gnu: libvpx: Update to 1.14.1.

* gnu/packages/video.scm (libvpx): Update to 1.14.1.
[source]: Remove libvpx-CVE-2023-5217.patch.

* gnu/packages/patches/libvpx-CVE-2023-44488.patch:
* gnu/packages/patches/libvpx-CVE-2023-5217.patch: Remove them.
* gnu/local.mk (dist_patch_DATA): Unregister them.

Change-Id: I123caed254e8046751f104cd3a82e4db904de787

gnu/local.mk

@@ -1727,8 +1727,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libutils-remove-damaging-includes.patch	\
   %D%/packages/patches/libvdpau-va-gl-unbundle.patch		\
   %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
-  %D%/packages/patches/libvpx-CVE-2023-5217.patch		\
-  %D%/packages/patches/libvpx-CVE-2023-44488.patch		\
   %D%/packages/patches/libxml2-xpath0-Add-option-xpath0.patch	\
   %D%/packages/patches/libwpd-gcc-compat.patch			\
   %D%/packages/patches/libxslt-generated-ids.patch		\

gnu/packages/patches/libvpx-CVE-2023-44488.patch

@@ -1,107 +0,0 @@
-From the upstream repo, can be removed after 1.14.1
-https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937.patch
-https://www.openwall.com/lists/oss-security/2023/09/30/4
-
-The test change didn't apply so it was removed from the patch
-
-From df9fd9d5b7325060b2b921558a1eb20ca7880937 Mon Sep 17 00:00:00 2001
-From: Jerome Jiang <jianj@google.com>
-Date: Thu, 30 Jun 2022 13:48:56 -0400
-Subject: [PATCH] Fix bug with smaller width bigger size
-
-Fixed previous patch that clusterfuzz failed on.
-
-Local fuzzing passing overnight.
-
-Bug: webm:1642
-Change-Id: If0e08e72abd2e042efe4dcfac21e4cc51afdfdb9
-(cherry picked from commit 263682c9a29395055f3b3afe2d97be1828a6223f)
----
- test/resize_test.cc          | 11 +++--------
- vp9/common/vp9_alloccommon.c | 13 ++++++-------
- vp9/encoder/vp9_encoder.c    | 27 +++++++++++++++++++++++++--
- 3 files changed, 34 insertions(+), 17 deletions(-)
-
-diff --git a/vp9/common/vp9_alloccommon.c b/vp9/common/vp9_alloccommon.c
-index e53883f621d..9e73e40ea09 100644
---- a/vp9/common/vp9_alloccommon.c
-+++ b/vp9/common/vp9_alloccommon.c
-@@ -135,13 +135,6 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) {
-     cm->free_mi(cm);
-     if (cm->alloc_mi(cm, new_mi_size)) goto fail;
-   }
--
--  if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) {
--    // Create the segmentation map structure and set to 0.
--    free_seg_map(cm);
--    if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail;
--  }
--
-   if (cm->above_context_alloc_cols < cm->mi_cols) {
-     vpx_free(cm->above_context);
-     cm->above_context = (ENTROPY_CONTEXT *)vpx_calloc(
-@@ -156,6 +149,12 @@ int vp9_alloc_context_buffers(VP9_COMMON *cm, int width, int height) {
-     cm->above_context_alloc_cols = cm->mi_cols;
-   }
- 
-+  if (cm->seg_map_alloc_size < cm->mi_rows * cm->mi_cols) {
-+    // Create the segmentation map structure and set to 0.
-+    free_seg_map(cm);
-+    if (alloc_seg_map(cm, cm->mi_rows * cm->mi_cols)) goto fail;
-+  }
-+
-   if (vp9_alloc_loop_filter(cm)) goto fail;
- 
-   return 0;
-diff --git a/vp9/encoder/vp9_encoder.c b/vp9/encoder/vp9_encoder.c
-index b66fdc0bca3..e3850775455 100644
---- a/vp9/encoder/vp9_encoder.c
-+++ b/vp9/encoder/vp9_encoder.c
-@@ -1973,6 +1973,17 @@ static void alloc_copy_partition_data(VP9_COMP *cpi) {
-   }
- }
- 
-+static void free_copy_partition_data(VP9_COMP *cpi) {
-+  vpx_free(cpi->prev_partition);
-+  cpi->prev_partition = NULL;
-+  vpx_free(cpi->prev_segment_id);
-+  cpi->prev_segment_id = NULL;
-+  vpx_free(cpi->prev_variance_low);
-+  cpi->prev_variance_low = NULL;
-+  vpx_free(cpi->copied_frame_cnt);
-+  cpi->copied_frame_cnt = NULL;
-+}
-+
- void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
-   VP9_COMMON *const cm = &cpi->common;
-   RATE_CONTROL *const rc = &cpi->rc;
-@@ -2052,6 +2063,8 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
-     new_mi_size = cm->mi_stride * calc_mi_size(cm->mi_rows);
-     if (cm->mi_alloc_size < new_mi_size) {
-       vp9_free_context_buffers(cm);
-+      vp9_free_pc_tree(&cpi->td);
-+      vpx_free(cpi->mbmi_ext_base);
-       alloc_compressor_data(cpi);
-       realloc_segmentation_maps(cpi);
-       cpi->initial_width = cpi->initial_height = 0;
-@@ -2070,8 +2083,18 @@ void vp9_change_config(struct VP9_COMP *cpi, const VP9EncoderConfig *oxcf) {
-     update_frame_size(cpi);
- 
-   if (last_w != cpi->oxcf.width || last_h != cpi->oxcf.height) {
--    memset(cpi->consec_zero_mv, 0,
--           cm->mi_rows * cm->mi_cols * sizeof(*cpi->consec_zero_mv));
-+    vpx_free(cpi->consec_zero_mv);
-+    CHECK_MEM_ERROR(
-+        cm, cpi->consec_zero_mv,
-+        vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(*cpi->consec_zero_mv)));
-+
-+    vpx_free(cpi->skin_map);
-+    CHECK_MEM_ERROR(
-+        cm, cpi->skin_map,
-+        vpx_calloc(cm->mi_rows * cm->mi_cols, sizeof(cpi->skin_map[0])));
-+
-+    free_copy_partition_data(cpi);
-+    alloc_copy_partition_data(cpi);
-     if (cpi->oxcf.aq_mode == CYCLIC_REFRESH_AQ)
-       vp9_cyclic_refresh_reset_resize(cpi);
-     rc->rc_1_frame = 0;

