512327 - (CVE-2009-3377) Update liboggz

Status: RESOLVED FIXED

(Core :: Audio/Video, defect)

Description

[Chris Pearce [:cpearce (Not reading bugmail)]]

We should update liboggz to pickup recent fixes.

Comment 1

[Chris Pearce [:cpearce (Not reading bugmail)]]

Attachment: Patch

Update liboggz to rev 20609d34c41fa.

Comment 2

[Chris Pearce [:cpearce (Not reading bugmail)]]

Pushed to m-c: http://hg.mozilla.org/mozilla-central/rev/8217d78ccdaf

Comment 3

[Chris Pearce [:cpearce (Not reading bugmail)]]

Also backed out bug 512327 so that test pass without bug 512328: http://hg.mozilla.org/mozilla-central/rev/b722d9fdf154

Comment 4

[Chris Pearce [:cpearce (Not reading bugmail)]]

Attachment: Patch v2

Updates liboggz to rev cf5feeaab69b05e24. This includes the fix for bug 515376, and all tests pass with just this patch. I've pushed it to tryserver several times, and not seen the intermittent harness timeout as per bug 515376, so I assume that hang only occurs when the liboggplay update of bug 512328 is present, and was not caused by a liboggz update which was pushed at the same time. I think we should land this now, and land the liboggplay separately (or just cherry pick changesets from it). This also fixes bug 496051

Comment 5

[Chris Pearce [:cpearce (Not reading bugmail)]]

Pushed to m-c: http://hg.mozilla.org/mozilla-central/rev/c65d2fc3d03b

Comment 6

[Chris Pearce [:cpearce (Not reading bugmail)]]

Can we get this on 1.9.2? It fixes bug 511038 (the mobile guys want this on fennec1.0), fixes bug 515376, and is required for some of the (pending) oggplay updates. We'll also need bug 511584 on 1.9.2 if we take this on 1.9.2.

Comment 7

[Chris Pearce [:cpearce (Not reading bugmail)]]

Attachment: Patch backported to 1.9.1

Patch backported to 1.9.1. We require this patch for bug 512327, which is
required for bug 512328 which people want on 1.9.1.

Comment 8

[Daniel Veditz [:dveditz]]

Comment on attachment 403697 [details] [diff] [review]
Patch backported to 1.9.1

Approved for 1.9.1.4, a=dveditz

Comment 9

[Chris Pearce [:cpearce (Not reading bugmail)]]

Pushed to 1.9.1: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/435ba225d560

Comment 10

[Tony Chung [:tchung]]

Including comments from cpearce on what types of test regressions to focus on.

The liboggplay update landed on 1.9.1 last night, is in last night's nightly. We need to test general video playback, ensure there's no new hangs, that sort of thing. 
-------
> It would probably be wise to take it on 1.9.1, provided we have some
> QA guys testing it. We'd need to take the recent libfishsound (bug
> 511584) and liboggz updates (bug 512327) as well, liboggplay depends
> on them.
>
> The liboggplay update has only been on trunk and 1.9.2 for about a
> week, and I'm not terribly trusting of it, so if we took it on 1.9.1
> we'd definitely need some QA guys bashing on it to be sure that
> nothing was broken. It seems stable on trunk, but that's quite a way
> ahead of 1.9.1 now, so it may interact with our code differently than
> on current trunk.

Comment 11

[Chris Pearce [:cpearce (Not reading bugmail)]]

Pushed to 1.9.2: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/37f2a93fbe7e

Comment 12

[Al Billings [:abillings - ex-MoCo]]

How can QA verify that this fix works properly?

Comment 13

[Chris Pearce [:cpearce (Not reading bugmail)]]

Yeah, if everything works as it previously did, then we're ok.

Comment 14

[Al Billings [:abillings - ex-MoCo]]

Verified for 1.9.1 based on the testing that Tony Chung and Anthony Hughes have done on the 1.9.1 nighties.