From: Archana Polampalli Date: Wed, 20 Aug 2025 06:58:11 +0000 (+0530) Subject: ffmpeg: upgrade 6.1.2 -> 6.1.3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=901304a22413030b9744006ae18b587146b71953;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git ffmpeg: upgrade 6.1.2 -> 6.1.3 Fixes: CVE-2023-6604 CVE-2023-6602 CVE-2025-7700 Changelog: https://github.com/FFmpeg/FFmpeg/blob/n6.1.3/Changelog Removed the CVE patches which are already fixed with this upgrade ref: https://github.com/FFmpeg/FFmpeg/commit/c104119c6b5e00496c5ff14071c85f95c98b7ae5 https://github.com/FFmpeg/FFmpeg/commit/7d79d0a43b5533ff584249332bc1db7fedbab1d2 https://github.com/FFmpeg/FFmpeg/commit/a4b6e37ad5f50454974fa22cc8f19d83cdaff0eb https://github.com/FFmpeg/FFmpeg/commit/efedc1d1b6aef2481cf613a11992b1dce6320055 https://github.com/FFmpeg/FFmpeg/commit/dcf34f13f516aa0e214384f3185aff306feba01d https://github.com/FFmpeg/FFmpeg/commit/bed04417b4d38af7a1b477b24ea6e26547e32373 https://github.com/FFmpeg/FFmpeg/commit/b43a12363c1fef0efa7eac15b6b830417656db15 https://github.com/FFmpeg/FFmpeg/commit/e2b20632b8c71a4e174511f8ff6e8342e0c63bd3 https://github.com/FFmpeg/FFmpeg/commit/43f64690ad9df72976bcbd6ea9e41b2542db2464 Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch deleted file mode 100644 index 80d542952a6..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4adb93dff05dd947878c67784d98c9a4e13b57a7 Mon Sep 17 00:00:00 2001 -From: Paul B Mahol -Date: Thu, 23 Nov 2023 14:58:35 +0100 -Subject: [PATCH] avfilter/asrc_afirsrc: fix by one smaller allocation of - buffer - -CVE: CVE-2023-49501 - -Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/4adb93dff05dd947878c67784d98c9a4e13b57a7] - -Signed-off-by: Archana Polampalli ---- - libavfilter/asrc_afirsrc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libavfilter/asrc_afirsrc.c b/libavfilter/asrc_afirsrc.c -index e2359c1..ea04c35 100644 ---- a/libavfilter/asrc_afirsrc.c -+++ b/libavfilter/asrc_afirsrc.c -@@ -480,7 +480,7 @@ static av_cold int config_eq_output(AVFilterLink *outlink) - if (ret < 0) - return ret; - -- s->magnitude = av_calloc(s->nb_magnitude, sizeof(*s->magnitude)); -+ s->magnitude = av_calloc(s->nb_magnitude + 1, sizeof(*s->magnitude)); - if (!s->magnitude) - return AVERROR(ENOMEM); - memcpy(s->magnitude, eq_presets[s->preset].gains, sizeof(*s->magnitude) * s->nb_magnitude); --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49502.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49502.patch deleted file mode 100644 index bc78a46d035..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49502.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 737ede405b11a37fdd61d19cf25df296a0cb0b75 Mon Sep 17 00:00:00 2001 -From: Cosmin Stejerean -Date: Wed, 6 Dec 2023 18:39:32 +0800 -Subject: [PATCH] avfilter/bwdif: account for chroma sub-sampling in min size - calculation - -The current logic for detecting frames that are too small for the -algorithm does not account for chroma sub-sampling, and so a sample -where the luma plane is large enough, but the chroma planes are not -will not be rejected. In that event, a heap overflow will occur. - -This change adjusts the logic to consider the chroma planes and makes -the change to all three bwdif implementations. - -Fixes #10688 - -Signed-off-by: Cosmin Stejerean -Reviewed-by: Thomas Mundt -Signed-off-by: Philip Langdale - -CVE: CVE-2023-49502 - -Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/737ede405b11a37f] - -Signed-off-by: Archana Polampalli ---- - libavfilter/vf_bwdif.c | 9 +++++---- - libavfilter/vf_bwdif_cuda.c | 11 ++++++----- - libavfilter/vf_bwdif_vulkan.c | 11 +++++------ - 3 files changed, 16 insertions(+), 15 deletions(-) - -diff --git a/libavfilter/vf_bwdif.c