gnu/packages/patches/libvpx-CVE-2023-5217.patch

@@ -1,99 +0,0 @@
-From: Tobias Geerinckx-Rice <me@tobias.gr>
-Date: Sun Sep 24 02:00:00 2023 +0200
-Subject: libvpx: Fix CVE-2023-5217.
-
-These are the changes made to libvpx between Firefox ESR 115.3.0 and
-115.3.1, which claims to fix CVE-2023-5217 and so do we.  The report
-itself is not public.
-
-It consists of the following 2 upstream libvpx commits:
-  af6dedd715f4307669366944cca6e0417b290282
-  3fbd1dca6a4d2dad332a2110d646e4ffef36d590
-which are not yet part of an upstream commit.
-
----
-diff -Naur libvpx.orig/test/encode_api_test.cc libvpx/test/encode_api_test.cc
---- libvpx.orig/test/encode_api_test.cc	1970-01-01 01:00:01.000000000 +0100
-+++ libvpx/test/encode_api_test.cc	2023-09-29 21:00:03.189620452 +0200
-@@ -304,7 +304,6 @@
- 
- void InitCodec(const vpx_codec_iface_t &iface, int width, int height,
-                vpx_codec_ctx_t *enc, vpx_codec_enc_cfg_t *cfg) {
--  ASSERT_EQ(vpx_codec_enc_config_default(&iface, cfg, 0), VPX_CODEC_OK);
-   cfg->g_w = width;
-   cfg->g_h = height;
-   cfg->g_lag_in_frames = 0;
-@@ -342,6 +341,7 @@
-         vpx_codec_ctx_t ctx = {};
-       } enc;
- 
-+      ASSERT_EQ(vpx_codec_enc_config_default(iface, &cfg, 0), VPX_CODEC_OK);
-       EXPECT_NO_FATAL_FAILURE(
-           InitCodec(*iface, kWidth, kHeight, &enc.ctx, &cfg));
-       if (IsVP9(iface)) {
-@@ -353,6 +353,50 @@
- 
-       for (const auto threads : { 1, 4, 8, 6, 2, 1 }) {
-         cfg.g_threads = threads;
-+        EXPECT_NO_FATAL_FAILURE(EncodeWithConfig(cfg, &enc.ctx))
-+            << "iteration: " << i << " threads: " << threads;
-+      }
-+    }
-+  }
-+}
-+
-+TEST(EncodeAPI, ConfigResizeChangeThreadCount) {
-+  constexpr int kInitWidth = 1024;
-+  constexpr int kInitHeight = 1024;
-+
-+  for (const auto *iface : kCodecIfaces) {
-+    SCOPED_TRACE(vpx_codec_iface_name(iface));
-+    for (int i = 0; i < (IsVP9(iface) ? 2 : 1); ++i) {
-+      vpx_codec_enc_cfg_t cfg = {};
-+      struct Encoder {
-+        ~Encoder() { EXPECT_EQ(vpx_codec_destroy(&ctx), VPX_CODEC_OK); }
-+        vpx_codec_ctx_t ctx = {};
-+      } enc;
-+
-+      ASSERT_EQ(vpx_codec_enc_config_default(iface, &cfg, 0), VPX_CODEC_OK);
-+      // Start in threaded mode to ensure resolution and thread related
-+      // allocations are updated correctly across changes in resolution and
-+      // thread counts. See https://crbug.com/1486441.
-+      cfg.g_threads = 4;
-+      EXPECT_NO_FATAL_FAILURE(
-+          InitCodec(*iface, kInitWidth, kInitHeight, &enc.ctx, &cfg));
-+      if (IsVP9(iface)) {
-+        EXPECT_EQ(vpx_codec_control_(&enc.ctx, VP9E_SET_TILE_COLUMNS, 6),
-+                  VPX_CODEC_OK);
-+        EXPECT_EQ(vpx_codec_control_(&enc.ctx, VP9E_SET_ROW_MT, i),
-+                  VPX_CODEC_OK);
-+      }
-+
-+      cfg.g_w = 1000;
-+      cfg.g_h = 608;
-+      EXPECT_EQ(vpx_codec_enc_config_set(&enc.ctx, &cfg), VPX_CODEC_OK)
-+          << vpx_codec_error_detail(&enc.ctx);
-+
-+      cfg.g_w = 16;
-+      cfg.g_h = 720;
-+
-+      for (const auto threads : { 1, 4, 8, 6, 2, 1 }) {
-+        cfg.g_threads = threads;
-         EXPECT_NO_FATAL_FAILURE(EncodeWithConfig(cfg, &enc.ctx))
-             << "iteration: " << i << " threads: " << threads;
-       }
-diff -Naur libvpx.orig/vp8/encoder/onyx_if.c libvpx/vp8/encoder/onyx_if.c
---- libvpx.orig/vp8/encoder/onyx_if.c	1970-01-01 01:00:01.000000000 +0100
-+++ libvpx/vp8/encoder/onyx_if.c	2023-09-29 21:01:44.155476128 +0200
-@@ -1443,6 +1443,11 @@
-   last_h = cpi->oxcf.Height;
-   prev_number_of_layers = cpi->oxcf.number_of_layers;
- 
-+  if (cpi->initial_width) {
-+    // TODO(https://crbug.com/1486441): Allow changing thread counts; the
-+    // allocation is done once in vp8_create_compressor().
-+    oxcf->multi_threaded = cpi->oxcf.multi_threaded;
-+  }
-   cpi->oxcf = *oxcf;
- 
-   switch (cpi->oxcf.Mode) {

gnu/packages/video.scm

@@ -2957,7 +2957,7 @@ (define-public mpv-mpris
 (define-public libvpx
   (package
     (name "libvpx")
-    (version "1.12.0")
+    (version "1.14.1")
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -2966,9 +2966,8 @@ (define-public libvpx
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "1x12f2bd4jqd532rnixmwvcx8d29yxiacpcxqqh86qczc49la8gm"))
-              (patches (search-patches "libvpx-CVE-2016-2818.patch"
-                                       "libvpx-CVE-2023-5217.patch"))))
+                "0r6qvc84mflpy1zxz7p8aj7i552cwx957l50akvajxmzij1kpy1x"))
+              (patches (search-patches "libvpx-CVE-2016-2818.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list "--enable-shared"