From 19afaf96deb854863966fc87f2001656d4aaddeb Mon Sep 17 00:00:00 2001 From: happyworker <208suo@208suo.com> Date: Fri, 21 Jun 2024 14:28:46 +0800 Subject: [PATCH] sync openEuler-20.03-LTS-SP1 to openEuler-20.03-LTS-SP4 --- CVE-2020-35964.patch | 18 +++++++++--------- CVE-2021-38114.patch | 16 ++++++++-------- CVE-2023-51794.patch | 25 +++++++++++++++++++++++++ CVE-2024-31578.patch | 43 +++++++++++++++++++++++++++++++++++++++++++ ffmpeg.spec | 12 ++++++++++-- 5 files changed, 95 insertions(+), 19 deletions(-) create mode 100644 CVE-2023-51794.patch create mode 100644 CVE-2024-31578.patch diff --git a/CVE-2020-35964.patch b/CVE-2020-35964.patch index 5d7f3b2..21c0b6c 100644 --- a/CVE-2020-35964.patch +++ b/CVE-2020-35964.patch @@ -1,6 +1,6 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vividas.c ---- ffmpeg-4.2.4/libavformat/vividas.c 2022-05-20 16:21:19.420882000 +0800 -+++ ffmpeg-4.2.4-new/libavformat/vividas.c 2022-05-23 14:27:05.231650000 +0800 +--- ffmpeg-4.2.4/libavformat/vividas.c 2022-05-24 14:52:47.185857000 +0800 ++++ ffmpeg-4.2.4-new/libavformat/vividas.c 2022-05-24 15:16:15.926505000 +0800 @@ -27,7 +27,7 @@ * @author Andrzej Szombierski [qq at kuku eu org] (2010-07) * @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV @@ -11,7 +11,7 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid #include "avio_internal.h" #include "avformat.h" @@ -278,7 +278,7 @@ - + static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *buf, int size) { - int i,j; @@ -20,7 +20,7 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid int val_1; int num_video; @@ -372,7 +372,7 @@ - + if (avio_tell(pb) < off) { int num_data; - int xd_size = 0; @@ -35,7 +35,7 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid - xd_size += len; + xd_size += len + 1 + len/255; } - + - st->codecpar->extradata_size = 64 + xd_size + xd_size / 255; - if (ff_alloc_extradata(st->codecpar, st->codecpar->extradata_size)) { - av_free(pb); @@ -44,10 +44,10 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid + ret = ff_alloc_extradata(st->codecpar, xd_size); + if (ret < 0) + return ret; - + p = st->codecpar->extradata; p[0] = 2; - + for (j = 0; j < num_data - 1; j++) { unsigned delta = av_xiphlacing(&p[offset], data_len[j]); - if (delta > data_len[j]) { @@ -57,7 +57,7 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid + av_assert0(delta <= xd_size - offset); offset += delta; } - + @@ -415,6 +410,7 @@ av_freep(&st->codecpar->extradata); break; @@ -65,4 +65,4 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid + av_assert0(data_len[j] <= xd_size - offset); offset += data_len[j]; } - + diff --git a/CVE-2021-38114.patch b/CVE-2021-38114.patch index ed1e3be..dc56b0e 100644 --- a/CVE-2021-38114.patch +++ b/CVE-2021-38114.patch @@ -1,18 +1,18 @@ diff -Naru ffmpeg-4.2.4/libavcodec/dnxhddec.c ffmpeg-4.2.4-new/libavcodec/dnxhddec.c ---- ffmpeg-4.2.4/libavcodec/dnxhddec.c 2022-05-20 16:21:12.890882000 +0800 -+++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c 2022-05-20 16:47:00.416516000 +0800 +--- ffmpeg-4.2.4/libavcodec/dnxhddec.c 2022-05-24 14:52:38.305857000 +0800 ++++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c 2022-05-24 15:13:34.231494000 +0800 @@ -111,6 +111,7 @@ - + static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) { + int ret; if (cid != ctx->cid) { int index; - + @@ -130,19 +131,26 @@ ff_free_vlc(&ctx->dc_vlc); ff_free_vlc(&ctx->run_vlc); - + - init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257, + if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257, ctx->cid_table->ac_bits, 1, 1, @@ -31,15 +31,15 @@ diff -Naru ffmpeg-4.2.4/libavcodec/dnxhddec.c ffmpeg-4.2.4-new/libavcodec/dnxhdd - ctx->cid_table->run_codes, 2, 2, 0); + ctx->cid_table->run_codes, 2, 2, 0)) < 0) + goto out; - + ctx->cid = cid; } - return 0; -+ ret = 0; ++ ret = 0; +out: + if (ret < 0) + av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n"); + return ret; } - + static av_cold int dnxhd_decode_init_thread_copy(AVCodecContext *avctx) diff --git a/CVE-2023-51794.patch b/CVE-2023-51794.patch new file mode 100644 index 0000000..958335e --- /dev/null +++ b/CVE-2023-51794.patch @@ -0,0 +1,25 @@ +From a80f53d91fc1d3c523b4660a4f7ca3ede82f0bd8 Mon Sep 17 00:00:00 2001 +From: happyworker <208suo@208suo.com> +Date: Wed, 19 Jun 2024 14:48:11 +0800 +Subject: [PATCH] Fix CVE-2023-51794 + +--- + libavfilter/af_stereowiden.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c +index d23c8db..3d7b5bb 100644 +--- a/libavfilter/af_stereowiden.c ++++ b/libavfilter/af_stereowiden.c +@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink) + + s->length = s->delay * inlink->sample_rate / 1000; + s->length *= 2; ++ if (s->length == 0) ++ return AVERROR(EINVAL); + s->buffer = av_calloc(s->length, sizeof(*s->buffer)); + if (!s->buffer) + return AVERROR(ENOMEM); +-- +2.43.0 + diff --git a/CVE-2024-31578.patch b/CVE-2024-31578.patch new file mode 100644 index 0000000..3bfd5bf --- /dev/null +++ b/CVE-2024-31578.patch @@ -0,0 +1,43 @@ +From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001 +From: Zhao Zhili +Date: Wed, 1 May 2024 18:08:51 +0800 +Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant. +Fix heap use after free when vulkan_frames_init failed. + +Signed-off-by: Zhao Zhili +--- + libavutil/hwcontext.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c +index f1e404a..3b99b8a 100644 +--- a/libavutil/hwcontext.c ++++ b/libavutil/hwcontext.c +@@ -358,7 +358,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref) + if (ctx->internal->hw_type->frames_init) { + ret = ctx->internal->hw_type->frames_init(ctx); + if (ret < 0) +- goto fail; ++ return ret; + } + + if (ctx->internal->pool_internal && !ctx->pool) +@@ -368,14 +368,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref) + if (ctx->initial_pool_size > 0) { + ret = hwframe_pool_prealloc(ref); + if (ret < 0) +- goto fail; ++ return ret; + } + + return 0; +-fail: +- if (ctx->internal->hw_type->frames_uninit) +- ctx->internal->hw_type->frames_uninit(ctx); +- return ret; + } + + int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref, +-- +2.23.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index c378cd2..7ab30ef 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.2.4 -Release: 4 +Release: 6 License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -75,6 +75,8 @@ Patch2: CVE-2021-3566.patch Patch3: CVE-2021-38291.patch Patch4: CVE-2021-38114.patch Patch5: CVE-2020-35964.patch +Patch6: CVE-2024-31578.patch +Patch7: CVE-2023-51794.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -407,7 +409,13 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog -* Mon May 23 2022 yangweidong - 4.2.4-4 +* Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-6 +- Fix CVE-2023-51794 + +* Wed May 01 2024 cenhuilin - 4.2.4-5 +- fix CVE-2024-31578 + +* Tue May 24 2022 yangweidong - 4.2.4-4 - Fix CVE-2021-38114 and CVE-2020-35964 * Sat Sep 04 2021 guoxiaoqi - 4.2.4-3