SHA256
1
0
forked from pool/ffmpeg-4

CVE-2024-32228 and CVE-2024-32230 fixes #1

Merged
jengelh merged 1 commits from :master into factory 2024-07-25 08:53:36 +02:00
12 changed files with 116 additions and 29 deletions

View File

@ -0,0 +1,38 @@
commit 459648761f5412acdc3317d5bac982ceaa257584
Author: Niklas Haas <git@haasn.dev>
Date: Sat Apr 6 13:11:09 2024 +0200
avcodec/hevcdec: fix segfault on invalid film grain metadata
Invalid input files may contain film grain metadata which survives
ff_h274_film_grain_params_supported() but does not pass
av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
Fix this by duplicating the av_film_grain_params_select() check at frame
init time.
An alternative solution here would be to defer the incompatibility check
to hevc_frame_end(), but this has the downside of allocating a film
grain buffer even when we already know we can't apply film grain.
Fixes: https://trac.ffmpeg.org/ticket/10951
--- ffmpeg-4.4.4/libavcodec/hevcdec.c
+++ ffmpeg-4.4.4_new/libavcodec/hevcdec.c
@@ -2931,6 +2931,16 @@
if (ret < 0)
goto fail;
+ if (s->ref->needs_fg &&
+ ( s->sei.common.film_grain_characteristics.present &&
+ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
+ s->ref->frame->format))
+ || !av_film_grain_params_select(s->ref->frame)) {
+ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
+ "Unsupported film grain parameters. Ignoring film grain.\n");
+ s->ref->needs_fg = 0;
+}
+
s->frame->pict_type = 3 - s->sh.slice_type;
if (!IS_IRAP(s))

View File

@ -0,0 +1,23 @@
commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon Apr 8 18:38:42 2024 +0200
avcodec/mpegvideo_enc: Fix 1 line and one column images
Fixes: Ticket10952
Fixes: poc21ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
--- ffmpeg-4.4.4/libavcodec/mpegvideo_enc.c
+++ ffmpeg-4.4.4_new/libavcodec/mpegvideo_enc.c
@@ -1263,8 +1263,8 @@
int dst_stride = i ? s->uvlinesize : s->linesize;
int h_shift = i ? h_chroma_shift : 0;
int v_shift = i ? v_chroma_shift : 0;
- int w = s->width >> h_shift;
- int h = s->height >> v_shift;
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
uint8_t *src = pic_arg->data[i];
uint8_t *dst = pic->f->data[i];
int vpad = 16;

Binary file not shown.

View File

@ -1,22 +1,49 @@
-------------------------------------------------------------------
Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-5-CVE-2024-32230.patch:
Backporting 96449cfe from upstream, Fix 1 line and one column images.
(CVE-2024-32230, bsc#1227296)
-------------------------------------------------------------------
Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-5-CVE-2024-32228.patch:
Backporting 45964876 from upstream, Fix segfault on invalid film
grain metadata.
(CVE-2024-32228, bsc#1227277)
-------------------------------------------------------------------
Tue Jul 2 11:28:10 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number)
ffmpeg-CVE-2023-50010.patch
0001-avfilter-af_stereowiden-Check-length.patch
ffmpeg-CVE-2023-51793.patch
ffmpeg-CVE-2023-49502.patch
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
ffmpeg-4.4-CVE-2020-22046.patch
-------------------------------------------------------------------
Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-50010.patch:
Backporting e4d2666b from upstream, fixes the out of array access.
(CVE-2023-50010 bsc#1223256)
(CVE-2023-50010, bsc#1223256)
-------------------------------------------------------------------
Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Add 0001-avfilter-af_stereowiden-Check-length.patch
[boo#1223437, CVE-2023-51794]
(boo#1223437, CVE-2023-51794)
-------------------------------------------------------------------
Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-51793.patch:
Backporting 0ecc1f0e from upstream, Fix odd height handling.
(CVE-2023-51793 bsc#1223272)
(CVE-2023-51793, bsc#1223272)
-------------------------------------------------------------------
Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@ -24,19 +51,19 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-49502.patch:
Backporting 737ede40 from upstream, account for chroma sub-sampling
in min size calculation.
(CVE-2023-49502 bsc#1223235)
(CVE-2023-49502, bsc#1223235)
-------------------------------------------------------------------
Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Address boo#1223304/CVE-2023-51798: add patch
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch:
(CVE-2023-51798, boo#1223304)
-------------------------------------------------------------------
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Address boo#1223070/CVE-2024-31578: add patch
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
(CVE-2024-31578, boo#1223070)
-------------------------------------------------------------------
Fri Feb 2 09:34:15 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
@ -613,7 +640,7 @@ Fri May 3 10:08:30 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
-------------------------------------------------------------------
Thu May 2 09:38:47 UTC 2019 - Martin Liška <mliska@suse.cz>
- Use %make_build in order to provide parallel build for tools/*.
- Usemake_build in order to provide parallel build for tools/*.
And make output verbose.
-------------------------------------------------------------------
@ -849,12 +876,12 @@ Wed Jul 18 12:13:38 UTC 2018 - tchvatal@suse.com
- Add new bconds to build on SLE12 backports project without
requiring extra packages:
* %bcond_without codec2
* %bcond_without bs2b
* %bcond_without lv2
* %bcond_without rubberband
* %bcond_without soxr
* %bcond_without zmq
*bcond_without codec2
*bcond_without bs2b
*bcond_without lv2
*bcond_without rubberband
*bcond_without soxr
*bcond_without zmq
-------------------------------------------------------------------
Fri Jul 6 10:54:14 UTC 2018 - tchvatal@suse.com
@ -941,7 +968,7 @@ Wed Jun 13 17:25:28 UTC 2018 - tchvatal@suse.com
Wed Jun 13 17:22:41 UTC 2018 - tchvatal@suse.com
- Prefix all the devel packages and conflict between releases
* Provide always the %version-%release of the respective build
* Provide always theversion-%release of the respective build
-------------------------------------------------------------------
Wed Jun 13 17:10:22 UTC 2018 - tchvatal@suse.com
@ -970,18 +997,18 @@ Sat Jun 2 11:51:05 UTC 2018 - 9+suse@cirno.systems
-------------------------------------------------------------------
Mon May 28 23:03:17 UTC 2018 - jengelh@inai.de
- Avoid double-nesting BUILD_ORIG with %withs.
- Avoid double-nesting BUILD_ORIG withwiths.
(Reintroduces with_opencore)
-------------------------------------------------------------------
Sun May 27 23:11:01 UTC 2018 - bjorn.lie@gmail.com
- Drop long obsolete and unused vo_aacenc %bcond_with.
- Drop long obsolete and unused vo_aacencbcond_with.
- Add conditional --enable-librtmp in build_orig part of spec,
conditional BuildRequires already in place.
- Drop opencore conditional, explicitly enable them for all
BUILD_ORIG builds.
- Drop conditional xvid %bcond_with, libxvidcore-devel
- Drop conditional xvidbcond_with, libxvidcore-devel
BuildRequires and --enable-libxvid call to configure: ffmpeg have
a fully capable mpeg4 encoder and decoder, avoid external
dependency.

View File

@ -104,9 +104,6 @@ Summary: Set of libraries for working with various multimedia formats
License: GPL-3.0-or-later
Group: Productivity/Multimedia/Video/Editors and Convertors
URL: https://ffmpeg.org/
#Freshcode-URL: http://freshcode.club/projects/ffmpeg
#Git-Clone: git://source.ffmpeg.org/ffmpeg
Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz
Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
Source3: ffmpeg-4-rpmlintrc
@ -119,18 +116,20 @@ Patch2: ffmpeg-new-coder-errors.diff
Patch3: ffmpeg-codec-choice.diff
Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch
Patch5: soversion.patch
Patch9: ffmpeg-4.4-CVE-2020-22046.patch
Patch9: ffmpeg-4-CVE-2020-22046.patch
Patch10: ffmpeg-chromium.patch
Patch11: ffmpeg-libglslang-detection.patch
Patch12: 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
Patch13: 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
Patch14: ffmpeg-glslang-cxx17.patch
Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
Patch16: 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
Patch17: ffmpeg-CVE-2023-49502.patch
Patch18: ffmpeg-CVE-2023-51793.patch
Patch19: 0001-avfilter-af_stereowiden-Check-length.patch
Patch20: ffmpeg-CVE-2023-50010.patch
Patch15: ffmpeg-4-CVE-2024-31578.patch
Patch16: ffmpeg-4-CVE-2023-51798.patch
Patch17: ffmpeg-4-CVE-2023-49502.patch
Patch18: ffmpeg-4-CVE-2023-51793.patch
Patch19: ffmpeg-4-CVE-2023-51794.patch
Patch20: ffmpeg-4-CVE-2023-50010.patch
Patch21: ffmpeg-4-CVE-2024-32228.patch
Patch22: ffmpeg-4-CVE-2024-32230.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel