Add ffmpeg-5-CVE-2024-32228.patch, ffmpeg-5-CVE-2024-32230.patch: backport fixes from upstream to fix CVE issues.

2024-07-24 20:34:56 +08:00 · 2024-07-24 20:34:56 +08:00 · 17435e0fdd
commit 17435e0fdd
parent 90ca7e24a6
12 changed files with 116 additions and 29 deletions
--- a/ffmpeg-4.4-CVE-2020-22046.patch
+++ b/ffmpeg-4.4-CVE-2020-22046.patch
--- a/ffmpeg-4-CVE-2023-49502.patch
+++ b/ffmpeg-4-CVE-2023-49502.patch
--- a/ffmpeg-4-CVE-2023-50010.patch
+++ b/ffmpeg-4-CVE-2023-50010.patch
--- a/ffmpeg-4-CVE-2023-51793.patch
+++ b/ffmpeg-4-CVE-2023-51793.patch
--- a/0001-avfilter-af_stereowiden-Check-length.patch
+++ b/0001-avfilter-af_stereowiden-Check-length.patch
--- a/0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
+++ b/0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
--- a/0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
+++ b/0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
--- a/ffmpeg-4-CVE-2024-32228.patch
+++ b/ffmpeg-4-CVE-2024-32228.patch
@ -0,0 +1,38 @@
+commit 459648761f5412acdc3317d5bac982ceaa257584
+Author: Niklas Haas <git@haasn.dev>
+Date:   Sat Apr 6 13:11:09 2024 +0200
+
+    avcodec/hevcdec: fix segfault on invalid film grain metadata
+    
+    Invalid input files may contain film grain metadata which survives
+    ff_h274_film_grain_params_supported() but does not pass
+    av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
+    
+    Fix this by duplicating the av_film_grain_params_select() check at frame
+    init time.
+    
+    An alternative solution here would be to defer the incompatibility check
+    to hevc_frame_end(), but this has the downside of allocating a film
+    grain buffer even when we already know we can't apply film grain.
+    
+    Fixes: https://trac.ffmpeg.org/ticket/10951
+
+--- ffmpeg-4.4.4/libavcodec/hevcdec.c
+++ ffmpeg-4.4.4_new/libavcodec/hevcdec.c
+@@ -2931,6 +2931,16 @@
+     if (ret < 0)
+         goto fail;
+ 
+    if (s->ref->needs_fg &&
+        ( s->sei.common.film_grain_characteristics.present &&
+          !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
+                                             s->ref->frame->format))
+          || !av_film_grain_params_select(s->ref->frame)) {
+        av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
+                    "Unsupported film grain parameters. Ignoring film grain.\n");
+        s->ref->needs_fg = 0;
+}
+
+     s->frame->pict_type = 3 - s->sh.slice_type;
+ 
+     if (!IS_IRAP(s))
--- a/ffmpeg-4-CVE-2024-32230.patch
+++ b/ffmpeg-4-CVE-2024-32230.patch
@ -0,0 +1,23 @@
+commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
+Author: Michael Niedermayer <michael@niedermayer.cc>
+Date:   Mon Apr 8 18:38:42 2024 +0200
+
+    avcodec/mpegvideo_enc: Fix 1 line and one column images
+    
+    Fixes: Ticket10952
+    Fixes: poc21ffmpeg
+    Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+--- ffmpeg-4.4.4/libavcodec/mpegvideo_enc.c
+++ ffmpeg-4.4.4_new/libavcodec/mpegvideo_enc.c
+@@ -1263,8 +1263,8 @@
+                     int dst_stride = i ? s->uvlinesize : s->linesize;
+                     int h_shift = i ? h_chroma_shift : 0;
+                     int v_shift = i ? v_chroma_shift : 0;
+-                    int w = s->width  >> h_shift;
+-                    int h = s->height >> v_shift;
+                    int w = AV_CEIL_RSHIFT(s->width , h_shift);
+                    int h = AV_CEIL_RSHIFT(s->height, v_shift);
+                     uint8_t *src = pic_arg->data[i];
+                     uint8_t *dst = pic->f->data[i];
+                     int vpad = 16;
--- a/ffmpeg-4.4.4.tar.xz
+++ b/ffmpeg-4.4.4.tar.xz
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@ -1,22 +1,49 @@
+-------------------------------------------------------------------
+Tue Jul  2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-32230.patch:
+  Backporting 96449cfe from upstream, Fix 1 line and one column images.
+  (CVE-2024-32230, bsc#1227296)
+
+-------------------------------------------------------------------
+Tue Jul  2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-32228.patch:
+  Backporting 45964876 from upstream, Fix segfault on invalid film
+  grain metadata.
+  (CVE-2024-32228, bsc#1227277)
+
+-------------------------------------------------------------------
+Tue Jul  2 11:28:10 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number)
+  ffmpeg-CVE-2023-50010.patch
+  0001-avfilter-af_stereowiden-Check-length.patch
+  ffmpeg-CVE-2023-51793.patch
+  ffmpeg-CVE-2023-49502.patch
+  0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
+  0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
+  ffmpeg-4.4-CVE-2020-22046.patch
+
 -------------------------------------------------------------------
 Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>

 - Add ffmpeg-CVE-2023-50010.patch:
  Backporting e4d2666b from upstream, fixes the out of array access.
-  (CVE-2023-50010 bsc#1223256)
+  (CVE-2023-50010, bsc#1223256)

 -------------------------------------------------------------------
 Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

 - Add 0001-avfilter-af_stereowiden-Check-length.patch
-  [boo#1223437, CVE-2023-51794]
+  (boo#1223437, CVE-2023-51794)

 -------------------------------------------------------------------
 Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>

 - Add ffmpeg-CVE-2023-51793.patch:
  Backporting 0ecc1f0e from upstream, Fix odd height handling.
-  (CVE-2023-51793 bsc#1223272)
+  (CVE-2023-51793, bsc#1223272)

 -------------------------------------------------------------------
 Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@ -24,19 +51,19 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-CVE-2023-49502.patch:
  Backporting 737ede40 from upstream, account for chroma sub-sampling
  in min size calculation.
-  (CVE-2023-49502 bsc#1223235)
+  (CVE-2023-49502, bsc#1223235)

 -------------------------------------------------------------------
 Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

- Address boo#1223304/CVE-2023-51798: add patch
-  0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
+- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch:
+  (CVE-2023-51798, boo#1223304)

 -------------------------------------------------------------------
 Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

- Address boo#1223070/CVE-2024-31578: add patch
-  0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
+- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
+  (CVE-2024-31578, boo#1223070)

 -------------------------------------------------------------------
 Fri Feb  2 09:34:15 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
@ -613,7 +640,7 @@ Fri May  3 10:08:30 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
 -------------------------------------------------------------------
 Thu May  2 09:38:47 UTC 2019 - Martin Liška <mliska@suse.cz>

- Use %make_build in order to provide parallel build for tools/*.
+- Usemake_build in order to provide parallel build for tools/*.
  And make output verbose.

 -------------------------------------------------------------------
@ -849,12 +876,12 @@ Wed Jul 18 12:13:38 UTC 2018 - tchvatal@suse.com

 - Add new bconds to build on SLE12 backports project without
  requiring extra packages:
-  * %bcond_without codec2
-  * %bcond_without bs2b
-  * %bcond_without lv2
-  * %bcond_without rubberband
-  * %bcond_without soxr
-  * %bcond_without zmq
+  *bcond_without codec2
+  *bcond_without bs2b
+  *bcond_without lv2
+  *bcond_without rubberband
+  *bcond_without soxr
+  *bcond_without zmq

 -------------------------------------------------------------------
 Fri Jul  6 10:54:14 UTC 2018 - tchvatal@suse.com
@ -941,7 +968,7 @@ Wed Jun 13 17:25:28 UTC 2018 - tchvatal@suse.com
 Wed Jun 13 17:22:41 UTC 2018 - tchvatal@suse.com

 - Prefix all the devel packages and conflict between releases
-  * Provide always the %version-%release of the respective build
+  * Provide always theversion-%release of the respective build

 -------------------------------------------------------------------
 Wed Jun 13 17:10:22 UTC 2018 - tchvatal@suse.com
@ -970,18 +997,18 @@ Sat Jun  2 11:51:05 UTC 2018 - 9+suse@cirno.systems
 -------------------------------------------------------------------
 Mon May 28 23:03:17 UTC 2018 - jengelh@inai.de

- Avoid double-nesting BUILD_ORIG with %withs.
+- Avoid double-nesting BUILD_ORIG withwiths.
  (Reintroduces with_opencore)

 -------------------------------------------------------------------
 Sun May 27 23:11:01 UTC 2018 - bjorn.lie@gmail.com

- Drop long obsolete and unused vo_aacenc %bcond_with.
+- Drop long obsolete and unused vo_aacencbcond_with.
 - Add conditional --enable-librtmp in build_orig part of spec,
  conditional BuildRequires already in place.
 - Drop opencore conditional, explicitly enable them for all
  BUILD_ORIG builds.
- Drop conditional xvid %bcond_with, libxvidcore-devel
+- Drop conditional xvidbcond_with, libxvidcore-devel
  BuildRequires and --enable-libxvid call to configure: ffmpeg have
  a fully capable mpeg4 encoder and decoder, avoid external
  dependency.
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@ -104,9 +104,6 @@ Summary:        Set of libraries for working with various multimedia formats
 License:        GPL-3.0-or-later
 Group:          Productivity/Multimedia/Video/Editors and Convertors
 URL:            https://ffmpeg.org/
-
-#Freshcode-URL:    http://freshcode.club/projects/ffmpeg
-#Git-Clone:     git://source.ffmpeg.org/ffmpeg
 Source:         https://www.ffmpeg.org/releases/%_name-%version.tar.xz
 Source2:        https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
 Source3:        ffmpeg-4-rpmlintrc
@ -119,18 +116,20 @@ Patch2:         ffmpeg-new-coder-errors.diff
 Patch3:         ffmpeg-codec-choice.diff
 Patch4:         ffmpeg-4.2-dlopen-fdk_aac.patch
 Patch5:         soversion.patch
-Patch9:         ffmpeg-4.4-CVE-2020-22046.patch
+Patch9:         ffmpeg-4-CVE-2020-22046.patch
 Patch10:        ffmpeg-chromium.patch
 Patch11:        ffmpeg-libglslang-detection.patch
 Patch12:        0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
 Patch13:        0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
 Patch14:        ffmpeg-glslang-cxx17.patch
-Patch15:        0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
-Patch16:        0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
-Patch17:        ffmpeg-CVE-2023-49502.patch
-Patch18:        ffmpeg-CVE-2023-51793.patch
-Patch19:        0001-avfilter-af_stereowiden-Check-length.patch
-Patch20:        ffmpeg-CVE-2023-50010.patch
+Patch15:        ffmpeg-4-CVE-2024-31578.patch
+Patch16:        ffmpeg-4-CVE-2023-51798.patch
+Patch17:        ffmpeg-4-CVE-2023-49502.patch
+Patch18:        ffmpeg-4-CVE-2023-51793.patch
+Patch19:        ffmpeg-4-CVE-2023-51794.patch
+Patch20:        ffmpeg-4-CVE-2023-50010.patch
+Patch21:        ffmpeg-4-CVE-2024-32228.patch
+Patch22:        ffmpeg-4-CVE-2024-32230.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel