commit: f64e1f924824033b61856a1c4a0162ab675a57a4 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> AuthorDate: Thu Dec 5 05:09:17 2019 +0000 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> CommitDate: Thu Dec 5 05:15:12 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f64e1f92
media-libs/libvpx: security rev bump Bug: https://bugs.gentoo.org/701834 Package-Manager: Portage-2.3.80, Repoman-2.3.19 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> ...libvpx-1.7.0-CVE-2019-9232_9325_9371_9433.patch | 211 +++++++++++++++++++++ media-libs/libvpx/libvpx-1.7.0-r1.ebuild | 131 +++++++++++++ 2 files changed, 342 insertions(+) diff --git a/media-libs/libvpx/files/libvpx-1.7.0-CVE-2019-9232_9325_9371_9433.patch b/media-libs/libvpx/files/libvpx-1.7.0-CVE-2019-9232_9325_9371_9433.patch new file mode 100644 index 00000000000..623eccda902 --- /dev/null +++ b/media-libs/libvpx/files/libvpx-1.7.0-CVE-2019-9232_9325_9371_9433.patch @@ -0,0 +1,211 @@ +Backports of + +From 46e17f0cb4a80b36755c84b8bf15731d3386c08f Mon Sep 17 00:00:00 2001 +From: kyslov <[email protected]> +Date: Fri, 4 Jan 2019 17:04:09 -0800 +Subject: [PATCH] Fix OOB memory access on fuzzed data + +From 0681cff1ad36b3ef8ec242f59b5a6c4234ccfb88 Mon Sep 17 00:00:00 2001 +From: James Zern <[email protected]> +Date: Tue, 24 Jul 2018 21:36:50 -0700 +Subject: [PATCH] vp9: fix OOB read in decoder_peek_si_internal + +From f00890eecdf8365ea125ac16769a83aa6b68792d Mon Sep 17 00:00:00 2001 +From: James Zern <[email protected]> +Date: Tue, 11 Dec 2018 18:06:20 -0800 +Subject: [PATCH] update libwebm to libwebm-1.0.0.27-352-g6ab9fcf + +From 34d54b04e98dd0bac32e9aab0fbda0bf501bc742 Mon Sep 17 00:00:00 2001 +From: James Zern <[email protected]> +Date: Tue, 9 Apr 2019 18:37:44 -0700 +Subject: [PATCH] update libwebm to libwebm-1.0.0.27-358-gdbf1d10 + +From 52add5896661d186dec284ed646a4b33b607d2c7 Mon Sep 17 00:00:00 2001 +From: Jerome Jiang <[email protected]> +Date: Wed, 23 May 2018 15:43:00 -0700 +Subject: [PATCH] VP8: Fix use-after-free in postproc. + +to address CVE-2019-9232 CVE-2019-9325 CVE-2019-9371 CVE-2019-9433 + + +--- a/test/decode_api_test.cc ++++ b/test/decode_api_test.cc +@@ -138,8 +138,30 @@ TEST(DecodeAPI, Vp9InvalidDecode) { + EXPECT_EQ(VPX_CODEC_OK, vpx_codec_destroy(&dec)); + } + +-TEST(DecodeAPI, Vp9PeekSI) { ++void TestPeekInfo(const uint8_t *const data, uint32_t data_sz, ++ uint32_t peek_size) { + const vpx_codec_iface_t *const codec = &vpx_codec_vp9_dx_algo; ++ // Verify behavior of vpx_codec_decode. vpx_codec_decode doesn't even get ++ // to decoder_peek_si_internal on frames of size < 8. ++ if (data_sz >= 8) { ++ vpx_codec_ctx_t dec; ++ EXPECT_EQ(VPX_CODEC_OK, vpx_codec_dec_init(&dec, codec, NULL, 0)); ++ EXPECT_EQ((data_sz < peek_size) ? VPX_CODEC_UNSUP_BITSTREAM ++ : VPX_CODEC_CORRUPT_FRAME, ++ vpx_codec_decode(&dec, data, data_sz, NULL, 0)); ++ vpx_codec_iter_t iter = NULL; ++ EXPECT_EQ(NULL, vpx_codec_get_frame(&dec, &iter)); ++ EXPECT_EQ(VPX_CODEC_OK, vpx_codec_destroy(&dec)); ++ } ++ ++ // Verify behavior of vpx_codec_peek_stream_info. ++ vpx_codec_stream_info_t si; ++ si.sz = sizeof(si); ++ EXPECT_EQ((data_sz < peek_size) ? VPX_CODEC_UNSUP_BITSTREAM : VPX_CODEC_OK, ++ vpx_codec_peek_stream_info(codec, data, data_sz, &si)); ++} ++ ++TEST(DecodeAPI, Vp9PeekStreamInfo) { + // The first 9 bytes are valid and the rest of the bytes are made up. Until + // size 10, this should return VPX_CODEC_UNSUP_BITSTREAM and after that it + // should return VPX_CODEC_CORRUPT_FRAME. +@@ -150,24 +172,18 @@ TEST(DecodeAPI, Vp9PeekSI) { + }; + + for (uint32_t data_sz = 1; data_sz <= 32; ++data_sz) { +- // Verify behavior of vpx_codec_decode. vpx_codec_decode doesn't even get +- // to decoder_peek_si_internal on frames of size < 8. +- if (data_sz >= 8) { +- vpx_codec_ctx_t dec; +- EXPECT_EQ(VPX_CODEC_OK, vpx_codec_dec_init(&dec, codec, NULL, 0)); +- EXPECT_EQ( +- (data_sz < 10) ? VPX_CODEC_UNSUP_BITSTREAM : VPX_CODEC_CORRUPT_FRAME, +- vpx_codec_decode(&dec, data, data_sz, NULL, 0)); +- vpx_codec_iter_t iter = NULL; +- EXPECT_EQ(NULL, vpx_codec_get_frame(&dec, &iter)); +- EXPECT_EQ(VPX_CODEC_OK, vpx_codec_destroy(&dec)); +- } ++ TestPeekInfo(data, data_sz, 10); ++ } ++} ++ ++TEST(DecodeAPI, Vp9PeekStreamInfoTruncated) { ++ // This profile 1 header requires 10.25 bytes, ensure ++ // vpx_codec_peek_stream_info doesn't over read. ++ const uint8_t profile1_data[10] = { 0xa4, 0xe9, 0x30, 0x68, 0x53, ++ 0xe9, 0x30, 0x68, 0x53, 0x04 }; + +- // Verify behavior of vpx_codec_peek_stream_info. +- vpx_codec_stream_info_t si; +- si.sz = sizeof(si); +- EXPECT_EQ((data_sz < 10) ? VPX_CODEC_UNSUP_BITSTREAM : VPX_CODEC_OK, +- vpx_codec_peek_stream_info(codec, data, data_sz, &si)); ++ for (uint32_t data_sz = 1; data_sz <= 10; ++data_sz) { ++ TestPeekInfo(profile1_data, data_sz, 11); + } + } + #endif // CONFIG_VP9_DECODER +--- a/third_party/libwebm/mkvparser/mkvparser.cc ++++ b/third_party/libwebm/mkvparser/mkvparser.cc +@@ -5307,8 +5307,8 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info, + + const long long stop = pos + s.size; + +- Colour* colour = NULL; +- Projection* projection = NULL; ++ std::unique_ptr<Colour> colour_ptr; ++ std::unique_ptr<Projection> projection_ptr; + + while (pos < stop) { + long long id, size; +@@ -5357,11 +5357,19 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info, + if (rate <= 0) + return E_FILE_FORMAT_INVALID; + } else if (id == libwebm::kMkvColour) { +- if (!Colour::Parse(pReader, pos, size, &colour)) ++ Colour* colour = NULL; ++ if (!Colour::Parse(pReader, pos, size, &colour)) { + return E_FILE_FORMAT_INVALID; ++ } else { ++ colour_ptr.reset(colour); ++ } + } else if (id == libwebm::kMkvProjection) { +- if (!Projection::Parse(pReader, pos, size, &projection)) ++ Projection* projection = NULL; ++ if (!Projection::Parse(pReader, pos, size, &projection)) { + return E_FILE_FORMAT_INVALID; ++ } else { ++ projection_ptr.reset(projection); ++ } + } + + pos += size; // consume payload +@@ -5392,8 +5400,8 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info, + pTrack->m_display_unit = display_unit; + pTrack->m_stereo_mode = stereo_mode; + pTrack->m_rate = rate; +- pTrack->m_colour = colour; +- pTrack->m_projection = projection; ++ pTrack->m_colour = colour_ptr.release(); ++ pTrack->m_projection = projection_ptr.release(); + + pResult = pTrack; + return 0; // success +--- a/vp8/common/postproc.c ++++ b/vp8/common/postproc.c +@@ -65,7 +65,7 @@ void