b/libavfilter/vf_bwdif.c -index 137cd5e..353cd0b 100644 ---- a/libavfilter/vf_bwdif.c -+++ b/libavfilter/vf_bwdif.c -@@ -191,13 +191,14 @@ static int config_props(AVFilterLink *link) - return ret; - } - -- if (link->w < 3 || link->h < 4) { -- av_log(ctx, AV_LOG_ERROR, "Video of less than 3 columns or 4 lines is not supported\n"); -+ yadif->csp = av_pix_fmt_desc_get(link->format); -+ yadif->filter = filter; -+ -+ if (AV_CEIL_RSHIFT(link->w, yadif->csp->log2_chroma_w) < 3 || AV_CEIL_RSHIFT(link->h, yadif->csp->log2_chroma_h) < 4) { -+ av_log(ctx, AV_LOG_ERROR, "Video with planes less than 3 columns or 4 lines is not supported\n"); - return AVERROR(EINVAL); - } - -- yadif->csp = av_pix_fmt_desc_get(link->format); -- yadif->filter = filter; - ff_bwdif_init_filter_line(&s->dsp, yadif->csp->comp[0].depth); - - return 0; -diff --git a/libavfilter/vf_bwdif_cuda.c b/libavfilter/vf_bwdif_cuda.c -index a5ecfba..418f15f 100644 ---- a/libavfilter/vf_bwdif_cuda.c -+++ b/libavfilter/vf_bwdif_cuda.c -@@ -296,15 +296,16 @@ static int config_output(AVFilterLink *link) - link->frame_rate = av_mul_q(ctx->inputs[0]->frame_rate, - (AVRational){2, 1}); - -- if (link->w < 3 || link->h < 3) { -- av_log(ctx, AV_LOG_ERROR, "Video of less than 3 columns or lines is not supported\n"); -- ret = AVERROR(EINVAL); -- goto exit; -- } - - y->csp = av_pix_fmt_desc_get(output_frames->sw_format); - y->filter = filter; - -+ if (AV_CEIL_RSHIFT(link->w, y->csp->log2_chroma_w) < 3 || AV_CEIL_RSHIFT(link->h, y->csp->log2_chroma_h) < 3) { -+ av_log(ctx, AV_LOG_ERROR, "Video with planes less than 3 columns or lines is not supported\n"); -+ ret = AVERROR(EINVAL); -+ goto exit; -+ } -+ - ret = CHECK_CU(cu->cuCtxPushCurrent(s->hwctx->cuda_ctx)); - if (ret < 0) - goto exit; -diff --git a/libavfilter/vf_bwdif_vulkan.c b/libavfilter/vf_bwdif_vulkan.c -index 690a89c..c51df9a 100644 ---- a/libavfilter/vf_bwdif_vulkan.c -+++ b/libavfilter/vf_bwdif_vulkan.c -@@ -362,15 +362,14 @@ static int bwdif_vulkan_config_output(AVFilterLink *outlink) - outlink->frame_rate = av_mul_q(avctx->inputs[0]->frame_rate, - (AVRational){2, 1}); - -- if (outlink->w < 4 || outlink->h < 4) { -- av_log(avctx, AV_LOG_ERROR, "Video of less than 4 columns or lines is not " -- "supported\n"); -- return AVERROR(EINVAL); -- } -- - y->csp = av_pix_fmt_desc_get(vkctx->frames->sw_format); - y->filter = bwdif_vulkan_filter_frame; - -+ if (AV_CEIL_RSHIFT(outlink->w, y->csp->log2_chroma_w) < 4 || AV_CEIL_RSHIFT(outlink->h, y->csp->log2_chroma_h) < 4) { -+ av_log(avctx, AV_LOG_ERROR, "Video with planes less than 4 columns or lines is not supported\n"); -+ return AVERROR(EINVAL); -+ } -+ - return init_filter(avctx); - } - --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch deleted file mode 100644 index d86e39707e5..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch +++ /dev/null @@ -1,78 +0,0 @@ -From b1942734c7cbcdc9034034373abcc9ecb9644c47 Mon Sep 17 00:00:00 2001 -From: Paul B Mahol -Date: Mon, 27 Nov 2023 11:45:34 +0100 -Subject: [PATCH 2/3] avfilter/af_afwtdn: fix crash with EOF handling - -CVE: CVE-2023-50007 - -Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47] - -Signed-off-by: Archana Polampalli ---- - libavfilter/af_afwtdn.c | 34 +++++++++++++++++++--------------- - 1 file changed, 19 insertions(+), 15 deletions(-) - -diff --git a/libavfilter/af_afwtdn.c b/libavfilter/af_afwtdn.c -index 0fcfa77..63b7f5f 100644 ---- a/libavfilter/af_afwtdn.c -+++ b/libavfilter/af_afwtdn.c -@@ -408,6 +408,7 @@ typedef struct AudioFWTDNContext { - - uint64_t sn; - int64_t eof_pts; -+ int eof; - - int wavelet_type; - int channels; -@@ -1069,7 +1070,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) - s->drop_samples = 0; - } else { - if (s->padd_samples < 0 && eof) { -- out->nb_samples += s->padd_samples; -+ out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples); - s->padd_samples = 0; - } - if (!eof) -@@ -1208,23 +1209,26 @@ static int activate(AVFilterContext *ctx) - - FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink); - -- ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in); -- if (ret < 0) -- return ret; -- if (ret > 0) -- return filter_frame(inlink, in); -+ if (!s->eof) { -+ ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in); -+ if (ret < 0) -+ return ret; -+ if (ret > 0) -+ return filter_frame(inlink, in); -+ } - - if (ff_inlink_acknowledge_status(inlink, &status, &pts)) { -- if (status == AVERROR_EOF) { -- while (s->padd_samples != 0) { -- ret = filter_frame(inlink, NULL); -- if (ret < 0) -- return ret; -- } -- ff_outlink_set_status(outlink, status, pts); -- return ret; -- } -+ if (status == AVERROR_EOF) -+ s->eof = 1; - } -+ -+ if (s->eof && s->padd_samples != 0) { -+ return filter_frame(inlink, NULL); -+ } else if (s->eof) { -+ ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts); -+ return 0; -+ } -+ - FF_FILTER_FORWARD_WANTED(outlink, inlink); - - return FFERROR_NOT_READY; --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch deleted file mode 100644 index 4b8935628f5..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50008.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 5f87a68cf70dafeab2fb89b42e41a4c29053b89b Mon Sep 17 00:00:00 2001 -From: Paul B Mahol -Date: Mon, 27 Nov 2023 12:08:20 +0100 -Subject: [PATCH] avfilter/vf_colorcorrect: fix memory leaks - -CVE: CVE-2023-50008 - -Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b] - -Signed-off-by: Archana Polampalli ---- - libavfilter/vf_colorcorrect.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libavfilter/vf_colorcorrect.c b/libavfilter/vf_colorcorrect.c -index 1c4dea5..6bdec2c 100644 ---- a/libavfilter/vf_colorcorrect.c -+++ b/libavfilter/vf_colorcorrect.c -@@ -497,6 +497,8 @@ static av_cold void uninit(AVFilterContext *ctx) - ColorCorrectContext *s = ctx->priv; - - av_freep(&s->analyzeret); -+ av_freep(&s->uhistogram); -+ av_freep(&s->vhistogram); - } - - static const AVFilterPad colorcorrect_inputs[] = { --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch deleted file mode 100644 index f8e7e1283b4..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31578.patch +++ /dev/null @@ -1,49 +0,0 @@ -From edeeb35cecb5bc0d433b14dd0e544ae826b7ece5 Mon Sep 17 00:00:00 2001 -From: Zhao Zhili -Date: Tue, 20 Feb 2024 20:08:55 +0800 -Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant - -Fix heap use after free when vulkan_frames_init failed. - -Signed-off-by: Zhao Zhili - -CVE: CVE-2024-31578 - -Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83] - -Signed-off-by: Archana Polampalli ---- - libavutil/hwcontext.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c -index 3650d46..0ef3479 100644 ---- a/libavutil/hwcontext.c -+++ b/libavutil/hwcontext.c -@@ -363,7 +363,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref) - if (ctx->internal->hw_type->frames_init) { - ret = ctx->internal->hw_type->frames_init(ctx); - if (ret < 0) -- goto fail; -+ return ret; - } - - if (ctx->internal->pool_internal && !ctx->pool) -@@ -373,14 +373,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref) - if (ctx->initial_pool_size > 0) { - ret = hwframe_pool_prealloc(ref); - if (ret < 0) -- goto fail; -+ return ret; - } - - return 0; --fail: -- if (ctx->internal->hw_type->frames_uninit) -- ctx->internal->hw_type->frames_uninit(ctx); -- return ret; - } - - int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref, --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch deleted file mode 100644 index 2ade3ab6b1a..