Re: [OE-core] [PATCH 2/2] libav: upgrade to 9.18

Tue, 26 May 2015 19:00:06 -0700 

On 2015年05月27日 09:24, Randy MacLeod wrote:

On 2015-05-26 03:14 AM, Kai Kang wrote:

Upgrade libav from version 9.16 to 9.18. Remove unused var INC_PR and
backport patch to fix CVE-2014-9676.


We can keep that version if people want it but it's almost pretty old.

Version 11.3 is the latest branch.
   Libav 11.3
   https://libav.org/releases/libav-11.3.release

Oh and on the 11 branch, the CVE fix is in commit:

libav.git $ git branch --contains f6c82b34
* release/11

found by looking at your commit b3f0465, then finding a new
function seg_free_context and then:
$ git blame libavformat/segment.c | grep seg_free_context


There are some pacakges that depend on libav:
   libav/libpostproc_git.bb
   gstreamer
   alsa-plugins

From:
$ grep -r libav meta/recipes* | grep DEPENDS | grep -v libavahi
meta/recipes-multimedia/libav/libpostproc_git.bb:DEPENDS = "libav"


$ grep -r libav meta/ | grep PACKAGECONFIG | grep libav
meta/recipes-multimedia/gstreamer/gstreamer1.0-libav.inc:\
   PACKAGECONFIG[libav] = "--with-system-libav,,libav"
meta/recipes-multimedia/alsa/alsa-plugins_1.0.29.bb:\
   PACKAGECONFIG[avcodec] = "--enable-avcodec,--disable-avcodec,libav"


I think the upgrade should be okay but please do test it.



I'll  add recipe for serial 11. If the old version recipe is kept, I 
suppose it is nesscessary to  update it to the latest version for serial 9.


--Kai



../Randy



Signed-off-by: Kai Kang <[email protected]>
---
  meta/recipes-multimedia/libav/libav.inc            |  2 -

  .../libav/libav/libav-fix-CVE-2014-9676.patch      | 98 
++++++++++++++++++++++

  meta/recipes-multimedia/libav/libav_9.16.bb        |  4 -
  meta/recipes-multimedia/libav/libav_9.18.bb        |  6 ++
  4 files changed, 104 insertions(+), 6 deletions(-)

  create mode 100644 
meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch

  delete mode 100644 meta/recipes-multimedia/libav/libav_9.16.bb
  create mode 100644 meta/recipes-multimedia/libav/libav_9.18.bb


diff --git a/meta/recipes-multimedia/libav/libav.inc 
b/meta/recipes-multimedia/libav/libav.inc

index cac836f..6ef273b 100644
--- a/meta/recipes-multimedia/libav/libav.inc
+++ b/meta/recipes-multimedia/libav/libav.inc
@@ -24,8 +24,6 @@ ARM_INSTRUCTION_SET = "arm"

  DEPENDS = "alsa-lib zlib libogg yasm-native"

-INC_PR = "r8"
-
  inherit autotools pkgconfig

  B = "${S}/build.${HOST_SYS}.${TARGET_SYS}"

diff --git 
a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch 
b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch

new file mode 100644
index 0000000..1e31caa
--- /dev/null
+++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
@@ -0,0 +1,98 @@
+Upstream-Status: Backport
+
+Backport patch to fix CVE-2014-9676.
+
+https://security-tracker.debian.org/tracker/CVE-2014-9676

+https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348 


+
+Signed-off-by: Kai Kang <[email protected]>
+---
+From b3f04657368a32a9903406395f865e230b1de348 Mon Sep 17 00:00:00 2001
+From: Luca Barbato <[email protected]>
+Date: Mon, 5 Jan 2015 10:40:41 +0100
+Subject: [PATCH] segment: Fix the failure paths
+
+A failure in segment_end() or segment_start() would lead to freeing
+a dangling pointer and in general further calls to seg_write_packet()
+or to seg_write_trailer() would have the same faulty behaviour.
+
+CC: [email protected]
+Reported-By: [email protected]
+---
+ libavformat/segment.c | 32 ++++++++++++++++++++------------
+ 1 file changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/libavformat/segment.c b/libavformat/segment.c
+index 52da6b9..bcfd1f9 100644
+--- a/libavformat/segment.c
++++ b/libavformat/segment.c
+@@ -184,6 +184,13 @@ static void close_null_ctx(AVIOContext *pb)
+     av_free(pb);
+ }
+
++static void seg_free_context(SegmentContext *seg)
++{
++    avio_closep(&seg->pb);
++    avformat_free_context(seg->avf);
++    seg->avf = NULL;
++}
++
+ static int seg_write_header(AVFormatContext *s)
+ {
+     SegmentContext *seg = s->priv_data;
+@@ -265,12 +272,9 @@ static int seg_write_header(AVFormatContext *s)
+     }
+
+ fail:
+-    if (ret) {
+-        if (seg->list)
+-            avio_close(seg->pb);
+-        if (seg->avf)
+-            avformat_free_context(seg->avf);
+-    }
++    if (ret < 0)
++        seg_free_context(seg);
++
+     return ret;
+ }
+

+@@ -282,6 +286,9 @@ static int seg_write_packet(AVFormatContext *s, 
AVPacket *pkt)

+     int64_t end_pts = seg->recording_time * seg->number;
+     int ret, can_split = 1;
+
++    if (!oc)
++        return AVERROR(EINVAL);
++
+     if (seg->has_video) {
+         can_split = st->codec->codec_type == AVMEDIA_TYPE_VIDEO &&
+                     pkt->flags & AV_PKT_FLAG_KEY;

+@@ -322,11 +329,8 @@ static int seg_write_packet(AVFormatContext *s, 
AVPacket *pkt)

+     ret = ff_write_chained(oc, pkt->stream_index, pkt, s);
+
+ fail:
+-    if (ret < 0) {
+-        if (seg->list)
+-            avio_close(seg->pb);
+-        avformat_free_context(oc);
+-    }
++    if (ret < 0)
++        seg_free_context(seg);
+
+     return ret;
+ }

+@@ -335,7 +339,11 @@ static int seg_write_trailer(struct 
AVFormatContext *s)

+ {
+     SegmentContext *seg = s->priv_data;
+     AVFormatContext *oc = seg->avf;
+-    int ret;
++    int ret = 0;
++
++    if (!oc)
++        goto fail;
++
+     if (!seg->write_header_trailer) {
+         if ((ret = segment_end(oc, 0)) < 0)
+             goto fail;
+--
+2.4.1.314.g9532ead
+

diff --git a/meta/recipes-multimedia/libav/libav_9.16.bb 
b/meta/recipes-multimedia/libav/libav_9.16.bb

deleted file mode 100644
index 79ff3f8..0000000
--- a/meta/recipes-multimedia/libav/libav_9.16.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require libav.inc
-
-SRC_URI[md5sum] = "7b44b75cec24b8e7545e5029e76917e0"

-SRC_URI[sha256sum] = 
"ca846473b0b8ed8e3404c52e5e92df6d35cb5fa487eec498525de3ffda4367a0"
diff --git a/meta/recipes-multimedia/libav/libav_9.18.bb 
b/meta/recipes-multimedia/libav/libav_9.18.bb

new file mode 100644
index 0000000..210a649
--- /dev/null
+++ b/meta/recipes-multimedia/libav/libav_9.18.bb
@@ -0,0 +1,6 @@
+require libav.inc
+
+SRC_URI[md5sum] = "75e838068a75fb88e1b4ea0546bc16f0"

+SRC_URI[sha256sum] = 
"0875e835da683eef1a7bac75e1884634194149d7479d1538ba9fbe1614d066d7"

+
+SRC_URI += "file://libav-fix-CVE-2014-9676.patch"







--
Regards,
Neil | Kai Kang

--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core






















					Reply via email to