IRC
How do I reproduce this problem. Here I upgraded by tainted updates repository normally.
(In reply to comment #24) > How do I reproduce this problem. Here I upgraded by tainted updates repository > normally. did you use urpmi ? this problem only shows up with the update applet. Anyway, packages linked...
Status: REOPENED => RESOLVEDResolution: (none) => FIXED
Ok. I updated by drakrpm-update ...