guix_mirror_bot pushed a commit to branch world-rebuild
in repository guix.
commit 3b1d7e93f328016a3991eec55f8384ca0b3cc67d
Author: Andreas Enge <andr...@enge.fr>
AuthorDate: Thu Aug 21 01:13:50 2025 +0200
gnu: libvpx: Update to 1.15.2.
* gnu/packages/patches/libvpx-CVE-2025-5262.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Unregister file.
* gnu/packages/video.scm (libvpx): Update to 1.15.2.
[source]: Remove patch.
Change-Id: If7f5d584204a5bab29156f53930e45f76a4a68e3
---
gnu/local.mk | 1 -
gnu/packages/patches/libvpx-CVE-2025-5262.patch | 75 -------------------------
gnu/packages/video.scm | 7 +--
3 files changed, 3 insertions(+), 80 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 6f46f28cb8..2b6f94d13d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1791,7 +1791,6 @@ dist_patch_DATA =
\
%D%/packages/patches/libutils-remove-damaging-includes.patch \
%D%/packages/patches/libvdpau-va-gl-unbundle.patch \
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
- %D%/packages/patches/libvpx-CVE-2025-5262.patch \
%D%/packages/patches/libxml2-xpath0-Add-option-xpath0.patch \
%D%/packages/patches/libwpd-gcc-compat.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
diff --git a/gnu/packages/patches/libvpx-CVE-2025-5262.patch
b/gnu/packages/patches/libvpx-CVE-2025-5262.patch
deleted file mode 100644
index 413487126b..0000000000
--- a/gnu/packages/patches/libvpx-CVE-2025-5262.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-Copied from
<https://chromium.googlesource.com/webm/libvpx/+/1c758781c428c0e895645b95b8ff1512b6bdcecb%5E%21/>
-See also:
<https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5262>
- and:
<https://hg-edge.mozilla.org/releases/mozilla-esr128/rev/69f53ce5ef0bca2816a3b13cae570e835938c010>
-
-Author: James Zern <jz...@google.com> Thu May 01 02:28:48 2025
-
-vpx_codec_enc_init_multi: fix double free on init failure
-
-In `vp8e_init()`, the encoder would take ownership of
-`mr_cfg.mr_low_res_mode_info` even if `vp8_create_compressor()` failed.
-This caused confusion at the call site as other failures in
-`vp8e_init()` did not result in ownership transfer and the caller would
-free the memory. In the case of `vp8_create_compressor()` failure both
-the caller and `vpx_codec_destroy()` would free the memory, causing a
-crash. `mr_*` related variables are now cleared on failure to prevent
-this situation.
-
-Bug: webm:413411335
-Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1962421
-Change-Id: Ie951d42b9029a586bf9059b650bd8863db9f9ffc
-
---- a/vp8/vp8_cx_iface.c
-+++ b/vp8/vp8_cx_iface.c
-@@ -727,17 +727,27 @@ static vpx_codec_err_t vp8e_init(vpx_cod
- priv->pts_offset_initialized = 0;
- priv->timestamp_ratio.den = priv->cfg.g_timebase.den;
- priv->timestamp_ratio.num = (int64_t)priv->cfg.g_timebase.num;
- priv->timestamp_ratio.num *= TICKS_PER_SEC;
- reduce_ratio(&priv->timestamp_ratio);
-
- set_vp8e_config(&priv->oxcf, priv->cfg, priv->vp8_cfg, mr_cfg);
- priv->cpi = vp8_create_compressor(&priv->oxcf);
-- if (!priv->cpi) res = VPX_CODEC_MEM_ERROR;
-+ if (!priv->cpi) {
-+#if CONFIG_MULTI_RES_ENCODING
-+ // Release ownership of mr_cfg->mr_low_res_mode_info on failure. This
-+ // prevents ownership confusion with the caller and avoids a double
-+ // free when vpx_codec_destroy() is called on this instance.
-+ priv->oxcf.mr_total_resolutions = 0;
-+ priv->oxcf.mr_encoder_id = 0;
-+ priv->oxcf.mr_low_res_mode_info = NULL;
-+#endif
-+ res = VPX_CODEC_MEM_ERROR;
-+ }
- }
- }
-
- return res;
- }
-
- static vpx_codec_err_t vp8e_destroy(vpx_codec_alg_priv_t *ctx) {
- #if CONFIG_MULTI_RES_ENCODING
---- a/vpx/src/vpx_encoder.c
-+++ b/vpx/src/vpx_encoder.c
-@@ -109,16 +109,19 @@ vpx_codec_err_t vpx_codec_enc_init_multi
- mr_cfg.mr_down_sampling_factor.num = dsf->num;
- mr_cfg.mr_down_sampling_factor.den = dsf->den;
-
- ctx->iface = iface;
- ctx->name = iface->name;
- ctx->priv = NULL;
- ctx->init_flags = flags;
- ctx->config.enc = cfg;
-+ // ctx takes ownership of mr_cfg.mr_low_res_mode_info if and only if
-+ // this call succeeds. The first ctx entry in the array is
-+ // responsible for freeing the memory.
- res = ctx->iface->init(ctx, &mr_cfg);
- }
-
- if (res) {
- const char *error_detail = ctx->priv ? ctx->priv->err_detail : NULL;
- /* Destroy current ctx */
- ctx->err_detail = error_detail;
- vpx_codec_destroy(ctx);
-
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index b429ea24bd..5131f9daca 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -3013,7 +3013,7 @@ wallpaper using mpv.")
(define-public libvpx
(package
(name "libvpx")
- (version "1.15.0")
+ (version "1.15.2")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -3022,9 +3022,8 @@ wallpaper using mpv.")
(file-name (git-file-name name version))
(sha256
(base32
- "1q2scpfiifhpilw6qqpqihk98plj57gwh0vyiqwsv991i7b322bv"))
- (patches (search-patches "libvpx-CVE-2016-2818.patch"
- "libvpx-CVE-2025-5262.patch"))))
+ "07c29a5q19613pldp8qm6harqwl7kvqhs7vw4mr8s3dnwyb5jpnl"))
+ (patches (search-patches "libvpx-CVE-2016-2818.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags (list "--enable-shared"
