Fix for libvpx CVE-2023-5217
This commit is contained in:
starlet-dx
parent
a4b7917642
commit
6bd3cd82d8
40
CVE-2023-5217.patch
Normal file
40
CVE-2023-5217.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Ryan VanderMeulen <ryanvm@gmail.com>
|
||||||
|
# Date 1695856343 0
|
||||||
|
# Node ID c53f5ef77b62b79af86951a7f9130e1896b695d2
|
||||||
|
# Parent 90445136a15d059a272041ef3c4a277732b346b6
|
||||||
|
Bug 1855550 - VP8: disallow thread count changes. r=jesup
|
||||||
|
|
||||||
|
Cherry-pick of upstream libvpx commits:
|
||||||
|
https://chromium.googlesource.com/webm/libvpx/+/af6dedd715f4307669366944cca6e0417b290282
|
||||||
|
https://chromium.googlesource.com/webm/libvpx/+/3fbd1dca6a4d2dad332a2110d646e4ffef36d590
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D189428
|
||||||
|
|
||||||
|
Origin:
|
||||||
|
https://hg.mozilla.org/mozilla-central/raw-rev/c53f5ef77b62b79af86951a7f9130e1896b695d2
|
||||||
|
---
|
||||||
|
media/libvpx/libvpx/vp8/encoder/onyx_if.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/media/libvpx/libvpx/vp8/encoder/onyx_if.c b/media/libvpx/libvpx/vp8/encoder/onyx_if.c
|
||||||
|
index 2b059a1..8d05668 100644
|
||||||
|
--- a/media/libvpx/libvpx/vp8/encoder/onyx_if.c
|
||||||
|
+++ b/media/libvpx/libvpx/vp8/encoder/onyx_if.c
|
||||||
|
@@ -1445,6 +1445,12 @@ void vp8_change_config(VP8_COMP *cpi, VP8_CONFIG *oxcf) {
|
||||||
|
last_h = cpi->oxcf.Height;
|
||||||
|
prev_number_of_layers = cpi->oxcf.number_of_layers;
|
||||||
|
|
||||||
|
+ if (cpi->initial_width) {
|
||||||
|
+ // TODO(https://crbug.com/1486441): Allow changing thread counts; the
|
||||||
|
+ // allocation is done once in vp8_create_compressor().
|
||||||
|
+ oxcf->multi_threaded = cpi->oxcf.multi_threaded;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
cpi->oxcf = *oxcf;
|
||||||
|
|
||||||
|
switch (cpi->oxcf.Mode) {
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -88,7 +88,7 @@
|
|||||||
Summary: Mozilla Firefox Web browser
|
Summary: Mozilla Firefox Web browser
|
||||||
Name: firefox
|
Name: firefox
|
||||||
Version: 79.0
|
Version: 79.0
|
||||||
Release: 13
|
Release: 14
|
||||||
URL: https://www.mozilla.org/firefox/
|
URL: https://www.mozilla.org/firefox/
|
||||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||||
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
|
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
|
||||||
@ -191,6 +191,8 @@ Patch649: CVE-2022-22822-CVE-2022-22823-CVE-2022-22824-CVE-2022-22825
|
|||||||
Patch650: CVE-2023-4863-1.patch
|
Patch650: CVE-2023-4863-1.patch
|
||||||
# https://hg.mozilla.org/releases/mozilla-esr115/rev/cbbf997c33890c2c49d24079db83b6ebb74cd7d8
|
# https://hg.mozilla.org/releases/mozilla-esr115/rev/cbbf997c33890c2c49d24079db83b6ebb74cd7d8
|
||||||
Patch651: CVE-2023-4863-2.patch
|
Patch651: CVE-2023-4863-2.patch
|
||||||
|
# https://hg.mozilla.org/mozilla-central/raw-rev/c53f5ef77b62b79af86951a7f9130e1896b695d2
|
||||||
|
Patch652: CVE-2023-5217.patch
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -379,6 +381,7 @@ tar -xf %{SOURCE3}
|
|||||||
%patch649 -p1
|
%patch649 -p1
|
||||||
%patch650 -p1
|
%patch650 -p1
|
||||||
%patch651 -p1
|
%patch651 -p1
|
||||||
|
%patch652 -p1
|
||||||
|
|
||||||
|
|
||||||
%{__rm} -f .mozconfig
|
%{__rm} -f .mozconfig
|
||||||
@ -828,6 +831,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 26 2023 yaoxin <yao_xin001@hoperun.com> - 79.0-14
|
||||||
|
- Fix for libvpx CVE-2023-5217
|
||||||
|
|
||||||
* Thu Sep 28 2023 yaoxin <yao_xin001@hoperun.com> - 79.0-13
|
* Thu Sep 28 2023 yaoxin <yao_xin001@hoperun.com> - 79.0-13
|
||||||
- Fix for libwebp CVE-2023-4863
|
- Fix for libwebp CVE-2023-4863
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user