I'm already using mongoose 6.11 in the svn of SMPlayer. So far it seems to work fine for me.
https://app.assembla.com/spaces/smplayer/subversion/commits/9030 2018-06-07 15:08 GMT+02:00 Reinhard Tartler <siret...@gmail.com>: > On Thu, Jun 7, 2018 at 6:20 AM Mateusz Łukasik <mat...@linuxmint.pl> wrote: > >> This is not fixed for me. I made patch with add latest Mongoose version >> which included fixed for all of this cve's. >> It pushed now to salsa. >> >> -- > > Thank you! > > I see that you've added > https://salsa.debian.org/multimedia-team/smplayer/blob/master/debian/patches/03-update-mongoose-to-6.11.patch > - which is a pretty big patch. I wouldn't know how to test it (I don't > use that feature) or even verify that the patch work. Matteusz, can > you please elaborate how you verified the patch and how confident are > you that it doesn't introduce unwanted side-effects? > > Ricardo, would that patch be acceptable for upstream inclusion? - Your > opinion is highly valued and would be helpful in forming an opinion on > Mateusz' patch. > > Mateusz, I also see that you prepared a new upstream version. That's > great, in fact, I've also prepared it locally to see if the issue > happened to be fixed upstream, but determined mongosse was not updated > and concluded the problem still persists. I've therefore decided to > not upload the new upstream version and focus on the existing issues > instead. Hence, I've applied the patch to disable the build of > mongoose in the present package version. I see that you disabled it in > https://salsa.debian.org/multimedia-team/smplayer/commit/5d780999b6ee7a84d737fdb5dbc07ea9a25e4cde > (the commit message didn't help with finding that SHA1, I'd appreciate > more accurate messages in the future) - which is fine by me *if* we > are confident that the mongoose update actually fixes the problem (see > my question above). > > Also, did you verify that the new mongoose patch builds with GCC-8? My > patch to disable mongoose takes care of that as well, it would be a > shame to reintroduce #897863 again. > > -- > regards, > Reinhard -- RVM
