sync master to 24.03

2024-06-19 11:02:30 +08:00 · 2024-06-19 11:02:30 +08:00 · 86af8ae6c1
commit 86af8ae6c1
parent 62a3f3c9c7
7 changed files with 203 additions and 8 deletions
--- a/CVE-2023-49528.patch
+++ b/CVE-2023-49528.patch
@ -0,0 +1,57 @@
+From ffae3ca84f646530fe9236b0966b663aebb06717 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Thu, 6 Jun 2024 17:45:43 +0800
+Subject: [PATCH] Fix CVE-2023-49528
+
+Conflict:NA
+Reference:2d9ed64859c9887d0504cd71dbd5b2c15e14251a
+---
+ libavfilter/af_dialoguenhance.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/libavfilter/af_dialoguenhance.c b/libavfilter/af_dialoguenhance.c
+index 1762ea7..0924c3e 100644
+--- a/libavfilter/af_dialoguenhance.c
+++ b/libavfilter/af_dialoguenhance.c
+@@ -96,12 +96,13 @@ static int config_input(AVFilterLink *inlink)
+     if (!s->window)
+         return AVERROR(ENOMEM);
+ 
+-    s->in_frame       = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->center_frame   = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->out_dist_frame = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->windowed_frame = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->windowed_out   = ff_get_audio_buffer(inlink, s->fft_size * 4);
+-    s->windowed_prev  = ff_get_audio_buffer(inlink, s->fft_size * 4);
+    s->in_frame       = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
+    s->center_frame   = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
+    s->out_dist_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
+    s->windowed_frame = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
+    s->windowed_out   = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
+    s->windowed_prev  = ff_get_audio_buffer(inlink, (s->fft_size + 2) * 2);
+
+     if (!s->in_frame || !s->windowed_out || !s->windowed_prev ||
+         !s->out_dist_frame || !s->windowed_frame || !s->center_frame)
+         return AVERROR(ENOMEM);
+@@ -250,6 +251,7 @@ static int de_stereo(AVFilterContext *ctx, AVFrame *out)
+     float *right_osamples  = (float *)out->extended_data[1];
+     float *center_osamples = (float *)out->extended_data[2];
+     const int offset = s->fft_size - s->overlap;
+    const int nb_samples = FFMIN(s->overlap, s->in->nb_samples);
+     float vad;
+ 
+     // shift in/out buffers
+@@ -258,8 +260,8 @@ static int de_stereo(AVFilterContext *ctx, AVFrame *out)
+     memmove(left_out, &left_out[s->overlap], offset * sizeof(float));
+     memmove(right_out, &right_out[s->overlap], offset * sizeof(float));
+ 
+-    memcpy(&left_in[offset], left_samples, s->overlap * sizeof(float));
+-    memcpy(&right_in[offset], right_samples, s->overlap * sizeof(float));
+    memcpy(&left_in[offset], left_samples, nb_samples * sizeof(float));
+    memcpy(&right_in[offset], right_samples, nb_samples * sizeof(float));
+     memset(&left_out[offset], 0, s->overlap * sizeof(float));
+     memset(&right_out[offset], 0, s->overlap * sizeof(float));
+ 
+-- 
+2.33.0
+
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@ -59,7 +59,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        6.1.1
-Release:        3
+Release:        6
 License:        GPL-3.0-or-later
 URL:            http://ffmpeg.org/
 Source0:        http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@ -67,9 +67,12 @@ Source0:        http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
 # Special patch for building chromium on riscv64
 Patch0:         avformat-get_first_dts.patch
 %endif
-
-Patch1:         0001-fix-CVE-2024-31578.patch
-Patch2:         0002-fix-CVE-2024-31582.patch
+Patch1:		fix-CVE-2023-50007.patch
+Patch2:		fix-CVE-2023-50008.patch
+Patch3:		fix-CVE-2024-31578.patch
+Patch4:		fix-CVE-2024-31582.patch
+Patch5:         fix_libsvgdec_compile_error.patch
+Patch6:         CVE-2023-49528.patch

 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@ -398,8 +401,19 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}


 %changelog
-* Mon Apr 29 2024 cenhuilin <cenhuilin@kylinos.cn> - 6.1.1-3
- fix CVE-2024-31578 CVE-2024-31582
+* Tue Jun 18 2024 happyworker <208suo@208suo.com> - 6.1.1-6
+- fix bug CVE-2023-49528.patch
+
+* Wed Jun 12 2024 technology208 <technology@208suo.com> - 6.1.1-5
+- Add patch to fix libsvdec compile error
+
+* Fri Jun 07 2024 xuchenchen <xuchenchen@kylinos.cn> - 6.1.1-4
+- fix CVE-2024-31578.patch
+- fix CVE-2024-31582.patch
+
+* Fri May 31 2024 xuchenchen <xuchenchen@kylinos.cn> - 6.1.1-3
+- fix CVE-2023-50007.patch
+- fix CVE-2023-50008.patch

