alarrosa/ffmpeg-7
SHA256
1
0
Fork 0
forked from jengelh/ffmpeg-7
Code Pull Requests Activity

Compare commits

merge into: alarrosa:master
Branches Tags
alarrosa:master
alarrosa:factory
jengelh:master
jengelh:factory
...
pull from: jengelh:master
Branches Tags
jengelh:master
jengelh:factory
alarrosa:master
alarrosa:factory

11 Commits
master ... master

Author SHA256 Message Date
Jan Engelhardt
5f822c5560 Bump mini's version 2025-04-02 02:07:52 +02:00
Jan Engelhardt
10630669eb ffmpeg 7.1.1 2025-04-02 02:06:23 +02:00
Adrian Schröter
a40564ee7c
Fix BcntSync handling 2025-03-27 11:18:53 +01:00
Jan Engelhardt
09f8124ff4 Disable openvino on 32-bit 2025-03-26 21:25:23 +01:00
Jan Engelhardt
b1d5de540b Merge 'refs/pull/13/head' 2025-03-25 22:11:38 +01:00
ZhaoQiang
10be3a7196 Add ffmpeg-7-CVE-2025-1816.patch: Backporting 0526535c from upstream, add missing constrains for num_parameters in audio_element_oub(). (CVE-2025-1816, bsc#1238728) and add some lost CVE bugID into the changelog. 2025-03-24 14:32:47 +08:00
Mia Herkt
ce60e9ed66
Build with OpenVINO support in libavfilter 2025-03-24 00:25:11 +01:00
Jan Engelhardt
d27a94528c Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch 2025-03-05 10:46:17 +01:00
ZhaoQiang
40e49d492e Add security fix record on the update history. (CVE-2024-35368, bsc#1234028) 2025-03-01 20:13:07 +08:00
Jan Engelhardt
fba0c8d5ae Add BcntSyncTag directive 2025-02-24 14:06:39 +01:00
ZhaoQiang
90e1a4148e Add 4 patches for 8 CVEs 
* CVE-2024-12361
* CVE-2024-35365
* CVE-2024-36613
* CVE-2025-0518
* CVE-2025-22919
* CVE-2025-22920
* CVE-2025-22921
* CVE-2025-25473
 2025-02-23 21:23:54 +01:00
9 changed files with 219 additions and 18 deletions
Show Stats Expand all files Collapse all files

33
0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch Normal file
View File

@ -0,0 +1,33 @@
From d1ed5c06e3edc5f2b5f3664c80121fa55b0baa95 Mon Sep 17 00:00:00 2001
From: Gyan Doshi <ffmpeg@gyani.pro>
Date: Sat, 22 Feb 2025 10:38:53 +0530
Subject: [PATCH] avcodec/libsvtav1: unbreak build with latest svtav1
SVT-AV1 made a change in their public API in 988e930c but without a
version bump or any other accessible marker, thus breaking ffmpeg build
with current versions of SVT-AV1.
They have finally bumped versions a month later, so check added.
---
libavcodec/libsvtav1.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavcodec/libsvtav1.c b/libavcodec/libsvtav1.c
index 79b28eb4df..43fe531fde 100644
--- a/libavcodec/libsvtav1.c
+++ b/libavcodec/libsvtav1.c
@@ -435,7 +435,11 @@ static av_cold int eb_enc_init(AVCodecContext *avctx)
svt_enc->eos_flag = EOS_NOT_REACHED;
+#if SVT_AV1_CHECK_VERSION(3, 0, 0)
+ svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, &svt_enc->enc_params);
+#else
svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, svt_enc, &svt_enc->enc_params);
+#endif
if (svt_ret != EB_ErrorNone) {
return svt_print_error(avctx, svt_ret, "Error initializing encoder handle");
}
--
2.48.1

29
ffmpeg-7-CVE-2025-22921.patch Normal file
View File

@ -0,0 +1,29 @@
From 7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Wed, 1 Jan 2025 23:58:39 -0300
Subject: [PATCH] avcodec/jpeg2000dec: clear array length when freeing it
Fixes NULL pointer dereferences.
Fixes ticket #11393.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
---
libavcodec/jpeg2000dec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index e5e897a29f..b82d85d5ee 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -1521,6 +1521,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile,
}
}
av_freep(&cblk->lengthinc);
+ cblk->nb_lengthinc = 0;
}
}
// Save state of stream
--
2.44.0

26
ffmpeg-7-CVE-2025-25473.patch Normal file
View File

@ -0,0 +1,26 @@
From c08d300481b8ebb846cd43a473988fdbc6793d1b Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Fri, 17 Jan 2025 00:05:31 -0300
Subject: [PATCH] avformat/avformat: also clear FFFormatContext packet queue
when closing a muxer
packet_buffer is used in mux.c, and if a muxing process fails at a point where
packets remained in said queue, they will leak.
Fixes ticket #11419
Signed-off-by: James Almer <jamrial@gmail.com>
---
libavformat/avformat.c | 1 +
1 file changed, 1 insertion(+)
--- a/libavformat/avformat.c
+++ b/libavformat/avformat.c
@@ -184,6 +184,7 @@
av_dict_free(&si->id3v2_meta);
av_packet_free(&si->pkt);
av_packet_free(&si->parse_pkt);
+ avpriv_packet_list_free(&si->packet_buffer);
av_freep(&s->streams);
av_freep(&s->stream_groups);
ff_flush_packet_queue(s);

BIN
ffmpeg-7.1.1.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

11
ffmpeg-7.1.1.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmfE+J4YHGZmbXBlZy1k
ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYNAwH/3i5n8X6+6Gw+1U+k6Lfwe4t
d1AmG/XyJd3ZkqnSXmtpW/p/DoHaRQLTJMHq/5jWi0Dcpr8M8VD0pZxzEksfy0XY
xHEqKXRG37/SyoiH39+BXWOSry4shIhzTVfmQi9QGZ0i69J+ZOpP1cImWz2c6QBM
Q2FMPv1QMVNR2UWHDGgYAvvg2qfJfGgIdQQtvAQe1q3co6LuaZC0ndgoNmNyuPLV
nNmsoetZucoNC4M7kcevyssrRMDi+yHk5X86LfV/cBY+BKP9X8u8pieXrnctSYAh
qqBnsg4jSj3fB96QvsFsdbUWEECKm4/gWJngMQTMk2Tg0RpQAwfHvp21Lppo/xw=
=xzGf
-----END PGP SIGNATURE-----

BIN
ffmpeg-7.1.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

11
ffmpeg-7.1.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmb549IYHGZmbXBlZy1k
ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYilgH/2sKAFBy8ojPrYxVy7i+O3WO
bE5lu2yhE6gHkHnxZga5k1uuhkRhapgTiUs9foG0zmL6Qfsg7lJ2EjrieD+hSWsw
ApqHVW5SUUSrtY0kO9Z/2jQIRBH5JaMPSar6YNPTdXuSUcun784gPgwIGYwzAM/S
14tkOZpq+X4nSJ4JezJDWeIsdz8zK4gIOuo0eCPbUgZ/A7wUMdypGZ9LOqk/mCc8
RnErz36HlZzUnGrL73gxsGCQ2PXL+1oMHnt0antF90T4YNusOX9FprclH/jb+RLl
jTb8RVb/4xJKV96ScMiwy2GaozzXFjzY1X7Gq8WN5NGRlbso6WQpqt8yunD7ib4=
=A/aU
-----END PGP SIGNATURE-----

96
ffmpeg-7.changes
View File

@ -1,3 +1,78 @@
-------------------------------------------------------------------
Tue Apr 1 23:38:08 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Update to release 7.1.1
* avformat/wavdec: Fix overflow of intermediate in
block_align check
* avformat/dvdvideodec: drop packets with unset PTS or DTS
* avutil/timecode: Avoid fps overflow in
av_timecode_get_smpte_from_framenum()
* avcodec/mjpegdec: Disallow progressive bayer images
* avformat/mov: don't unconditionally set all audio packets
in fragments as key frames
* avcodec/libx265: resolve build failure for
libx265.so.n, n >= 213
- Delete ffmpeg-7-CVE-2025-22919.patch,
ffmpeg-7-CVE-2025-0518.patch, ffmpeg-7-CVE-2025-1816.patch
(merged)
-------------------------------------------------------------------
Tue Mar 25 11:48:21 UTC 2025 - Adrian Schröter <adrian@suse.de>
- Move BcntSync tag to the %else part where the mini package gets defined
-------------------------------------------------------------------
Sun Mar 23 23:21:26 UTC 2025 - Mia Herkt <mia@0x0.st>
- Build with OpenVINO support in libavfilter
-------------------------------------------------------------------
Fri Mar 21 15:28:30 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-7-CVE-2025-1816.patch:
Backporting 0526535c from upstream, add missing constrains for
num_parameters in audio_element_oub().
(CVE-2025-1816, bsc#1238728)
-------------------------------------------------------------------
Wed Mar 5 09:46:09 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
to build with SVT-AV1 3.0.0.
-------------------------------------------------------------------
Fri Feb 19 05:17:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-7-CVE-2025-22921.patch:
Backporting 7f9c7f98 from upstream, clear array length when
freeing it.
(CVE-2025-22921, bsc#1237382)
-------------------------------------------------------------------
Fri Feb 19 04:27:06 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-7-CVE-2025-25473.patch:
Backporting c08d3004 from upstream, clear FFFormatContext packet.
When packet_buffer is used in mux.c, and if a muxing process fails
at a point where packets remained in said queue.
(CVE-2025-25473, bsc#1237351)
-------------------------------------------------------------------
Fri Feb 19 03:18:02 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-7-CVE-2025-0518.patch:
Backporting b5b6391d from upstream, fixes memory data leak when
use sscanf().
(CVE-2025-0518, bsc#1236007)
-------------------------------------------------------------------
Fri Feb 19 02:58:01 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-7-CVE-2025-22919.patch:
Backporting 1446e37d from upstream, check for valid sample rate
As the sample rate <= 0 is invalid.
(CVE-2025-22919, bsc#1237371)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com> Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
@ -22,6 +97,9 @@ Wed Oct 2 08:20:18 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
disposition disposition
* LCEVC enhancement data exporting in H.26x and MP4/ISOBMFF * LCEVC enhancement data exporting in H.26x and MP4/ISOBMFF
* LCEVC filter * LCEVC filter
* avcodec/mpegvideo_enc: Add check for av_packet_new_side_data (CVE-2024-12361, bsc#1237358)
* avformat/dump: print only the actual streams in a tile grid group (CVE-2025-22920, bsc#1237380)
* avcodec/rkmppdec: Fix double-free on error (CVE-2024-35368, bsc#1234028)
- Delete patches/ffmpeg-7-fix-crashes.patch, - Delete patches/ffmpeg-7-fix-crashes.patch,
0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch (merged) 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch (merged)
@ -36,7 +114,16 @@ Mon Sep 30 12:34:56 UTC 2024 - olaf@aepfle.de
Thu Sep 26 10:02:20 UTC 2024 - Stefan Dirsch <sndirsch@suse.com> Thu Sep 26 10:02:20 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- no longer build against libmfx; build also 15.5 against libvpl - no longer build against libmfx; build also 15.5 against libvpl
(boo#1230983) (boo#1230983, boo#1219494)
- dropping support for libmfx below covers:
* libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
* libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
* libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
* libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
* libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
* Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892)
* Drop libmfx dependency from our product (jira #PED-10024)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 21 09:58:42 UTC 2024 - Jan Engelhardt <jengelh@inai.de> Wed Aug 21 09:58:42 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@ -70,6 +157,13 @@ Wed Aug 7 07:37:24 UTC 2024 - Cliff Zhao <qzhao@suse.com>
* avfilter/vf_tiltandshift: fix buffer offset for yuv422p input (CVE-2024-32229, bsc#1227295) * avfilter/vf_tiltandshift: fix buffer offset for yuv422p input (CVE-2024-32229, bsc#1227295)
* avcodec/mpegvideo_enc: Fix 1 line and one column images (CVE-2024-32230, bsc#1227296) * avcodec/mpegvideo_enc: Fix 1 line and one column images (CVE-2024-32230, bsc#1227296)
* avcodec/pnmdec: Use 64bit for input size check (CVE-2024-7055, bsc#1229026) * avcodec/pnmdec: Use 64bit for input size check (CVE-2024-7055, bsc#1229026)
* fftools/ffmpeg_mux_init: Fix double-free on error (CVE-2024-35365, bsc#1235091)
* avformat/dxa: Adjust order of operations around block align (CVE-2024-36613, bsc#1235092)
* avfilter/vf_minterpolate: Check pts before division (CVE-2023-51798, bsc#1223304)
* avfilter/vf_weave: Fix odd height handling (CVE-2023-51793, bsc#1223272)
* avfilter/vf_gradfun: Do not overread last line (CVE-2023-50010, bsc#1223256)
* avfilter/af_stereowiden: Check length (CVE-2023-51794, bsc#1223437)
* avutil/hwcontext: Don't assume frames_uninit is reentrant (CVE-2024-31578, bsc#1223070)
- Drop ffmpeg-7-CVE-2024-32228.patch: - Drop ffmpeg-7-CVE-2024-32228.patch:
The fix has been merged. The fix has been merged.
- Drop ffmpeg-7-CVE-2024-32229.patch: - Drop ffmpeg-7-CVE-2024-32229.patch:

