* [OE-core][kirkstone][PATCH] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT
@ 2024-10-16 10:16 aszh07
2024-10-16 12:50 ` Steve Sakoman
0 siblings, 1 reply; 7+ messages in thread
From: aszh07 @ 2024-10-16 10:16 UTC (permalink / raw)
To: openembedded-core, zahir.basha
Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg".
However, there are also vulnerabilities where the product is "libswresample",
and "libavcodec" as shown below.
https://app.opencve.io/vendors/?vendor=ffmpeg
Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities
where the product is "libswresample libavcodec" as well.
Signed-off-by: aszh07 <mail2szahir@gmail.com>
---
meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 1295d5cdf1..022220b58f 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -186,3 +186,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel"
INSANE_SKIP:${MLPREFIX}libswscale = "textrel"
INSANE_SKIP:${MLPREFIX}libswresample = "textrel"
INSANE_SKIP:${MLPREFIX}libpostproc = "textrel"
+
+CVE_PRODUCT = "ffmpeg libswresample libavcodec"
--
2.17.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [OE-core][kirkstone][PATCH] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT
2024-10-16 10:16 [OE-core][kirkstone][PATCH] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT aszh07
@ 2024-10-16 12:50 ` Steve Sakoman
2024-11-21 6:36 ` [kirkstone][PATCH] " aszh07
2025-05-13 10:32 ` aszh07
0 siblings, 2 replies; 7+ messages in thread
From: Steve Sakoman @ 2024-10-16 12:50 UTC (permalink / raw)
To: mail2szahir; +Cc: openembedded-core, zahir.basha
Could you also send this patch for master? Since the issue also exists
in master, we'll need to fix it there before I can take the patch for
the stable branches.
Thanks!
Steve
On Wed, Oct 16, 2024 at 3:17 AM aszh07 via lists.openembedded.org
<mail2szahir=gmail.com@lists.openembedded.org> wrote:
>
> Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg".
>
> However, there are also vulnerabilities where the product is "libswresample",
> and "libavcodec" as shown below.
> https://app.opencve.io/vendors/?vendor=ffmpeg
>
> Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities
> where the product is "libswresample libavcodec" as well.
>
> Signed-off-by: aszh07 <mail2szahir@gmail.com>
> ---
> meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> index 1295d5cdf1..022220b58f 100644
> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> @@ -186,3 +186,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel"
> INSANE_SKIP:${MLPREFIX}libswscale = "textrel"
> INSANE_SKIP:${MLPREFIX}libswresample = "textrel"
> INSANE_SKIP:${MLPREFIX}libpostproc = "textrel"
> +
> +CVE_PRODUCT = "ffmpeg libswresample libavcodec"
> --
> 2.17.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#205961): https://lists.openembedded.org/g/openembedded-core/message/205961
> Mute This Topic: https://lists.openembedded.org/mt/109041180/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [[kirkstone][PATCH]] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT
@ 2025-06-16 4:46 Naman Jain
0 siblings, 0 replies; 7+ messages in thread
From: Naman Jain @ 2025-06-16 4:46 UTC (permalink / raw)
To: openembedded-core; +Cc: alex.kanavin
From: aszh07 <mail2szahir@gmail.com>
Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg".
However, there are also vulnerabilities where the product is "libswresample",
and "libavcodec" as shown below.
https://app.opencve.io/vendors/?vendor=ffmpeg
Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities
where the product is "libswresample libavcodec" as well.
(From OE-Core rev: 9684eba5c543de229108008e29afd1dd021a9799)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Naman Jain <namanj1@kpit.com>
---
meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 4b99c0fa21..3dddf50a63 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -231,3 +231,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel"
INSANE_SKIP:${MLPREFIX}libswscale = "textrel"
INSANE_SKIP:${MLPREFIX}libswresample = "textrel"
INSANE_SKIP:${MLPREFIX}libpostproc = "textrel"
+
+CVE_PRODUCT = "ffmpeg libswresample libavcodec"
--
2.34.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2025-06-16 11:56 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-16 10:16 [OE-core][kirkstone][PATCH] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT aszh07
2024-10-16 12:50 ` Steve Sakoman
2024-11-21 6:36 ` [kirkstone][PATCH] " aszh07
2025-03-03 8:29 ` aszh07
2025-05-13 10:32 ` aszh07
2025-05-13 14:13 ` [OE-core] " Gyorgy Sarvari
-- strict thread matches above, loose matches on Subject: below --
2025-06-16 4:46 [[kirkstone][PATCH]] " Naman Jain
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox