Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c

  changeset:   312077:7ebfe49f001c
  user:        Randell Jesup <rjesup@jesup.org>
  Date:        Fri Apr 15 23:11:01 2016 -0400
  summary:     Bug 1263384: validate input frames against configured resolution in vp8 r=rillian, a=ritu,lizzard

  MozReview-Commit-ID: BxDCnJe0mzs

--- libvpx-1.5.0/vp8/vp8_cx_iface.c.orig	2015-11-09 17:12:38.000000000 -0500
+++ libvpx-1.5.0/vp8/vp8_cx_iface.c	2016-06-08 08:48:46.037213092 -0400
@@ -860,11 +860,20 @@
     if (img != NULL) {
       res = image2yuvconfig(img, &sd);
 
-      if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, &sd,
-                                dst_time_stamp, dst_end_time_stamp)) {
-        VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
-        res = update_error_state(ctx, &cpi->common.error);
-      }
+            if (sd.y_width != ctx->cfg.g_w || sd.y_height != ctx->cfg.g_h) {
+                /* from vp8_encoder.h for g_w/g_h:
+                   "Note that the frames passed as input to the encoder must have this resolution"
+                */
+                ctx->base.err_detail = "Invalid input frame resolution";
+                res = VPX_CODEC_INVALID_PARAM;
+            } else {
+                if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags,
+                                          &sd, dst_time_stamp, dst_end_time_stamp))
+                {
+                    VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
+                    res = update_error_state(ctx, &cpi->common.error);
+                }
+            }
 
       /* reset for next frame */
       ctx->next_frame_flag = 0;
><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=53ef4bf53775cf80959000667c5bdb7f4d7b6232'>root</a>/<a href='/guix/log/nix?id=53ef4bf53775cf80959000667c5bdb7f4d7b6232'>nix</a>/<a href='/guix/log/nix/libutil?id=53ef4bf53775cf80959000667c5bdb7f4d7b6232'>libutil</a>/<a href='/guix/log/nix/libutil/util.hh?id=53ef4bf53775cf80959000667c5bdb7f4d7b6232'>util.hh</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/nix/libutil/util.hh?id=53ef4bf53775cf80959000667c5bdb7f4d7b6232&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-03-12 14:07:28 +0100'>2024-03-12</span></td><td><a href='/guix/commit/nix/libutil/util.hh?id=ff1251de0bc327ec478fc66a562430fbf35aef42'>daemon: Address shortcoming in previous security fix for CVE-2024-27297.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143.

Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two
ways: (1) it didn’t have any effet for fixed-output derivations
performed in a chroot, which is the case for all of them except those
using “builtin:download” and “builtin:git-download”, and (2) it did not
preserve ownership when copying, leading to “suspicious ownership or
permission […] rejecting this build output” errors.

* nix/libstore/build.cc (DerivationGoal::buildDone): Account for
‘chrootRootDir’ when copying ‘drv.outputs’.
* nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’
calls to preserve file ownership; this is necessary for chrooted
fixed-output derivation builds.
* nix/libutil/util.hh: Update comment.

Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2024-03-11 22:12:34 +0100'>2024-03-11</span></td><td><a href='/guix/commit/nix/libutil/util.hh?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143'>daemon: Protect against FD escape when building fixed-output derivations (CVE...</a><span class='msg-avail'>...<span class='msg-tooltip'>This fixes a security issue (CVE-2024-27297) whereby a fixed-output
derivation build process could open a writable file descriptor to its
output, send it to some outside process for instance over an abstract
AF_UNIX socket, which would then allow said process to modify the file
in the store after it has been marked as “valid”.

Vulnerability discovered by puck &lt;https://github.com/puckipedia&gt;.

Nix security advisory:
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37

Nix fix:
https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9

* nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and
a file descriptor.  Rewrite the ‘Path’ variant accordingly.
(copyFile, copyFileRecursively): New functions.
* nix/libutil/util.hh (copyFileRecursively): New declaration.
* nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’
is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output.

Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4

Reported-by: Picnoir &lt;picnoir@alternativebit.fr&gt;, Théophane Hufschmitt &lt;theophane.hufschmitt@tweag.io&gt;
Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-12-08 22:30:07 +0100'>2020-12-08</span></td><td><a href='/guix/commit/nix/libutil/util.hh?id=2e308238ad09e9527f9b8c3ec4a90b6b05a93367'>daemon: 'Agent' constructor takes a list of environment variables.</a><span class='msg-avail'>...<span class='msg-tooltip'>* nix/libutil/util.hh (struct Agent)[Agent]: Add 'env' parameter.
* nix/libutil/util.cc (Agent::Agent): Honor it.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-09-14 15:42:55 +0200'>2020-09-14</span></td><td><a href='/guix/commit/nix/libutil/util.hh?id=ee9dff34f9317509cb2b833d07a0d5e01a36a4ae'>daemon: Move 'Agent' to libutil.</a><span class='msg-avail'>...<span class='msg-tooltip'>* nix/libstore/build.cc (DerivationGoal::tryBuildHook): Add "offload" to
'args' and pass settings.guixProgram as the first argument to
Agent::Agent.
(pathNullDevice, commonChildInit, Agent, Agent::Agent)
(Agent::~Agent): Move to...
* nix/libutil/util.cc: ... here.
* nix/libutil/util.hh (struct Agent, commonChildInit): New
declarations.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2024-03-12	daemon: Address shortcoming in previous security fix for CVE-2024-27297....This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two ways: (1) it didn’t have any effet for fixed-output derivations performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156	Ludovic Courtès
2024-03-11	daemon: Protect against FD escape when building fixed-output derivations (CVE......This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88	Ludovic Courtès
2020-12-08	daemon: 'Agent' constructor takes a list of environment variables....* nix/libutil/util.hh (struct Agent)[Agent]: Add 'env' parameter. * nix/libutil/util.cc (Agent::Agent): Honor it.	Ludovic Courtès
2020-09-14	daemon: Move 'Agent' to libutil....* nix/libstore/build.cc (DerivationGoal::tryBuildHook): Add "offload" to 'args' and pass settings.guixProgram as the first argument to Agent::Agent. (pathNullDevice, commonChildInit, Agent, Agent::Agent) (Agent::~Agent): Move to... * nix/libutil/util.cc: ... here. * nix/libutil/util.hh (struct Agent, commonChildInit): New declarations.	Ludovic Courtès