Sync from SUSE:SLFO:Main ffmpeg-7 revision 5a3bad7fbe82279d1b27a1c6255763ee

2025-04-24 00:08:45 +02:00
parent 360cea3727
commit 8ed9871cca
8 changed files with 83 additions and 90 deletions
--- a/ffmpeg-7-CVE-2025-0518.patch
+++ b/ffmpeg-7-CVE-2025-0518.patch
@@ -1,29 +0,0 @@
-From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Mon, 6 Jan 2025 22:01:39 +0100
-Subject: [PATCH] avfilter/af_pan: Fix sscanf() use
-
-Fixes: Memory Data Leak
-
-Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
- libavfilter/af_pan.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
-index 0d20b0307b..5feb2439c7 100644
--- a/libavfilter/af_pan.c
-+++ b/libavfilter/af_pan.c
-@@ -196,7 +196,7 @@ static av_cold int init(AVFilterContext *ctx)
-         sign = 1;
-         while (1) {
-             gain = 1;
-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
-+            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
-                 arg += len;
-             if (parse_channel_name(&arg, &in_ch_id, &named)){
-                 av_log(ctx, AV_LOG_ERROR,
-- 
-2.44.0
-
--- a/ffmpeg-7-CVE-2025-22919.patch
+++ b/ffmpeg-7-CVE-2025-22919.patch
@@ -1,34 +0,0 @@
-From 1446e37d3d032e1452844778b3e6ba2c20f0c322 Mon Sep 17 00:00:00 2001
-From: James Almer <jamrial@gmail.com>
-Date: Mon, 30 Dec 2024 00:25:41 -0300
-Subject: [PATCH] avfilter/buffersrc: check for valid sample rate
-
-A sample rate <= 0 is invalid.
-
-Fixes an assert in ffmpeg_enc.c that assumed a valid sample rate would be set.
-Fixes ticket #11385.
-
-Signed-off-by: James Almer <jamrial@gmail.com>
---
- libavfilter/buffersrc.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/libavfilter/buffersrc.c b/libavfilter/buffersrc.c
-index bdf8b14451..c921803c67 100644
--- a/libavfilter/buffersrc.c
-+++ b/libavfilter/buffersrc.c
-@@ -421,6 +421,11 @@ static av_cold int init_audio(AVFilterContext *ctx)
-         av_channel_layout_describe(&s->ch_layout, buf, sizeof(buf));
-     }
- 
-+    if (s->sample_rate <= 0) {
-+        av_log(ctx, AV_LOG_ERROR, "Sample rate not set\n");
-+        return AVERROR(EINVAL);
-+    }
-+
-     if (!s->time_base.num)
-         s->time_base = (AVRational){1, s->sample_rate};
- 
-- 
-2.44.0
-
--- a/ffmpeg-7.1.1.tar.xz
+++ b/ffmpeg-7.1.1.tar.xz
--- a/ffmpeg-7.1.1.tar.xz.asc
+++ b/ffmpeg-7.1.1.tar.xz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmfE+J4YHGZmbXBlZy1k
+ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYNAwH/3i5n8X6+6Gw+1U+k6Lfwe4t
+d1AmG/XyJd3ZkqnSXmtpW/p/DoHaRQLTJMHq/5jWi0Dcpr8M8VD0pZxzEksfy0XY
+xHEqKXRG37/SyoiH39+BXWOSry4shIhzTVfmQi9QGZ0i69J+ZOpP1cImWz2c6QBM
+Q2FMPv1QMVNR2UWHDGgYAvvg2qfJfGgIdQQtvAQe1q3co6LuaZC0ndgoNmNyuPLV
+nNmsoetZucoNC4M7kcevyssrRMDi+yHk5X86LfV/cBY+BKP9X8u8pieXrnctSYAh
+qqBnsg4jSj3fB96QvsFsdbUWEECKm4/gWJngMQTMk2Tg0RpQAwfHvp21Lppo/xw=
+=xzGf
+-----END PGP SIGNATURE-----
--- a/ffmpeg-7.1.tar.xz
+++ b/ffmpeg-7.1.tar.xz
--- a/ffmpeg-7.1.tar.xz.asc
+++ b/ffmpeg-7.1.tar.xz.asc
@@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmb549IYHGZmbXBlZy1k
-ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYilgH/2sKAFBy8ojPrYxVy7i+O3WO
-bE5lu2yhE6gHkHnxZga5k1uuhkRhapgTiUs9foG0zmL6Qfsg7lJ2EjrieD+hSWsw
-ApqHVW5SUUSrtY0kO9Z/2jQIRBH5JaMPSar6YNPTdXuSUcun784gPgwIGYwzAM/S
-14tkOZpq+X4nSJ4JezJDWeIsdz8zK4gIOuo0eCPbUgZ/A7wUMdypGZ9LOqk/mCc8
-RnErz36HlZzUnGrL73gxsGCQ2PXL+1oMHnt0antF90T4YNusOX9FprclH/jb+RLl
-jTb8RVb/4xJKV96ScMiwy2GaozzXFjzY1X7Gq8WN5NGRlbso6WQpqt8yunD7ib4=
-=A/aU
-----END PGP SIGNATURE-----
--- a/ffmpeg-7.changes
+++ b/ffmpeg-7.changes
@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Fri Apr  4 09:34:14 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Disable OpenVINO, too many dependencies for Factory ring1.
+
+-------------------------------------------------------------------
+Tue Apr  1 23:38:08 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 7.1.1
+  * avformat/wavdec: Fix overflow of intermediate in
+    block_align check
+  * avformat/dvdvideodec: drop packets with unset PTS or DTS
+  * avutil/timecode: Avoid fps overflow in
+    av_timecode_get_smpte_from_framenum()
+  * avcodec/mjpegdec: Disallow progressive bayer images
+  * avformat/mov: don't unconditionally set all audio packets
+    in fragments as key frames
+  * avcodec/libx265: resolve build failure for
+    libx265.so.n, n >= 213
+- Delete ffmpeg-7-CVE-2025-22919.patch,
+  ffmpeg-7-CVE-2025-0518.patch, ffmpeg-7-CVE-2025-1816.patch
+  (merged)
+
+-------------------------------------------------------------------
+Tue Mar 25 11:48:21 UTC 2025 - Adrian Schröter <adrian@suse.de>
+
+- Move BcntSync tag to the %else part where the mini package gets defined
+
+-------------------------------------------------------------------
+Sun Mar 23 23:21:26 UTC 2025 - Mia Herkt <mia@0x0.st>
+
+- Build with OpenVINO support in libavfilter
+
+-------------------------------------------------------------------
+Fri Mar 21 15:28:30 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-7-CVE-2025-1816.patch:
+  Backporting 0526535c from upstream, add missing constrains for
+  num_parameters in audio_element_oub().
+  (CVE-2025-1816, bsc#1238728)
+
+-------------------------------------------------------------------
+Sun Mar 23 23:21:26 UTC 2025 - Mia Herkt <mia@0x0.st>
+
+- Build with OpenVINO support in libavfilter
+
 -------------------------------------------------------------------
 Wed Mar  5 09:46:09 UTC 2025 - Jan Engelhardt <jengelh@inai.de>

