ffmpeg: upgrade 4.3.1 -> 4.3.2

Remove 2 patches that are included in the n4.3.2 tag. The commits were cherry-picked back to the 4.3 branch so they have different commit ids than in the patches: 6d886b6586 lavf/srt: fix build fail when used the libsrt 1.4.1 a53ffb15d8 avcodec/exr: Check ymin vs. h 4f0bdff292 avformat/vividas: improve extradata packing checks in track_header() (From OE-Core rev: ffdce193f3ab5b8cb16979ee9ae29322b7294c38) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Randy MacLeod <randy.macleod@windriver.com> 2021-03-10 13:54:51 -0500
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-03-11 14:00:36 +0000
commit: 7bf522c752431159855bb69d090bc407bb197266 (patch)
tree: c239929b04b040ae166f8986de4da39ec0daff8b /meta
parent: c6f7c7989be89c8fa1edc036dad053e8e0acf4ad (diff)
download: poky-7bf522c752431159855bb69d090bc407bb197266.tar.gz
4 files changed, 1 insertions, 166 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch
deleted file mode 100644
index 7635c9196a..0000000000
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From aebb72e025cbfbd4a6765354f6f565ad4ac89789 Mon Sep 17 00:00:00 2001
-From: Jun Zhao <barryjzhao@tencent.com>
-Date: Sun, 12 Jul 2020 05:48:48 +0800
-Subject: [PATCH] lavf/srt: fix build fail when used the libsrt 1.4.1
-lavf/srt: fix build fail when used the libsrt 1.4.1
-libsrt changed the:
-SRTO_SMOOTHER   -> SRTO_CONGESTION
-SRTO_STRICTENC  -> SRTO_ENFORCEDENCRYPTION
-and removed the front of deprecated options (SRTO_SMOOTHER/SRTO_STRICTENC)
-in the header, it's lead to build fail
-fix #8760
-Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315]
-Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
-Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
---
- libavformat/libsrt.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
-index 4de575b..4719ce0 100644
--- a/libavformat/libsrt.c
-+++ b/libavformat/libsrt.c
-@@ -313,8 +313,12 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
-         (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) ||
-         (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) ||
- #if SRT_VERSION_VALUE >= 0x010302
-+#if SRT_VERSION_VALUE >= 0x010401
-+        (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
-+#else
-         /* SRTO_STRICTENC == SRTO_ENFORCEDENCRYPTION (53), but for compatibility, we used SRTO_STRICTENC */
-         (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_STRICTENC, "SRTO_STRICTENC", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
-+#endif
-         (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
-         (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||
- #endif
-@@ -333,7 +337,11 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
-         (s->lossmaxttl >= 0 && libsrt_setsockopt(h, fd, SRTO_LOSSMAXTTL, "SRTO_LOSSMAXTTL", &s->lossmaxttl, sizeof(s->lossmaxttl)) < 0) ||
-         (s->minversion >= 0 && libsrt_setsockopt(h, fd, SRTO_MINVERSION, "SRTO_MINVERSION", &s->minversion, sizeof(s->minversion)) < 0) ||
-         (s->streamid && libsrt_setsockopt(h, fd, SRTO_STREAMID, "SRTO_STREAMID", s->streamid, strlen(s->streamid)) < 0) ||
-+#if SRT_VERSION_VALUE >= 0x010401
-+        (s->smoother && libsrt_setsockopt(h, fd, SRTO_CONGESTION, "SRTO_CONGESTION", s->smoother, strlen(s->smoother)) < 0) ||
-+#else
-         (s->smoother && libsrt_setsockopt(h, fd, SRTO_SMOOTHER, "SRTO_SMOOTHER", s->smoother, strlen(s->smoother)) < 0) ||
-+#endif
-         (s->messageapi >= 0 && libsrt_setsockopt(h, fd, SRTO_MESSAGEAPI, "SRTO_MESSAGEAPI", &s->messageapi, sizeof(s->messageapi)) < 0) ||
-         (s->payload_size >= 0 && libsrt_setsockopt(h, fd, SRTO_PAYLOADSIZE, "SRTO_PAYLOADSIZE", &s->payload_size, sizeof(s->payload_size)) < 0) ||
-         ((h->flags & AVIO_FLAG_WRITE) && libsrt_setsockopt(h, fd, SRTO_SENDER, "SRTO_SENDER", &yes, sizeof(yes)) < 0)) {
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch
deleted file mode 100644
index 6b96bd674f..0000000000
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From 27a99e2c7d450fef15594671eef4465c8a166bd7 Mon Sep 17 00:00:00 2001
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Wed, 28 Oct 2020 20:11:54 +0100
