libav: upgrade to 9.18

Upgrade libav from version 9.16 to 9.18. Remove unused var INC_PR and
backport patch to fix CVE-2014-9676.

(From OE-Core rev: 1cac4dea1dd4a335752539feefc72372fb78a41d)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-multimedia/libav/libav.inc

@@ -24,8 +24,6 @@ ARM_INSTRUCTION_SET = "arm"
 
 DEPENDS = "alsa-lib zlib libogg yasm-native"
 
-INC_PR = "r8"
-
 inherit autotools pkgconfig
 
 B = "${S}/build.${HOST_SYS}.${TARGET_SYS}"

meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch

@@ -0,0 +1,98 @@
+Upstream-Status: Backport
+
+Backport patch to fix CVE-2014-9676.
+
+https://security-tracker.debian.org/tracker/CVE-2014-9676
+https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+From b3f04657368a32a9903406395f865e230b1de348 Mon Sep 17 00:00:00 2001
+From: Luca Barbato <lu_zero@gentoo.org>
+Date: Mon, 5 Jan 2015 10:40:41 +0100
+Subject: [PATCH] segment: Fix the failure paths
+
+A failure in segment_end() or segment_start() would lead to freeing
+a dangling pointer and in general further calls to seg_write_packet()
+or to seg_write_trailer() would have the same faulty behaviour.
+
+CC: libav-stable@libav.org
+Reported-By: luodalongde@gmail.com
+---
+ libavformat/segment.c | 32 ++++++++++++++++++++------------
+ 1 file changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/libavformat/segment.c b/libavformat/segment.c
+index 52da6b9..bcfd1f9 100644
+--- a/libavformat/segment.c
++++ b/libavformat/segment.c
+@@ -184,6 +184,13 @@ static void close_null_ctx(AVIOContext *pb)
+     av_free(pb);
+ }
+ 
++static void seg_free_context(SegmentContext *seg)
++{
++    avio_closep(&seg->pb);
++    avformat_free_context(seg->avf);
++    seg->avf = NULL;
++}
++
+ static int seg_write_header(AVFormatContext *s)
+ {
+     SegmentContext *seg = s->priv_data;
+@@ -265,12 +272,9 @@ static int seg_write_header(AVFormatContext *s)
+     }
+ 
+ fail:
+-    if (ret) {
+-        if (seg->list)
+-            avio_close(seg->pb);
+-        if (seg->avf)
+-            avformat_free_context(seg->avf);
+-    }
++    if (ret < 0)
++        seg_free_context(seg);
++
+     return ret;
+ }
+ 
+@@ -282,6 +286,9 @@ static int seg_write_packet(AVFormatContext *s, AVPacket *pkt)
+     int64_t end_pts = seg->recording_time * seg->number;
+     int ret, can_split = 1;
+ 
++    if (!oc)
++        return AVERROR(EINVAL);
++
+     if (seg->has_video) {
+         can_split = st->codec->codec_type == AVMEDIA_TYPE_VIDEO &&
+                     pkt->flags & AV_PKT_FLAG_KEY;
+@@ -322,11 +329,8 @@ static int seg_write_packet(AVFormatContext *s, AVPacket *pkt)
+     ret = ff_write_chained(oc, pkt->stream_index, pkt, s);
+ 
+ fail:
+-    if (ret < 0) {
+-        if (seg->list)
+-            avio_close(seg->pb);
+-        avformat_free_context(oc);
+-    }
++    if (ret < 0)
++        seg_free_context(seg);
+ 
+     return ret;
+ }
+@@ -335,7 +339,11 @@ static int seg_write_trailer(struct AVFormatContext *s)
+ {
+     SegmentContext *seg = s->priv_data;
+     AVFormatContext *oc = seg->avf;
+-    int ret;
++    int ret = 0;
++
++    if (!oc)
++        goto fail;
++
+     if (!seg->write_header_trailer) {
+         if ((ret = segment_end(oc, 0)) < 0)
+             goto fail;
+-- 
+2.4.1.314.g9532ead
+

meta/recipes-multimedia/libav/libav_9.16.bb

@@ -1,4 +0,0 @@
-require libav.inc
-
-SRC_URI[md5sum] = "7b44b75cec24b8e7545e5029e76917e0"
-SRC_URI[sha256sum] = "ca846473b0b8ed8e3404c52e5e92df6d35cb5fa487eec498525de3ffda4367a0"

meta/recipes-multimedia/libav/libav_9.18.bb

@@ -0,0 +1,6 @@
+require libav.inc
+
+SRC_URI[md5sum] = "75e838068a75fb88e1b4ea0546bc16f0"
+SRC_URI[sha256sum] = "0875e835da683eef1a7bac75e1884634194149d7479d1538ba9fbe1614d066d7"
+
+SRC_URI += "file://libav-fix-CVE-2014-9676.patch"