SHA256
1
0
forked from pool/ffmpeg-4

CVE-2024-32228 and CVE-2024-32230 fixes #1

Merged
jengelh merged 1 commits from :master into factory 2024-07-25 08:53:36 +02:00
12 changed files with 116 additions and 29 deletions

View File

@ -0,0 +1,38 @@
commit 459648761f5412acdc3317d5bac982ceaa257584
Author: Niklas Haas <git@haasn.dev>
Date: Sat Apr 6 13:11:09 2024 +0200
avcodec/hevcdec: fix segfault on invalid film grain metadata
Invalid input files may contain film grain metadata which survives
ff_h274_film_grain_params_supported() but does not pass
av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
Fix this by duplicating the av_film_grain_params_select() check at frame
init time.
An alternative solution here would be to defer the incompatibility check
to hevc_frame_end(), but this has the downside of allocating a film
grain buffer even when we already know we can't apply film grain.
Fixes: https://trac.ffmpeg.org/ticket/10951
--- ffmpeg-4.4.4/libavcodec/hevcdec.c
+++ ffmpeg-4.4.4_new/libavcodec/hevcdec.c
@@ -2931,6 +2931,16 @@
if (ret < 0)
goto fail;
+ if (s->ref->needs_fg &&
+ ( s->sei.common.film_grain_characteristics.present &&
+ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
+ s->ref->frame->format))
+ || !av_film_grain_params_select(s->ref->frame)) {
+ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
+ "Unsupported film grain parameters. Ignoring film grain.\n");
+ s->ref->needs_fg = 0;
+}
+
s->frame->pict_type = 3 - s->sh.slice_type;
if (!IS_IRAP(s))

View File

@ -0,0 +1,23 @@
commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon Apr 8 18:38:42 2024 +0200
avcodec/mpegvideo_enc: Fix 1 line and one column images
Fixes: Ticket10952
Fixes: poc21ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
--- ffmpeg-4.4.4/libavcodec/mpegvideo_enc.c
+++ ffmpeg-4.4.4_new/libavcodec/mpegvideo_enc.c
@@ -1263,8 +1263,8 @@
int dst_stride = i ? s->uvlinesize : s->linesize;
int h_shift = i ? h_chroma_shift : 0;
int v_shift = i ? v_chroma_shift : 0;
- int w = s->width >> h_shift;
- int h = s->height >> v_shift;
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
uint8_t *src = pic_arg->data[i];
uint8_t *dst = pic->f->data[i];
int vpad = 16;

Binary file not shown.

