@@ -1699,8 +1699,6 @@ dist_patch_DATA = \
%D%/packages/patches/libutils-remove-damaging-includes.patch \
%D%/packages/patches/libvdpau-va-gl-unbundle.patch \
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
- %D%/packages/patches/libvpx-CVE-2023-5217.patch \
- %D%/packages/patches/libvpx-CVE-2023-44488.patch \
%D%/packages/patches/libxml2-xpath0-Add-option-xpath0.patch \
%D%/packages/patches/libwpd-gcc-compat.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
deleted file mode 100644
@@ -1,107 +0,0 @@
-From the upstream repo, can be removed after 1.14.1
-https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937.patch
-https://www.openwall.com/lists/oss-security/2023/09/30/4
-
-The test change didn't apply so it was removed from the patch
-
-From df9fd9d5b7325060b2b921558a1eb20ca7880937 Mon Sep 17 00:00:00 2001
-From: Jerome Jiang <jianj@google.com>
-Date: Thu, 30 Jun 2022 13:48:56 -0400
-Subject: [PATCH] Fix bug with smaller width bigger size
-
-Fixed previous patch that clusterfuzz failed on.
-
-Local fuzzing passing overnight.
-
-Bug: webm:1642
-Change-Id: If0e08e72abd2e042efe4dcfac21e4cc51afdfdb9
-(cherry picked from commit 263682c9a29395055f3b3afe2d97be1828a6223f)
----
- test/resize_test.cc | 11 +++--------
- vp9/common/vp9_alloccommon.c | 13 ++++++-------
- vp9/encoder/vp9_encoder.c | 27 +++++++++++++++++++++++++--
- 3 files changed, 34 insertions(+), 17 deletions(-)
-
-diff --git a/vp9/common/vp9_alloccommon.c b/vp9/common/vp9_alloccommon.c
-index e53883f621d..9e73e40ea09 100644
---- a/vp9/common/vp9_alloccommon.c
-+++ b/vp9/common/vp9_alloccommon.c
-@@ -135,13 +135,6 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) {
- cm->free_mi(cm);
- if (cm->alloc_mi(cm, new_mi_size)) goto fail;
- }
--
-- if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) {
-- // Create the segmentation map structure and set to 0.
-- free_seg_map(cm);
-- if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail;
-- }
--
- if (cm->above_context_alloc_cols < cm->mi_cols) {
- vpx_free(cm->above_context);
- cm->above_context = (ENTROPY_CONTEXT *)vpx_calloc(
-@@ -156,6 +149,12 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) {
- cm->above_context_alloc_cols = cm->mi_cols;
- }
-
-+ if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) {
-+ // Create the segmentation map structure and set to 0.
-+ free_seg_map(cm);
-+ if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail;
-+ }
-+
- if (vp9_alloc_loop_filter(cm)) goto fail;
-
- return 0;
-diff --git a/vp9/encoder/vp9_encoder.c b/vp9/encoder/vp9_encoder.c
-index b66fdc0bca3..e3850775455 100644
---- a/vp9/encoder/vp9_encoder.c
-+++ b/vp9/encoder/vp9_encoder.c
-@@ -1973,6 +1973,17 @@ static void alloc_copy_partition_data(VP9_COMP *cpi) {
- }
- }
-
-+static void free_copy_partition_data(VP9_COMP *cpi) {
-+ vpx_free(cpi->prev_partition);
-+ cpi->prev_partition = NULL;
-+ vpx_free(cpi->prev_segment_id);
-+ cpi->prev_segment_id = NULL;
-+ vpx_free(cpi->prev_variance_low);
-+ cpi->prev_variance_low = NULL;
-+ vpx_free(cpi->copied_frame_cnt);
-+ cpi->copied_frame_cnt = NULL;
-+}
-+
- void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
- VP9_COMMON *const cm = &cpi->common;
- RATE_CONTROL *const rc = &cpi->rc;
-@@ -2052,6 +2063,8 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
- new_mi_size = cm->mi_stride * calc_mi_size(cm->mi_rows);
- if (cm->mi_alloc_size < new_mi_size) {
- vp9_free_context_buffers(cm);
-+ vp9_free_pc_tree(&cpi->td);
-+ vpx_free(cpi->mbmi_ext_base);
- alloc_compressor_data(cpi);
- realloc_segmentation_maps(cpi);
- cpi->initial_width = cpi->initial_height = 0;
-@@ -2070,8 +2083,18 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
- update_frame_size(cpi);
-
- if (last_w != cpi->oxcf.width || last_h != cpi->oxcf.height) {
-- memset(cpi->consec_zero_mv, 0,
-- cm->mi_rows * cm->mi_cols * sizeof(*cpi->consec_zero_mv));
-+ vpx_free(cpi->consec_zero_mv);
-+ CHECK_MEM_ERROR(
-+ cm, cpi->consec_zero_mv,
-+ vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(*cpi->consec_zero_mv)));
-+
-+ vpx_free(cpi->skin_map);
-+ CHECK_MEM_ERROR(
-+ cm, cpi->skin_map,
-+ vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(cpi->skin_map[0])));
-+
-+ free_copy_partition_data(cpi);
-+ alloc_copy_partition_data(cpi);
- if (cpi->oxcf.aq_mode == CYCLIC_REFRESH_AQ)
- vp9_cyclic_refresh_reset_resize(cpi);
- rc->rc_1_frame = 0;
deleted file mode 100644
@@ -1,99 +0,0 @@
-From: Tobias Geerinckx-Rice <me@tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: libvpx: Fix CVE-2023-5217.
-
-These are the changes made to libvpx between Firefox ESR 115.3.0 and
-115.3.1, which claims to fix CVE-2023-5217 and so do we. The report
-itself is not public.
-
-It consists of the following 2 upstream libvpx commits:
- af6dedd715f4307669366944cca6e0417b290282
- 3fbd1dca6a4d2dad332a2110d646e4ffef36d590
-which are not yet part of an upstream commit.
-
----
-diff -Naur libvpx.orig/test/encode_api_test.cc libvpx/test/encode_api_test.cc
---- libvpx.orig/test/encode_api_test.cc 1970-01-01 01:00:01.000000000 +0100
-+++ libvpx/test/encode_api_test.cc 2023-09-29 21:00:03.189620452 +0200
-@@ -304,7 +304,6 @@
-
- void InitCodec(const vpx_codec_iface_t &iface, int width, int height,
- vpx_codec_ctx_t *enc, vpx_codec_enc_cfg_t *cfg) {
-- ASSERT_EQ(vpx_codec_enc_config_default(&iface, cfg, 0), VPX_CODEC_OK);
- cfg->g_w = width;
- cfg->g_h = height;
- cfg->g_lag_in_frames = 0;
-@@ -342,6 +341,7 @@
- vpx_codec_ctx_t ctx = {};
- } enc;
-
-+ ASSERT_EQ(vpx_codec_enc_config_default(iface, &cfg, 0), VPX_CODEC_OK);
- EXPECT_NO_FATAL_FAILURE(
- InitCodec(*iface, kWidth, kHeight, &enc.ctx, &cfg));
- if (IsVP9(iface)) {
-@@ -353,6 +353,50 @@
-
- for (const auto threads : { 1, 4, 8, 6, 2, 1 }) {
- cfg.g_threads = threads;
-+ EXPECT_NO_FATAL_FAILURE(EncodeWithConfig(cfg, &enc.ctx))
-+ << "iteration: " << i << " threads: " << threads;
-+ }
-+ }
-+ }
-+}
-+
-+TEST(EncodeAPI, ConfigResizeChangeThreadCount) {
-+ constexpr int kInitWidth = 1024;
-+ constexpr int kInitHeight = 1024;
-+
-+ for (const auto *iface : kCodecIfaces) {
-+ SCOPED_TRACE(vpx_codec_iface_name(iface));
-+ for (int i = 0; i < (IsVP9(iface) ? 2 : 1); ++i) {
-+ vpx_codec_enc_cfg_t cfg = {};
-+ struct Encoder {
-+ ~Encoder() { EXPECT_EQ(vpx_codec_destroy(&ctx), VPX_CODEC_OK); }
-+ vpx_codec_ctx_t ctx = {};
-+ } enc;
-+
-+ ASSERT_EQ(vpx_codec_enc_config_default(iface, &cfg, 0), VPX_CODEC_OK);
-+ // Start in threaded mode to ensure resolution and thread related
-+ // allocations are updated correctly across changes in resolution and
-+ // thread counts. See https://crbug.com/1486441.
-+ cfg.g_threads = 4;
-+ EXPECT_NO_FATAL_FAILURE(
-+ InitCodec(*iface, kInitWidth, kInitHeight, &enc.ctx, &cfg));
-+ if (IsVP9(iface)) {
-+ EXPECT_EQ(vpx_codec_control_(&enc.ctx, VP9E_SET_TILE_COLUMNS, 6),
-+ VPX_CODEC_OK);
-+ EXPECT_EQ(vpx_codec_control_(&enc.ctx, VP9E_SET_ROW_MT, i),
-+ VPX_CODEC_OK);
-+ }
-+
-+ cfg.g_w = 1000;
-+ cfg.g_h = 608;
-+ EXPECT_EQ(vpx_codec_enc_config_set(&enc.ctx, &cfg), VPX_CODEC_OK)
-+ << vpx_codec_error_detail(&enc.ctx);
-+
-+ cfg.g_w = 16;
-+ cfg.g_h = 720;
-+
-+ for (const auto threads : { 1, 4, 8, 6, 2, 1 }) {
-+ cfg.g_threads = threads;
- EXPECT_NO_FATAL_FAILURE(EncodeWithConfig(cfg, &enc.ctx))
- << "iteration: " << i << " threads: " << threads;
- }
-diff -Naur libvpx.orig/vp8/encoder/onyx_if.c libvpx/vp8/encoder/onyx_if.c
---- libvpx.orig/vp8/encoder/onyx_if.c 1970-01-01 01:00:01.000000000 +0100
-+++ libvpx/vp8/encoder/onyx_if.c 2023-09-29 21:01:44.155476128 +0200
-@@ -1443,6 +1443,11 @@
- last_h = cpi->oxcf.Height;
- prev_number_of_layers = cpi->oxcf.number_of_layers;
-
-+ if (cpi->initial_width) {
-+ // TODO(https://crbug.com/1486441): Allow changing thread counts; the
-+ // allocation is done once in vp8_create_compressor().
-+ oxcf->multi_threaded = cpi->oxcf.multi_threaded;
-+ }
- cpi->oxcf = *oxcf;
-
- switch (cpi->oxcf.Mode) {
@@ -2950,7 +2950,7 @@ (define-public mpv-mpris
(define-public libvpx
(package
(name "libvpx")
- (version "1.12.0")
+ (version "1.14.1")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -2959,9 +2959,8 @@ (define-public libvpx
(file-name (git-file-name name version))
(sha256
(base32
- "1x12f2bd4jqd532rnixmwvcx8d29yxiacpcxqqh86qczc49la8gm"))
- (patches (search-patches "libvpx-CVE-2016-2818.patch"
- "libvpx-CVE-2023-5217.patch"))))
+ "0r6qvc84mflpy1zxz7p8aj7i552cwx957l50akvajxmzij1kpy1x"))
+ (patches (search-patches "libvpx-CVE-2016-2818.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags (list "--enable-shared"