diff --git a/ffmpeg-4.4-CVE-2020-22046.patch b/ffmpeg-4-CVE-2020-22046.patch similarity index 100% rename from ffmpeg-4.4-CVE-2020-22046.patch rename to ffmpeg-4-CVE-2020-22046.patch diff --git a/ffmpeg-CVE-2023-49502.patch b/ffmpeg-4-CVE-2023-49502.patch similarity index 100% rename from ffmpeg-CVE-2023-49502.patch rename to ffmpeg-4-CVE-2023-49502.patch diff --git a/ffmpeg-CVE-2023-50010.patch b/ffmpeg-4-CVE-2023-50010.patch similarity index 100% rename from ffmpeg-CVE-2023-50010.patch rename to ffmpeg-4-CVE-2023-50010.patch diff --git a/ffmpeg-CVE-2023-51793.patch b/ffmpeg-4-CVE-2023-51793.patch similarity index 100% rename from ffmpeg-CVE-2023-51793.patch rename to ffmpeg-4-CVE-2023-51793.patch diff --git a/0001-avfilter-af_stereowiden-Check-length.patch b/ffmpeg-4-CVE-2023-51794.patch similarity index 100% rename from 0001-avfilter-af_stereowiden-Check-length.patch rename to ffmpeg-4-CVE-2023-51794.patch diff --git a/0001-avfilter-vf_minterpolate-Check-pts-before-division.patch b/ffmpeg-4-CVE-2023-51798.patch similarity index 100% rename from 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch rename to ffmpeg-4-CVE-2023-51798.patch diff --git a/0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch b/ffmpeg-4-CVE-2024-31578.patch similarity index 100% rename from 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch rename to ffmpeg-4-CVE-2024-31578.patch diff --git a/ffmpeg-4-CVE-2024-32228.patch b/ffmpeg-4-CVE-2024-32228.patch new file mode 100644 index 0000000..768d77b --- /dev/null +++ b/ffmpeg-4-CVE-2024-32228.patch @@ -0,0 +1,38 @@ +commit 459648761f5412acdc3317d5bac982ceaa257584 +Author: Niklas Haas +Date: Sat Apr 6 13:11:09 2024 +0200 + + avcodec/hevcdec: fix segfault on invalid film grain metadata + + Invalid input files may contain film grain metadata which survives + ff_h274_film_grain_params_supported() but does not pass + av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end(). + + Fix this by duplicating the av_film_grain_params_select() check at frame + init time. + + An alternative solution here would be to defer the incompatibility check + to hevc_frame_end(), but this has the downside of allocating a film + grain buffer even when we already know we can't apply film grain. + + Fixes: https://trac.ffmpeg.org/ticket/10951 + +--- ffmpeg-4.4.4/libavcodec/hevcdec.c ++++ ffmpeg-4.4.4_new/libavcodec/hevcdec.c +@@ -2931,6 +2931,16 @@ + if (ret < 0) + goto fail; + ++ if (s->ref->needs_fg && ++ ( s->sei.common.film_grain_characteristics.present && ++ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, ++ s->ref->frame->format)) ++ || !av_film_grain_params_select(s->ref->frame)) { ++ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown, ++ "Unsupported film grain parameters. Ignoring film grain.\n"); ++ s->ref->needs_fg = 0; ++} ++ + s->frame->pict_type = 3 - s->sh.slice_type; + + if (!IS_IRAP(s)) diff --git a/ffmpeg-4-CVE-2024-32230.patch b/ffmpeg-4-CVE-2024-32230.patch new file mode 100644 index 0000000..c4058f0 --- /dev/null +++ b/ffmpeg-4-CVE-2024-32230.patch @@ -0,0 +1,23 @@ +commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 +Author: Michael Niedermayer +Date: Mon Apr 8 18:38:42 2024 +0200 + + avcodec/mpegvideo_enc: Fix 1 line and one column images + + Fixes: Ticket10952 + Fixes: poc21ffmpeg + Signed-off-by: Michael Niedermayer + +--- ffmpeg-4.4.4/libavcodec/mpegvideo_enc.c ++++ ffmpeg-4.4.4_new/libavcodec/mpegvideo_enc.c +@@ -1263,8 +1263,8 @@ + int dst_stride = i ? s->uvlinesize : s->linesize; + int h_shift = i ? h_chroma_shift : 0; + int v_shift = i ? v_chroma_shift : 0; +- int w = s->width >> h_shift; +- int h = s->height >> v_shift; ++ int w = AV_CEIL_RSHIFT(s->width , h_shift); ++ int h = AV_CEIL_RSHIFT(s->height, v_shift); + uint8_t *src = pic_arg->data[i]; + uint8_t *dst = pic->f->data[i]; + int vpad = 16; diff --git a/ffmpeg-4.4.4.tar.xz b/ffmpeg-4.4.4.tar.xz index 0034acb..9a7e676 100644 Binary files a/ffmpeg-4.4.4.tar.xz and b/ffmpeg-4.4.4.tar.xz differ diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index 814e821..65eef3c 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -1,22 +1,49 @@ +------------------------------------------------------------------- +Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao + +- Add ffmpeg-5-CVE-2024-32230.patch: + Backporting 96449cfe from upstream, Fix 1 line and one column images. + (CVE-2024-32230, bsc#1227296) + +------------------------------------------------------------------- +Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao + +- Add ffmpeg-5-CVE-2024-32228.patch: + Backporting 45964876 from upstream, Fix segfault on invalid film + grain metadata. + (CVE-2024-32228, bsc#1227277) + +------------------------------------------------------------------- +Tue Jul 2 11:28:10 UTC 2024 - Cliff Zhao + +- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number) + ffmpeg-CVE-2023-50010.patch + 0001-avfilter-af_stereowiden-Check-length.patch + ffmpeg-CVE-2023-51793.patch + ffmpeg-CVE-2023-49502.patch + 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch + 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch + ffmpeg-4.4-CVE-2020-22046.patch + ------------------------------------------------------------------- Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao - Add ffmpeg-CVE-2023-50010.patch: Backporting e4d2666b from upstream, fixes the out of array access. - (CVE-2023-50010 bsc#1223256) + (CVE-2023-50010, bsc#1223256) ------------------------------------------------------------------- Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt - Add 0001-avfilter-af_stereowiden-Check-length.patch - [boo#1223437, CVE-2023-51794] + (boo#1223437, CVE-2023-51794) ------------------------------------------------------------------- Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao - Add ffmpeg-CVE-2023-51793.patch: Backporting 0ecc1f0e from upstream, Fix odd height handling. - (CVE-2023-51793 bsc#1223272) + (CVE-2023-51793, bsc#1223272) ------------------------------------------------------------------- Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao @@ -24,19 +51,19 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao - Add ffmpeg-CVE-2023-49502.patch: Backporting 737ede40 from upstream, account for chroma sub-sampling in min size calculation. - (CVE-2023-49502 bsc#1223235) + (CVE-2023-49502, bsc#1223235) ------------------------------------------------------------------- Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt -- Address boo#1223304/CVE-2023-51798: add patch - 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch +- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch: + (CVE-2023-51798, boo#1223304) ------------------------------------------------------------------- Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt -- Address boo#1223070/CVE-2024-31578: add patch - 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch +- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch + (CVE-2024-31578, boo#1223070) ------------------------------------------------------------------- Fri Feb 2 09:34:15 UTC 2024 - Stefan Dirsch @@ -613,7 +640,7 @@ Fri May 3 10:08:30 UTC 2019 - Jan Engelhardt ------------------------------------------------------------------- Thu May 2 09:38:47 UTC 2019 - Martin Liška -- Use %make_build in order to provide parallel build for tools/*. +- Usemake_build in order to provide parallel build for tools/*. And make output verbose. ------------------------------------------------------------------- @@ -849,12 +876,12 @@ Wed Jul 18 12:13:38 UTC 2018 - tchvatal@suse.com - Add new bconds to build on SLE12 backports project without requiring extra packages: - * %bcond_without codec2 - * %bcond_without bs2b - * %bcond_without lv2 - * %bcond_without rubberband - * %bcond_without soxr - * %bcond_without zmq + *bcond_without codec2 + *bcond_without bs2b + *bcond_without lv2 + *bcond_without rubberband + *bcond_without soxr + *bcond_without zmq ------------------------------------------------------------------- Fri Jul 6 10:54:14 UTC 2018 - tchvatal@suse.com @@ -941,7 +968,7 @@ Wed Jun 13 17:25:28 UTC 2018 - tchvatal@suse.com Wed Jun 13 17:22:41 UTC 2018 - tchvatal@suse.com - Prefix all the devel packages and conflict between releases - * Provide always the %version-%release of the respective build + * Provide always theversion-%release of the respective build ------------------------------------------------------------------- Wed Jun 13 17:10:22 UTC 2018 - tchvatal@suse.com @@ -970,18 +997,18 @@ Sat Jun 2 11:51:05 UTC 2018 - 9+suse@cirno.systems ------------------------------------------------------------------- Mon May 28 23:03:17 UTC 2018 - jengelh@inai.de -- Avoid double-nesting BUILD_ORIG with %withs. +- Avoid double-nesting BUILD_ORIG withwiths. (Reintroduces with_opencore) ------------------------------------------------------------------- Sun May 27 23:11:01 UTC 2018 - bjorn.lie@gmail.com -- Drop long obsolete and unused vo_aacenc %bcond_with. +- Drop long obsolete and unused vo_aacencbcond_with. - Add conditional --enable-librtmp in build_orig part of spec, conditional BuildRequires already in place. - Drop opencore conditional, explicitly enable them for all BUILD_ORIG builds. -- Drop conditional xvid %bcond_with, libxvidcore-devel +- Drop conditional xvidbcond_with, libxvidcore-devel BuildRequires and --enable-libxvid call to configure: ffmpeg have a fully capable mpeg4 encoder and decoder, avoid external dependency. diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index 4d4cb05..c901a28 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -104,9 +104,6 @@ Summary: Set of libraries for working with various multimedia formats License: GPL-3.0-or-later Group: Productivity/Multimedia/Video/Editors and Convertors URL: https://ffmpeg.org/ - -#Freshcode-URL: http://freshcode.club/projects/ffmpeg -#Git-Clone: git://source.ffmpeg.org/ffmpeg Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc Source3: ffmpeg-4-rpmlintrc @@ -119,18 +116,20 @@ Patch2: ffmpeg-new-coder-errors.diff Patch3: ffmpeg-codec-choice.diff Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch Patch5: soversion.patch -Patch9: ffmpeg-4.4-CVE-2020-22046.patch +Patch9: ffmpeg-4-CVE-2020-22046.patch Patch10: ffmpeg-chromium.patch Patch11: ffmpeg-libglslang-detection.patch Patch12: 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch Patch13: 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch Patch14: ffmpeg-glslang-cxx17.patch -Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch -Patch16: 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch -Patch17: ffmpeg-CVE-2023-49502.patch -Patch18: ffmpeg-CVE-2023-51793.patch -Patch19: 0001-avfilter-af_stereowiden-Check-length.patch -Patch20: ffmpeg-CVE-2023-50010.patch +Patch15: ffmpeg-4-CVE-2024-31578.patch +Patch16: ffmpeg-4-CVE-2023-51798.patch +Patch17: ffmpeg-4-CVE-2023-49502.patch +Patch18: ffmpeg-4-CVE-2023-51793.patch +Patch19: ffmpeg-4-CVE-2023-51794.patch +Patch20: ffmpeg-4-CVE-2023-50010.patch +Patch21: ffmpeg-4-CVE-2024-32228.patch +Patch22: ffmpeg-4-CVE-2024-32230.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel