gpac: Add patch for CVE-2023-0358

packages/gpac/CVE-2023-0358.patch

@@ -0,0 +1,30 @@
+https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b
+
+From 9971fb125cf91cefd081a080c417b90bbe4a467b Mon Sep 17 00:00:00 2001
+From: jeanlf <jeanlf@gpac.io>
+Date: Tue, 17 Jan 2023 23:27:26 +0100
+Subject: [PATCH] fixed #2378
+
+---
+ src/odf/descriptors.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/odf/descriptors.c b/src/odf/descriptors.c
+index 0d42ff2df2..913d8e27af 100644
+--- a/src/odf/descriptors.c
++++ b/src/odf/descriptors.c
+@@ -1395,12 +1395,12 @@ GF_VVCConfig *gf_odf_vvc_cfg_read_bs(GF_BitStream *bs)
+ 			gf_list_add(cfg->param_array, ar);
+ 			break;
+ 		default:
+-			GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, ("[VVC] Invalid NALU type in vvcC - ignoring\n", ar->nalus));
++			GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, ("[VVC] Invalid NALU type %d in vvcC - ignoring\n", ar->type));
+ 			gf_free(ar);
+ 			break;
+ 		}
+ 
+-		if ((ar->type != GF_VVC_NALU_DEC_PARAM) && (ar->type != GF_VVC_NALU_OPI))
++		if (!valid || ((ar->type != GF_VVC_NALU_DEC_PARAM) && (ar->type != GF_VVC_NALU_OPI)))
+ 			nalucount = gf_bs_read_int(bs, 16);
+ 		else
+ 			nalucount = 1;

packages/gpac/build.sh

@@ -4,6 +4,7 @@ TERMUX_PKG_DESCRIPTION="An open-source multimedia framework focused on modularit
 TERMUX_PKG_LICENSE="LGPL-2.1"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION=2.2.0
+TERMUX_PKG_REVISION=1
 TERMUX_PKG_SRCURL=https://github.com/gpac/gpac/archive/refs/tags/v${TERMUX_PKG_VERSION}.tar.gz
 TERMUX_PKG_SHA256=c20c204b57da76e4726109993c1abcdb3231a9b2ee2c8e21126d000cda7fc00d
 TERMUX_PKG_DEPENDS="ffmpeg, freetype, liba52, libjpeg-turbo, liblzma, libmad, libnghttp2, libogg, libpng, libtheora, libvorbis, openjpeg, openssl, pulseaudio, xvidcore, zlib"