From patchwork Fri Jan 9 23:43:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 78399 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6132FD277C6 for ; Fri, 9 Jan 2026 23:44:06 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1248.1768002239254724393 for ; Fri, 09 Jan 2026 15:43:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=OWogsWA8; spf=pass (domain: gmail.com, ip: 209.85.214.176, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-2a3e89aa5d0so35133595ad.1 for ; Fri, 09 Jan 2026 15:43:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768002238; x=1768607038; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=gOH+43RQ6BYrc7UFsX9kR8YvVGUjGlQ1/Ejm8au3NwE=; b=OWogsWA8oyqMwOPTdSgSLBS35O4/IyflD2qEiaK1RQ7w9nsdnpolCt5U96ZxXQlkjP 8bUxWTf6bxb1bBfLaHpCprNcCIX1B+Zb8XdawjJdwL3krCMtgsk23P1Eg2i+RcpHc/u6 NhSCW22MZjtKAodK165tg8ppgmBRi5z850y34hGaY3APiFc8US/9op8wPK8oTlyjiQZe 3eumDhhfaSa6dTPGgWmUr4m1WpmnmzBOm1R8ZHVzNg7XrH93DaUzZ5ixx9dpA17fIcFP ZFJQcTuzNVFzyuYaruJkae708xqnRg4HHzX04if+5V7xLC3H6kGPmA6MpJGGMyhSwEW+ Hibw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768002238; x=1768607038; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=gOH+43RQ6BYrc7UFsX9kR8YvVGUjGlQ1/Ejm8au3NwE=; b=vejoekLWHRmL85LNmVCuzHccvoUpGybv3ELfjdSI0mp2htqPa72QcL+CKUJ2Y2eBGc 4HcU1bn5F+UgQnn0T+4Gv19b4srqH7McnLLW9PNjkJFeDAo7Stuz72rVu5BTW4JZb+UM TX4Q2OCRkJWuirWItInFe5KKgHC7kQFO4G5ag5wyOeVjf+VPzxVhgpOK43GtPp8A+BVV 3wM8Lq3oVUPCCznSxehpvKySOLMnK7iAWGO1iofbuMjZgRU9TV2UE/tJFoQUufLy2oUF lWU9wj8KUgObgIWBQnErpPRE2n+0c+icZR7/N1y+2aw5ysK4mB6sr9qG4khSxl4NyNeL lL7g== X-Gm-Message-State: AOJu0Yx1nEq5jPQ3bBjsU901RB7NRitISlzmu1lENMBj3YTYgeNvBq8b 2Whw/94q+YmyqVD8bJcDgpl1GlqIxMHUhmHj5TFY0tqDfVCvY1bgn1bYrxrPIw== X-Gm-Gg: AY/fxX6/WOzROnnRnHHqyXzurCIpjxYVbqeGmWo+eNc9G7WscaAdXEMoAC6R3nOTe7G EUyfnb6dAcxU5LKKQvBzGj42L2l0ShI3mG50AHaia3jQnaOx2Maq5BVoIwxqpygay+hRIMnO+XW 1TqwLXJ46AiD7oTvJ0NHiW1hNmKy97NzDqTt2mmlpaHJSmV9Wgdl59JyIGBl26vIwDT2xP/H1MZ 2/fqw6Wb2DZ0mMxxniSo56JN3i6VnMx/2gSlnKRCXH/7tkbqChNlV2ck2da2BaJVWEcsOngTy8+ 2qFhiJJ1viCSVvf+GPThViO/pKawRHxMyr5/0jcgtMja+PI9uZ0RJlByhKVPMi8rWdNO++Ceo8H 51riTiACuHu3wM6R1x3MymrHRZTg1+jFSEt/vhCyU7A5118V+BBZjpWIJYPTOAfcOAAtzVhx8d7 SEkzw3qSmcH1GMTgSysWZGlAg= X-Google-Smtp-Source: AGHT+IH2ZX7IS5YhHjtJi/GaTrH18TKJd4gNQUd+M796KNCPDWr85381/xp9B3QIXAwQaJUKsHq75g== X-Received: by 2002:a17:902:ef0c:b0:2a0:9e9d:e8cf with SMTP id d9443c01a7336-2a3ee4bb973mr115506185ad.57.1768002238366; Fri, 09 Jan 2026 15:43:58 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([167.103.127.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a3e3c3a31dsm113934675ad.9.2026.01.09.15.43.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jan 2026 15:43:57 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-multimedia][scarthgap][PATCH 1/5] libde265: patch CVE-2023-43887 Date: Sat, 10 Jan 2026 12:43:42 +1300 Message-ID: <20260109234346.3098858-1-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 09 Jan 2026 23:44:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123313 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2023-43887 Signed-off-by: Ankur Tyagi --- .../libde265/libde265/CVE-2023-43887.patch | 39 +++++++++++++++++++ .../libde265/libde265_1.0.12.bb | 4 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch new file mode 100644 index 0000000000..f8ab0e1e40 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-43887.patch @@ -0,0 +1,39 @@ +From e31a5389f2a4967b9ca298a3435d1af2f9a04cda Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Fri, 1 Sep 2023 21:18:48 +0200 +Subject: [PATCH] fix #418 + +CVE: CVE-2023-43887 +Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133] +(cherry picked from commit 63b596c915977f038eafd7647d1db25488a8c133) +Signed-off-by: Ankur Tyagi +--- + libde265/decctx.cc | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/libde265/decctx.cc b/libde265/decctx.cc +index 223a6aaf..350f7e7a 100644 +--- a/libde265/decctx.cc ++++ b/libde265/decctx.cc +@@ -582,16 +582,17 @@ de265_error decoder_context::read_pps_NAL(bitreader& reader) + std::shared_ptr new_pps = std::make_shared(); + + bool success = new_pps->read(&reader,this); ++ if (!success) { ++ return DE265_WARNING_PPS_HEADER_INVALID; ++ } + + if (param_pps_headers_fd>=0) { + new_pps->dump(param_pps_headers_fd); + } + +- if (success) { +- pps[ (int)new_pps->pic_parameter_set_id ] = new_pps; +- } ++ pps[ (int)new_pps->pic_parameter_set_id ] = new_pps; + +- return success ? DE265_OK : DE265_WARNING_PPS_HEADER_INVALID; ++ return DE265_OK; + } + + de265_error decoder_context::read_sei_NAL(bitreader& reader, bool suffix) diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb index 3c9f899491..3466d37317 100644 --- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb +++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb @@ -8,7 +8,9 @@ LICENSE = "LGPL-3.0-only & MIT" LICENSE_FLAGS = "commercial" LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f" -SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https" +SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https \ + file://CVE-2023-43887.patch \ +" SRCREV = "a267c84707ab264928fa9b86de2ee749c48c318c" S = "${WORKDIR}/git" From patchwork Fri Jan 9 23:43:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 78400 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62B3FD277C5 for ; Fri, 9 Jan 2026 23:44:06 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1251.1768002241537875755 for ; Fri, 09 Jan 2026 15:44:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=bhXZFh6v; spf=pass (domain: gmail.com, ip: 209.85.215.171, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-c03e8ac1da3so2052910a12.2 for ; Fri, 09 Jan 2026 15:44:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768002241; x=1768607041; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+HqM0gy9FG+RlYdWk2NTJn+UEfT7aQ950ML+Nr5jcZA=; b=bhXZFh6vNhLvVPlmq8Yw70y6cVNfya1ReNbDID8TInPVN4QEBYwKBFPMZjCR+06Ba8 wTZIbVXzVBZC+2or0wLIo+8bBYfirqCh8vaFeuDMd1ON3ldK8G2gD7Z9JrgL9tI6DUcK 7tP/ynuTkgewrPoixfsB2cA26wSVxDP9kgF+4eRvpI+v0iragv9EJ54T7mEVyANZT4/U uYouRk/M9KMBGYXYxBAbmitjxoYIR0REBu26MX+26ZTp3VnavgZjYaWkx7is0sR8JLuk Dv8rClRhvmadjQ+V1s8/I3UyrXpiWnYk7Ek4uOgMZW3BUwlv3LUacEtE2295f34eC5Ra ZKMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768002241; x=1768607041; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=+HqM0gy9FG+RlYdWk2NTJn+UEfT7aQ950ML+Nr5jcZA=; b=HiJxFgwgObGwYBp2G0zvi5tUTYkEMY7QhVFC6L0ODFFNm2kKC5cxcWh3qVV8jJLyiL A14MitggRTubqyxXlAh1i8QrC15Ezz8/8y/NJ7Fg9uPmrsYnO3uCJ98HTUXF9AiZLiaG dpXm8j8+LDTETytV3GLfOeKah+QoikG2SWfHva+4FS1EYdSdicx8oIBXpNzAbgF7GBVo YJMYE+JR3Ydvu9NrYVNliNXwzqh9QMN4k1PP35s5qlhCmKG3MdEuw2AERgP9AXiDnAEj JwDPlXo3tlk9pTZjqijBLpgGkz7iuyXsCfDLFDVFHE14QbAN41wQr8jF/wJZ6rmKIWJB 