diff --git a/CVE-2020-35964.patch b/CVE-2020-35964.patch index 7840f270d89ab6ca4968ff1a340b8fc2497c3ff9..21c0b6cf0c4d2df1329ede08a4ac99b10ed0a85f 100644 --- a/CVE-2020-35964.patch +++ b/CVE-2020-35964.patch @@ -1,6 +1,6 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vividas.c ---- ffmpeg-4.2.4/libavformat/vividas.c 2022-05-24 10:57:25.967425000 +0800 -+++ ffmpeg-4.2.4-new/libavformat/vividas.c 2022-05-24 11:07:17.698072000 +0800 +--- ffmpeg-4.2.4/libavformat/vividas.c 2022-05-24 14:52:47.185857000 +0800 ++++ ffmpeg-4.2.4-new/libavformat/vividas.c 2022-05-24 15:16:15.926505000 +0800 @@ -27,7 +27,7 @@ * @author Andrzej Szombierski [qq at kuku eu org] (2010-07) * @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV diff --git a/CVE-2021-38114.patch b/CVE-2021-38114.patch index 5477bea16f64bb6a0ae6e2f0a8a7909490815c1c..dc56b0ec225fde4a1c69865b113797be2c668829 100644 --- a/CVE-2021-38114.patch +++ b/CVE-2021-38114.patch @@ -1,6 +1,6 @@ diff -Naru ffmpeg-4.2.4/libavcodec/dnxhddec.c ffmpeg-4.2.4-new/libavcodec/dnxhddec.c ---- ffmpeg-4.2.4/libavcodec/dnxhddec.c 2022-05-24 10:57:19.937425000 +0800 -+++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c 2022-05-24 10:59:49.141810000 +0800 +--- ffmpeg-4.2.4/libavcodec/dnxhddec.c 2022-05-24 14:52:38.305857000 +0800 ++++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c 2022-05-24 15:13:34.231494000 +0800 @@ -111,6 +111,7 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) diff --git a/CVE-2023-51794.patch b/CVE-2023-51794.patch new file mode 100644 index 0000000000000000000000000000000000000000..958335e243c7dd3db50f8c146d21bfe68a9c75c5 --- /dev/null +++ b/CVE-2023-51794.patch @@ -0,0 +1,25 @@ +From a80f53d91fc1d3c523b4660a4f7ca3ede82f0bd8 Mon Sep 17 00:00:00 2001 +From: happyworker <208suo@208suo.com> +Date: Wed, 19 Jun 2024 14:48:11 +0800 +Subject: [PATCH] Fix CVE-2023-51794 + +--- + libavfilter/af_stereowiden.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c +index d23c8db..3d7b5bb 100644 +--- a/libavfilter/af_stereowiden.c ++++ b/libavfilter/af_stereowiden.c +@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink) + + s->length = s->delay * inlink->sample_rate / 1000; + s->length *= 2; ++ if (s->length == 0) ++ return AVERROR(EINVAL); + s->buffer = av_calloc(s->length, sizeof(*s->buffer)); + if (!s->buffer) + return AVERROR(ENOMEM); +-- +2.43.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index a9fbdcdc3c4fe652c4fec91f4ece75efd6e8a842..7ef76dfa3e08f253e964f3525db23eedcf0d81b6 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 4 +Release: 5 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -75,6 +75,7 @@ Patch2: CVE-2021-3566.patch Patch3: CVE-2021-38291.patch Patch4: CVE-2021-38114.patch Patch5: CVE-2020-35964.patch +Patch6: CVE-2023-51794.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -407,7 +408,10 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog -* Thu Jun 2 2022 yangweidong - 4.2.4-4 +* Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-5 +- Fix CVE-2023-51794 + +* Tue May 24 2022 yangweidong - 4.2.4-4 - Fix CVE-2021-38114 and CVE-2020-35964 * Sat Sep 04 2021 guoxiaoqi - 4.2.4-3