Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 666674 - media-plugins/gst-plugins-libav[libav]: Use newer version of bundled FFmpeg
Summary: media-plugins/gst-plugins-libav[libav]: Use newer version of bundled FFmpeg
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All All
: Normal normal
Assignee: GStreamer package maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-09-21 06:00 UTC by Arfrever Frehtes Taifersar Arahesis
Modified: 2018-11-23 09:49 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
gst-plugins-libav-1.14.3.3.4.4.ebuild (gst-plugins-libav-1.14.3.3.4.4.ebuild,2.37 KB, text/plain)
2018-09-21 06:01 UTC, Arfrever Frehtes Taifersar Arahesis
Details
Difference between ebuilds for easier review (ebuilds_difference,1.57 KB, patch)
2018-09-21 06:02 UTC, Arfrever Frehtes Taifersar Arahesis
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arfrever Frehtes Taifersar Arahesis 2018-09-21 06:00:44 UTC
media-plugins/gst-plugins-libav[libav] uses bundled copy of FFmpeg, because Libav is not supported by upstream.
New versions of FFmpeg often contain security fixes.

In order to make users of USE="libav" less vulnerable, I suggest that media-plugins/gst-plugins-libav[libav] use the newest compatible version FFmpeg.

Implementation is simple and has been successfully tested:
- Unpacking FFmpeg archive and replacing gst-libs/ext/libav directory (containing bundled copy of FFmpeg) with newer version of FFmpeg.
- Versions of media-plugins/gst-plugins-libav ebuilds would have version of FFmpeg appended. (E.g. gst-plugins-libav-1.14.3.3.4.4.ebuild means gst-plugins-libav 1.14.3 and FFmpeg 3.4.4.)
Comment 1 Arfrever Frehtes Taifersar Arahesis 2018-09-21 06:01:38 UTC
Created attachment 547454 [details]
gst-plugins-libav-1.14.3.3.4.4.ebuild
Comment 2 Arfrever Frehtes Taifersar Arahesis 2018-09-21 06:02:11 UTC
Created attachment 547456 [details, diff]
Difference between ebuilds for easier review
Comment 3 Arfrever Frehtes Taifersar Arahesis 2018-09-21 06:08:35 UTC
Details about media-plugins/gst-plugins-libav-1.14.3:
- Version of bundled copy of FFmpeg is 3.4.2.
- Updating FFmpeg to 3.4.4 would provide the following fixes mentioned in Changelog file of FFmpeg:

"""
version 3.4.4:
- avcodec/dvdsub_parser: Allocate input padding
- avcodec/dvdsub_parser: Init output buf/size
- avcodec/dirac_dwt_template: Fix signedness regression in interleave()
- avformat/movenc: Write version 2 of audio atom if channels is not known
- swresample/arm: rename labels to fix xcode build error
- avcodec/imgconvert: fix possible null pointer dereference

version 3.4.3:
- avformat/movenc: Check input sample count
- avcodec/mjpegdec: Check for odd progressive RGB
- avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
- avcodec/vp8_parser: Do not leave data/size uninitialized
- avformat/mms: Add missing chunksize check
- avformat/pva: Check for EOF before retrying in read_part_of_packet()
- avformat/rmdec: Do not pass mime type in rm_read_multi() to ff_rm_read_mdpr_codecdata()
- avformat/asfdec_o: Check size_bmp more fully
- avcodec/indeo4: Check for end of bitstream in decode_mb_info()
- avcodec/shorten: Fix undefined addition in shorten_decode_frame()
- avcodec/shorten: Fix undefined integer overflow
- avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
- avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
- avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample
- avcodec/escape124: Fix spelling errors in comment
- avcodec/ra144: Fix integer overflow in ff_eval_refl()
- avcodec/cscd: Check output buffer size for lzo.
- avcodec/escape124: Check buf_size against num_superblocks
- avcodec/h264_parser: Reduce needed history for parsing mb index
- avcodec/magicyuv: Check bits left in flags&1 branch
- avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
- avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
- avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
- avutil/common: Fix undefined behavior in av_clip_uintp2_c()
- fftools/ffmpeg: Fallback to duration if sample rate is unavailable
- avformat/mov: Only set pkt->duration to non negative values
- avcodec/h264_slice: Fix overflow in recovery_frame computation
- avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei
- avcodec/h264_mc_template: Only prefetch motion if the list is used.
- avcodec/xwddec: Use ff_set_dimensions()
- avcodec/wavpack: Fix overflow in adding tail
- avcodec/shorten: Fix multiple integer overflows
- avcodec/shorten: Fix undefined shift in fix_bitshift()
- avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
- avcodec/shorten: Sanity check nmeans
- avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
- avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
- avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
- avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
- avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
- avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
- avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
- avcodec/fic: Avoid some magic numbers related to cursors
- avcodec/g2meet: ask for sample with overflowing RGB
- avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
- oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior
- avcodec/g723_1dec: Clip bits2 in both directions
- avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
- avcodec/mlpdec: Only change noise_type if the related fields are valid
- indeo4: Decode all or nothing of a band header.
- avformat/mov: Only fail for STCO/STSC contradictions if both exist
- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
- avcodec/fic: Check available input space for cursor
- avcodec/g2meet: Check RGB upper limit
- avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
- avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
- avcodec/g2meet: Change order of operations to avoid undefined behavior
- avcodec/flac_parser: Fix infinite loop
- avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
- avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
- avcodec/error_resilience: Fix integer overflow in filter181()
- avcodec/h263dec: Check slice_ret in mspeg4 slice loop
- avcodec/elsdec: Fix memleaks
- avcodec/vc1_block: simplify ac_val computation
- avcodec/ffv1enc: Check that the crc + version combination is supported
- lavf/http.c: Free allocated client URLContext in case of error.
- avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
- avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
- avcodec/dfa: Check dimension against maximum
- avcodec/cinepak: Skip empty frames
- avcodec/cinepak: move some checks prior to frame allocation
- swresample/arm: remove unintentional relocation.
- doc/APIchanges: Fix typos in hashes
- avformat/utils: Check cur_dts in update_initial_timestamps() more
- avcodec/utils: Enforce minimum width also for VP5/6
- avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
- avformat/utils: Fix integer overflow in end time calculation in update_stream_timings()
- avcodec/mjpegdec: Check input buffer size.
- avcodec/h264_slice: Fix integer overflow with last_poc
- avformat/mov: Fix extradata memleak
- lavc/libopusdec: Allow avcodec_open2 to call .close
- avcodec/movtextdec: Check style_start/end
- avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
- libavcodec/rv34: error out earlier on missing references
- swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
- avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
- avcodec/cscd: Error out when LZ* decompression fails
- avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
- avfilter/vf_signature: use av_strlcpy()
- avcodec/utvideodec: Set pro flag based on fourcc
- avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
- avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
- avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry()
- avcodec/get_bits: Make sure the input bitstream with padding can be addressed
- avformat/mov: Check STSC and remove invalid entries
- avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
- avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
- avcodec/wmalosslessdec: Reset num_saved_bits on error path
- avformat/mov: Fix integer overflows related to sample_duration
- avformat/img2dec: fix infinite loop
- avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE
- avformat/oggparseogm: Check lb against psize
- avformat/oggparseogm: Fix undefined shift in ogm_packet()
- avformat/avidec: Fix integer overflow in cum_len check
- avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
- avformat/utils: Fix integer overflow of fps_first/last_dts
- avformat/oggdec: Fix metadata memleak on multiple headers
- libavformat/oggparsevorbis: Fix memleak on multiple headers
- avformat/mov: Fix integer overflow in mov_get_stsc_samples()
- avcodec/truemotion2rt: Check input buffer size
- avcodec/g2meet: Check tile dimensions with av_image_check_size2()
- avcodec/exr: fix invalid shift in unpack_14()
- avcodec/bintext: sanity check dimensions
- avcodec/utvideodec: Check subsample factors
- avcodec/smc: Check input packet size
- avcodec/cavsdec: Check alpha/beta offset
- avcodec/diracdec: Fix integer overflow in mv computation
- avcodec/h264_parse: Clear invalid chroma weights in ff_h264_pred_weight_table()
- avcodec/aacdec_templat: Fix integer overflow in apply_ltp()
- avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
- avcodec/diracdec: Use int64 in global mv to prevent overflow
- avcodec/dxtory: Remove code that corrupts dimensions
- avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
- avcodec/hevcdec: Check luma/chroma_log2_weight_denom
- avcodec/jpeg2000dec: Use av_image_check_size2()
- avcodec/vp8: Check for bitstream end before vp7_fade_frame()
- avcodec/exr: Check remaining bits in last get code loop
- avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()
- avdevice/decklink_dec: Fix ;;
- avcodec/h264_cabac: Tighten allowed coeff_abs range
- avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()
- avdevice/iec61883: free the private context at the end
- avdevice/iec61883: return reference counted packets
- configure: add nvcc to CMDLINE_SET
- avcodec/mpeg4_unpack_bframes: make sure the packet is writable when data needs to be changed
- avcodec/mp3_header_decompress: don't free the user provided packet on error
- avcodec/extract_extradata: zero initalize the padding bytes in all allocated buffers
- avformat/hvcc: zero initialize the nal buffers past the last written byte
- swresample/rematrix: fix update of channel matrix if input or output layout is undefined
- avformat/matroskadec: ignore CodecPrivate if the stream is VP9
"""
Comment 4 Larry the Git Cow gentoo-dev 2018-11-23 09:49:03 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f125f43d325cb7faeaa9caab630768d7643ebae

commit 8f125f43d325cb7faeaa9caab630768d7643ebae
Author:     Arfrever Frehtes Taifersar Arahesis <arfrever.fta@gmail.com>
AuthorDate: 2018-11-23 09:29:04 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2018-11-23 09:48:03 +0000

    media-plugins/gst-plugins-libav: Update ffmpeg version with USE=libav
    
    Closes: https://bugs.gentoo.org/666674
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>
    Package-Manager: Portage-2.3.49, Repoman-2.3.11

 media-plugins/gst-plugins-libav/Manifest           |  2 +
 .../gst-plugins-libav-1.14.4.3.4.4.ebuild          | 91 ++++++++++++++++++++++
 2 files changed, 93 insertions(+)