libav: upgrade to 9.18

Upgrade libav from version 9.16 to 9.18. Remove unused var INC_PR and backport patch to fix CVE-2014-9676. (From OE-Core rev: 1cac4dea1dd4a335752539feefc72372fb78a41d) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Kai Kang <kai.kang@windriver.com> 2015-05-26 15:14:44 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-06-03 16:38:48 +0100
commit: 68ffb9a6e819371c8d0b5de9d3e3b5113273aa14 (patch)
tree: c3537168c138ca1312f8ba33793d48ad699190cf /meta/recipes-multimedia/libav
parent: 86319df07670efa543391fc6b99572c9500d89f6 (diff)
download: poky-68ffb9a6e819371c8d0b5de9d3e3b5113273aa14.tar.gz
4 files changed, 104 insertions, 6 deletions
diff --git a/meta/recipes-multimedia/libav/libav.inc b/meta/recipes-multimedia/libav/libav.inc
index cac836fc3f..6ef273bd88 100644
--- a/meta/recipes-multimedia/libav/libav.inc
+++ b/meta/recipes-multimedia/libav/libav.inc
@@ -24,8 +24,6 @@ ARM_INSTRUCTION_SET = "arm"
 DEPENDS = "alsa-lib zlib libogg yasm-native"
-INC_PR = "r8"
 inherit autotools pkgconfig
 B = "${S}/build.${HOST_SYS}.${TARGET_SYS}"
diff --git a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
new file mode 100644
index 0000000000..1e31caa90a
--- /dev/null
+++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
@@ -0,0 +1,98 @@
+Upstream-Status: Backport
+Backport patch to fix CVE-2014-9676.
+https://security-tracker.debian.org/tracker/CVE-2014-9676
+https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+From b3f04657368a32a9903406395f865e230b1de348 Mon Sep 17 00:00:00 2001
+From: Luca Barbato <lu_zero@gentoo.org>
+Date: Mon, 5 Jan 2015 10:40:41 +0100
+Subject: [PATCH] segment: Fix the failure paths
+A failure in segment_end() or segment_start() would lead to freeing
+a dangling pointer and in general further calls to seg_write_packet()
+or to seg_write_trailer() would have the same faulty behaviour.
+CC: libav-stable@libav.org
+Reported-By: luodalongde@gmail.com
+---
+ libavformat/segment.c | 32 ++++++++++++++++++++------------
+ 1 file changed, 20 insertions(+), 12 deletions(-)
+diff --git a/libavformat/segment.c b/libavformat/segment.c
+index 52da6b9..bcfd1f9 100644
+--- a/libavformat/segment.c
+++ b/libavformat/segment.c
+@@ -184,6 +184,13 @@ static void close_null_ctx(AVIOContext *pb)
+     av_free(pb);
+ }
+ 
+static void seg_free_context(SegmentContext *seg)
+{
+    avio_closep(&seg->pb);
+    avformat_free_context(seg->avf);
+    seg->avf = NULL;
+}
+
+ static int seg_write_header(AVFormatContext *s)
+ {
+     SegmentContext *seg = s->priv_data;
+@@ -265,12 +272,9 @@ static int seg_write_header(AVFormatContext *s)