vp8_deblock(VP8_COMMON *cm, YV12_BUFFER_CONFIG *source, + double level = 6.0e-05 * q * q * q - .0067 * q * q + .306 * q + .0065; + int ppl = (int)(level + .5); + +- const MODE_INFO *mode_info_context = cm->show_frame_mi; ++ const MODE_INFO *mode_info_context = cm->mi; + int mbr, mbc; + + /* The pixel thresholds are adjusted according to if or not the macroblock +--- a/vp8/decoder/dboolhuff.h ++++ b/vp8/decoder/dboolhuff.h +@@ -76,7 +76,7 @@ static int vp8dx_decode_bool(BOOL_DECODER *br, int probability) { + } + + { +- register int shift = vp8_norm[range]; ++ const unsigned char shift = vp8_norm[(unsigned char)range]; + range <<= shift; + value <<= shift; + count -= shift; +--- a/vp9/vp9_dx_iface.c ++++ b/vp9/vp9_dx_iface.c +@@ -97,7 +97,7 @@ static vpx_codec_err_t decoder_peek_si_internal( + const uint8_t *data, unsigned int data_sz, vpx_codec_stream_info_t *si, + int *is_intra_only, vpx_decrypt_cb decrypt_cb, void *decrypt_state) { + int intra_only_flag = 0; +- uint8_t clear_buffer[10]; ++ uint8_t clear_buffer[11]; + + if (data + data_sz <= data) return VPX_CODEC_INVALID_PARAM; + +@@ -158,6 +158,9 @@ static vpx_codec_err_t decoder_peek_si_internal( + if (profile > PROFILE_0) { + if (!parse_bitdepth_colorspace_sampling(profile, &rb)) + return VPX_CODEC_UNSUP_BITSTREAM; ++ // The colorspace info may cause vp9_read_frame_size() to need 11 ++ // bytes. ++ if (data_sz < 11) return VPX_CODEC_UNSUP_BITSTREAM; + } + rb.bit_offset += REF_FRAMES; // refresh_frame_flags + vp9_read_frame_size(&rb, (int *)&si->w, (int *)&si->h); +--- a/vpx_dsp/bitreader.h ++++ b/vpx_dsp/bitreader.h +@@ -94,7 +94,7 @@ static INLINE int vpx_read(vpx_reader *r, int prob) { + } + + { +- register int shift = vpx_norm[range]; ++ const unsigned char shift = vpx_norm[(unsigned char)range]; + range <<= shift; + value <<= shift; + count -= shift; +--- a/vpx_dsp/bitreader_buffer.c ++++ b/vpx_dsp/bitreader_buffer.c +@@ -23,7 +23,7 @@ int vpx_rb_read_bit(struct vpx_read_bit_buffer *rb) { + rb->bit_offset = off + 1; + return bit; + } else { +- rb->error_handler(rb->error_handler_data); ++ if (rb->error_handler != NULL) rb->error_handler(rb->error_handler_data); + return 0; + } + } diff --git a/media-libs/libvpx/libvpx-1.7.0-r1.ebuild b/media-libs/libvpx/libvpx-1.7.0-r1.ebuild new file mode 100644 index 00000000000..f6456c00acb --- /dev/null +++ b/media-libs/libvpx/libvpx-1.7.0-r1.ebuild @@ -0,0 +1,131 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" +inherit toolchain-funcs multilib-minimal + +# To create a new testdata tarball: +# 1. Unpack source tarbll or checkout git tag +# 2. export LIBVPX_TEST_DATA_PATH=libvpx-testdata +# 3. configure --enable-unit-tests --enable-vp9-highbitdepth +# 4. make testdata +# 5. tar -cjf libvpx-testdata-${MY_PV}.tar.bz2 libvpx-testdata + +LIBVPX_TESTDATA_VER=1.7.0 + +DESCRIPTION="WebM VP8 and VP9 Codec SDK" +HOMEPAGE="https://www.webmproject.org"; +SRC_URI="https://github.com/webmproject/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz + test? ( mirror://gentoo/${PN}-testdata-${LIBVPX_TESTDATA_VER}.tar.xz )" + +LICENSE="BSD" +SLOT="0/5" +KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="cpu_flags_x86_avx cpu_flags_x86_avx2 doc cpu_flags_x86_mmx postproc