avfilter/vf_yadif: Fix handing of tiny images
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer
CVE: CVE-2020-22021
Upstream-Status: Backport [7971f62120a55c141ec437aa3f0bacc1c1a3526b]
Signed-off-by: Tony Tascioglu
---
.../ffmpeg/ffmpeg
]
Signed-off-by: Tony Tascioglu
---
.../fix-CVE-2020-22033-CVE-2020-22019.patch | 39 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch
diff
avformat/movenc: Check pal_size before use
Fixes: assertion failure
Fixes: out of array read
Fixes: Ticket8190
Fixes: CVE-2020-22015
Signed-off-by: Michael Niedermayer
CVE: CVE-2020-22015
Upstream-Status: Backport [4c1afa292520329eecd1cc7631bc59a8cca95c46]
Signed-off-by: Tony Tascioglu
avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer
CVE: CVE-2020-20446
Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002]
Signed-off-by: Tony Tascioglu
---
.../ffmpeg/ffmpeg/fix-CVE-2020
avcodec/aacenc: Avoid 0 lambda
Fixes: Ticket8003
Fixes: CVE-2020-20453
Signed-off-by: Michael Niedermayer
CVE: CVE-2020-20453
Upstream-Status: Backport [a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8]
Signed-off-by: Tony Tascioglu
---
.../ffmpeg/ffmpeg/fix-CVE-2020-20453.patch| 42
Skip tests that are problematic for glibc-2.34.
The list of problematic ptests was found by Richard after
patching several to work with the new glibc version.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14500
Signed-off-by: Tony Tascioglu
---
meta/recipes-devtools/valgrind/valgrind
avfilter/vf_yadif: Fix handing of tiny images
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer
CVE: CVE-2020-22021
Upstream-Status: Backport [7971f62120a55c141ec437aa3f0bacc1c1a3526b]
Signed-off-by: Tony Tascioglu
---
.../ffmpeg/ffmpeg
avformat/movenc: Check pal_size before use
Fixes: assertion failure
Fixes: out of array read
Fixes: Ticket8190
Fixes: CVE-2020-22015
Signed-off-by: Michael Niedermayer
CVE: CVE-2020-22015
Upstream-Status: Backport [4c1afa292520329eecd1cc7631bc59a8cca95c46]
Signed-off-by: Tony Tascioglu
]
Signed-off-by: Tony Tascioglu
---
.../fix-CVE-2020-22033-CVE-2020-22019.patch | 40 +++
meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch
diff
avcodec/exr: More strictly check dc_count
Fixes: out of array access
Fixes: exr/deneme
Found-by: Burak Çarıkçı
Signed-off-by: Michael Niedermayer
CVE: CVE-2021-33815
Upstream-Status: Backport [26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777]
Signed-off-by: Tony Tascioglu
---
.../ffmpeg/ffmpeg/fix
avcodec/aacenc: Avoid 0 lambda
Fixes: Ticket8003
Fixes: CVE-2020-20453
Signed-off-by: Michael Niedermayer
CVE: CVE-2020-20453
Upstream-Status: Backport [a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8]
Signed-off-by: Tony Tascioglu
---
.../ffmpeg/ffmpeg/fix-CVE-2020-20453.patch| 42
avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer
CVE: CVE-2020-20446
Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002]
Signed-off-by: Tony Tascioglu
---
.../ffmpeg/ffmpeg/fix-CVE-2020
Recently, the none/tests/amd64/fb_test_amd64 test had been flaky and
causing failures on the auto-builder. Until we can get to the root cause
of the issue, we are going to skip the test to reduce the noise from the
ptests.
Signed-off-by: Tony Tascioglu
---
meta/recipes-devtools/valgrind
Hello,
I am working on back-porting some of the CVE fixes for FFmpeg to oe-core.
As there are 36 CVEs to patch (6 patches for master and hardknott and an
additional 5 for hardknott), I have attached a list of recent CVEs in
FFmpeg so we can avoid duplicating work.
I have also included the pa
d and bar_bad_xml to be included separately as they cause
issues on non-kvm QEMU instances.
See:
b318944dd7 valgrind: Improve non-deterministic ptest reliability
for more info.
Signed-off-by: Tony Tascioglu
---
meta/recipes-devtools/valgrind/valgrind/run-ptest | 4 ++--
.../valgrind/val
known failure.
Signed-off-by: Tony Tascioglu
---
meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64 | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64
b/meta/recipes-devtools/valgrind/valgrind/remove-for-aarch64
index a3a0c6e50f
as this is needed.
Signed-off-by: Tony Tascioglu
---
meta/recipes-devtools/valgrind/valgrind/run-ptest| 12
.../valgrind/valgrind/taskset_nondeterministic_tests | 4
2 files changed, 16 insertions(+)
create mode 100644
meta/recipes-devtools/valgrind/valgrind/taskset_nondetermi
rt
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e]
Signed-off-by: Tony Tascioglu
---
.../libxml/libxml2/CVE-2021-3541.patch| 73 +++
meta/recipes-core/libxml/libxml2_2.9.10.bb| 1 +
2 files changed, 74 insertions(+)
create m
hat the CVE patch can be applied cleanly.
The first patch updates xinclude.c and adds the new tests from
upstream, and the second applies the fix for the CVE.
CVE: CVE-2021-3518
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7]
Signed
the ptests to run. Fuzz testing is done upstream
and there is no need to run them as part of ptests which are
intended for functionality testing.
Signed-off-by: Tony Tascioglu
---
...he-python-tests-if-python-is-enabled.patch | 34 +++
.../libxml/libxml2/CVE-2019-20388.patch | 37
of the
tests failing, so I have added the missing dependancy on bash.
Signed-off-by: Tony Tascioglu
---
meta/recipes-core/libxml/libxml2_2.9.10.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb
b/meta/recipes-core/libxml
commit so I've changed the Upstream-Status to pending.
Signed-off-by: Tony Tascioglu
---
.../recipes-core/libxml/libxml2/runtest.patch | 45 ++-
1 file changed, 25 insertions(+), 20 deletions(-)
diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch
b/meta/recipes
2.9.12, and will send it to master once tested.
Thanks,
Tony
-Original Message-
From: openembedded-core@lists.openembedded.org
On Behalf Of Tony Tascioglu
Sent: Friday, May 14, 2021 9:15 AM
To: openembedded-core@lists.openembedded.org
Cc: MacLeod, Randy ; Tascioglu, Tony
Subject: [OE-core
Fixes heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
CVE: CVE-2021-3517
Upstream-status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2]
Signed-off-by: Tony Tascioglu
---
.../libxml/libxml2/CVE-2021-3517.patch
Fixes use-after-free in xmlEncodeEntitiesInternal() in entities.c
CVE: CVE-2021-3516
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539]
Signed-off-by: Tony Tascioglu
---
.../libxml/libxml2/CVE-2021-3516.patch| 36
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61]
Signed-off-by: Tony Tascioglu
---
.../libxml/libxml2/CVE-2021-3537.patch| 49 +++
meta/recipes-core/libxml/libxml2_2.9.10.bb| 1 +
2 files changed, 50 insertions(+)
create
26 matches
Mail list logo