9t8g== X-Gm-Message-State: AOJu0YxPEvvqJufh0e/5zCKBtoh03O642wGbnomqG/bWayJs6LsnqK2i 1EmkcywQsVbIN/FoRVzSzmZRZDSXt0LH8qdLHrwQky4iGXZ6JEig3OXg6ztOKg== X-Gm-Gg: AY/fxX5RtEChV0kwNyQeIRqvdjRVeFEMSaNMP8w0sVD79JetBJO0uEUBkZHCmrBKBpg ftKbuh709+d5v8N3tSIvLO+4KYTCo7gBmFVoFtVdF+Q1EWwvhsjxLJeTihPS+7LfoS68hlS6C1M EIii2DAt6/45aMWkUJ/ZSKpkmPs3zLJv6SXcAvxyebSaWkwoV/XtdONA578zUYvZnFUs1WM9GlB gglwwczjUjPmuomWzsTG117cduYfU1pYYUrDZDuBmSpgZUY+PqtdTM1oRy+tt7N7mtSSaK2XcMX sqKWXCkW/OQMIdl35l4vY0WUodavnR74uKwM0yFfBM3tpXkFXcF5HCtPZJX5mLsS7fIGjoFEHvB B5MaswW+nYEradYvKjeV1KYFPN53+kGiK9kwkbr7r9XqEcD5Ajw2W0+ltj3rs2tLgFlFcUD3yBo UkbZtFhrFJl1vz++zxJY3r+j4= X-Google-Smtp-Source: AGHT+IGCLeA4+kOZ2pwJhV2OKIXORK4otnAQl02dRhTrOXV881JTOxBpOB10O8G99/9iKJ1AOxGoxQ== X-Received: by 2002:a17:903:3884:b0:295:290d:4afa with SMTP id d9443c01a7336-2a3ee46179fmr103257645ad.23.1768002240599; Fri, 09 Jan 2026 15:44:00 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([167.103.127.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a3e3c3a31dsm113934675ad.9.2026.01.09.15.43.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jan 2026 15:44:00 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-multimedia][scarthgap][PATCH 2/5] libde265: patch CVE-2023-47471 Date: Sat, 10 Jan 2026 12:43:43 +1300 Message-ID: <20260109234346.3098858-2-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260109234346.3098858-1-ankur.tyagi85@gmail.com> References: <20260109234346.3098858-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 09 Jan 2026 23:44:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123314 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2023-47471 Signed-off-by: Ankur Tyagi --- .../libde265/libde265/CVE-2023-47471.patch | 42 +++++++++++++++++++ .../libde265/libde265_1.0.12.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch new file mode 100644 index 0000000000..3d66758e49 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/libde265/libde265/CVE-2023-47471.patch @@ -0,0 +1,42 @@ +From 78bd5752157f34e822cefd8ff8959a96a26b4841 Mon Sep 17 00:00:00 2001 +From: Dirk Farin +Date: Sat, 4 Nov 2023 15:20:50 +0100 +Subject: [PATCH] null-pointer check in debug output (fixes #426) + +CVE: CVE-2023-47471 +Upstream-Status: Backport [https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7] +(cherry picked from commit e36b4a1b0bafa53df47514c419d5be3e8916ebc7) +Signed-off-by: Ankur Tyagi +--- + libde265/slice.cc | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/libde265/slice.cc b/libde265/slice.cc +index 280b7417..435123dc 100644 +--- a/libde265/slice.cc ++++ b/libde265/slice.cc +@@ -1277,14 +1277,23 @@ void slice_segment_header::dump_slice_segment_header(const decoder_context* ctx, + #define LOG3(t,d1,d2,d3) log2fh(fh, t,d1,d2,d3) + #define LOG4(t,d1,d2,d3,d4) log2fh(fh, t,d1,d2,d3,d4) + ++ LOG0("----------------- SLICE -----------------\n"); ++ + const pic_parameter_set* pps = ctx->get_pps(slice_pic_parameter_set_id); ++ if (!pps) { ++ LOG0("invalid PPS referenced\n"); ++ return; ++ } + assert(pps->pps_read); // TODO: error handling + + const seq_parameter_set* sps = ctx->get_sps((int)pps->seq_parameter_set_id); ++ if (!sps) { ++ LOG0("invalid SPS referenced\n"); ++ return; ++ } + assert(sps->sps_read); // TODO: error handling + + +- LOG0("----------------- SLICE -----------------\n"); + LOG1("first_slice_segment_in_pic_flag : %d\n", first_slice_segment_in_pic_flag); + if (ctx->get_nal_unit_type() >= NAL_UNIT_BLA_W_LP && + ctx->get_nal_unit_type() <= NAL_UNIT_RESERVED_IRAP_VCL23) { diff --git a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb index 3466d37317..b082faa3b9 100644 --- a/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb +++ b/meta-multimedia/recipes-multimedia/libde265/libde265_1.0.12.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=695b556799abb2435c97a113cdca512f" SRC_URI = "git://github.com/strukturag/libde265.git;branch=master;protocol=https \ file://CVE-2023-43887.patch \ + file://CVE-2023-47471.patch \ " SRCREV = "a267c84707ab264928fa9b86de2ee749c48c318c" From patchwork Fri Jan 9 23:43:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 78401 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E376D277C8 for ; Fri, 9 Jan 2026 23:44:06 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1254.1768002244434192245 for ; Fri, 09 Jan 2026 15:44:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FBmOZtfx; spf=pass (domain: gmail.com, ip: 209.85.214.171, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2a09757004cso44819525ad.3 for ; Fri, 09 Jan 2026 15:44:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768002244; x=1768607044; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/flga7FA9Zzr+VijDHRTA3xuhioIwF32T2sUAKwzCbY=; b=FBmOZtfxIwQZ5/SJ9x1oLcecqSyELtL/DvOTj9zwwJZBSTBD2P8THp++4sKEgWrkZC po6/N5NY+VFDOlrsb0VdRoRAlKnIOqgyTqtM6Ye2gPQcmcdetWJ+TO6Ubd25tu4VoJce WMtUzuhDUe3OS6vg3OVdAGIu87r639r/6L2wFgbu/iEwGmvTldWviapXMLRNKEVaj2PW 2qTea1cqv9xwmYV+/RPhDGPsP+toSR4mShtrm7DADURJS46/bvXvM/YtmS1CwObZ4L4R h0HH4i96brSmL1gSJns23VpZ4sjjjPIyH6BqMnTIGoMhv6VOy/hFfVaGEZCV0karZz7K s3+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768002244; x=1768607044; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=/flga7FA9Zzr+VijDHRTA3xuhioIwF32T2sUAKwzCbY=; b=DqSseghSF3MrC7ZuBCY7iD3GC9T5LQdFt2PLcK5kBAhtfR3LJYyPhD+E4SzLwLcylV sXj8Ly9b5fY5cL4L58laDl5RrlSkIQlbYYAHu7ILvrHsUmD5+Y26vuGgqPXH8JVHy1Y6 zNALqI/b0YqpLVoHwCqRI9d8XK5OxDblvBAG0b5KiFo+pdNvegm/t4Dni/e4kx6sQshk Kcn/6qO61aA0QvIn3bmx/PsPmczfJ5EoMwrbapVp8K2Dh2uF0/ahwOxZQVz9xHh72p/Y NyI7UMN5lN9NA/wgbaL+iGsfveAi0R4m6rii2eRsRqrmkx6gGPxkxxFCEpDZDBBAbYUL zv/A== X-Gm-Message-State: AOJu0Ywz516Qno4LuLCXA6BQ52Jmt5BOI4w4Czj593PbepqMORnxe4Rp GIeOpPNdHxVq4HuoHb7EblP2pvafukZnCBolKM8rciW1XvZFR7fHWKW4r/YEZg== X-Gm-Gg: AY/fxX4RU72zv3XLOWm4bD9G48XKleSZxp9uNJ2yKsLkrz2xlnq/8Jlk0/bygJ9kNbY +mfSwaluwXLqx8jr710qP+YFhhNJPfO1hJhDSw2tPoXuTIswMShBoCutEMFo3e32brtEtEmhx9i IIXj+4nKxqP0mwQ0NeGFaLMfjMwYYYertGQRHvMTZBEdcXWXLJ18QzUNn+PMKWVbbYji6Mny1A3 h01VZeo28ullJIAxEnBJKul9z2kIKzcNyRi3XU9HgDiMASuWFLEjmvlFZhON/TX8bocmCFsnjJh yJbnniMlnxO1Q21iQOipypJagG/hYfaT/sAfX0LZs9s8DWob1msACXR1geIVkcClrLAYFxN6rLZ fTTaNN22g9u32SNAJ2PxV3HUKFWVOiLMyqBr+X7nwMCBG1D6qovPNYIuEwBHyh4NxxBtmMtEn6w k1f5jcqil0siCBDkPqGCyGU9xsg3ELmJgCAg== X-Google-Smtp-Source: AGHT+IG9CZOv1s/FQbCNe3kGtAnTlSvmr2WkvLXf1ZqsXQC7Jiwtk9YkRyY08Sk4Tel8aZwKMQEoEg== X-Received: by 2002:a17:902:d50d:b0:2a0:bea0:8207 with SMTP id d9443c01a7336-2a3ee49e052mr112541145ad.49.1768002243543; Fri, 09 Jan 2026 15:44:03 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([167.103.127.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a3e3c3a31dsm113934675ad.9.2026.01.09.15.44.