Sync latest version from jengelh

2025-03-12 20:08:08 +01:00
parent 5c7421cca2
commit 0751aee58c
2 changed files with 66 additions and 17 deletions
--- a/ffmpeg-5.changes
+++ b/ffmpeg-5.changes
@@ -1,13 +1,45 @@
+-------------------------------------------------------------------
+Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Adjust bconds to build the package in SLFO without xvidcore.
+
+-------------------------------------------------------------------
+Fri Sep  6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-7055.patch:
+  Backporting 3faadbe2 from upstream, Use 64bit for input size check,
+  Fixes: out of array read, Fixes: poc3.
+  (CVE-2024-7055, bsc#1229026)
+
+-------------------------------------------------------------------
+Sun Sep  1 18:04:27 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+  [boo#1229338]
+- Add 0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch
+  (resolve FTBFS on i586)
+
+-------------------------------------------------------------------
+Sun Aug 18 01:42:12 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-7272.patch:
+  Backporting 9903ba28 from upstream, error out on invalid layouts,
+  * If it's unsupported or invalid, then there's no point trying to
+  rebuild it using a value that may have been derived from the same
+  layout to begin with.
+  * Move the checks before the attempts at copying the layout while
+  at it.
+  (CVE-2024-7272, bsc#1229261)
+
 -------------------------------------------------------------------
 Thu Aug 15 09:56:01 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
+
 - Remove ffmpeg-5-CVE-2024-32228.patch as it adds/modifies code
-  which does not build on Packman. Following errors are generated:
-  * AV_FRAME_FLAG_KEY undeclared
-  * 'HEVCSEI' has no member named 'common'
-  * implicit declaration of function 'ff_h274_film_grain_params_supported'
-  * implicit declaration of function 'av_film_grain_params_select'
-  * 'HEVCContext' has no member named 'film_grain_warning_shown'
- Renumber patches
+  which fails to build with BUILD_ORIG=1. (`HEVCSEI` has no
+  member named `common`; implicit declaration of function
+  `ff_h274_film_grain_params_supported`,
+  `av_film_grain_params_select`; `HEVCContext` has no member
+  named `film_grain_warning_shown`)

 -------------------------------------------------------------------
 Tue Jul  2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -29,7 +61,7 @@ Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>

 - Add ffmpeg-CVE-2023-50010.patch:
  Backporting e4d2666b from upstream, fixes the out of array access.
-  (CVE-2023-50010 bsc#1223256)
+  (CVE-2023-50010, bsc#1223256)

 -------------------------------------------------------------------
 Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@@ -43,7 +75,7 @@ Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-CVE-2023-50009.patch:
  Backporting c443658d from upstream, Fix small inputs with
   gaussian_blur().
-  (CVE-2023-50009 bsc#1223255)
+  (CVE-2023-50009, bsc#1223255)

 -------------------------------------------------------------------
 Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -51,14 +83,14 @@ Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch:
  Backporting cf1f5744 from upstream, Templatify function
  ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009.
-  (CVE-2023-50009 bsc#1223255)
+  (CVE-2023-50009, bsc#1223255)

 -------------------------------------------------------------------
 Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>

 - Add ffmpeg-CVE-2023-51793.patch:
  Backporting 0ecc1f0e from upstream, Fix odd height handling.
-  (CVE-2023-51793 bsc#1223272)
+  (CVE-2023-51793, bsc#1223272)

 -------------------------------------------------------------------
 Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -66,21 +98,21 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-CVE-2023-49502.patch:
  Backporting 737ede40 from upstream, account for chroma sub-sampling
  in min size calculation.
-  (CVE-2023-49502 bsc#1223235)
+  (CVE-2023-49502, bsc#1223235)

 -------------------------------------------------------------------
 Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>

 - Add ffmpeg-CVE-2023-50008.patch:
  Backporting 5f87a68c from upstream, Fix memory leaks.
-  (CVE-2023-50008 bsc#1223254)
+  (CVE-2023-50008, bsc#1223254)

 -------------------------------------------------------------------
 Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qzhao@suse.com>

 - Add ffmpeg-CVE-2023-50007.patch:
  Backporting b1942734 from upstream, Fix crash with EOF handling.
-  (CVE-2023-50007 bsc#1223253)
+  (CVE-2023-50007, bsc#1223253)

 -------------------------------------------------------------------
 Mon Apr 22 23:10:31 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
--- a/ffmpeg-5.spec
+++ b/ffmpeg-5.spec
@@ -61,7 +61,7 @@
 %bcond_with    x265
 %bcond_with    xvid

-%if 0%{?suse_version} > 1500
+%if 0%{?suse_version} > 1600
 %bcond_without mysofa
 %bcond_without vidstab
 %bcond_without codec2
@@ -71,12 +71,22 @@
 %bcond_without opencore
 %bcond_without xvid
 %else
+%if 0%{?suse_version} > 1500
+%bcond_without mysofa
+%bcond_without vidstab
+%bcond_without codec2
+%bcond_without rubberband
+%bcond_without vulkan
+%bcond_without amrwb
+%bcond_without opencore
+%else
 %bcond_with mysofa
 %bcond_with vidstab
 %bcond_with codec2
 %bcond_with rubberband
 %bcond_with vulkan
 %endif
+%endif

 %define _name ffmpeg
 %define _major_version 5
@@ -113,6 +123,8 @@ Patch14:        0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
 Patch15:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch16:        0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
 Patch17:        0001-avfilter-af_stereowiden-Check-length.patch
+Patch18:        0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+Patch19:        0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch93:        soname.diff
@@ -123,7 +135,9 @@ Patch97:        ffmpeg-CVE-2023-51793.patch
 Patch98:        ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
 Patch99:        ffmpeg-CVE-2023-50009.patch
 Patch100:       ffmpeg-CVE-2023-50010.patch
-Patch101:       ffmpeg-5-CVE-2024-32230.patch
+Patch102:       ffmpeg-5-CVE-2024-32230.patch
+Patch103:       ffmpeg-5-CVE-2024-7272.patch
+Patch104:       ffmpeg-5-CVE-2024-7055.patch
 #
 # preamble is present twice, watch out
 #
@@ -851,6 +865,8 @@ Patch14:        0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
 Patch15:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch16:        0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
 Patch17:        0001-avfilter-af_stereowiden-Check-length.patch
+Patch18:        0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+Patch19:        0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch93:        soname.diff
@@ -861,7 +877,8 @@ Patch97:        ffmpeg-CVE-2023-51793.patch
 Patch98:        ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
 Patch99:        ffmpeg-CVE-2023-50009.patch
 Patch100:       ffmpeg-CVE-2023-50010.patch
-Patch101:       ffmpeg-5-CVE-2024-32230.patch
+Patch102:       ffmpeg-5-CVE-2024-32230.patch
+Patch103:       ffmpeg-5-CVE-2024-7272.patch
 BuildRequires:  c_compiler
 Requires:       this-is-only-for-build-envs