From 5f2d3123e287e422dd0b779cc024fa017ede4e63 Mon Sep 17 00:00:00 2001 From: happyworker <208suo@208suo.com> Date: Thu, 20 Jun 2024 15:39:21 +0800 Subject: [PATCH] osync penEuler-20.03-LTS-SP11 to openEuler-22.03-LTS-Next --- CVE-2020-35964.patch | 4 ++-- CVE-2021-38114.patch | 4 ++-- CVE-2023-51794.patch | 25 +++++++++++++++++++++++++ ffmpeg.spec | 8 ++++++-- 4 files changed, 35 insertions(+), 6 deletions(-) create mode 100644 CVE-2023-51794.patch diff --git a/CVE-2020-35964.patch b/CVE-2020-35964.patch index 7840f27..21c0b6c 100644 --- a/CVE-2020-35964.patch +++ b/CVE-2020-35964.patch @@ -1,6 +1,6 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vividas.c ---- ffmpeg-4.2.4/libavformat/vividas.c 2022-05-24 10:57:25.967425000 +0800 -+++ ffmpeg-4.2.4-new/libavformat/vividas.c 2022-05-24 11:07:17.698072000 +0800 +--- ffmpeg-4.2.4/libavformat/vividas.c 2022-05-24 14:52:47.185857000 +0800 ++++ ffmpeg-4.2.4-new/libavformat/vividas.c 2022-05-24 15:16:15.926505000 +0800 @@ -27,7 +27,7 @@ * @author Andrzej Szombierski [qq at kuku eu org] (2010-07) * @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV diff --git a/CVE-2021-38114.patch b/CVE-2021-38114.patch index 5477bea..dc56b0e 100644 --- a/CVE-2021-38114.patch +++ b/CVE-2021-38114.patch @@ -1,6 +1,6 @@ diff -Naru ffmpeg-4.2.4/libavcodec/dnxhddec.c ffmpeg-4.2.4-new/libavcodec/dnxhddec.c ---- ffmpeg-4.2.4/libavcodec/dnxhddec.c 2022-05-24 10:57:19.937425000 +0800 -+++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c 2022-05-24 10:59:49.141810000 +0800 +--- ffmpeg-4.2.4/libavcodec/dnxhddec.c 2022-05-24 14:52:38.305857000 +0800 ++++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c 2022-05-24 15:13:34.231494000 +0800 @@ -111,6 +111,7 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) diff --git a/CVE-2023-51794.patch b/CVE-2023-51794.patch new file mode 100644 index 0000000..958335e --- /dev/null +++ b/CVE-2023-51794.patch @@ -0,0 +1,25 @@ +From a80f53d91fc1d3c523b4660a4f7ca3ede82f0bd8 Mon Sep 17 00:00:00 2001 +From: happyworker <208suo@208suo.com> +Date: Wed, 19 Jun 2024 14:48:11 +0800 +Subject: [PATCH] Fix CVE-2023-51794 + +--- + libavfilter/af_stereowiden.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c +index d23c8db..3d7b5bb 100644 +--- a/libavfilter/af_stereowiden.c ++++ b/libavfilter/af_stereowiden.c +@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink) + + s->length = s->delay * inlink->sample_rate / 1000; + s->length *= 2; ++ if (s->length == 0) ++ return AVERROR(EINVAL); + s->buffer = av_calloc(s->length, sizeof(*s->buffer)); + if (!s->buffer) + return AVERROR(ENOMEM); +-- +2.43.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index a9fbdcd..7ef76df 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 4 +Release: 5 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -75,6 +75,7 @@ Patch2: CVE-2021-3566.patch Patch3: CVE-2021-38291.patch Patch4: CVE-2021-38114.patch Patch5: CVE-2020-35964.patch +Patch6: CVE-2023-51794.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -407,7 +408,10 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog -* Thu Jun 2 2022 yangweidong - 4.2.4-4 +* Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-5 +- Fix CVE-2023-51794 + +* Tue May 24 2022 yangweidong - 4.2.4-4 - Fix CVE-2021-38114 and CVE-2020-35964 * Sat Sep 04 2021 guoxiaoqi - 4.2.4-3 -- Gitee