Backport patches to fix CVEs: CVE-2014-7933, CVE-2014-9318 and
CVE-2014-9603.
Signed-off-by: Kai Kang
---
.../gst-ffmpeg-fix-CVE-2014-7933.patch | 38
.../gst-ffmpeg-fix-CVE-2014-9318.patch | 37 +++
.../gst-ffmpeg-fix-CVE-2014-9603.patch | 41 ++
.../gstreamer/gst-ffmpeg_0.10.13.bb| 3 ++
4 files changed, 119 insertions(+)
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-7933.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9318.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch
diff --git
a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-7933.patch
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-7933.patch
new file mode 100644
index 000..3c537c7
--- /dev/null
+++
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-7933.patch
@@ -0,0 +1,38 @@
+From 2266b8bc3370856d874334ba62b337ce4f1eb255 Mon Sep 17 00:00:00 2001
+From: Kai Kang
+Date: Wed, 13 May 2015 16:46:06 +0800
+Subject: [PATCH 2/2] gst-ffmpeg: fix CVE-2014-7933
+
+Upstream-Status: Backport
+
+http://git.videolan.org/?p=ffmpeg.git;a=commit;h=33301f00
+
+Signed-off-by: Kai Kang
+---
+ gst-libs/ext/libav/libavformat/matroskadec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/gst-libs/ext/libav/libavformat/matroskadec.c
b/gst-libs/ext/libav/libavformat/matroskadec.c
+index 59dce4f..e5f5fc1 100644
+--- a/gst-libs/ext/libav/libavformat/matroskadec.c
b/gst-libs/ext/libav/libavformat/matroskadec.c
+@@ -1916,7 +1916,7 @@ static int matroska_read_seek(AVFormatContext *s, int
stream_index,
+ int64_t timestamp, int flags)
+ {
+ MatroskaDemuxContext *matroska = s->priv_data;
+-MatroskaTrack *tracks = matroska->tracks.elem;
++MatroskaTrack *tracks = NULL;
+ AVStream *st = s->streams[stream_index];
+ int i, index, index_sub, index_min;
+
+@@ -1939,6 +1939,7 @@ static int matroska_read_seek(AVFormatContext *s, int
stream_index,
+ return 0;
+
+ index_min = index;
++tracks = matroska->tracks.elem;
+ for (i=0; i < matroska->tracks.nb_elem; i++) {
+ tracks[i].audio.pkt_cnt = 0;
+ tracks[i].audio.sub_packet_cnt = 0;
+--
+1.9.1
+
diff --git
a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9318.patch
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9318.patch
new file mode 100644
index 000..0553cee
--- /dev/null
+++
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9318.patch
@@ -0,0 +1,37 @@
+From 0d3a3b9f8907625b361420d48fe05716859620ff Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer
+Date: Wed, 26 Nov 2014 18:56:39 +0100
+Subject: [PATCH] avcodec/rawdec: Check the return code of
+ avpicture_get_size()
+
+(Upstream commit 1d3a3b9f8907625b361420d48fe05716859620ff)
+
+Fixes out of array access
+Fixes: asan_heap-oob_22388d0_3435_cov_3297128910_small_roll5_FlashCine1.cine
+Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
+
+Upstream-Status: Backport
+
+Signed-off-by: Michael Niedermayer
+Signed-off-by: Yue Tao
+---
+ libavcodec/rawdec.c |3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c
+index 28792a1..647dfa9 100644
+--- a/gst-libs/ext/libav/libavcodec/rawdec.c
b/gst-libs/ext/libav/libavcodec/rawdec.c
+@@ -87,6 +87,9 @@ static av_cold int raw_init_decoder(AVCodecContext *avctx)
+
+ ff_set_systematic_pal2(context->palette, avctx->pix_fmt);
+ context->length = avpicture_get_size(avctx->pix_fmt, avctx->width,
avctx->height);
++if (context->length < 0)
++return context->length;
++
+ if((avctx->bits_per_coded_sample == 4 || avctx->bits_per_coded_sample ==
2) &&
+avctx->pix_fmt==PIX_FMT_PAL8 &&
+(!avctx->codec_tag || avctx->codec_tag == MKTAG('r','a','w',' '))){
+--
+1.7.9.5
+
diff --git
a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch
new file mode 100644
index 000..5dda4cc
--- /dev/null
+++
b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch
@@ -0,0 +1,41 @@
+From dc68faf8339a885bc55fabe5b01f1de4f8f3782c Mon Sep 17 00:00:00 2001
+From: Kai Kang
+Date: Wed, 13 May 2015 16:30:53 +0800
+Subject: [PATCH 1/2] gst-ffmpeg: fix CVE-2014-9603
+
+Upstream-Status: Backport
+
+Upstream is version 2.x and vmdav.c is splitted into 2 files vmdaudio.c
+and vmdvideo.c. Becuase source code changes, just partly backport commit which
+is applicable to version 0.10.13 to fix CVE-2014-9603.
+
+http://git.videolan.org/?p=ff