cpu_flags_x86_sse cpu_flags_x86_sse2 cpu_flags_x86_sse3 cpu_flags_x86_ssse3 cpu_flags_x86_sse4_1 +highbitdepth static-libs svc test +threads" + +REQUIRED_USE=" + cpu_flags_x86_sse2? ( cpu_flags_x86_mmx ) + cpu_flags_x86_ssse3? ( cpu_flags_x86_sse2 ) + test? ( threads ) +" + +# Disable test phase when USE="-test" +RESTRICT="!test? ( test )" + +RDEPEND="" +DEPEND="abi_x86_32? ( dev-lang/yasm ) + abi_x86_64? ( dev-lang/yasm ) + abi_x86_x32? ( dev-lang/yasm ) + x86-fbsd? ( dev-lang/yasm ) + amd64-fbsd? ( dev-lang/yasm ) + doc? ( + app-doc/doxygen + dev-lang/php + ) +" + +PATCHES=( + "${FILESDIR}"/libvpx-1.3.0-sparc-configure.patch # 501010 + "${FILESDIR}"/${P}-CVE-2019-9232_9325_9371_9433.patch +) + +src_configure() { + # https://bugs.gentoo.org/show_bug.cgi?id=384585 + # https://bugs.gentoo.org/show_bug.cgi?id=465988 + # copied from php-pear-r1.eclass + addpredict /usr/share/snmp/mibs/.index + addpredict /var/lib/net-snmp/ + addpredict /var/lib/net-snmp/mib_indexes + addpredict /session_mm_cli0.sem + multilib-minimal_src_configure +} + +multilib_src_configure() { + unset CODECS #357487 + + # #498364: sse doesn't work without sse2 enabled, + local myconfargs=( + --prefix="${EPREFIX}"/usr + --libdir="${EPREFIX}"/usr/$(get_libdir) + --enable-pic + --enable-vp8 + --enable-vp9 + --enable-shared + --extra-cflags="${CFLAGS}" + $(use_enable cpu_flags_x86_avx avx) + $(use_enable cpu_flags_x86_avx2 avx2) + $(use_enable cpu_flags_x86_mmx mmx) + $(use_enable postproc) + $(use cpu_flags_x86_sse2 && use_enable cpu_flags_x86_sse sse || echo --disable-sse) + $(use_enable cpu_flags_x86_sse2 sse2) + $(use_enable cpu_flags_x86_sse3 sse3) + $(use_enable cpu_flags_x86_sse4_1 sse4_1) + $(use_enable cpu_flags_x86_ssse3 ssse3) + $(use_enable svc experimental) $(use_enable svc spatial-svc) + $(use_enable static-libs static) + $(use_enable test unit-tests) + $(use_enable threads multithread) + $(use_enable highbitdepth vp9-highbitdepth) + ) + + # let the build system decide which AS to use (it honours $AS but + # then feeds it with yasm flags without checking...) #345161 + tc-export AS + case "${CHOST}" in + i?86*) export AS=yasm;; + x86_64*) export AS=yasm;; + esac + + # powerpc toolchain is not recognized anymore, #694368 + [[ ${CHOST} == powerpc-* ]] && myconfargs+=( --force-target=generic-gnu ) + + # Build with correct toolchain. + tc-export CC CXX AR NM + # Link with gcc by default, the build system should override this if needed. + export LD="${CC}" + + if multilib_is_native_abi; then + myconfargs+=( $(use_enable doc install-docs) $(use_enable doc docs) ) + else + # not needed for multilib and will be overwritten anyway. + myconfargs+=( --disable-examples --disable-install-docs --disable-docs ) + fi + + "${S}"/configure "${myconfargs[@]}" +} + +multilib_src_compile() { + # build verbose by default and do not build examples that will not be installed + emake verbose=yes GEN_EXAMPLES= +} + +multilib_src_test() { + local -x LD_LIBRARY_PATH="${BUILD_DIR}" + local -x LIBVPX_TEST_DATA_PATH="${WORKDIR}/${PN}-testdata" + emake verbose=yes GEN_EXAMPLES= test +} + +multilib_src_install() { + emake verbose=yes GEN_EXAMPLES= DESTDIR="${D}" install + multilib_is_native_abi && use doc && dodoc -r docs/html +}
