From: Moritz Mühlenhoff Date: Thu, 25 Apr 2024 17:31:24 +0000 (+0200) Subject: Import dav1d_1.0.0-2+deb12u1.debian.tar.xz X-Git-Tag: archive/raspbian/1.0.0-2+rpi1+deb12u1^2~2^2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=2ab189ad583815a8dc54a4e9b30244e8c52881ff;p=dav1d.git Import dav1d_1.0.0-2+deb12u1.debian.tar.xz [dgit import tarball dav1d 1.0.0-2+deb12u1 dav1d_1.0.0-2+deb12u1.debian.tar.xz] --- 2ab189ad583815a8dc54a4e9b30244e8c52881ff diff --git a/changelog b/changelog new file mode 100644 index 0000000..194226a --- /dev/null +++ b/changelog @@ -0,0 +1,115 @@ +dav1d (1.0.0-2+deb12u1) bookworm-security; urgency=medium + + * CVE-2024-1580 (Closes: #1064310) + + -- Moritz Mühlenhoff Thu, 25 Apr 2024 19:31:24 +0200 + +dav1d (1.0.0-2) unstable; urgency=medium + + * Upload to unstable + + -- Dylan Aïssi Sun, 22 May 2022 14:56:08 +0200 + +dav1d (1.0.0-1) experimental; urgency=medium + + * New upstream version + * Bump SONAME to libdav1d6 + * Update d/libdav1d6.symbols + * Update d/copyright + + -- Dylan Aïssi Mon, 21 Mar 2022 21:59:30 +0100 + +dav1d (0.9.2-1) unstable; urgency=medium + + * New upstream version + * Standards-Version: 4.6.0 (routine-update) + + -- Dylan Aïssi Sun, 12 Sep 2021 14:35:05 +0200 + +dav1d (0.9.1-2) unstable; urgency=medium + + * Upload to unstable. + + -- Dylan Aïssi Mon, 06 Sep 2021 20:20:36 +0200 + +dav1d (0.9.1-1) experimental; urgency=medium + + * New upstream release. + * Add more copyright holders in d/copyright. + + -- Dylan Aïssi Fri, 30 Jul 2021 11:21:25 +0200 + +dav1d (0.9.0-1) experimental; urgency=medium + + * New upstream release. + * Update d/libdav1d5.symbols. + * Bump year in d/copyright. + + -- Dylan Aïssi Mon, 17 May 2021 14:45:02 +0200 + +dav1d (0.8.2-1) experimental; urgency=medium + + * New upstream release. + * Bump year in d/copyright. + + -- Dylan Aïssi Wed, 12 May 2021 10:45:22 +0200 + +dav1d (0.8.1-1) experimental; urgency=medium + + [ Vasyl Gello ] + * Team upload. + * New upstream version 0.8.1 + * Bump SONAME to libdav1d5 + + [ Dylan Aïssi ] + * Remove part to disable asm on x32 in d/rules, + should be fixed in upstream makefile. + + -- Dylan Aïssi Thu, 28 Jan 2021 21:10:20 +0100 + +dav1d (0.7.1-3) unstable; urgency=high + + * Team upload. + * Disable asm code on x32, it hasn’t been ported there (Closes: #964576) + + -- Thorsten Glaser Wed, 08 Jul 2020 23:07:41 +0200 + +dav1d (0.7.1-2) unstable; urgency=medium + + * Update homepage in d/control + * Increase test timeout (Closes: #964249) + + -- Dylan Aïssi Sat, 04 Jul 2020 22:39:36 +0200 + +dav1d (0.7.1-1) unstable; urgency=medium + + * Team upload. + * New upstream version 0.7.1 + * Bump debhelper version to 13 + * Cosmetically re-order fields + * Install examples to libdav1d-dev + * Suppress spelling error false positive + * Add upstream metadata file + + -- Vasyl Gello Fri, 03 Jul 2020 21:18:02 +0200 + +dav1d (0.7.0-1) unstable; urgency=medium + + * New upstream release. + * Bump minimal nasm version to 2.14. + * Update d/copyright. + * Bump Standards-Version to 4.5.0. + * Bump SONAME to libdav1d4. + * Add salsa-ci file (routine-update) + * Rules-Requires-Root: no (routine-update) + + -- Dylan Aïssi Fri, 22 May 2020 14:54:50 +0200 + +dav1d (0.5.2-1) unstable; urgency=medium + + * Initial Debian release. (Closes: #916333) + * Clarify the AOM patent license which is not a copyright + license but rather an "optional extra" which grants + users patent rights under some extra conditions. + + -- Dylan Aïssi Sat, 11 Jan 2020 16:30:36 +0100 diff --git a/control b/control new file mode 100644 index 0000000..efc2ffd --- /dev/null +++ b/control @@ -0,0 +1,73 @@ +Source: dav1d +Section: video +Priority: optional +Maintainer: Debian Multimedia Maintainers +Uploaders: Dylan Aïssi +Build-Depends: debhelper-compat (= 13), + meson (>= 0.47), + ninja-build, + nasm (>= 2.14) [any-amd64 any-i386] +Standards-Version: 4.6.0 +Rules-Requires-Root: no +Homepage: https://www.videolan.org/projects/dav1d.html +Vcs-Browser: https://salsa.debian.org/multimedia-team/dav1d +Vcs-Git: https://salsa.debian.org/multimedia-team/dav1d.git + +Package: dav1d +Architecture: any +Depends: ${misc:Depends}, + ${shlibs:Depends} +Description: fast and small AV1 video stream decoder + dav1d is an AOMedia Video 1 (AV1) cross-platform decoder and focused on speed + and correctness. + . + dav1d supports the following features: + * support for all features of the AV1 bitstream + * support for all bitdepth, 8, 10 and 12bits + * support for all chroma subsamplings 4:2:0, 4:2:2, 4:4:4 and grayscale + * full acceleration for AVX-2 chips + * full acceleration for SSSE3+ chips + * full acceleration for ARMv8 chips + * partial acceleration for ARMv7 chips + +Package: libdav1d6 +Architecture: any +Multi-Arch: same +Section: libs +Depends: ${misc:Depends}, + ${shlibs:Depends} +Description: fast and small AV1 video stream decoder (shared library) + dav1d is an AOMedia Video 1 (AV1) cross-platform decoder and focused on speed + and correctness. + . + dav1d supports the following features: + * support for all features of the AV1 bitstream + * support for all bitdepth, 8, 10 and 12bits + * support for all chroma subsamplings 4:2:0, 4:2:2, 4:4:4 and grayscale + * full acceleration for AVX-2 chips + * full acceleration for SSSE3+ chips + * full acceleration for ARMv8 chips + * partial acceleration for ARMv7 chips + . + This package provides the shared library. + +Package: libdav1d-dev +Architecture: any +Multi-Arch: same +Section: libdevel +Depends: libdav1d6 (= ${binary:Version}), + ${misc:Depends} +Description: fast and small AV1 video stream decoder (development files) + dav1d is an AOMedia Video 1 (AV1) cross-platform decoder and focused on speed + and correctness. + . + dav1d supports the following features: + * support for all features of the AV1 bitstream + * support for all bitdepth, 8, 10 and 12bits + * support for all chroma subsamplings 4:2:0, 4:2:2, 4:4:4 and grayscale + * full acceleration for AVX-2 chips + * full acceleration for SSSE3+ chips + * full acceleration for ARMv8 chips + * partial acceleration for ARMv7 chips + . + This package provides the development files for libdav1d. diff --git a/copyright b/copyright new file mode 100644 index 0000000..21fe807 --- /dev/null +++ b/copyright @@ -0,0 +1,194 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: dav1d +Source: https://downloads.videolan.org/pub/videolan/dav1d/ +License: BSD-2-clause +Comment: + In addition to the copyright license, dav1d contains the following patent + license: + . + Alliance for Open Media Patent License 1.0 + . + 1. License Terms. + . + 1.1. Patent