+     }
+ 
+ fail:
+-    if (ret) {
+-        if (seg->list)
+-            avio_close(seg->pb);
+-        if (seg->avf)
+-            avformat_free_context(seg->avf);
+-    }
+    if (ret < 0)
+        seg_free_context(seg);
+
+     return ret;
+ }
+ 
+@@ -282,6 +286,9 @@ static int seg_write_packet(AVFormatContext *s, AVPacket *pkt)
+     int64_t end_pts = seg->recording_time * seg->number;
+     int ret, can_split = 1;
+ 
+    if (!oc)
+        return AVERROR(EINVAL);
+
+     if (seg->has_video) {
+         can_split = st->codec->codec_type == AVMEDIA_TYPE_VIDEO &&
+                     pkt->flags & AV_PKT_FLAG_KEY;
+@@ -322,11 +329,8 @@ static int seg_write_packet(AVFormatContext *s, AVPacket *pkt)
+     ret = ff_write_chained(oc, pkt->stream_index, pkt, s);
+ 
+ fail:
+-    if (ret < 0) {
+-        if (seg->list)
+-            avio_close(seg->pb);
+-        avformat_free_context(oc);
+-    }
+    if (ret < 0)
+        seg_free_context(seg);
+ 
+     return ret;
+ }
+@@ -335,7 +339,11 @@ static int seg_write_trailer(struct AVFormatContext *s)
+ {
+     SegmentContext *seg = s->priv_data;
+     AVFormatContext *oc = seg->avf;
+-    int ret;
+    int ret = 0;
+
+    if (!oc)
+        goto fail;
+
+     if (!seg->write_header_trailer) {
+         if ((ret = segment_end(oc, 0)) < 0)
+             goto fail;
+-- 
+2.4.1.314.g9532ead
diff --git a/meta/recipes-multimedia/libav/libav_9.16.bb b/meta/recipes-multimedia/libav/libav_9.16.bb
deleted file mode 100644
index 79ff3f84d1..0000000000
--- a/meta/recipes-multimedia/libav/libav_9.16.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require libav.inc
-SRC_URI[md5sum] = "7b44b75cec24b8e7545e5029e76917e0"
-SRC_URI[sha256sum] = "ca846473b0b8ed8e3404c52e5e92df6d35cb5fa487eec498525de3ffda4367a0"
diff --git a/meta/recipes-multimedia/libav/libav_9.18.bb b/meta/recipes-multimedia/libav/libav_9.18.bb
new file mode 100644
index 0000000000..210a649da4
--- /dev/null
+++ b/meta/recipes-multimedia/libav/libav_9.18.bb
@@ -0,0 +1,6 @@
+require libav.inc
+SRC_URI[md5sum] = "75e838068a75fb88e1b4ea0546bc16f0"
+SRC_URI[sha256sum] = "0875e835da683eef1a7bac75e1884634194149d7479d1538ba9fbe1614d066d7"
+SRC_URI += "file://libav-fix-CVE-2014-9676.patch"
author	Kai Kang <kai.kang@windriver.com>	2015-05-26 15:14:44 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-06-03 16:38:48 +0100
commit	68ffb9a6e819371c8d0b5de9d3e3b5113273aa14 (patch)
tree	c3537168c138ca1312f8ba33793d48ad699190cf /meta/recipes-multimedia/libav
parent	86319df07670efa543391fc6b99572c9500d89f6 (diff)
download	poky-68ffb9a6e819371c8d0b5de9d3e3b5113273aa14.tar.gz

