From cf0e3709c395f116f5a6e0e129b559310ed656aa17aad45d32e0b3d6b2890fe7 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 24 Oct 2018 08:53:31 +0000 Subject: [PATCH 1/7] Accepting request 644174 from home:zhengqiang:branches:multimedia:libs - Add ffmpeg-CVE-2018-13305.patch to add a missing check for negative values of mqaunt variable (CVE-2018-13305, bsc#1100345). OBS-URL: https://build.opensuse.org/request/show/644174 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=27 --- ffmpeg-4.changes | 7 +++++++ ffmpeg-4.spec | 1 + ffmpeg-CVE-2018-13305.patch | 13 +++++++++++++ 3 files changed, 21 insertions(+) create mode 100644 ffmpeg-CVE-2018-13305.patch diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index d02cb27..66d568b 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Oct 23 06:05:42 UTC 2018 - qzheng@suse.com + +- Add ffmpeg-CVE-2018-13305.patch to add a missing check for + negative values of mqaunt variable (CVE-2018-13305, + bsc#1100345). + ------------------------------------------------------------------- Thu Sep 13 23:17:35 UTC 2018 - 9+suse@cirno.systems diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index 6312213..70fce95 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -120,6 +120,7 @@ Patch4: ffmpeg-codec-choice.diff Patch5: cve-2017-17555.diff Patch6: 0001-avformat-flvenc-Check-audio-packet-size.patch Patch7: 0001-avcodec-libaom-fix-setting-amount-of-threads.patch +Patch8: ffmpeg-CVE-2018-13305.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel diff --git a/ffmpeg-CVE-2018-13305.patch b/ffmpeg-CVE-2018-13305.patch new file mode 100644 index 0000000..9e47b0f --- /dev/null +++ b/ffmpeg-CVE-2018-13305.patch @@ -0,0 +1,13 @@ +diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c +index b06ee9f..5b38183 100644 +--- a/libavcodec/vc1_block.c ++++ b/libavcodec/vc1_block.c +@@ -188,7 +188,7 @@ static void vc1_put_signed_blocks_clamped(VC1Context *v) + mquant = v->altpq; \ + if ((edges&8) && s->mb_y == (s->mb_height - 1)) \ + mquant = v->altpq; \ +- if (!mquant || mquant > 31) { \ ++ if (!mquant || mquant > 31 || mquant < -31) { \ + av_log(v->s.avctx, AV_LOG_ERROR, \ + "Overriding invalid mquant %d\n", mquant); \ + mquant = 1; \ From 4926fa7c4478302c188a252d8ca52ce11806afcd62ae356952f801a6c3934de8 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 24 Oct 2018 09:11:22 +0000 Subject: [PATCH 2/7] add patch metadata OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=28 --- ffmpeg-4.spec | 2 +- ffmpeg-CVE-2018-13305.patch | 32 ++++++++++++++++++++++++++------ 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index 70fce95..786bb4e 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # diff --git a/ffmpeg-CVE-2018-13305.patch b/ffmpeg-CVE-2018-13305.patch index 9e47b0f..5401ead 100644 --- a/ffmpeg-CVE-2018-13305.patch +++ b/ffmpeg-CVE-2018-13305.patch @@ -1,13 +1,33 @@ -diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c -index b06ee9f..5b38183 100644 ---- a/libavcodec/vc1_block.c -+++ b/libavcodec/vc1_block.c -@@ -188,7 +188,7 @@ static void vc1_put_signed_blocks_clamped(VC1Context *v) +From d08d4a8c7387e758d439b0592782e4cfa2b4d6a4 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Thu, 28 Jun 2018 23:46:32 +0200 +Subject: [PATCH] avcodec/vc1_block: Fix mqaunt check for negative values +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: out of array access +Fixes: ffmpeg_bof_4.avi +Fixes: ffmpeg_bof_5.avi +Fixes: ffmpeg_bof_6.avi + +Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart +Reviewed-by: Jerome Borsboom +Signed-off-by: Michael Niedermayer +--- + libavcodec/vc1_block.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: ffmpeg-4.0.2/libavcodec/vc1_block.c +=================================================================== +--- ffmpeg-4.0.2.orig/libavcodec/vc1_block.c ++++ ffmpeg-4.0.2/libavcodec/vc1_block.c +@@ -188,7 +188,7 @@ static void vc1_put_signed_blocks_clampe mquant = v->altpq; \ if ((edges&8) && s->mb_y == (s->mb_height - 1)) \ mquant = v->altpq; \ - if (!mquant || mquant > 31) { \ -+ if (!mquant || mquant > 31 || mquant < -31) { \ ++ if (!mquant || mquant > 31 || mquant < -31) { \ av_log(v->s.avctx, AV_LOG_ERROR, \ "Overriding invalid mquant %d\n", mquant); \ mquant = 1; \ From f13059ae06a2591c8744b806ee65f73a5bff139af2581c0143c17281554199b5 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 6 Nov 2018 12:51:39 +0000 Subject: [PATCH 3/7] Accepting request 646517 from home:seanlew:branches:multimedia:libs Update ffmpeg to 4.1 OBS-URL: https://build.opensuse.org/request/show/646517 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=29 --- ...ormat-flvenc-Check-audio-packet-size.patch | 33 ------------------- ffmpeg-4.0.2.tar.xz | 3 -- ffmpeg-4.0.2.tar.xz.asc | 11 ------- ffmpeg-4.1.tar.xz | 3 ++ ffmpeg-4.1.tar.xz.asc | 11 +++++++ ffmpeg-4.changes | 16 +++++++++ ffmpeg-4.spec | 5 +-- 7 files changed, 31 insertions(+), 51 deletions(-) delete mode 100644 0001-avformat-flvenc-Check-audio-packet-size.patch delete mode 100644 ffmpeg-4.0.2.tar.xz delete mode 100644 ffmpeg-4.0.2.tar.xz.asc create mode 100644 ffmpeg-4.1.tar.xz create mode 100644 ffmpeg-4.1.tar.xz.asc diff --git a/0001-avformat-flvenc-Check-audio-packet-size.patch b/0001-avformat-flvenc-Check-audio-packet-size.patch deleted file mode 100644 index dd2dd2b..0000000 --- a/0001-avformat-flvenc-Check-audio-packet-size.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Sat, 28 Jul 2018 15:03:50 +0200 -Subject: [PATCH] avformat/flvenc: Check audio packet size - -Fixes: Assertion failure -Fixes: assert_flvenc.c:941_1.swf - -Found-by: #CHEN HONGXU# -Signed-off-by: Michael Niedermayer ---- - libavformat/flvenc.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c -index 1c552a3e6b..e4863f1fc7 100644 ---- a/libavformat/flvenc.c -+++ b/libavformat/flvenc.c -@@ -883,6 +883,11 @@ static int flv_write_packet(AVFormatContext *s, AVPacket *pkt) - int flags = -1, flags_size, ret; - int64_t cur_offset = avio_tell(pb); - -+ if (par->codec_type == AVMEDIA_TYPE_AUDIO && !pkt->size) { -+ av_log(s, AV_LOG_WARNING, "Empty audio Packet\n"); -+ return AVERROR(EINVAL); -+ } -+ - if (par->codec_id == AV_CODEC_ID_VP6F || par->codec_id == AV_CODEC_ID_VP6A || - par->codec_id == AV_CODEC_ID_VP6 || par->codec_id == AV_CODEC_ID_AAC) - flags_size = 2; --- -2.18.0 - diff --git a/ffmpeg-4.0.2.tar.xz b/ffmpeg-4.0.2.tar.xz deleted file mode 100644 index 88a44a0..0000000 --- a/ffmpeg-4.0.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a95c0cc9eb990e94031d2183f2e6e444cc61c99f6f182d1575c433d62afb2f97 -size 8662984 diff --git a/ffmpeg-4.0.2.tar.xz.asc b/ffmpeg-4.0.2.tar.xz.asc deleted file mode 100644 index 021b87e..0000000 --- a/ffmpeg-4.0.2.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJbT0bXAAoJELQyLwTWdljYa7EIAIkBwOpBdZNuVvD2aNH82zmP -1lnqsSFaO/OlQrs7M0cOGXgqmkIkVQZerWwO+VRct5oYut+MNCqVfT8L2pTNcHNW -6aE3Jtvw00zwklNKI9e4oktypvcbe8m40QgPvNPu8lxiGZvafvGy53ioVI2eANFj -PD2+BUGTRuotbm8skOpGTkU+RL74oPCdHEP9OcL3K4XnDFDMCXkjk34xCs4pnkV0 -2rVOque36M54DHQHa+qD1hxiqWiAyhEPnCklRwTRLLwPQuLiBDi/vExvDTsJHIuU -AfdSsykmJz3c6biKOKOP6GYW7UjfsiIOV+G+uuZGJ/eBw0zXc38l8Rc7C1Kwmj4= -=9xRf ------END PGP SIGNATURE----- diff --git a/ffmpeg-4.1.tar.xz b/ffmpeg-4.1.tar.xz new file mode 100644 index 0000000..584d6fb --- /dev/null +++ b/ffmpeg-4.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a38ec4d026efb58506a99ad5cd23d5a9793b4bf415f2c4c2e9c1bb444acd1994 +size 8890608 diff --git a/ffmpeg-4.1.tar.xz.asc b/ffmpeg-4.1.tar.xz.asc new file mode 100644 index 0000000..64b4870 --- /dev/null +++ b/ffmpeg-4.1.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJb4NGUAAoJELQyLwTWdljYvM0IALBVSeOXmMzhNFDH8x0peai9 +IX6WaiOnVnKWmmguMl08h84+S9qAwm6ESBSF9Qaw+97/95d067BzisxmBlrMh2EX +/EkbdHjsWdAi0Dt5XXluIn0fDX271ad6dWeT5HZqXh/V9qvDFPegv8W/vFIhsOc6 +nZoFzkBZFD5Mwpj2jZMD13Dsmfg7hwNdw/YJd2WH8emBE8Izd90espTEv5IKS8qb +Zsk//H0psJfrDxBNZSSU3h2TvHccq5bqS3a3Kzw04aew0safp/aB87tUqxWoJ+PN +UbjWm1UxRrhhmqcEPT/3l8H68AiPn/ZN/2AUYYZXgdzorcoPBwWQIPaO7GtocxE= +=1RoC +-----END PGP SIGNATURE----- diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index 66d568b..6396fc7 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Tue Nov 06 01:39:11 UTC 2018 - sean@suspend.net + +- Update ffmpeg to 4.1 + - Remove 0001-avcodec-libaom-fix-setting-amount-of-threads.patch (fixed upstream (bsc#776cdd1) + - Remove cve-2017-17555.diff (fixed upstream) + * For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1 + +------------------------------------------------------------------- + +Sat Nov 03 14:48:35 UTC 2018 - sean@suspend.net + +- Remove 0001-avformat-fivenc-Check-audio-packet-size.patch (fixed upstream (bsc#8591d16) +- Update ffmpeg to 4.0.3 + * For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3 + ------------------------------------------------------------------- Tue Oct 23 06:05:42 UTC 2018 - qzheng@suse.com diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index 786bb4e..4783a4c 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -98,7 +98,7 @@ %define _major_version 4 %define _major_expected 5 Name: ffmpeg-4 -Version: 4.0.2 +Version: 4.1 Release: 0 Summary: Library for working with various multimedia formats License: LGPL-2.1-or-later AND GPL-2.0-or-later @@ -118,9 +118,6 @@ Patch2: ffmpeg-arm6l.diff Patch3: ffmpeg-new-coder-errors.diff Patch4: ffmpeg-codec-choice.diff Patch5: cve-2017-17555.diff -Patch6: 0001-avformat-flvenc-Check-audio-packet-size.patch -Patch7: 0001-avcodec-libaom-fix-setting-amount-of-threads.patch -Patch8: ffmpeg-CVE-2018-13305.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel From 936a0576bdbf843a4d157a4dde8ebabe347430dd78c76676f6393745f1f9209b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 7 Nov 2018 09:46:48 +0000 Subject: [PATCH 4/7] Update changelog OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=30 --- ffmpeg-4.changes | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index 6396fc7..859d304 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -2,9 +2,34 @@ Tue Nov 06 01:39:11 UTC 2018 - sean@suspend.net - Update ffmpeg to 4.1 - - Remove 0001-avcodec-libaom-fix-setting-amount-of-threads.patch (fixed upstream (bsc#776cdd1) - - Remove cve-2017-17555.diff (fixed upstream) + * Lots of filter updates as usual: deblock, tmix, aplify, + fftdnoiz, aderivative, aintegral, pal75bars, pal100bars, + adeclick, adeclip, lensfun (wrapper), colorconstancy, 1D LUT + filter (lut1d), cue, acue, transpose_npp, amultiply, + Block-Matching 3d (bm3d) denoising filter, acrossover filter, + audio denoiser as afftdn filter, sinc audio filter source, + chromahold, setparams, vibrance, xstack, + (a)graphmonitor filter yadif_cuda filter. + * AV1 parser + * Support for AV1 in MP4 + * PCM VIDC decoder and encoder + * libtensorflow backend for DNN based filters like srcnn + * -- The following only enabled in third-party builds: + * ATRAC9 decoder + * AVS2 video decoder via libdavs2 + * IMM4 video decoder + * Brooktree ProSumer video decoder + * MatchWare Screen Capture Codec decoder + * WinCam Motion Video decoder + * RemotelyAnywhere Screen Capture decoder + * AVS2 video encoder via libxavs2 + * ILBC decoder + * SER demuxer + * Decoding S12M timecode in H264 * For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1 +- Remove 0001-avcodec-libaom-fix-setting-amount-of-threads.patch + (fixed upstream (bsc#776cdd1) +- Remove cve-2017-17555.diff (fixed upstream) ------------------------------------------------------------------- From d2e0febbbdffa297579aa9c89c7a9443b28e32f2ead9d1ddd13ba8ac9464433b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 7 Nov 2018 10:20:13 +0000 Subject: [PATCH 5/7] OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=31 --- ...libaom-fix-setting-amount-of-threads.patch | 51 ------------------- cve-2017-17555.diff | 19 ------- 2 files changed, 70 deletions(-) delete mode 100644 0001-avcodec-libaom-fix-setting-amount-of-threads.patch delete mode 100644 cve-2017-17555.diff diff --git a/0001-avcodec-libaom-fix-setting-amount-of-threads.patch b/0001-avcodec-libaom-fix-setting-amount-of-threads.patch deleted file mode 100644 index bcd82b3..0000000 --- a/0001-avcodec-libaom-fix-setting-amount-of-threads.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 309c3a0e81be553626711912e90015c26f4b09ba Mon Sep 17 00:00:00 2001 -From: James Almer -Date: Thu, 13 Sep 2018 13:26:00 -0300 -Subject: [PATCH] avcodec/libaom: fix setting amount of threads -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The libaom doxy says that a value of 0 for the threads fields is -equivalent to a value of 1, whereas for avctx->thread_count it means -the maximum amount of threads possible for the host system. - -Use av_cpu_count() to get the correct thread count when auto threads -is requested. - -Reviewed-by: Jan Ekström -Signed-off-by: James Almer ---- - libavcodec/libaomdec.c | 2 +- - libavcodec/libaomenc.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libavcodec/libaomdec.c b/libavcodec/libaomdec.c -index 6a2de6d47a..2530c9f76b 100644 ---- a/libavcodec/libaomdec.c -+++ b/libavcodec/libaomdec.c -@@ -43,7 +43,7 @@ static av_cold int aom_init(AVCodecContext *avctx, - AV1DecodeContext *ctx = avctx->priv_data; - struct aom_codec_dec_cfg deccfg = { - /* token partitions+1 would be a decent choice */ -- .threads = FFMIN(avctx->thread_count, 16) -+ .threads = FFMIN(avctx->thread_count ? avctx->thread_count : av_cpu_count(), 16) - }; - - av_log(avctx, AV_LOG_INFO, "%s\n", aom_codec_version_str()); -diff --git a/libavcodec/libaomenc.c b/libavcodec/libaomenc.c -index bbf4cf8b64..6a79d9b873 100644 ---- a/libavcodec/libaomenc.c -+++ b/libavcodec/libaomenc.c -@@ -319,7 +319,7 @@ static av_cold int aom_init(AVCodecContext *avctx, - enccfg.g_h = avctx->height; - enccfg.g_timebase.num = avctx->time_base.num; - enccfg.g_timebase.den = avctx->time_base.den; -- enccfg.g_threads = avctx->thread_count; -+ enccfg.g_threads = avctx->thread_count ? avctx->thread_count : av_cpu_count(); - - if (ctx->lag_in_frames >= 0) - enccfg.g_lag_in_frames = ctx->lag_in_frames; --- -2.18.0 - diff --git a/cve-2017-17555.diff b/cve-2017-17555.diff deleted file mode 100644 index 2624a83..0000000 --- a/cve-2017-17555.diff +++ /dev/null @@ -1,19 +0,0 @@ -From: Jan Engelhardt -Date: 2018-02-12 13:30:29.256158366 +0100 - -References: https://bugzilla.suse.com/show_bug.cgi?id=1072366 -References: CVE-2017-17555 - -Index: ffmpeg-4.0.1/libswresample/audioconvert.c -=================================================================== ---- ffmpeg-4.0.1.orig/libswresample/audioconvert.c 2018-04-20 12:02:58.000000000 +0200 -+++ ffmpeg-4.0.1/libswresample/audioconvert.c 2018-06-30 00:17:17.785924731 +0200 -@@ -239,7 +239,7 @@ int swri_audio_convert(AudioConvert *ctx - const uint8_t *pi= ich < 0 ? ctx->silence : in->ch[ich]; - uint8_t *po= out->ch[ch]; - uint8_t *end= po + os*len; -- if(!po) -+ if (!pi || !po) - continue; - ctx->conv_f(po+off*os, pi+off*is, is, os, end); - } From 80f63e5f1f4e24a2d1ebd5d3cfc2526e43006af1e0a78186d5eceea09433bc72 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 7 Nov 2018 12:29:42 +0000 Subject: [PATCH 6/7] synchronize changelog with patch list after recent user submission OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=32 --- ffmpeg-4.changes | 2 +- ffmpeg-4.spec | 1 - ffmpeg-CVE-2018-13305.patch | 33 --------------------------------- 3 files changed, 1 insertion(+), 35 deletions(-) delete mode 100644 ffmpeg-CVE-2018-13305.patch diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index 859d304..5ef79aa 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -28,7 +28,7 @@ Tue Nov 06 01:39:11 UTC 2018 - sean@suspend.net * Decoding S12M timecode in H264 * For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1 - Remove 0001-avcodec-libaom-fix-setting-amount-of-threads.patch - (fixed upstream (bsc#776cdd1) + (fixed upstream (bsc#776cdd1), remove ffmpeg-CVE-2018-13305.patch - Remove cve-2017-17555.diff (fixed upstream) ------------------------------------------------------------------- diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index 4783a4c..d76c261 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -117,7 +117,6 @@ Patch1: ffmpeg-libcdio_cdda-pkgconfig.patch Patch2: ffmpeg-arm6l.diff Patch3: ffmpeg-new-coder-errors.diff Patch4: ffmpeg-codec-choice.diff -Patch5: cve-2017-17555.diff BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel diff --git a/ffmpeg-CVE-2018-13305.patch b/ffmpeg-CVE-2018-13305.patch deleted file mode 100644 index 5401ead..0000000 --- a/ffmpeg-CVE-2018-13305.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d08d4a8c7387e758d439b0592782e4cfa2b4d6a4 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Thu, 28 Jun 2018 23:46:32 +0200 -Subject: [PATCH] avcodec/vc1_block: Fix mqaunt check for negative values -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes: out of array access -Fixes: ffmpeg_bof_4.avi -Fixes: ffmpeg_bof_5.avi -Fixes: ffmpeg_bof_6.avi - -Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart -Reviewed-by: Jerome Borsboom -Signed-off-by: Michael Niedermayer ---- - libavcodec/vc1_block.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: ffmpeg-4.0.2/libavcodec/vc1_block.c -=================================================================== ---- ffmpeg-4.0.2.orig/libavcodec/vc1_block.c -+++ ffmpeg-4.0.2/libavcodec/vc1_block.c -@@ -188,7 +188,7 @@ static void vc1_put_signed_blocks_clampe - mquant = v->altpq; \ - if ((edges&8) && s->mb_y == (s->mb_height - 1)) \ - mquant = v->altpq; \ -- if (!mquant || mquant > 31) { \ -+ if (!mquant || mquant > 31 || mquant < -31) { \ - av_log(v->s.avctx, AV_LOG_ERROR, \ - "Overriding invalid mquant %d\n", mquant); \ - mquant = 1; \ From 193e3b605588a9f9fae7626071a0361b5e968a0a5ade900a900a62c9fd4be8a3 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 7 Nov 2018 17:22:28 +0000 Subject: [PATCH 7/7] . OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=33 --- ffmpeg-4.changes | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index 5ef79aa..68d063c 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -28,8 +28,9 @@ Tue Nov 06 01:39:11 UTC 2018 - sean@suspend.net * Decoding S12M timecode in H264 * For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1 - Remove 0001-avcodec-libaom-fix-setting-amount-of-threads.patch - (fixed upstream (bsc#776cdd1), remove ffmpeg-CVE-2018-13305.patch -- Remove cve-2017-17555.diff (fixed upstream) + (fixed upstream (bsc#776cdd1), remove ffmpeg-CVE-2018-13305.patch, + remove 0001-avformat-flvenc-Check-audio-packet-size.patch, + remove cve-2017-17555.diff (fixed upstream). -------------------------------------------------------------------