License. Subject to the terms and conditions of this License, each + Licensor, on behalf of itself and successors in interest and assigns, + grants Licensee a non-sublicensable, perpetual, worldwide, non-exclusive, + no-charge, royalty-free, irrevocable (except as expressly stated in this + License) patent license to its Necessary Claims to make, use, sell, offer + for sale, import or distribute any Implementation. + . + 1.2. Conditions. + . + 1.2.1. Availability. As a condition to the grant of rights to Licensee to make, + sell, offer for sale, import or distribute an Implementation under + Section 1.1, Licensee must make its Necessary Claims available under + this License, and must reproduce this License with any Implementation + as follows: + . + a. For distribution in source code, by including this License in the + root directory of the source code with its Implementation. + . + b. For distribution in any other form (including binary, object form, + and/or hardware description code (e.g., HDL, RTL, Gate Level Netlist, + GDSII, etc.)), by including this License in the documentation, legal + notices, and/or other written materials provided with the + Implementation. + . + 1.2.2. Additional Conditions. This license is directly from Licensor to + Licensee. Licensee acknowledges as a condition of benefiting from it + that no rights from Licensor are received from suppliers, distributors, + or otherwise in connection with this License. + . + 1.3. Defensive Termination. If any Licensee, its Affiliates, or its agents + initiates patent litigation or files, maintains, or voluntarily + participates in a lawsuit against another entity or any person asserting + that any Implementation infringes Necessary Claims, any patent licenses + granted under this License directly to the Licensee are immediately + terminated as of the date of the initiation of action unless 1) that suit + was in response to a corresponding suit regarding an Implementation first + brought against an initiating entity, or 2) that suit was brought to + enforce the terms of this License (including intervention in a third-party + action by a Licensee). + . + 1.4. Disclaimers. The Reference Implementation and Specification are provided + "AS IS" and without warranty. The entire risk as to implementing or + otherwise using the Reference Implementation or Specification is assumed + by the implementer and user. Licensor expressly disclaims any warranties + (express, implied, or otherwise), including implied warranties of + merchantability, non-infringement, fitness for a particular purpose, or + title, related to the material. IN NO EVENT WILL LICENSOR BE LIABLE TO + ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, + INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF + ACTION OF ANY KIND WITH RESPECT TO THIS LICENSE, WHETHER BASED ON BREACH + OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR + NOT THE OTHER PARTRY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + . + 2. Definitions. + . + 2.1. Affiliate. "Affiliate" means an entity that directly or indirectly + Controls, is Controlled by, or is under common Control of that party. + . + 2.2. Control. "Control" means direct or indirect control of more than 50% of + the voting power to elect directors of that corporation, or for any