Patchwork [00/12,v2] ffmpeg: backport 12 CVE patches

login
register
mail settings
Submitter rongqing.li@windriver.com
Date May 16, 2014, 2:12 a.m.
Message ID <cover.1400201782.git.rongqing.li@windriver.com>
Download mbox
Permalink /patch/72243/
State New
Headers show

Pull-request

git://git.pokylinux.org/poky-contrib roy/ffmpeg-2

Comments

rongqing.li@windriver.com - May 16, 2014, 2:12 a.m.
From: Roy Li <rongqing.li@windriver.com>

Diff with V1: use ffmpeg as prefix of commit header 

The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:

  gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2

Yue Tao (12):
  ffmpeg: fix for Security Advisory CVE-2014-2263
  ffmpeg: fix for Security Advisory CVE-2013-0865
  ffmpeg: fix for Security Advisory CVE-2014-2099
  ffmpeg: fix for Security Advisory CVE-2013-0868
  ffmpeg: fix for Security Advisory CVE-2013-0845
  ffmpeg: fix for Security Advisory CVE-2013-0852
  ffmpeg: fix for Security Advisory CVE-2013-0858
  ffmpeg: fix for Security Advisory CVE-2013-0851
  ffmpeg: fix for Security Advisory CVE-2013-0854
  ffmpeg: fix for Security Advisory CVE-2013-0856
  ffmpeg: fix for Security Advisory CVE-2013-0850
  ffmpeg: fix for Security Advisory CVE-2013-0849

 .../0001-alac-fix-nb_samples-order-case.patch      |   30 +++++++
 .../0001-alsdec-check-block-length.patch           |   61 ++++++++++++++
 ...ac3dec-Check-coding-mode-against-channels.patch |   37 +++++++++
 ...le-use-av_image_get_linesize-to-calculate.patch |   50 +++++++++++
 ...egtsenc-Check-data-array-size-in-mpegts_w.patch |   69 ++++++++++++++++
 .../0001-eamad-fix-out-of-array-accesses.patch     |   29 +++++++
 ...t-ref-count-check-and-limit-fix-out-of-ar.patch |   29 +++++++
 ...01-huffyuvdec-Check-init_vlc-return-codes.patch |   87 ++++++++++++++++++++
 .../0001-huffyuvdec-Skip-len-0-cases.patch         |   59 +++++++++++++
 .../0001-mjpegdec-check-SE.patch                   |   32 +++++++
 ...heck-RLE-size-before-copying.-Fix-out-of-.patch |   34 ++++++++
 ...001-roqvideodec-check-dimensions-validity.patch |   36 ++++++++
 ...o-check-chunk-sizes-before-reading-chunks.patch |   51 ++++++++++++
 .../gstreamer/gst-ffmpeg_0.10.13.bb                |   13 +++
 14 files changed, 617 insertions(+)
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alac-fix-nb_samples-order-case.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alsdec-check-block-length.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-atrac3dec-Check-coding-mode-against-channels.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-msrle-use-av_image_get_linesize-to-calculate.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avformat-mpegtsenc-Check-data-array-size-in-mpegts_w.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-eamad-fix-out-of-array-accesses.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-correct-ref-count-check-and-limit-fix-out-of-ar.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Skip-len-0-cases.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-pgssubdec-check-RLE-size-before-copying.-Fix-out-of-.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-roqvideodec-check-dimensions-validity.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-vqavideo-check-chunk-sizes-before-reading-chunks.patch
Paul Eggleton - May 16, 2014, 11:09 a.m.
Hi Roy,

On Friday 16 May 2014 10:12:08 rongqing.li@windriver.com wrote:
> From: Roy Li <rongqing.li@windriver.com>
> 
> Diff with V1: use ffmpeg as prefix of commit header
> 
> The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
> 
>   gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
> 
> are available in the git repository at:
> 
>   git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
>   http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2
> 
> Yue Tao (12):
>   ffmpeg: fix for Security Advisory CVE-2014-2263
>   ffmpeg: fix for Security Advisory CVE-2013-0865
>   ffmpeg: fix for Security Advisory CVE-2014-2099
>   ffmpeg: fix for Security Advisory CVE-2013-0868
>   ffmpeg: fix for Security Advisory CVE-2013-0845
>   ffmpeg: fix for Security Advisory CVE-2013-0852
>   ffmpeg: fix for Security Advisory CVE-2013-0858
>   ffmpeg: fix for Security Advisory CVE-2013-0851
>   ffmpeg: fix for Security Advisory CVE-2013-0854
>   ffmpeg: fix for Security Advisory CVE-2013-0856
>   ffmpeg: fix for Security Advisory CVE-2013-0850
>   ffmpeg: fix for Security Advisory CVE-2013-0849

This should really be "gst-ffmpeg:" rather than just "ffmpeg:" since that's the 
recipe being modified.

Also, I'm not sure if you got my message yesterday (since there was a problem 
with the email transmission) however I'll repeat it here just in case:

> Note that whilst we should apply these patches, they won't actually have any
> effect on unmodified builds because we do not use gst-ffmpeg's internal
> copy of ffmpeg, we use libav instead. So if any of these fixes apply to
> libav (or if there are equivalent fixes) we will need to apply them to
> libav.

Would you be able to take care of the corresponding patches to libav?

Thanks,
Paul