Re: [OE-core] [PATCH 4/4] gst-ffmpeg: fix CVEs

2015-05-19 Thread Alexander Kanavin 

On 05/19/2015 04:08 AM, Kai Kang wrote:

Backport patches to fix CVEs: CVE-2014-7933, CVE-2014-9318 and
CVE-2014-9603.



Gstreamer 0.10 is moving to meta-multimedia, so you might want to hold 
this one off until it lands there.



Alex
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 4/4] gst-ffmpeg: fix CVEs

2015-05-18 Thread Kai Kang 
Backport patches to fix CVEs: CVE-2014-7933, CVE-2014-9318 and
CVE-2014-9603.

Signed-off-by: Kai Kang kai.k...@windriver.com
---
 .../gst-ffmpeg-fix-CVE-2014-7933.patch | 38 
 .../gst-ffmpeg-fix-CVE-2014-9318.patch | 37 +++
 .../gst-ffmpeg-fix-CVE-2014-9603.patch | 41 ++
 .../gstreamer/gst-ffmpeg_0.10.13.bb|  3 ++
 4 files changed, 119 insertions(+)
 create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-7933.patch
 create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9318.patch
 create mode 100644 
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch

diff --git 
a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-7933.patch
 
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-7933.patch
new file mode 100644
index 000..3c537c7
--- /dev/null
+++ 
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-7933.patch
@@ -0,0 +1,38 @@
+From 2266b8bc3370856d874334ba62b337ce4f1eb255 Mon Sep 17 00:00:00 2001
+From: Kai Kang kai.k...@windriver.com
+Date: Wed, 13 May 2015 16:46:06 +0800
+Subject: [PATCH 2/2] gst-ffmpeg: fix CVE-2014-7933
+
+Upstream-Status: Backport
+
+http://git.videolan.org/?p=ffmpeg.git;a=commit;h=33301f00
+
+Signed-off-by: Kai Kang kai.k...@windriver.com
+---
+ gst-libs/ext/libav/libavformat/matroskadec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/gst-libs/ext/libav/libavformat/matroskadec.c 
b/gst-libs/ext/libav/libavformat/matroskadec.c
+index 59dce4f..e5f5fc1 100644
+--- a/gst-libs/ext/libav/libavformat/matroskadec.c
 b/gst-libs/ext/libav/libavformat/matroskadec.c
+@@ -1916,7 +1916,7 @@ static int matroska_read_seek(AVFormatContext *s, int 
stream_index,
+   int64_t timestamp, int flags)
+ {
+ MatroskaDemuxContext *matroska = s-priv_data;
+-MatroskaTrack *tracks = matroska-tracks.elem;
++MatroskaTrack *tracks = NULL;
+ AVStream *st = s-streams[stream_index];
+ int i, index, index_sub, index_min;
+ 
+@@ -1939,6 +1939,7 @@ static int matroska_read_seek(AVFormatContext *s, int 
stream_index,
+ return 0;
+ 
+ index_min = index;
++tracks = matroska-tracks.elem;
+ for (i=0; i  matroska-tracks.nb_elem; i++) {
+ tracks[i].audio.pkt_cnt = 0;
+ tracks[i].audio.sub_packet_cnt = 0;
+-- 
+1.9.1
+
diff --git 
a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9318.patch
 
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9318.patch
new file mode 100644
index 000..0553cee
--- /dev/null
+++ 
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9318.patch
@@ -0,0 +1,37 @@
+From 0d3a3b9f8907625b361420d48fe05716859620ff Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer michae...@gmx.at
+Date: Wed, 26 Nov 2014 18:56:39 +0100
+Subject: [PATCH] avcodec/rawdec: Check the return code of
+ avpicture_get_size()
+
+(Upstream commit 1d3a3b9f8907625b361420d48fe05716859620ff)
+
+Fixes out of array access
+Fixes: asan_heap-oob_22388d0_3435_cov_3297128910_small_roll5_FlashCine1.cine
+Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
+
+Upstream-Status: Backport
+
+Signed-off-by: Michael Niedermayer michae...@gmx.at
+Signed-off-by: Yue Tao yue@windriver.com
+---
+ libavcodec/rawdec.c |3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c
+index 28792a1..647dfa9 100644
+--- a/gst-libs/ext/libav/libavcodec/rawdec.c
 b/gst-libs/ext/libav/libavcodec/rawdec.c
+@@ -87,6 +87,9 @@ static av_cold int raw_init_decoder(AVCodecContext *avctx)
+ 
+ ff_set_systematic_pal2(context-palette, avctx-pix_fmt);
+ context-length = avpicture_get_size(avctx-pix_fmt, avctx-width, 
avctx-height);
++if (context-length  0)
++return context-length;
++
+ if((avctx-bits_per_coded_sample == 4 || avctx-bits_per_coded_sample == 
2) 
+avctx-pix_fmt==PIX_FMT_PAL8 
+(!avctx-codec_tag || avctx-codec_tag == MKTAG('r','a','w',' '))){
+-- 
+1.7.9.5
+
diff --git 
a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch
 
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch
new file mode 100644
index 000..5dda4cc
--- /dev/null
+++ 
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch
@@ -0,0 +1,41 @@
+From dc68faf8339a885bc55fabe5b01f1de4f8f3782c Mon Sep 17 00:00:00 2001
+From: Kai Kang kai.k...@windriver.com
+Date: Wed, 13 May 2015 16:30:53 +0800
+Subject: [PATCH 1/2] gst-ffmpeg: fix CVE-2014-9603
+
+Upstream-Status: Backport
+
+Upstream is version 2.x and vmdav.c is splitted into 2 files vmdaudio.c
+and vmdvideo.c. Becuase source code changes, just