From: Kai Kang <kai.k...@windriver.com> Cherry-pick patch and update context from ffmpeg to fix CVE-2015-1872:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037 Signed-off-by: Kai Kang <kai.k...@windriver.com> Signed-off-by: Robert Yang <liezhi.y...@windriver.com> --- .../libav/libav/libav-fix-CVE-2015-1872.patch | 35 ++++++++++++++++++++++ meta/recipes-multimedia/libav/libav_9.18.bb | 4 ++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-1872.patch diff --git a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-1872.patch b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-1872.patch new file mode 100644 index 0000000..058bfe7 --- /dev/null +++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-1872.patch @@ -0,0 +1,35 @@ +libav: Fix CVE-2015-1872 + +Cherry-pick patch for fixing CVE-2015-1872 and update context from ffmpeg: + +http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037 + +Upstream-Status: Pending + +Signed-off-by: Kai Kang <kai.k...@windriver.com> +--- + libavcodec/mjpegdec.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c +index 74bbfa6..ec7d411 100644 +--- a/libavcodec/mjpegdec.c ++++ b/libavcodec/mjpegdec.c +@@ -357,9 +357,12 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) + return AVERROR_PATCHWELCOME; + } + if (s->ls) { +- if (s->nb_components > 1) ++ if (s->nb_components == 3) { + s->avctx->pix_fmt = AV_PIX_FMT_RGB24; +- else if (s->bits <= 8) ++ } else if (s->nb_components != 1) { ++ av_log(s->avctx, AV_LOG_ERROR, "Unsupported number of components %d\n", s->nb_components); ++ return AVERROR_PATCHWELCOME; ++ } else if (s->bits <= 8) + s->avctx->pix_fmt = AV_PIX_FMT_GRAY8; + else + s->avctx->pix_fmt = AV_PIX_FMT_GRAY16; +-- +2.4.1 + diff --git a/meta/recipes-multimedia/libav/libav_9.18.bb b/meta/recipes-multimedia/libav/libav_9.18.bb index 210a649..c2dd02c 100644 --- a/meta/recipes-multimedia/libav/libav_9.18.bb +++ b/meta/recipes-multimedia/libav/libav_9.18.bb @@ -3,4 +3,6 @@ require libav.inc SRC_URI[md5sum] = "75e838068a75fb88e1b4ea0546bc16f0" SRC_URI[sha256sum] = "0875e835da683eef1a7bac75e1884634194149d7479d1538ba9fbe1614d066d7" -SRC_URI += "file://libav-fix-CVE-2014-9676.patch" +SRC_URI += "file://libav-fix-CVE-2014-9676.patch \ + file://libav-fix-CVE-2015-1872.patch \ + " -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
