diff options
Diffstat (limited to 'meta/recipes-multimedia')
34 files changed, 566 insertions, 55 deletions
diff --git a/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.4.bb b/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.4.bb index 26542fbbbc..0d4a30a304 100644 --- a/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.4.bb +++ b/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.4.bb @@ -20,3 +20,7 @@ do_install() { PACKAGES = "${PN}" FILES_${PN} = "*" + +# remove at next version upgrade or when output changes +PR = "r1" +HASHEQUIV_HASH_VERSION .= ".1" diff --git a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.4.bb b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.4.bb index 32cf41c8fd..7787dad268 100644 --- a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.4.bb +++ b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.4.bb @@ -21,3 +21,7 @@ do_install() { PACKAGES = "${PN}" FILES_${PN} = "*" + +# remove at next version upgrade or when output changes +PR = "r1" +HASHEQUIV_HASH_VERSION .= ".1" diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch new file mode 100644 index 0000000000..4fe80cffa1 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch @@ -0,0 +1,35 @@ +From 073bad2fcae5be78c11a1623a20319107dfae9f8 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michael@niedermayer.cc> +Date: Fri, 28 May 2021 20:18:25 +0200 +Subject: [PATCH 1/5] avcodec/aacpsy: Avoid floating point division by 0 of + norm_fac + +Fixes: Ticket7995 +Fixes: CVE-2020-20446 + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + +CVE: CVE-2020-20446 +Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002] + +Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> +--- + libavcodec/aacpsy.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavcodec/aacpsy.c b/libavcodec/aacpsy.c +index fca692cb15..bd444fecdc 100644 +--- a/libavcodec/aacpsy.c ++++ b/libavcodec/aacpsy.c +@@ -794,7 +794,7 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel, + + if (pe < 1.15f * desired_pe) { + /* 6.6.1.3.6 "Final threshold modification by linearization" */ +- norm_fac = 1.0f / norm_fac; ++ norm_fac = norm_fac ? 1.0f / norm_fac : 0; + for (w = 0; w < wi->num_windows*16; w += 16) { + for (g = 0; g < num_bands; g++) { + AacPsyBand *band = &pch->band[w+g]; +-- +2.32.0 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch new file mode 100644 index 0000000000..4e430726b0 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch @@ -0,0 +1,42 @@ +From 80f9cbee46757430af0769ec999ca702be652f7f Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michael@niedermayer.cc> +Date: Fri, 28 May 2021 21:37:26 +0200 +Subject: [PATCH 2/5] avcodec/aacenc: Avoid 0 lambda + +Fixes: Ticket8003 +Fixes: CVE-2020-20453 + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + +CVE: CVE-2020-20453 +Upstream-Status: Backport [a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8] + +Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> +--- + libavcodec/aacenc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c +index db11e0ca29..9c6cb75be4 100644 +--- a/libavcodec/aacenc.c ++++ b/libavcodec/aacenc.c +@@ -28,6 +28,7 @@ + * TODOs: + * add sane pulse detection + ***********************************/ ++#include <float.h> + + #include "libavutil/libm.h" + #include "libavutil/thread.h" +@@ -856,7 +857,7 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, + /* Not so fast though */ + ratio = sqrtf(ratio); + } +- s->lambda = FFMIN(s->lambda * ratio, 65536.f); ++ s->lambda = av_clipf(s->lambda * ratio, FLT_MIN, 65536.f); + + /* Keep iterating if we must reduce and lambda is in the sky */ + if (ratio > 0.9f && ratio < 1.1f) { +-- +2.32.0 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch new file mode 100644 index 0000000000..1fdb31de7d --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch @@ -0,0 +1,44 @@ +From dce5d2c2ee991f8cd96ab74d51a2d1a134a1a645 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michael@niedermayer.cc> +Date: Sat, 29 May 2021 09:22:27 +0200 +Subject: [PATCH 3/5] avformat/movenc: Check pal_size before use + +Fixes: assertion failure +Fixes: out of array read +Fixes: Ticket8190 +Fixes: CVE-2020-22015 + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + + +CVE: CVE-2020-22015 +Upstream-Status: Backport [4c1afa292520329eecd1cc7631bc59a8cca95c46] + +Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> +--- + libavformat/movenc.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavformat/movenc.c b/libavformat/movenc.c +index c34d86522a..9603704083 100644 +--- a/libavformat/movenc.c ++++ b/libavformat/movenc.c +@@ -2094,11 +2094,13 @@ static int mov_write_video_tag(AVFormatContext *s, AVIOContext *pb, MOVMuxContex + avio_wb16(pb, 0x18); /* Reserved */ + + if (track->mode == MODE_MOV && track->par->format == AV_PIX_FMT_PAL8) { +- int pal_size = 1 << track->par->bits_per_coded_sample; +- int i; ++ int pal_size, i; + avio_wb16(pb, 0); /* Color table ID */ + avio_wb32(pb, 0); /* Color table seed */ + avio_wb16(pb, 0x8000); /* Color table flags */ ++ if (track->par->bits_per_coded_sample < 0 || track->par->bits_per_coded_sample > 8) ++ return AVERROR(EINVAL); ++ pal_size = 1 << track->par->bits_per_coded_sample; + avio_wb16(pb, pal_size - 1); /* Color table size (zero-relative) */ + for (i = 0; i < pal_size; i++) { + uint32_t rgb = track->palette[i]; +-- +2.32.0 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch new file mode 100644 index 0000000000..05cba736ff --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch @@ -0,0 +1,87 @@ +From 384177ca945395c8cf0ebbddd4b8b1eae64e900f Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michael@niedermayer.cc> +Date: Sat, 29 May 2021 11:17:35 +0200 +Subject: [PATCH 4/5] avfilter/vf_yadif: Fix handing of tiny images + +Fixes: out of array access +Fixes: Ticket8240 +Fixes: CVE-2020-22021 + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + +CVE: CVE-2020-22021 +Upstream-Status: Backport [7971f62120a55c141ec437aa3f0bacc1c1a3526b] + +Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> +--- + libavfilter/vf_yadif.c | 32 ++++++++++++++++++-------------- + 1 file changed, 18 insertions(+), 14 deletions(-) + +diff --git a/libavfilter/vf_yadif.c b/libavfilter/vf_yadif.c +index 43dea67add..06fd24ecfa 100644 +--- a/libavfilter/vf_yadif.c ++++ b/libavfilter/vf_yadif.c +@@ -123,20 +123,22 @@ static void filter_edges(void *dst1, void *prev1, void *cur1, void *next1, + uint8_t *next2 = parity ? cur : next; + + const int edge = MAX_ALIGN - 1; ++ int offset = FFMAX(w - edge, 3); + + /* Only edge pixels need to be processed here. A constant value of false + * for is_not_edge should let the compiler ignore the whole branch. */ +- FILTER(0, 3, 0) ++ FILTER(0, FFMIN(3, w), 0) + +- dst = (uint8_t*)dst1 + w - edge; +- prev = (uint8_t*)prev1 + w - edge; +- cur = (uint8_t*)cur1 + w - edge; +- next = (uint8_t*)next1 + w - edge; ++ dst = (uint8_t*)dst1 + offset; ++ prev = (uint8_t*)prev1 + offset; ++ cur = (uint8_t*)cur1 + offset; ++ next = (uint8_t*)next1 + offset; + prev2 = (uint8_t*)(parity ? prev : cur); + next2 = (uint8_t*)(parity ? cur : next); + +- FILTER(w - edge, w - 3, 1) +- FILTER(w - 3, w, 0) ++ FILTER(offset, w - 3, 1) ++ offset = FFMAX(offset, w - 3); ++ FILTER(offset, w, 0) + } + + +@@ -170,21 +172,23 @@ static void filter_edges_16bit(void *dst1, void *prev1, void *cur1, void *next1, + uint16_t *next2 = parity ? cur : next; + + const int edge = MAX_ALIGN / 2 - 1; ++ int offset = FFMAX(w - edge, 3); + + mrefs /= 2; + prefs /= 2; + +- FILTER(0, 3, 0) ++ FILTER(0, FFMIN(3, w), 0) + +- dst = (uint16_t*)dst1 + w - edge; +- prev = (uint16_t*)prev1 + w - edge; +- cur = (uint16_t*)cur1 + w - edge; +- next = (uint16_t*)next1 + w - edge; ++ dst = (uint16_t*)dst1 + offset; ++ prev = (uint16_t*)prev1 + offset; ++ cur = (uint16_t*)cur1 + offset; ++ next = (uint16_t*)next1 + offset; + prev2 = (uint16_t*)(parity ? prev : cur); + next2 = (uint16_t*)(parity ? cur : next); + +- FILTER(w - edge, w - 3, 1) +- FILTER(w - 3, w, 0) ++ FILTER(offset, w - 3, 1) ++ offset = FFMAX(offset, w - 3); ++ FILTER(offset, w, 0) + } + + static int filter_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs) +-- +2.32.0 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch new file mode 100644 index 0000000000..e98ddaaede --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch @@ -0,0 +1,39 @@ +From 2f3bf456fa641edf154a99c4586d7bf52c02a495 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michael@niedermayer.cc> +Date: Sat, 29 May 2021 09:58:31 +0200 +Subject: [PATCH 5/5] avfilter/vf_vmafmotion: Check dimensions + +Fixes: out of array access +Fixes: Ticket8241 +Fixes: Ticket8246 +Fixes: CVE-2020-22019 +Fixes: CVE-2020-22033 + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + +CVE: CVE-2020-22033 +CVE: CVE-2020-22019 +Upstream-Status: Backport [82ad1b76751bcfad5005440db48c46a4de5d6f02] + +Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> +--- + libavfilter/vf_vmafmotion.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libavfilter/vf_vmafmotion.c b/libavfilter/vf_vmafmotion.c +index 88d0b35095..0730147e7d 100644 +--- a/libavfilter/vf_vmafmotion.c ++++ b/libavfilter/vf_vmafmotion.c +@@ -238,6 +238,9 @@ int ff_vmafmotion_init(VMAFMotionData *s, + int i; + const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(fmt); + ++ if (w < 3 || h < 3) ++ return AVERROR(EINVAL); ++ + s->width = w; + s->height = h; + s->stride = FFALIGN(w * sizeof(uint16_t), 32); +-- +2.32.0 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch new file mode 100644 index 0000000000..3de7cf7e0f --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch @@ -0,0 +1,67 @@ +CVE: CVE-2021-38114 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com> + +From 662aef4aacf23b4be4c1cfaebd837e225b357e51 Mon Sep 17 00:00:00 2001 +From: maryam ebr <me22bee@outlook.com> +Date: Tue, 3 Aug 2021 01:05:47 -0400 +Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value + +Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. +crafted DNxHD data can cause unspecified impact. + +Reviewed-by: Paul B Mahol <onemda@gmail.com> +Signed-off-by: James Almer <jamrial@gmail.com> +--- + libavcodec/dnxhddec.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c +index e5d01e2e71..54f894f81b 100644 +--- a/libavcodec/dnxhddec.c ++++ b/libavcodec/dnxhddec.c +@@ -110,6 +110,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx) + + static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) + { ++ int ret; + if (cid != ctx->cid) { + int index; + +@@ -129,19 +130,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) + ff_free_vlc(&ctx->dc_vlc); + ff_free_vlc(&ctx->run_vlc); + +- init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257, ++ if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257, + ctx->cid_table->ac_bits, 1, 1, +- ctx->cid_table->ac_codes, 2, 2, 0); +- init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, ++ ctx->cid_table->ac_codes, 2, 2, 0)) < 0) ++ goto out; ++ if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, + ctx->cid_table->dc_bits, 1, 1, +- ctx->cid_table->dc_codes, 1, 1, 0); +- init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62, ++ ctx->cid_table->dc_codes, 1, 1, 0)) < 0) ++ goto out; ++ if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62, + ctx->cid_table->run_bits, 1, 1, +- ctx->cid_table->run_codes, 2, 2, 0); ++ ctx->cid_table->run_codes, 2, 2, 0)) < 0) ++ goto out; + + ctx->cid = cid; + } +- return 0; ++ ret = 0; ++out: ++ if (ret < 0) ++ av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n"); ++ return ret; + } + + static int dnxhd_get_profile(int cid) +-- +2.31.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch new file mode 100644 index 0000000000..8775acd8c5 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch @@ -0,0 +1,40 @@ +CVE: CVE-2021-38171 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com> + +From d5373a9efb10c1fa87698ee41370fb04dc2e410b Mon Sep 17 00:00:00 2001 +From: maryam ebrahimzadeh <me22bee@outlook.com> +Date: Wed, 4 Aug 2021 16:15:18 -0400 +Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in + adts_decode_extradata + +As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. +'buf' is part of 'AVPacket pkt'. +replace init_get_bits with init_get_bits8. + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +--- + libavformat/adtsenc.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c +index d937e2bea9..a1593515e1 100644 +--- a/libavformat/adtsenc.c ++++ b/libavformat/adtsenc.c +@@ -50,9 +50,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui + GetBitContext gb; + PutBitContext pb; + MPEG4AudioConfig m4ac; +- int off; ++ int off, ret; + +- init_get_bits(&gb, buf, size * 8); ++ ret = init_get_bits8(&gb, buf, size); ++ if (ret < 0) ++ return ret; + off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s); + if (off < 0) + return off; +-- +2.31.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch new file mode 100644 index 0000000000..ef1c760286 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch @@ -0,0 +1,54 @@ +CVE: CVE-2021-38291 +Upstream-Status: Backport +Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com> + +From e908bdb157fa493be2b50e2a11055d19c5254a15 Mon Sep 17 00:00:00 2001 +From: James Almer <jamrial@gmail.com> +Date: Wed, 21 Jul 2021 01:02:44 -0300 +Subject: [PATCH] avcodec/utils: don't return negative values in + av_get_audio_frame_duration() + +In some extrme cases, like with adpcm_ms samples with an extremely high channel +count, get_audio_frame_duration() may return a negative frame duration value. +Don't propagate it, and instead return 0, signaling that a duration could not +be determined. + +Fixes ticket #9312 + +Signed-off-by: James Almer <jamrial@gmail.com> +--- + libavcodec/utils.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/utils.c b/libavcodec/utils.c +index 81e34254e8..5fdb10fe09 100644 +--- a/libavcodec/utils.c ++++ b/libavcodec/utils.c +@@ -1776,20 +1776,22 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, + + int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes) + { +- return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, ++ int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, + avctx->channels, avctx->block_align, + avctx->codec_tag, avctx->bits_per_coded_sample, + avctx->bit_rate, avctx->extradata, avctx->frame_size, + frame_bytes); ++ return FFMAX(0, duration); + } + + int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes) + { +- return get_audio_frame_duration(par->codec_id, par->sample_rate, ++ int duration = get_audio_frame_duration(par->codec_id, par->sample_rate, + par->channels, par->block_align, + par->codec_tag, par->bits_per_coded_sample, + par->bit_rate, par->extradata, par->frame_size, + frame_bytes); ++ return FFMAX(0, duration); + } + + #if !HAVE_THREADS +-- +2.25.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb index 08be38ca50..2df8fc45cf 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb @@ -26,6 +26,14 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://mips64_cpu_detection.patch \ file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ + file://fix-CVE-2020-20446.patch \ + file://fix-CVE-2020-20453.patch \ + file://fix-CVE-2020-22015.patch \ + file://fix-CVE-2020-22021.patch \ + file://fix-CVE-2020-22033-CVE-2020-22019.patch \ + file://fix-CVE-2021-38291.patch \ + file://fix-CVE-2021-38171.patch \ + file://fix-CVE-2021-38114.patch \ " SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb" diff --git a/meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch b/meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch new file mode 100644 index 0000000000..b48663ae42 --- /dev/null +++ b/meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch @@ -0,0 +1,41 @@ +From e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be Mon Sep 17 00:00:00 2001 +From: Neelkamal Semwal <neelkamal.semwal@ittiam.com> +Date: Fri, 18 Dec 2020 22:28:36 +0530 +Subject: [PATCH] libFlac: Exit at EOS in verify mode + +When verify mode is enabled, once decoder flags end of stream, +encode processing is considered complete. + +CVE-2021-0561 + +Signed-off-by: Ralph Giles <giles@thaumas.net> + +Upstream-Status: Backport +CVE: CVE-2021-0561 + +Reference to upstream patch: +https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + src/libFLAC/stream_encoder.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c +index 74387ec..8bb0ef3 100644 +--- a/src/libFLAC/stream_encoder.c ++++ b/src/libFLAC/stream_encoder.c +@@ -2610,7 +2610,9 @@ FLAC__bool write_bitbuffer_(FLAC__StreamEncoder *encoder, uint32_t samples, FLAC + encoder->private_->verify.needs_magic_hack = true; + } + else { +- if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)) { ++ if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder) ++ || (!is_last_block ++ && (FLAC__stream_encoder_get_verify_decoder_state(encoder) == FLAC__STREAM_DECODER_END_OF_STREAM))) { + FLAC__bitwriter_release_buffer(encoder->private_->frame); + FLAC__bitwriter_clear(encoder->private_->frame); + if(encoder->protected_->state != FLAC__STREAM_ENCODER_VERIFY_MISMATCH_IN_AUDIO_DATA) +-- +2.23.0 + diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb b/meta/recipes-multimedia/flac/flac_1.3.3.bb index cb6692aedf..d3c352cc44 100644 --- a/meta/recipes-multimedia/flac/flac_1.3.3.bb +++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb @@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \ DEPENDS = "libogg" SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \ + file://CVE-2021-0561.patch \ " SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69" diff --git a/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.6.bb index 2a56967f7b..258a0e899c 100644 --- a/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.6.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV} file://0001-connect-has-a-different-signature-on-musl.patch \ " -SRC_URI[sha256sum] = "ffbd194c40912cb5e7fca2863648bf9dd8257b7af97d3a60c4fcd4efd8526ccf" +SRC_URI[sha256sum] = "3725622c740a635452e54b79d065f963ab7706ca2403de6c43072ae7610a0de4" DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base" RRECOMMENDS_${PN} = "git" diff --git a/meta/recipes-multimedia/gstreamer/gst-examples_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gst-examples_1.18.6.bb index 4670ab34db..5af43d1eda 100644 --- a/meta/recipes-multimedia/gstreamer/gst-examples_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gst-examples_1.18.6.bb @@ -12,7 +12,7 @@ SRC_URI = "git://gitlab.freedesktop.org/gstreamer/gst-examples.git;protocol=http file://gst-player.desktop \ " -SRCREV = "959bb246a5b1f5f9c78557da11c3f22b42ff89c0" +SRCREV = "70e4fcf4fc8ae19641aa990de5f37d758cdfcea4" S = "${WORKDIR}/git" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.6.bb index 6a84f92f31..6229bb4d62 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.6.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d \ " SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz" -SRC_URI[sha256sum] = "344a463badca216c2cef6ee36f9510c190862bdee48dc4591c0a430df7e8c396" +SRC_URI[sha256sum] = "e4e50dcd5a29441ae34de60d2221057e8064ed824bb6ca4dc0fd9ee88fbe9b81" S = "${WORKDIR}/gst-libav-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.6.bb index d38be035f9..04b5dcc4f4 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.6.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz" -SRC_URI[sha256sum] = "e35051cf891eb2f31d6fcf176ff37d985f97f33874ac31b0b3ad3b5b95035043" +SRC_URI[sha256sum] = "b5281c938e959fd2418e989cfb6065fdd9fe5f6f87ee86236c9427166e708163" S = "${WORKDIR}/gst-omx-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.6.bb index ce2082ee32..63e3488e9e 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.6.bb @@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \ file://0005-msdk-fix-includedir-path.patch \ " -SRC_URI[sha256sum] = "74e806bc5595b18c70e9ca93571e27e79dfb808e5d2e7967afa952b52e99c85f" +SRC_URI[sha256sum] = "0b1b50ac6311f0c510248b6cd64d6d3c94369344828baa602db85ded5bc70ec9" S = "${WORKDIR}/gst-plugins-bad-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.6.bb index 728a99e08b..4e7fc62ec7 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.6.bb @@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \ file://0004-glimagesink-Downrank-to-marginal.patch \ " -SRC_URI[sha256sum] = "29e53229a84d01d722f6f6db13087231cdf6113dd85c25746b9b58c3d68e8323" +SRC_URI[sha256sum] = "56a9ff2fe9e6603b9e658cf6897d412a173d2180829fe01e92568549c6bd0f5b" S = "${WORKDIR}/gst-plugins-base-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-rtpjitterbuffer-Fix-parsing-of-the-mediaclk-direct-f.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-rtpjitterbuffer-Fix-parsing-of-the-mediaclk-direct-f.patch deleted file mode 100644 index 14a9fe23aa..0000000000 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-rtpjitterbuffer-Fix-parsing-of-the-mediaclk-direct-f.patch +++ /dev/null @@ -1,33 +0,0 @@ -From ec1949dffd931d0ec7e4f67108a08ab1e2af0cfe Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> -Date: Tue, 16 Mar 2021 19:25:36 +0200 -Subject: [PATCH] rtpjitterbuffer: Fix parsing of the mediaclk:direct= field - -Due to an off-by-one when parsing the string, the most significant digit -or the clock offset was skipped when parsing the offset. - -Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/910> - -Upstream-Status: Backport [b5bb4ede3a42273fafc1054f9cf106ca527e3c26] - -Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> ---- - gst/rtpmanager/gstrtpjitterbuffer.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gst/rtpmanager/gstrtpjitterbuffer.c b/gst/rtpmanager/gstrtpjitterbuffer.c -index 60d8ad875..02fe15adc 100644 ---- a/gst/rtpmanager/gstrtpjitterbuffer.c -+++ b/gst/rtpmanager/gstrtpjitterbuffer.c -@@ -1534,7 +1534,7 @@ gst_jitter_buffer_sink_parse_caps (GstRtpJitterBuffer * jitterbuffer, - GST_DEBUG_OBJECT (jitterbuffer, "Got media clock %s", mediaclk); - - if (!g_str_has_prefix (mediaclk, "direct=") || -- !g_ascii_string_to_unsigned (&mediaclk[8], 10, 0, G_MAXUINT64, -+ !g_ascii_string_to_unsigned (&mediaclk[7], 10, 0, G_MAXUINT64, - &clock_offset, NULL)) - GST_FIXME_OBJECT (jitterbuffer, "Unsupported media clock"); - if (strstr (mediaclk, "rate=") != NULL) { --- -2.31.0 - diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.6.bb index 07cacdc68a..72ad8eff08 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.6.bb @@ -6,10 +6,9 @@ BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-${PV}.tar.xz \ file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \ - file://0002-rtpjitterbuffer-Fix-parsing-of-the-mediaclk-direct-f.patch \ " -SRC_URI[sha256sum] = "b6e50e3a9bbcd56ee6ec71c33aa8332cc9c926b0c1fae995aac8b3040ebe39b0" +SRC_URI[sha256sum] = "26723ac01fcb360ade1f41d168c7c322d8af4ceb7e55c8c12ed2690d06a76eed" S = "${WORKDIR}/gst-plugins-good-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.6.bb index 932fa7f6fb..4774a17c1e 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.6.bb @@ -13,7 +13,7 @@ LICENSE_FLAGS = "commercial" SRC_URI = " \ https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \ " -SRC_URI[sha256sum] = "218df0ce0d31e8ca9cdeb01a3b0c573172cc9c21bb3d41811c7820145623d13c" +SRC_URI[sha256sum] = "4969c409cb6a88317d2108b8577108e18623b2333d7b587ae3f39459c70e3a7f" S = "${WORKDIR}/gst-plugins-ugly-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.6.bb index 49de3dac84..1a3ae5dde6 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.6.bb @@ -8,7 +8,7 @@ LICENSE = "LGPLv2.1" LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "cb68e08a7e825e08b83a12a22dcd6e4f1b328a7b02a7ac84f42f68f4ddc7098e" +SRC_URI[sha256sum] = "bdc0ea22fbd7335ad9decc151561aacc53c51206a9735b81eac700ce5b0bbd4a" DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" RDEPENDS_${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.6.bb index f7bfe98985..f105713f33 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.6.bb @@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server" SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz" -SRC_URI[sha256sum] = "a46bb8de40b971a048580279d2660e616796f871ad3ed00c8a95fe4d273a6c94" +SRC_URI[sha256sum] = "826f32afbcf94b823541efcac4a0dacdb62f6145ef58f363095749f440262be9" S = "${WORKDIR}/${PNREAL}-${PV}" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.6.bb index a268d79541..a604b5ebce 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.6.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz" -SRC_URI[sha256sum] = "92db98af86f3150d429c9ab17e88d2364f9c07a140c8f445ed739e8f10252aea" +SRC_URI[sha256sum] = "ab6270f1e5e4546fbe6f5ea246d86ca3d196282eb863d46e6cdcc96f867449e0" S = "${WORKDIR}/${REALPN}-${PV}" DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad" diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0002-Remove-unused-valgrind-detection.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0002-Remove-unused-valgrind-detection.patch index 96abef17b0..5121044734 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0002-Remove-unused-valgrind-detection.patch +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0002-Remove-unused-valgrind-detection.patch @@ -1,4 +1,4 @@ -From 598d108e2c438d8f2ecd3bf948fa3ebbd3681490 Mon Sep 17 00:00:00 2001 +From e275ba2bd854ac15a4b65a8f07d9f042021950da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com> Date: Fri, 14 Aug 2020 16:38:26 +0100 Subject: [PATCH 2/3] Remove unused valgrind detection @@ -19,7 +19,7 @@ Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> 3 files changed, 42 deletions(-) diff --git a/gst/gst_private.h b/gst/gst_private.h -index eefd044d9..8252ede51 100644 +index eefd044..8252ede 100644 --- a/gst/gst_private.h +++ b/gst/gst_private.h @@ -116,8 +116,6 @@ G_GNUC_INTERNAL gboolean _priv_plugin_deps_env_vars_changed (GstPlugin * plugin @@ -32,12 +32,12 @@ index eefd044d9..8252ede51 100644 G_GNUC_INTERNAL void _priv_gst_quarks_initialize (void); G_GNUC_INTERNAL void _priv_gst_mini_object_initialize (void); diff --git a/gst/gstinfo.c b/gst/gstinfo.c -index 5d317877b..097f8b20d 100644 +index eea1a21..d3035d6 100644 --- a/gst/gstinfo.c +++ b/gst/gstinfo.c @@ -305,36 +305,6 @@ static gboolean pretty_tags = PRETTY_TAGS_DEFAULT; - static volatile gint G_GNUC_MAY_ALIAS __default_level = GST_LEVEL_DEFAULT; - static volatile gint G_GNUC_MAY_ALIAS __use_color = GST_DEBUG_COLOR_MODE_ON; + static gint G_GNUC_MAY_ALIAS __default_level = GST_LEVEL_DEFAULT; + static gint G_GNUC_MAY_ALIAS __use_color = GST_DEBUG_COLOR_MODE_ON; -/* FIXME: export this? */ -gboolean @@ -82,7 +82,7 @@ index 5d317877b..097f8b20d 100644 env = g_getenv ("GST_DEBUG_OPTIONS"); if (env != NULL) { if (strstr (env, "full_tags") || strstr (env, "full-tags")) -@@ -2503,12 +2470,6 @@ gst_debug_construct_win_color (guint colorinfo) +@@ -2505,12 +2472,6 @@ gst_debug_construct_win_color (guint colorinfo) return 0; } @@ -96,7 +96,7 @@ index 5d317877b..097f8b20d 100644 _gst_debug_dump_mem (GstDebugCategory * cat, const gchar * file, const gchar * func, gint line, GObject * obj, const gchar * msg, diff --git a/meson.build b/meson.build -index ce1921aa4..7a84d0981 100644 +index 82a1728..42ae617 100644 --- a/meson.build +++ b/meson.build @@ -200,7 +200,6 @@ check_headers = [ diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.6.bb index 8562070968..82fb476a47 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.4.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.6.bb @@ -21,7 +21,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x file://0003-meson-Add-option-for-installed-tests.patch \ file://0001-tests-seek-Don-t-use-too-strict-timeout-for-validati.patch \ " -SRC_URI[sha256sum] = "9aeec99b38e310817012aa2d1d76573b787af47f8a725a65b833880a094dfbc5" +SRC_URI[sha256sum] = "4ec816010dd4d3a93cf470ad0a6f25315f52b204eb1d71dfa70ab8a1c3bd06e6" PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \ check \ diff --git a/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch b/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch new file mode 100644 index 0000000000..b42d564b4b --- /dev/null +++ b/meta/recipes-multimedia/libsamplerate/libsamplerate0/shared_version_info.patch @@ -0,0 +1,13 @@ +Index: libsamplerate-0.1.8/configure.ac +=================================================================== +--- libsamplerate-0.1.8.orig/configure.ac ++++ libsamplerate-0.1.8/configure.ac +@@ -53,7 +53,7 @@ AC_PROG_LN_S + # 6. If any interfaces have been removed since the last public release, then set age + # to 0. + +-SHARED_VERSION_INFO="1:8:1" ++SHARED_VERSION_INFO="1:9:1" + + + diff --git a/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb b/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb index 