guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: gnu: libvpx: Graft to fix CVE-2023-5217.


From: guix-commits
Subject: branch master updated: gnu: libvpx: Graft to fix CVE-2023-5217.
Date: Fri, 29 Sep 2023 15:19:31 -0400

This is an automated email from the git hooks/post-receive script.

nckx pushed a commit to branch master
in repository guix.

The following commit(s) were added to refs/heads/master by this push:
     new b2ab38cd82 gnu: libvpx: Graft to fix CVE-2023-5217.
b2ab38cd82 is described below

commit b2ab38cd82acd8164383335af084f5da4a499332
Author: Tobias Geerinckx-Rice <me@tobias.gr>
AuthorDate: Sun Sep 24 02:00:00 2023 +0200

    gnu: libvpx: Graft to fix CVE-2023-5217.
    
    * gnu/packages/video.scm (libvpx)[replacement]: New field, set to…
    (libvpx/fixed): …this new variable.
    * gnu/packages/patches/libvpx-CVE-2023-5217.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                    |  1 +
 gnu/packages/patches/libvpx-CVE-2023-5217.patch | 99 +++++++++++++++++++++++++
 gnu/packages/video.scm                          | 10 +++
 3 files changed, 110 insertions(+)

diff --git a/gnu/local.mk b/gnu/local.mk
index c4215cd59a..7c208b9c0d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1562,6 +1562,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/libutils-remove-damaging-includes.patch \
   %D%/packages/patches/libvdpau-va-gl-unbundle.patch           \
   %D%/packages/patches/libvpx-CVE-2016-2818.patch              \
+  %D%/packages/patches/libvpx-CVE-2023-5217.patch              \
   %D%/packages/patches/libxml2-xpath0-Add-option-xpath0.patch  \
   %D%/packages/patches/libwpd-gcc-compat.patch                 \
   %D%/packages/patches/libxslt-generated-ids.patch             \
diff --git a/gnu/packages/patches/libvpx-CVE-2023-5217.patch 
b/gnu/packages/patches/libvpx-CVE-2023-5217.patch
new file mode 100644
index 0000000000..2bcb0bcd55
--- /dev/null
+++ b/gnu/packages/patches/libvpx-CVE-2023-5217.patch
@@ -0,0 +1,99 @@
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Sun Sep 24 02:00:00 2023 +0200
+Subject: libvpx: Fix CVE-2023-5217.
+
+These are the changes made to libvpx between Firefox ESR 115.3.0 and
+115.3.1, which claims to fix CVE-2023-5217 and so do we.  The report
+itself is not public.
+
+It consists of the following 2 upstream libvpx commits:
+  af6dedd715f4307669366944cca6e0417b290282
+  3fbd1dca6a4d2dad332a2110d646e4ffef36d590
+which are not yet part of an upstream commit.
+
+---
+diff -Naur libvpx.orig/test/encode_api_test.cc libvpx/test/encode_api_test.cc
+--- libvpx.orig/test/encode_api_test.cc        1970-01-01 01:00:01.000000000 
+0100
++++ libvpx/test/encode_api_test.cc     2023-09-29 21:00:03.189620452 +0200
+@@ -304,7 +304,6 @@
+ 
+ void InitCodec(const vpx_codec_iface_t &iface, int width, int height,
+                vpx_codec_ctx_t *enc, vpx_codec_enc_cfg_t *cfg) {
+-  ASSERT_EQ(vpx_codec_enc_config_default(&iface, cfg, 0), VPX_CODEC_OK);
+   cfg->g_w = width;
+   cfg->g_h = height;
+   cfg->g_lag_in_frames = 0;
+@@ -342,6 +341,7 @@
+         vpx_codec_ctx_t ctx = {};
+       } enc;
+ 
++      ASSERT_EQ(vpx_codec_enc_config_default(iface, &cfg, 0), VPX_CODEC_OK);
+       EXPECT_NO_FATAL_FAILURE(
+           InitCodec(*iface, kWidth, kHeight, &enc.ctx, &cfg));
+       if (IsVP9(iface)) {
+@@ -353,6 +353,50 @@
+ 
+       for (const auto threads : { 1, 4, 8, 6, 2, 1 }) {
