aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com> 2020-07-09 15:05:01 -0400
committerMax Rees <maxcrees@me.com> 2020-07-11 12:17:24 -0400
commit4f926d1d8284d4b1b8f9e2f039e3d83734a0d426 (patch)
treeab47cdb11be29be78b674a35979309e29a0299f9
parentb20145254c18515dd7b12e6332afe8800472ce82 (diff)
user/ffmpeg: bump to 4.2.3, patch CVE-2020-13904 (#331)sec/2020.07.09
-rw-r--r--user/ffmpeg/APKBUILD12
-rw-r--r--user/ffmpeg/CVE-2020-12284.patch32
-rw-r--r--user/ffmpeg/CVE-2020-13904.patch40
3 files changed, 47 insertions, 37 deletions
diff --git a/user/ffmpeg/APKBUILD b/user/ffmpeg/APKBUILD
index 06e68aec..d069d4c7 100644
--- a/user/ffmpeg/APKBUILD
+++ b/user/ffmpeg/APKBUILD
@@ -3,8 +3,8 @@
# Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=ffmpeg
-pkgver=4.2.2
-pkgrel=1
+pkgver=4.2.3
+pkgrel=0
pkgdesc="Record, convert, and stream audio and video"
url="https://ffmpeg.org/"
arch="all"
@@ -22,7 +22,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
source="https://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz
0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
CVE-2019-13312.patch
- CVE-2020-12284.patch
+ CVE-2020-13904.patch
"
# secfixes:
@@ -42,6 +42,8 @@ source="https://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz
# 4.2.2-r1:
# - CVE-2019-13312
# - CVE-2020-12284
+# 4.2.3-r0:
+# - CVE-2020-13904
build() {
_asm=""
@@ -102,7 +104,7 @@ libs() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
}
-sha512sums="381cd6732fa699eb89000621cf34256920596ed1f9de3c2194dbad35fdf2165269eb7d3a147a0eb75dc18fbb6d601382b5801750e09fc63547766842f84208e3 ffmpeg-4.2.2.tar.xz
+sha512sums="a9bad00e452ec706a0dd955e30babaf964d13160a478da0ce5b330cd0660bd8caec3d17fd28ea2b9b05711096e950e45f90f316249c7a00cd09b1d9004992a1e ffmpeg-4.2.3.tar.xz
1047a23eda51b576ac200d5106a1cd318d1d5291643b3a69e025c0a7b6f3dbc9f6eb0e1e6faa231b7e38c8dd4e49a54f7431f87a93664da35825cc2e9e8aedf4 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
0c53680ae480b8f848893d4e5c40ea522bd25a72860e0955e039ec838ee09159ab2bfa0eafc71113009082c7f53981ba70116dcef17053cd3cc3ea59e4da5a5c CVE-2019-13312.patch
-910f8da9ed8e0998c311cc451f1725a20c4cc3e9f0c2d1981a1ceea8da5f434519044b4997e71d87424e19fcc45cb203238e49ad178e313696667e6c9bf311c9 CVE-2020-12284.patch"
+26f598cda67f2f163b12d3332d1b69aabaf26afb7aa553e74d6adefa6a6463103d49e62a9112a2b557621dbd92bf57a913b13e616f5529217644279706781c37 CVE-2020-13904.patch"
diff --git a/user/ffmpeg/CVE-2020-12284.patch b/user/ffmpeg/CVE-2020-12284.patch
deleted file mode 100644
index 7360b587..00000000
--- a/user/ffmpeg/CVE-2020-12284.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 1812352d767ccf5431aa440123e2e260a4db2726 Mon Sep 17 00:00:00 2001
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Sat, 7 Mar 2020 15:42:58 +0100
-Subject: [PATCH] avcodec/cbs_jpeg: Check length for SOS
-
-Fixes: out of array access
-Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584
-Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680
-
-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
----
- libavcodec/cbs_jpeg.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c
-index 6bbce5f..89512a2 100644
---- a/libavcodec/cbs_jpeg.c
-+++ b/libavcodec/cbs_jpeg.c
-@@ -197,6 +197,9 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx,
- if (marker == JPEG_MARKER_SOS) {
- length = AV_RB16(frag->data + start);
-
-+ if (length > end - start)
-+ return AVERROR_INVALIDDATA;
-+
- data_ref = NULL;
- data = av_malloc(end - start +
- AV_INPUT_BUFFER_PADDING_SIZE);
---
-2.7.4
-
diff --git a/user/ffmpeg/CVE-2020-13904.patch b/user/ffmpeg/CVE-2020-13904.patch
new file mode 100644
index 00000000..4ba6db7a
--- /dev/null
+++ b/user/ffmpeg/CVE-2020-13904.patch
@@ -0,0 +1,40 @@
+From 9dfb19baeb86a8bb02c53a441682c6e9a6e104cc Mon Sep 17 00:00:00 2001
+From: Steven Liu <lq@chinaffmpeg.org>
+Date: Fri, 29 May 2020 11:39:05 +0800
+Subject: [PATCH] avformat/hls: check segment duration value of EXTINF
+
+fix ticket: 8673
+set the default EXTINF duration to 1ms if duration is smaller than 1ms
+
+Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
+---
+ libavformat/hls.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libavformat/hls.c b/libavformat/hls.c
+index 3ca6b90b19df..17b3dd545d7f 100644
+--- a/libavformat/hls.c
++++ b/libavformat/hls.c
+@@ -894,8 +894,6 @@ static int parse_playlist(HLSContext *c, const char *url,
+ ret = AVERROR(ENOMEM);
+ goto fail;
+ }
+- seg->duration = duration;
+- seg->key_type = key_type;
+ if (has_iv) {
+ memcpy(seg->iv, iv, sizeof(iv));
+ } else {
+@@ -937,6 +935,13 @@ static int parse_playlist(HLSContext *c, const char *url,
+ goto fail;
+ }
+
++ if (duration < 0.001 * AV_TIME_BASE) {
++ av_log(c->ctx, AV_LOG_WARNING, "Cannot get correct #EXTINF value of segment %s,"
++ " set to default value to 1ms.\n", seg->url);
++ duration = 0.001 * AV_TIME_BASE;
++ }
++ seg->duration = duration;
++ seg->key_type = key_type;
+ dynarray_add(&pls->segments, &pls->n_segments, seg);
+ is_segment = 0;
+