From 8e3089d039654c532d7026c5ccaf76637cfb554f Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 2 Nov 2023 08:46:09 +0000 Subject: [PATCH] import CS thunderbird-115.4.1-1.el8 --- .gitignore | 4 +- .thunderbird.metadata | 4 +- SOURCES/CVE-2023-44488-libvpx.patch | 127 ++++++++++++++++++++++++++++ SPECS/thunderbird.spec | 45 +++++++--- 4 files changed, 165 insertions(+), 15 deletions(-) create mode 100644 SOURCES/CVE-2023-44488-libvpx.patch diff --git a/.gitignore b/.gitignore index a71d8b4..b0544eb 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,5 @@ SOURCES/cbindgen-vendor.tar.xz SOURCES/nspr-4.35.0-1.el8_1.src.rpm SOURCES/nss-3.90.0-2.el8_1.src.rpm SOURCES/nss-3.90.0-3.el9_0.src.rpm -SOURCES/thunderbird-115.3.1.processed-source.tar.xz -SOURCES/thunderbird-langpacks-115.3.1-20230929.tar.xz +SOURCES/thunderbird-115.4.1.processed-source.tar.xz +SOURCES/thunderbird-langpacks-115.4.1-20231025.tar.xz diff --git a/.thunderbird.metadata b/.thunderbird.metadata index 9dfde8f..0b07d65 100644 --- a/.thunderbird.metadata +++ b/.thunderbird.metadata @@ -2,5 +2,5 @@ b963b16f6879c5dbe6e33a3a3da058b494453922 SOURCES/cbindgen-vendor.tar.xz d744f92e874688cc4b5376477dfdd639a97a6cd4 SOURCES/nspr-4.35.0-1.el8_1.src.rpm 39d1004f8948186cdaa33bbb90423f6f994bdf6c SOURCES/nss-3.90.0-2.el8_1.src.rpm df0dd588680f6ade6728a1fd3ff2d71e7a46255d SOURCES/nss-3.90.0-3.el9_0.src.rpm -f7fb65ec6b54fd7c652e5ef7f90b2975f6ea47e1 SOURCES/thunderbird-115.3.1.processed-source.tar.xz -6c731bd5d70d3c84d92848dcf91117307be64418 SOURCES/thunderbird-langpacks-115.3.1-20230929.tar.xz +02fe5168662a55fdad1abfe4537442ca9cac6f67 SOURCES/thunderbird-115.4.1.processed-source.tar.xz +7fb41ab4b51c0b38cc104092300d61fdea062de0 SOURCES/thunderbird-langpacks-115.4.1-20231025.tar.xz diff --git a/SOURCES/CVE-2023-44488-libvpx.patch b/SOURCES/CVE-2023-44488-libvpx.patch new file mode 100644 index 0000000..79e5235 --- /dev/null +++ b/SOURCES/CVE-2023-44488-libvpx.patch @@ -0,0 +1,127 @@ +From 263682c9a29395055f3b3afe2d97be1828a6223f Mon Sep 17 00:00:00 2001 +From: Jerome Jiang +Date: Thu, 30 Jun 2022 13:48:56 -0400 +Subject: [PATCH] Fix bug with smaller width bigger size + +Fixed previous patch that clusterfuzz failed on. + +Bug: webm:1642 +Change-Id: If0e08e72abd2e042efe4dcfac21e4cc51afdfdb9 +--- + test/resize_test.cc | 11 +++-------- + vp9/common/vp9_alloccommon.c | 13 ++++++------- + vp9/encoder/vp9_encoder.c | 27 +++++++++++++++++++++++++-- + 3 files changed, 34 insertions(+), 17 deletions(-) + +diff --git a/test/resize_test.cc b/test/resize_test.cc +index fd1c2a92de6..20ad2229b46 100644 +--- a/test/resize_test.cc ++++ b/test/resize_test.cc +@@ -102,11 +102,8 @@ void ScaleForFrameNumber(unsigned int frame, unsigned int initial_w, + if (frame < 30) { + return; + } +- if (frame < 100) { +- *w = initial_w * 7 / 10; +- *h = initial_h * 16 / 10; +- return; +- } ++ *w = initial_w * 7 / 10; ++ *h = initial_h * 16 / 10; + return; + } + if (frame < 10) { +@@ -559,9 +556,7 @@ TEST_P(ResizeRealtimeTest, TestExternalResizeWorks) { + } + } + +-// TODO(https://crbug.com/webm/1642): This causes a segfault in +-// init_encode_frame_mb_context(). +-TEST_P(ResizeRealtimeTest, DISABLED_TestExternalResizeSmallerWidthBiggerSize) { ++TEST_P(ResizeRealtimeTest, TestExternalResizeSmallerWidthBiggerSize) { + ResizingVideoSource