Add ffmpeg-5-CVE-2024-32228.patch, ffmpeg-5-CVE-2024-32230.patch: backport fixes from upstream to fix CVE issues.

ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch

@@ -1,16 +1,14 @@
 commit cf1f57443158bcbe84a213e8dc631a302993f9a2
 Author: Thilo Borgmann <thilo.borgmann@mail.de>
 Date:   Mon Jul 18 16:09:46 2022 +0200
+Subject: lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel
 References: CVE-2023-50009
-References: https://bugzilla.opensuse.org/1172423
+References: bsc#1172423
+Upstream: Backport from upstream
 
-lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel
+Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur
+and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao
 
-[Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur
-and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao]
-
-diff --git a/libavfilter/edge_common.c b/libavfilter/edge_common.c
-index d72e8521cd..ebd47d7c53 100644
 --- a/libavfilter/edge_common.c
 +++ b/libavfilter/edge_common.c
 @@ -46,33 +46,13 @@ static int get_rounded_direction(int gx, int gy)
@@ -312,4 +310,3 @@ index 90390ceb3e..603f06f141 100644
           * ignore the rest, so we need a clean output buffer */
 -- 
 2.41.0
-

ffmpeg-5-CVE-2024-32228.patch

@@ -0,0 +1,66 @@
+From 459648761f5412acdc3317d5bac982ceaa257584
+Author: Niklas Haas <git@haasn.dev>
+Date: Sat Apr 6 13:11:09 2024 +0200
+Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
+References: CVE-2024-32228
+References: bsc#1227277
+Upstream: Backport from upstream
+
+Invalid input files may contain film grain metadata which survives
+ff_h274_film_grain_params_supported() but does not pass
+av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
+
+Fix this by duplicating the av_film_grain_params_select() check at frame
+init time.
+
+An alternative solution here would be to defer the incompatibility check
+to hevc_frame_end(), but this has the downside of allocating a film
+grain buffer even when we already know we can't apply film grain.
+
+Fixes: https://trac.ffmpeg.org/ticket/10951
+
+--- ffmpeg-5.1.4/libavcodec/hevcdec.c
++++ ffmpeg-5.1.4_new/libavcodec/hevcdec.c
+@@ -3035,12 +3035,29 @@
+         goto fail;
+     }
+ 
+-    s->ref->frame->key_frame = IS_IRAP(s);
++    if (IS_IRAP(s))
++        s->ref->frame->flags |= AV_FRAME_FLAG_KEY;
++    else
++        s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY;
+ 
+-    s->ref->needs_fg = s->sei.film_grain_characteristics.present &&
++    s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present ||
++                        s->sei.common.aom_film_grain.enable) &&
+         !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
+         !s->avctx->hwaccel;
+ 
++    ret = set_side_data(s);
++    if (ret < 0)
++        goto fail;
++
++    if (s->ref->needs_fg &&
++        ( s->sei.common.film_grain_characteristics.present &&
++          !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
++                                             s->ref->frame->format))
++          || !av_film_grain_params_select(s->ref->frame)) {
++        av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
++                    "Unsupported film grain parameters. Ignoring film grain.\n");
++        s->ref->needs_fg = 0;
++    }
+     if (s->ref->needs_fg) {
+         s->ref->frame_grain->format = s->ref->frame->format;
+         s->ref->frame_grain->width = s->ref->frame->width;
+@@ -3049,10 +3066,6 @@
+             goto fail;
+     }
+ 
+-    ret = set_side_data(s);
+-    if (ret < 0)
+-        goto fail;
+-
+     s->frame->pict_type = 3 - s->sh.slice_type;
+ 
+     if (!IS_IRAP(s))

ffmpeg-5-CVE-2024-32230.patch

@@ -0,0 +1,25 @@
+From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
+Author: Michael Niedermayer <michael@niedermayer.cc>
+Date:   Mon Apr 8 18:38:42 2024 +0200
+Subject: avcodec/mpegvideo_enc: Fix 1 line and one column images
+References: CVE-2024-32230
+References: bsc#1227296
+Upstream: Backport from upstream
+
+Fixes: Ticket10952
+Fixes: poc21ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+--- ffmpeg-5.1.4/libavcodec/mpegvideo_enc.c
++++ ffmpeg-5.1.4_new/libavcodec/mpegvideo_enc.c
+@@ -1087,8 +1087,8 @@
+                     int dst_stride = i ? s->uvlinesize : s->linesize;
+                     int h_shift = i ? h_chroma_shift : 0;
+                     int v_shift = i ? v_chroma_shift : 0;
+-                    int w = s->width  >> h_shift;
+-                    int h = s->height >> v_shift;
++                    int w = AV_CEIL_RSHIFT(s->width , h_shift);
++                    int h = AV_CEIL_RSHIFT(s->height, v_shift);	    
+                     uint8_t *src = pic_arg->data[i];
+                     uint8_t *dst = pic->f->data[i];
+                     int vpad = 16;

ffmpeg-5.changes

@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Tue Jul  2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-32230.patch:
+  Backporting 96449cfe from upstream, Fix 1 line and one column images.
+  (CVE-2024-32230, bsc#1227296)
+
+-------------------------------------------------------------------
+Tue Jul  2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-32228.patch:
+  Backporting 45964876 from upstream, Fix segfault on invalid film
+  grain metadata.
+  (CVE-2024-32228, bsc#1227277)
+
+-------------------------------------------------------------------
+Tue Jul  2 11:28:10 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number)
+  ffmpeg-4.4-CVE-2020-22046.patch
+  ffmpeg-5-CVE-2023-50007.patch
+  ffmpeg-5-CVE-2023-50008.patch
+  ffmpeg-5-CVE-2023-49502.patch
+  ffmpeg-5-CVE-2023-51793.patch
+  ffmpeg-5-CVE-2023-50009.patch
+  ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
+  ffmpeg-5-CVE-2023-50010.patch
+
 -------------------------------------------------------------------
 Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
@@ -22,7 +50,7 @@ Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 -------------------------------------------------------------------
 Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
-- Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch:
+- Add ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch:
   Backporting cf1f5744 from upstream, Templatify function
   ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009.
   (CVE-2023-50009 bsc#1223255)
@@ -267,7 +295,7 @@ Thu Jan  5 12:57:10 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
 -------------------------------------------------------------------
 Mon Dec 12 21:18:30 UTC 2022 - Dirk Müller <dmueller@suse.com>
 
-- build for x86_64 subarchs the same way like for baseline 
+- build for x86_64 subarchs the same way like for baseline
 
 -------------------------------------------------------------------
 Thu Dec  8 11:27:56 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
@@ -418,7 +446,7 @@ Sat Apr  9 22:36:13 UTC 2022 - Dirk Müller <dmueller@suse.com>
   * avcodec/libdav1d: free the Dav1dData packet on dav1d_send_data() failure
   * avcodec/h264_parser: don't alter decoder private data
   * configure: link to libatomic when it's present
-  * fate/ffmpeg: add missing samples dependency to fate-shortest 
+  * fate/ffmpeg: add missing samples dependency to fate-shortest
 
 -------------------------------------------------------------------
 Thu Mar 10 13:37:06 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>

ffmpeg-5.spec

@@ -92,9 +92,6 @@ Summary:        Set of libraries for working with various multimedia formats
 License:        GPL-3.0-or-later
 Group:          Productivity/Multimedia/Video/Editors and Convertors
 URL:            https://ffmpeg.org/
-
-#Freshcode-URL:    http://freshcode.club/projects/ffmpeg
-#Git-Clone:     git://source.ffmpeg.org/ffmpeg
 Source:         https://www.ffmpeg.org/releases/%_name-%version.tar.xz
 Source2:        https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
 Source3:        ffmpeg-5-rpmlintrc
@@ -104,13 +101,12 @@ Source6:        ffmpeg-dlopen-headers.tar.xz
 Source92:       ffmpeg_get_dlopen_headers.sh
 Source98:       http://ffmpeg.org/ffmpeg-devel.asc#/ffmpeg-5.keyring
 Source99:       baselibs.conf
-
 Patch1:         ffmpeg-arm6l.diff
 Patch2:         ffmpeg-new-coder-errors.diff
 Patch3:         ffmpeg-codec-choice.diff
 Patch4:         ffmpeg-4.2-dlopen-fdk_aac.patch
 Patch5:         work-around-abi-break.patch
-Patch9:         ffmpeg-4.4-CVE-2020-22046.patch
+Patch9:         ffmpeg-4-CVE-2020-22046.patch
 Patch10:        0001-avfilter-af_dialoguenhance-fix-overreads.patch
 Patch11:        0001-avfilter-af_dialoguenhance-simplify-channels-copy.patch
 Patch12:        0001-avfilter-af_dialoguenhance-do-output-scaling-once.patch
@@ -122,13 +118,15 @@ Patch17:        0001-avfilter-af_stereowiden-Check-length.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch93:        soname.diff
-Patch94:        ffmpeg-CVE-2023-50007.patch
+Patch94:        ffmpeg-5-CVE-2023-50007.patch
-Patch95:        ffmpeg-CVE-2023-50008.patch
+Patch95:        ffmpeg-5-CVE-2023-50008.patch
-Patch96:        ffmpeg-CVE-2023-49502.patch
+Patch96:        ffmpeg-5-CVE-2023-49502.patch
-Patch97:        ffmpeg-CVE-2023-51793.patch
+Patch97:        ffmpeg-5-CVE-2023-51793.patch
-Patch98:        ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
+Patch98:        ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch
-Patch99:        ffmpeg-CVE-2023-50009.patch
+Patch99:        ffmpeg-5-CVE-2023-50009.patch
-Patch100:       ffmpeg-CVE-2023-50010.patch
+Patch100:       ffmpeg-5-CVE-2023-50010.patch
+Patch101:       ffmpeg-5-CVE-2024-32228.patch
+Patch102:       ffmpeg-5-CVE-2024-32230.patch
 %if %{with amf_sdk}
 BuildRequires:  AMF-devel
 %endif