forked from pool/ffmpeg-4
CVE-2024-32228 and CVE-2024-32230 fixes #1
38
ffmpeg-4-CVE-2024-32228.patch
Normal file
38
ffmpeg-4-CVE-2024-32228.patch
Normal file
@ -0,0 +1,38 @@
|
||||
commit 459648761f5412acdc3317d5bac982ceaa257584
|
||||
Author: Niklas Haas <git@haasn.dev>
|
||||
Date: Sat Apr 6 13:11:09 2024 +0200
|
||||
|
||||
avcodec/hevcdec: fix segfault on invalid film grain metadata
|
||||
|
||||
Invalid input files may contain film grain metadata which survives
|
||||
ff_h274_film_grain_params_supported() but does not pass
|
||||
av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
|
||||
|
||||
Fix this by duplicating the av_film_grain_params_select() check at frame
|
||||
init time.
|
||||
|
||||
An alternative solution here would be to defer the incompatibility check
|
||||
to hevc_frame_end(), but this has the downside of allocating a film
|
||||
grain buffer even when we already know we can't apply film grain.
|
||||
|
||||
Fixes: https://trac.ffmpeg.org/ticket/10951
|
||||
|
||||
--- ffmpeg-4.4.4/libavcodec/hevcdec.c
|
||||
+++ ffmpeg-4.4.4_new/libavcodec/hevcdec.c
|
||||
@@ -2931,6 +2931,16 @@
|
||||
if (ret < 0)
|
||||
goto fail;
|
||||
|
||||
+ if (s->ref->needs_fg &&
|
||||
+ ( s->sei.common.film_grain_characteristics.present &&
|
||||
+ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
|
||||
+ s->ref->frame->format))
|
||||
+ || !av_film_grain_params_select(s->ref->frame)) {
|
||||
+ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
|
||||
+ "Unsupported film grain parameters. Ignoring film grain.\n");
|
||||
+ s->ref->needs_fg = 0;
|
||||
+}
|
||||
+
|
||||
s->frame->pict_type = 3 - s->sh.slice_type;
|
||||
|
||||
if (!IS_IRAP(s))
|
23
ffmpeg-4-CVE-2024-32230.patch
Normal file
23
ffmpeg-4-CVE-2024-32230.patch
Normal file
@ -0,0 +1,23 @@
|
||||
commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
|
||||
Author: Michael Niedermayer <michael@niedermayer.cc>
|
||||
Date: Mon Apr 8 18:38:42 2024 +0200
|
||||
|
||||
avcodec/mpegvideo_enc: Fix 1 line and one column images
|
||||
|
||||
Fixes: Ticket10952
|
||||
Fixes: poc21ffmpeg
|
||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||
|
||||
--- ffmpeg-4.4.4/libavcodec/mpegvideo_enc.c
|
||||
+++ ffmpeg-4.4.4_new/libavcodec/mpegvideo_enc.c
|
||||
@@ -1263,8 +1263,8 @@
|
||||
int dst_stride = i ? s->uvlinesize : s->linesize;
|
||||
int h_shift = i ? h_chroma_shift : 0;
|
||||
int v_shift = i ? v_chroma_shift : 0;
|
||||
- int w = s->width >> h_shift;
|
||||
- int h = s->height >> v_shift;
|
||||
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
|
||||
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
|
||||
uint8_t *src = pic_arg->data[i];
|
||||
uint8_t *dst = pic->f->data[i];
|
||||
int vpad = 16;
|
Binary file not shown.
@ -1,22 +1,49 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-5-CVE-2024-32230.patch:
|
||||
Backporting 96449cfe from upstream, Fix 1 line and one column images.
|
||||
(CVE-2024-32230, bsc#1227296)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-5-CVE-2024-32228.patch:
|
||||
Backporting 45964876 from upstream, Fix segfault on invalid film
|
||||
grain metadata.
|
||||
(CVE-2024-32228, bsc#1227277)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 11:28:10 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number)
|
||||
ffmpeg-CVE-2023-50010.patch
|
||||
0001-avfilter-af_stereowiden-Check-length.patch
|
||||
ffmpeg-CVE-2023-51793.patch
|
||||
ffmpeg-CVE-2023-49502.patch
|
||||
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
|
||||
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
|
||||
ffmpeg-4.4-CVE-2020-22046.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-CVE-2023-50010.patch:
|
||||
Backporting e4d2666b from upstream, fixes the out of array access.
|
||||
(CVE-2023-50010 bsc#1223256)
|
||||
(CVE-2023-50010, bsc#1223256)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Add 0001-avfilter-af_stereowiden-Check-length.patch
|
||||
[boo#1223437, CVE-2023-51794]
|
||||
(boo#1223437, CVE-2023-51794)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-CVE-2023-51793.patch:
|
||||
Backporting 0ecc1f0e from upstream, Fix odd height handling.
|
||||
(CVE-2023-51793 bsc#1223272)
|
||||
(CVE-2023-51793, bsc#1223272)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
@ -24,19 +51,19 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
- Add ffmpeg-CVE-2023-49502.patch:
|
||||
Backporting 737ede40 from upstream, account for chroma sub-sampling
|
||||
in min size calculation.
|
||||
(CVE-2023-49502 bsc#1223235)
|
||||
(CVE-2023-49502, bsc#1223235)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Address boo#1223304/CVE-2023-51798: add patch
|
||||
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
|
||||
- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch:
|
||||
(CVE-2023-51798, boo#1223304)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Address boo#1223070/CVE-2024-31578: add patch
|
||||
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
|
||||
- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
|
||||
(CVE-2024-31578, boo#1223070)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 2 09:34:15 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
|
||||
@ -613,7 +640,7 @@ Fri May 3 10:08:30 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||
-------------------------------------------------------------------
|
||||
Thu May 2 09:38:47 UTC 2019 - Martin Liška <mliska@suse.cz>
|
||||
|
||||
- Use %make_build in order to provide parallel build for tools/*.
|
||||
- Usemake_build in order to provide parallel build for tools/*.
|
||||
And make output verbose.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
@ -849,12 +876,12 @@ Wed Jul 18 12:13:38 UTC 2018 - tchvatal@suse.com
|
||||
|
||||
- Add new bconds to build on SLE12 backports project without
|
||||
requiring extra packages:
|
||||
* %bcond_without codec2
|
||||
* %bcond_without bs2b
|
||||
* %bcond_without lv2
|
||||
* %bcond_without rubberband
|
||||
* %bcond_without soxr
|
||||
* %bcond_without zmq
|
||||
*bcond_without codec2
|
||||
*bcond_without bs2b
|
||||
*bcond_without lv2
|
||||
*bcond_without rubberband
|
||||
*bcond_without soxr
|
||||
*bcond_without zmq
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 6 10:54:14 UTC 2018 - tchvatal@suse.com
|
||||
@ -941,7 +968,7 @@ Wed Jun 13 17:25:28 UTC 2018 - tchvatal@suse.com
|
||||
Wed Jun 13 17:22:41 UTC 2018 - tchvatal@suse.com
|
||||
|
||||
- Prefix all the devel packages and conflict between releases
|
||||
* Provide always the %version-%release of the respective build
|
||||
* Provide always theversion-%release of the respective build
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 13 17:10:22 UTC 2018 - tchvatal@suse.com
|
||||
@ -970,18 +997,18 @@ Sat Jun 2 11:51:05 UTC 2018 - 9+suse@cirno.systems
|
||||
-------------------------------------------------------------------
|
||||
Mon May 28 23:03:17 UTC 2018 - jengelh@inai.de
|
||||
|
||||
- Avoid double-nesting BUILD_ORIG with %withs.
|
||||
- Avoid double-nesting BUILD_ORIG withwiths.
|
||||
(Reintroduces with_opencore)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun May 27 23:11:01 UTC 2018 - bjorn.lie@gmail.com
|
||||
|
||||
- Drop long obsolete and unused vo_aacenc %bcond_with.
|
||||
- Drop long obsolete and unused vo_aacencbcond_with.
|
||||
- Add conditional --enable-librtmp in build_orig part of spec,
|
||||
conditional BuildRequires already in place.
|
||||
- Drop opencore conditional, explicitly enable them for all
|
||||
BUILD_ORIG builds.
|
||||
- Drop conditional xvid %bcond_with, libxvidcore-devel
|
||||
- Drop conditional xvidbcond_with, libxvidcore-devel
|
||||
BuildRequires and --enable-libxvid call to configure: ffmpeg have
|
||||
a fully capable mpeg4 encoder and decoder, avoid external
|
||||
dependency.
|
||||
|
@ -104,9 +104,6 @@ Summary: Set of libraries for working with various multimedia formats
|
||||
License: GPL-3.0-or-later
|
||||
Group: Productivity/Multimedia/Video/Editors and Convertors
|
||||
URL: https://ffmpeg.org/
|
||||
|
||||
#Freshcode-URL: http://freshcode.club/projects/ffmpeg
|
||||
#Git-Clone: git://source.ffmpeg.org/ffmpeg
|
||||
Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz
|
||||
Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
|
||||
Source3: ffmpeg-4-rpmlintrc
|
||||
@ -119,18 +116,20 @@ Patch2: ffmpeg-new-coder-errors.diff
|
||||
Patch3: ffmpeg-codec-choice.diff
|
||||
Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch
|
||||
Patch5: soversion.patch
|
||||
Patch9: ffmpeg-4.4-CVE-2020-22046.patch
|
||||
Patch9: ffmpeg-4-CVE-2020-22046.patch
|
||||
Patch10: ffmpeg-chromium.patch
|
||||
Patch11: ffmpeg-libglslang-detection.patch
|
||||
Patch12: 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
|
||||
Patch13: 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
|
||||
Patch14: ffmpeg-glslang-cxx17.patch
|
||||
Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
|
||||
Patch16: 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
|
||||
Patch17: ffmpeg-CVE-2023-49502.patch
|
||||
Patch18: ffmpeg-CVE-2023-51793.patch
|
||||
Patch19: 0001-avfilter-af_stereowiden-Check-length.patch
|
||||
Patch20: ffmpeg-CVE-2023-50010.patch
|
||||
Patch15: ffmpeg-4-CVE-2024-31578.patch
|
||||
Patch16: ffmpeg-4-CVE-2023-51798.patch
|
||||
Patch17: ffmpeg-4-CVE-2023-49502.patch
|
||||
Patch18: ffmpeg-4-CVE-2023-51793.patch
|
||||
Patch19: ffmpeg-4-CVE-2023-51794.patch
|
||||
Patch20: ffmpeg-4-CVE-2023-50010.patch
|
||||
Patch21: ffmpeg-4-CVE-2024-32228.patch
|
||||
Patch22: ffmpeg-4-CVE-2024-32230.patch
|
||||
BuildRequires: ladspa-devel
|
||||
BuildRequires: libgsm-devel
|
||||
BuildRequires: libmp3lame-devel
|
||||
|
Loading…
Reference in New Issue
Block a user