From 637a8a9e9bf20fd8e01304bba6617277db026c89 Mon Sep 17 00:00:00 2001
From: Kevin Mihelich <kevin@plugapps.com>
Date: Wed, 9 Mar 2011 01:40:49 -0500
Subject: [PATCH] updated extra/libvpx

---
 extra/libvpx/CVE-2010-4203.patch | 69 --------------------------------
 extra/libvpx/PKGBUILD            | 17 ++++----
 2 files changed, 9 insertions(+), 77 deletions(-)
 delete mode 100644 extra/libvpx/CVE-2010-4203.patch

diff --git a/extra/libvpx/CVE-2010-4203.patch b/extra/libvpx/CVE-2010-4203.patch
deleted file mode 100644
index 41210bb09..000000000
--- a/extra/libvpx/CVE-2010-4203.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From: John Koleszar <jkoleszar@google.com>
-Date: Thu, 4 Nov 2010 20:59:26 +0000 (-0400)
-Subject: fix integer promotion bug in partition size check
-X-Git-Url: https://review.webmproject.org/gitweb?p=libvpx.git;a=commitdiff_plain;h=9fb80f7170ec48e23c3c7b477149eeb37081c699;hp=09bcc1f710ea65dc158639479288fb1908ff0c53
-
-fix integer promotion bug in partition size check
-
-The check '(user_data_end - partition < partition_size)' must be
-evaluated as a signed comparison, but because partition_size was
-unsigned, the LHS was promoted to unsigned, causing an incorrect
-result on 32-bit. Instead, check the upper and lower bounds of
-the segment separately.
-
-Change-Id: I6266aba7fd7de084268712a3d2a81424ead7aa06
----
-
-diff --git a/vp8/decoder/decodframe.c b/vp8/decoder/decodframe.c
-index 2d81d61..f5e49a1 100644
---- a/vp8/decoder/decodframe.c
-+++ b/vp8/decoder/decodframe.c
-@@ -462,7 +462,8 @@ static void setup_token_decoder(VP8D_COMP *pbi,
-             partition_size = user_data_end - partition;
-         }
- 
--        if (user_data_end - partition < partition_size)
-+        if (partition + partition_size > user_data_end
-+            || partition + partition_size < partition)
-             vpx_internal_error(&pc->error, VPX_CODEC_CORRUPT_FRAME,
-                                "Truncated packet or corrupt partition "
-                                "%d length", i + 1);
-@@ -580,7 +581,8 @@ int vp8_decode_frame(VP8D_COMP *pbi)
-         (data[0] | (data[1] << 8) | (data[2] << 16)) >> 5;
-     data += 3;
- 
--    if (data_end - data < first_partition_length_in_bytes)
-+    if (data + first_partition_length_in_bytes > data_end
-+        || data + first_partition_length_in_bytes < data)
-         vpx_internal_error(&pc->error, VPX_CODEC_CORRUPT_FRAME,
-                            "Truncated packet or corrupt partition 0 length");
-     vp8_setup_version(pc);
-diff --git a/vp8/vp8_dx_iface.c b/vp8/vp8_dx_iface.c
-index e7e5356..f0adf5b 100644
---- a/vp8/vp8_dx_iface.c
-+++ b/vp8/vp8_dx_iface.c
-@@ -253,8 +253,11 @@ static vpx_codec_err_t vp8_peek_si(const uint8_t         *data,
-                                    unsigned int           data_sz,
-                                    vpx_codec_stream_info_t *si)
- {
--
-     vpx_codec_err_t res = VPX_CODEC_OK;
-+
-+    if(data + data_sz <= data)
-+        res = VPX_CODEC_INVALID_PARAM;
-+    else
-     {
-         /* Parse uncompresssed part of key frame header.
-          * 3 bytes:- including version, frame type and an offset
-@@ -331,7 +334,10 @@ static vpx_codec_err_t vp8_decode(vpx_codec_alg_priv_t  *ctx,
- 
-     ctx->img_avail = 0;
- 
--    /* Determine the stream parameters */
-+    /* Determine the stream parameters. Note that we rely on peek_si to
-+     * validate that we have a buffer that does not wrap around the top
-+     * of the heap.
-+     */
-     if (!ctx->si.h)
-         res = ctx->base.iface->dec.peek_si(data, data_sz, &ctx->si);
- 
diff --git a/extra/libvpx/PKGBUILD b/extra/libvpx/PKGBUILD
index 2b7b2fc23..e5847dcc3 100644
--- a/extra/libvpx/PKGBUILD
+++ b/extra/libvpx/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 100998 2010-11-27 10:13:02Z ibiru $
+# $Id: PKGBUILD 113425 2011-03-08 16:40:27Z ibiru $
 # Maintainer: Ionut Biru <ibiru@archlinux.org>
 
 # PlugApps: Kevin Mihelich <kevin@plugapps.com>
@@ -7,22 +7,19 @@
 plugrel=1
 
 pkgname=libvpx
-pkgver=0.9.5
-pkgrel=2
+pkgver=0.9.6
+pkgrel=1
 pkgdesc="The VP8 Codec SDK"
 arch=('i686' 'x86_64')
 url="http://www.webmproject.org/"
 license=('BSD')
 depends=('glibc')
 makedepends=('yasm')
-source=(http://webm.googlecode.com/files/${pkgname}-v${pkgver}.tar.bz2
-        CVE-2010-4203.patch)
-sha1sums=('223965ff16737251afb3377c0800d1f8b5f84379'
-          '4a6399bbf604ab397f53ad42c087fda588eb4ddf')
+source=(http://webm.googlecode.com/files/${pkgname}-v${pkgver}.tar.bz2)
+sha1sums=('a3522bd2b73d52381ba767ded1cbf4760e9cc6f8')
 
 build() {
     cd "${srcdir}/${pkgname}-v${pkgver}"
-    patch -Np1 -i "${srcdir}/CVE-2010-4203.patch"
     ./configure --enable-vp8 \
         --enable-runtime-cpu-detect \
         --enable-postproc \
@@ -30,6 +27,10 @@ build() {
         --disable-install-docs \
         --disable-install-srcs
     make
+}
+
+package() {
+    cd "${srcdir}/${pkgname}-v${pkgver}"
     make DIST_DIR="$pkgdir/usr" install
     install -D -m 0644 LICENSE "$pkgdir/usr/share/licenses/${pkgname}/LICENSE"
 }