View File

@ -1,22 +1,49 @@
-------------------------------------------------------------------
Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-5-CVE-2024-32230.patch:
Backporting 96449cfe from upstream, Fix 1 line and one column images.
(CVE-2024-32230, bsc#1227296)
-------------------------------------------------------------------
Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-5-CVE-2024-32228.patch:
Backporting 45964876 from upstream, Fix segfault on invalid film
grain metadata.
(CVE-2024-32228, bsc#1227277)
-------------------------------------------------------------------
Tue Jul 2 11:28:10 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number)
ffmpeg-CVE-2023-50010.patch
0001-avfilter-af_stereowiden-Check-length.patch
ffmpeg-CVE-2023-51793.patch
ffmpeg-CVE-2023-49502.patch
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
ffmpeg-4.4-CVE-2020-22046.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com> Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-50010.patch: - Add ffmpeg-CVE-2023-50010.patch:
Backporting e4d2666b from upstream, fixes the out of array access. Backporting e4d2666b from upstream, fixes the out of array access.
(CVE-2023-50010 bsc#1223256) (CVE-2023-50010, bsc#1223256)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de> Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Add 0001-avfilter-af_stereowiden-Check-length.patch - Add 0001-avfilter-af_stereowiden-Check-length.patch
[boo#1223437, CVE-2023-51794] (boo#1223437, CVE-2023-51794)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com> Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-51793.patch: - Add ffmpeg-CVE-2023-51793.patch:
Backporting 0ecc1f0e from upstream, Fix odd height handling. Backporting 0ecc1f0e from upstream, Fix odd height handling.
(CVE-2023-51793 bsc#1223272) (CVE-2023-51793, bsc#1223272)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com> Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@ -24,19 +51,19 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-49502.patch: - Add ffmpeg-CVE-2023-49502.patch:
Backporting 737ede40 from upstream, account for chroma sub-sampling Backporting 737ede40 from upstream, account for chroma sub-sampling
in min size calculation. in min size calculation.
(CVE-2023-49502 bsc#1223235) (CVE-2023-49502, bsc#1223235)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de> Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Address boo#1223304/CVE-2023-51798: add patch - Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch:
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch (CVE-2023-51798, boo#1223304)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de> Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Address boo#1223070/CVE-2024-31578: add patch - Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch (CVE-2024-31578, boo#1223070)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Feb 2 09:34:15 UTC 2024 - Stefan Dirsch <sndirsch@suse.com> Fri Feb 2 09:34:15 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
@ -613,7 +640,7 @@ Fri May 3 10:08:30 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 2 09:38:47 UTC 2019 - Martin Liška <mliska@suse.cz> Thu May 2 09:38:47 UTC 2019 - Martin Liška <mliska@suse.cz>
- Use %make_build in order to provide parallel build for tools/*. - Usemake_build in order to provide parallel build for tools/*.
And make output verbose. And make output verbose.
------------------------------------------------------------------- -------------------------------------------------------------------
@ -849,12 +876,12 @@ Wed Jul 18 12:13:38 UTC 2018 - tchvatal@suse.com
- Add new bconds to build on SLE12 backports project without - Add new bconds to build on SLE12 backports project without
requiring extra packages: requiring extra packages:
* %bcond_without codec2 *bcond_without codec2
* %bcond_without bs2b *bcond_without bs2b
* %bcond_without lv2 *bcond_without lv2
* %bcond_without rubberband *bcond_without rubberband
* %bcond_without soxr *bcond_without soxr
* %bcond_without zmq *bcond_without zmq
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 6 10:54:14 UTC 2018 - tchvatal@suse.com Fri Jul 6 10:54:14 UTC 2018 - tchvatal@suse.com
@ -941,7 +968,7 @@ Wed Jun 13 17:25:28 UTC 2018 - tchvatal@suse.com
Wed Jun 13 17:22:41 UTC 2018 - tchvatal@suse.com Wed Jun 13 17:22:41 UTC 2018 - tchvatal@suse.com
- Prefix all the devel packages and conflict between releases - Prefix all the devel packages and conflict between releases
* Provide always the %version-%release of the respective build * Provide always theversion-%release of the respective build
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 13 17:10:22 UTC 2018 - tchvatal@suse.com Wed Jun 13 17:10:22 UTC 2018 - tchvatal@suse.com
@ -970,18 +997,18 @@ Sat Jun 2 11:51:05 UTC 2018 - 9+suse@cirno.systems
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 28 23:03:17 UTC 2018 - jengelh@inai.de Mon May 28 23:03:17 UTC 2018 - jengelh@inai.de
- Avoid double-nesting BUILD_ORIG with %withs. - Avoid double-nesting BUILD_ORIG withwiths.
(Reintroduces with_opencore) (Reintroduces with_opencore)
------------------------------------------------------------------- -------------------------------------------------------------------
Sun May 27 23:11:01 UTC 2018 - bjorn.lie@gmail.com Sun May 27 23:11:01 UTC 2018 - bjorn.lie@gmail.com
- Drop long obsolete and unused vo_aacenc %bcond_with. - Drop long obsolete and unused vo_aacencbcond_with.
- Add conditional --enable-librtmp in build_orig part of spec, - Add conditional --enable-librtmp in build_orig part of spec,
conditional BuildRequires already in place. conditional BuildRequires already in place.
- Drop opencore conditional, explicitly enable them for all - Drop opencore conditional, explicitly enable them for all
BUILD_ORIG builds. BUILD_ORIG builds.
- Drop conditional xvid %bcond_with, libxvidcore-devel - Drop conditional xvidbcond_with, libxvidcore-devel
BuildRequires and --enable-libxvid call to configure: ffmpeg have BuildRequires and --enable-libxvid call to configure: ffmpeg have
a fully capable mpeg4 encoder and decoder, avoid external a fully capable mpeg4 encoder and decoder, avoid external
dependency. dependency.

View File

@ -104,9 +104,6 @@ Summary: Set of libraries for working with various multimedia formats
License: GPL-3.0-or-later License: GPL-3.0-or-later
Group: Productivity/Multimedia/Video/Editors and Convertors Group: Productivity/Multimedia/Video/Editors and Convertors
URL: https://ffmpeg.org/ URL: https://ffmpeg.org/
#Freshcode-URL: http://freshcode.club/projects/ffmpeg
#Git-Clone: git://source.ffmpeg.org/ffmpeg
Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz
Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
Source3: ffmpeg-4-rpmlintrc Source3: ffmpeg-4-rpmlintrc
@ -119,18 +116,20 @@ Patch2: ffmpeg-new-coder-errors.diff
Patch3: ffmpeg-codec-choice.diff Patch3: ffmpeg-codec-choice.diff
Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch
Patch5: soversion.patch Patch5: soversion.patch
Patch9: ffmpeg-4.4-CVE-2020-22046.patch Patch9: ffmpeg-4-CVE-2020-22046.patch
Patch10: ffmpeg-chromium.patch Patch10: ffmpeg-chromium.patch
Patch11: ffmpeg-libglslang-detection.patch Patch11: ffmpeg-libglslang-detection.patch
Patch12: 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch Patch12: 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
Patch13: 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch Patch13: 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
Patch14: ffmpeg-glslang-cxx17.patch Patch14: ffmpeg-glslang-cxx17.patch
Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch Patch15: ffmpeg-4-CVE-2024-31578.patch
Patch16: 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch Patch16: ffmpeg-4-CVE-2023-51798.patch
Patch17: ffmpeg-CVE-2023-49502.patch Patch17: ffmpeg-4-CVE-2023-49502.patch
Patch18: ffmpeg-CVE-2023-51793.patch Patch18: ffmpeg-4-CVE-2023-51793.patch
Patch19: 0001-avfilter-af_stereowiden-Check-length.patch Patch19: ffmpeg-4-CVE-2023-51794.patch
Patch20: ffmpeg-CVE-2023-50010.patch Patch20: ffmpeg-4-CVE-2023-50010.patch
Patch21: ffmpeg-4-CVE-2024-32228.patch
Patch22: ffmpeg-4-CVE-2024-32230.patch
BuildRequires: ladspa-devel BuildRequires: ladspa-devel
BuildRequires: libgsm-devel BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel BuildRequires: libmp3lame-devel