diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-09-30 21:33:49 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-10-01 13:30:39 +0200 |
commit | fa0445dbfed2e9a95ee4b95281982d034402316e (patch) | |
tree | 019bcd85bc8cad4a6a38c55382f780cd5f1e2adc /patches/source/libvpx | |
parent | c0d3f6fb287a1a2661dd2d551fb054999075cf88 (diff) | |
download | current-fa0445dbfed2e9a95ee4b95281982d034402316e.tar.gz current-fa0445dbfed2e9a95ee4b95281982d034402316e.tar.xz |
Sat Sep 30 21:33:49 UTC 202320230930213349_15.0
patches/packages/libvpx-1.12.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains two security related fixes -- one each for VP8 and VP9.
For more information, see:
https://crbug.com/1486441
https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
patches/packages/mozilla-thunderbird-115.3.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains a security fix for a critical heap buffer overflow in
the libvpx VP8 encoder.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
Diffstat (limited to '')
-rw-r--r-- | patches/source/libvpx/0001-Relax-ABI-check.patch | 45 | ||||
-rw-r--r-- | patches/source/libvpx/0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch | 89 | ||||
-rw-r--r-- | patches/source/libvpx/0003-VP8-disallow-thread-count-changes.patch | 51 | ||||
-rwxr-xr-x | patches/source/libvpx/libvpx.SlackBuild | 127 | ||||
-rw-r--r-- | patches/source/libvpx/libvpx.url | 1 | ||||
-rw-r--r-- | patches/source/libvpx/slack-desc | 19 |
6 files changed, 332 insertions, 0 deletions
diff --git a/patches/source/libvpx/0001-Relax-ABI-check.patch b/patches/source/libvpx/0001-Relax-ABI-check.patch new file mode 100644 index 000000000..2ebdaf25d --- /dev/null +++ b/patches/source/libvpx/0001-Relax-ABI-check.patch @@ -0,0 +1,45 @@ +From: Sebastian Ramacher <sramacher@debian.org> +Date: Tue, 31 Aug 2021 08:53:52 +0200 +Subject: Relax ABI check + +We have symbol files and version dependencies to properly track this. +--- + vpx/src/vpx_decoder.c | 2 +- + vpx/src/vpx_encoder.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/vpx/src/vpx_decoder.c b/vpx/src/vpx_decoder.c +index 427cd1b..eddbf1a 100644 +--- a/vpx/src/vpx_decoder.c ++++ b/vpx/src/vpx_decoder.c +@@ -27,7 +27,7 @@ vpx_codec_err_t vpx_codec_dec_init_ver(vpx_codec_ctx_t *ctx, + vpx_codec_flags_t flags, int ver) { + vpx_codec_err_t res; + +- if (ver != VPX_DECODER_ABI_VERSION) ++ if (ver > VPX_DECODER_ABI_VERSION) + res = VPX_CODEC_ABI_MISMATCH; + else if (!ctx || !iface) + res = VPX_CODEC_INVALID_PARAM; +diff --git a/vpx/src/vpx_encoder.c b/vpx/src/vpx_encoder.c +index f636b54..9f8eac9 100644 +--- a/vpx/src/vpx_encoder.c ++++ b/vpx/src/vpx_encoder.c +@@ -32,7 +32,7 @@ vpx_codec_err_t vpx_codec_enc_init_ver(vpx_codec_ctx_t *ctx, + vpx_codec_flags_t flags, int ver) { + vpx_codec_err_t res; + +- if (ver != VPX_ENCODER_ABI_VERSION) ++ if (ver > VPX_ENCODER_ABI_VERSION) + res = VPX_CODEC_ABI_MISMATCH; + else if (!ctx || !iface || !cfg) + res = VPX_CODEC_INVALID_PARAM; +@@ -67,7 +67,7 @@ vpx_codec_err_t vpx_codec_enc_init_multi_ver( + int num_enc, vpx_codec_flags_t flags, vpx_rational_t *dsf, int ver) { + vpx_codec_err_t res = VPX_CODEC_OK; + +- if (ver != VPX_ENCODER_ABI_VERSION) ++ if (ver > VPX_ENCODER_ABI_VERSION) + res = VPX_CODEC_ABI_MISMATCH; + else if (!ctx || !iface || !cfg || (num_enc > 16 || num_enc < 1)) + res = VPX_CODEC_INVALID_PARAM; diff --git a/patches/source/libvpx/0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch b/patches/source/libvpx/0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch new file mode 100644 index 000000000..bd158a235 --- /dev/null +++ b/patches/source/libvpx/0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch @@ -0,0 +1,89 @@ +From: James Zern <jzern@google.com> +Date: Mon, 25 Sep 2023 18:53:41 -0700 +Subject: encode_api_test: add ConfigResizeChangeThreadCount +Origin: https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282 +Bug-Debian: https://bugs.debian.org/1053182 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-5217 + +Update thread counts and resolution to ensure allocations are updated +correctly. VP8 is disabled to avoid a crash. + +Bug: chromium:1486441 +Change-Id: Ie89776d9818d27dc351eff298a44c699e850761b +--- + test/encode_api_test.cc | 50 ++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 49 insertions(+), 1 deletion(-) + +--- a/test/encode_api_test.cc ++++ b/test/encode_api_test.cc +@@ -304,7 +304,6 @@ TEST(EncodeAPI, SetRoi) { + + void InitCodec(const vpx_codec_iface_t &iface, int width, int height, + vpx_codec_ctx_t *enc, vpx_codec_enc_cfg_t *cfg) { +- ASSERT_EQ(vpx_codec_enc_config_default(&iface, cfg, 0), VPX_CODEC_OK); + cfg->g_w = width; + cfg->g_h = height; + cfg->g_lag_in_frames = 0; +@@ -342,6 +341,7 @@ TEST(EncodeAPI, ConfigChangeThreadCount) + vpx_codec_ctx_t ctx = {}; + } enc; + ++ ASSERT_EQ(vpx_codec_enc_config_default(iface, &cfg, 0), VPX_CODEC_OK); + EXPECT_NO_FATAL_FAILURE( + InitCodec(*iface, kWidth, kHeight, &enc.ctx, &cfg)); + if (IsVP9(iface)) { +@@ -353,6 +353,54 @@ TEST(EncodeAPI, ConfigChangeThreadCount) + + for (const auto threads : { 1, 4, 8, 6, 2, 1 }) { + cfg.g_threads = threads; ++ EXPECT_NO_FATAL_FAILURE(EncodeWithConfig(cfg, &enc.ctx)) ++ << "iteration: " << i << " threads: " << threads; ++ } ++ } ++ } ++} ++ ++TEST(EncodeAPI, ConfigResizeChangeThreadCount) { ++ constexpr int kInitWidth = 1024; ++ constexpr int kInitHeight = 1024; ++ ++ for (const auto *iface : kCodecIfaces) { ++ SCOPED_TRACE(vpx_codec_iface_name(iface)); ++ if (!IsVP9(iface)) { ++ GTEST_SKIP() << "TODO(https://crbug.com/1486441) remove this condition " ++ "after VP8 is fixed."; ++ } ++ for (int i = 0; i < (IsVP9(iface) ? 2 : 1); ++i) { ++ vpx_codec_enc_cfg_t cfg = {}; ++ struct Encoder { ++ ~Encoder() { EXPECT_EQ(vpx_codec_destroy(&ctx), VPX_CODEC_OK); } ++ vpx_codec_ctx_t ctx = {}; ++ } enc; ++ ++ ASSERT_EQ(vpx_codec_enc_config_default(iface, &cfg, 0), VPX_CODEC_OK); ++ // Start in threaded mode to ensure resolution and thread related ++ // allocations are updated correctly across changes in resolution and ++ // thread counts. See https://crbug.com/1486441. ++ cfg.g_threads = 4; ++ EXPECT_NO_FATAL_FAILURE( ++ InitCodec(*iface, kInitWidth, kInitHeight, &enc.ctx, &cfg)); ++ if (IsVP9(iface)) { ++ EXPECT_EQ(vpx_codec_control_(&enc.ctx, VP9E_SET_TILE_COLUMNS, 6), ++ VPX_CODEC_OK); ++ EXPECT_EQ(vpx_codec_control_(&enc.ctx, VP9E_SET_ROW_MT, i), ++ VPX_CODEC_OK); ++ } ++ ++ cfg.g_w = 1000; ++ cfg.g_h = 608; ++ EXPECT_EQ(vpx_codec_enc_config_set(&enc.ctx, &cfg), VPX_CODEC_OK) ++ << vpx_codec_error_detail(&enc.ctx); ++ ++ cfg.g_w = 16; ++ cfg.g_h = 720; ++ ++ for (const auto threads : { 1, 4, 8, 6, 2, 1 }) { ++ cfg.g_threads = threads; + EXPECT_NO_FATAL_FAILURE(EncodeWithConfig(cfg, &enc.ctx)) + << "iteration: " << i << " threads: " << threads; + } diff --git a/patches/source/libvpx/0003-VP8-disallow-thread-count-changes.patch b/patches/source/libvpx/0003-VP8-disallow-thread-count-changes.patch new file mode 100644 index 000000000..f93b3d258 --- /dev/null +++ b/patches/source/libvpx/0003-VP8-disallow-thread-count-changes.patch @@ -0,0 +1,51 @@ +From: James Zern <jzern@google.com> +Date: Mon, 25 Sep 2023 18:55:59 -0700 +Subject: VP8: disallow thread count changes +Origin: https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590 +Bug-Debian: https://bugs.debian.org/1053182 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-5217 + +Currently allocations are done at encoder creation time. Going from +threaded to non-threaded would cause a crash. + +Bug: chromium:1486441 +Change-Id: Ie301c2a70847dff2f0daae408fbef1e4d42e73d4 +--- + test/encode_api_test.cc | 4 ---- + vp8/encoder/onyx_if.c | 5 +++++ + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/test/encode_api_test.cc b/test/encode_api_test.cc +index a8a4df2ddf88..f1c98b2c71c9 100644 +--- a/test/encode_api_test.cc ++++ b/test/encode_api_test.cc +@@ -370,10 +370,6 @@ TEST(EncodeAPI, ConfigResizeChangeThreadCount) { + + for (const auto *iface : kCodecIfaces) { + SCOPED_TRACE(vpx_codec_iface_name(iface)); +- if (!IsVP9(iface)) { +- GTEST_SKIP() << "TODO(https://crbug.com/1486441) remove this condition " +- "after VP8 is fixed."; +- } + for (int i = 0; i < (IsVP9(iface) ? 2 : 1); ++i) { + vpx_codec_enc_cfg_t cfg = {}; + struct Encoder { +diff --git a/vp8/encoder/onyx_if.c b/vp8/encoder/onyx_if.c +index c65afc643bf6..c5e9970c3cc8 100644 +--- a/vp8/encoder/onyx_if.c ++++ b/vp8/encoder/onyx_if.c +@@ -1447,6 +1447,11 @@ void vp8_change_config(VP8_COMP *cpi, VP8_CONFIG *oxcf) { + last_h = cpi->oxcf.Height; + prev_number_of_layers = cpi->oxcf.number_of_layers; + ++ if (cpi->initial_width) { ++ // TODO(https://crbug.com/1486441): Allow changing thread counts; the ++ // allocation is done once in vp8_create_compressor(). ++ oxcf->multi_threaded = cpi->oxcf.multi_threaded; ++ } + cpi->oxcf = *oxcf; + + switch (cpi->oxcf.Mode) { +-- +2.40.1 + diff --git a/patches/source/libvpx/libvpx.SlackBuild b/patches/source/libvpx/libvpx.SlackBuild new file mode 100755 index 000000000..51fa17cb4 --- /dev/null +++ b/patches/source/libvpx/libvpx.SlackBuild @@ -0,0 +1,127 @@ +#!/bin/bash + +# Slackware build script for libvpx + +# Copyright 2013 Matteo Bernardini <ponce@slackbuilds.org>, Pisa, Italy +# Copyright 2014, 2018, 2023 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=libvpx +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1_slack15.0} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" + ARCHOPTS="--target=x86-linux-gcc" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" + ARCHOPTS="--target=x86-linux-gcc" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" + ARCHOPTS="--target=x86_64-linux-gcc --enable-pic" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" + ARCHOPTS="--target=${ARCH}-linux-gcc" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Looks like this avoids possible problems with ffmpeg after a supposedly +# ABI compatible libvpx upgrade. Probably doesn't hurt. Thanks to Debian. +cat $CWD/0001-Relax-ABI-check.patch | patch -p1 --verbose || exit 1 + +# Patch security issues: +cat $CWD/0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch | patch -p1 --verbose || exit 1 +cat $CWD/0003-VP8-disallow-thread-count-changes.patch | patch -p1 --verbose || exit 1 + +# out of tree build +mkdir build-tmp +cd build-tmp + CFLAGS="$SLKCFLAGS" \ + CXXFLAGS="$SLKCFLAGS" \ + ../configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --disable-debug-libs \ + --disable-debug \ + --enable-vp8 \ + --enable-postproc \ + --enable-vp9 \ + --enable-vp9-postproc \ + --enable-vp9-highbitdepth \ + --enable-shared \ + --disable-static \ + --enable-runtime-cpu-detect \ + $ARCHOPTS + + make $NUMJOBS || make || exit 1 + make install DESTDIR=$PKG || exit 1 +cd .. + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION +cp -a AUTHORS CHANGELOG LICENSE PATENTS README* build-tmp/docs/html \ + $PKG/usr/doc/$PKGNAM-$VERSION + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz diff --git a/patches/source/libvpx/libvpx.url b/patches/source/libvpx/libvpx.url new file mode 100644 index 000000000..a148660df --- /dev/null +++ b/patches/source/libvpx/libvpx.url @@ -0,0 +1 @@ +https://github.com/webmproject/libvpx diff --git a/patches/source/libvpx/slack-desc b/patches/source/libvpx/slack-desc new file mode 100644 index 000000000..14cc2dab4 --- /dev/null +++ b/patches/source/libvpx/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +libvpx: libvpx (VP8/VP9 video codec) +libvpx: +libvpx: VP8 is an open video codec, originally developed by On2 and released +libvpx: as open source by Google Inc. It is the successor of the VP3 codec, +libvpx: on which the Theora codec was based. +libvpx: +libvpx: VP9 is an open and royalty free video compression standard developed +libvpx: by Google Inc and successor to VP8. +libvpx: +libvpx: Homepage: http://www.webmproject.org/ +libvpx: |