other + entity, the power to direct management of such entity. + . + 2.3. Decoder. "Decoder" means any decoder that conforms fully with all + non-optional portions of the Specification. + . + 2.4. Encoder. "Encoder" means any encoder that produces a bitstream that can + be decoded by a Decoder only to the extent it produces such a bitstream. + . + 2.5. Final Deliverable. "Final Deliverable" means the final version of a + deliverable approved by the Alliance for Open Media as a Final + Deliverable. + . + 2.6. Implementation. "Implementation" means any implementation, including the + Reference Implementation, that is an Encoder and/or a Decoder. An + Implementation also includes components of an Implementation only to the + extent they are used as part of an Implementation. + . + 2.7. License. "License" means this license. + . + 2.8. Licensee. "Licensee" means any person or entity who exercises patent + rights granted under this License. + . + 2.9. Licensor. "Licensor" means (i) any Licensee that makes, sells, offers + for sale, imports or distributes any Implementation, or (ii) a person + or entity that has a licensing obligation to the Implementation as a + result of its membership and/or participation in the Alliance for Open + Media working group that developed the Specification. + . + 2.10. Necessary Claims. "Necessary Claims" means all claims of patents or + patent applications, (a) that currently or at any time in the future, + are owned or controlled by the Licensor, and (b) (i) would be an + Essential Claim as defined by the W3C Policy as of February 5, 2004 + (https://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential) + as if the Specification was a W3C Recommendation; or (ii) are infringed + by the Reference Implementation. + . + 2.11. Reference Implementation. "Reference Implementation" means an Encoder + and/or Decoder released by the Alliance for Open Media as a Final + Deliverable. + . + 2.12. Specification. "Specification" means the specification designated by + the Alliance for Open Media as a Final Deliverable for which this + License was issued. + +Files: * +Copyright: 2018-2022, VideoLAN and dav1d authors + 2018-2022, Two Orioles, LLC + 2015-2019, Janne Grunau + 2015-2021, Martin Storsjo + 2018, Niklas Haas + 2018-2019, VideoLabs + 2019, Luca Barbato + 2019, Michail Alvanos + 2019, B Krishnan Iyer + 2019, James Almer + 2001-2016, Alliance for Open Media + 2017-2021, The rav1e contributors + 2020, Nathan Egge + 2021, Matthias Dressel +License: BSD-2-clause + +Files: include/compat/getopt.h +Copyright: No copyright claimed +License: public-domain + * This file has no copyright assigned and is placed in the Public Domain. + * This file is part of the mingw-w64 runtime package. + . + * The mingw-w64 runtime package and its code is distributed in the hope that it + * will be useful but WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESSED OR + * IMPLIED ARE HEREBY DISCLAIMED. This includes but is not limited to + * warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Files: src/ext/x86/x86inc.asm +Copyright: 2005-2019 x264 project, Loren Merritt, Henrik Gramner, Anton Mitrofanov, Fiona Glaser +License: ISC + +Files: tools/compat/getopt.c +Copyright: 2000 The NetBSD Foundation Inc, Dieter Baron and Thomas Klausner + 2002 