video; + video.flag_codec_ = true; + video.smaller_width_larger_size_ = true; +diff --git a/vp9/common/vp9_alloccommon.c b/vp9/common/vp9_alloccommon.c +index e53883f621d..9e73e40ea09 100644 +--- a/vp9/common/vp9_alloccommon.c ++++ b/vp9/common/vp9_alloccommon.c +@@ -135,13 +135,6 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) { + cm->free_mi(cm); + if (cm->alloc_mi(cm, new_mi_size)) goto fail; + } +- +- if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) { +- // Create the segmentation map structure and set to 0. +- free_seg_map(cm); +- if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail; +- } +- + if (cm->above_context_alloc_cols < cm->mi_cols) { + vpx_free(cm->above_context); + cm->above_context = (ENTROPY_CONTEXT *)vpx_calloc( +@@ -156,6 +149,12 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) { + cm->above_context_alloc_cols = cm->mi_cols; + } + ++ if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) { ++ // Create the segmentation map structure and set to 0. ++ free_seg_map(cm); ++ if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail; ++ } ++ + if (vp9_alloc_loop_filter(cm)) goto fail; + + return 0; +diff --git a/vp9/encoder/vp9_encoder.c b/vp9/encoder/vp9_encoder.c +index 69a4e3c314f..e3ba294c32f 100644 +--- a/vp9/encoder/vp9_encoder.c ++++ b/vp9/encoder/vp9_encoder.c +@@ -2047,6 +2047,17 @@ static void alloc_copy_partition_data(VP9_COMP *cpi) { + } + } + ++static void free_copy_partition_data(VP9_COMP *cpi) { ++ vpx_free(cpi->prev_partition); ++ cpi->prev_partition = NULL; ++ vpx_free(cpi->prev_segment_id); ++ cpi->prev_segment_id = NULL; ++ vpx_free(cpi->prev_variance_low); ++ cpi->prev_variance_low = NULL; ++ vpx_free(cpi->copied_frame_cnt); ++ cpi->copied_frame_cnt = NULL; ++} ++ + void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) { + VP9_COMMON *const cm = &cpi->common; + RATE_CONTROL *const rc = &cpi->rc; +@@ -2126,6 +2137,8 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) { + new_mi_size = cm->mi_stride * calc_mi_size(cm->mi_rows); + if (cm->mi_alloc_size < new_mi_size) { + vp9_free_context_buffers(cm); ++ vp9_free_pc_tree(&cpi->td); ++ vpx_free(cpi->mbmi_ext_base); + alloc_compressor_data(cpi); + realloc_segmentation_maps(cpi); + cpi->initial_width = cpi->initial_height = 0; +@@ -2144,8 +2157,18 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) { + update_frame_size(cpi); + + if (last_w != cpi->oxcf.width || last_h != cpi->oxcf.height) { +- memset(cpi->consec_zero_mv, 0, +- cm->mi_rows * cm->mi_cols * sizeof(*cpi->consec_zero_mv)); ++ vpx_free(cpi->consec_zero_mv); ++ CHECK_MEM_ERROR( ++ &cm->error, cpi->consec_zero_mv, ++ vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(*cpi->consec_zero_mv))); ++ ++ vpx_free(cpi->skin_map); ++ CHECK_MEM_ERROR( ++ &cm->error, cpi->skin_map, ++ vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(cpi->skin_map[0]))); ++ ++ free_copy_partition_data(cpi); ++ alloc_copy_partition_data(cpi); + if (cpi->oxcf.aq_mode == CYCLIC_REFRESH_AQ) + vp9_cyclic_refresh_reset_resize(cpi); + rc->rc_1_frame = 0; diff --git a/SPECS/thunderbird.spec b/SPECS/thunderbird.spec index f048217..7a1c4d8 100644 --- a/SPECS/thunderbird.spec +++ b/SPECS/thunderbird.spec @@ -134,7 +134,7 @@ end} Summary: Mozilla Thunderbird mail/newsgroup