@@ -78,7 +124,16 @@ Mon Sep 30 12:34:56 UTC 2024 - olaf@aepfle.de
 Thu Sep 26 10:02:20 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>

 - no longer build against libmfx; build also 15.5 against libvpl
- (boo#1230983)
+ (boo#1230983, boo#1219494)
+
+- dropping support for libmfx below covers:
+  * libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
+  * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
+  * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
+  * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
+  * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
+  * Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892)
+  * Drop libmfx dependency from our product (jira #PED-10024)

 -------------------------------------------------------------------
 Wed Aug 21 09:58:42 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@@ -114,6 +169,11 @@ Wed Aug  7 07:37:24 UTC 2024 - Cliff Zhao <qzhao@suse.com>
  * avcodec/pnmdec: Use 64bit for input size check (CVE-2024-7055, bsc#1229026)
  * fftools/ffmpeg_mux_init: Fix double-free on error (CVE-2024-35365, bsc#1235091)
  * avformat/dxa: Adjust order of operations around block align (CVE-2024-36613, bsc#1235092)
+  * avfilter/vf_minterpolate: Check pts before division (CVE-2023-51798, bsc#1223304)
+  * avfilter/vf_weave: Fix odd height handling (CVE-2023-51793, bsc#1223272)
+  * avfilter/vf_gradfun: Do not overread last line (CVE-2023-50010, bsc#1223256)
+  * avfilter/af_stereowiden: Check length (CVE-2023-51794, bsc#1223437)
+  * avutil/hwcontext: Don't assume frames_uninit is reentrant (CVE-2024-31578, bsc#1223070)
 - Drop ffmpeg-7-CVE-2024-32228.patch:
  The fix has been merged.
 - Drop ffmpeg-7-CVE-2024-32229.patch:
--- a/ffmpeg-7.spec
+++ b/ffmpeg-7.spec
@@ -96,7 +96,7 @@
 %define _major_expected 8

 Name:           ffmpeg-7
-Version:        7.1
+Version:        7.1.1
 Release:        0
 Summary:        Set of libraries for working with various multimedia formats
 License:        GPL-3.0-or-later
@@ -120,8 +120,6 @@ Patch5:         work-around-abi-break.patch
 Patch10:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch15:        11013-avcodec-decode-clean-up-if-get_hw_frames_parameters-.patch
-Patch16:        ffmpeg-7-CVE-2025-22919.patch
-Patch17:        ffmpeg-7-CVE-2025-0518.patch
 Patch18:        ffmpeg-7-CVE-2025-25473.patch
 Patch19:        ffmpeg-7-CVE-2025-22921.patch
 Patch20:        0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
@@ -262,14 +260,6 @@ Requires:       (libavutil59 = %version-%release or ffmpeg-7-mini-libs = %versio
 Requires:       (libpostproc58 = %version-%release or ffmpeg-7-mini-libs = %version-%release)
 Requires:       (libswresample5 = %version-%release or ffmpeg-7-mini-libs = %version-%release)
 Requires:       (libswscale8 = %version-%release or ffmpeg-7-mini-libs = %version-%release)
-%if "%flavor" == "ffmpeg-7-mini"
-# Patches may subtly change internal APIs, so we're sticking %%release in
-# Requires lines. It also conveniently blocks openSUSE libav* being combined
-# with Packman libav*, due to PM's unique %%release numbers.
-# This use of %%release with %flavor however requires bcnt synchro:
-#
-#!BcntSyncTag:  ffmpeg-7
-%endif

 %description
 FFmpeg is a multimedia framework, able to decode, encode,
@@ -820,8 +810,14 @@ done

 %else
 %define _name ffmpeg
+# Patches may subtly change internal APIs, so we're sticking %%release in
+# Requires lines. It also conveniently blocks openSUSE libav* being combined
+# with Packman libav*, due to PM's unique %%release numbers.
+# This use of %%release with %flavor however requires bcnt synchro:
+#
+#!BcntSyncTag:  ffmpeg-7
 Name:           ffmpeg-7-mini
-Version:        7.1
+Version:        7.1.1
 Release:        0
 Summary:        Set of libraries for working with various multimedia formats
 License:        GPL-3.0-or-later