rpms/ffmpeg/EL-5 ffmpeg-cmov.patch, NONE, 1.1 ffmpeg-r16802.patch, NONE, 1.1 ffmpeg-r16846.patch, NONE, 1.1 ffmpeg.spec, 1.5, 1.6

Dominik Mierzejewski rathann at rpmfusion.org
Wed Feb 4 19:56:36 CET 2009 

Author: rathann

Update of /cvs/free/rpms/ffmpeg/EL-5
In directory se02.es.rpmfusion.net:/tmp/cvs-serv32283

Modified Files:
	ffmpeg.spec 
Added Files:
	ffmpeg-cmov.patch ffmpeg-r16802.patch ffmpeg-r16846.patch 
Log Message:
* Wed Feb 04 2009 Dominik Mierzejewski <rpm at greysector.net> - 0.4.9-0.52.20080908
- fix a couple of exploitable and potentially exploitable vulnerabilities, including
  http://www.trapkit.de/advisories/TKADV2009-004.txt
- backport a patch to enable cmov on x86_64-class CPUs


ffmpeg-cmov.patch:

--- NEW FILE ffmpeg-cmov.patch ---
diff -up ffmpeg-20080908/configure.cmov ffmpeg-20080908/configure
--- ffmpeg-20080908/configure.cmov	2008-11-01 16:23:33.000000000 +0100
+++ ffmpeg-20080908/configure	2008-11-01 16:23:33.000000000 +0100
@@ -1148,6 +1148,8 @@ case "$arch" in
     ;;
     x86_64|amd64)
         arch="x86_32"
+        enable cmov
+        enable fast_cmov
         enable fast_unaligned
         check_cc <<EOF && enable fast_64bit && arch="x86_64"
         int test[sizeof(char*) - 7];

ffmpeg-r16802.patch:

--- NEW FILE ffmpeg-r16802.patch ---
diff -up ffmpeg-20080908/libavcodec/indeo3.c.orig ffmpeg-20080908/libavcodec/indeo3.c
--- ffmpeg-20080908/libavcodec/indeo3.c.orig	2008-06-12 23:50:13.000000000 +0200
+++ ffmpeg-20080908/libavcodec/indeo3.c	2009-01-29 21:15:18.000000000 +0100
@@ -348,6 +348,10 @@ static void iv_Decode_Chunk(Indeo3Decode
 
     if(cmd == 0) {
       strip++;
+      if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
+           av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
+           break;
+      }
       memcpy(strip, strip-1, sizeof(ustr_t));
       strip->split_flag = 1;
       strip->split_direction = 0;
@@ -355,6 +359,10 @@ static void iv_Decode_Chunk(Indeo3Decode
       continue;
     } else if(cmd == 1) {
       strip++;
+      if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
+           av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
+           break;
+      }
       memcpy(strip, strip-1, sizeof(ustr_t));
       strip->split_flag = 1;
       strip->split_direction = 1;
diff -up ffmpeg-20080908/libavutil/common.h.orig ffmpeg-20080908/libavutil/common.h
--- ffmpeg-20080908/libavutil/common.h.orig	2008-08-31 09:39:47.000000000 +0200
+++ ffmpeg-20080908/libavutil/common.h	2009-01-30 01:13:07.000000000 +0100
@@ -116,6 +116,7 @@
 #define FFMIN3(a,b,c) FFMIN(FFMIN(a,b),c)
 
 #define FFSWAP(type,a,b) do{type SWAP_tmp= b; b= a; a= SWAP_tmp;}while(0)
+#define FF_ARRAY_ELEMS(a) (sizeof(a) / sizeof((a)[0]))
 
 /* misc math functions */
 extern const uint8_t ff_log2_tab[256];

ffmpeg-r16846.patch:

--- NEW FILE ffmpeg-r16846.patch ---
diff -up ffmpeg-20080908/libavformat/4xm.c.orig ffmpeg-20080908/libavformat/4xm.c
--- ffmpeg-20080908/libavformat/4xm.c.orig	2008-06-03 18:20:54.000000000 +0200
+++ ffmpeg-20080908/libavformat/4xm.c	2009-01-29 21:19:17.000000000 +0100
@@ -163,10 +163,10 @@ static int fourxm_read_header(AVFormatCo
                 return AVERROR_INVALIDDATA;
             }
             current_track = AV_RL32(&header[i + 8]);
+            if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
+                return -1;
             if (current_track + 1 > fourxm->track_count) {
                 fourxm->track_count = current_track + 1;
-                if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
-                    return -1;
                 fourxm->tracks = av_realloc(fourxm->tracks,
                     fourxm->track_count * sizeof(AudioTrack));
                 if (!fourxm->tracks) {


Index: ffmpeg.spec
===================================================================
RCS file: /cvs/free/rpms/ffmpeg/EL-5/ffmpeg.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ffmpeg.spec	28 Jan 2009 22:58:46 -0000	1.5
+++ ffmpeg.spec	4 Feb 2009 18:56:36 -0000	1.6
@@ -6,14 +6,17 @@
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg
 Version:        0.4.9
-Release:        0.51.%{svn}%{?dist}
+Release:        0.52.%{svn}%{?dist}
 License:        GPLv2+
 Group:          Applications/Multimedia
 URL:            http://ffmpeg.org/
 Source0:        http://rpm.greysector.net/livna/%{name}-%{svn}.tar.bz2
 Source1:        %{name}-snapshot.sh
 Patch0:         %{name}-pkgconfig.patch
+Patch1:         %{name}-cmov.patch
 Patch4:         %{name}-asmreg.patch
+Patch10:        %{name}-r16802.patch
+Patch11:        %{name}-r16846.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %{?_with_amr:BuildRequires: amrnb-devel amrwb-devel}
@@ -68,7 +71,10 @@
 %prep
 %setup -q -n %{name}-%{svn}
 %patch0 -p1 -b .pkgconfig
+%patch1 -p1 -b .cmov
 %patch4 -p1 -b .asmreg
+%patch10 -p1
+%patch11 -p1
 
 
 %build
@@ -165,6 +171,11 @@
 
 
 %changelog
+* Wed Feb 04 2009 Dominik Mierzejewski <rpm at greysector.net> - 0.4.9-0.52.20080908
+- fix a couple of exploitable and potentially exploitable vulnerabilities, including
+  http://www.trapkit.de/advisories/TKADV2009-004.txt
+- backport a patch to enable cmov on x86_64-class CPUs
+
 * Wed Jan 28 2009 Dominik Mierzejewski <rpm at greysector.net> - 0.4.9-0.51.20080908
 - fix pkgconfig file generation

More information about the rpmfusion-commits mailing list