-Subject: [PATCH] avformat/vividas: improve extradata packing checks in
- track_header()
-Fixes: out of array accesses
-Fixes: 26622/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6581200338288640
-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7]
-CVE: CVE-2020-35964
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
---
- libavformat/vividas.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-diff --git a/libavformat/vividas.c b/libavformat/vividas.c
-index 83d0ed116787..46c66bf9a0ae 100644
--- a/libavformat/vividas.c
-+++ b/libavformat/vividas.c
-@@ -28,6 +28,7 @@
-  * @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV
-  */
- 
-+#include "libavutil/avassert.h"
- #include "libavutil/intreadwrite.h"
- #include "avio_internal.h"
- #include "avformat.h"
-@@ -379,7 +380,7 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s,  uint8_t *
- 
-         if (avio_tell(pb) < off) {
-             int num_data;
-            int xd_size = 0;
-+            int xd_size = 1;
-             int data_len[256];
-             int offset = 1;
-             uint8_t *p;
-@@ -393,10 +394,10 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s,  uint8_t *
-                     return AVERROR_INVALIDDATA;
-                 }
-                 data_len[j] = len;
-                xd_size += len;
-+                xd_size += len + 1 + len/255;
-             }
- 
-            ret = ff_alloc_extradata(st->codecpar, 64 + xd_size + xd_size / 255);
-+            ret = ff_alloc_extradata(st->codecpar, xd_size);
-             if (ret < 0)
-                 return ret;
- 
-@@ -405,9 +406,7 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s,  uint8_t *
- 
-             for (j = 0; j < num_data - 1; j++) {
-                 unsigned delta = av_xiphlacing(&p[offset], data_len[j]);
-                if (delta > data_len[j]) {
-                    return AVERROR_INVALIDDATA;
-                }
-+                av_assert0(delta <= xd_size - offset);
-                 offset += delta;
-             }
- 
-@@ -418,6 +417,7 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s,  uint8_t *
-                     av_freep(&st->codecpar->extradata);
-                     break;
-                 }
-+                av_assert0(data_len[j] <= xd_size - offset);
-                 offset += data_len[j];
-             }
- 
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch
deleted file mode 100644
index ddab8e9aca..0000000000
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 3e5959b3457f7f1856d997261e6ac672bba49e8b Mon Sep 17 00:00:00 2001
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Sat, 24 Oct 2020 22:21:48 +0200
-Subject: [PATCH] avcodec/exr: Check ymin vs. h
-Fixes: out of array access
-Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
-Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b]
-CVE: CVE-2020-35965
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
---
- libavcodec/exr.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/libavcodec/exr.c b/libavcodec/exr.c
-index e907c5c46401..8b701d1cd298 100644
--- a/libavcodec/exr.c
-+++ b/libavcodec/exr.c
-@@ -1830,7 +1830,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
-     // Zero out the start if ymin is not 0
-     for (i = 0; i < planes; i++) {
-         ptr = picture->data[i];
-        for (y = 0; y < s->ymin; y++) {
-+        for (y = 0; y < FFMIN(s->ymin, s->h); y++) {
-             memset(ptr, 0, out_line_size);
-             ptr += picture->linesize[i];
-         }
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index bd21552332..9dd56fbba4 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -25,12 +25,9 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
           file://mips64_cpu_detection.patch \
-           file://0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch \
           file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
-           file://CVE-2020-35964.patch \
-           file://CVE-2020-35965.patch \
           "
-SRC_URI[sha256sum] = "ad009240d46e307b4e03a213a0f49c11b650e445b1f8be0dda2a9212b34d2ffb"
+SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET_armv4 = "arm"
author	Randy MacLeod <randy.macleod@windriver.com>	2021-03-10 13:54:51 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-03-11 14:00:36 +0000