 * Wed Apr 03 2024 misaka00251 <liuxin@iscas.ac.cn> - 6.1.1-2
 - Add patch to fix chromium build on riscv64 & Cleanup patches
--- a/fix-CVE-2023-50007.patch
+++ b/fix-CVE-2023-50007.patch
@ -0,0 +1,74 @@
+From b1942734c7cbcdc9034034373abcc9ecb9644c47 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Mon, 27 Nov 2023 11:45:34 +0100
+Subject: [PATCH] avfilter/af_afwtdn: fix crash with EOF handling
+
+---
+ libavfilter/af_afwtdn.c | 34 +++++++++++++++++++---------------
+ 1 file changed, 19 insertions(+), 15 deletions(-)
+
+diff --git a/libavfilter/af_afwtdn.c b/libavfilter/af_afwtdn.c
+index 0fcfa77..63b7f5f 100644
+--- a/libavfilter/af_afwtdn.c
+++ b/libavfilter/af_afwtdn.c
+@@ -408,6 +408,7 @@ typedef struct AudioFWTDNContext {
+ 
+     uint64_t sn;
+     int64_t eof_pts;
+    int eof;
+ 
+     int wavelet_type;
+     int channels;
+@@ -1069,7 +1070,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
+         s->drop_samples = 0;
+     } else {
+         if (s->padd_samples < 0 && eof) {
+-            out->nb_samples += s->padd_samples;
+            out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples);
+             s->padd_samples = 0;
+         }
+         if (!eof)
+@@ -1208,23 +1209,26 @@ static int activate(AVFilterContext *ctx)
+ 
+     FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink);
+ 
+-    ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
+-    if (ret < 0)
+-        return ret;
+-    if (ret > 0)
+-        return filter_frame(inlink, in);
+    if (!s->eof) {
+        ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
+        if (ret < 0)
+            return ret;
+        if (ret > 0)
+            return filter_frame(inlink, in);
+    }
+ 
+     if (ff_inlink_acknowledge_status(inlink, &status, &pts)) {
+-        if (status == AVERROR_EOF) {
+-            while (s->padd_samples != 0) {
+-                ret = filter_frame(inlink, NULL);
+-                if (ret < 0)
+-                    return ret;
+-            }
+-            ff_outlink_set_status(outlink, status, pts);
+-            return ret;
+-        }
+        if (status == AVERROR_EOF)
+            s->eof = 1;
+     }
+
+    if (s->eof && s->padd_samples != 0) {
+        return filter_frame(inlink, NULL);
+    } else if (s->eof) {
+        ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts);
+        return 0;
+    }
+
+     FF_FILTER_FORWARD_WANTED(outlink, inlink);
+ 
+     return FFERROR_NOT_READY;
+-- 
+2.27.0
+
--- a/fix-CVE-2023-50008.patch
+++ b/fix-CVE-2023-50008.patch
@ -0,0 +1,25 @@
+From 5f87a68cf70dafeab2fb89b42e41a4c29053b89b Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Mon, 27 Nov 2023 12:08:20 +0100
+Subject: [PATCH] avfilter/vf_colorcorrect: fix memory leaks
+
+---
+ libavfilter/vf_colorcorrect.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavfilter/vf_colorcorrect.c b/libavfilter/vf_colorcorrect.c
+index 1c4dea5..6bdec2c 100644
+--- a/libavfilter/vf_colorcorrect.c
+++ b/libavfilter/vf_colorcorrect.c
+@@ -497,6 +497,8 @@ static av_cold void uninit(AVFilterContext *ctx)
+     ColorCorrectContext *s = ctx->priv;
+ 
+     av_freep(&s->analyzeret);
+    av_freep(&s->uhistogram);
+    av_freep(&s->vhistogram);
+ }
+ 
+ static const AVFilterPad colorcorrect_inputs[] = {
+-- 
+2.27.0
+
--- a/0001-fix-CVE-2024-31578.patch
+++ b/0001-fix-CVE-2024-31578.patch
@ -40,4 +40,3 @@ index 3650d46..0ef3479 100644
 int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,
 -- 
 2.27.0
-
--- a/0002-fix-CVE-2024-31582.patch
+++ b/0002-fix-CVE-2024-31582.patch
@ -25,4 +25,3 @@ index 55d9c8c..f65ccbd 100644
 static int filter_frame(AVFilterLink *inlink, AVFrame *frame)
 -- 
 2.27.0
-
--- a/fix_libsvgdec_compile_error.patch
+++ b/fix_libsvgdec_compile_error.patch
@ -0,0 +1,27 @@
+From a414e25b60b8d11e30479d4f33fb9a94719dae8e Mon Sep 17 00:00:00 2001
+From: technology208 <technology@208suo.com>
+Date: Tue, 4 Jun 2024 10:44:30 +0800
+Subject: [PATCH] fix_libsvgdec_compile_error.patch
+
+---
+ libavcodec/librsvgdec.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavcodec/librsvgdec.c b/libavcodec/librsvgdec.c
+index c328fbc..756c26d 100644
+--- a/libavcodec/librsvgdec.c
+++ b/libavcodec/librsvgdec.c
+@@ -90,8 +90,10 @@ static int librsvg_decode_frame(AVCodecContext *avctx, AVFrame *frame,
+         goto end;
+ 
+     avctx->pix_fmt = AV_PIX_FMT_RGB32;
+#if LIBRSVG_MAJOR_VERSION > 2 || LIBRSVG_MAJOR_VERSION == 2 && LIBRSVG_MINOR_VERSION >= 52
+     viewport.width = dimensions.width;
+     viewport.height = dimensions.height;
+#endif
+ 
+     ret = ff_get_buffer(avctx, frame, 0);
+     if (ret < 0)
+-- 
+2.33.0
+