diff options
author | Alexis Ballier <aballier@gentoo.org> | 2008-07-17 07:53:58 +0000 |
---|---|---|
committer | Alexis Ballier <aballier@gentoo.org> | 2008-07-17 07:53:58 +0000 |
commit | d82df42633be22dce3824c8308358c4fa3e53da8 (patch) | |
tree | 8eeca310f490b77b45bd73c3244f7c0b7aa92274 /media-video/ffmpeg | |
parent | Fix up SRC_URI, upstream calls gnu-classpath by just classpath (diff) | |
download | gentoo-2-d82df42633be22dce3824c8308358c4fa3e53da8.tar.gz gentoo-2-d82df42633be22dce3824c8308358c4fa3e53da8.tar.bz2 gentoo-2-d82df42633be22dce3824c8308358c4fa3e53da8.zip |
Add patches for security bug #231831. -r3 is -r0 with the patch, stable candidate without swscaler. -r20 is -r2 with the patch, with swscaler.
(Portage version: 2.2_rc1/cvs/Linux 2.6.25.7 x86_64)
Diffstat (limited to 'media-video/ffmpeg')
-rw-r--r-- | media-video/ffmpeg/ChangeLog | 11 | ||||
-rw-r--r-- | media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r20.ebuild | 181 | ||||
-rw-r--r-- | media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r3.ebuild | 172 | ||||
-rw-r--r-- | media-video/ffmpeg/files/CVE-2008-3162.patch | 63 |
4 files changed, 426 insertions, 1 deletions
diff --git a/media-video/ffmpeg/ChangeLog b/media-video/ffmpeg/ChangeLog index 95898c319551..5fbc3345e3ee 100644 --- a/media-video/ffmpeg/ChangeLog +++ b/media-video/ffmpeg/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for media-video/ffmpeg # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-video/ffmpeg/ChangeLog,v 1.220 2008/07/07 20:39:09 loki_val Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-video/ffmpeg/ChangeLog,v 1.221 2008/07/17 07:53:57 aballier Exp $ + +*ffmpeg-0.4.9_p20070616-r20 (17 Jul 2008) +*ffmpeg-0.4.9_p20070616-r3 (17 Jul 2008) + + 17 Jul 2008; Alexis Ballier <aballier@gentoo.org> + +files/CVE-2008-3162.patch, +ffmpeg-0.4.9_p20070616-r3.ebuild, + +ffmpeg-0.4.9_p20070616-r20.ebuild: + Add patches for security bug #231831. -r3 is -r0 with the patch, stable + candidate without swscaler. -r20 is -r2 with the patch, with swscaler. 07 Jul 2008; Peter Alfredsen <loki_val@gentoo.org> ffmpeg-0.4.9_p20080326.ebuild: diff --git a/media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r20.ebuild b/media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r20.ebuild new file mode 100644 index 000000000000..df75af2d69b8 --- /dev/null +++ b/media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r20.ebuild @@ -0,0 +1,181 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r20.ebuild,v 1.1 2008/07/17 07:53:57 aballier Exp $ + +inherit eutils flag-o-matic multilib toolchain-funcs + +DESCRIPTION="Complete solution to record, convert and stream audio and video. +Includes libavcodec. SVN revision 9330" +HOMEPAGE="http://ffmpeg.org/" +MY_P=${P/_/-} +S=${WORKDIR}/ffmpeg + +SRC_URI="mirror://gentoo/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="aac altivec amr debug doc ieee1394 a52 encode imlib ipv6 mmx ogg vorbis + oss test theora threads truetype v4l x264 xvid network zlib sdl X" + +RDEPEND="imlib? ( media-libs/imlib2 ) + truetype? ( >=media-libs/freetype-2 ) + sdl? ( >=media-libs/libsdl-1.2.10 ) + encode? ( media-sound/lame + vorbis? ( media-libs/libvorbis ) + theora? ( media-libs/libtheora ) ) + ogg? ( media-libs/libogg ) + aac? ( media-libs/faad2 media-libs/faac ) + a52? ( >=media-libs/a52dec-0.7.4-r4 ) + xvid? ( >=media-libs/xvid-1.1.0 ) + zlib? ( sys-libs/zlib ) + ieee1394? ( =media-libs/libdc1394-1* + sys-libs/libraw1394 ) + x264? ( media-libs/x264 ) + X? ( x11-libs/libX11 x11-libs/libXext ) + amr? ( media-libs/amrnb media-libs/amrwb )" + +DEPEND="${RDEPEND} + doc? ( app-text/texi2html ) + test? ( net-misc/wget )" +# Make sure the mmx USE flag is unmasked +# Remove this once default-linux/amd64/2006.1 is deprecated +DEPEND="${DEPEND} amd64? ( >=sys-apps/portage-2.1.2 )" + +src_unpack() { + unpack ${A} || die + cd "${S}" + + #Append -DBROKEN_RELOCATIONS to build for bug 179872. + #Pretty please fix me if you can. + append-flags "-DBROKEN_RELOCATIONS" + + #Append -fomit-frame-pointer to avoid some common issues + use debug || append-flags "-fomit-frame-pointer" + + # for some reason it tries to #include <X11/Xlib.h>, but doesn't use it + sed -i s:\#define\ HAVE_X11:\#define\ HAVE_LINUX: ffplay.c + + # .pc files contain wrong libdir path + epatch ${FILESDIR}/${PN}-libdir-2007.patch + sed -i -e "s:GENTOOLIBDIR:$(get_libdir):" configure + + # Make it use pic always since we don't need textrels + sed -i -e "s:LIBOBJFLAGS=\"\":LIBOBJFLAGS=\'\$\(PIC\)\':" configure + + # To make sure the ffserver test will work + sed -i -e "s:-e debug=off::" tests/server-regression.sh + + # Fix building with altivec for bug 183687 + sed -i -e "s:TARGET_ALTIVEC:HAVE_ALTIVEC:" libswscale/Makefile + + epatch "${FILESDIR}"/${PN}-arm-pld.patch + epatch "${FILESDIR}/${PN}-shared-gcc4.1.patch" + # disable non pic safe asm, bug #172877, bug #172845 and dupes + # epatch "${FILESDIR}/${PN}-0.4.9_p20070330-asmpic.patch" + + # Security fix, bug #231831 + epatch "${FILESDIR}/CVE-2008-3162.patch" +} + +src_compile() { + replace-flags -O0 -O2 + #x86, what a wonderful arch.... + replace-flags -O1 -O2 + local myconf="${EXTRA_ECONF}" + + #disable mmx accelerated code if not requested, or if PIC is required + # as the provided asm decidedly is not PIC. + if ( gcc-specs-pie || ! use mmx ) ; then + myconf="${myconf} --disable-mmx" + fi + + # enabled by default + use altivec || myconf="${myconf} --disable-altivec" + use debug || myconf="${myconf} --disable-debug" + use oss || myconf="${myconf} --disable-audio-oss" + use v4l || myconf="${myconf} --disable-v4l --disable-v4l2" + use ieee1394 || myconf="${myconf} --disable-dv1394" + use zlib || myconf="${myconf} --disable-zlib" + use sdl || myconf="${myconf} --disable-ffplay" + + if use network; then + use ipv6 || myconf="${myconf} --disable-ipv6" + else + myconf="${myconf} --disable-network" + fi + + myconf="${myconf} --disable-opts" + + # disabled by default + if use encode + then + myconf="${myconf} --enable-libmp3lame" + use vorbis && myconf="${myconf} --enable-libvorbis --enable-libogg" + use theora && myconf="${myconf} --enable-libtheora --enable-libogg" + fi + use a52 && myconf="${myconf} --enable-liba52" + use ieee1394 && myconf="${myconf} --enable-dc1394" + use threads && myconf="${myconf} --enable-pthreads" + use xvid && myconf="${myconf} --enable-libxvid" + use X && myconf="${myconf} --enable-x11grab" + use ogg && myconf="${myconf} --enable-libogg" + use x264 && myconf="${myconf} --enable-libx264" + use aac && myconf="${myconf} --enable-libfaad --enable-libfaac" + use amr && myconf="${myconf} --enable-libamr-nb --enable-libamr-wb" + + myconf="${myconf} --enable-gpl --enable-pp \ + --enable-swscaler --disable-strip" + + tc-is-cross-compiler && myconf="${myconf} --cross-compile --arch=$(tc-arch-kernel)" + + # Specific workarounds for too-few-registers arch... + if [[ $(tc-arch) == "x86" ]]; then + filter-flags -fforce-addr -momit-leaf-frame-pointer + append-flags -fomit-frame-pointer + is-flag -O? || append-flags -O2 + if (use debug); then + # no need to warn about debug if not using debug flag + ewarn "" + ewarn "Debug information will be almost useless as the frame pointer is omitted." + ewarn "This makes debugging harder, so crashes that has no fixed behavior are" + ewarn "difficult to fix. Please have that in mind." + ewarn "" + fi + fi + + cd ${S} + ./configure \ + --prefix=/usr \ + --libdir=/usr/$(get_libdir) \ + --shlibdir=/usr/$(get_libdir) \ + --mandir=/usr/share/man \ + --enable-static --enable-shared \ + "--cc=$(tc-getCC)" \ + ${myconf} || die "configure failed" + + emake -j1 depend || die "depend failed" + emake || die "make failed" +} + +src_install() { + emake -j1 LDCONFIG=true DESTDIR=${D} install || die "Install Failed" + + use doc && emake -j1 documentation + dodoc Changelog README INSTALL + dodoc doc/* +} + +# Never die for now... +src_test() { + cd ${S}/tests + for t in "codectest libavtest test-server" ; do + make ${t} || ewarn "Some tests in ${t} failed" + done +} + +pkg_postinst() { + ewarn "ffmpeg may have had ABI changes, if ffmpeg based programs" + ewarn "like xine-lib or vlc stop working as expected please" + ewarn "rebuild them." +} diff --git a/media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r3.ebuild b/media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r3.ebuild new file mode 100644 index 000000000000..60f048bc4df1 --- /dev/null +++ b/media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r3.ebuild @@ -0,0 +1,172 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-video/ffmpeg/ffmpeg-0.4.9_p20070616-r3.ebuild,v 1.1 2008/07/17 07:53:57 aballier Exp $ + +inherit eutils flag-o-matic multilib toolchain-funcs + +DESCRIPTION="Complete solution to record, convert and stream audio and video. +Includes libavcodec. SVN revision 9330" +HOMEPAGE="http://ffmpeg.org/" +MY_P=${P/_/-} +S=${WORKDIR}/ffmpeg + +SRC_URI="mirror://gentoo/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="aac altivec amr debug doc ieee1394 a52 encode imlib mmx ogg vorbis oss + test theora threads truetype v4l x264 xvid network zlib sdl X" + +RDEPEND="imlib? ( media-libs/imlib2 ) + truetype? ( >=media-libs/freetype-2 ) + sdl? ( >=media-libs/libsdl-1.2.10 ) + encode? ( media-sound/lame + vorbis? ( media-libs/libvorbis ) + theora? ( media-libs/libtheora ) ) + ogg? ( media-libs/libogg ) + aac? ( media-libs/faad2 media-libs/faac ) + a52? ( >=media-libs/a52dec-0.7.4-r4 ) + xvid? ( >=media-libs/xvid-1.1.0 ) + zlib? ( sys-libs/zlib ) + ieee1394? ( =media-libs/libdc1394-1* + sys-libs/libraw1394 ) + x264? ( media-libs/x264 ) + X? ( x11-libs/libX11 x11-libs/libXext ) + amr? ( media-libs/amrnb media-libs/amrwb )" + +DEPEND="${RDEPEND} + doc? ( app-text/texi2html ) + test? ( net-misc/wget )" +# Make sure the mmx USE flag is unmasked +# Remove this once default-linux/amd64/2006.1 is deprecated +DEPEND="${DEPEND} amd64? ( >=sys-apps/portage-2.1.2 )" + +src_unpack() { + unpack ${A} || die + cd ${S} + + #Append -DBROKEN_RELOCATIONS to build for bug 179872. + #Pretty please fix me if you can. + append-flags "-DBROKEN_RELOCATIONS" + + #Append -fomit-frame-pointer to avoid some common issues + use debug || append-flags "-fomit-frame-pointer" + + # for some reason it tries to #include <X11/Xlib.h>, but doesn't use it + sed -i s:\#define\ HAVE_X11:\#define\ HAVE_LINUX: ffplay.c + + # .pc files contain wrong libdir path + epatch ${FILESDIR}/${PN}-libdir-2007.patch + sed -i -e "s:GENTOOLIBDIR:$(get_libdir):" configure + + # Make it use pic always since we don't need textrels + sed -i -e "s:LIBOBJFLAGS=\"\":LIBOBJFLAGS=\'\$\(PIC\)\':" configure + + # To make sure the ffserver test will work + sed -i -e "s:-e debug=off::" tests/server-regression.sh + + epatch "${FILESDIR}"/${PN}-arm-pld.patch + epatch "${FILESDIR}/${PN}-shared-gcc4.1.patch" + # disable non pic safe asm, bug #172877, bug #172845 and dupes + # epatch "${FILESDIR}/${PN}-0.4.9_p20070330-asmpic.patch" + + # Security fix, bug #231831 + epatch "${FILESDIR}/CVE-2008-3162.patch" +} + +src_compile() { + replace-flags -O0 -O2 + #x86, what a wonderful arch.... + replace-flags -O1 -O2 + local myconf="${EXTRA_ECONF}" + + #disable mmx accelerated code if not requested, or if PIC is required + # as the provided asm decidedly is not PIC. + if ( gcc-specs-pie || ! use mmx ) ; then + myconf="${myconf} --disable-mmx" + fi + + # enabled by default + use altivec || myconf="${myconf} --disable-altivec" + use debug || myconf="${myconf} --disable-debug" + use oss || myconf="${myconf} --disable-audio-oss" + use v4l || myconf="${myconf} --disable-v4l --disable-v4l2" + use ieee1394 || myconf="${myconf} --disable-dv1394" + use network || myconf="${myconf} --disable-network" + use zlib || myconf="${myconf} --disable-zlib" + use sdl || myconf="${myconf} --disable-ffplay" + + myconf="${myconf} --disable-opts" + + # disabled by default + if use encode + then + myconf="${myconf} --enable-libmp3lame" + use vorbis && myconf="${myconf} --enable-libvorbis --enable-libogg" + use theora && myconf="${myconf} --enable-libtheora --enable-libogg" + fi + use a52 && myconf="${myconf} --enable-liba52" + use ieee1394 && myconf="${myconf} --enable-dc1394" + use threads && myconf="${myconf} --enable-pthreads" + use xvid && myconf="${myconf} --enable-libxvid" + use X && myconf="${myconf} --enable-x11grab" + use ogg && myconf="${myconf} --enable-libogg" + use x264 && myconf="${myconf} --enable-libx264" + use aac && myconf="${myconf} --enable-libfaad --enable-libfaac" + use amr && myconf="${myconf} --enable-libamr-nb --enable-libamr-wb" + + myconf="${myconf} --enable-gpl --enable-pp --disable-strip" + + tc-is-cross-compiler && myconf="${myconf} --cross-compile --arch=$(tc-arch-kernel)" + + # Specific workarounds for too-few-registers arch... + if [[ $(tc-arch) == "x86" ]]; then + filter-flags -fforce-addr -momit-leaf-frame-pointer + append-flags -fomit-frame-pointer + is-flag -O? || append-flags -O2 + if (use debug); then + # no need to warn about debug if not using debug flag + ewarn "" + ewarn "Debug information will be almost useless as the frame pointer is omitted." + ewarn "This makes debugging harder, so crashes that has no fixed behavior are" + ewarn "difficult to fix. Please have that in mind." + ewarn "" + fi + fi + + cd ${S} + ./configure \ + --prefix=/usr \ + --libdir=/usr/$(get_libdir) \ + --shlibdir=/usr/$(get_libdir) \ + --mandir=/usr/share/man \ + --enable-static --enable-shared \ + "--cc=$(tc-getCC)" \ + ${myconf} || die "configure failed" + + emake -j1 depend || die "depend failed" + emake || die "make failed" +} + +src_install() { + emake -j1 LDCONFIG=true DESTDIR=${D} install || die "Install Failed" + + use doc && emake -j1 documentation + dodoc Changelog README INSTALL + dodoc doc/* +} + +# Never die for now... +src_test() { + cd ${S}/tests + for t in "codectest libavtest test-server" ; do + make ${t} || ewarn "Some tests in ${t} failed" + done +} + +pkg_postinst() { + ewarn "ffmpeg may have had ABI changes, if ffmpeg based programs" + ewarn "like xine-lib or vlc stop working as expected please" + ewarn "rebuild them." +} diff --git a/media-video/ffmpeg/files/CVE-2008-3162.patch b/media-video/ffmpeg/files/CVE-2008-3162.patch new file mode 100644 index 000000000000..032a3e7016b3 --- /dev/null +++ b/media-video/ffmpeg/files/CVE-2008-3162.patch @@ -0,0 +1,63 @@ +CVE-2008-3162: +Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c +in FFmpeg before r13993 allows remote attackers to cause a denial of service +(application crash) or execute arbitrary code via a crafted STR file that interleaves +audio and video sectors. + +Patch from +http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993 + +Index: ffmpeg/libavformat/psxstr.c +=================================================================== +--- ffmpeg.orig/libavformat/psxstr.c ++++ ffmpeg/libavformat/psxstr.c +@@ -276,12 +276,23 @@ static int str_read_packet(AVFormatConte + int current_sector = AV_RL16(§or[0x1C]); + int sector_count = AV_RL16(§or[0x1E]); + int frame_size = AV_RL32(§or[0x24]); +- int bytes_to_copy; ++ ++ if(!( frame_size>=0 ++ && current_sector < sector_count ++ && sector_count*VIDEO_DATA_CHUNK_SIZE >=frame_size)){ ++ av_log(s, AV_LOG_ERROR, "Invalid parameters %d %d %d\n", current_sector, sector_count, frame_size); ++ return AVERROR_INVALIDDATA; ++ } ++ + // printf("%d %d %d\n",current_sector,sector_count,frame_size); + /* if this is the first sector of the frame, allocate a pkt */ + pkt = &str->tmp_pkt; +- if (current_sector == 0) { +- if (av_new_packet(pkt, frame_size)) ++ ++ if(pkt->size != sector_count*VIDEO_DATA_CHUNK_SIZE){ ++ if(pkt->data) ++ av_log(s, AV_LOG_ERROR, "missmatching sector_count\n"); ++ av_free_packet(pkt); ++ if (av_new_packet(pkt, sector_count*VIDEO_DATA_CHUNK_SIZE)) + return AVERROR_IO; + + pkt->pos= url_ftell(pb) - RAW_CD_SECTOR_SIZE; +@@ -295,15 +306,15 @@ static int str_read_packet(AVFormatConte + str->pts += (90000 / 15); + } + +- /* load all the constituent chunks in the video packet */ +- bytes_to_copy = frame_size - current_sector*VIDEO_DATA_CHUNK_SIZE; +- if (bytes_to_copy>0) { +- if (bytes_to_copy>VIDEO_DATA_CHUNK_SIZE) bytes_to_copy=VIDEO_DATA_CHUNK_SIZE; +- memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE, +- sector + VIDEO_DATA_HEADER_SIZE, bytes_to_copy); +- } ++ memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE, ++ sector + VIDEO_DATA_HEADER_SIZE, ++ VIDEO_DATA_CHUNK_SIZE); ++ + if (current_sector == sector_count-1) { ++ pkt->size= frame_size; + *ret_pkt = *pkt; ++ pkt->data= NULL; ++ pkt->size= -1; + return 0; + } + |