diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index 0a6e0ca..3ff691f 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -72,6 +72,7 @@ Mon Jan 6 11:53:32 UTC 2025 - Jan Engelhardt ffmpeg-CVE-2023-50010.patch ffmpeg-4-CVE-2024-32230.patch ffmpeg-4-CVE-2024-7055.patch (all merged) + (CVE-2023-51798, bsc#1223304) ------------------------------------------------------------------- Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa @@ -136,20 +137,39 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao ------------------------------------------------------------------- Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt -- Address boo#1223304/CVE-2023-51798: add patch - 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch +- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch: + Backporting 68146f06 from upstream, Check pts before division. + (CVE-2023-51798, bsc#1223304) ------------------------------------------------------------------- Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt -- Address boo#1223070/CVE-2024-31578: add patch - 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch +- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch: + Backporting 76a48e85 from upstream, Check length. + (CVE-2024-31578, bsc#1223070) + +------------------------------------------------------------------- +Mon Feb 12 18:23:41 UTC 2024 - Stefan Dirsch + +- ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch + * fixes build against dav1d, which has been updated in + SUSE:SLE-15-SP5:Update (where apparently no rebuild of ffmpeg-4 + had been triggered) ------------------------------------------------------------------- Fri Feb 2 09:34:15 UTC 2024 - Stefan Dirsch -- drop support for libmfx, which is no longer supported upstream - at all (boo#1219494) +- no longer build against libmfx; build also 15.5 against libvpl + (boo#1230983, boo#1219494) + +- dropping support for libmfx below covers: + * libmfx: improper input validation (CVE-2023-48368, bsc#1226897) + * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898) + * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899) + * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900) + * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901) + * Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892) + * Drop libmfx dependency from our product (jira #PED-10024) ------------------------------------------------------------------- Tue Dec 26 13:36:38 UTC 2023 - Jan Engelhardt @@ -169,7 +189,7 @@ Fri Nov 3 08:17:13 UTC 2023 - Marcus Meissner - Add ffmpeg-fix-new-binutils.patch: Backporting 01fc3034 from upstream, Fix build with new binutils (bsc#1215309) - + ------------------------------------------------------------------- Mon Oct 30 11:16:43 UTC 2023 - Jan Engelhardt @@ -550,7 +570,7 @@ Fri Mar 31 00:41:22 UTC 2020 - Ismail Dönmez - Add Samba support for Factory (as this needs a fix in Samba itself) Add --enable-libsmbclient to configure, add BR on pkgconfig(smbclient) - License is now GPLv3+ by default (--enable-version3) - + ------------------------------------------------------------------- Mon Mar 30 07:14:39 UTC 2020 - Tomáš Chvátal diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index f4df1ce..8d48f2d 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -144,6 +144,7 @@ Patch26: ffmpeg-4-CVE-2025-22919.patch Patch27: ffmpeg-4-CVE-2025-0518.patch Patch28: ffmpeg-4-CVE-2025-25473.patch Patch29: ffmpeg-4-CVE-2025-22921.patch +Patch30: ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel diff --git a/ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch b/ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch new file mode 100644 index 0000000..6f42a29 --- /dev/null +++ b/ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch @@ -0,0 +1,36 @@ +commit e204846ec16c1ab34c7f3a681734cf5190433018 +Author: James Almer +Date: Fri Sep 3 13:50:32 2021 -0300 + + avcodec/libdav1d: fix compilation after recent libdav1d API changes + + They were done in preparation for an upcoming 1.0 release. + Keep supporting previous releases for the time being. + + Reviewed-by: BBB + Signed-off-by: James Almer + +--- a/libavcodec/libdav1d.c ++++ b/libavcodec/libdav1d.c +@@ -202,6 +202,9 @@ + Libdav1dContext *dav1d = c->priv_data; + Dav1dData *data = &dav1d->data; + Dav1dPicture pic = { 0 }, *p = &pic; ++#if FF_DAV1D_VERSION_AT_LEAST(5,1) ++ enum Dav1dEventFlags event_flags = 0; ++#endif + int res; + + if (!data->sz) { +@@ -280,6 +283,11 @@ + frame->linesize[1] = p->stride[1]; + frame->linesize[2] = p->stride[1]; + ++#if FF_DAV1D_VERSION_AT_LEAST(5,1) ++ dav1d_get_event_flags(dav1d->c, &event_flags); ++ if (c->pix_fmt == AV_PIX_FMT_NONE || ++ event_flags & DAV1D_EVENT_FLAG_NEW_SEQUENCE) ++#endif + c->profile = p->seq_hdr->profile; + c->level = ((p->seq_hdr->operating_points[0].major_level - 2) << 2) + | p->seq_hdr->operating_points[0].minor_level;