diff --git a/meta/recipes-multimedia/libav/libav.inc b/meta/recipes-multimedia/libav/libav.inc index cac836fc3f..6ef273bd88 100644 --- a/meta/recipes-multimedia/libav/libav.inc +++ b/meta/recipes-multimedia/libav/libav.inc
@@ -24,8 +24,6 @@ ARM_INSTRUCTION_SET = "arm"
24		24
25	DEPENDS = "alsa-lib zlib libogg yasm-native"	25	DEPENDS = "alsa-lib zlib libogg yasm-native"
26		26
27	INC_PR = "r8"
28
29	inherit autotools pkgconfig	27	inherit autotools pkgconfig
30		28
31	B = "${S}/build.${HOST_SYS}.${TARGET_SYS}"	29	B = "${S}/build.${HOST_SYS}.${TARGET_SYS}"


diff --git a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch new file mode 100644 index 0000000000..1e31caa90a --- /dev/null +++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
@@ -0,0 +1,98 @@
		1	Upstream-Status: Backport
		2
		3	Backport patch to fix CVE-2014-9676.
		4
		5	https://security-tracker.debian.org/tracker/CVE-2014-9676
		6	https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
		7
		8	Signed-off-by: Kai Kang <kai.kang@windriver.com>
		9	---
		10	From b3f04657368a32a9903406395f865e230b1de348 Mon Sep 17 00:00:00 2001
		11	From: Luca Barbato <lu_zero@gentoo.org>
		12	Date: Mon, 5 Jan 2015 10:40:41 +0100
		13	Subject: [PATCH] segment: Fix the failure paths
		14
		15	A failure in segment_end() or segment_start() would lead to freeing
		16	a dangling pointer and in general further calls to seg_write_packet()
		17	or to seg_write_trailer() would have the same faulty behaviour.
		18
		19	CC: libav-stable@libav.org
		20	Reported-By: luodalongde@gmail.com
		21	---
		22	libavformat/segment.c \| 32 ++++++++++++++++++++------------
		23	1 file changed, 20 insertions(+), 12 deletions(-)
		24
		25	diff --git a/libavformat/segment.c b/libavformat/segment.c
		26	index 52da6b9..bcfd1f9 100644
		27	--- a/libavformat/segment.c
		28	+++ b/libavformat/segment.c
		29	@@ -184,6 +184,13 @@ static void close_null_ctx(AVIOContext *pb)
		30	av_free(pb);
		31	}
		32
		33	+static void seg_free_context(SegmentContext *seg)
		34	+{
		35	+ avio_closep(&seg->pb);
		36	+ avformat_free_context(seg->avf);
		37	+ seg->avf = NULL;
		38	+}
		39	+
		40	static int seg_write_header(AVFormatContext *s)
		41	{
		42	SegmentContext *seg = s->priv_data;
		43	@@ -265,12 +272,9 @@ static int seg_write_header(AVFormatContext *s)
		44	}
		45
		46	fail:
		47	- if (ret) {
		48	- if (seg->list)
		49	- avio_close(seg->pb);
		50	- if (seg->avf)
		51	- avformat_free_context(seg->avf);
		52	- }
		53	+ if (ret < 0)
		54	+ seg_free_context(seg);
		55	+
		56	return ret;
		57	}
		58
		59	@@ -282,6 +286,9 @@ static int seg_write_packet(AVFormatContext s, AVPacket pkt)
		60	int64_t end_pts = seg->recording_time * seg->number;
		61	int ret, can_split = 1;
		62
		63	+ if (!oc)
		64	+ return AVERROR(EINVAL);
		65	+
		66	if (seg->has_video) {
		67	can_split = st->codec->codec_type == AVMEDIA_TYPE_VIDEO &&
		68	pkt->flags & AV_PKT_FLAG_KEY;
		69	@@ -322,11 +329,8 @@ static int seg_write_packet(AVFormatContext s, AVPacket pkt)
		70	ret = ff_write_chained(oc, pkt->stream_index, pkt, s);
		71
		72	fail:
		73	- if (ret < 0) {
		74	- if (seg->list)
		75	- avio_close(seg->pb);
		76	- avformat_free_context(oc);
		77	- }
		78	+ if (ret < 0)
		79	+ seg_free_context(seg);
		80
		81	return ret;
		82	}
		83	@@ -335,7 +339,11 @@ static int seg_write_trailer(struct AVFormatContext *s)
		84	{
		85	SegmentContext *seg = s->priv_data;
		86	AVFormatContext *oc = seg->avf;
		87	- int ret;
		88	+ int ret = 0;
		89	+
		90	+ if (!oc)
		91	+ goto fail;
		92	+
		93	if (!seg->write_header_trailer) {
		94	if ((ret = segment_end(oc, 0)) < 0)
		95	goto fail;
		96	--
		97	2.4.1.314.g9532ead
		98


diff --git a/meta/recipes-multimedia/libav/libav_9.16.bb b/meta/recipes-multimedia/libav/libav_9.16.bb deleted file mode 100644 index 79ff3f84d1..0000000000 --- a/meta/recipes-multimedia/libav/libav_9.16.bb +++ /dev/null
@@ -1,4 +0,0 @@
1	require libav.inc
2
3	SRC_URI[md5sum] = "7b44b75cec24b8e7545e5029e76917e0"
4	SRC_URI[sha256sum] = "ca846473b0b8ed8e3404c52e5e92df6d35cb5fa487eec498525de3ffda4367a0"


diff --git a/meta/recipes-multimedia/libav/libav_9.18.bb b/meta/recipes-multimedia/libav/libav_9.18.bb new file mode 100644 index 0000000000..210a649da4 --- /dev/null +++ b/meta/recipes-multimedia/libav/libav_9.18.bb
@@ -0,0 +1,6 @@
		1	require libav.inc
		2
		3	SRC_URI[md5sum] = "75e838068a75fb88e1b4ea0546bc16f0"
		4	SRC_URI[sha256sum] = "0875e835da683eef1a7bac75e1884634194149d7479d1538ba9fbe1614d066d7"
		5
		6	SRC_URI += "file://libav-fix-CVE-2014-9676.patch"