rpms/ffmpeg/EL-5 ffmpeg-cmov.patch, NONE, 1.1 ffmpeg-r16802.patch, NONE, 1.1 ffmpeg-r16846.patch, NONE, 1.1 ffmpeg.spec, 1.5, 1.6

Author: rathann Update of /cvs/free/rpms/ffmpeg/EL-5 In directory se02.es.rpmfusion.net:/tmp/cvs-serv32283 Modified Files: ffmpeg.spec Added Files: ffmpeg-cmov.patch ffmpeg-r16802.patch ffmpeg-r16846.patch Log Message: * Wed Feb 04 2009 Dominik Mierzejewski <rpm at greysector.net> - 0.4.9-0.52.20080908 - fix a couple of exploitable and potentially exploitable vulnerabilities, including http://www.trapkit.de/advisories/TKADV2009-004.txt - backport a patch to enable cmov on x86_64-class CPUs ffmpeg-cmov.patch: --- NEW FILE ffmpeg-cmov.patch --- diff -up ffmpeg-20080908/configure.cmov ffmpeg-20080908/configure --- ffmpeg-20080908/configure.cmov 2008-11-01 16:23:33.000000000 +0100 +++ ffmpeg-20080908/configure 2008-11-01 16:23:33.000000000 +0100 @@ -1148,6 +1148,8 @@ case "$arch" in ;; x86_64|amd64) arch="x86_32" + enable cmov + enable fast_cmov enable fast_unaligned check_cc <<EOF && enable fast_64bit && arch="x86_64" int test[sizeof(char*) - 7]; ffmpeg-r16802.patch: --- NEW FILE ffmpeg-r16802.patch --- diff -up ffmpeg-20080908/libavcodec/indeo3.c.orig ffmpeg-20080908/libavcodec/indeo3.c --- ffmpeg-20080908/libavcodec/indeo3.c.orig 2008-06-12 23:50:13.000000000 +0200 +++ ffmpeg-20080908/libavcodec/indeo3.c 2009-01-29 21:15:18.000000000 +0100 @@ -348,6 +348,10 @@ static void iv_Decode_Chunk(Indeo3Decode if(cmd == 0) { strip++; + if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) { + av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n"); + break; + } memcpy(strip, strip-1, sizeof(ustr_t)); strip->split_flag = 1; strip->split_direction = 0; @@ -355,6 +359,10 @@ static void iv_Decode_Chunk(Indeo3Decode continue; } else if(cmd == 1) { strip++; + if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) { + av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n"); + break; + } memcpy(strip, strip-1, sizeof(ustr_t)); strip->split_flag = 1; strip->split_direction = 1; diff -up ffmpeg-20080908/libavutil/common.h.orig ffmpeg-20080908/libavutil/common.h --- ffmpeg-20080908/libavutil/common.h.orig 2008-08-31 09:39:47.000000000 +0200 +++ ffmpeg-20080908/libavutil/common.h 2009-01-30 01:13:07.000000000 +0100 @@ -116,6 +116,7 @@ #define FFMIN3(a,b,c) FFMIN(FFMIN(a,b),c) #define FFSWAP(type,a,b) do{type SWAP_tmp= b; b= a; a= SWAP_tmp;}while(0) +#define FF_ARRAY_ELEMS(a) (sizeof(a) / sizeof((a)[0])) /* misc math functions */ extern const uint8_t ff_log2_tab[256]; ffmpeg-r16846.patch: --- NEW FILE ffmpeg-r16846.patch --- diff -up ffmpeg-20080908/libavformat/4xm.c.orig ffmpeg-20080908/libavformat/4xm.c --- ffmpeg-20080908/libavformat/4xm.c.orig 2008-06-03 18:20:54.000000000 +0200 +++ ffmpeg-20080908/libavformat/4xm.c 2009-01-29 21:19:17.000000000 +0100 @@ -163,10 +163,10 @@ static int fourxm_read_header(AVFormatCo return AVERROR_INVALIDDATA; } current_track = AV_RL32(&header[i + 8]); + if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack)) + return -1; if (current_track + 1 > fourxm->track_count) { fourxm->track_count = current_track + 1; - if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack)) - return -1; fourxm->tracks = av_realloc(fourxm->tracks, fourxm->track_count * sizeof(AudioTrack)); if (!fourxm->tracks) { Index: ffmpeg.spec =================================================================== RCS file: /cvs/free/rpms/ffmpeg/EL-5/ffmpeg.spec,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- ffmpeg.spec 28 Jan 2009 22:58:46 -0000 1.5 +++ ffmpeg.spec 4 Feb 2009 18:56:36 -0000 1.6 @@ -6,14 +6,17 @@ Summary: Digital VCR and streaming server Name: ffmpeg Version: 0.4.9 -Release: 0.51.%{svn}%{?dist} +Release: 0.52.%{svn}%{?dist} License: GPLv2+ Group: Applications/Multimedia URL: http://ffmpeg.org/ Source0: http://rpm.greysector.net/livna/%{name}-%{svn}.tar.bz2 Source1: %{name}-snapshot.sh Patch0: %{name}-pkgconfig.patch +Patch1: %{name}-cmov.patch Patch4: %{name}-asmreg.patch +Patch10: %{name}-r16802.patch +Patch11: %{name}-r16846.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %{?_with_amr:BuildRequires: amrnb-devel amrwb-devel} @@ -68,7 +71,10 @@ %prep %setup -q -n %{name}-%{svn} %patch0 -p1 -b .pkgconfig +%patch1 -p1 -b .cmov %patch4 -p1 -b .asmreg +%patch10 -p1 +%patch11 -p1 %build @@ -165,6 +171,11 @@ %changelog +* Wed Feb 04 2009 Dominik Mierzejewski <rpm at greysector.net> - 0.4.9-0.52.20080908 +- fix a couple of exploitable and potentially exploitable vulnerabilities, including + http://www.trapkit.de/advisories/TKADV2009-004.txt +- backport a patch to enable cmov on x86_64-class CPUs + * Wed Jan 28 2009 Dominik Mierzejewski <rpm at greysector.net> - 0.4.9-0.51.20080908 - fix pkgconfig file generation