From bd45ca0807bd03d66ba695f0448195fac1313c27a0a570955cc346ab2e508516 Mon Sep 17 00:00:00 2001 From: Manfred Hollstein Date: Thu, 15 Aug 2024 12:02:13 +0200 Subject: [PATCH 1/5] ffmpeg-5.changes aktualisiert - Remove ffmpeg-5-CVE-2024-32228.patch as it adds/modifies code which does not build on Packman. --- ffmpeg-5.changes | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/ffmpeg-5.changes b/ffmpeg-5.changes index 1452147..a0419b4 100644 --- a/ffmpeg-5.changes +++ b/ffmpeg-5.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Thu Aug 15 09:56:01 UTC 2024 - Manfred Hollstein +- Remove ffmpeg-5-CVE-2024-32228.patch as it adds/modifies code + which does not build on Packman. Errors are like + libavcodec/hevcdec.c: In function ‘hevc_frame_start’: + libavcodec/hevcdec.c:3039:33: error: ‘AV_FRAME_FLAG_KEY’ undeclared (first use in this function); did you mean ‘AV_PKT_FLAG_KEY’? + 3039 | s->ref->frame->flags |= AV_FRAME_FLAG_KEY; + | ^~~~~~~~~~~~~~~~~ + | AV_PKT_FLAG_KEY + libavcodec/hevcdec.c:3039:33: note: each undeclared identifier is reported only once for each function it appears in + libavcodec/hevcdec.c:3043:31: error: ‘HEVCSEI’ has no member named ‘common’ + 3043 | s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present || + | ^ + libavcodec/hevcdec.c:3044:31: error: ‘HEVCSEI’ has no member named ‘common’ + 3044 | s->sei.common.aom_film_grain.enable) && + | ^ + libavcodec/hevcdec.c:3053:17: error: ‘HEVCSEI’ has no member named ‘common’ + 3053 | ( s->sei.common.film_grain_characteristics.present && + | ^ + libavcodec/hevcdec.c:3054:12: error: implicit declaration of function ‘ff_h274_film_grain_params_supported’ [-Werror=implicit-function-declaration] + 3054 | !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + libavcodec/hevcdec.c:3054:54: error: ‘HEVCSEI’ has no member named ‘common’ + 3054 | !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, + | ^ + libavcodec/hevcdec.c:3056:15: error: implicit declaration of function ‘av_film_grain_params_select’; did you mean ‘av_film_grain_params_alloc’? [-Werror=implicit-function-declaration] + 3056 | || !av_film_grain_params_select(s->ref->frame)) { + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ + | av_film_grain_params_alloc + libavcodec/hevcdec.c:3057:63: error: ‘HEVCContext’ has no member named ‘film_grain_warning_shown’ + 3057 | av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown, + | ^~ + ------------------------------------------------------------------- Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao -- 2.45.2 From 6af725eab1435cff2f24616cab690e8f39351dfaa72e264d7f859c21ab7dd248 Mon Sep 17 00:00:00 2001 From: Manfred Hollstein Date: Thu, 15 Aug 2024 12:08:10 +0200 Subject: [PATCH 2/5] ffmpeg-5.changes aktualisiert --- ffmpeg-5.changes | 35 ++++++----------------------------- 1 file changed, 6 insertions(+), 29 deletions(-) diff --git a/ffmpeg-5.changes b/ffmpeg-5.changes index a0419b4..67e969e 100644 --- a/ffmpeg-5.changes +++ b/ffmpeg-5.changes @@ -1,35 +1,12 @@ ------------------------------------------------------------------- Thu Aug 15 09:56:01 UTC 2024 - Manfred Hollstein - Remove ffmpeg-5-CVE-2024-32228.patch as it adds/modifies code - which does not build on Packman. Errors are like - libavcodec/hevcdec.c: In function ‘hevc_frame_start’: - libavcodec/hevcdec.c:3039:33: error: ‘AV_FRAME_FLAG_KEY’ undeclared (first use in this function); did you mean ‘AV_PKT_FLAG_KEY’? - 3039 | s->ref->frame->flags |= AV_FRAME_FLAG_KEY; - | ^~~~~~~~~~~~~~~~~ - | AV_PKT_FLAG_KEY - libavcodec/hevcdec.c:3039:33: note: each undeclared identifier is reported only once for each function it appears in - libavcodec/hevcdec.c:3043:31: error: ‘HEVCSEI’ has no member named ‘common’ - 3043 | s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present || - | ^ - libavcodec/hevcdec.c:3044:31: error: ‘HEVCSEI’ has no member named ‘common’ - 3044 | s->sei.common.aom_film_grain.enable) && - | ^ - libavcodec/hevcdec.c:3053:17: error: ‘HEVCSEI’ has no member named ‘common’ - 3053 | ( s->sei.common.film_grain_characteristics.present && - | ^ - libavcodec/hevcdec.c:3054:12: error: implicit declaration of function ‘ff_h274_film_grain_params_supported’ [-Werror=implicit-function-declaration] - 3054 | !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - libavcodec/hevcdec.c:3054:54: error: ‘HEVCSEI’ has no member named ‘common’ - 3054 | !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, - | ^ - libavcodec/hevcdec.c:3056:15: error: implicit declaration of function ‘av_film_grain_params_select’; did you mean ‘av_film_grain_params_alloc’? [-Werror=implicit-function-declaration] - 3056 | || !av_film_grain_params_select(s->ref->frame)) { - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ - | av_film_grain_params_alloc - libavcodec/hevcdec.c:3057:63: error: ‘HEVCContext’ has no member named ‘film_grain_warning_shown’ - 3057 | av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown, - | ^~ + which does not build on Packman. Following errors are generated: + * AV_FRAME_FLAG_KEY undeclared + * 'HEVCSEI' has no member named 'common' + * implicit declaration of function 'ff_h274_film_grain_params_supported' + * implicit declaration of function 'av_film_grain_params_select' + * 'HEVCContext' has no member named 'film_grain_warning_shown' ------------------------------------------------------------------- Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao -- 2.45.2 From ff1103718d199c4695779f9eb426fd83ff57807dcf27b04a7404c97c041ffd9f Mon Sep 17 00:00:00 2001 From: Manfred Hollstein Date: Thu, 15 Aug 2024 12:08:49 +0200 Subject: [PATCH 3/5] ffmpeg-5.changes aktualisiert --- ffmpeg-5.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/ffmpeg-5.changes b/ffmpeg-5.changes index 67e969e..54caf12 100644 --- a/ffmpeg-5.changes +++ b/ffmpeg-5.changes @@ -7,6 +7,7 @@ Thu Aug 15 09:56:01 UTC 2024 - Manfred Hollstein * implicit declaration of function 'ff_h274_film_grain_params_supported' * implicit declaration of function 'av_film_grain_params_select' * 'HEVCContext' has no member named 'film_grain_warning_shown' +- Renumber patches ------------------------------------------------------------------- Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao -- 2.45.2 From 203fdd44157704c597977f370a7086fe9fca957c6e4a2e024dbbcd482066d8db Mon Sep 17 00:00:00 2001 From: Manfred Hollstein Date: Thu, 15 Aug 2024 12:11:11 +0200 Subject: [PATCH 4/5] ffmpeg-5.spec aktualisiert - Remove ffmpeg-5-CVE-2024-32228.patch as it adds/modifies code which does not build on Packman. --- ffmpeg-5.spec | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ffmpeg-5.spec b/ffmpeg-5.spec index e867491..5f34f27 100644 --- a/ffmpeg-5.spec +++ b/ffmpeg-5.spec @@ -123,8 +123,7 @@ Patch97: ffmpeg-CVE-2023-51793.patch Patch98: ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch Patch99: ffmpeg-CVE-2023-50009.patch Patch100: ffmpeg-CVE-2023-50010.patch -Patch101: ffmpeg-5-CVE-2024-32228.patch -Patch102: ffmpeg-5-CVE-2024-32230.patch +Patch101: ffmpeg-5-CVE-2024-32230.patch # # preamble is present twice, watch out # @@ -862,8 +861,7 @@ Patch97: ffmpeg-CVE-2023-51793.patch Patch98: ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch Patch99: ffmpeg-CVE-2023-50009.patch Patch100: ffmpeg-CVE-2023-50010.patch -Patch101: ffmpeg-5-CVE-2024-32228.patch -Patch102: ffmpeg-5-CVE-2024-32230.patch +Patch101: ffmpeg-5-CVE-2024-32230.patch BuildRequires: c_compiler Requires: this-is-only-for-build-envs -- 2.45.2 From 5c7421cca25f80686bd68f4b584f938469b5a36395048b41942f0c735dfe8fab Mon Sep 17 00:00:00 2001 From: Manfred Hollstein Date: Thu, 15 Aug 2024 12:12:37 +0200 Subject: [PATCH 5/5] =?UTF-8?q?ffmpeg-5-CVE-2024-32228.patch=20gel=C3=B6sc?= =?UTF-8?q?ht?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove ffmpeg-5-CVE-2024-32228.patch as it adds/modifies code which does not build on Packman. --- ffmpeg-5-CVE-2024-32228.patch | 66 ----------------------------------- 1 file changed, 66 deletions(-) delete mode 100644 ffmpeg-5-CVE-2024-32228.patch diff --git a/ffmpeg-5-CVE-2024-32228.patch b/ffmpeg-5-CVE-2024-32228.patch deleted file mode 100644 index 5fe925a..0000000 --- a/ffmpeg-5-CVE-2024-32228.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 459648761f5412acdc3317d5bac982ceaa257584 -Author: Niklas Haas -Date: Sat Apr 6 13:11:09 2024 +0200 -Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata -References: CVE-2024-32228 -References: bsc#1227277 -Upstream: Backport from upstream - -Invalid input files may contain film grain metadata which survives -ff_h274_film_grain_params_supported() but does not pass -av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end(). - -Fix this by duplicating the av_film_grain_params_select() check at frame -init time. - -An alternative solution here would be to defer the incompatibility check -to hevc_frame_end(), but this has the downside of allocating a film -grain buffer even when we already know we can't apply film grain. - -Fixes: https://trac.ffmpeg.org/ticket/10951 - ---- ffmpeg-5.1.4/libavcodec/hevcdec.c -+++ ffmpeg-5.1.4_new/libavcodec/hevcdec.c -@@ -3035,12 +3035,29 @@ - goto fail; - } - -- s->ref->frame->key_frame = IS_IRAP(s); -+ if (IS_IRAP(s)) -+ s->ref->frame->flags |= AV_FRAME_FLAG_KEY; -+ else -+ s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY; - -- s->ref->needs_fg = s->sei.film_grain_characteristics.present && -+ s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present || -+ s->sei.common.aom_film_grain.enable) && - !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) && - !s->avctx->hwaccel; - -+ ret = set_side_data(s); -+ if (ret < 0) -+ goto fail; -+ -+ if (s->ref->needs_fg && -+ ( s->sei.common.film_grain_characteristics.present && -+ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, -+ s->ref->frame->format)) -+ || !av_film_grain_params_select(s->ref->frame)) { -+ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown, -+ "Unsupported film grain parameters. Ignoring film grain.\n"); -+ s->ref->needs_fg = 0; -+ } - if (s->ref->needs_fg) { - s->ref->frame_grain->format = s->ref->frame->format; - s->ref->frame_grain->width = s->ref->frame->width; -@@ -3049,10 +3066,6 @@ - goto fail; - } - -- ret = set_side_data(s); -- if (ret < 0) -- goto fail; -- - s->frame->pict_type = 3 - s->sh.slice_type; - - if (!IS_IRAP(s)) -- 2.45.2