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 1d1a05b393ece9fa3df825bfef3724b7370aefdc Mon Sep 17 00:00:00 2001 -From: Zhao Zhili -Date: Fri, 29 Dec 2023 05:56:43 +0800 -Subject: [PATCH] avfilter/vf_codecview: fix heap buffer overflow - -And improve the performance by a little bit. - -Signed-off-by: Zhao Zhili - -CVE: CVE-2024-31582 - -Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2] - -Signed-off-by: Archana Polampalli ---- - libavfilter/vf_codecview.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/libavfilter/vf_codecview.c b/libavfilter/vf_codecview.c -index 55d9c8c..f65ccbd 100644 ---- a/libavfilter/vf_codecview.c -+++ b/libavfilter/vf_codecview.c -@@ -216,9 +216,6 @@ static void draw_block_rectangle(uint8_t *buf, int sx, int sy, int w, int h, ptr - buf[sx + w - 1] = color; - buf += stride; - } -- -- for (int x = sx; x < sx + w; x++) -- buf[x] = color; - } - - static int filter_frame(AVFilterLink *inlink, AVFrame *frame) --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch deleted file mode 100644 index a1bec43c666..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 Mon Sep 17 00:00:00 2001 -From: Andreas Rheinhardt -Date: Wed, 13 Mar 2024 02:10:26 +0100 -Subject: [PATCH] avcodec/ppc/vp8dsp_altivec: Fix out-of-bounds access - -h_subpel_filters_inner[i] and h_subpel_filters_outer[i / 2] -belong together and the former allows the range 0..6, -so the latter needs to support 0..3. But it has only three -elements. Add another one. -The value for the last element has been guesstimated -from subpel_filters in libavcodec/vp8dsp.c. - -This is also intended to fix FATE-failures with UBSan here: -https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu - -Tested-by: Sean McGovern -Signed-off-by: Andreas Rheinhardt - -CVE: CVE-2024-35367 - -Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667] - -Signed-off-by: Archana Polampalli ---- - libavcodec/ppc/vp8dsp_altivec.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libavcodec/ppc/vp8dsp_altivec.c b/libavcodec/ppc/vp8dsp_altivec.c -index 12dac8b..061914f 100644 ---- a/libavcodec/ppc/vp8dsp_altivec.c -+++ b/libavcodec/ppc/vp8dsp_altivec.c -@@ -50,11 +50,12 @@ static const vec_s8 h_subpel_filters_inner[7] = - // for 6tap filters, these are the outer two taps - // The zeros mask off pixels 4-7 when filtering 0-3 - // and vice-versa --static const vec_s8 h_subpel_filters_outer[3] = -+static const vec_s8 h_subpel_filters_outer[4] = - { - REPT4(0, 0, 2, 1), - REPT4(0, 0, 3, 3), - REPT4(0, 0, 1, 2), -+ REPT4(0, 0, 0, 0), - }; - - #define LOAD_H_SUBPEL_FILTER(i) \ --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch deleted file mode 100644 index 7b802762eb9..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 4513300989502090c4fd6560544dce399a8cd53c Mon Sep 17 00:00:00 2001 -From: Andreas Rheinhardt -Date: Sun, 24 Sep 2023 13:15:48 +0200 -Subject: [PATCH] avcodec/rkmppdec: Fix double-free on error - -After having created the AVBuffer that is put into frame->buf[0], -ownership of several objects (namely an AVDRMFrameDescriptor, -an MppFrame and some AVBufferRefs framecontextref and decoder_ref) -has passed to the AVBuffer and therefore to the frame. -Yet it has nevertheless been freed manually on error -afterwards, which would lead to a double-free as soon -as the AVFrame is unreferenced. - -Signed-off-by: Andreas Rheinhardt - -CVE: CVE-2024-35368 - -Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c] - -Signed-off-by: Archana Polampalli ---- - libavcodec/rkmppdec.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libavcodec/rkmppdec.c b/libavcodec/rkmppdec.c -index 5768568..2ca368e 100644 ---- a/libavcodec/rkmppdec.c -+++ b/libavcodec/rkmppdec.c -@@ -462,8 +462,8 @@ static int rkmpp_retrieve_frame(AVCodecContext *avctx, AVFrame *frame) - - frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref); - if (!frame->hw_frames_ctx) { -- ret = AVERROR(ENOMEM); -- goto fail; -+ av_frame_unref(frame); -+ return AVERROR(ENOMEM); - } - - return 0; --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch deleted file mode 100644 index d3e02bebe60..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Mon, 6 Jan 2025 22:01:39 +0100 -Subject: [PATCH] avfilter/af_pan: Fix sscanf() use - -Fixes: Memory Data Leak - -Found-by: Simcha Kosman -Signed-off-by: Michael Niedermayer - -CVE: CVE-2025-0518 - -Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a] - -Signed-off-by: Archana Polampalli ---- - libavfilter/af_pan.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c -index cfed9f1..ffcd214 100644 ---- a/libavfilter/af_pan.c -+++ b/libavfilter/af_pan.c -@@ -165,7 +165,7 @@ static av_cold int init(AVFilterContext *ctx) - sign = 1; - while (1) { - gain = 1; -- if (sscanf(arg, "%lf%n *%n", &gain, &len, &len)) -+ if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1) - arg += len; - if (parse_channel_name(&arg, &in_ch_id, &named)){ - av_log(ctx, AV_LOG_ERROR, --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch deleted file mode 100644 index f895576de3c..00000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 1446e37d3d032e1452844778b3e6ba2c20f0c322 Mon Sep 17 00:00:00 2001 -From: James Almer -Date: Mon, 30 Dec 2024 00:25:41 -0300 -Subject: [PATCH] avfilter/buffersrc: check for valid sample rate - -A sample rate <= 0 is invalid. - -Fixes an assert in ffmpeg_enc.c that assumed a valid sample rate would be set. -Fixes ticket #11385. - -Signed-off-by: James Almer - -CVE: CVE-2025-22919 - -Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1446e37d3d032e1452844778b3e6ba2c20f0c322] - -Signed-off-by: Archana Polampalli ---- - libavfilter/buffersrc.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/libavfilter/buffersrc.c b/libavfilter/buffersrc.c -index 453fc0f..f49aa91 100644 ---- a/libavfilter/buffersrc.c -+++ b/libavfilter/buffersrc.c -@@ -401,6 +401,11 @@ FF_ENABLE_DEPRECATION_WARNINGS - av_channel_layout_describe(&s->ch_layout, buf, sizeof(buf)); - } - -+ if (s->sample_rate <= 0) { -+ av_log(ctx, AV_LOG_ERROR, "Sample rate not set\n"); -+ return AVERROR(EINVAL); -+ } -+ - if (!s->time_base.num) - s->time_base = (AVRational){1, s->sample_rate}; - --- -2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb similarity index 95% rename from meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb rename to meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb index a789980dde7..c0112757f0c 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb @@ -27,26 +27,16 @@ SRC_URI = " \ file://av1_ordering_info.patch \ file://vulkan_av1_stable_API.patch \ file://vulkan_fix_gcc14.patch \ - file://CVE-2023-49502.patch \ - file://CVE-2024-31578.patch \ - file://CVE-2024-31582.patch \ - file://CVE-2023-50008.patch \ - file://CVE-2023-49501.patch \ file://CVE-2024-28661.patch \ - file://CVE-2023-50007.patch \ file://CVE-2023-49528.patch \ - file://CVE-2024-35367.patch \ - file://CVE-2024-35368.patch \ file://CVE-2024-35365.patch \ file://CVE-2024-36618.patch \ file://CVE-2024-35369.patch \ file://CVE-2025-25473.patch \ - file://CVE-2025-22919.patch \ file://CVE-2025-22921.patch \ - file://CVE-2025-0518.patch \ " -SRC_URI[sha256sum] = "3b624649725ecdc565c903ca6643d41f33bd49239922e45c9b1442c63dca4e38" +SRC_URI[sha256sum] = "bc5f1e4a4d283a6492354684ee1124129c52293bcfc6a9169193539fbece3487" # https://nvd.nist.gov/vuln/detail/CVE-2023-39018 # https://github.com/bramp/ffmpeg-cli-wrapper/issues/291