Todd C. Miller (Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF. +License: ISC and BSD-2-clause + +Files: debian/* +Copyright: 2018-2022 Dylan Aïssi +License: BSD-2-clause + +License: BSD-2-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and\/or other materials provided with the + distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: ISC + Permission to use, copy, modify, and/or distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/dav1d.1 b/dav1d.1 new file mode 100644 index 0000000..60452d1 --- /dev/null +++ b/dav1d.1 @@ -0,0 +1,63 @@ +.\" +.TH dav1d 1 "December 2018" "0.1.0" +.SH NAME +dav1d \- fast and small AV1 video stream decoder +.SH SYNOPSIS +.B dav1d +[\fIoptions\fR] +.SH DESCRIPTION +dav1d is an AOMedia Video 1 (AV1) cross-platform decoder and focused on speed +and correctness. dav1d supports the following features: Support for all +features of the AV1 bitstream. Support for all bitdepth, 8, 10 and 12bits. +Support for all chroma subsamplings 4:2:0, 4:2:2, 4:4:4 and grayscale. Full +acceleration for AVX-2 64bits processors. Partial acceleration for SSSE3 +processors. Partial acceleration for NEON processors. +.SH OPTIONS +.TP +\fB\-i\fR, \fB\-\-input\fR=\fI$file\fR +input file (required) +.TP +\fB\-o\fR, \fB\-\-output\fR=\fI$file\fR +output file +.TP +\fB\-\-demuxer\fR=\fI$name\fR +force demuxer type ('ivf' or 'annexb'; default: detect from extension) +.TP +\fB\-\-muxer\fR=\fI$name\fR +force muxer type ('md5', 'yuv', 'yuv4mpeg2' or 'null'; default: detect from extension) +.TP +\fB\-q\fR, \fB\-\-quiet\fR +disable status messages +.TP +\fB\-l\fR, \fB\-\-limit\fR=\fI$num\fR +stop decoding after $num frames +.TP +\fB\-s\fR, \fB\-\-skip\fR=\fI$num\fR +skip decoding of the first $num frames +.TP +\fB\-v\fR, \fB\-\-version\fR +print version and exit +.TP +\fB\-\-framethreads\fR=\fI$num\fR +number of frame threads (default: 1) +.TP +\fB\-\-tilethreads\fR=\fI$num\fR +number of tile threads (default: 1) +.TP +\fB\-\-filmgrain\fR +enable film grain application (default: 1, except if muxer is md5) +.TP +\fB\-\-oppoint\fR=\fI$num\fR +select an operating point of a scalable AV1 bitstream (0 - 32) +.TP +\fB\-\-alllayers\fR=\fI$num\fR +output all spatial layers of a scalable AV1 bitstream (default: 1) +.TP +\fB\-\-verify\fR=\fI$md5\fR +verify decoded md5. implies --muxer md5, no output +.TP +\fB\-\-cpumask\fR=\fI$mask\fR +restrict permitted CPU instruction sets (0, 'sse2', 'ssse3', 'sse41', 'avx2' or 'avx512'; default: -1) +.TP +.SH SEE ALSO +.BR https://code.videolan.org/videolan/dav1d diff --git a/dav1d.install b/dav1d.install new file mode 100644 index 0000000..031328a --- /dev/null +++ b/dav1d.install @@ -0,0 +1 @@ +usr/bin/dav1d diff --git a/dav1d.manpages b/dav1d.manpages new file mode 100644 index 0000000..1029a33 --- /dev/null +++ b/dav1d.manpages @@ -0,0 +1 @@ +debian/dav1d.1 diff --git a/docs b/docs new file mode 100644 index 0000000..bce54eb --- /dev/null +++ b/docs @@ -0,0 +1,4 @@ +CONTRIBUTING.md +NEWS +README.md +THANKS.md diff --git a/libdav1d-dev.examples b/libdav1d-dev.examples new file mode 100644 index 0000000..e39721e --- /dev/null +++ b/libdav1d-dev.examples @@ -0,0 +1 @@ +examples/* diff --git a/libdav1d-dev.install b/libdav1d-dev.install new file mode 100644 index 0000000..9da7bd4 --- /dev/null +++ b/libdav1d-dev.install @@ -0,0 +1,3 @@ +usr/include +usr/lib/*/pkgconfig +usr/lib/*/libdav1d.so diff --git a/libdav1d6.install b/libdav1d6.install new file mode 100644 index 0000000..7d79d43 --- /dev/null +++ b/libdav1d6.install @@ -0,0 +1 @@ +usr/lib/*/libdav1d.so.