+         cfg.g_threads = threads;
++        EXPECT_NO_FATAL_FAILURE(EncodeWithConfig(cfg, &enc.ctx))
++            << "iteration: " << i << " threads: " << threads;
++      }
++    }
++  }
++}
++
++TEST(EncodeAPI, ConfigResizeChangeThreadCount) {
++  constexpr int kInitWidth = 1024;
++  constexpr int kInitHeight = 1024;
++
++  for (const auto *iface : kCodecIfaces) {
++    SCOPED_TRACE(vpx_codec_iface_name(iface));
++    for (int i = 0; i < (IsVP9(iface) ? 2 : 1); ++i) {
++      vpx_codec_enc_cfg_t cfg = {};
++      struct Encoder {
++        ~Encoder() { EXPECT_EQ(vpx_codec_destroy(&ctx), VPX_CODEC_OK); }
++        vpx_codec_ctx_t ctx = {};
++      } enc;
++
++      ASSERT_EQ(vpx_codec_enc_config_default(iface, &cfg, 0), VPX_CODEC_OK);
++      // Start in threaded mode to ensure resolution and thread related
++      // allocations are updated correctly across changes in resolution and
++      // thread counts. See https://crbug.com/1486441.
++      cfg.g_threads = 4;
++      EXPECT_NO_FATAL_FAILURE(
++          InitCodec(*iface, kInitWidth, kInitHeight, &enc.ctx, &cfg));
++      if (IsVP9(iface)) {
++        EXPECT_EQ(vpx_codec_control_(&enc.ctx, VP9E_SET_TILE_COLUMNS, 6),
++                  VPX_CODEC_OK);
++        EXPECT_EQ(vpx_codec_control_(&enc.ctx, VP9E_SET_ROW_MT, i),
++                  VPX_CODEC_OK);
++      }
++
++      cfg.g_w = 1000;
++      cfg.g_h = 608;
++      EXPECT_EQ(vpx_codec_enc_config_set(&enc.ctx, &cfg), VPX_CODEC_OK)
++          << vpx_codec_error_detail(&enc.ctx);
++
++      cfg.g_w = 16;
++      cfg.g_h = 720;
++
++      for (const auto threads : { 1, 4, 8, 6, 2, 1 }) {
++        cfg.g_threads = threads;
+         EXPECT_NO_FATAL_FAILURE(EncodeWithConfig(cfg, &enc.ctx))
+             << "iteration: " << i << " threads: " << threads;
+       }
+diff -Naur libvpx.orig/vp8/encoder/onyx_if.c libvpx/vp8/encoder/onyx_if.c
+--- libvpx.orig/vp8/encoder/onyx_if.c  1970-01-01 01:00:01.000000000 +0100
++++ libvpx/vp8/encoder/onyx_if.c       2023-09-29 21:01:44.155476128 +0200
+@@ -1443,6 +1443,11 @@
+   last_h = cpi->oxcf.Height;
+   prev_number_of_layers = cpi->oxcf.number_of_layers;
+ 
++  if (cpi->initial_width) {
++    // TODO(https://crbug.com/1486441): Allow changing thread counts; the
++    // allocation is done once in vp8_create_compressor().
++    oxcf->multi_threaded = cpi->oxcf.multi_threaded;
++  }
+   cpi->oxcf = *oxcf;
+ 
+   switch (cpi->oxcf.Mode) {
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index d4afdfd21e..bb6cf75821 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -2395,6 +2395,7 @@ To load this plugin, specify the following option when 
starting mpv:
   (package
     (name "libvpx")
     (version "1.12.0")
+    (replacement libvpx/fixed)
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -2433,6 +2434,15 @@ To load this plugin, specify the following option when 
starting mpv:
     (license license:bsd-3)
     (home-page "https://www.webmproject.org/";)))
 
+(define libvpx/fixed
+  (package
+    (inherit libvpx)
+    (source
+     (origin
+       (inherit (package-source libvpx))
+       (patches (search-patches "libvpx-CVE-2016-2818.patch"
+                                "libvpx-CVE-2023-5217.patch"))))))
+
 (define-public orf-dl
   (let ((commit "2dbbe7ef4e0efe0f3c1d59c503108e22d9065999")
         (revision "1"))



reply via email to

[Prev in Thread] Current Thread [Next in Thread]