Mail archive
alpine-aports

[alpine-aports] [PATCH edge] main/ffmpeg: security upgrade to 3.2.4 - fixes #6869

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Thu, 16 Feb 2017 12:17:19 +0000

CVE-2017-5024 (arbitrary code execution)
CVE-2017-5025 (arbitrary code execution)
---
 main/ffmpeg/APKBUILD | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/main/ffmpeg/APKBUILD b/main/ffmpeg/APKBUILD
index ccc2cdab76..c64a34cbe9 100644
--- a/main/ffmpeg/APKBUILD
+++ b/main/ffmpeg/APKBUILD
_at_@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Ɓukasz Jendrysik <scadu_at_yandex.com>
 # Contributor: Jakub Skrzypnik <j.skrzypnik_at_openmailbox.org>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=ffmpeg
-pkgver=3.2.2
+pkgver=3.2.4
 pkgrel=0
 pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix"
 url="http://ffmpeg.org/"
_at_@ -10,13 +11,19 @@ arch="all"
 license="GPL"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
 makedepends="gnutls-dev lame-dev libvorbis-dev xvidcore-dev zlib-dev
-	imlib2-dev x264-dev libtheora-dev coreutils bzip2-dev perl libvpx-dev
+	imlib2-dev x264-dev libtheora-dev coreutils bzip2-dev perl-dev libvpx-dev
 	libvpx-dev sdl2-dev libxfixes-dev libva-dev alsa-lib-dev rtmpdump-dev
 	v4l-utils-dev yasm opus-dev x265-dev"
 source="http://ffmpeg.org/releases/ffmpeg-$pkgver.tar.bz2
 	0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
 	cflags-speed-O2.patch
 	"
+
+# secfixes:
+#   3.2.4-r0:
+#   - CVE-2017-5024
+#   - CVE-2017-5025
+
 builddir="$srcdir/$pkgname-$pkgver"
 
 build() {
_at_@ -74,12 +81,6 @@ libs() {
 	mv "$pkgdir"/usr/lib "$subpkgdir"/usr
 }
 
-md5sums="82cf25d36df70ee995bbdb3efc079934  ffmpeg-3.2.2.tar.bz2
-627bb0f8b28063cd5d6a090b07bd3754  0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
-91167b4f601db28836dcc3de9f756ed7  cflags-speed-O2.patch"
-sha256sums="0b129a56d1b8d06101b1fcbfaa9f4f5eee3182d1ad6e44f511a84c12113a366b  ffmpeg-3.2.2.tar.bz2
-011f8beaf81074c9f4e522b699d27ee0ab74ec43f800286244a5b63b82ec5e8c  0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
-ed75cdc99acb83b660a9e40b908adec896a9421228a620b016a22e7f647bd92b  cflags-speed-O2.patch"
-sha512sums="7cb61684081bbe905ef324f60d259fd543e8be1ed2593167beb9324bec8bbc012cccff40a73e8be0ccc6bb0a20acd98a3dbac0d1d39403016cb381c1410b45db  ffmpeg-3.2.2.tar.bz2
+sha512sums="ba5004d0f2659faa139c7dbf2f0fc6bab1d4e017d919f4ac271a5d2e8e4a3478909176e3a4d1ad33ddf2f62ab28dd9e00ce9be1399efb7cb3276dde79134cdaa  ffmpeg-3.2.4.tar.bz2
 32652e18d4eb231a2e32ad1cacffdf33264aac9d459e0e2e6dd91484fced4e1ca5a62886057b1f0b4b1589c014bbe793d17c78adbaffec195f9a75733b5b18cb  0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
 5ff940abb4265401eebb0f2fd486b51a004d62a480c5a64bc279149731b577b5c95f0b7ff2d73429ec10b1f0b76ecf7fa466b02ba3a0bf79d9b7ac2ae87ee5d5  cflags-speed-O2.patch"
-- 
2.11.1
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Thu Feb 16 2017 - 12:17:19 GMT