From: Gyorgy Sarvari <skandigraun@gmail.com>
To: divyanshurathore2022@gmail.com,
openembedded-core@lists.openembedded.org,
Divyanshu.Rathore@kpit.com
Cc: Akash.Hadke@kpit.com
Subject: Re: [OE-core][scarthgap][PATCH] ffmpeg: upgrade 6.1.1 -> 6.1.2
Date: Mon, 28 Apr 2025 15:02:33 +0200 [thread overview]
Message-ID: <cb2fa576-630f-4d04-962c-81078c044c75@gmail.com> (raw)
In-Reply-To: <20250428122624.108701-1-Divyanshu.Rathore@kpit.com>
On 4/28/25 14:26, Divyanshu Rathore via lists.openembedded.org wrote:
> From: Divyanshu Rathore <divyanshurathore2022@gmail.com>
>
> ffmpeg_6.1.2 is stable. It brings many fixes.
> check the changelog mention below for information about fixes.
> changelog: https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n6.1.2
>
> This upgrade also fixes CVE's hence remove those patches.
> Refresh vulkan_av1_stable_API.patch as per new codebase.
>
> Signed-off-by: Divyanshu Rathore <divyanshurathore2022@gmail.com>
> ---
> .../ffmpeg/ffmpeg/CVE-2023-49501.patch | 30 -------
> .../ffmpeg/ffmpeg/CVE-2023-49528.patch | 58 --------------
> .../ffmpeg/ffmpeg/CVE-2023-50007.patch | 78 -------------------
> .../ffmpeg/ffmpeg/CVE-2024-28661.patch | 37 ---------
> .../ffmpeg/ffmpeg/CVE-2024-32230.patch | 36 ---------
> .../ffmpeg/ffmpeg/CVE-2024-35365.patch | 62 ---------------
> .../ffmpeg/ffmpeg/CVE-2024-35366.patch | 35 ---------
> .../ffmpeg/ffmpeg/CVE-2024-35367.patch | 47 -----------
> .../ffmpeg/ffmpeg/CVE-2024-35368.patch | 41 ----------
> .../ffmpeg/ffmpeg/CVE-2024-35369.patch | 37 ---------
> .../ffmpeg/ffmpeg/CVE-2024-36613.patch | 37 ---------
> .../ffmpeg/ffmpeg/CVE-2024-36616.patch | 35 ---------
> .../ffmpeg/ffmpeg/CVE-2024-36617.patch | 36 ---------
> .../ffmpeg/ffmpeg/CVE-2024-36618.patch | 36 ---------
> .../ffmpeg/ffmpeg/CVE-2024-36619.patch | 36 ---------
> .../ffmpeg/ffmpeg/CVE-2024-7055.patch | 38 ---------
> .../ffmpeg/ffmpeg/CVE-2025-0518.patch | 34 --------
> .../ffmpeg/ffmpeg/CVE-2025-22919.patch | 39 ----------
> .../ffmpeg/ffmpeg/CVE-2025-22921.patch | 34 --------
> .../ffmpeg/ffmpeg/CVE-2025-25473.patch | 36 ---------
> .../ffmpeg/ffmpeg/vulkan_av1_stable_API.patch | 40 +++++-----
> .../{ffmpeg_6.1.1.bb => ffmpeg_6.1.2.bb} | 22 +-----
> 22 files changed, 21 insertions(+), 863 deletions(-)
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49528.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-50007.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-28661.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35369.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36616.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36617.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36619.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-7055.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-0518.patch
I randomly picked CVE-2025-0518 to check (one of the removed patches),
because it looked small as easy to check - but failed to find its fix in
this release.
Looking a bit more at it, version 6.1.2 is 9 months old, but the
corresponding CVE fix is only 5.
Am I missing something here, or was this patch accidentally removed? If
it was accidentally removed, could you please check the other removed
patches too?
Otherwise if I just can't see the forest for the tree, could you (or
anyone else) please help me pointing it out?
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22921.patch
> delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-25473.patch
> rename meta/recipes-multimedia/ffmpeg/{ffmpeg_6.1.1.bb => ffmpeg_6.1.2.bb} (92%)
>
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2023-49501.patch
> deleted file mode 100644
> index 80d542952a..0000000000
>
prev parent reply other threads:[~2025-04-28 13:02 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-28 12:26 [OE-core][scarthgap][PATCH] ffmpeg: upgrade 6.1.1 -> 6.1.2 Divyanshu Rathore
2025-04-28 13:02 ` Gyorgy Sarvari [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cb2fa576-630f-4d04-962c-81078c044c75@gmail.com \
--to=skandigraun@gmail.com \
--cc=Akash.Hadke@kpit.com \
--cc=Divyanshu.Rathore@kpit.com \
--cc=divyanshurathore2022@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox