Fix for libvpx CVE-2023-5217

2023-10-26 10:24:01 +08:00 · 2023-10-26 10:24:01 +08:00 · 6bd3cd82d8
commit 6bd3cd82d8
parent a4b7917642
2 changed files with 47 additions and 1 deletions
--- a/CVE-2023-5217.patch
+++ b/CVE-2023-5217.patch
@ -0,0 +1,40 @@
+
+# HG changeset patch
+# User Ryan VanderMeulen <ryanvm@gmail.com>
+# Date 1695856343 0
+# Node ID c53f5ef77b62b79af86951a7f9130e1896b695d2
+# Parent  90445136a15d059a272041ef3c4a277732b346b6
+Bug 1855550 - VP8: disallow thread count changes. r=jesup
+
+Cherry-pick of upstream libvpx commits:
+https://chromium.googlesource.com/webm/libvpx/+/af6dedd715f4307669366944cca6e0417b290282
+https://chromium.googlesource.com/webm/libvpx/+/3fbd1dca6a4d2dad332a2110d646e4ffef36d590
+
+Differential Revision: https://phabricator.services.mozilla.com/D189428
+
+Origin:
+https://hg.mozilla.org/mozilla-central/raw-rev/c53f5ef77b62b79af86951a7f9130e1896b695d2
+---
+ media/libvpx/libvpx/vp8/encoder/onyx_if.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/media/libvpx/libvpx/vp8/encoder/onyx_if.c b/media/libvpx/libvpx/vp8/encoder/onyx_if.c
+index 2b059a1..8d05668 100644
+--- a/media/libvpx/libvpx/vp8/encoder/onyx_if.c
+++ b/media/libvpx/libvpx/vp8/encoder/onyx_if.c
+@@ -1445,6 +1445,12 @@ void vp8_change_config(VP8_COMP *cpi, VP8_CONFIG *oxcf) {
+   last_h = cpi->oxcf.Height;
+   prev_number_of_layers = cpi->oxcf.number_of_layers;
+ 
+  if (cpi->initial_width) {
+    // TODO(https://crbug.com/1486441): Allow changing thread counts; the
+    // allocation is done once in vp8_create_compressor().
+    oxcf->multi_threaded = cpi->oxcf.multi_threaded;
+  }
+
+   cpi->oxcf = *oxcf;
+ 
+   switch (cpi->oxcf.Mode) {
+-- 
+2.33.0
+
--- a/firefox.spec
+++ b/firefox.spec
@ -88,7 +88,7 @@
 Summary:             Mozilla Firefox Web browser
 Name:                firefox
 Version:             79.0
-Release:             13
+Release:             14
 URL:                 https://www.mozilla.org/firefox/
 License:             MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:             https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -191,6 +191,8 @@ Patch649:            CVE-2022-22822-CVE-2022-22823-CVE-2022-22824-CVE-2022-22825
 Patch650:            CVE-2023-4863-1.patch
 # https://hg.mozilla.org/releases/mozilla-esr115/rev/cbbf997c33890c2c49d24079db83b6ebb74cd7d8
 Patch651:            CVE-2023-4863-2.patch
+# https://hg.mozilla.org/mozilla-central/raw-rev/c53f5ef77b62b79af86951a7f9130e1896b695d2
+Patch652:            CVE-2023-5217.patch



@ -379,6 +381,7 @@ tar -xf %{SOURCE3}
 %patch649 -p1
 %patch650 -p1
 %patch651 -p1
+%patch652 -p1


 %{__rm} -f .mozconfig
@ -828,6 +831,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif

 %changelog
+* Thu Oct 26 2023 yaoxin <yao_xin001@hoperun.com> - 79.0-14
+- Fix for libvpx CVE-2023-5217
+
 * Thu Sep 28 2023 yaoxin <yao_xin001@hoperun.com> - 79.0-13
 - Fix for libwebp CVE-2023-4863