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jan 2026 15:44:03 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Peter Marko , Khem Raj , Ankur Tyagi Subject: [oe][meta-multimedia][scarthgap][PATCH 3/5] sox: extend CVE_PRODUCT Date: Sat, 10 Jan 2026 12:43:44 +1300 Message-ID: <20260109234346.3098858-3-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260109234346.3098858-1-ankur.tyagi85@gmail.com> References: <20260109234346.3098858-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 09 Jan 2026 23:44:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123315 From: Peter Marko Add all relevant items from queries: $ sqlite3 nvdcve_2-2.db sqlite> select vendor, product, count(*) from products where product like '%sox%' group by vendor, product; commugen|sox_365|1 libsox_project|libsox|1 sox|sox|3 sox_project|sox|10 sqlite> select vendor, product, count(*) from products where product like '%sound_exchange%' group by vendor, product; sound_exchange_project|sound_exchange|16 Signed-off-by: Peter Marko Signed-off-by: Khem Raj (cherry picked from commit a68c3df41cd7049f5b156955d70cb4f76b6d9f76) Signed-off-by: Ankur Tyagi --- meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 011cbc2a9d..a79fb15d39 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -34,6 +34,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" +CVE_PRODUCT:append = " libsox_project:libsox sound_exchange_project:sound_exchange" + inherit autotools pkgconfig # Enable largefile support From patchwork Fri Jan 9 23:43:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 78402 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42828D277C9 for ; Fri, 9 Jan 2026 23:44:16 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1256.1768002246677372179 for ; Fri, 09 Jan 2026 15:44:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=RofJbs4Y; spf=pass (domain: gmail.com, ip: 209.85.214.175, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-2a0d52768ccso33382555ad.1 for ; Fri, 09 Jan 2026 15:44:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768002246; x=1768607046; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZHnEarxl44aXmkh9c1xGh6gfgGR97URgcZKD3lIpKxE=; b=RofJbs4YL5kf7z6+VzyxKkwjYw0RMxdiSXZrmEJgAa/hCDK6irJVXjpQ8LUagF40uG GeO56ht8xZGbUVD6RFU6LKWjrY6Cti6bnSF0B3UGif6EXalPKwDhuABiMoWDps8NuXDz Xi37wo4vFp2F44IlkQo7KifkQhaduMidy4zYgUKBBrCUSX/PVGPu0/Ph/7KEXGMR3Xrv NTEooPdDen75LeP64K/NMRewh4B+PryIgSghVi5ryeN1SNoGM8g5K4NLJolP4CkVGSvh xN4ywNLFkcaRot9Eiy04CghTUvuKgc/NV4Z6fDYzcJXNFM0eSXEvNf+jtY/8RQqalAO4 IdYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768002246; x=1768607046; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ZHnEarxl44aXmkh9c1xGh6gfgGR97URgcZKD3lIpKxE=; b=u0AIlrFuUDdJMqMsPCAQL3cussWr1wG9sihyWbUhShXnqgqKY0ZBYDMY32FgYOYrIS FQYI9eUfsX2Rs28aTUqhUb6DzZCtf/CvFX8RptoA+6xV09CYDi1WdfZbWLIWoGwtHDrb dzjb2PzdLsJJff5j0hKdyc2OqxQPeDrKthaYb9syluLCLz3ueNZ6hvxHQ//TIv1+If2j 3+ruBw4AZqlfru5WbTBEbxQFlfiLn2m64WCnHT7DD1NUX5MNZl/ZmXLfasGcLdeTVOGy w2V+zHCBnib4Kh371hBGFcGL97S+obNX820Tc78Xn40MlHLHCan5t1fkpx1IJG7rMLHv r/nw== X-Gm-Message-State: AOJu0YzLhuzBrRpkgStfRYOQXc8P0AUPtmJCpLj2QaxWx2mhvI2ppt3U UfM8jUk1ORvxn/LDGn1CXuKIVJkhKxN5VBXqJh3UesqdoJHvpgoITQZoqII/Mw== X-Gm-Gg: AY/fxX5KJLZQ/RFHBRT+0XEWF/AfBsCorIt5i2VPyUi5shce4ufqOO8HTaZEPWS2GJO 9fS/3fn6mV9Yy5LyDuRQvVCgwE3Xwku29Of/2LSeypQJVqfx9MVleRAKnFFnz8TBoHamtXXTbBE 