diff options
| author |   Petr Štetiar <ynezz@true.cz> | 2011-02-25 16:07:05 +0100 |
|---|---|---|
| committer |   Tom Rini <tom_rini@mentor.com> | 2011-02-26 10:45:53 -0700 |
| commit | 0478950960e5c600efc77c25559fc7eee311f686 (patch) | |
| tree | 994ec821ce2c4f23ebc084e1e136e420c1e26c63 /recipes/webm | |
| parent | b31a6b5b8ac6fc4f618fbc764d2454730b87671d (diff) | |
| download | openembedded-0478950960e5c600efc77c25559fc7eee311f686.tar.gz | |
libvpx: fix fetch errors, remove older releases and add security fix
- remove old and unfetchable versions v0.9.0, v0.9.1, v0.9.2
- add v0.9.5 patch for CVE-2010-4203 security fix
- fix fetch errors for v0.9.2 and v0.9.5:
ERROR: Function 'Fetch failed: Unable to fetch URL git://review.webmproject.org/libvpx.git;protocol=git;tag=v0.9.5 from any source.' failed
this happens because of some errors in the git repo:
error: missing object referenced by 'refs/tags/v0.9.5'
error: missing object referenced by 'refs/tags/v0.9.2'
error: missing object referenced by 'refs/tags/v0.9.1'
error: missing object referenced by 'refs/tags/v0.9.0'
error: refs/remotes/origin/aylesbury does not point to a valid object!
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tom Rini <tom_rini@mentor.com>
Diffstat (limited to 'recipes/webm')
| -rw-r--r-- | recipes/webm/libvpx.inc | 6 | ||||
| -rw-r--r-- | recipes/webm/libvpx/CVE-2010-4203.patch | 69 | ||||
| -rw-r--r-- | recipes/webm/libvpx_0.9.0.bb | 17 | ||||
| -rw-r--r-- | recipes/webm/libvpx_0.9.1.bb | 14 | ||||
| -rw-r--r-- | recipes/webm/libvpx_0.9.2.bb | 14 | ||||
| -rw-r--r-- | recipes/webm/libvpx_0.9.5.bb | 8 |
6 files changed, 77 insertions, 51 deletions
diff --git a/recipes/webm/libvpx.inc b/recipes/webm/libvpx.inc index 9913d5b653..a1e02b112f 100644 --- a/recipes/webm/libvpx.inc +++ b/recipes/webm/libvpx.inc @@ -1,10 +1,10 @@ DESCRIPTION = "vpx Multi-Format Codec SDK" LICENSE = "BSD" -INC_PR = "r5" +INC_PR = "r6" -SRC_URI = "git://review.webmproject.org/libvpx.git;protocol=git;tag=v${PV}" -S = "${WORKDIR}/git" +SRC_URI = "http://webm.googlecode.com/files/libvpx-v${PV}.tar.bz2" +S = "${WORKDIR}/libvpx-v${PV}" CFLAGS += "-fPIC" diff --git a/recipes/webm/libvpx/CVE-2010-4203.patch b/recipes/webm/libvpx/CVE-2010-4203.patch new file mode 100644 index 0000000000..37f5108a51 --- /dev/null +++ b/recipes/webm/libvpx/CVE-2010-4203.patch @@ -0,0 +1,69 @@ +From: John Koleszar <jkoleszar@google.com> +Date: Thu, 4 Nov 2010 20:59:26 +0000 (-0400) +Subject: fix integer promotion bug in partition size check +X-Git-Url: https://review.webmproject.org/gitweb?p=libvpx.git;a=commitdiff_plain;h=9fb80f7170ec48e23c3c7b477149eeb37081c699 + +fix integer promotion bug in partition size check + +The check '(user_data_end - partition < partition_size)' must be +evaluated as a signed comparison, but because partition_size was +unsigned, the LHS was promoted to unsigned, causing an incorrect +result on 32-bit. Instead, check the upper and lower bounds of +the segment separately. + +Change-Id: I6266aba7fd7de084268712a3d2a81424ead7aa06 +--- + +diff --git a/vp8/decoder/decodframe.c b/vp8/decoder/decodframe.c +index 2d81d61..f5e49a1 100644 +--- a/vp8/decoder/decodframe.c ++++ b/vp8/decoder/decodframe.c +@@ -462,7 +462,8 @@ static void setup_token_decoder(VP8D_COMP *pbi, + partition_size = user_data_end - partition; + } + +- if (user_data_end - partition < partition_size) ++ if (partition + partition_size > user_data_end ++ || partition + partition_size < partition) + vpx_internal_error(&pc->error, VPX_CODEC_CORRUPT_FRAME, + "Truncated packet or corrupt partition " + "%d length", i + 1); +@@ -580,7 +581,8 @@ int vp8_decode_frame(VP8D_COMP *pbi) + (data[0] | (data[1] << 8) | (data[2] << 16)) >> 5; + data += 3; + +- if (data_end - data < first_partition_length_in_bytes) ++ if (data + first_partition_length_in_bytes > data_end ++ || data + first_partition_length_in_bytes < data) + vpx_internal_error(&pc->error, VPX_CODEC_CORRUPT_FRAME, + "Truncated packet or corrupt partition 0 length"); + vp8_setup_version(pc); +diff --git a/vp8/vp8_dx_iface.c b/vp8/vp8_dx_iface.c +index e7e5356..f0adf5b 100644 +--- a/vp8/vp8_dx_iface.c ++++ b/vp8/vp8_dx_iface.c +@@ -253,8 +253,11 @@ static vpx_codec_err_t vp8_peek_si(const uint8_t *data, + unsigned int data_sz, + vpx_codec_stream_info_t *si) + { +- + vpx_codec_err_t res = VPX_CODEC_OK; ++ ++ if(data + data_sz <= data) ++ res = VPX_CODEC_INVALID_PARAM; ++ else + { + /* Parse uncompresssed part of key frame header. + * 3 bytes:- including version, frame type and an offset +@@ -331,7 +334,10 @@ static vpx_codec_err_t vp8_decode(vpx_codec_alg_priv_t *ctx, + + ctx->img_avail = 0; + +- /* Determine the stream parameters */ ++ /* Determine the stream parameters. Note that we rely on peek_si to ++ * validate that we have a buffer that does not wrap around the top ++ * of the heap. ++ */ + if (!ctx->si.h) + res = ctx->base.iface->dec.peek_si(data, data_sz, &ctx->si); + diff --git a/recipes/webm/libvpx_0.9.0.bb b/recipes/webm/libvpx_0.9.0.bb deleted file mode 100644 index bce50a6df9..0000000000 --- a/recipes/webm/libvpx_0.9.0.bb +++ /dev/null @@ -1,17 +0,0 @@ -require libvpx.inc - -LICENSE = "VP8" - -PR = "${INC_PR}.0" - -SRC_URI[md5sum] = "9eb8e818d2f3263623c258fe66924082" -SRC_URI[sha256sum] = "a0096ac6859cfb61cf06dd9bc0a79a3333a4ec389ba311911d84df8ff2a1b9dc" - -do_install() { - oe_runmake install - install -d ${D}${prefix} - cp -R ${S}/vpx-vp8-nopost-nodocs*${PV}/* ${D}${prefix}/ - install -d ${D}${includedir}/vpx - mv ${D}${includedir}/*.h ${D}${includedir}/vpx -} - diff --git a/recipes/webm/libvpx_0.9.1.bb b/recipes/webm/libvpx_0.9.1.bb deleted file mode 100644 index bcb73587d3..0000000000 --- a/recipes/webm/libvpx_0.9.1.bb +++ /dev/null @@ -1,14 +0,0 @@ -require libvpx.inc - -PR = "${INC_PR}.0" - -SRC_URI += "file://libvpx-configure-support-blank-prefix.patch;apply=yes" - -CONFIGUREOPTS += " \ - --prefix=${prefix} \ - --libdir=${libdir} \ -" - -SRC_URI[md5sum] = "e1442e74d0cca228785083fa520735a2" -SRC_URI[sha256sum] = "c4e8e463e079ffde5b6948366a1d0873f1bf685dccd89ca137585c2b8247ec59" - diff --git a/recipes/webm/libvpx_0.9.2.bb b/recipes/webm/libvpx_0.9.2.bb deleted file mode 100644 index b7ced8f1da..0000000000 --- a/recipes/webm/libvpx_0.9.2.bb +++ /dev/null @@ -1,14 +0,0 @@ -require libvpx.inc - -PR = "${INC_PR}.0" - -SRC_URI += "file://libvpx-configure-support-blank-prefix.patch;apply=yes" - -SRC_URI[md5sum] = "609370925b274aeaa29e94fc34c74957" -SRC_URI[sha256sum] = "7425853d06443a0ce8e9cfc7cd3b0a43228b22c10dca813da68af9b114510b3b" - -CONFIGUREOPTS += " \ - --prefix=${prefix} \ - --libdir=${libdir} \ -" - diff --git a/recipes/webm/libvpx_0.9.5.bb b/recipes/webm/libvpx_0.9.5.bb index b7ced8f1da..42b4199e2a 100644 --- a/recipes/webm/libvpx_0.9.5.bb +++ b/recipes/webm/libvpx_0.9.5.bb @@ -2,10 +2,12 @@ require libvpx.inc PR = "${INC_PR}.0" -SRC_URI += "file://libvpx-configure-support-blank-prefix.patch;apply=yes" +SRC_URI += "file://libvpx-configure-support-blank-prefix.patch \ + file://CVE-2010-4203.patch \ + " -SRC_URI[md5sum] = "609370925b274aeaa29e94fc34c74957" -SRC_URI[sha256sum] = "7425853d06443a0ce8e9cfc7cd3b0a43228b22c10dca813da68af9b114510b3b" +SRC_URI[md5sum] = "4bf2f2c76700202c1fe9201fcb0680e3" +SRC_URI[sha256sum] = "2e93968afcded113a7e218de047feecf6659a089058803a9e40fb687de5f9bfa" CONFIGUREOPTS += " \ --prefix=${prefix} \ |