sync openEuler-20.03-LTS-SP1 to openEuler-22.03-LTS-SP3

2024-06-21 11:47:21 +08:00 · 2024-06-21 11:47:21 +08:00 · 7c94221570
commit 7c94221570
parent 590bcfb2ff
4 changed files with 35 additions and 6 deletions
--- a/CVE-2020-35964.patch
+++ b/CVE-2020-35964.patch
@ -1,6 +1,6 @@
 diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vividas.c
--- ffmpeg-4.2.4/libavformat/vividas.c	2022-05-24 10:57:25.967425000 +0800
-+++ ffmpeg-4.2.4-new/libavformat/vividas.c	2022-05-24 11:07:17.698072000 +0800
+--- ffmpeg-4.2.4/libavformat/vividas.c	2022-05-24 14:52:47.185857000 +0800
+++ ffmpeg-4.2.4-new/libavformat/vividas.c	2022-05-24 15:16:15.926505000 +0800
@@ -27,7 +27,7 @@
  * @author Andrzej Szombierski [qq at kuku eu org] (2010-07)
  * @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV
--- a/CVE-2021-38114.patch
+++ b/CVE-2021-38114.patch
@ -1,6 +1,6 @@
 diff -Naru ffmpeg-4.2.4/libavcodec/dnxhddec.c ffmpeg-4.2.4-new/libavcodec/dnxhddec.c
--- ffmpeg-4.2.4/libavcodec/dnxhddec.c	2022-05-24 10:57:19.937425000 +0800
-+++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c	2022-05-24 10:59:49.141810000 +0800
+--- ffmpeg-4.2.4/libavcodec/dnxhddec.c	2022-05-24 14:52:38.305857000 +0800
+++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c	2022-05-24 15:13:34.231494000 +0800
@@ -111,6 +111,7 @@
 
 static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
--- a/CVE-2023-51794.patch
+++ b/CVE-2023-51794.patch
@ -0,0 +1,25 @@
+From a80f53d91fc1d3c523b4660a4f7ca3ede82f0bd8 Mon Sep 17 00:00:00 2001
+From: happyworker <208suo@208suo.com>
+Date: Wed, 19 Jun 2024 14:48:11 +0800
+Subject: [PATCH] Fix CVE-2023-51794
+
+---
+ libavfilter/af_stereowiden.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c
+index d23c8db..3d7b5bb 100644
+--- a/libavfilter/af_stereowiden.c
+++ b/libavfilter/af_stereowiden.c
+@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink)
+ 
+     s->length = s->delay * inlink->sample_rate / 1000;
+     s->length *= 2;
+    if (s->length == 0)
+	return AVERROR(EINVAL);
+     s->buffer = av_calloc(s->length, sizeof(*s->buffer));
+     if (!s->buffer)
+         return AVERROR(ENOMEM);
+-- 
+2.43.0
+
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        5
+Release:        6
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@ -76,6 +76,7 @@ Patch3:         CVE-2021-38291.patch
 Patch4:         CVE-2021-38114.patch
 Patch5:         CVE-2020-35964.patch
 Patch6:         CVE-2024-31578.patch
+Patch7:         CVE-2023-51794.patch
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
 %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@ -408,10 +409,13 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}


 %changelog
+* Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-6
+- Fix CVE-2023-51794
+
 * Wed May 01 2024 cenhuilin <cenhuilin@kylinos.cn> - 4.2.4-5
 - fix CVE-2024-31578

-* Thu Jun 2 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
+* Tue May 24 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
 - Fix CVE-2021-38114 and CVE-2020-35964

 * Sat Sep 04 2021 guoxiaoqi <guoxiaoqi2@huawei.com> - 4.2.4-3