Update to release-7.0.2, Drop patches merged by the update.

ffmpeg-7-CVE-2024-32228.patch

@@ -0,0 +1,54 @@
+From 459648761f5412acdc3317d5bac982ceaa257584
+Author: Niklas Haas <git@haasn.dev>
+Date: Sat Apr 6 13:11:09 2024 +0200
+Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
+References: CVE-2024-32228
+References: https://bugzilla.opensuse.org/1227277
+Upstream: Backport from upstream
+
+Invalid input files may contain film grain metadata which survives
+ff_h274_film_grain_params_supported() but does not pass
+av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
+
+Fix this by duplicating the av_film_grain_params_select() check at frame
+init time.
+
+An alternative solution here would be to defer the incompatibility check
+to hevc_frame_end(), but this has the downside of allocating a film
+grain buffer even when we already know we can't apply film grain.
+
+Fixes: https://trac.ffmpeg.org/ticket/10951
+
+--- ffmpeg-7.0/libavcodec/hevcdec.c
++++ ffmpeg-7.0_new/libavcodec/hevcdec.c
+@@ -2892,10 +2892,16 @@
+         !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
+         !s->avctx->hwaccel;
+ 
++    ret = set_side_data(s);
++    if (ret < 0)
++        goto fail;
++
+     if (s->ref->needs_fg &&
+-        s->sei.common.film_grain_characteristics.present &&
+-        !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
+-                                             s->ref->frame->format)) {
++        ( s->sei.common.film_grain_characteristics.present &&
++          !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
++                                               s->ref->frame->format))
++          || !av_film_grain_params_select(s->ref->frame)) {
++
+         av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
+                     "Unsupported film grain parameters. Ignoring film grain.\n");
+         s->ref->needs_fg = 0;
+@@ -2909,10 +2915,6 @@
+             goto fail;
+     }
+ 
+-    ret = set_side_data(s);
+-    if (ret < 0)
+-        goto fail;
+-
+     s->frame->pict_type = 3 - s->sh.slice_type;
+ 
+     if (!IS_IRAP(s))

ffmpeg-7-CVE-2024-32229.patch

@@ -0,0 +1,38 @@
+From a528a54ee119dcba47e7c9e30d3a56206fbad416 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Thu, 4 Jul 2024 14:55:23 -0300
+Subject: [PATCH] avfilter/vf_tiltandshift: fix buffer offset for yuv422p input
+
+Fixes ticket #10950.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavfilter/vf_tiltandshift.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libavfilter/vf_tiltandshift.c b/libavfilter/vf_tiltandshift.c
+index 85cce84fc3..b49a713339 100644
+--- a/libavfilter/vf_tiltandshift.c
++++ b/libavfilter/vf_tiltandshift.c
+@@ -175,14 +175,14 @@ static void copy_column(AVFilterLink *outlink,
+     const uint8_t *src[4];
+ 
+     dst[0] = dst_data[0] + ncol;
+-    dst[1] = dst_data[1] + (ncol >> s->desc->log2_chroma_h);
+-    dst[2] = dst_data[2] + (ncol >> s->desc->log2_chroma_h);
++    dst[1] = dst_data[1] + (ncol >> s->desc->log2_chroma_w);
++    dst[2] = dst_data[2] + (ncol >> s->desc->log2_chroma_w);
+ 
+     if (!tilt)
+         ncol = 0;
+     src[0] = src_data[0] + ncol;
+-    src[1] = src_data[1] + (ncol >> s->desc->log2_chroma_h);
+-    src[2] = src_data[2] + (ncol >> s->desc->log2_chroma_h);
++    src[1] = src_data[1] + (ncol >> s->desc->log2_chroma_w);
++    src[2] = src_data[2] + (ncol >> s->desc->log2_chroma_w);
+ 
+     av_image_copy(dst, dst_linesizes, src, src_linesizes, outlink->format, 1, outlink->h);
+ }
+-- 
+2.41.0
+

ffmpeg-7-CVE-2024-32230.patch

@@ -0,0 +1,25 @@
+From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
+Author: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon Apr 8 18:38:42 2024 +0200
+Subject: avcodec/mpegvideo_enc: Fix 1 line and one column images
+References: CVE-2024-32230
+References: https://bugzilla.opensuse.org/1227296
+Upstream: Backport from upstream
+
+Fixes: Ticket10952
+Fixes: poc21ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+--- ffmpeg-7.0/libavcodec/mpegvideo_enc.c
++++ ffmpeg-7.0_new/libavcodec/mpegvideo_enc.c
+@@ -1198,8 +1198,8 @@
+                 ptrdiff_t dst_stride = i ? s->uvlinesize : s->linesize;
+                 int h_shift = i ? s->chroma_x_shift : 0;
+                 int v_shift = i ? s->chroma_y_shift : 0;
+-                int w = s->width  >> h_shift;
+-                int h = s->height >> v_shift;
++                int w = AV_CEIL_RSHIFT(s->width , h_shift);
++                int h = AV_CEIL_RSHIFT(s->height, v_shift);
+                 const uint8_t *src = pic_arg->data[i];
+                 uint8_t *dst = pic->f->data[i];
+                 int vpad = 16;

ffmpeg-7-fix-crashes.patch

@@ -0,0 +1,113 @@
+From 5b87869c09cece1583e74b6f796aa825a4765631 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Wed, 31 Jul 2024 22:19:53 -0300
+Subject: [PATCH] avformat/mov: fix track handling when mixing IAMF and video
+ tracks
+
+Fixes crashes when muxing the two together.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavformat/movenc.c | 37 ++++++++++++++++++++++++++++---------
+ 1 file changed, 28 insertions(+), 9 deletions(-)
+
+diff --git a/libavformat/movenc.c b/libavformat/movenc.c
+index e40948edb8..d20d0bc064 100644
+--- a/libavformat/movenc.c
++++ b/libavformat/movenc.c
+@@ -7149,7 +7149,9 @@ static int mov_create_dvd_sub_decoder_specific_info(MOVTrack *track,
+ static int mov_init_iamf_track(AVFormatContext *s)
+ {
+     MOVMuxContext *mov = s->priv_data;
+-    MOVTrack *track = &mov->tracks[0]; // IAMF if present is always the first track
++    MOVTrack *track;
++    IAMFContext *iamf;
++    int first_iamf_idx = INT_MAX, last_iamf_idx = 0;
+     int nb_audio_elements = 0, nb_mix_presentations = 0;
+     int ret;
+ 
+@@ -7171,24 +7173,24 @@ static int mov_init_iamf_track(AVFormatContext *s)
+         return AVERROR(EINVAL);
+     }
+ 
+-    track->iamf = av_mallocz(sizeof(*track->iamf));
+-    if (!track->iamf)
++    iamf = av_mallocz(sizeof(*iamf));
++    if (!iamf)
+         return AVERROR(ENOMEM);
+ 
++
+     for (int i = 0; i < s->nb_stream_groups; i++) {
+         const AVStreamGroup *stg = s->stream_groups[i];
+         switch(stg->type) {
+         case AV_STREAM_GROUP_PARAMS_IAMF_AUDIO_ELEMENT:
+             for (int j = 0; j < stg->nb_streams; j++) {
+-                track->first_iamf_idx = FFMIN(stg->streams[j]->index, track->first_iamf_idx);
+-                track->last_iamf_idx  = FFMAX(stg->streams[j]->index, track->last_iamf_idx);
+-                stg->streams[j]->priv_data = track;
++                first_iamf_idx = FFMIN(stg->streams[j]->index, first_iamf_idx);
++                last_iamf_idx  = FFMAX(stg->streams[j]->index, last_iamf_idx);
+             }
+ 
+-            ret = ff_iamf_add_audio_element(track->iamf, stg, s);
++            ret = ff_iamf_add_audio_element(iamf, stg, s);
+             break;
+         case AV_STREAM_GROUP_PARAMS_IAMF_MIX_PRESENTATION:
+-            ret = ff_iamf_add_mix_presentation(track->iamf, stg, s);
++            ret = ff_iamf_add_mix_presentation(iamf, stg, s);
+             break;
+         default:
+             av_assert0(0);
+@@ -7197,8 +7199,20 @@ static int mov_init_iamf_track(AVFormatContext *s)
+             return ret;
+     }
+ 
++    track = &mov->tracks[first_iamf_idx];
++    track->iamf = iamf;
++    track->first_iamf_idx = first_iamf_idx;
++    track->last_iamf_idx = last_iamf_idx;
+     track->tag = MKTAG('i','a','m','f');
+ 
++    for (int i = 0; i < s->nb_stream_groups; i++) {
++        AVStreamGroup *stg = s->stream_groups[i];
++        if (stg->type != AV_STREAM_GROUP_PARAMS_IAMF_AUDIO_ELEMENT)
++            continue;
++        for (int j = 0; j < stg->nb_streams; j++)
++            stg->streams[j]->priv_data = track;
++    }
++
+     ret = avio_open_dyn_buf(&track->iamf_buf);
+     if (ret < 0)
+         return ret;
+@@ -7209,6 +7223,7 @@ static int mov_init_iamf_track(AVFormatContext *s)
+ static int mov_init(AVFormatContext *s)
+ {
+     MOVMuxContext *mov = s->priv_data;
++    int has_iamf = 0;
+     int i, ret;
+ 
+     mov->fc = s;
+@@ -7359,6 +7374,7 @@ static int mov_init(AVFormatContext *s)
+             }
+             st->priv_data = st;
+         }
++        has_iamf = 1;
+ 
+         if (!mov->nb_tracks) // We support one track for the entire IAMF structure
+             mov->nb_tracks++;
+@@ -7455,8 +7471,11 @@ static int mov_init(AVFormatContext *s)
+     for (int j = 0, i = 0; j < s->nb_streams; j++) {
+         AVStream *st = s->streams[j];
+ 
+-        if (st != st->priv_data)
++        if (st != st->priv_data) {
++            if (has_iamf)
++                i += has_iamf--;
+             continue;
++        }
+         st->priv_data = &mov->tracks[i++];
+     }
+ 
+-- 
+2.41.0
+

ffmpeg-7.0.2.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmatZQYYHGZmbXBlZy1k
+ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYIlcIAKF1VWqnhhKkBHSxEnH8ipUH
+nlJmPitKaJTwgtAtHGH8DL4XlgUwxfws9YohJ6V2fz/LjD+4rcU1BB9lMKNTaEW3
+g27lIRHXC571OGgBKJFadhsbULtUu9oUOIcqS28zOl3fsok/G7NVd3ajkpiRUPhu
+LRXUXNbCIwtXbIdS0yECpiRcHMj/hX6nkY3yHrmWXAts/TtmIQyaNTbnC4ervA1s
+Ijc4cY/unb6OD9DpmC6DznVykyfzc2GjjCiNxRXrljp+MaZ7jBEMwjXfOIATwBwj
+gCN+N6nlxc5e3gMOGcAJy93iD9HpbgVDAn6S6jnB/z5+Tyv6ZeP+sytsgOCNjlQ=
+=R372
+-----END PGP SIGNATURE-----

ffmpeg-7.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQFMBAABCAA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmYPNtMYHGZmbXBlZy1k
-ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYFdUIAIOFgLplbe7CHY0G3bQuCK8N
-Q+js2eLPxKNbeBhshcHDyNResAT+uHE7fQYRFUcETf5qqoPHyDptbG/o+onlGW8M
-vNwu6wTC3XiFjKjJKBRwyXYS31J+R/re2w+LiEI+OnekRhaQ/vbj1bbjREEQLtOv
-7086Oc6ZzMAsxjc6wGde4eJkhTQT8HYF6lU0Bsm4yeqCAcppfGv6OwZn8fyQ/L9i
-PaqFJFzs4C8PdRRdSQ7VifAcAAmyHNoRY611ZCbnJvoc7oEU44SVIKsryqRBunoX
-aAZ1eNwoI/Oz/uC/yK+S3oaAauZuUZFxgc0hqCxYLZF5TeRvF4Y8cPTTymTuVDM=
-=Hz9R
------END PGP SIGNATURE-----

ffmpeg-7.changes

@@ -1,3 +1,65 @@
+-------------------------------------------------------------------
+Wed Aug  7 07:37:24 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Update to version 7.0.2:
+  * avcodec/snow: Fix off by 1 error in run_buffer
+  * avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow
+  * avformat/iamf_parse: Check for 0 samples
+  * swscale: [loongarch] Fix checkasm-sw_yuv2rgb failure.
+  * avcodec/aacps_tablegen_template: don't redefine CONFIG_HARDCODED_TABLES
+  * avutil/hwcontext_vaapi: use the correct type for VASurfaceAttribExternalBuffers.buffers
+  * avcodec/pcm-bluray/dvd: Use correct pointer types on BE
+  * avcodec/pngenc: fix sBIT writing for indexed-color PNGs
+  * avcodec/pngdec: use 8-bit sBIT cap for indexed PNGs per spec
+  * avformat/mov: check that child boxes of trak are only present inside it
+  * avformat/mov: check that sample and chunk count is 1 for HEIF
+  * avcodec/videotoolboxenc: Fix bitrate doesn't work as expected
+  * avdevice/dshow: Don't skip audio devices if no video device is present
+  * avcodec/hdrenc: Allocate more space
+  * avcodec/cfhdenc: Height of 16 is not supported
+  * avcodec/cfhdenc: Allocate more space
+  * avcodec/osq: fix integer overflow when applying factor
+  * avcodec/osq: avoid using too large numbers for shifts and integers in update_residue_parameter()
+  * avcodec/hevcdec: fix segfault on invalid film grain metadata (CVE-2024-32228, bsc#1227277)
+  * avfilter/vf_tiltandshift: fix buffer offset for yuv422p input (CVE-2024-32229, bsc#1227295)
+  * avcodec/mpegvideo_enc: Fix 1 line and one column images (CVE-2024-32230, bsc#1227296)
+- Drop ffmpeg-7-CVE-2024-32228.patch:
+  The fix has been merged.
+- Drop ffmpeg-7-CVE-2024-32229.patch:
+  The fix has been merged.
+- Drop ffmpeg-7-CVE-2024-32230.patch:
+  The fix has been merged.
+
+-------------------------------------------------------------------
+Sat Aug  3 08:52:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-7-fix-crashes.patch:
+  Backporting 5b87869c from upstream, fix track handling when mixing
+  IAMF and video tracks, Fixes crashes when muxing the two together.
+
+-------------------------------------------------------------------
+Tue Jul  5 14:18:52 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-7-CVE-2024-32229.patch:
+  Backporting a528a54e from upstream, Fix buffer offset for yuv422p
+  input.
+  (CVE-2024-32229, bsc#1227295)
+
+-------------------------------------------------------------------
+Tue Jul  2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-7-CVE-2024-32230.patch:
+  Backporting 96449cfe from upstream, Fix 1 line and one column images.
+  (CVE-2024-32230, bsc#1227296)
+
+-------------------------------------------------------------------
+Tue Jul  2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-7-CVE-2024-32228.patch:
+  Backporting 45964876 from upstream, Fix segfault on invalid film
+  grain metadata.
+  (CVE-2024-32228, bsc#1227277)
+
 -------------------------------------------------------------------
 Sun Apr  7 11:39:41 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 

ffmpeg-7.spec

@@ -86,15 +86,13 @@
 %define _major_expected 8
 
 Name:           ffmpeg-7
-Version:        7.0
+Version:        7.0.2
 Release:        0
 Summary:        Set of libraries for working with various multimedia formats
 License:        GPL-3.0-or-later
 Group:          Productivity/Multimedia/Video/Editors and Convertors
-URL:            https://ffmpeg.org/
-
-#Freshcode-URL:    http://freshcode.club/projects/ffmpeg
 #Git-Clone:     git://source.ffmpeg.org/ffmpeg
+URL:            https://ffmpeg.org/
 Source:         https://www.ffmpeg.org/releases/%_name-%version.tar.xz
 Source2:        https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
 Source3:        ffmpeg-7-rpmlintrc
@@ -104,7 +102,6 @@ Source6:        ffmpeg-dlopen-headers.tar.xz
 Source92:       ffmpeg_get_dlopen_headers.sh
 Source98:       http://ffmpeg.org/ffmpeg-devel.asc#/ffmpeg-7.keyring
 Source99:       baselibs.conf
-
 Patch1:         ffmpeg-arm6l.diff
 Patch2:         ffmpeg-new-coder-errors.diff
 Patch3:         ffmpeg-codec-choice.diff
@@ -112,7 +109,7 @@ Patch4:         ffmpeg-4.2-dlopen-fdk_aac.patch
 Patch5:         work-around-abi-break.patch
 Patch10:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
-
+Patch95:        ffmpeg-7-fix-crashes.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel >= 3.98.3
@@ -825,6 +822,10 @@ Patch4:         ffmpeg-4.2-dlopen-fdk_aac.patch
 Patch5:         work-around-abi-break.patch
 Patch10:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
+Patch92:        ffmpeg-7-CVE-2024-32228.patch
+Patch93:        ffmpeg-7-CVE-2024-32230.patch
+Patch94:        ffmpeg-7-CVE-2024-32229.patch
+Patch95:        ffmpeg-7-fix-crashes.patch
 BuildRequires:  c_compiler
 Requires:       this-is-only-for-build-envs