!54 同步openEuler-20.03-LTS-SP1 到openEuler-22.03-LTS-SP3

From: @happyworker Reviewed-by: @technology208 Signed-off-by: @technology208
2024-06-21 05:58:44 +00:00 · 2024-06-21 05:58:44 +00:00 · b9b05b3385
commit b9b05b3385
parent 590bcfb2ff 7c94221570
4 changed files with 35 additions and 6 deletions
--- a/CVE-2020-35964.patch
+++ b/CVE-2020-35964.patch
@ -1,6 +1,6 @@
 diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vividas.c
--- ffmpeg-4.2.4/libavformat/vividas.c	2022-05-24 10:57:25.967425000 +0800
+--- ffmpeg-4.2.4/libavformat/vividas.c	2022-05-24 14:52:47.185857000 +0800
-+++ ffmpeg-4.2.4-new/libavformat/vividas.c	2022-05-24 11:07:17.698072000 +0800
+++ ffmpeg-4.2.4-new/libavformat/vividas.c	2022-05-24 15:16:15.926505000 +0800
@@ -27,7 +27,7 @@
  * @author Andrzej Szombierski [qq at kuku eu org] (2010-07)
  * @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV
--- a/CVE-2021-38114.patch
+++ b/CVE-2021-38114.patch
@ -1,6 +1,6 @@
 diff -Naru ffmpeg-4.2.4/libavcodec/dnxhddec.c ffmpeg-4.2.4-new/libavcodec/dnxhddec.c
--- ffmpeg-4.2.4/libavcodec/dnxhddec.c	2022-05-24 10:57:19.937425000 +0800
+--- ffmpeg-4.2.4/libavcodec/dnxhddec.c	2022-05-24 14:52:38.305857000 +0800
-+++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c	2022-05-24 10:59:49.141810000 +0800
+++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c	2022-05-24 15:13:34.231494000 +0800
@@ -111,6 +111,7 @@
 static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
--- a/CVE-2023-51794.patch
+++ b/CVE-2023-51794.patch
@ -0,0 +1,25 @@
 From a80f53d91fc1d3c523b4660a4f7ca3ede82f0bd8 Mon Sep 17 00:00:00 2001
 From: happyworker <208suo@208suo.com>
 Date: Wed, 19 Jun 2024 14:48:11 +0800
 Subject: [PATCH] Fix CVE-2023-51794
 ---
 libavfilter/af_stereowiden.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c
 index d23c8db..3d7b5bb 100644
 --- a/libavfilter/af_stereowiden.c
 +++ b/libavfilter/af_stereowiden.c
@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink)
     s->length = s->delay * inlink->sample_rate / 1000;
     s->length *= 2;
 +    if (s->length == 0)
 +	return AVERROR(EINVAL);
     s->buffer = av_calloc(s->length, sizeof(*s->buffer));
     if (!s->buffer)
         return AVERROR(ENOMEM);
 -- 
 2.43.0
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        5
+Release:        6
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@ -76,6 +76,7 @@ Patch3:         CVE-2021-38291.patch
 Patch4:         CVE-2021-38114.patch
 Patch5:         CVE-2020-35964.patch
 Patch6:         CVE-2024-31578.patch
 Patch7:         CVE-2023-51794.patch
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
 %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@ -408,10 +409,13 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 %changelog
 * Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-6
 - Fix CVE-2023-51794
 * Wed May 01 2024 cenhuilin <cenhuilin@kylinos.cn> - 4.2.4-5
 - fix CVE-2024-31578
-* Thu Jun 2 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
+* Tue May 24 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
 - Fix CVE-2021-38114 and CVE-2020-35964
 * Sat Sep 04 2021 guoxiaoqi <guoxiaoqi2@huawei.com> - 4.2.4-3