Accepting request 567289 from multimedia:libs

security fix ... and test balloon for new changelog schema as discussed with DimStar

OBS-URL: https://build.opensuse.org/request/show/567289
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvpx?expand=0&rev=34

CVE-2017-13194.patch

@@ -0,0 +1,42 @@
+Index: libvpx-1.6.1/vpx/src/vpx_image.c
+===================================================================
+--- libvpx-1.6.1.orig/vpx/src/vpx_image.c
++++ libvpx-1.6.1/vpx/src/vpx_image.c
+@@ -88,11 +88,10 @@ static vpx_image_t *img_alloc_helper(vpx
+     default: ycs = 0; break;
+   }
+ 
+-  /* Calculate storage sizes given the chroma subsampling */
+-  align = (1 << xcs) - 1;
+-  w = (d_w + align) & ~align;
+-  align = (1 << ycs) - 1;
+-  h = (d_h + align) & ~align;
++  /* Calculate storage sizes. If the buffer was allocated externally, the width
++   * and height shouldn't be adjusted. */
++  w = d_w;
++  h = d_h;
+   s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
+   s = (s + stride_align - 1) & ~(stride_align - 1);
+   stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+@@ -111,9 +110,18 @@ static vpx_image_t *img_alloc_helper(vpx
+   img->img_data = img_data;
+ 
+   if (!img_data) {
+-    const uint64_t alloc_size = (fmt & VPX_IMG_FMT_PLANAR)
+-                                    ? (uint64_t)h * s * bps / 8
+-                                    : (uint64_t)h * s;
++    uint64_t alloc_size;
++    /* Calculate storage sizes given the chroma subsampling */
++    align = (1 << xcs) - 1;
++    w = (d_w + align) & ~align;
++    align = (1 << ycs) - 1;
++    h = (d_h + align) & ~align;
++
++    s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
++    s = (s + stride_align - 1) & ~(stride_align - 1);
++    stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
++    alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8
++                                            : (uint64_t)h * s;
+ 
+     if (alloc_size != (size_t)alloc_size) goto fail;
+ 

libvpx.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Jan 18 08:57:32 UTC 2018 - Adrian Schröter <adrian@suse.de>
+
+- Fix OOB caused by odd frame width with patch from android
+  Adding patch CVE-2017-13194.patch (CVE-2017-13194)
+- this changelog entry also contains the new scheme with full name
+  and "umlaut" to test which tools may break with it in our distro.
+  Please track problems here: https://github.com/openSUSE/obs-build/pull/214
+
 -------------------------------------------------------------------
 Thu Aug 31 06:26:03 UTC 2017 - adrian@suse.de
 

libvpx.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libvpx
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,6 +27,7 @@ Url:            http://www.webmproject.org/
 Source0:        https://storage.googleapis.com/downloads.webmproject.org/releases/webm/libvpx-%{version}.tar.bz2
 Source1:        test-data.sha1
 Source1000:     baselibs.conf
+Patch0:         CVE-2017-13194.patch
 Patch1:         libvpx-define-config_pic.patch
 Patch2:         libvpx-configure-add-s390.patch
 Patch4:         libvpx-armv7-use-hard-float.patch
@@ -92,6 +93,7 @@ The WebM file structure is based on the Matroska container.
 
 %prep
 %setup -q
+%patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch4 -p1