Add patch for CVE-2023-5217
Resolves: RHEL-10612
This commit is contained in:
Wim Taymans
parent
63846fa856
commit
6f594aa625
34
0001-VP8-disallow-thread-count-changes.patch
Normal file
34
0001-VP8-disallow-thread-count-changes.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From 3a03995efe86129cde5df3a7de32fecdfce3259e Mon Sep 17 00:00:00 2001
|
||||
From: James Zern <jzern@google.com>
|
||||
Date: Mon, 25 Sep 2023 18:55:59 -0700
|
||||
Subject: [PATCH] VP8: disallow thread count changes
|
||||
|
||||
Currently allocations are done at encoder creation time. Going from
|
||||
threaded to non-threaded would cause a crash.
|
||||
|
||||
Bug: chromium:1486441
|
||||
Change-Id: Ie301c2a70847dff2f0daae408fbef1e4d42e73d4
|
||||
(cherry picked from commit 3fbd1dca6a4d2dad332a2110d646e4ffef36d590)
|
||||
---
|
||||
vp8/encoder/onyx_if.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/vp8/encoder/onyx_if.c b/vp8/encoder/onyx_if.c
|
||||
index 224318242..e0c22070c 100644
|
||||
--- a/vp8/encoder/onyx_if.c
|
||||
+++ b/vp8/encoder/onyx_if.c
|
||||
@@ -1449,6 +1449,11 @@ void vp8_change_config(VP8_COMP *cpi, VP8_CONFIG *oxcf) {
|
||||
last_h = cpi->oxcf.Height;
|
||||
prev_number_of_layers = cpi->oxcf.number_of_layers;
|
||||
|
||||
+ if (cpi->initial_width) {
|
||||
+ // TODO(https://crbug.com/1486441): Allow changing thread counts; the
|
||||
+ // allocation is done once in vp8_create_compressor().
|
||||
+ oxcf->multi_threaded = cpi->oxcf.multi_threaded;
|
||||
+ }
|
||||
cpi->oxcf = *oxcf;
|
||||
|
||||
switch (cpi->oxcf.Mode) {
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
Name: libvpx
|
||||
Summary: VP8/VP9 Video Codec SDK
|
||||
Version: 1.7.0
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: BSD
|
||||
Group: System Environment/Libraries
|
||||
#Source0: http://downloads.webmproject.org/releases/webm/%{name}-%{version}.tar.bz2
|
||||
@ -26,6 +26,7 @@ Patch2: 0002-CVE-2019-9433-VP8-Fix-use-after-free-in-postproc.patch
|
||||
Patch3: 0003-CVE-2019-9371-update-libwebm.patch
|
||||
Patch4: 0004-CVE-2019-2126-update-libwebm-to-libwebm-1.0.0.27-361.patch
|
||||
Patch5: 0001-Fix-bug-with-smaller-width-bigger-size.patch
|
||||
Patch6: 0001-VP8-disallow-thread-count-changes.patch
|
||||
|
||||
%description
|
||||
libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications
|
||||
@ -58,6 +59,7 @@ and decoder.
|
||||
%patch3 -p1 -b .0003
|
||||
%patch4 -p1 -b .0004
|
||||
%patch5 -p1 -b .0005
|
||||
%patch6 -p1 -b .0006
|
||||
|
||||
%build
|
||||
%ifarch %{ix86}
|
||||
@ -247,6 +249,10 @@ rm -rf %{buildroot}%{_prefix}/src
|
||||
%{_bindir}/*
|
||||
|
||||
%changelog
|
||||
* Thu Oct 5 2023 Wim Taymans <wtaymans@redhat.com> - 1.7.0-10
|
||||
- Add patch for CVE-2023-5217
|
||||
- Resolves: RHEL-10612
|
||||
|
||||
* Tue Oct 3 2023 Wim Taymans <wtaymans@redhat.com> - 1.7.0-9
|
||||
- Add patch for CVE-2023-44488
|
||||
- Resolves: RHEL-11615
|
||||
|
||||
Loading…
Reference in New Issue
Block a user