From: Kang Kai <Kai.Kang@windriver.com>
To: Randy MacLeod <randy.macleod@windriver.com>,
<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 2/2] libav: upgrade to 9.18
Date: Wed, 27 May 2015 09:59:29 +0800 [thread overview]
Message-ID: <55652501.2080608@windriver.com> (raw)
In-Reply-To: <55651CC8.5000402@windriver.com>
On 2015年05月27日 09:24, Randy MacLeod wrote:
> On 2015-05-26 03:14 AM, Kai Kang wrote:
>> Upgrade libav from version 9.16 to 9.18. Remove unused var INC_PR and
>> backport patch to fix CVE-2014-9676.
>
> We can keep that version if people want it but it's almost pretty old.
>
> Version 11.3 is the latest branch.
> Libav 11.3
> https://libav.org/releases/libav-11.3.release
>
> Oh and on the 11 branch, the CVE fix is in commit:
>
> libav.git $ git branch --contains f6c82b34
> * release/11
>
> found by looking at your commit b3f0465, then finding a new
> function seg_free_context and then:
> $ git blame libavformat/segment.c | grep seg_free_context
>
>
> There are some pacakges that depend on libav:
> libav/libpostproc_git.bb
> gstreamer
> alsa-plugins
>
> From:
> $ grep -r libav meta/recipes* | grep DEPENDS | grep -v libavahi
> meta/recipes-multimedia/libav/libpostproc_git.bb:DEPENDS = "libav"
>
>
> $ grep -r libav meta/ | grep PACKAGECONFIG | grep libav
> meta/recipes-multimedia/gstreamer/gstreamer1.0-libav.inc:\
> PACKAGECONFIG[libav] = "--with-system-libav,,libav"
> meta/recipes-multimedia/alsa/alsa-plugins_1.0.29.bb:\
> PACKAGECONFIG[avcodec] = "--enable-avcodec,--disable-avcodec,libav"
>
>
> I think the upgrade should be okay but please do test it.
I'll add recipe for serial 11. If the old version recipe is kept, I
suppose it is nesscessary to update it to the latest version for serial 9.
--Kai
>
> ../Randy
>
>>
>> Signed-off-by: Kai Kang <kai.kang@windriver.com>
>> ---
>> meta/recipes-multimedia/libav/libav.inc | 2 -
>> .../libav/libav/libav-fix-CVE-2014-9676.patch | 98
>> ++++++++++++++++++++++
>> meta/recipes-multimedia/libav/libav_9.16.bb | 4 -
>> meta/recipes-multimedia/libav/libav_9.18.bb | 6 ++
>> 4 files changed, 104 insertions(+), 6 deletions(-)
>> create mode 100644
>> meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
>> delete mode 100644 meta/recipes-multimedia/libav/libav_9.16.bb
>> create mode 100644 meta/recipes-multimedia/libav/libav_9.18.bb
>>
>> diff --git a/meta/recipes-multimedia/libav/libav.inc
>> b/meta/recipes-multimedia/libav/libav.inc
>> index cac836f..6ef273b 100644
>> --- a/meta/recipes-multimedia/libav/libav.inc
>> +++ b/meta/recipes-multimedia/libav/libav.inc
>> @@ -24,8 +24,6 @@ ARM_INSTRUCTION_SET = "arm"
>>
>> DEPENDS = "alsa-lib zlib libogg yasm-native"
>>
>> -INC_PR = "r8"
>> -
>> inherit autotools pkgconfig
>>
>> B = "${S}/build.${HOST_SYS}.${TARGET_SYS}"
>> diff --git
>> a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
>> b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
>> new file mode 100644
>> index 0000000..1e31caa
>> --- /dev/null
>> +++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
>> @@ -0,0 +1,98 @@
>> +Upstream-Status: Backport
>> +
>> +Backport patch to fix CVE-2014-9676.
>> +
>> +https://security-tracker.debian.org/tracker/CVE-2014-9676
>> +https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
>>
>> +
>> +Signed-off-by: Kai Kang <kai.kang@windriver.com>
>> +---
>> +From b3f04657368a32a9903406395f865e230b1de348 Mon Sep 17 00:00:00 2001
>> +From: Luca Barbato <lu_zero@gentoo.org>
>> +Date: Mon, 5 Jan 2015 10:40:41 +0100
>> +Subject: [PATCH] segment: Fix the failure paths
>> +
>> +A failure in segment_end() or segment_start() would lead to freeing
>> +a dangling pointer and in general further calls to seg_write_packet()
>> +or to seg_write_trailer() would have the same faulty behaviour.
>> +
>> +CC: libav-stable@libav.org
>> +Reported-By: luodalongde@gmail.com
>> +---
>> + libavformat/segment.c | 32 ++++++++++++++++++++------------
>> + 1 file changed, 20 insertions(+), 12 deletions(-)
>> +
>> +diff --git a/libavformat/segment.c b/libavformat/segment.c
>> +index 52da6b9..bcfd1f9 100644
>> +--- a/libavformat/segment.c
>> ++++ b/libavformat/segment.c
>> +@@ -184,6 +184,13 @@ static void close_null_ctx(AVIOContext *pb)
>> + av_free(pb);
>> + }
>> +
>> ++static void seg_free_context(SegmentContext *seg)
>> ++{
>> ++ avio_closep(&seg->pb);
>> ++ avformat_free_context(seg->avf);
>> ++ seg->avf = NULL;
>> ++}
>> ++
>> + static int seg_write_header(AVFormatContext *s)
>> + {
>> + SegmentContext *seg = s->priv_data;
>> +@@ -265,12 +272,9 @@ static int seg_write_header(AVFormatContext *s)
>> + }
>> +
>> + fail:
>> +- if (ret) {
>> +- if (seg->list)
>> +- avio_close(seg->pb);
>> +- if (seg->avf)
>> +- avformat_free_context(seg->avf);
>> +- }
>> ++ if (ret < 0)
>> ++ seg_free_context(seg);
>> ++
>> + return ret;
>> + }
>> +
>> +@@ -282,6 +286,9 @@ static int seg_write_packet(AVFormatContext *s,
>> AVPacket *pkt)
>> + int64_t end_pts = seg->recording_time * seg->number;
>> + int ret, can_split = 1;
>> +
>> ++ if (!oc)
>> ++ return AVERROR(EINVAL);
>> ++
>> + if (seg->has_video) {
>> + can_split = st->codec->codec_type == AVMEDIA_TYPE_VIDEO &&
>> + pkt->flags & AV_PKT_FLAG_KEY;
>> +@@ -322,11 +329,8 @@ static int seg_write_packet(AVFormatContext *s,
>> AVPacket *pkt)
>> + ret = ff_write_chained(oc, pkt->stream_index, pkt, s);
>> +
>> + fail:
>> +- if (ret < 0) {
>> +- if (seg->list)
>> +- avio_close(seg->pb);
>> +- avformat_free_context(oc);
>> +- }
>> ++ if (ret < 0)
>> ++ seg_free_context(seg);
>> +
>> + return ret;
>> + }
>> +@@ -335,7 +339,11 @@ static int seg_write_trailer(struct
>> AVFormatContext *s)
>> + {
>> + SegmentContext *seg = s->priv_data;
>> + AVFormatContext *oc = seg->avf;
>> +- int ret;
>> ++ int ret = 0;
>> ++
>> ++ if (!oc)
>> ++ goto fail;
>> ++
>> + if (!seg->write_header_trailer) {
>> + if ((ret = segment_end(oc, 0)) < 0)
>> + goto fail;
>> +--
>> +2.4.1.314.g9532ead
>> +
>> diff --git a/meta/recipes-multimedia/libav/libav_9.16.bb
>> b/meta/recipes-multimedia/libav/libav_9.16.bb
>> deleted file mode 100644
>> index 79ff3f8..0000000
>> --- a/meta/recipes-multimedia/libav/libav_9.16.bb
>> +++ /dev/null
>> @@ -1,4 +0,0 @@
>> -require libav.inc
>> -
>> -SRC_URI[md5sum] = "7b44b75cec24b8e7545e5029e76917e0"
>> -SRC_URI[sha256sum] =
>> "ca846473b0b8ed8e3404c52e5e92df6d35cb5fa487eec498525de3ffda4367a0"
>> diff --git a/meta/recipes-multimedia/libav/libav_9.18.bb
>> b/meta/recipes-multimedia/libav/libav_9.18.bb
>> new file mode 100644
>> index 0000000..210a649
>> --- /dev/null
>> +++ b/meta/recipes-multimedia/libav/libav_9.18.bb
>> @@ -0,0 +1,6 @@
>> +require libav.inc
>> +
>> +SRC_URI[md5sum] = "75e838068a75fb88e1b4ea0546bc16f0"
>> +SRC_URI[sha256sum] =
>> "0875e835da683eef1a7bac75e1884634194149d7479d1538ba9fbe1614d066d7"
>> +
>> +SRC_URI += "file://libav-fix-CVE-2014-9676.patch"
>>
>
>
--
Regards,
Neil | Kai Kang
prev parent reply other threads:[~2015-05-27 1:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-26 7:14 [PATCH 0/2] Upgrade libav and fix one qemu cve issue Kai Kang
2015-05-26 7:14 ` [PATCH 1/2] qemu: fix CVE-2015-3456 Kai Kang
2015-05-26 7:14 ` [PATCH 2/2] libav: upgrade to 9.18 Kai Kang
2015-05-27 1:24 ` Randy MacLeod
2015-05-27 1:59 ` Kang Kai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55652501.2080608@windriver.com \
--to=kai.kang@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=randy.macleod@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.