client Name: thunderbird -Version: 115.3.1 +Version: 115.4.1 Release: 1%{?dist} URL: http://www.mozilla.org/projects/thunderbird/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -160,7 +160,7 @@ ExcludeArch: aarch64 s390 ppc #Source0: https://archive.mozilla.org/pub/thunderbird/releases/%%{version}%%{?pre_version}/source/thunderbird-%%{version}%%{?pre_version}.processed-source.tar.xz Source0: thunderbird-%{version}%{?pre_version}%{?buildnum}.processed-source.tar.xz %if %{with langpacks} -Source1: thunderbird-langpacks-%{version}-20230929.tar.xz +Source1: thunderbird-langpacks-%{version}-20231025.tar.xz %endif Source2: cbindgen-vendor.tar.xz Source3: process-official-tarball @@ -213,6 +213,9 @@ Patch154: firefox-nss-addon-hack.patch # ARM run-time patch Patch155: rhbz-1354671.patch +# ---- Security patches ---- +Patch301: CVE-2023-44488-libvpx.patch + # BUILD REQURES/REQUIRES %if %{?system_nss} && !0%{?bundle_nss} BuildRequires: pkgconfig(nspr) >= %{nspr_version} @@ -888,15 +891,15 @@ Mozilla Thunderbird is a standalone mail and newsgroup client. %prep echo "Build environment" echo "--------------------------------------------" -echo "dist %{?dist}" -echo "RHEL 8 minor version: %{?rhel_minor_version}" -echo "bundle_nss %{?bundle_nss}" -echo "system_nss %{?system_nss}" -echo "use_rust_ts %{?use_rust_ts}" -echo "use_dts %{?use_dts}" -echo "use_nodejs_scl %{?use_nodejs_scl}" -echo "use_llvm_ts %{?use_llvm_ts}" -echo "use_python3_scl %{?use_python3_scl}" +echo "dist %{?dist}" +echo "RHEL minor version: %{?rhel_minor_version}" +echo "bundle_nss %{?bundle_nss}" +echo "system_nss %{?system_nss}" +echo "use_rust_ts %{?use_rust_ts}" +echo "use_dts %{?use_dts}" +echo "use_nodejs_scl %{?use_nodejs_scl}" +echo "use_llvm_ts %{?use_llvm_ts}" +echo "use_python3_scl %{?use_python3_scl}" echo "--------------------------------------------" %setup -q @@ -945,6 +948,11 @@ echo "--------------------------------------------" %patch -P155 -p1 -b .rhbz-1354671 %endif +# ---- Security patches ---- +cd media/libvpx/libvpx +%patch -P301 -p1 -b .CVE-2023-44488-libvpx +cd - + %{__rm} -f .mozconfig %{__cp} %{SOURCE10} .mozconfig %{__cp} %{SOURCE24} mozilla-api-key @@ -1006,6 +1014,9 @@ echo "ac_add_options --with-mozilla-api-keyfile=`pwd`/mozilla-api-key" >> .mozco echo "ac_add_options --with-google-location-service-api-keyfile=`pwd`/google-loc-api-key" >> .mozconfig echo "ac_add_options --with-google-safebrowsing-api-keyfile=`pwd`/google-api-key" >> .mozconfig +# Clang 17 upstream's detection fails, tell it where to look. +echo "ac_add_options --with-libclang-path=`llvm-config --libdir`" >> .mozconfig + echo 'export NODEJS="%{_buildrootdir}/bin/node-stdout-nonblocking-wrapper"' >> .mozconfig # Remove executable bit to make brp-mangle-shebangs happy. @@ -1494,6 +1505,18 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #=============================================================================== %changelog +* Wed Oct 25 2023 Eike Rathke - 115.4.1-1 +- Update to 115.4.1 build1 + +* Tue Oct 24 2023 Anton Bobrov - 115.4.0-3 +- Update to 115.4.0 build3 + +* Sat Oct 21 2023 Eike Rathke - 115.4.0-2 +- Update to 115.4.0 build2 + +* Fri Oct 20 2023 Eike Rathke - 115.4.0-1 +- Update to 115.4.0 build1 + * Fri Sep 29 2023 Eike Rathke - 115.3.1-1 - Update to 115.3.1 build1