6dfc42b436..8345d6880f 100644 --- a/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb +++ b/meta/recipes-multimedia/libsamplerate/libsamplerate0_0.1.9.bb @@ -10,6 +10,7 @@ PR = "r1" SRC_URI = "http://www.mega-nerd.com/SRC/libsamplerate-${PV}.tar.gz \ file://0001-configure.ac-improve-alsa-handling.patch \ + file://shared_version_info.patch \ " SRC_URI[md5sum] = "2b78ae9fe63b36b9fbb6267fad93f259" diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch new file mode 100644 index 0000000000..b0ff1a0885 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch @@ -0,0 +1,32 @@ +From 5adbc377cd90aa40f0cd56ae325ca70065a8aa19 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 13 Jan 2022 16:45:59 +0800 +Subject: [PATCH] flac: Fix improper buffer reusing + +CVE: CVE-2021-4156.patch +Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/issues/731] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + src/flac.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/flac.c b/src/flac.c +index 0be82ac..6548bba 100644 +--- a/src/flac.c ++++ b/src/flac.c +@@ -952,7 +952,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len) + /* Decode some more. */ + while (pflac->pos < pflac->len) + { if (FLAC__stream_decoder_process_single (pflac->fsd) == 0) ++ { psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ; ++ /* Current frame is busted, so NULL the pointer. */ ++ pflac->frame = NULL ; + break ; ++ } + state = FLAC__stream_decoder_get_state (pflac->fsd) ; + if (state >= FLAC__STREAM_DECODER_END_OF_STREAM) + { psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ; +-- +2.17.1 + diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index 044881a859..8eb007884e 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb @@ -20,6 +20,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \ file://CVE-2017-12562.patch \ file://CVE-2018-19758.patch \ file://CVE-2019-3832.patch \ + file://CVE-2021-4156.patch \ " SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" diff --git a/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch new file mode 100644 index 0000000000..eb16e95ffc --- /dev/null +++ b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch @@ -0,0 +1,30 @@ +Backport patch to fix CVE-2020-23903. + +CVE: CVE-2020-23903 +Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001 +From: Tristan Matthews <tmatth@videolan.org> +Date: Mon, 13 Jul 2020 23:25:03 -0400 +Subject: [PATCH] wav_io: guard against invalid channel numbers + +Fixes #13 +--- + src/wav_io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wav_io.c b/src/wav_io.c +index b5183015..09d62eb0 100644 +--- a/src/wav_io.c ++++ b/src/wav_io.c +@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32 + stmp = le_short(stmp); + *channels = stmp; + +- if (stmp>2) ++ if (stmp>2 || stmp<1) + { + fprintf (stderr, "Only mono and (intensity) stereo supported\n"); + return -1; diff --git a/meta/recipes-multimedia/speex/speex_1.2.0.bb b/meta/recipes-multimedia/speex/speex_1.2.0.bb index 3a0911d6f8..ea475f0f1b 100644 --- a/meta/recipes-multimedia/speex/speex_1.2.0.bb +++ b/meta/recipes-multimedia/speex/speex_1.2.0.bb @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=314649d8ba9dd7045dfb6683f298d0a8 \ file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50" DEPENDS = "libogg speexdsp" -SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz" +SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz \ + file://CVE-2020-23903.patch \ + " UPSTREAM_CHECK_REGEX = "speex-(?P<pver>\d+(\.\d+)+)\.tar" SRC_URI[md5sum] = "8ab7bb2589110dfaf0ed7fa7757dc49c" diff --git a/meta/recipes-multimedia/x264/x264_git.bb b/meta/recipes-multimedia/x264/x264_git.bb index f95fb0c41e..448d632145 100644 --- a/meta/recipes-multimedia/x264/x264_git.bb +++ b/meta/recipes-multimedia/x264/x264_git.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" DEPENDS = "nasm-native" -SRC_URI = "git://github.com/mirror/x264;branch=stable \ +SRC_URI = "git://github.com/mirror/x264;branch=stable;protocol=https \ file://don-t-default-to-cortex-a9-with-neon.patch \ file://Fix-X32-build-by-disabling-asm.patch \ " |