| Message ID | 20241016101644.27269-1-mail2szahir@gmail.com |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [kirkstone] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT | expand |
Could you also send this patch for master? Since the issue also exists in master, we'll need to fix it there before I can take the patch for the stable branches. Thanks! Steve On Wed, Oct 16, 2024 at 3:17 AM aszh07 via lists.openembedded.org <mail2szahir=gmail.com@lists.openembedded.org> wrote: > > Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg". > > However, there are also vulnerabilities where the product is "libswresample", > and "libavcodec" as shown below. > https://app.opencve.io/vendors/?vendor=ffmpeg > > Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities > where the product is "libswresample libavcodec" as well. > > Signed-off-by: aszh07 <mail2szahir@gmail.com> > --- > meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > index 1295d5cdf1..022220b58f 100644 > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > @@ -186,3 +186,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel" > INSANE_SKIP:${MLPREFIX}libswscale = "textrel" > INSANE_SKIP:${MLPREFIX}libswresample = "textrel" > INSANE_SKIP:${MLPREFIX}libpostproc = "textrel" > + > +CVE_PRODUCT = "ffmpeg libswresample libavcodec" > -- > 2.17.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#205961): https://lists.openembedded.org/g/openembedded-core/message/205961 > Mute This Topic: https://lists.openembedded.org/mt/109041180/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi Steve, This changes are already upstreamed to master. It also got integrated to master. https://git.yoctoproject.org/poky/commit/?id=22c08cab4db89dc3d41ab22cfe0482c1483391dd Thanks! Zahir
Hi Steve, Could you please check why still these changes are not integrated in kirkstone branch? These changes are already upstreamed to master. It also got integrated to master. https://git.yoctoproject.org/poky/commit/?id=22c08cab4db89dc3d41ab22cfe0482c1483391dd Thanks! Zahir
Hi Steve, Could you please check why still these changes are not integrated in kirkstone branch? These changes are already upstreamed to master. It also got integrated to master. https://git.yoctoproject.org/poky/commit/?id=22c08cab4db89dc3d41ab22cfe0482c1483391dd Thanks! Zahir
On 5/13/25 12:32, aszh07 via lists.openembedded.org wrote: > Hi Steve, > > Could you please check why still these changes are not integrated in > kirkstone branch? Try to send the patch once again. In patchwork it seems to be stuck in "waiting for upstream" status, and I suspect it got buried under other things considering that you kept following it up diligently without feedback- a fresh patch will be more visible. > > These changes are already upstreamed to master. It also got integrated > to master. > https://git.yoctoproject.org/poky/commit/?id=22c08cab4db89dc3d41ab22cfe0482c1483391dd > > Thanks! > Zahir > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#216410): https://lists.openembedded.org/g/openembedded-core/message/216410 > Mute This Topic: https://lists.openembedded.org/mt/109041180/6084445 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [skandigraun@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 1295d5cdf1..022220b58f 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -186,3 +186,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel" INSANE_SKIP:${MLPREFIX}libswscale = "textrel" INSANE_SKIP:${MLPREFIX}libswresample = "textrel" INSANE_SKIP:${MLPREFIX}libpostproc = "textrel" + +CVE_PRODUCT = "ffmpeg libswresample libavcodec"
Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg". However, there are also vulnerabilities where the product is "libswresample", and "libavcodec" as shown below. https://app.opencve.io/vendors/?vendor=ffmpeg Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities where the product is "libswresample libavcodec" as well. Signed-off-by: aszh07 <mail2szahir@gmail.com> --- meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 2 ++ 1 file changed, 2 insertions(+)