2 files changed, 86 insertions, 1 deletions
diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch
new file mode 100644
index 0000000000..db30ca2624
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch
@@ -0,0 +1,84 @@
+From 83c32b9e37f206b1b22f5cc971c817147e39273b Mon Sep 17 00:00:00 2001
+From: Dirk Farin <dirk.farin@gmail.com>
+Date: Tue, 9 Sep 2025 15:14:05 +0200
+Subject: [PATCH] check for valid integer command line parameters (#484)
+OE comment:
+This is a partial backport of the below mentioned patch, without raising
+the required c++ standard.
+CVE: CVE-2025-61147
+Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/8b17e0930f77db07f55e0b89399a8f054ddbecf7]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ dec265/dec265.cc | 35 ++++++++++++++++++++++++++++++++---
+ 1 file changed, 32 insertions(+), 3 deletions(-)
+diff --git a/dec265/dec265.cc b/dec265/dec265.cc
+index 8ddecfc2..84ec69a5 100644
+--- a/dec265/dec265.cc
+++ b/dec265/dec265.cc
+@@ -27,6 +27,9 @@
+ #define DO_MEMORY_LOGGING 0
+ 
+ #include "de265.h"
+#include <stdexcept>
+#include <iostream>
+
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+ #endif
+@@ -557,6 +560,32 @@ void (*volatile __malloc_initialize_hook)(void) = init_my_hooks;
+ #endif
+ #endif
+ 
+int parse_param(const char* arg, int lower_bound, const char* arg_name){
+  int value;
+
+  try {
+    size_t len;
+    value = std::stoi(optarg, &len);
+    if (arg[len] != 0) {
+      std::cerr << "invalid argument to " << arg_name << "\n";
+      exit(5);
+    }
+  } catch (std::invalid_argument const& ex) {
+    std::cerr << "invalid argument to " << arg_name << "\n";
+    exit(5);
+  }
+  catch (std::out_of_range const& ex) {
+    std::cerr << "argument to -T is out of range\n";
+    exit(5);
+  }
+
+  if (value < lower_bound) {
+    std::cerr << "argument to " << arg_name << " may not be smaller than " << lower_bound << "\n";
+    exit(5);
+  }
+
+  return value;
+}
+ 
+ int main(int argc, char** argv)
+ {
+@@ -573,9 +602,9 @@ int main(int argc, char** argv)
+ 
+     switch (c) {
+     case 'q': quiet++; break;
+-    case 't': nThreads=atoi(optarg); break;
+    case 't': nThreads=parse_param(optarg, 0, "-t"); break;
+     case 'c': check_hash=true; break;
+-    case 'f': max_frames=atoi(optarg); break;
+    case 'f': max_frames=parse_param(optarg, 1, "-f"); break;
+     case 'o': write_yuv=true; output_filename=optarg; break;
+     case 'h': show_help=true; break;
+     case 'd': dump_headers=true; break;
+@@ -587,7 +616,7 @@ int main(int argc, char** argv)
+     case 'm': measure_quality=true; reference_filename=optarg; break;
+     case 's': show_ssim_map=true; break;
+     case 'e': show_psnr_map=true; break;
+-    case 'T': highestTID=atoi(optarg); break;
+    case 'T': highestTID = parse_param(optarg, 0, "-T"); break;
+     case 'v': verbosity++; break;
+     }
+   }
diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb
index b082faa3b9..e32a2af51c 100644
--- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb
+++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb
@@ -11,7 +11,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f"
 SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https \
           file://CVE-2023-43887.patch \
           file://CVE-2023-47471.patch \
-"
+           file://CVE-2025-61147.patch \
+           "
 SRCREV = "a267c84707ab264928fa9b86de2ee749c48c318c"
 S = "${WORKDIR}/git"

diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch new file mode 100644 index 0000000000..db30ca2624 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2025-61147.patch
@@ -0,0 +1,84 @@
		1	From 83c32b9e37f206b1b22f5cc971c817147e39273b Mon Sep 17 00:00:00 2001
		2	From: Dirk Farin <dirk.farin@gmail.com>
		3	Date: Tue, 9 Sep 2025 15:14:05 +0200
		4	Subject: [PATCH] check for valid integer command line parameters (#484)
		5
		6	OE comment:
		7	This is a partial backport of the below mentioned patch, without raising
		8	the required c++ standard.
