Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
* [FFmpeg-devel] CVE-2023-6602 fixes backporting
@ 2025-02-26  2:28 Michael Niedermayer
  2025-02-26  3:03 ` James Almer
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Niedermayer @ 2025-02-26  2:28 UTC (permalink / raw)
  To: FFmpeg development discussions and patches


[-- Attachment #1.1: Type: text/plain, Size: 342 bytes --]

Hi all

As i backported the fixes for $subj, i noticed they depend on
ff_match_url_ext()
which is not avaiable before 6.1

I will thus backport this too unless there are objections

thx

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

What does censorship reveal? It reveals fear. -- Julian Assange

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [FFmpeg-devel] CVE-2023-6602 fixes backporting
  2025-02-26  2:28 [FFmpeg-devel] CVE-2023-6602 fixes backporting Michael Niedermayer
@ 2025-02-26  3:03 ` James Almer
  2025-02-27  1:36   ` Michael Niedermayer
  0 siblings, 1 reply; 4+ messages in thread
From: James Almer @ 2025-02-26  3:03 UTC (permalink / raw)
  To: ffmpeg-devel


[-- Attachment #1.1.1: Type: text/plain, Size: 301 bytes --]

On 2/25/2025 11:28 PM, Michael Niedermayer wrote:
> Hi all
> 
> As i backported the fixes for $subj, i noticed they depend on
> ff_match_url_ext()
> which is not avaiable before 6.1
> 
> I will thus backport this too unless there are objections

It's not public API, so it should be fine.


[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [FFmpeg-devel] CVE-2023-6602 fixes backporting
  2025-02-26  3:03 ` James Almer
@ 2025-02-27  1:36   ` Michael Niedermayer
  2025-02-27 17:08     ` Michael Niedermayer
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Niedermayer @ 2025-02-27  1:36 UTC (permalink / raw)
  To: FFmpeg development discussions and patches


[-- Attachment #1.1: Type: text/plain, Size: 1046 bytes --]

On Wed, Feb 26, 2025 at 12:03:12AM -0300, James Almer wrote:
> On 2/25/2025 11:28 PM, Michael Niedermayer wrote:
> > Hi all
> > 
> > As i backported the fixes for $subj, i noticed they depend on
> > ff_match_url_ext()
> > which is not avaiable before 6.1
> > 
> > I will thus backport this too unless there are objections
> 
> It's not public API, so it should be fine.

Ok, ill see if that works out
for the record backport of this will be limited to 4.3 because:

av_match_name               2.4+
ff_url_decompose            4.3+
URL_COMPONENT_HAVE          4.3+

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Modern terrorism, a quick summary: Need oil, start war with country that
has oil, kill hundread thousand in war. Let country fall into chaos,
be surprised about raise of fundamantalists. Drop more bombs, kill more
people, be surprised about them taking revenge and drop even more bombs
and strip your own citizens of their rights and freedoms. to be continued

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [FFmpeg-devel] CVE-2023-6602 fixes backporting
  2025-02-27  1:36   ` Michael Niedermayer
@ 2025-02-27 17:08     ` Michael Niedermayer
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Niedermayer @ 2025-02-27 17:08 UTC (permalink / raw)
  To: FFmpeg development discussions and patches


[-- Attachment #1.1: Type: text/plain, Size: 1167 bytes --]

Hi

On Thu, Feb 27, 2025 at 02:36:48AM +0100, Michael Niedermayer wrote:
> On Wed, Feb 26, 2025 at 12:03:12AM -0300, James Almer wrote:
> > On 2/25/2025 11:28 PM, Michael Niedermayer wrote:
> > > Hi all
> > > 
> > > As i backported the fixes for $subj, i noticed they depend on
> > > ff_match_url_ext()
> > > which is not avaiable before 6.1
> > > 
> > > I will thus backport this too unless there are objections
> > 
> > It's not public API, so it should be fine.
> 
> Ok, ill see if that works out
> for the record backport of this will be limited to 4.3 because:
> 
> av_match_name               2.4+
> ff_url_decompose            4.3+
> URL_COMPONENT_HAVE          4.3+

backported to 4.3
probably makes sense if people test hls in 4.3
(if it works fine in all cases in 4.3 and in all cases in master then
 it will probably also work with releases between)

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Whats the most studid thing your enemy could do ? Blow himself up
Whats the most studid thing you could do ? Give up your rights and
freedom because your enemy blew himself up.


[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-02-27 17:08 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-26  2:28 [FFmpeg-devel] CVE-2023-6602 fixes backporting Michael Niedermayer
2025-02-26  3:03 ` James Almer
2025-02-27  1:36   ` Michael Niedermayer
2025-02-27 17:08     ` Michael Niedermayer

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git