Add descriptionf or ffmpeg-4-CVE-2025-7700.patch

Backporting 3faadbe2 from upstream, Use 64bit for input size check,
Fixes: out of array read, Fixes: poc3.
(CVE-2024-7055, bsc#1229026)

0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch

@@ -1,47 +0,0 @@
-From c3c8f97a9804b4234e97f13b0057ffc2c9af27c0 Mon Sep 17 00:00:00 2001
-From: Christopher Degawa <christopher.degawa@intel.com>
-Date: Thu, 20 Oct 2022 22:55:27 -0500
-Subject: [PATCH] avcodec/libsvtav1: remove compressed_ten_bit_format and
- simplify alloc_buffer
-
-compressed_ten_bit_format has been deprecated upstream and has no effect
-and can be removed. Plus, technically it was never used in the first place
-since it would require the app (ffmpeg) to set it and do additional
-processing of the input frames.
-
-Also simplify alloc_buffer by removing calculations relating to the
-non-existant processing.
-
-Signed-off-by: Christopher Degawa <christopher.degawa@intel.com>
-(cherry picked from commit 031f1561cd286596cdb374da32f8aa816ce3b135)
----
- libavcodec/libsvtav1.c | 10 +++-------
- 1 file changed, 3 insertions(+), 7 deletions(-)
-
-diff --git a/libavcodec/libsvtav1.c b/libavcodec/libsvtav1.c
-index cfd93a2484..38777b0fb7 100644
---- a/libavcodec/libsvtav1.c
-+++ b/libavcodec/libsvtav1.c
-@@ -120,16 +120,12 @@ static int svt_print_error(void *log_ctx, EbErrorType err,
- 
- static int alloc_buffer(EbSvtAv1EncConfiguration *config, SvtContext *svt_enc)
- {
--    const int    pack_mode_10bit =
--        (config->encoder_bit_depth > 8) && (config->compressed_ten_bit_format == 0) ? 1 : 0;
--    const size_t luma_size_8bit  =
--        config->source_width * config->source_height * (1 << pack_mode_10bit);
--    const size_t luma_size_10bit =
--        (config->encoder_bit_depth > 8 && pack_mode_10bit == 0) ? luma_size_8bit : 0;
-+    const size_t luma_size = config->source_width * config->source_height *
-+        (config->encoder_bit_depth > 8 ? 2 : 1);
- 
-     EbSvtIOFormat *in_data;
- 
--    svt_enc->raw_size = (luma_size_8bit + luma_size_10bit) * 3 / 2;
-+    svt_enc->raw_size = luma_size * 3 / 2;
- 
-     // allocate buffer for in and out
-     svt_enc->in_buf           = av_mallocz(sizeof(*svt_enc->in_buf));
--- 
-2.41.0
-

0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch

@@ -0,0 +1,33 @@
+From d1ed5c06e3edc5f2b5f3664c80121fa55b0baa95 Mon Sep 17 00:00:00 2001
+From: Gyan Doshi <ffmpeg@gyani.pro>
+Date: Sat, 22 Feb 2025 10:38:53 +0530
+Subject: [PATCH] avcodec/libsvtav1: unbreak build with latest svtav1
+
+SVT-AV1 made a change in their public API in 988e930c but without a
+version bump or any other accessible marker, thus breaking ffmpeg build
+with current versions of SVT-AV1.
+
+They have finally bumped versions a month later, so check added.
+---
+ libavcodec/libsvtav1.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libavcodec/libsvtav1.c b/libavcodec/libsvtav1.c
+index 79b28eb4df..43fe531fde 100644
+--- a/libavcodec/libsvtav1.c
++++ b/libavcodec/libsvtav1.c
+@@ -435,7 +435,11 @@ static av_cold int eb_enc_init(AVCodecContext *avctx)
+ 
+     svt_enc->eos_flag = EOS_NOT_REACHED;
+ 
++#if SVT_AV1_CHECK_VERSION(3, 0, 0)
++    svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, &svt_enc->enc_params);
++#else
+     svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, svt_enc, &svt_enc->enc_params);
++#endif
+     if (svt_ret != EB_ErrorNone) {
+         return svt_print_error(avctx, svt_ret, "Error initializing encoder handle");
+     }
+-- 
+2.48.1
+

0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch

@@ -1,76 +0,0 @@
-From effadce6c756247ea8bae32dc13bb3e6f464f0eb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= <remi@remlab.net>
-Date: Sun, 16 Jul 2023 18:18:02 +0300
-Subject: [PATCH] avcodec/x86/mathops: clip constants used with shift
- instructions within inline assembly
-
-Fixes assembling with binutil as >= 2.41
-
-Signed-off-by: James Almer <jamrial@gmail.com>
----
- libavcodec/x86/mathops.h | 26 +++++++++++++++++++++++---
- 1 file changed, 23 insertions(+), 3 deletions(-)
-
-diff --git a/libavcodec/x86/mathops.h b/libavcodec/x86/mathops.h
-index 6298f5ed19..ca7e2dffc1 100644
---- a/libavcodec/x86/mathops.h
-+++ b/libavcodec/x86/mathops.h
-@@ -35,12 +35,20 @@
- static av_always_inline av_const int MULL(int a, int b, unsigned shift)
- {
-     int rt, dummy;
-+    if (__builtin_constant_p(shift))
-     __asm__ (
-         "imull %3               \n\t"
-         "shrdl %4, %%edx, %%eax \n\t"
-         :"=a"(rt), "=d"(dummy)
--        :"a"(a), "rm"(b), "ci"((uint8_t)shift)
-+        :"a"(a), "rm"(b), "i"(shift & 0x1F)
-     );
-+    else
-+        __asm__ (
-+            "imull %3               \n\t"
-+            "shrdl %4, %%edx, %%eax \n\t"
-+            :"=a"(rt), "=d"(dummy)
-+            :"a"(a), "rm"(b), "c"((uint8_t)shift)
-+        );
-     return rt;
- }
- 
-@@ -113,19 +121,31 @@ __asm__ volatile(\
- // avoid +32 for shift optimization (gcc should do that ...)
- #define NEG_SSR32 NEG_SSR32
- static inline  int32_t NEG_SSR32( int32_t a, int8_t s){
-+    if (__builtin_constant_p(s))
-     __asm__ ("sarl %1, %0\n\t"
-          : "+r" (a)
--         : "ic" ((uint8_t)(-s))
-+         : "i" (-s & 0x1F)
-     );
-+    else
-+        __asm__ ("sarl %1, %0\n\t"
-+               : "+r" (a)
-+               : "c" ((uint8_t)(-s))
-+        );
-     return a;
- }
- 
- #define NEG_USR32 NEG_USR32
- static inline uint32_t NEG_USR32(uint32_t a, int8_t s){
-+    if (__builtin_constant_p(s))
-     __asm__ ("shrl %1, %0\n\t"
-          : "+r" (a)
--         : "ic" ((uint8_t)(-s))
-+         : "i" (-s & 0x1F)
-     );
-+    else
-+        __asm__ ("shrl %1, %0\n\t"
-+               : "+r" (a)
-+               : "c" ((uint8_t)(-s))
-+        );
-     return a;
- }
- 
--- 
-2.42.0
-

0001-avfilter-af_stereowiden-Check-length.patch

@@ -1,29 +0,0 @@
-From 50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 Mon Sep 17 00:00:00 2001
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Sat, 23 Dec 2023 04:03:01 +0100
-Subject: [PATCH] avfilter/af_stereowiden: Check length
-References: https://bugzilla.opensuse.org/1223437
-References: CVE-2023-51794
-
-Fixes: out of array access
-Fixes: tickets/10746/poc13ffmpeg
-
-Found-by: Zeng Yunxiang
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
----
- libavfilter/af_stereowiden.c |    2 ++
- 1 file changed, 2 insertions(+)
-
-Index: ffmpeg-4.4.4/libavfilter/af_stereowiden.c
-===================================================================
---- ffmpeg-4.4.4.orig/libavfilter/af_stereowiden.c
-+++ ffmpeg-4.4.4/libavfilter/af_stereowiden.c
-@@ -75,6 +75,8 @@ static int config_input(AVFilterLink *in
- 
-     s->length = s->delay * inlink->sample_rate / 1000;
-     s->length *= 2;
-+    if (s->length == 0)
-+        return AVERROR(EINVAL);
-     s->buffer = av_calloc(s->length, sizeof(*s->buffer));
-     if (!s->buffer)
-         return AVERROR(ENOMEM);

0001-avfilter-vf_minterpolate-Check-pts-before-division.patch

@@ -1,40 +0,0 @@
-From 68146f06f852078866b3ef1564556e3a272920c7 Mon Sep 17 00:00:00 2001
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Sat, 30 Dec 2023 02:51:32 +0100
-Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division
-References: https://bugzilla.opensuse.org/1223304
-References: CVE-2023-51798
-
-Fixes: FPE
-Fixes: tickets/10758/poc20ffmpeg
-
-Discovered by Zeng Yunxiang
-
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
----
- libavfilter/vf_minterpolate.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c
-index 9920210ece..b2242a15ee 100644
---- a/libavfilter/vf_minterpolate.c
-+++ b/libavfilter/vf_minterpolate.c
-@@ -1075,8 +1075,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out)
-     pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den,
-                                    (int64_t)             outlink->time_base.den * inlink->time_base.num);
- 
--    alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
--    alpha = av_clip(alpha, 0, ALPHA_MAX);
-+    if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) {
-+        alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
-+        alpha = av_clip(alpha, 0, ALPHA_MAX);
-+    } else {
-+        av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n");
-+        alpha = 0;
-+    }
- 
-     if (alpha == 0 || alpha == ALPHA_MAX) {
-         av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf);
--- 
-2.44.0
-

ffmpeg-4-CVE-2024-12361.patch

@@ -0,0 +1,32 @@
+From 4065ff69a2ed49872f8694a03d0642b18c9d977c Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiashengjiangcool@outlook.com>
+Date: Mon, 10 Jun 2024 14:18:11 +0000
+Subject: [PATCH] avcodec/mpegvideo_enc: Add check for
+ av_packet_new_side_data()
+
+Add check for av_packet_new_side_data() to avoid null pointer
+dereference if allocation fails.
+
+Fixes: bdc1220eeb ("h263enc: Add an option for outputting info about MBs as side data")
+Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
+Signed-off-by: Anton Khirnov <anton@khirnov.net>
+---
+ libavcodec/mpegvideo_enc.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
+index 620ca08869..d33754d115 100644
+--- a/libavcodec/mpegvideo_enc.c
++++ b/libavcodec/mpegvideo_enc.c
+@@ -1825,6 +1825,8 @@ int ff_mpv_encode_picture(AVCodecContext *avctx, AVPacket *pkt,
+             s->mb_info_ptr = av_packet_new_side_data(pkt,
+                                  AV_PKT_DATA_H263_MB_INFO,
+                                  s->mb_width*s->mb_height*12);
++            if (!s->mb_info_ptr)
++                return AVERROR(ENOMEM);
+             s->prev_mb_info = s->last_mb_info = s->mb_info_size = 0;
+         }
+ 
+-- 
+2.44.0
+

ffmpeg-4-CVE-2024-35368.patch

@@ -0,0 +1,31 @@
+From 4513300989502090c4fd6560544dce399a8cd53c Mon Sep 17 00:00:00 2001
+From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date: Sun, 24 Sep 2023 13:15:48 +0200
+Subject: [PATCH] avcodec/rkmppdec: Fix double-free on error
+
+After having created the AVBuffer that is put into frame->buf[0],
+ownership of several objects (namely an AVDRMFrameDescriptor,
+an MppFrame and some AVBufferRefs framecontextref and decoder_ref)
+has passed to the AVBuffer and therefore to the frame.
+Yet it has nevertheless been freed manually on error
+afterwards, which would lead to a double-free as soon
+as the AVFrame is unreferenced.
+
+Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+---
+ libavcodec/rkmppdec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/libavcodec/rkmppdec.c
++++ b/libavcodec/rkmppdec.c
+@@ -460,8 +460,8 @@
+ 
+             frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref);
+             if (!frame->hw_frames_ctx) {
+-                ret = AVERROR(ENOMEM);
+-                goto fail;
++                av_frame_unref(frame);
++                return AVERROR(ENOMEM);
+             }
+ 
+             return 0;

ffmpeg-4-CVE-2024-36618.patch

@@ -0,0 +1,23 @@
+commit 7a089ed8e049e3bfcb22de1250b86f2106060857
+Author: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date:   Tue Mar 12 23:23:17 2024 +0100
+
+    avformat/avidec: Fix integer overflow iff ULONG_MAX < INT64_MAX
+    
+    Affects many FATE-tests, see
+    https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu
+    
+    Reviewed-by: James Almer <jamrial@gmail.com>
+    Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+
+--- a/libavformat/avidec.c
++++ b/libavformat/avidec.c
+@@ -1694,7 +1694,7 @@
+     int *idx = av_mallocz_array(s->nb_streams, sizeof(*idx));
+     if (!idx)
+         return AVERROR(ENOMEM);
+-    for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1LU) {
++    for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1ULL) {
+         int64_t max_dts = INT64_MIN / 2;
+         int64_t min_dts = INT64_MAX / 2;
+         int64_t max_buffer = 0;

ffmpeg-4-CVE-2025-22921.patch

@@ -0,0 +1,29 @@
+From 7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Wed, 1 Jan 2025 23:58:39 -0300
+Subject: [PATCH] avcodec/jpeg2000dec: clear array length when freeing it
+
+Fixes NULL pointer dereferences.
+Fixes ticket #11393.
+
+Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavcodec/jpeg2000dec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
+index e5e897a29f..b82d85d5ee 100644
+--- a/libavcodec/jpeg2000dec.c
++++ b/libavcodec/jpeg2000dec.c
+@@ -1521,6 +1521,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile,
+                 }
+             }
+             av_freep(&cblk->lengthinc);
++            cblk->nb_lengthinc = 0;
+         }
+     }
+     // Save state of stream
+-- 
+2.44.0
+

ffmpeg-4-CVE-2025-25473.patch

@@ -0,0 +1,26 @@
+From c08d300481b8ebb846cd43a473988fdbc6793d1b Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Fri, 17 Jan 2025 00:05:31 -0300
+Subject: [PATCH] avformat/avformat: also clear FFFormatContext packet queue
+ when closing a muxer
+
+packet_buffer is used in mux.c, and if a muxing process fails at a point where
+packets remained in said queue, they will leak.
+
+Fixes ticket #11419
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavformat/avformat.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/libavformat/utils.c
++++ b/libavformat/utils.c
+@@ -4478,6 +4478,7 @@
+     av_dict_free(&s->internal->id3v2_meta);
+     av_packet_free(&s->internal->pkt);
+     av_packet_free(&s->internal->parse_pkt);
++    avpriv_packet_list_free(&s->internal->packet_buffer, &s->internal->packet_buffer_end);
+     av_freep(&s->streams);
+     flush_packet_queue(s);
+     av_freep(&s->internal);

ffmpeg-4-CVE-2025-7700.patch

@@ -0,0 +1,39 @@
+From 35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07 Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
+Date: Thu, 10 Jul 2025 16:26:39 +0000
+Subject: [PATCH] libavcodec/alsdec.c: Add check for av_malloc_array() and
+ av_calloc()
+
+Add check for the return value of av_malloc_array() and av_calloc()
+to avoid potential NULL pointer dereference.
+
+Fixes: dcfd24b10c ("avcodec/alsdec: Implement floating point sample data decoding")
+
+[Remodeled for ffmpeg-4.x - sckang@suse.com]
+
+Index: ffmpeg-4.4.6/libavcodec/alsdec.c
+===================================================================
+--- ffmpeg-4.4.6.orig/libavcodec/alsdec.c
++++ ffmpeg-4.4.6/libavcodec/alsdec.c
+@@ -2116,8 +2116,8 @@ static av_cold int decode_init(AVCodecCo
+         ctx->nbits  = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits));
+         ctx->mlz    = av_mallocz(sizeof(*ctx->mlz));
+ 
+-        if (!ctx->mlz || !ctx->acf || !ctx->shift_value || !ctx->last_shift_value
+-            || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
++        if (!ctx->larray || !ctx->nbits || !ctx->mlz || !ctx->acf || !ctx->shift_value
++            || !ctx->last_shift_value || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
+             av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
+             ret = AVERROR(ENOMEM);
+             goto fail;
+@@ -2128,6 +2128,10 @@ static av_cold int decode_init(AVCodecCo
+ 
+         for (c = 0; c < avctx->channels; ++c) {
+             ctx->raw_mantissa[c] = av_mallocz_array(ctx->cur_frame_length, sizeof(**ctx->raw_mantissa));
++            if (!ctx->raw_mantissa[c]) {
++                av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
++                ret = AVERROR(ENOMEM);
++                goto fail;
+         }
+     }
+ 

ffmpeg-4.2-dlopen-fdk_aac.patch

@@ -1,7 +1,14 @@
-Index: ffmpeg-4.4.3/configure
+---
+ configure                  |    3 ++
+ libavcodec/dlopen.h        |   12 ++++++++++
+ libavcodec/libfdk-aacdec.c |   53 +++++++++++++++++++++++++++++++++++++++++++++
+ libavcodec/libfdk-aacenc.c |   47 +++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 115 insertions(+)
+
+Index: ffmpeg-4.4.5/configure
 ===================================================================
---- ffmpeg-4.4.3.orig/configure
-+++ ffmpeg-4.4.3/configure
+--- ffmpeg-4.4.5.orig/configure
++++ ffmpeg-4.4.5/configure
 @@ -232,6 +232,7 @@ External library support:
    --enable-libdc1394       enable IIDC-1394 grabbing using libdc1394
                             and libraw1394 [no]
@@ -15,10 +22,10 @@ Index: ffmpeg-4.4.3/configure
      decklink
      libfdk_aac
 +    libfdk_aac_dlopen
-     openssl
      libtls
  "
-@@ -6368,6 +6370,7 @@ enabled libdrm            && require_pkg
+ 
+@@ -6370,6 +6372,7 @@ enabled libdrm            && require_pkg
  enabled libfdk_aac        && { check_pkg_config libfdk_aac fdk-aac "fdk-aac/aacenc_lib.h" aacEncOpen ||
                                 { require libfdk_aac fdk-aac/aacenc_lib.h aacEncOpen -lfdk-aac &&
                                   warn "using libfdk without pkg-config"; } }
@@ -26,10 +33,10 @@ Index: ffmpeg-4.4.3/configure
  flite_extralibs="-lflite_cmu_time_awb -lflite_cmu_us_awb -lflite_cmu_us_kal -lflite_cmu_us_kal16 -lflite_cmu_us_rms -lflite_cmu_us_slt -lflite_usenglish -lflite_cmulex -lflite"
  enabled libflite          && require libflite "flite/flite.h" flite_init $flite_extralibs
  enabled fontconfig        && enable libfontconfig
-Index: ffmpeg-4.4.3/libavcodec/dlopen.h
+Index: ffmpeg-4.4.5/libavcodec/dlopen.h
 ===================================================================
 --- /dev/null
-+++ ffmpeg-4.4.3/libavcodec/dlopen.h
++++ ffmpeg-4.4.5/libavcodec/dlopen.h
 @@ -0,0 +1,12 @@
 +#ifndef LOCALINC_DLOPEN_H
 +#define LOCALINC_DLOPEN_H
@@ -43,10 +50,10 @@ Index: ffmpeg-4.4.3/libavcodec/dlopen.h
 +		goto error;
 +
 +#endif
-Index: ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c
+Index: ffmpeg-4.4.5/libavcodec/libfdk-aacdec.c
 ===================================================================
---- ffmpeg-4.4.3.orig/libavcodec/libfdk-aacdec.c
-+++ ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c
+--- ffmpeg-4.4.5.orig/libavcodec/libfdk-aacdec.c
++++ ffmpeg-4.4.5/libavcodec/libfdk-aacdec.c
 @@ -37,6 +37,54 @@
  #define AAC_PCM_MAX_OUTPUT_CHANNELS AAC_PCM_OUTPUT_CHANNELS
  #endif
@@ -114,10 +121,10 @@ Index: ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c
      s->handle = aacDecoder_Open(avctx->extradata_size ? TT_MP4_RAW : TT_MP4_ADTS, 1);
      if (!s->handle) {
          av_log(avctx, AV_LOG_ERROR, "Error opening decoder\n");
-Index: ffmpeg-4.4.3/libavcodec/libfdk-aacenc.c
+Index: ffmpeg-4.4.5/libavcodec/libfdk-aacenc.c
 ===================================================================
---- ffmpeg-4.4.3.orig/libavcodec/libfdk-aacenc.c
-+++ ffmpeg-4.4.3/libavcodec/libfdk-aacenc.c
+--- ffmpeg-4.4.5.orig/libavcodec/libfdk-aacenc.c
++++ ffmpeg-4.4.5/libavcodec/libfdk-aacenc.c
 @@ -35,6 +35,48 @@
  #define FDKENC_VER_AT_LEAST(vl0, vl1) 0
  #endif

ffmpeg-4.4.4.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQFMBAABCAA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmQ2/oUYHGZmbXBlZy1k
-ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYkGMH/iRlBGO1ZcCPnNpJt6pAqxcY
-cP4hmanIPLLBPQfbHIwGUJDiTDIpXuFeWC7dt08Q8ndXtXbjTJ0T+hZP7Riuzns8
-bwXfrCRioKlmIZSUg9WMErNW+vE/nUFn20q4PdzaWbeUbIsZEW6Btt4C4JuBCLsn
-K2WZa7/GwaMnLLPIUIaNzW//aeUj11IhY74qB3k5nOhidgptY1en7xa9x1kZ3dvW
-wx2vO+2fS5SlvBfj2KFAey+FX2LAEZFjRaiWRnzlO5daqO4acWMtRAQeMk5rs21W
-NeTZUqZoPaaNfcFz1yWsBv19Fte4R9D8oD4TwMd5ikZZ2hjV+N+EMEFNWLoH02Q=
-=e6RR
------END PGP SIGNATURE-----

ffmpeg-4.4.6.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmgom1oYHGZmbXBlZy1k
+ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYtS0H/3h3yGALOlSSjBmZq/+wfw0k
+QrgDVTSzILA2xnhPq4d9b6JxcaiJFX2wweid0/JxTwOE8Ky0cU+ErArlmyB1OpNl
+KNzy0MXgPHV3X39Tnzgytl8nQSei2aAtg1asOscV6Lwp4e76VQOu2atLHenXq7n7
+xSxCqJG65opWi2yRvS89F7PmdF3VDeYNJGaukF4Lunq4OsOa/sybe45pfd/uhC/F
+aAh/64/U2mhGzl2q1rdv6WIeTxtRpT+umLuUU93g20gk8Y4L3fmwbWx9UxIjUw0X
+A16PQgDw7LmmTxS4NE9cHcTwCGtUvv7ajJs6oj2fPVGScLCLInLc1KkGGkSIqqE=
+=sHXx
+-----END PGP SIGNATURE-----

ffmpeg-4.changes

@@ -1,9 +1,149 @@
+-------------------------------------------------------------------
+Wed Jul 23 07:01:22 UTC 2025 - SongChuan Kang <sckang@suse.com>
+
+- Add ffmpeg-CVE-2025-7700.patch: Add check for the return value
+  of av_malloc_array() and av_calloc() to avoid potential NULL
+  pointer dereference(CVE-2025-7700, bsc#1246790).
+
+-------------------------------------------------------------------
+Fri May 30 14:28:05 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2024-36618.patch:
+  Backport 7a089ed8 from upstream, avformat/avidec: Fix integer
+  overflow iff ULONG_MAX < INT64_MAX.
+  (CVE-2024-36618, bsc#1234020)
+
+-------------------------------------------------------------------
+Thu May 29 20:43:43 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 4.4.6
+  * lavc/libx265: unbreak build for X265_BUILD >= 210
+  * ARM: vp9mc: Load only 12 pixels in the 4 pixel wide
+    horizontal filter
+  * rtmpproto: Avoid rare crashes in the `fail:` codepath in
+    rtmp_open
+  * avcodec/snow: Fix off by 1 error in run_buffer
+  * avcodec/mpegvideo_enc: Check FLV1 resolution limits
+- Delete ffmpeg-CVE-2023-49502.patch,
+  0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch,
+  ffmpeg-4-CVE-2025-0518.patch, ffmpeg-4-CVE-2025-22919.patch (merged)
+
+-------------------------------------------------------------------
+Wed Mar  5 09:46:09 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
+  to build with SVT-AV1 3.0.0.
+
+-------------------------------------------------------------------
+Fri Feb 19 05:17:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2025-22921.patch:
+  Backport 7f9c7f98 from upstream, clear array length when
+  freeing it.
+  (CVE-2025-22921, bsc#1237382)
+
+-------------------------------------------------------------------
+Fri Feb 19 04:27:06 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2025-25473.patch:
+  Backport c08d3004 from upstream, clear FFFormatContext packet.
+  When packet_buffer is used in mux.c, and if a muxing process fails
+  at a point where packets remained in said queue.
+  (CVE-2025-25473, bsc#1237351)
+
+-------------------------------------------------------------------
+Fri Feb 19 03:18:02 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2025-0518.patch:
+  Backport b5b6391d from upstream, fixes memory data leak when
+  use sscanf().
+  (CVE-2025-0518, bsc#1236007)
+
+-------------------------------------------------------------------
+Fri Feb 19 02:58:01 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2025-22919.patch:
+  Backport 1446e37d from upstream, check for valid sample rate
+  As the sample rate <= 0 is invalid.
+  (CVE-2025-22919, bsc#1237371)
+
+-------------------------------------------------------------------
+Fri Feb 19 01:48:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2024-12361.patch:
+  Backport 4065ff69 from upstream, add check for av_packet_new_side_data()
+  to avoid null pointer dereference if allocation fails.
+  (CVE-2024-12361, bsc#1237358)
+
+-------------------------------------------------------------------
+Fri Feb 19 01:11:17 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2024-35368.patch:
+  Backport 45133009 from upstream, After having created the
+  AVBuffer that is put into frame->buf[0], ownership of several
+  objects Fix double-free on the AVFrame is unreferenced.
+  (CVE-2024-35368, bsc#1234028)
+
+-------------------------------------------------------------------
+Mon Jan  6 11:53:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 4.4.5
+  * Reliability/bug fixes
+  Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
+  Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int'
+  (CVE-2024-36613, bsc#1235092)
+  avformat/cafdec: dont seek beyond 64bit (CVE-2024-36617, bsc#1234019).
+  avformat/westwood_vqa: Fix 2g packets (CVE-2024-36616, bsc#1234018).
+- Delete
+  0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
+  0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
+  0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
+  ffmpeg-CVE-2023-51793.patch
+  0001-avfilter-af_stereowiden-Check-length.patch
+  ffmpeg-fix-new-binutils.patch
+  ffmpeg-CVE-2023-50010.patch
+  ffmpeg-4-CVE-2024-32230.patch
+  ffmpeg-4-CVE-2024-7055.patch (all merged)
+  (CVE-2023-51798, bsc#1223304)
+
+-------------------------------------------------------------------
+Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Adjust bconds to build the package in SLFO without xvidcore.
+
+-------------------------------------------------------------------
+Fri Sep  6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2024-7055.patch:
+  Backport 3faadbe2 from upstream, Use 64bit for input size check,
+  Fixes: out of array read, Fixes: poc3.
+  (CVE-2024-7055, bsc#1229026)
+
+-------------------------------------------------------------------
+Wed Aug 28 10:42:38 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+  [boo#1229338]
+
+-------------------------------------------------------------------
+Fri Jul 26 13:19:42 UTC 2024 - Filip Kastl <filip.kastl@suse.com>
+
+- Add ffmpeg-c99.patch so that the package conforms to the C99
+  standard and builds on i586 with GCC 14.
+
+-------------------------------------------------------------------
+Tue Jul  2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2024-32230.patch:
+  Backport 96449cfe from upstream, Fix 1 line and one column images.
+  (CVE-2024-32230, bsc#1227296)
+
 -------------------------------------------------------------------
 Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50010.patch:
-  Backporting e4d2666b from upstream, fixes the out of array access.
-  (CVE-2023-50010 bsc#1223256)
+  Backport e4d2666b from upstream, fixes the out of array access.
+  (CVE-2023-50010, bsc#1223256)
 
 -------------------------------------------------------------------
 Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@@ -15,34 +155,53 @@ Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-51793.patch:
-  Backporting 0ecc1f0e from upstream, Fix odd height handling.
-  (CVE-2023-51793 bsc#1223272)
+  Backport 0ecc1f0e from upstream, Fix odd height handling.
+  (CVE-2023-51793, bsc#1223272)
 
 -------------------------------------------------------------------
 Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-49502.patch:
-  Backporting 737ede40 from upstream, account for chroma sub-sampling
+  Backport 737ede40 from upstream, account for chroma sub-sampling
   in min size calculation.
-  (CVE-2023-49502 bsc#1223235)
+  (CVE-2023-49502, bsc#1223235)
 
 -------------------------------------------------------------------
 Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 
-- Address boo#1223304/CVE-2023-51798: add patch
-  0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
+- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch:
+  Backport 68146f06 from upstream, Check pts before division.
+  (CVE-2023-51798, bsc#1223304)
 
 -------------------------------------------------------------------
 Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 
-- Address boo#1223070/CVE-2024-31578: add patch
-  0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
+- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch:
+  Backport 76a48e85 from upstream, Check length.
+  (CVE-2024-31578, bsc#1223070)
+
+-------------------------------------------------------------------
+Mon Feb 12 18:23:41 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
+
+- ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
+  * fixes build against dav1d, which has been updated in
+    SUSE:SLE-15-SP5:Update (where apparently no rebuild of ffmpeg-4
+    had been triggered)
 
 -------------------------------------------------------------------
 Fri Feb  2 09:34:15 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
 
-- drop support for libmfx, which is no longer supported upstream
-  at all (boo#1219494)
+- no longer build against libmfx; build also 15.5 against libvpl
+ (boo#1230983, boo#1219494)
+
+- dropping support for libmfx below covers:
+  * libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
+  * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
+  * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
+  * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
+  * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
+  * Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892)
+  * Drop libmfx dependency from our product (jira #PED-10024)
 
 -------------------------------------------------------------------
 Tue Dec 26 13:36:38 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
@@ -56,6 +215,13 @@ Wed Dec  6 08:50:00 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
 
 - Copy codec list from ffmpeg-6
 
+-------------------------------------------------------------------
+Fri Nov  3 08:17:13 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- Add ffmpeg-fix-new-binutils.patch:
+  Backport 01fc3034 from upstream, Fix build with new binutils
+  (bsc#1215309)
+
 -------------------------------------------------------------------
 Mon Oct 30 11:16:43 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
 
@@ -72,6 +238,14 @@ Tue Jun 27 07:42:23 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
 
