From: Rongqing Li <rongqing.li@windriver.com>
To: Paul Eggleton <paul.eggleton@linux.intel.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 00/12 v2] ffmpeg: backport 12 CVE patches
Date: Mon, 19 May 2014 09:32:57 +0800 [thread overview]
Message-ID: <53795F49.5000407@windriver.com> (raw)
In-Reply-To: <6339757.ULFiZ01mb2@peggleto-mobl5.ger.corp.intel.com>
On 05/16/2014 07:09 PM, Paul Eggleton wrote:
> Hi Roy,
>
> On Friday 16 May 2014 10:12:08 rongqing.li@windriver.com wrote:
>> From: Roy Li <rongqing.li@windriver.com>
>>
>> Diff with V1: use ffmpeg as prefix of commit header
>>
>> The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
>>
>> gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
>>
>> are available in the git repository at:
>>
>> git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2
>>
>> Yue Tao (12):
>> ffmpeg: fix for Security Advisory CVE-2014-2263
>> ffmpeg: fix for Security Advisory CVE-2013-0865
>> ffmpeg: fix for Security Advisory CVE-2014-2099
>> ffmpeg: fix for Security Advisory CVE-2013-0868
>> ffmpeg: fix for Security Advisory CVE-2013-0845
>> ffmpeg: fix for Security Advisory CVE-2013-0852
>> ffmpeg: fix for Security Advisory CVE-2013-0858
>> ffmpeg: fix for Security Advisory CVE-2013-0851
>> ffmpeg: fix for Security Advisory CVE-2013-0854
>> ffmpeg: fix for Security Advisory CVE-2013-0856
>> ffmpeg: fix for Security Advisory CVE-2013-0850
>> ffmpeg: fix for Security Advisory CVE-2013-0849
>
> This should really be "gst-ffmpeg:" rather than just "ffmpeg:" since that's the
> recipe being modified.
>
Ok, I update it
=====================
The following changes since commit e273301efa0037a13c3a60b4414140364d9c9873:
gstreamer/lame: Better gcc 4.9 fix (2014-05-15 23:27:41 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib roy/ffmpeg-2
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=roy/ffmpeg-2
Yue Tao (12):
gst-ffmpeg: fix for Security Advisory CVE-2014-2263
gst-ffmpeg: fix for Security Advisory CVE-2013-0865
gst-ffmpeg: fix for Security Advisory CVE-2014-2099
gst-ffmpeg: fix for Security Advisory CVE-2013-0868
gst-ffmpeg: fix for Security Advisory CVE-2013-0845
gst-ffmpeg: fix for Security Advisory CVE-2013-0852
gst-ffmpeg: fix for Security Advisory CVE-2013-0858
gst-ffmpeg: fix for Security Advisory CVE-2013-0851
gst-ffmpeg: fix for Security Advisory CVE-2013-0854
gst-ffmpeg: fix for Security Advisory CVE-2013-0856
gst-ffmpeg: fix for Security Advisory CVE-2013-0850
gst-ffmpeg: fix for Security Advisory CVE-2013-0849
.../0001-alac-fix-nb_samples-order-case.patch | 30 +++++++
.../0001-alsdec-check-block-length.patch | 61 ++++++++++++++
...ac3dec-Check-coding-mode-against-channels.patch | 37 +++++++++
...le-use-av_image_get_linesize-to-calculate.patch | 50 +++++++++++
...egtsenc-Check-data-array-size-in-mpegts_w.patch | 69 ++++++++++++++++
.../0001-eamad-fix-out-of-array-accesses.patch | 29 +++++++
...t-ref-count-check-and-limit-fix-out-of-ar.patch | 29 +++++++
...01-huffyuvdec-Check-init_vlc-return-codes.patch | 87
++++++++++++++++++++
.../0001-huffyuvdec-Skip-len-0-cases.patch | 59 +++++++++++++
.../0001-mjpegdec-check-SE.patch | 32 +++++++
...heck-RLE-size-before-copying.-Fix-out-of-.patch | 34 ++++++++
...001-roqvideodec-check-dimensions-validity.patch | 36 ++++++++
...o-check-chunk-sizes-before-reading-chunks.patch | 51 ++++++++++++
.../gstreamer/gst-ffmpeg_0.10.13.bb | 13 +++
14 files changed, 617 insertions(+)
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alac-fix-nb_samples-order-case.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alsdec-check-block-length.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-atrac3dec-Check-coding-mode-against-channels.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-msrle-use-av_image_get_linesize-to-calculate.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avformat-mpegtsenc-Check-data-array-size-in-mpegts_w.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-eamad-fix-out-of-array-accesses.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-correct-ref-count-check-and-limit-fix-out-of-ar.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Skip-len-0-cases.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch
create mode 100644
meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-pgssubdec-check-RLE-size-before-copying.-Fix-out-of-.patch
> Also, I'm not sure if you got my message yesterday (since there was a problem
> with the email transmission) however I'll repeat it here just in case:
>
>> Note that whilst we should apply these patches, they won't actually have any
>> effect on unmodified builds because we do not use gst-ffmpeg's internal
>> copy of ffmpeg, we use libav instead. So if any of these fixes apply to
>> libav (or if there are equivalent fixes) we will need to apply them to
>> libav.
>
> Would you be able to take care of the corresponding patches to libav?
>
I did not see the CVE patches on libav
-Roy
> Thanks,
> Paul
>
--
Best Reagrds,
Roy | RongQing Li
next prev parent reply other threads:[~2014-05-19 1:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-16 2:12 [PATCH 00/12 v2] ffmpeg: backport 12 CVE patches rongqing.li
2014-05-16 2:12 ` [PATCH 01/12] ffmpeg: fix for Security Advisory CVE-2014-2263 rongqing.li
2014-05-16 2:12 ` [PATCH 02/12] ffmpeg: fix for Security Advisory CVE-2013-0865 rongqing.li
2014-05-16 2:12 ` [PATCH 03/12] ffmpeg: fix for Security Advisory CVE-2014-2099 rongqing.li
2014-05-16 2:12 ` [PATCH 04/12] ffmpeg: fix for Security Advisory CVE-2013-0868 rongqing.li
2014-05-19 15:39 ` Saul Wold
2014-05-16 2:12 ` [PATCH 05/12] ffmpeg: fix for Security Advisory CVE-2013-0845 rongqing.li
2014-05-16 2:12 ` [PATCH 06/12] ffmpeg: fix for Security Advisory CVE-2013-0852 rongqing.li
2014-05-16 2:12 ` [PATCH 07/12] ffmpeg: fix for Security Advisory CVE-2013-0858 rongqing.li
2014-05-16 2:12 ` [PATCH 08/12] ffmpeg: fix for Security Advisory CVE-2013-0851 rongqing.li
2014-05-16 2:12 ` [PATCH 09/12] ffmpeg: fix for Security Advisory CVE-2013-0854 rongqing.li
2014-05-16 2:12 ` [PATCH 10/12] ffmpeg: fix for Security Advisory CVE-2013-0856 rongqing.li
2014-05-16 2:12 ` [PATCH 11/12] ffmpeg: fix for Security Advisory CVE-2013-0850 rongqing.li
2014-05-16 2:12 ` [PATCH 12/12] ffmpeg: fix for Security Advisory CVE-2013-0849 rongqing.li
2014-05-16 11:09 ` [PATCH 00/12 v2] ffmpeg: backport 12 CVE patches Paul Eggleton
2014-05-19 1:32 ` Rongqing Li [this message]
2014-05-19 9:58 ` Paul Eggleton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53795F49.5000407@windriver.com \
--to=rongqing.li@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=paul.eggleton@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox