diff --git a/CVE-2021-30123.patch b/CVE-2021-30123.patch new file mode 100644 index 0000000000000000000000000000000000000000..b18e7cc514855367f8349fad1447237c40937046 --- /dev/null +++ b/CVE-2021-30123.patch @@ -0,0 +1,59 @@ +From d6f293353c94c7ce200f6e0975ae3de49787f91f Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Jan=20Ekstr=C3=B6m?= +Date: Tue, 18 Aug 2020 20:49:00 +0300 +Subject: [PATCH] avcodec/aacdec_template: add more checks to make sure only + 22.2 gets to 22.2 + +Validates the set channel layout as well as verifies that the received +layout to the function matches the reference layout, so that it matches +the implemented re-ordering logic. + +Fixes #8845 +--- + libavcodec/aacdec_template.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c +index 9c8fb050e9..e8af01b084 100644 +--- a/libavcodec/aacdec_template.c ++++ b/libavcodec/aacdec_template.c +@@ -266,6 +266,7 @@ static int count_paired_channels(uint8_t (*layout_map)[3], int tags, int pos, + return num_pos_channels; + } + ++#define PREFIX_FOR_22POINT2 (AV_CH_LAYOUT_7POINT1_WIDE_BACK|AV_CH_BACK_CENTER|AV_CH_SIDE_LEFT|AV_CH_SIDE_RIGHT|AV_CH_LOW_FREQUENCY_2) + static uint64_t sniff_channel_order(uint8_t (*layout_map)[3], int tags) + { + int i, n, total_non_cc_elements; +@@ -401,7 +402,14 @@ static uint64_t sniff_channel_order(uint8_t (*layout_map)[3], int tags) + } + + // The previous checks would end up at 8 at this point for 22.2 +- if (tags == 16 && i == 8) { ++ if (layout == PREFIX_FOR_22POINT2 && tags == 16 && i == 8) { ++ const uint8_t (*reference_layout_map)[3] = aac_channel_layout_map[12]; ++ for (int j = 0; j < tags; j++) { ++ if (layout_map[j][0] != reference_layout_map[j][0] || ++ layout_map[j][2] != reference_layout_map[j][2]) ++ goto end_of_layout_definition; ++ } ++ + e2c_vec[i] = (struct elem_to_channel) { + .av_position = AV_CH_TOP_FRONT_CENTER, + .syn_ele = layout_map[i][0], +@@ -448,9 +456,11 @@ static uint64_t sniff_channel_order(uint8_t (*layout_map)[3], int tags) + &layout); + } + ++end_of_layout_definition: ++ + total_non_cc_elements = n = i; + +- if (tags == 16 && total_non_cc_elements == 16) { ++ if (layout == AV_CH_LAYOUT_22POINT2) { + // For 22.2 reorder the result as needed + FFSWAP(struct elem_to_channel, e2c_vec[2], e2c_vec[0]); // FL & FR first (final), FC third + FFSWAP(struct elem_to_channel, e2c_vec[2], e2c_vec[1]); // FC second (final), FLc & FRc third +-- +2.20.1 + diff --git a/ffmpeg.spec b/ffmpeg.spec index c3cec5325111bd5429c87a092f18fcda6023ba84..0ece3d51fed5660cd206f068456a405c1b6f6703 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -80,7 +80,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 1 +Release: 2 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -90,6 +90,7 @@ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz %endif Patch0: fix_ppc_build.patch Patch1: fix-vmaf-model-path.patch +patch2: CVE-2021-30123.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -421,5 +422,8 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Thu Jun 24 2021 yaozc7 - 4.2.4-2 +- Add patch CVE-2021-30123 + * Fri May 07 2021 weidong - 4.2.4-1 - Initial package.