 - Add 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
 
+-------------------------------------------------------------------
+Thu Apr 27 09:27:53 UTC 2023 - Alynx Zhou <alynx.zhou@suse.com>
+
+- Add ffmpeg-4-CVE-2022-48434.patch:
+  Backport d4b7b3c0 from upstream, Fix use after free in
+  libavcodec/pthread_frame.c.
+  (CVE-2022-48434, bsc#1209934)
+
 -------------------------------------------------------------------
 Wed Apr 19 21:00:41 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 
@@ -79,7 +253,7 @@ Wed Apr 19 21:00:41 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
   * avcodec/012v: Order operations for odd size handling
   * avcodec/alsdec: The minimal block is at least 7 bits
   * avcodec/bink:
-    - Avoid undefined out of array end pointers in 
+    - Avoid undefined out of array end pointers in
       binkb_decode_plane()
     - Fix off by 1 error in ref end
   * avcodec/eac3dec: avoid float noise in fixed mode addition to
@@ -143,7 +317,9 @@ Wed Apr 19 21:00:41 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
   * ffmpeg-CVE-2022-3964.patch
   * ffmpeg-CVE-2022-3109.patch
   * ffmpeg-CVE-2022-3341.patch
+  * ffmpeg-4-CVE-2022-48434.patch
 - Use ldconfig_scriptlets macro.
+  (CVE-2022-48434, bsc#1209934)
 
 -------------------------------------------------------------------
 Thu Mar 16 17:54:51 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
@@ -174,6 +350,7 @@ Mon Oct 10 11:18:30 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
 
 - Update to version 4.4.3:
   * Stable bug fix release, mainly codecs, filter and format fixes.
+  * configure: extend SDL check to accept all 2.x versions (boo#12263080).
 - Drop ffmpeg-sdl2-detection.patch: Fixed upstream.
 - Refresh patches with quilt:
   * ffmpeg-libglslang-detection.patch
@@ -238,6 +415,8 @@ Thu Oct 28 15:58:30 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
   * ffmpeg-CVE-2021-38114.patch
   * ffmpeg-CVE-2021-38171.patch
   * ffmpeg-CVE-2020-22037.patch
+- fix avfilter/vf_yadif: Fix handing of tiny images.
+  (CVE-2020-22021, bsc#1186586)
 
 -------------------------------------------------------------------
 Sun Sep 26 02:44:57 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>
@@ -263,7 +442,7 @@ Tue Aug 10 09:38:39 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>
 -------------------------------------------------------------------
 Sat Jul 10 10:11:32 UTC 2021 - Hans-Peter Jansen <hpj@urpla.net>
 
-- Remove second hunk of ffmpeg-CVE-2020-22046.patch, that contains 
+- Remove second hunk of ffmpeg-CVE-2020-22046.patch, that contains
   a goto to a none existing label. In order to distinguish this
   patch from the original, I renamed it to
   ffmpeg-4.4-CVE-2020-22046.patch
@@ -289,7 +468,7 @@ Fri Jun  4 12:29:16 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
 -------------------------------------------------------------------
 Thu May 20 23:16:09 UTC 2021 - Daniel Molkentin <daniel.molkentin@suse.com>
 
-- Enable vulkan on on Leap 15 
+- Enable vulkan on on Leap 15
 
 -------------------------------------------------------------------
 Fri Apr 16 10:20:15 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
@@ -308,8 +487,8 @@ Fri Apr  9 18:52:46 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
 Sun Mar 14 21:08:02 UTC 2021 - Dirk Müller <dmueller@suse.com>
 
 - update to 4.3.2:
-  * lots of oss-fuzz reported overflow fixes, see included ChangeLog 
-- drop 
+  * lots of oss-fuzz reported overflow fixes, see included ChangeLog
+- drop
       ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch
       0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch
       0001-avformat-vividas-improve-extradata-packing-checks-in.patch: upstream
@@ -325,7 +504,7 @@ Sun Jan 24 11:22:02 UTC 2021 - Dirk Müller <dmueller@suse.com>
 
 - remove dependency on OpenJPEG, this is obsolete since ffmpeg 4.0,
   we already build against OpenJPEG 2.1.
-  see changes: 
+  see changes:
     - Dropped support for OpenJPEG versions 2.0 and below. Using OpenJPEG now
       requires 2.1 (or later) and pkg-config.
 
@@ -357,7 +536,7 @@ Mon Jul 27 13:39:27 UTC 2020 - Hans-Peter Jansen <hpj@urpla.net>
 -------------------------------------------------------------------
 Thu Jul 16 10:49:02 UTC 2020 - Alexander Reimelt <alexander.reimelt@protonmail.ch>
 
-- Add librav1e support 
+- Add librav1e support
 
 -------------------------------------------------------------------
 Sun Jul 12 16:08:10 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
@@ -424,7 +603,7 @@ Fri Mar 31 00:41:22 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
 - Add Samba support for Factory (as this needs a fix in Samba itself)
   Add --enable-libsmbclient to configure, add BR on pkgconfig(smbclient)
 - License is now GPLv3+ by default (--enable-version3)
-  
+
 -------------------------------------------------------------------
 Mon Mar 30 07:14:39 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
 
@@ -553,6 +732,7 @@ Tue Aug  6 15:35:35 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
   * mov muxer writes tracks with unspecified language instead
     of English by default
   * added support for using clang to compile CUDA kernels
+  * avcodec/g729_parser: Check channels (CVE-2022-1475, bsc#1198898)
 - Drop ffmpeg-avcodec-libdav1d-AV1-decoder-wrapper.patch, merged
   upstream.
 - Rebase and rename
@@ -757,7 +937,6 @@ Tue Nov 06 01:39:11 UTC 2018 - sean@suspend.net
   remove cve-2017-17555.diff (fixed upstream).
 
 -------------------------------------------------------------------
-
 Sat Nov 03 14:48:35 UTC 2018 - sean@suspend.net
 
 - Remove 0001-avformat-fivenc-Check-audio-packet-size.patch (fixed upstream (bsc#8591d16)

ffmpeg-4.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package ffmpeg-4
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -57,7 +57,7 @@
 %bcond_with    x265
 %bcond_with    xvid
 
-%if 0%{?suse_version} > 1500
+%if 0%{?suse_version} > 1600
 %bcond_without libaom
 %bcond_without mysofa
 %bcond_without vidstab
@@ -73,6 +73,15 @@
 %bcond_without opencore
 %bcond_without xvid
 %else
+%if 0%{?suse_version} > 1500
+%bcond_without mysofa
+%bcond_without vidstab
+%bcond_without codec2
+%bcond_without rubberband
+%bcond_without vulkan
+%bcond_without amrwb
+%bcond_without opencore
+%else
 %bcond_with libaom
 %bcond_with mysofa
 %bcond_with vidstab
@@ -85,6 +94,7 @@
 %bcond_with zmq
 %bcond_with vulkan
 %endif
+%endif
 
 %if 0%{?suse_version} >= 1500
 %bcond_without zimg
@@ -98,7 +108,7 @@
 %define _major_version 4
 %define _major_expected 5
 Name:           ffmpeg-4
-Version:        4.4.4
+Version:        4.4.6
 Release:        0
 Summary:        Set of libraries for working with various multimedia formats
 License:        GPL-3.0-or-later
@@ -122,15 +132,17 @@ Patch5:         soversion.patch
 Patch9:         ffmpeg-4.4-CVE-2020-22046.patch
 Patch10:        ffmpeg-chromium.patch
 Patch11:        ffmpeg-libglslang-detection.patch
-Patch12:        0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
-Patch13:        0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
 Patch14:        ffmpeg-glslang-cxx17.patch
 Patch15:        0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
-Patch16:        0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
-Patch17:        ffmpeg-CVE-2023-49502.patch
-Patch18:        ffmpeg-CVE-2023-51793.patch
-Patch19:        0001-avfilter-af_stereowiden-Check-length.patch
-Patch20:        ffmpeg-CVE-2023-50010.patch
+Patch16:        0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
+Patch22:        ffmpeg-c99.patch
+Patch24:        ffmpeg-4-CVE-2024-35368.patch
+Patch25:        ffmpeg-4-CVE-2024-12361.patch
+Patch28:        ffmpeg-4-CVE-2025-25473.patch
+Patch29:        ffmpeg-4-CVE-2025-22921.patch
+Patch30:        ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
+Patch31:        ffmpeg-4-CVE-2024-36618.patch
+Patch32:        ffmpeg-4-CVE-2025-7700.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel

ffmpeg-CVE-2023-49502.patch

@@ -1,43 +0,0 @@
-From 737ede405b11a37fdd61d19cf25df296a0cb0b75
-From: Cosmin Stejerean <cosmin@cosmin.at>
-Date: Wed Dec 6 18:39:32 2023 +0800
-Subject: avfilter/bwdif: account for chroma sub-sampling in min size calculation
-References: https://bugzilla.opensuse.org/1223235
-References: CVE-2023-49502
-
-The current logic for detecting frames that are too small for the
-algorithm does not account for chroma sub-sampling, and so a sample
-where the luma plane is large enough, but the chroma planes are not
-will not be rejected. In that event, a heap overflow will occur.
-
-This change adjusts the logic to consider the chroma planes and makes
-the change to all three bwdif implementations.
-
-Fixes #10688
-
-Signed-off-by: Cosmin Stejerean <cosmin@cosmin.at>
-Reviewed-by: Thomas Mundt <tmundt75@gmail.com>
-Signed-off-by: Philip Langdale <philipl@overt.org>
-
-diff -Nura ffmpeg-4.4.4/libavfilter/vf_bwdif.c ffmpeg-4.4.4_new/libavfilter/vf_bwdif.c
---- ffmpeg-4.4.4/libavfilter/vf_bwdif.c	2023-04-13 02:01:50.000000000 +0800
-+++ ffmpeg-4.4.4_new/libavfilter/vf_bwdif.c	2024-04-26 02:21:48.162806014 +0800
-@@ -343,13 +343,14 @@
-     if(yadif->mode&1)
-         link->frame_rate = av_mul_q(link->src->inputs[0]->frame_rate, (AVRational){2,1});
- 
--    if (link->w < 3 || link->h < 4) {
--        av_log(ctx, AV_LOG_ERROR, "Video of less than 3 columns or 4 lines is not supported\n");
-+    yadif->csp = av_pix_fmt_desc_get(link->format);
-+    yadif->filter = filter;
-+
-+    if (AV_CEIL_RSHIFT(link->w, yadif->csp->log2_chroma_w) < 3 || AV_CEIL_RSHIFT(link->h, yadif->csp->log2_chroma_h) < 4) {
-+        av_log(ctx, AV_LOG_ERROR, "Video with planes less than 3 columns or 4 lines is not supported\n");
-         return AVERROR(EINVAL);
-     }
- 
--    yadif->csp = av_pix_fmt_desc_get(link->format);
--    yadif->filter = filter;
-     if (yadif->csp->comp[0].depth > 8) {
-         s->filter_intra = filter_intra_16bit;
-         s->filter_line  = filter_line_c_16bit;

ffmpeg-CVE-2023-50010.patch

@@ -1,30 +0,0 @@
-commit e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (20231224_CVE-2023-50010_e4d2666bdc3dbd177a81bbf428654a5f2fa3787a)
-Author: Michael Niedermayer <michael@niedermayer.cc>
-Date: Sun Dec 24 20:50:51 2023 +0100
-References: CVE-2023-50010
-References: https://bugzilla.opensuse.org/1172424
-
-avfilter/vf_gradfun: Do not overread last line
-
-The code works in steps of 2 lines and lacks support for odd height
-Implementing odd height support is better but for now this fixes the
-out of array access
-
-Fixes: out of array access
-Fixes: tickets/10702/poc6ffmpe
-
-Found-by: Zeng Yunxiang
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
-diff -Nura ffmpeg-4.4.4/libavfilter/vf_gradfun.c ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c
---- ffmpeg-4.4.4/libavfilter/vf_gradfun.c	2023-04-13 02:01:50.000000000 +0800
-+++ ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c	2024-05-07 19:32:05.287848683 +0800
-@@ -93,7 +93,7 @@
-     for (y = 0; y < r; y++)
-         ctx->blur_line(dc, buf + y * bstride, buf + (y - 1) * bstride, src + 2 * y * src_linesize, src_linesize, width / 2);
-     for (;;) {
--        if (y < height - r) {
-+        if (y + 1 < height - r) {
-             int mod = ((y + r) / 2) % r;
-             uint16_t *buf0 = buf + mod * bstride;
-             uint16_t *buf1 = buf + (mod ? mod - 1 : r - 1) * bstride;

ffmpeg-CVE-2023-51793.patch

@@ -1,57 +0,0 @@
-From 0ecc1f0e48930723d7a467761b66850811c23e62
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Fri Dec 22 12:31:35 2023 +0100
-Subject: avfilter/vf_weave: Fix odd height handling
-References: https://bugzilla.opensuse.org/1223272
-References: CVE-2023-51793
-    
-Fixes: out of array access
-Fixes: tickets/10743/poc10ffmpeg
-    
-Found-by: Zeng Yunxiang and Li Zeyuan
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
-diff -Nura ffmpeg-4.4.4/libavfilter/vf_weave.c ffmpeg-4.4.4_new/libavfilter/vf_weave.c
---- ffmpeg-4.4.4/libavfilter/vf_weave.c	2023-04-13 02:01:50.000000000 +0800
-+++ ffmpeg-4.4.4_new/libavfilter/vf_weave.c	2024-04-26 02:30:07.113807721 +0800
-@@ -30,6 +30,7 @@
-     int double_weave;
-     int nb_planes;
-     int planeheight[4];
-+    int outheight[4];
-     int linesize[4];
- 
-     AVFrame *prev;
-@@ -85,6 +86,9 @@
-     s->planeheight[1] = s->planeheight[2] = AV_CEIL_RSHIFT(inlink->h, desc->log2_chroma_h);
-     s->planeheight[0] = s->planeheight[3] = inlink->h;
- 
-+    s->outheight[1] = s->outheight[2] = AV_CEIL_RSHIFT(2*inlink->h, desc->log2_chroma_h);
-+    s->outheight[0] = s->outheight[3] = 2*inlink->h;
-+
-     s->nb_planes = av_pix_fmt_count_planes(inlink->format);
- 
-     return 0;
-@@ -110,19 +114,20 @@
-         const int height = s->planeheight[i];
-         const int start = (height * jobnr) / nb_jobs;
-         const int end = (height * (jobnr+1)) / nb_jobs;
-+        const int compensation = 2*end > s->outheight[i];
- 
-         av_image_copy_plane(out->data[i] + out->linesize[i] * field1 +
-                             out->linesize[i] * start * 2,
-                             out->linesize[i] * 2,
-                             in->data[i] + start * in->linesize[i],
-                             in->linesize[i],
--                            s->linesize[i], end - start);
-+                            s->linesize[i], end - start - compensation * field1);
-         av_image_copy_plane(out->data[i] + out->linesize[i] * field2 +
-                             out->linesize[i] * start * 2,
-                             out->linesize[i] * 2,
-                             s->prev->data[i] + start * s->prev->linesize[i],
-                             s->prev->linesize[i],
--                            s->linesize[i], end - start);
-+                            s->linesize[i], end - start - compensation * field2);
-     }
- 
-     return 0;

ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch

@@ -0,0 +1,36 @@
+commit e204846ec16c1ab34c7f3a681734cf5190433018
+Author: James Almer <jamrial@gmail.com>
+Date:   Fri Sep 3 13:50:32 2021 -0300
+
+    avcodec/libdav1d: fix compilation after recent libdav1d API changes
+
+    They were done in preparation for an upcoming 1.0 release.
+    Keep supporting previous releases for the time being.
+
+    Reviewed-by: BBB
+    Signed-off-by: James Almer <jamrial@gmail.com>
+
+--- a/libavcodec/libdav1d.c
++++ b/libavcodec/libdav1d.c
+@@ -202,6 +202,9 @@
+     Libdav1dContext *dav1d = c->priv_data;
+     Dav1dData *data = &dav1d->data;
+     Dav1dPicture pic = { 0 }, *p = &pic;
++#if FF_DAV1D_VERSION_AT_LEAST(5,1)
++    enum Dav1dEventFlags event_flags = 0;
++#endif
+     int res;
+
+     if (!data->sz) {
+@@ -280,6 +283,11 @@
+     frame->linesize[1] = p->stride[1];
+     frame->linesize[2] = p->stride[1];
+
++#if FF_DAV1D_VERSION_AT_LEAST(5,1)
++    dav1d_get_event_flags(dav1d->c, &event_flags);
++    if (c->pix_fmt == AV_PIX_FMT_NONE ||
++        event_flags & DAV1D_EVENT_FLAG_NEW_SEQUENCE)
++#endif
+     c->profile = p->seq_hdr->profile;
+     c->level = ((p->seq_hdr->operating_points[0].major_level - 2) << 2)
+                | p->seq_hdr->operating_points[0].minor_level;

ffmpeg-c99.patch

@@ -0,0 +1,37 @@
+From: Filip Kastl <fkastl@opensuse.org>
+Date: Fri, 26 Jul 2024 14:39:42 +0000
+
+I based the package patch on this bug report (there's a patch in
+the comments)
+https://bugs.gentoo.org/936433
+
+and on these patches
+https://ffmpeg.org/pipermail/ffmpeg-devel/2023-December/318685.html
+http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5860a966d2fffbbda1af0014f0a4d37a21c4f2ca
+
+Index: ffmpeg-4.4.4/libavutil/hwcontext_vaapi.c
+===================================================================
+--- ffmpeg-4.4.4.orig/libavutil/hwcontext_vaapi.c
++++ ffmpeg-4.4.4/libavutil/hwcontext_vaapi.c
+@@ -1032,7 +1032,7 @@ static int vaapi_map_from_drm(AVHWFrames
+     uint32_t va_fourcc;
+     int err, i, j, k;
+ 
+-    unsigned long buffer_handle;
++    uintptr_t buffer_handle;
+     VASurfaceAttribExternalBuffers buffer_desc;
+     VASurfaceAttrib attrs[2] = {
+         {
+Index: ffmpeg-4.4.4/libavutil/hwcontext_vulkan.c
+===================================================================
+--- ffmpeg-4.4.4.orig/libavutil/hwcontext_vulkan.c
++++ ffmpeg-4.4.4/libavutil/hwcontext_vulkan.c
+@@ -862,7 +862,7 @@ static void free_exec_ctx(AVHWFramesCont
+ 
+     av_freep(&cmd->queues);
+     av_freep(&cmd->bufs);
+-    cmd->pool = NULL;
++    cmd->pool = VK_NULL_HANDLE;
+ }
+ 
+ static VkCommandBuffer get_buf_exec_ctx(AVHWFramesContext *hwfc, VulkanExecCtx *cmd)