diff --git a/0001-fix-cve-2021-4043.patch b/0001-fix-cve-2021-4043.patch new file mode 100644 index 0000000000000000000000000000000000000000..897e001fd8b6ced6ee549b4b2d878ea3d8594da3 --- /dev/null +++ b/0001-fix-cve-2021-4043.patch @@ -0,0 +1,32 @@ +From 64a2e1b799352ac7d7aad1989bc06e7b0f2b01db Mon Sep 17 00:00:00 2001 +From: jeanlf +Date: Tue, 1 Feb 2022 15:28:23 +0100 +Subject: [PATCH] fixed #2092 + +--- + src/isomedia/box_code_base.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/isomedia/box_code_base.c b/src/isomedia/box_code_base.c +index b3c38310a..126084b0e 100644 +--- a/src/isomedia/box_code_base.c ++++ b/src/isomedia/box_code_base.c +@@ -11083,10 +11083,12 @@ void gitn_box_del(GF_Box *s) + u32 i; + GroupIdToNameBox *ptr = (GroupIdToNameBox *)s; + if (ptr == NULL) return; +- for (i=0; inb_entries; i++) { +- if (ptr->entries[i].name) gf_free(ptr->entries[i].name); ++ if (ptr->entries) { ++ for (i=0; inb_entries; i++) { ++ if (ptr->entries[i].name) gf_free(ptr->entries[i].name); ++ } ++ gf_free(ptr->entries); + } +- if (ptr->entries) gf_free(ptr->entries); + gf_free(ptr); + } + +-- +2.39.3 + diff --git a/gpac.spec b/gpac.spec index fc531c462e49111cf61f1ab3a5decbf3d75b82c7..607179d96b79f7241e7957bd9884e9169d94e6f3 100644 --- a/gpac.spec +++ b/gpac.spec @@ -9,7 +9,7 @@ Name: gpac Summary: MPEG-4 multimedia framework Version: 0.8.0 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPLv2+ URL: http://gpac.sourceforge.net/ Source0: https://github.com/gpac/gpac/archive/v%{version}/gpac-%{version}.tar.gz @@ -42,6 +42,8 @@ BuildRequires: gcc %{?_with_amr:BuildRequires: amrnb-devel BuildRequires: amrwb-devel} +Patch: 0001-fix-cve-2021-4043.patch + %description GPAC is a multimedia framework based on the MPEG-4 Systems standard developed from scratch in ANSI C. The original development goal is to provide a clean, @@ -174,6 +176,9 @@ rm %{buildroot}%{_includedir}/wince/errno.h %changelog +* Wed Mar 12 2025 shenzl - 0.8.0-2 +- fix CVE-2021-4043 + * Tue Aug 06 2019 Sérgio Basto - 0.8.0-1 - Update GPAC to 0.8.0