diff --git a/packages/gpac/CVE-2023-0358.patch b/packages/gpac/CVE-2023-0358.patch new file mode 100644 index 0000000000..93433b0e46 --- /dev/null +++ b/packages/gpac/CVE-2023-0358.patch @@ -0,0 +1,30 @@ +https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b + +From 9971fb125cf91cefd081a080c417b90bbe4a467b Mon Sep 17 00:00:00 2001 +From: jeanlf +Date: Tue, 17 Jan 2023 23:27:26 +0100 +Subject: [PATCH] fixed #2378 + +--- + src/odf/descriptors.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/odf/descriptors.c b/src/odf/descriptors.c +index 0d42ff2df2..913d8e27af 100644 +--- a/src/odf/descriptors.c ++++ b/src/odf/descriptors.c +@@ -1395,12 +1395,12 @@ GF_VVCConfig *gf_odf_vvc_cfg_read_bs(GF_BitStream *bs) + gf_list_add(cfg->param_array, ar); + break; + default: +- GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, ("[VVC] Invalid NALU type in vvcC - ignoring\n", ar->nalus)); ++ GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, ("[VVC] Invalid NALU type %d in vvcC - ignoring\n", ar->type)); + gf_free(ar); + break; + } + +- if ((ar->type != GF_VVC_NALU_DEC_PARAM) && (ar->type != GF_VVC_NALU_OPI)) ++ if (!valid || ((ar->type != GF_VVC_NALU_DEC_PARAM) && (ar->type != GF_VVC_NALU_OPI))) + nalucount = gf_bs_read_int(bs, 16); + else + nalucount = 1; diff --git a/packages/gpac/build.sh b/packages/gpac/build.sh index d67e2366ec..f059575d87 100644 --- a/packages/gpac/build.sh +++ b/packages/gpac/build.sh @@ -4,6 +4,7 @@ TERMUX_PKG_DESCRIPTION="An open-source multimedia framework focused on modularit TERMUX_PKG_LICENSE="LGPL-2.1" TERMUX_PKG_MAINTAINER="@termux" TERMUX_PKG_VERSION=2.2.0 +TERMUX_PKG_REVISION=1 TERMUX_PKG_SRCURL=https://github.com/gpac/gpac/archive/refs/tags/v${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_SHA256=c20c204b57da76e4726109993c1abcdb3231a9b2ee2c8e21126d000cda7fc00d TERMUX_PKG_DEPENDS="ffmpeg, freetype, liba52, libjpeg-turbo, liblzma, libmad, libnghttp2, libogg, libpng, libtheora, libvorbis, openjpeg, openssl, pulseaudio, xvidcore, zlib"