		9
		10	CVE: CVE-2025-61147
		11	Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/8b17e0930f77db07f55e0b89399a8f054ddbecf7]
		12	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		13	---
		14	dec265/dec265.cc \| 35 ++++++++++++++++++++++++++++++++---
		15	1 file changed, 32 insertions(+), 3 deletions(-)
		16
		17	diff --git a/dec265/dec265.cc b/dec265/dec265.cc
		18	index 8ddecfc2..84ec69a5 100644
		19	--- a/dec265/dec265.cc
		20	+++ b/dec265/dec265.cc
		21	@@ -27,6 +27,9 @@
		22	#define DO_MEMORY_LOGGING 0
		23
		24	#include "de265.h"
		25	+#include <stdexcept>
		26	+#include <iostream>
		27	+
		28	#ifdef HAVE_CONFIG_H
		29	#include "config.h"
		30	#endif
		31	@@ -557,6 +560,32 @@ void (*volatile __malloc_initialize_hook)(void) = init_my_hooks;
		32	#endif
		33	#endif
		34
		35	+int parse_param(const char* arg, int lower_bound, const char* arg_name){
		36	+ int value;
		37	+
		38	+ try {
		39	+ size_t len;
		40	+ value = std::stoi(optarg, &len);
		41	+ if (arg[len] != 0) {
		42	+ std::cerr << "invalid argument to " << arg_name << "\n";
		43	+ exit(5);
		44	+ }
		45	+ } catch (std::invalid_argument const& ex) {
		46	+ std::cerr << "invalid argument to " << arg_name << "\n";
		47	+ exit(5);
		48	+ }
		49	+ catch (std::out_of_range const& ex) {
		50	+ std::cerr << "argument to -T is out of range\n";
		51	+ exit(5);
		52	+ }
		53	+
		54	+ if (value < lower_bound) {
		55	+ std::cerr << "argument to " << arg_name << " may not be smaller than " << lower_bound << "\n";
		56	+ exit(5);
		57	+ }
		58	+
		59	+ return value;
		60	+}
		61
		62	int main(int argc, char** argv)
		63	{
		64	@@ -573,9 +602,9 @@ int main(int argc, char** argv)
		65
		66	switch (c) {
		67	case 'q': quiet++; break;
		68	- case 't': nThreads=atoi(optarg); break;
		69	+ case 't': nThreads=parse_param(optarg, 0, "-t"); break;
		70	case 'c': check_hash=true; break;
		71	- case 'f': max_frames=atoi(optarg); break;
		72	+ case 'f': max_frames=parse_param(optarg, 1, "-f"); break;
		73	case 'o': write_yuv=true; output_filename=optarg; break;
		74	case 'h': show_help=true; break;
		75	case 'd': dump_headers=true; break;
		76	@@ -587,7 +616,7 @@ int main(int argc, char** argv)
		77	case 'm': measure_quality=true; reference_filename=optarg; break;
		78	case 's': show_ssim_map=true; break;
		79	case 'e': show_psnr_map=true; break;
		80	- case 'T': highestTID=atoi(optarg); break;
		81	+ case 'T': highestTID = parse_param(optarg, 0, "-T"); break;
		82	case 'v': verbosity++; break;
		83	}
		84	}


diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb index b082faa3b9..e32a2af51c 100644 --- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb +++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb
@@ -11,7 +11,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f"
11	SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https \	11	SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https \
12	file://CVE-2023-43887.patch \	12	file://CVE-2023-43887.patch \
13	file://CVE-2023-47471.patch \	13	file://CVE-2023-47471.patch \
14	"	14	file://CVE-2025-61147.patch \
		15	"
15	SRCREV = "a267c84707ab264928fa9b86de2ee749c48c318c"	16	SRCREV = "a267c84707ab264928fa9b86de2ee749c48c318c"
16		17
17	S = "${WORKDIR}/git"	18	S = "${WORKDIR}/git"