From: Rongqing Li <rongqing.li@windriver.com>
To: Paul Eggleton <paul.eggleton@linux.intel.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 00/12 v2] ffmpeg: backport 12 CVE patches
Date: Mon, 19 May 2014 09:32:57 +0800 [thread overview]
Message-ID: <53795F49.5000407@windriver.com> (raw)
In-Reply-To: <6339757.ULFiZ01mb2@peggleto-mobl5.ger.corp.intel.com>
On 05/16/2014 07:09 PM, Paul Eggleton wrote:
> Hi Roy,
>
> On Friday 16 May 2014 10:12:08 rongqing.li@windriver.com wrote:
>> From: Roy Li <rongqing.li@windriver.com>
>>
>> Diff with V1: use ffmpeg as prefix of commit header
>>
>> The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
>>
>> gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
>>
>> are available in the git repository at:
>>
>> git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2
>>
>> Yue Tao (12):
>> ffmpeg: fix for Security Advisory CVE-2014-2263
>> ffmpeg: fix for Security Advisory CVE-2013-0865
>> ffmpeg: fix for Security Advisory CVE-2014-2099
>> ffmpeg: fix for Security Advisory CVE-2013-0868
>> ffmpeg: fix for Security Advisory CVE-2013-0845
>> ffmpeg: fix for Security Advisory CVE-2013-0852
>> ffmpeg: fix for Security Advisory CVE-2013-0858
>> ffmpeg: fix for Security Advisory CVE-2013-0851
>> ffmpeg: fix for Security Advisory CVE-2013-0854
>> ffmpeg: fix for Security Advisory CVE-2013-0856
>> ffmpeg: fix for Security Advisory CVE-2013-0850
>> ffmpeg: fix for Security Advisory CVE-2013-0849
>
> This should really be "gst-ffmpeg:" rather than just "ffmpeg:" since that's the
> recipe being modified.
>
Ok, I update it
=====================
The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2
Yue Tao (12):
gst-ffmpeg: fix for Security Advisory CVE-2014-2263
gst-ffmpeg: fix for Security Advisory CVE-2013-0865
gst-ffmpeg: fix for Security Advisory CVE-2014-2099
gst-ffmpeg: fix for Security Advisory CVE-2013-0868
gst-ffmpeg: fix for Security Advisory CVE-2013-0845
gst-ffmpeg: fix for Security Advisory CVE-2013-0852
gst-ffmpeg: fix for Security Advisory CVE-2013-0858
gst-ffmpeg: fix for Security Advisory CVE-2013-0851
gst-ffmpeg: fix for Security Advisory CVE-2013-0854
gst-ffmpeg: fix for Security Advisory CVE-2013-0856
gst-ffmpeg: fix for Security Advisory CVE-2013-0850
gst-ffmpeg: fix for Security Advisory CVE-2013-0849
.../0001-alac-fix-nb_samples-order-case.patch | 30 +++++++
.../0001-alsdec-check-block-length.patch | 61 ++++++++++++++
...ac3dec-Check-coding-mode-against-channels.patch | 37 +++++++++
...le-use-av_image_get_linesize-to-calculate.patch | 50 +++++++++++
...egtsenc-Check-data-array-size-in-mpegts_w.patch | 69 ++++++++++++++++
.../0001-eamad-fix-out-of-array-accesses.patch | 29 +++++++
...t-ref-count-check-and-limit-fix-out-of-ar.patch | 29 +++++++
...01-huffyuvdec-Check-init_vlc-return-codes.patch | 87
++++++++++++++++++++
.../0001-huffyuvdec-Skip-len-0-cases.patch | 59 +++++++++++++
.../0001-mjpegdec-check-SE.patch | 32 +++++++
...heck-RLE-size-before-copying.-Fix-out-of-.patch | 34 ++++++++
...001-roqvideodec-check-dimensions-validity.patch | 36 ++++++++
...o-check-chunk-sizes-before-reading-chunks.patch | 51 ++++++++++++
.../gstreamer/gst-ffmpeg_0.10.13.bb | 13 +++
14 files changed, 617 insertions(+)
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alac-fix-nb_samples-order-case.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alsdec-check-block-length.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-atrac3dec-Check-coding-mode-against-channels.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-msrle-use-av_image_get_linesize-to-calculate.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avformat-mpegtsenc-Check-data-array-size-in-mpegts_w.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-eamad-fix-out-of-array-accesses.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-correct-ref-count-check-and-limit-fix-out-of-ar.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Skip-len-0-cases.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-pgssubdec-check-RLE-size-before-copying.-Fix-out-of-.patch
> Also, I'm not sure if you got my message yesterday (since there was a problem
> with the email transmission) however I'll repeat it here just in case:
>
>> Note that whilst we should apply these patches, they won't actually have any
>> effect on unmodified builds because we do not use gst-ffmpeg's internal
>> copy of ffmpeg, we use libav instead. So if any of these fixes apply to
>> libav (or if there are equivalent fixes) we will need to apply them to
>> libav.
>
> Would you be able to take care of the corresponding patches to libav?
>
I did not see the CVE patches on libav
-Roy
> Thanks,
> Paul
>
--
Best Reagrds,
Roy | RongQing Li
next prev parent reply other threads:[~2014-05-19 1:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-16 2:12 [PATCH 00/12 v2] ffmpeg: backport 12 CVE patches rongqing.li
2014-05-16 2:12 ` [PATCH 01/12] ffmpeg: fix for Security Advisory CVE-2014-2263 rongqing.li
2014-05-16 2:12 ` [PATCH 02/12] ffmpeg: fix for Security Advisory CVE-2013-0865 rongqing.li
2014-05-16 2:12 ` [PATCH 03/12] ffmpeg: fix for Security Advisory CVE-2014-2099 rongqing.li
2014-05-16 2:12 ` [PATCH 04/12] ffmpeg: fix for Security Advisory CVE-2013-0868 rongqing.li
2014-05-19 15:39 ` Saul Wold
2014-05-16 2:12 ` [PATCH 05/12] ffmpeg: fix for Security Advisory CVE-2013-0845 rongqing.li
2014-05-16 2:12 ` [PATCH 06/12] ffmpeg: fix for Security Advisory CVE-2013-0852 rongqing.li
2014-05-16 2:12 ` [PATCH 07/12] ffmpeg: fix for Security Advisory CVE-2013-0858 rongqing.li
2014-05-16 2:12 ` [PATCH 08/12] ffmpeg: fix for Security Advisory CVE-2013-0851 rongqing.li
2014-05-16 2:12 ` [PATCH 09/12] ffmpeg: fix for Security Advisory CVE-2013-0854 rongqing.li
2014-05-16 2:12 ` [PATCH 10/12] ffmpeg: fix for Security Advisory CVE-2013-0856 rongqing.li
2014-05-16 2:12 ` [PATCH 11/12] ffmpeg: fix for Security Advisory CVE-2013-0850 rongqing.li
2014-05-16 2:12 ` [PATCH 12/12] ffmpeg: fix for Security Advisory CVE-2013-0849 rongqing.li
2014-05-16 11:09 ` [PATCH 00/12 v2] ffmpeg: backport 12 CVE patches Paul Eggleton
2014-05-19 1:32 ` Rongqing Li [this message]
2014-05-19 9:58 ` Paul Eggleton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53795F49.5000407@windriver.com \
--to=rongqing.li@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=paul.eggleton@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.