diff options
| -rw-r--r-- | main/ffmpeg/APKBUILD | 19 | ||||
| -rw-r--r-- | main/ffmpeg/CVE-2014-5271.patch | 55 | ||||
| -rw-r--r-- | main/ffmpeg/CVE-2014-5272.patch | 32 |
3 files changed, 101 insertions, 5 deletions
diff --git a/main/ffmpeg/APKBUILD b/main/ffmpeg/APKBUILD index be68d35ce4..9f6acf403d 100644 --- a/main/ffmpeg/APKBUILD +++ b/main/ffmpeg/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ffmpeg pkgver=2.1.5 -pkgrel=0 +pkgrel=1 pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix" url="http://ffmpeg.org/" arch="all" @@ -15,7 +15,10 @@ depends= source="http://ffmpeg.org/releases/ffmpeg-$pkgver.tar.bz2 configure-dlvsym.patch fix-defines.patch - fix-libv4l2-errors.patch" + fix-libv4l2-errors.patch + CVE-2014-5271.patch + CVE-2014-5272.patch + " _builddir="$srcdir"/$pkgname-$pkgver prepare() { @@ -82,12 +85,18 @@ libs() { md5sums="c97586adb18e61f56b819b6ebb1d6a1d ffmpeg-2.1.5.tar.bz2 2cdc11a99bf97c63c7cca27b073cb47c configure-dlvsym.patch fad4fc1e886146a4a2befc8fda052d50 fix-defines.patch -2b6897f352583ee8efdc0c09ef27a30f fix-libv4l2-errors.patch" +2b6897f352583ee8efdc0c09ef27a30f fix-libv4l2-errors.patch +cb4f5424c5364d7cf44b39be90bf9422 CVE-2014-5271.patch +03a55ca19064afd17123422143c7104d CVE-2014-5272.patch" sha256sums="10476f2c8f2ac7c9586c619e86b586384a25d209d5f5568bcd05a264846800ff ffmpeg-2.1.5.tar.bz2 0854db61ec784935d77516ba9a467ba61e118f951149c07acb6887a6b417ac55 configure-dlvsym.patch 4ccac0cf75fe53685c4cdda4061f7248de9a9b98e11f8e3aed8e1822b94d35d1 fix-defines.patch -872236e91e393b62a1a9d7aebdf0c417314f874a67cef55ad37b39ee57cf9edb fix-libv4l2-errors.patch" +872236e91e393b62a1a9d7aebdf0c417314f874a67cef55ad37b39ee57cf9edb fix-libv4l2-errors.patch +7675ffbddc841132084e8d6646291244f6fbc672bce6815b707d656c8d4bde79 CVE-2014-5271.patch +d4d5ee3c0b8c3e8a5752a317f77fa07c035413b0acfb168dc3853a58aa2ff4f8 CVE-2014-5272.patch" sha512sums="541c115f52e641a128ad1c96f98f2ad1601a4bb685614a60977a8b74818004f6be61da5da704a31fedf073d050fee121cd1d0ad733f6f919306cf3d675f02136 ffmpeg-2.1.5.tar.bz2 635c80ca801577439bd1cf8470fb760755c243e59adc8b4d9b8412f24e2dc336802afddde09f3d59443e29d92123d0308482be8ad32ab0f265c960315632636f configure-dlvsym.patch ea2630d4ae5383bc24a322318aa8c41af745145755333660deec4ed256096eca73a49c41a0921544dfaa53d8087378cb2b5654001332c7262ea39f18e5c472c8 fix-defines.patch -56bba30f200c748d47d60d2b18147522dbceec7e8c97f434d3dbfa239547113a3e9d3b280e22816adeafa994b22eefac4b968448afef1a07aa1c46d3ec359e68 fix-libv4l2-errors.patch" +56bba30f200c748d47d60d2b18147522dbceec7e8c97f434d3dbfa239547113a3e9d3b280e22816adeafa994b22eefac4b968448afef1a07aa1c46d3ec359e68 fix-libv4l2-errors.patch +9056f66102702e7aef6e0abc77a8f91207a82a5ca6f65104f7e1e712f613169ccc7d2e2f6ce7609aed5ff289bb1084771bbfc24ab6f9148ee6ae5c9f9b1523a4 CVE-2014-5271.patch +3e9c0303d76e6124da0d913323aec7e476423e52a174c0ba1b53a1170a3e7b786a447e53293e557f8aae119cac9478052a971487c6ecd2410de2d18a7d25b47a CVE-2014-5272.patch" diff --git a/main/ffmpeg/CVE-2014-5271.patch b/main/ffmpeg/CVE-2014-5271.patch new file mode 100644 index 0000000000..f496fb4afe --- /dev/null +++ b/main/ffmpeg/CVE-2014-5271.patch @@ -0,0 +1,55 @@ +From 52b81ff4635c077b2bc8b8d3637d933b6629d803 Mon Sep 17 00:00:00 2001 +From: Christophe Gisquet <christophe.gisquet@gmail.com> +Date: Mon, 11 Aug 2014 22:06:08 +0000 +Subject: [PATCH] proresenc_kostya: report buffer overflow + +If the allocated size, despite best efforts, is too small, exit +with the appropriate error. + +Signed-off-by: Michael Niedermayer <michaelni@gmx.at> +--- + libavcodec/proresenc_kostya.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/libavcodec/proresenc_kostya.c b/libavcodec/proresenc_kostya.c +index 24cb333..a70ae3c 100644 +--- a/libavcodec/proresenc_kostya.c ++++ b/libavcodec/proresenc_kostya.c +@@ -570,6 +570,11 @@ static int encode_slice(AVCodecContext *avctx, const AVFrame *pic, + quant); + } + total_size += sizes[i]; ++ if (put_bits_left(pb) < 0) { ++ av_log(avctx, AV_LOG_ERROR, "Serious underevaluation of" ++ "required buffer size"); ++ return AVERROR_BUFFER_TOO_SMALL; ++ } + } + return total_size; + } +@@ -940,9 +945,9 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, + avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I; + avctx->coded_frame->key_frame = 1; + +- pkt_size = ctx->frame_size_upper_bound + FF_MIN_BUFFER_SIZE; ++ pkt_size = ctx->frame_size_upper_bound; + +- if ((ret = ff_alloc_packet2(avctx, pkt, pkt_size)) < 0) ++ if ((ret = ff_alloc_packet2(avctx, pkt, pkt_size + FF_MIN_BUFFER_SIZE)) < 0) + return ret; + + orig_buf = pkt->data; +@@ -1019,7 +1024,9 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt, + slice_hdr = buf; + buf += slice_hdr_size - 1; + init_put_bits(&pb, buf, (pkt_size - (buf - orig_buf)) * 8); +- encode_slice(avctx, pic, &pb, sizes, x, y, q, mbs_per_slice); ++ ret = encode_slice(avctx, pic, &pb, sizes, x, y, q, mbs_per_slice); ++ if (ret < 0) ++ return ret; + + bytestream_put_byte(&slice_hdr, q); + slice_size = slice_hdr_size + sizes[ctx->num_planes - 1]; +-- +1.7.10.4 + diff --git a/main/ffmpeg/CVE-2014-5272.patch b/main/ffmpeg/CVE-2014-5272.patch new file mode 100644 index 0000000000..e272e7ccd2 --- /dev/null +++ b/main/ffmpeg/CVE-2014-5272.patch @@ -0,0 +1,32 @@ +From 3539d6c63a16e1b2874bb037a86f317449c58770 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michaelni@gmx.at> +Date: Sun, 10 Aug 2014 21:59:33 +0200 +Subject: [PATCH] avcodec/iff: check pixfmt for rgb8 / rgbn + +Fixes out of array access + +Found-by: Piotr Bandurski <ami_stuff@o2.pl> +Signed-off-by: Michael Niedermayer <michaelni@gmx.at> +--- + libavcodec/iff.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/iff.c b/libavcodec/iff.c +index 00f5261..ce06b36 100644 +--- a/libavcodec/iff.c ++++ b/libavcodec/iff.c +@@ -849,9 +849,9 @@ static int decode_frame(AVCodecContext *avctx, + break; + case 4: + bytestream2_init(&gb, buf, buf_size); +- if (avctx->codec_tag == MKTAG('R', 'G', 'B', '8')) ++ if (avctx->codec_tag == MKTAG('R', 'G', 'B', '8') && avctx->pix_fmt == AV_PIX_FMT_RGB32) + decode_rgb8(&gb, s->frame->data[0], avctx->width, avctx->height, s->frame->linesize[0]); +- else if (avctx->codec_tag == MKTAG('R', 'G', 'B', 'N')) ++ else if (avctx->codec_tag == MKTAG('R', 'G', 'B', 'N') && avctx->pix_fmt == AV_PIX_FMT_RGB444) + decode_rgbn(&gb, s->frame->data[0], avctx->width, avctx->height, s->frame->linesize[0]); + else + return unsupported(avctx); +-- +1.7.10.4 + |