* diff --git a/libdav1d6.symbols b/libdav1d6.symbols new file mode 100644 index 0000000..6fb3fc6 --- /dev/null +++ b/libdav1d6.symbols @@ -0,0 +1,20 @@ +libdav1d.so.6 #PACKAGE# #MINVER# +* Build-Depends-Package: libdav1d-dev + dav1d_apply_grain@Base 1.0.0 + dav1d_close@Base 0.1.0 + dav1d_data_create@Base 0.1.0 + dav1d_data_props_unref@Base 1.0.0 + dav1d_data_unref@Base 0.1.0 + dav1d_data_wrap@Base 0.1.0 + dav1d_data_wrap_user_data@Base 0.2.1 + dav1d_default_settings@Base 0.1.0 + dav1d_flush@Base 0.1.0 + dav1d_get_decode_error_data_props@Base 1.0.0 + dav1d_get_event_flags@Base 0.9.0 + dav1d_get_picture@Base 0.1.0 + dav1d_open@Base 0.1.0 + dav1d_parse_sequence_header@Base 0.1.0 + dav1d_picture_unref@Base 0.1.0 + dav1d_send_data@Base 0.1.0 + dav1d_set_cpu_flags_mask@Base 0.1.0 + dav1d_version@Base 0.1.0 diff --git a/patches/CVE-2024-1580.patch b/patches/CVE-2024-1580.patch new file mode 100644 index 0000000..290a053 --- /dev/null +++ b/patches/CVE-2024-1580.patch @@ -0,0 +1,52 @@ +From 2b475307dc11be9a1c3cc4358102c76a7f386a51 Mon Sep 17 00:00:00 2001 +From: Henrik Gramner +Date: Tue, 21 Nov 2023 20:47:50 +0100 +Subject: [PATCH] Fix tile_start_off calculations for extremely large frame + sizes + +The tile start offset, in pixels, can exceed the range of a signed int. + +--- dav1d-1.0.0.orig/src/decode.c ++++ dav1d-1.0.0/src/decode.c +@@ -2618,7 +2618,7 @@ static void setup_tile(Dav1dTileState *c + const Dav1dFrameContext *const f, + const uint8_t *const data, const size_t sz, + const int tile_row, const int tile_col, +- const int tile_start_off) ++ const unsigned tile_start_off) + { + const int col_sb_start = f->frame_hdr->tiling.col_start_sb[tile_col]; + const int col_sb128_start = col_sb_start >> !f->seq_hdr->sb128; +@@ -2969,15 +2969,16 @@ int dav1d_decode_frame_init(Dav1dFrameCo + const uint8_t *const size_mul = ss_size_mul[f->cur.p.layout]; + const int hbd = !!f->seq_hdr->hbd; + if (c->n_fc > 1) { ++ const unsigned sb_step4 = f->sb_step * 4; + int tile_idx = 0; + for (int tile_row = 0; tile_row < f->frame_hdr->tiling.rows; tile_row++) { +- int row_off = f->frame_hdr->tiling.row_start_sb[tile_row] * +- f->sb_step * 4 * f->sb128w * 128; +- int b_diff = (f->frame_hdr->tiling.row_start_sb[tile_row + 1] - +- f->frame_hdr->tiling.row_start_sb[tile_row]) * f->sb_step * 4; ++ const unsigned row_off = f->frame_hdr->tiling.row_start_sb[tile_row] * ++ sb_step4 * f->sb128w * 128; ++ const unsigned b_diff = (f->frame_hdr->tiling.row_start_sb[tile_row + 1] - ++ f->frame_hdr->tiling.row_start_sb[tile_row]) * sb_step4; + for (int tile_col = 0; tile_col < f->frame_hdr->tiling.cols; tile_col++) { + f->frame_thread.tile_start_off[tile_idx++] = row_off + b_diff * +- f->frame_hdr->tiling.col_start_sb[tile_col] * f->sb_step * 4; ++ f->frame_hdr->tiling.col_start_sb[tile_col] * sb_step4; + } + } + +--- dav1d-1.0.0.orig/src/internal.h ++++ dav1d-1.0.0/src/internal.h +@@ -292,7 +292,7 @@ struct Dav1dFrameContext { + int prog_sz; + int pal_sz, pal_idx_sz, cf_sz; + // start offsets per tile +- int *tile_start_off; ++ unsigned *tile_start_off; + } frame_thread; + + // loopfilter diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..9aefdb2 --- /dev/null +++ b/patches/series @@ -0,0 +1 @@ +CVE-2024-1580.patch diff --git a/rules b/rules new file mode 100755 index 0000000..c211442 --- /dev/null +++ b/rules @@ -0,0 +1,17 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +%: + dh $@ + +CONFIG_ARGS:= --buildtype="release" + +override_dh_auto_configure: + dh_auto_configure -- ${CONFIG_ARGS} + +override_dh_auto_test: + # Since 0.7.1, test timeout on armel + # https://bugs.debian.org/964249 + # So, increase test timeout values + dh_auto_test -- -t 10 diff --git a/salsa-ci.yml b/salsa-ci.yml new file mode 100644 index 0000000..33c3a64 --- /dev/null +++ b/salsa-ci.yml @@ -0,0 +1,4 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/upstream/metadata b/upstream/metadata new file mode 100644 index 0000000..4fe805a --- /dev/null +++ b/upstream/metadata @@ -0,0 +1,6 @@ +Bug-Database: https://code.videolan.org/videolan/dav1d/-/issues/ +Contact: https://forum.videolan.org/ +FAQ: https://wiki.videolan.org/Frequently_Asked_Questions/ +Repository: https://code.videolan.org/videolan/dav1d.git +Repository-Browse: https://code.videolan.org/videolan/dav1d +Donation: https://www.videolan.org/contribute.html#money diff --git a/upstream/signing-key.asc b/upstream/signing-key.asc new file mode 100644 index 0000000..1175e72 --- /dev/null +++ b/upstream/signing-key.asc @@ -0,0 +1,27 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBFD9w2QRBACoEzH9KKirWE4wgiuPPynNnxks+p+t5i1z3CG+1XhagmTHoOf3 +v8i19kKHV6WnVMn2CKJFgwTTLYXOJTrBM/4ABVtu11cHeeueeo+pCSkdoLzYJ5QF +HbByB6j33QUbwKF0frEs+ge4LxzvYyCDAmNAW560QtOAR9Lk1Fo5B1GXzwCg1kDk +RkSe7EOZNm1U2rYAQ2VPrfsEAIHr4ooOyUByPR7XpoDOKoaXEG0hjpgh46lbgse+ +dQx8YrxS9vXQLwYokfWLrs55avx9Ys0iVv2TMv7X4Tn5sTVaK5K+NbKhxhLORxGI +sgKqRn7W5SG5xoO0w/dmQj756ppjITGbxjFuhYE0X5S6NeMhUuFci7sJ42R7F1Ko +6sYuA/wOMUxCk4XOXeQF16ApyyenjE/UWbBNEhBmjEsZkYAFNc89pAEnEFSnIxK8 +fcuCQioM6ojjaW+aEs/q3/klI0nat9LMLhNSCebjriMHwJDU70NeCn4nPWsfItT1 +eKvbHNcX+3bq3D/i2Wa3PZ5YFFF01C61dHmVC9YGh4sAOXO09LQjVmlkZW9MQU4g +UmVsZWFzZSBTaWduaW5nIEtleSAoMjAxNSmIgQQTEQIAQQIbAwULCQgHAgYVCAkK +CwIEFgIDAQIeAQIXgAIZARYhBGX3xrQga9BXp+tzeHGAcTvljRrcBQJZCfG/BQkJ +7WHbAAoJEHGAcTvljRrc5dcAn29Mnl9Im47t/GTLEHbt771eY1SyAJ0fmPG3GQIr +QTL1D6nN3iDbaP9JbLQjVmlkZW9MQU4gUmVsZWFzZSBTaWduaW5nIEtleSAoMjAx +MymIfwQTEQIAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQRl98a0IGvQ +V6frc3hxgHE75Y0a3AUCWQnx0wUJCe1h2wAKCRBxgHE75Y0a3J62AJ9qYSWixnOn +hz9mZ0uDD6AZgbaR0wCdFRLUopbfveSz3v019t+eMb/Ltfq0I1ZpZGVvTEFOIFJl +bGVhc2UgU2lnbmluZyBLZXkgKDIwMTQpiIAEExECAEACGwMHCwkIBwMCAQYVCAIJ +CgsEFgIDAQIeAQIXgBYhBGX3xrQga9BXp+tzeHGAcTvljRrcBQJZCfHUBQkJ7WHb +AAoJEHGAcTvljRrcQEgAoJSYt1n5dsVB2lDLV9dmbkuPaGR6AJ49Vg5glvXioyWA +pAxpXRcFN11wSLQjVmlkZW9MQU4gUmVsZWFzZSBTaWduaW5nIEtleSAoMjAxNimI +aAQTEQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlbGNhQFCQeppiwA +CgkQcYBxO+WNGtwQ3wCfb8IB8Mdtahoyr5OjvOQL6IQFuUcAoMCyREB9Yn5oLU+6 +OSnarOAHwzvq +=eoql +-----END PGP PUBLIC KEY BLOCK----- diff --git a/watch b/watch new file mode 100644 index 0000000..1415a7f --- /dev/null +++ b/watch @@ -0,0 +1,3 @@ +version=4 +opts=pgpsigurlmangle=s/$/.asc/ \ +https://download.videolan.org/pub/videolan/dav1d/([\d][\d\.]+[a-z]?)/dav1d-([\d][\d\.]+[a-z]?)\.tar\.(?:gz|bz2|xz)