25
ffmpeg-7.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package ffmpeg-7 # spec file for package ffmpeg-7
# #
# Copyright (c) 2024 SUSE LLC # Copyright (c) 2025 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -63,6 +63,7 @@
%bcond_with x264 %bcond_with x264
%bcond_with x265 %bcond_with x265
%bcond_with xvid %bcond_with xvid
%bcond_with openvino
%if 0%{?suse_version} > 1600 %if 0%{?suse_version} > 1600
%bcond_without mysofa %bcond_without mysofa
@ -73,6 +74,9 @@
%bcond_without amrwb %bcond_without amrwb
%bcond_without opencore %bcond_without opencore
%bcond_without xvid %bcond_without xvid
%ifnarch %ix86 %arm32
%bcond_without openvino
%endif
%else %else
%if 0%{?suse_version} > 1500 %if 0%{?suse_version} > 1500
%bcond_without mysofa %bcond_without mysofa
@ -96,7 +100,7 @@
%define _major_expected 8 %define _major_expected 8
Name: ffmpeg-7 Name: ffmpeg-7
Version: 7.1 Version: 7.1.1
Release: 0 Release: 0
Summary: Set of libraries for working with various multimedia formats Summary: Set of libraries for working with various multimedia formats
License: GPL-3.0-or-later License: GPL-3.0-or-later
@ -120,6 +124,9 @@ Patch5: work-around-abi-break.patch
Patch10: ffmpeg-chromium.patch Patch10: ffmpeg-chromium.patch
Patch91: ffmpeg-dlopen-openh264.patch Patch91: ffmpeg-dlopen-openh264.patch
Patch15: 11013-avcodec-decode-clean-up-if-get_hw_frames_parameters-.patch Patch15: 11013-avcodec-decode-clean-up-if-get_hw_frames_parameters-.patch
Patch18: ffmpeg-7-CVE-2025-25473.patch
Patch19: ffmpeg-7-CVE-2025-22921.patch
Patch20: 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
BuildRequires: ladspa-devel BuildRequires: ladspa-devel
BuildRequires: libgsm-devel BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel >= 3.98.3 BuildRequires: libmp3lame-devel >= 3.98.3
@ -222,6 +229,9 @@ BuildRequires: pkgconfig(x264)
%if %{with x265} %if %{with x265}
BuildRequires: pkgconfig(x265) BuildRequires: pkgconfig(x265)
%endif %endif
%if %{with openvino}
BuildRequires: pkgconfig(openvino)
%endif
%ifarch x86_64 %x86_64 aarch64 %ifarch x86_64 %x86_64 aarch64
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150500 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150500
@ -664,6 +674,9 @@ LDFLAGS="%_lto_cflags" \
%if %{with xvid} %if %{with xvid}
--enable-libxvid \ --enable-libxvid \
%endif %endif
%if %{with openvino}
--enable-libopenvino \
%endif
%if !0%{?BUILD_ORIG} %if !0%{?BUILD_ORIG}
--enable-muxers \ --enable-muxers \
--enable-demuxers \ --enable-demuxers \
@ -807,8 +820,14 @@ done
%else %else
%define _name ffmpeg %define _name ffmpeg
# Patches may subtly change internal APIs, so we're sticking %%release in
# Requires lines. It also conveniently blocks openSUSE libav* being combined
# with Packman libav*, due to PM's unique %%release numbers.
# This use of %%release with %flavor however requires bcnt synchro:
#
#!BcntSyncTag: ffmpeg-7
Name: ffmpeg-7-mini Name: ffmpeg-7-mini
Version: 7.1 Version: 7.1.1
Release: 0 Release: 0
Summary: Set of libraries for working with various multimedia formats Summary: Set of libraries for working with various multimedia formats
License: GPL-3.0-or-later License: GPL-3.0-or-later