Hello community, here is the log from the commit of package libvpx for openSUSE:Factory checked in at 2018-01-20 11:19:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvpx (Old) and /work/SRC/openSUSE:Factory/.libvpx.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvpx" Sat Jan 20 11:19:14 2018 rev:34 rq:567289 version:1.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/libvpx/libvpx.changes 2017-09-07 22:07:57.903365807 +0200 +++ /work/SRC/openSUSE:Factory/.libvpx.new/libvpx.changes 2018-01-20 11:19:18.529141036 +0100 @@ -1,0 +2,9 @@ +Thu Jan 18 08:57:32 UTC 2018 - Adrian Schröter <[email protected]> + +- Fix OOB caused by odd frame width with patch from android + Adding patch CVE-2017-13194.patch (CVE-2017-13194) +- this changelog entry also contains the new scheme with full name + and "umlaut" to test which tools may break with it in our distro. + Please track problems here: https://github.com/openSUSE/obs-build/pull/214 + +------------------------------------------------------------------- New: ---- CVE-2017-13194.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvpx.spec ++++++ --- /var/tmp/diff_new_pack.11LOpf/_old 2018-01-20 11:19:20.157064932 +0100 +++ /var/tmp/diff_new_pack.11LOpf/_new 2018-01-20 11:19:20.161064745 +0100 @@ -1,7 +1,7 @@ # # spec file for package libvpx # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,7 @@ Source0: https://storage.googleapis.com/downloads.webmproject.org/releases/webm/libvpx-%{version}.tar.bz2 Source1: test-data.sha1 Source1000: baselibs.conf +Patch0: CVE-2017-13194.patch Patch1: libvpx-define-config_pic.patch Patch2: libvpx-configure-add-s390.patch Patch4: libvpx-armv7-use-hard-float.patch @@ -92,6 +93,7 @@ %prep %setup -q +%patch0 -p1 %patch1 -p1 %patch2 -p1 %patch4 -p1 ++++++ CVE-2017-13194.patch ++++++ Index: libvpx-1.6.1/vpx/src/vpx_image.c =================================================================== --- libvpx-1.6.1.orig/vpx/src/vpx_image.c +++ libvpx-1.6.1/vpx/src/vpx_image.c @@ -88,11 +88,10 @@ static vpx_image_t *img_alloc_helper(vpx default: ycs = 0; break; } - /* Calculate storage sizes given the chroma subsampling */ - align = (1 << xcs) - 1; - w = (d_w + align) & ~align; - align = (1 << ycs) - 1; - h = (d_h + align) & ~align; + /* Calculate storage sizes. If the buffer was allocated externally, the width + * and height shouldn't be adjusted. */ + w = d_w; + h = d_h; s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8; s = (s + stride_align - 1) & ~(stride_align - 1); stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; @@ -111,9 +110,18 @@ static vpx_image_t *img_alloc_helper(vpx img->img_data = img_data; if (!img_data) { - const uint64_t alloc_size = (fmt & VPX_IMG_FMT_PLANAR) - ? (uint64_t)h * s * bps / 8 - : (uint64_t)h * s; + uint64_t alloc_size; + /* Calculate storage sizes given the chroma subsampling */ + align = (1 << xcs) - 1; + w = (d_w + align) & ~align; + align = (1 << ycs) - 1; + h = (d_h + align) & ~align; + + s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8; + s = (s + stride_align - 1) & ~(stride_align - 1); + stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; + alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8 + : (uint64_t)h * s; if (alloc_size != (size_t)alloc_size) goto fail;
