Patchwork [00/12,v2] ffmpeg: backport 12 CVE patches

login
register
mail settings
Submitter rongqing.li@windriver.com
Date May 19, 2014, 1:32 a.m.
Message ID <53795F49.5000407@windriver.com>
Download mbox
Permalink /patch/72317/
State New
Headers show

Pull-request

git://git.pokylinux.org/poky-contrib roy/ffmpeg-2

Comments

rongqing.li@windriver.com - May 19, 2014, 1:32 a.m.
On 05/16/2014 07:09 PM, Paul Eggleton wrote:
> Hi Roy,
>
> On Friday 16 May 2014 10:12:08 rongqing.li@windriver.com wrote:
>> From: Roy Li <rongqing.li@windriver.com>
>>
>> Diff with V1: use ffmpeg as prefix of commit header
>>
>> The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
>>
>>    gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
>>
>> are available in the git repository at:
>>
>>    git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
>>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2
>>
>> Yue Tao (12):
>>    ffmpeg: fix for Security Advisory CVE-2014-2263
>>    ffmpeg: fix for Security Advisory CVE-2013-0865
>>    ffmpeg: fix for Security Advisory CVE-2014-2099
>>    ffmpeg: fix for Security Advisory CVE-2013-0868
>>    ffmpeg: fix for Security Advisory CVE-2013-0845
>>    ffmpeg: fix for Security Advisory CVE-2013-0852
>>    ffmpeg: fix for Security Advisory CVE-2013-0858
>>    ffmpeg: fix for Security Advisory CVE-2013-0851
>>    ffmpeg: fix for Security Advisory CVE-2013-0854
>>    ffmpeg: fix for Security Advisory CVE-2013-0856
>>    ffmpeg: fix for Security Advisory CVE-2013-0850
>>    ffmpeg: fix for Security Advisory CVE-2013-0849
>
> This should really be "gst-ffmpeg:" rather than just "ffmpeg:" since that's the
> recipe being modified.
>

Ok, I update it

=====================
The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:

   gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)

are available in the git repository at:

   git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
   http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2

Yue Tao (12):
   gst-ffmpeg: fix for Security Advisory CVE-2014-2263
   gst-ffmpeg: fix for Security Advisory CVE-2013-0865
   gst-ffmpeg: fix for Security Advisory CVE-2014-2099
   gst-ffmpeg: fix for Security Advisory CVE-2013-0868
   gst-ffmpeg: fix for Security Advisory CVE-2013-0845
   gst-ffmpeg: fix for Security Advisory CVE-2013-0852
   gst-ffmpeg: fix for Security Advisory CVE-2013-0858
   gst-ffmpeg: fix for Security Advisory CVE-2013-0851
   gst-ffmpeg: fix for Security Advisory CVE-2013-0854
   gst-ffmpeg: fix for Security Advisory CVE-2013-0856
   gst-ffmpeg: fix for Security Advisory CVE-2013-0850
   gst-ffmpeg: fix for Security Advisory CVE-2013-0849

  .../0001-alac-fix-nb_samples-order-case.patch      |   30 +++++++
  .../0001-alsdec-check-block-length.patch           |   61 ++++++++++++++
  ...ac3dec-Check-coding-mode-against-channels.patch |   37 +++++++++
  ...le-use-av_image_get_linesize-to-calculate.patch |   50 +++++++++++
  ...egtsenc-Check-data-array-size-in-mpegts_w.patch |   69 ++++++++++++++++
  .../0001-eamad-fix-out-of-array-accesses.patch     |   29 +++++++
  ...t-ref-count-check-and-limit-fix-out-of-ar.patch |   29 +++++++
  ...01-huffyuvdec-Check-init_vlc-return-codes.patch |   87 
++++++++++++++++++++
  .../0001-huffyuvdec-Skip-len-0-cases.patch         |   59 +++++++++++++
  .../0001-mjpegdec-check-SE.patch                   |   32 +++++++
  ...heck-RLE-size-before-copying.-Fix-out-of-.patch |   34 ++++++++
  ...001-roqvideodec-check-dimensions-validity.patch |   36 ++++++++
  ...o-check-chunk-sizes-before-reading-chunks.patch |   51 ++++++++++++
  .../gstreamer/gst-ffmpeg_0.10.13.bb                |   13 +++
  14 files changed, 617 insertions(+)
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alac-fix-nb_samples-order-case.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alsdec-check-block-length.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-atrac3dec-Check-coding-mode-against-channels.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-msrle-use-av_image_get_linesize-to-calculate.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avformat-mpegtsenc-Check-data-array-size-in-mpegts_w.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-eamad-fix-out-of-array-accesses.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-correct-ref-count-check-and-limit-fix-out-of-ar.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Skip-len-0-cases.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch
  create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-pgssubdec-check-RLE-size-before-copying.-Fix-out-of-.patch



> Also, I'm not sure if you got my message yesterday (since there was a problem
> with the email transmission) however I'll repeat it here just in case:
>
>> Note that whilst we should apply these patches, they won't actually have any
>> effect on unmodified builds because we do not use gst-ffmpeg's internal
>> copy of ffmpeg, we use libav instead. So if any of these fixes apply to
>> libav (or if there are equivalent fixes) we will need to apply them to
>> libav.
>
> Would you be able to take care of the corresponding patches to libav?
>

I did not see the CVE patches on libav

-Roy


> Thanks,
> Paul
>
Paul Eggleton - May 19, 2014, 9:58 a.m.
On Monday 19 May 2014 09:32:57 Rongqing Li wrote:
> On 05/16/2014 07:09 PM, Paul Eggleton wrote:
> > Hi Roy,
> > 
> > On Friday 16 May 2014 10:12:08 rongqing.li@windriver.com wrote:
> >> From: Roy Li <rongqing.li@windriver.com>
> >> 
> >> Diff with V1: use ffmpeg as prefix of commit header
> >> 
> >> The following changes since commit 
e273301efa0037a13c3a60b4414140364d9c9873:
> >>    gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
> >> 
> >> are available in the git repository at:
> >>    git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
> >>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2
> >> 
> >> Yue Tao (12):
> >>    ffmpeg: fix for Security Advisory CVE-2014-2263
> >>    ffmpeg: fix for Security Advisory CVE-2013-0865
> >>    ffmpeg: fix for Security Advisory CVE-2014-2099
> >>    ffmpeg: fix for Security Advisory CVE-2013-0868
> >>    ffmpeg: fix for Security Advisory CVE-2013-0845
> >>    ffmpeg: fix for Security Advisory CVE-2013-0852
> >>    ffmpeg: fix for Security Advisory CVE-2013-0858
> >>    ffmpeg: fix for Security Advisory CVE-2013-0851
> >>    ffmpeg: fix for Security Advisory CVE-2013-0854
> >>    ffmpeg: fix for Security Advisory CVE-2013-0856
> >>    ffmpeg: fix for Security Advisory CVE-2013-0850
> >>    ffmpeg: fix for Security Advisory CVE-2013-0849
> > 
> > This should really be "gst-ffmpeg:" rather than just "ffmpeg:" since
> > that's the recipe being modified.
> 
> Ok, I update it
> 
> =====================
> The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
> 
>    gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
> 
> are available in the git repository at:
> 
>    git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2
> 
> Yue Tao (12):
>    gst-ffmpeg: fix for Security Advisory CVE-2014-2263
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0865
>    gst-ffmpeg: fix for Security Advisory CVE-2014-2099
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0868
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0845
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0852
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0858
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0851
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0854
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0856
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0850
>    gst-ffmpeg: fix for Security Advisory CVE-2013-0849
> 
>   .../0001-alac-fix-nb_samples-order-case.patch      |   30 +++++++
>   .../0001-alsdec-check-block-length.patch           |   61 ++++++++++++++
>   ...ac3dec-Check-coding-mode-against-channels.patch |   37 +++++++++
>   ...le-use-av_image_get_linesize-to-calculate.patch |   50 +++++++++++
>   ...egtsenc-Check-data-array-size-in-mpegts_w.patch |   69 ++++++++++++++++
> .../0001-eamad-fix-out-of-array-accesses.patch     |   29 +++++++
> ...t-ref-count-check-and-limit-fix-out-of-ar.patch |   29 +++++++
> ...01-huffyuvdec-Check-init_vlc-return-codes.patch |   87
> ++++++++++++++++++++
>   .../0001-huffyuvdec-Skip-len-0-cases.patch         |   59 +++++++++++++
>   .../0001-mjpegdec-check-SE.patch                   |   32 +++++++
>   ...heck-RLE-size-before-copying.-Fix-out-of-.patch |   34 ++++++++
>   ...001-roqvideodec-check-dimensions-validity.patch |   36 ++++++++
>   ...o-check-chunk-sizes-before-reading-chunks.patch |   51 ++++++++++++
>   .../gstreamer/gst-ffmpeg_0.10.13.bb                |   13 +++
>   14 files changed, 617 insertions(+)
>   create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alac-fix-nb_sample
> s-order-case.patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alsdec-check-block
> -length.patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-atrac3dec-Check-co
> ding-mode-against-channels.patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-msrle-use-
> av_image_get_linesize-to-calculate.patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avformat-mpegtsenc
> -Check-data-array-size-in-mpegts_w.patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-eamad-fix-out-of-a
> rray-accesses.patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-correct-ref-c
> ount-check-and-limit-fix-out-of-ar.patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-i
> nit_vlc-return-codes.patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Skip-le
> n-0-cases.patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.
> patch create mode 100644
> meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-pgssubdec-check-RL
> E-size-before-copying.-Fix-out-of-.patch
> > Also, I'm not sure if you got my message yesterday (since there was a
> > problem> 
> > with the email transmission) however I'll repeat it here just in case:
> >> Note that whilst we should apply these patches, they won't actually have
> >> any effect on unmodified builds because we do not use gst-ffmpeg's
> >> internal copy of ffmpeg, we use libav instead. So if any of these fixes
> >> apply to libav (or if there are equivalent fixes) we will need to apply
> >> them to libav.
> > 
> > Would you be able to take care of the corresponding patches to libav?
> 
> I did not see the CVE patches on libav

If they are applicable to the built-in copy of ffmpeg, at least some of them 
should be applicable to libav.

Actually I've noticed we're a couple of releases behind on libav 0.8 upgrades 
(libav 0.8 is the version we are using with gst-ffmpeg), and we also need to do 
a libav 9 upgrade. I will take care of at least doing the upgrades, but we 
should double-check that these fixes are either not applicable or already 
applied after that is done.

Cheers,
Paul