1BaUNQYv1bG94i2w0PqmxEcDw4bFTWtlEHZsibb30xpwIuuFM6V+0RmFy9zc78IhgrYMoeL/IV3 wWKZ/tgVE2UVS21G2sLKAAlIqM3icLImIo+IjhLB3ljdAR6f12F5VphqGgWHdX027KwVTL+O5GW XvWNOdiYm8Jm7KIqCEOHrQMMVuUdhWyVy4MQypN1q7XgqmkklMeXiwsYLYfOyB7wrrwmwz13s/q GV9TBvaU7ZHQ5+rsm3cjc2yD6LiM/FAzuS6LzYwas6QaUzVFCiNHJQTfBVAW2PFef5CWnbfwqLn KG8elS5V+QhLTV7iTypw0qyYk= X-Google-Smtp-Source: AGHT+IHGXPQuUSp0jxyRCURIS2qd8N+tZgVY0WotcX+zEZMS1/jaisgfekw8cXHmwl39M91tnAfG2g== X-Received: by 2002:a17:902:ef46:b0:27e:ec72:f67 with SMTP id d9443c01a7336-2a3ee468629mr113975825ad.6.1768002245807; Fri, 09 Jan 2026 15:44:05 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([167.103.127.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a3e3c3a31dsm113934675ad.9.2026.01.09.15.44.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jan 2026 15:44:05 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-multimedia][scarthgap][PATCH 4/5] vlc: patch CVE-2024-46461 Date: Sat, 10 Jan 2026 12:43:45 +1300 Message-ID: <20260109234346.3098858-4-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260109234346.3098858-1-ankur.tyagi85@gmail.com> References: <20260109234346.3098858-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 09 Jan 2026 23:44:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123316 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2024-46461 Backport the patch mentioned in the news[1] that fixes this vulnerabililty. https://code.videolan.org/videolan/vlc/-/blob/3.0.21/NEWS?ref_type=tags#L44 Signed-off-by: Ankur Tyagi --- .../vlc/vlc/CVE-2024-46461.patch | 44 +++++++++++++++++++ .../recipes-multimedia/vlc/vlc_3.0.20.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/vlc/vlc/CVE-2024-46461.patch diff --git a/meta-multimedia/recipes-multimedia/vlc/vlc/CVE-2024-46461.patch b/meta-multimedia/recipes-multimedia/vlc/vlc/CVE-2024-46461.patch new file mode 100644 index 0000000000..868eb89cac --- /dev/null +++ b/meta-multimedia/recipes-multimedia/vlc/vlc/CVE-2024-46461.patch @@ -0,0 +1,44 @@ +From aafb226321a525169fd68bf4708e7c6f15e4307a Mon Sep 17 00:00:00 2001 +From: Thomas Guillem +Date: Tue, 9 Jan 2024 06:58:39 +0100 +Subject: [PATCH] mms: fix potential integer overflow + +That could lead to a heap buffer overflow. + +Thanks Andreas Fobian for the security report. + +(cherry picked from commit 467b24dd0f9b0b3d8ba11dd813b393892f7f1ed2) +Signed-off-by: Jean-Baptiste Kempf + +CVE: CVE-2024-46461 +Upstream-Status: Backport [https://code.videolan.org/videolan/vlc/-/commit/e7f98f3632d793c3921bfe72595721af191e670e] +(cherry picked from commit e7f98f3632d793c3921bfe72595721af191e670e) +Signed-off-by: Ankur Tyagi +--- + modules/access/mms/mmstu.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/modules/access/mms/mmstu.c b/modules/access/mms/mmstu.c +index f795b0bd43..f10e38cd43 100644 +--- a/modules/access/mms/mmstu.c ++++ b/modules/access/mms/mmstu.c +@@ -1316,14 +1316,16 @@ static int mms_ParsePacket( stream_t *p_access, + + if( i_packet_id == p_sys->i_header_packet_id_type ) + { +- uint8_t *p_reaced = realloc( p_sys->p_header, +- p_sys->i_header + i_packet_length - 8 ); ++ size_t new_header_size; ++ if( add_overflow( p_sys->i_header, i_packet_length, &new_header_size ) ) ++ return -1; ++ uint8_t *p_reaced = realloc( p_sys->p_header, new_header_size ); + if( !p_reaced ) + return VLC_ENOMEM; + + memcpy( &p_reaced[p_sys->i_header], p_data + 8, i_packet_length - 8 ); + p_sys->p_header = p_reaced; +- p_sys->i_header += i_packet_length - 8; ++ p_sys->i_header = new_header_size; + + /* msg_Dbg( p_access, + "receive header packet (%d bytes)", diff --git a/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb b/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb index 21bc408f6d..bf34146e0a 100644 --- a/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb +++ b/meta-multimedia/recipes-multimedia/vlc/vlc_3.0.20.bb @@ -25,6 +25,7 @@ SRC_URI = "https://get.videolan.org/${BPN}/${PV}/${BP}.tar.xz \ file://0006-configure-Disable-incompatible-function-pointer-type.patch \ file://taglib-2.patch \ file://0001-taglib-Fix-build-on-x86-32-bit.patch \ + file://CVE-2024-46461.patch \ " SRC_URI[sha256sum] = "adc7285b4d2721cddf40eb5270cada2aaa10a334cb546fd55a06353447ba29b5" From patchwork Fri Jan 9 23:43:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 78403 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 418D1D277C8 for ; Fri, 9 Jan 2026 23:44:16 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1257.1768002248931325857 for ; Fri, 09 Jan 2026 15:44:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JIp116Og; spf=pass (domain: gmail.com, ip: 209.85.214.180, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-2a137692691so33394845ad.0 for ; Fri, 09 Jan 2026 15:44:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768002248; x=1768607048; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wSfls2iGaeXnM5UtJjdwmuCS/7fjA+ra+/zGk8x6Uo0=; b=JIp116OglX3APV86MS/4yZC86b9PSBe46EXR9L2kU7vmsoWHJTIuAHskeZ1W6CRNJa 2WbE7NQbfeKs9B90mtt96a3vsYoYHQNBp+9iLwOw3xUu5+nKQazJIce9SNiYvVQshmiT FPuolyuXOrUPyNoyfKTLceE89K4cHhAeWaqSZXxE3hPfg/LviovcCrGZpvL3v6+g26QP VNCXgNuhSTShUQZWXv9AvLiax/Acike3Fh9/p9xbqHz4ZgwEYnrIJTdAW9vt57i73ZRM LNxPAMaei3oUwcpTwlK1y6kyolNVjBNKYqpjMdzIgQo/r2U0+n3StaoYGmD/Fbh5hJ2h mAgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768002248; x=1768607048; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=wSfls2iGaeXnM5UtJjdwmuCS/7fjA+ra+/zGk8x6Uo0=; b=dXmNedjTCto/5PtWiwHSKfEJRa2Kw+5s6vRCxco3SM/TFwckrb206oKYB0T2HdZX6a 7Z6jBDdJAupgE+w8JfHhpHV4r07NATpLpc+s1Cz3L3herYlwaIx1xQqZ01xXnsaI43Lu j6QOWBmp4b2U8jJfMGv0v4AsiQBRedkBcBK65dzt29RHpeS0DB0s293/72h6Br7yspqX cwjTDeUMd+y8KKA5EtPaaM9b3vA/Qb6RJN4xtdmHJ+3IFBYipcIr0B1eUaNFicibjAZu 8hIGj0bVBAGRzb5d1x/fJDJAIMABDyiMHdqPQ6zqWfb89SfDzYdTKxwWLkF25VGvcUj2 eb8Q== X-Gm-Message-State: AOJu0Yzjv20FgPH92qm0NlqC2lGQooS6zj4zU5yHZdsMG6aqhQOR7Q6f KhW9zdfHWvfwp9ahvMNbxqxLHO1z+exSzgPWmOJG4Xbaw8ySX0ksCuQfN1xR7A== X-Gm-Gg: AY/fxX40lV7Pt+CvDmwUV2bvd0pUR5o25X6s0dV1MTND1kYXwi2GBddl66iCfJIUp4E DcbHi0jZDc7LqOzusfZku5ZhfEt0ChGm4c3KNhmdgDq1DzNksQY8znG1x/j9BzGP+ovDGvPxkdS UM2cx+3XHStZ+X4P1aUgZrtrvXiqtxtHXsbICKTBgkeg9ZPAH87oJ4qS3D2I94mNIY0oZRFtzNV CEkg7zwyVlQInat6n/jyyf0+cnBve+Gha1h7R+gXFY+Eb5QB3pknsF0rmYphEPy5vLaYMN7pT61 1Mm0G5XC12PEpFU4/KRpgeY3G35cvbgK8rcAn78VwTEFQcFTSnwPC9GyoZIWbCyPpQPYoRi3LKN c05UgvNWKMcZyBQb5bQ89Te0QI24vFqKhakIGlHH8/IE9XqDSBBEwOI48KD6cYNY7rcckwlU1Ib kvrFuw7l8m5q4qdnDaKTdkc2w= X-Google-Smtp-Source: AGHT+IFGiji6NyPlpUG4W9ppqUY7Qm048b5MAILJPPPsVVUH+e2b9/Aah4UlQ9+9Ek9Cgq2YSV7L0Q== X-Received: by 2002:a17:903:2b03:b0:2a1:325b:2cba with SMTP id d9443c01a7336-2a3ee51215fmr107600725ad.53.1768002248101; Fri, 09 Jan 2026 15:44:08 -0800 (PST) Received: from NVAPF55DW0D-IPD.. ([167.103.127.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a3e3c3a31dsm113934675ad.9.2026.01.09.15.44.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jan 2026 15:44:07 -0800 (PST) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-multimedia][scarthgap][PATCH 5/5] opusfile: patch CVE-2022-47021 Date: Sat, 10 Jan 2026 12:43:46 +1300 Message-ID: <20260109234346.3098858-5-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260109234346.3098858-1-ankur.tyagi85@gmail.com> References: <20260109234346.3098858-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 09 Jan 2026 23:44:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123317 From: Ankur Tyagi Details: https://nvd.nist.gov/vuln/detail/CVE-2022-47021 Signed-off-by: Ankur Tyagi --- .../opusfile/opusfile/CVE-2022-47021.patch | 45 +++++++++++++++++++ .../opusfile/opusfile_0.12.bb | 4 +- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch diff --git a/meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch b/meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch new file mode 100644 index 0000000000..f1bf957949 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch @@ -0,0 +1,45 @@ +From 84392e8ce385707de855865dd16d586f9331f2e5 Mon Sep 17 00:00:00 2001 +From: Ralph Giles +Date: Tue, 6 Sep 2022 19:04:31 -0700 +Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer. + +Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns +a null pointer. This allows more graceful recovery by the caller +in the unlikely event of a fallible ogg_malloc call. + +We do check the return value elsewhere in the code, so the new +checks make the code more consistent. + +Thanks to https://github.com/xiph/opusfile/issues/36 for reporting. + +Signed-off-by: Timothy B. Terriberry +Signed-off-by: Mark Harris + +CVE: CVE-2022-47021 +Upstream-Status: Backport [https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5] +(cherry picked from commit 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5) +Signed-off-by: Ankur Tyagi +--- + src/opusfile.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/opusfile.c b/src/opusfile.c +index 642c784..edda2d3 100644 +--- a/src/opusfile.c ++++ b/src/opusfile.c +@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){ + int nbytes; + OP_ASSERT(_nbytes>0); + buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes); + OP_ASSERT(nbytes<=_nbytes); + if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes); +@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of, + if(_initial_bytes>0){ + char *buffer; + buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer)); + ogg_sync_wrote(&_of->oy,(long)_initial_bytes); + } diff --git a/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb b/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb index c775cef5a1..51afce9217 100644 --- a/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb +++ b/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb @@ -7,7 +7,9 @@ DEPENDS = "libogg openssl libopus" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=6ac22b992dde6a891f8949c3e2da8576" -SRC_URI = "https://downloads.xiph.org/releases/opus/${BP}.tar.gz" +SRC_URI = "https://downloads.xiph.org/releases/opus/${BP}.tar.gz \ + file://CVE-2022-47021.patch \ +" SRC_URI[md5sum] = "45e8c62f6cd413395223c82f06bfa8ec" SRC_URI[sha256sum] = "118d8601c12dd6a44f52423e68ca9083cc9f2bfe72da7a8c1acb22a80ae3550b"