commit	7bf522c752431159855bb69d090bc407bb197266 (patch)
tree	c239929b04b040ae166f8986de4da39ec0daff8b /meta
parent	c6f7c7989be89c8fa1edc036dad053e8e0acf4ad (diff)
download	poky-7bf522c752431159855bb69d090bc407bb197266.tar.gz

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch deleted file mode 100644 index 7635c9196a..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch +++ /dev/null
@@ -1,52 +0,0 @@
1	From aebb72e025cbfbd4a6765354f6f565ad4ac89789 Mon Sep 17 00:00:00 2001
2	From: Jun Zhao <barryjzhao@tencent.com>
3	Date: Sun, 12 Jul 2020 05:48:48 +0800
4	Subject: [PATCH] lavf/srt: fix build fail when used the libsrt 1.4.1
5
6	lavf/srt: fix build fail when used the libsrt 1.4.1
7
8	libsrt changed the:
9	SRTO_SMOOTHER -> SRTO_CONGESTION
10	SRTO_STRICTENC -> SRTO_ENFORCEDENCRYPTION
11	and removed the front of deprecated options (SRTO_SMOOTHER/SRTO_STRICTENC)
12	in the header, it's lead to build fail
13
14	fix #8760
15
16	Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315]
17
18	Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
19	Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
20	---
21	libavformat/libsrt.c \| 8 ++++++++
22	1 file changed, 8 insertions(+)
23
24	diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
25	index 4de575b..4719ce0 100644
26	--- a/libavformat/libsrt.c
27	+++ b/libavformat/libsrt.c
28	@@ -313,8 +313,12 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
29	(s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) \|\|
30	(s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) \|\|
31	#if SRT_VERSION_VALUE >= 0x010302
32	+#if SRT_VERSION_VALUE >= 0x010401
33	+ (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) \|\|
34	+#else
35	/* SRTO_STRICTENC == SRTO_ENFORCEDENCRYPTION (53), but for compatibility, we used SRTO_STRICTENC */
36	(s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_STRICTENC, "SRTO_STRICTENC", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) \|\|
37	+#endif
38	(s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) \|\|
39	(s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) \|\|
40	#endif
41	@@ -333,7 +337,11 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
42	(s->lossmaxttl >= 0 && libsrt_setsockopt(h, fd, SRTO_LOSSMAXTTL, "SRTO_LOSSMAXTTL", &s->lossmaxttl, sizeof(s->lossmaxttl)) < 0) \|\|
43	(s->minversion >= 0 && libsrt_setsockopt(h, fd, SRTO_MINVERSION, "SRTO_MINVERSION", &s->minversion, sizeof(s->minversion)) < 0) \|\|
44	(s->streamid && libsrt_setsockopt(h, fd, SRTO_STREAMID, "SRTO_STREAMID", s->streamid, strlen(s->streamid)) < 0) \|\|
45	+#if SRT_VERSION_VALUE >= 0x010401
46	+ (s->smoother && libsrt_setsockopt(h, fd, SRTO_CONGESTION, "SRTO_CONGESTION", s->smoother, strlen(s->smoother)) < 0) \|\|
47	+#else
48	(s->smoother && libsrt_setsockopt(h, fd, SRTO_SMOOTHER, "SRTO_SMOOTHER", s->smoother, strlen(s->smoother)) < 0) \|\|
49	+#endif
50	(s->messageapi >= 0 && libsrt_setsockopt(h, fd, SRTO_MESSAGEAPI, "SRTO_MESSAGEAPI", &s->messageapi, sizeof(s->messageapi)) < 0) \|\|
51	(s->payload_size >= 0 && libsrt_setsockopt(h, fd, SRTO_PAYLOADSIZE, "SRTO_PAYLOADSIZE", &s->payload_size, sizeof(s->payload_size)) < 0) \|\|
52	((h->flags & AVIO_FLAG_WRITE) && libsrt_setsockopt(h, fd, SRTO_SENDER, "SRTO_SENDER", &yes, sizeof(yes)) < 0)) {


diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch deleted file mode 100644 index 6b96bd674f..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch +++ /dev/null
@@ -1,75 +0,0 @@
1	From 27a99e2c7d450fef15594671eef4465c8a166bd7 Mon Sep 17 00:00:00 2001
2	From: Michael Niedermayer <michael@niedermayer.cc>
3	Date: Wed, 28 Oct 2020 20:11:54 +0100
4	Subject: [PATCH] avformat/vividas: improve extradata packing checks in
5	track_header()
6
7	Fixes: out of array accesses
8	Fixes: 26622/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6581200338288640
9
10	Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
11	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12
13	Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7]
14
15	CVE: CVE-2020-35964
16
17	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18	Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
19	---
20	libavformat/vividas.c \| 12 ++++++------
21	1 file changed, 6 insertions(+), 6 deletions(-)
22
23	diff --git a/libavformat/vividas.c b/libavformat/vividas.c
24	index 83d0ed116787..46c66bf9a0ae 100644
25	--- a/libavformat/vividas.c
26	+++ b/libavformat/vividas.c
27	@@ -28,6 +28,7 @@
28	* @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV
29	*/
30
31	+#include "libavutil/avassert.h"
32	#include "libavutil/intreadwrite.h"
33	#include "avio_internal.h"
34	#include "avformat.h"
35	@@ -379,7 +380,7 @@ static int track_header(VividasDemuxContext viv, AVFormatContext s, uint8_t *
36
37	if (avio_tell(pb) < off) {
38	int num_data;
39	- int xd_size = 0;
40	+ int xd_size = 1;
41	int data_len[256];
42	int offset = 1;
43	uint8_t *p;
44	@@ -393,10 +394,10 @@ static int track_header(VividasDemuxContext viv, AVFormatContext s, uint8_t *
45	return AVERROR_INVALIDDATA;
46	}
47	data_len[j] = len;
48	- xd_size += len;
49	+ xd_size += len + 1 + len/255;
50	}
51
52	- ret = ff_alloc_extradata(st->codecpar, 64 + xd_size + xd_size / 255);
53	+ ret = ff_alloc_extradata(st->codecpar, xd_size);
54	if (ret < 0)
55	return ret;
56
57	@@ -405,9 +406,7 @@ static int track_header(VividasDemuxContext viv, AVFormatContext s, uint8_t *
58
59	for (j = 0; j < num_data - 1; j++) {
60	unsigned delta = av_xiphlacing(&p[offset], data_len[j]);
61	- if (delta > data_len[j]) {
62	- return AVERROR_INVALIDDATA;
63	- }
64	+ av_assert0(delta <= xd_size - offset);
65	offset += delta;
66	}
67
68	@@ -418,6 +417,7 @@ static int track_header(VividasDemuxContext viv, AVFormatContext s, uint8_t *
69	av_freep(&st->codecpar->extradata);
70	break;
71	}
72	+ av_assert0(data_len[j] <= xd_size - offset);
73	offset += data_len[j];
74	}
75


diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch deleted file mode 100644 index ddab8e9aca..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch +++ /dev/null
@@ -1,35 +0,0 @@
1	From 3e5959b3457f7f1856d997261e6ac672bba49e8b Mon Sep 17 00:00:00 2001
2	From: Michael Niedermayer <michael@niedermayer.cc>
3	Date: Sat, 24 Oct 2020 22:21:48 +0200
4	Subject: [PATCH] avcodec/exr: Check ymin vs. h
5
6	Fixes: out of array access
7	Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
8	Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
9
10	Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
11	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12
13	Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b]
14
15	CVE: CVE-2020-35965
16
17	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18	Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
19	---
20	libavcodec/exr.c \| 2 +-
21	1 file changed, 1 insertion(+), 1 deletion(-)
22
23	diff --git a/libavcodec/exr.c b/libavcodec/exr.c
24	index e907c5c46401..8b701d1cd298 100644
25	--- a/libavcodec/exr.c
26	+++ b/libavcodec/exr.c
27	@@ -1830,7 +1830,7 @@ static int decode_frame(AVCodecContext avctx, void data,
28	// Zero out the start if ymin is not 0
29	for (i = 0; i < planes; i++) {
30	ptr = picture->data[i];
31	- for (y = 0; y < s->ymin; y++) {
32	+ for (y = 0; y < FFMIN(s->ymin, s->h); y++) {
33	memset(ptr, 0, out_line_size);
34	ptr += picture->linesize[i];
35	}


diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb index bd21552332..9dd56fbba4 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -25,12 +25,9 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
25		25
26	SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \	26	SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
27	file://mips64_cpu_detection.patch \	27	file://mips64_cpu_detection.patch \
28	file://0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch \
29	file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \	28	file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
30	file://CVE-2020-35964.patch \
31	file://CVE-2020-35965.patch \
32	"	29	"
33	SRC_URI[sha256sum] = "ad009240d46e307b4e03a213a0f49c11b650e445b1f8be0dda2a9212b34d2ffb"	30	SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
34		31
35	# Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717	32	# Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
36	ARM_INSTRUCTION_SET_armv4 = "arm"	33	ARM_INSTRUCTION_SET_armv4 = "arm"