Adjust bconds to build the package in SLFO without xvidcore

Backporting 3faadbe2 from upstream, Use 64bit for input size check,
Fixes: out of array read, Fixes: poc3.
(CVE-2024-7055, bsc#1229026)

0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch

@@ -0,0 +1,29 @@
+From 6f8e365a2af2b6b21701d41eed3b2e3f8a436eeb Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Wed, 31 Jul 2024 10:00:54 -0300
+Subject: [PATCH] avutil/hwcontext_vaapi: use the correct type for
+ VASurfaceAttribExternalBuffers.buffers
+
+Should fix ticket #11115.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavutil/hwcontext_vaapi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavutil/hwcontext_vaapi.c b/libavutil/hwcontext_vaapi.c
+index 4cb25dd032..15fd84aa40 100644
+--- a/libavutil/hwcontext_vaapi.c
++++ b/libavutil/hwcontext_vaapi.c
+@@ -1225,7 +1225,7 @@ static int vaapi_map_from_drm(AVHWFramesContext *src_fc, AVFrame *dst,
+ 
+     if (!use_prime2 || vas != VA_STATUS_SUCCESS) {
+         int k;
+-        unsigned long buffer_handle;
++        uintptr_t buffer_handle;
+         VASurfaceAttribExternalBuffers buffer_desc;
+         VASurfaceAttrib buffer_attrs[2] = {
+             {
+-- 
+2.46.0
+

0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch

@@ -0,0 +1,58 @@
+From 654bd47716c4f36719fb0f3f7fd8386d5ed0b916 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Fri, 9 Aug 2024 11:32:00 +0100
+Subject: [PATCH] libavcodec/arm/mlpdsp_armv5te: fix label format to work with
+ binutils 2.43
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+binutils 2.43 has stricter validation for labels[1] and results in errors
+when building ffmpeg for armv5:
+
+src/libavcodec/arm/mlpdsp_armv5te.S:232: Error: junk at end of line, first unrecognized character is `0'
+
+Remove the leading zero in the "01" label to resolve this error.
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=226749d5a6ff0d5c607d6428d6c81e1e7e7a994b
+
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+Signed-off-by: Martin Storsjö <martin@martin.st>
+---
+ libavcodec/arm/mlpdsp_armv5te.S | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libavcodec/arm/mlpdsp_armv5te.S b/libavcodec/arm/mlpdsp_armv5te.S
+index 4f9aa485fd..d31568611c 100644
+--- a/libavcodec/arm/mlpdsp_armv5te.S
++++ b/libavcodec/arm/mlpdsp_armv5te.S
+@@ -229,7 +229,7 @@ A .endif
+   .endif
+ 
+         // Begin loop
+-01:
++1:
+   .if TOTAL_TAPS == 0
+         // Things simplify a lot in this case
+         // In fact this could be pipelined further if it's worth it...
+@@ -241,7 +241,7 @@ A .endif
+         str     ST0, [PST, #-4]!
+         str     ST0, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
+         str     ST0, [PSAMP], #4 * MAX_CHANNELS
+-        bne     01b
++        bne     1b
+   .else
+     .if \fir_taps & 1
+       .set LOAD_REG, 1
+@@ -333,7 +333,7 @@ T       orr     AC0, AC0, AC1
+         str     ST3, [PST, #-4]!
+         str     ST2, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
+         str     ST3, [PSAMP], #4 * MAX_CHANNELS
+-        bne     01b
++        bne     1b
+   .endif
+         b       99f
+ 
+-- 
+2.46.0
+

ffmpeg-5-CVE-2024-32228.patch

@@ -1,66 +0,0 @@
-From 459648761f5412acdc3317d5bac982ceaa257584
-Author: Niklas Haas <git@haasn.dev>
-Date: Sat Apr 6 13:11:09 2024 +0200
-Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
-References: CVE-2024-32228
-References: bsc#1227277
-Upstream: Backport from upstream
-
-Invalid input files may contain film grain metadata which survives
-ff_h274_film_grain_params_supported() but does not pass
-av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
-
-Fix this by duplicating the av_film_grain_params_select() check at frame
-init time.
-
-An alternative solution here would be to defer the incompatibility check
-to hevc_frame_end(), but this has the downside of allocating a film
-grain buffer even when we already know we can't apply film grain.
-
-Fixes: https://trac.ffmpeg.org/ticket/10951
-
---- ffmpeg-5.1.4/libavcodec/hevcdec.c
-+++ ffmpeg-5.1.4_new/libavcodec/hevcdec.c
-@@ -3035,12 +3035,29 @@
-         goto fail;
-     }
- 
--    s->ref->frame->key_frame = IS_IRAP(s);
-+    if (IS_IRAP(s))
-+        s->ref->frame->flags |= AV_FRAME_FLAG_KEY;
-+    else
-+        s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY;
- 
--    s->ref->needs_fg = s->sei.film_grain_characteristics.present &&
-+    s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present ||
-+                        s->sei.common.aom_film_grain.enable) &&
-         !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
-         !s->avctx->hwaccel;
- 
-+    ret = set_side_data(s);
-+    if (ret < 0)
-+        goto fail;
-+
-+    if (s->ref->needs_fg &&
-+        ( s->sei.common.film_grain_characteristics.present &&
-+          !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
-+                                             s->ref->frame->format))
-+          || !av_film_grain_params_select(s->ref->frame)) {
-+        av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
-+                    "Unsupported film grain parameters. Ignoring film grain.\n");
-+        s->ref->needs_fg = 0;
-+    }
-     if (s->ref->needs_fg) {
-         s->ref->frame_grain->format = s->ref->frame->format;
-         s->ref->frame_grain->width = s->ref->frame->width;
-@@ -3049,10 +3066,6 @@
-             goto fail;
-     }
- 
--    ret = set_side_data(s);
--    if (ret < 0)
--        goto fail;
--
-     s->frame->pict_type = 3 - s->sh.slice_type;
- 
-     if (!IS_IRAP(s))

ffmpeg-5-CVE-2024-7055.patch

@@ -0,0 +1,29 @@
+From 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 18 Jul 2024 21:12:54 +0200
+Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
+References: CVE-2024-7055
+References: bsc#1229026
+Upstream: Backport from upstream
+
+Fixes: out of array read
+Fixes: poc3
+
+Reported-by: VulDB CNA Team
+Found-by: CookedMelon
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavcodec/pnmdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- ffmpeg-5.1.4/libavcodec/pnmdec.c
++++ ffmpeg-5.1.4_new/libavcodec/pnmdec.c
+@@ -260,7 +260,7 @@
+         break;
+     case AV_PIX_FMT_GBRPF32:
+         if (!s->half) {
+-        if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
++        if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
+             return AVERROR_INVALIDDATA;
+         scale = 1.f / s->scale;
+         if (s->endian) {

ffmpeg-5-CVE-2024-7272.patch

@@ -0,0 +1,114 @@
+From 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Thu, 8 Sep 2022 19:43:03 -0300
+Subject: [PATCH] swsresample/swresample: error out on invalid layouts
+References: CVE-2024-7272
+References: bsc#1229261
+Upstream: Backport from upstream
+
+If it's unsupported or invalid, then there's no point trying to rebuild it
+using a value that may have been derived from the same layout to begin with.
+
+Move the checks before the attempts at copying the layout while at it.
+
+Fixes ticket #9908.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libswresample/swresample.c | 48 +++++++++++++++++++++++++-------------
+ 1 file changed, 32 insertions(+), 16 deletions(-)
+
+diff --git a/libswresample/swresample.c b/libswresample/swresample.c
+index 6f04d130d3..5884f8d533 100644
+--- a/libswresample/swresample.c
++++ b/libswresample/swresample.c
+@@ -227,7 +227,7 @@ av_cold int swr_init(struct SwrContext *s){
+             s->in_ch_layout.order       = AV_CHANNEL_ORDER_UNSPEC;
+             s->in_ch_layout.nb_channels = s->user_in_ch_count;
+         }
+-    } else
++    } else if (av_channel_layout_check(&s->user_in_chlayout))
+         av_channel_layout_copy(&s->in_ch_layout, &s->user_in_chlayout);
+ 
+     if ((s->user_out_ch_count && s->user_out_ch_count != s->user_out_chlayout.nb_channels) ||
+@@ -240,17 +240,45 @@ av_cold int swr_init(struct SwrContext *s){
+             s->out_ch_layout.order       = AV_CHANNEL_ORDER_UNSPEC;
+             s->out_ch_layout.nb_channels = s->user_out_ch_count;
+         }
+-    } else
++    } else if (av_channel_layout_check(&s->user_out_chlayout))
+         av_channel_layout_copy(&s->out_ch_layout, &s->user_out_chlayout);
+ 
+     if (!s->out.ch_count && !s->user_out_ch_layout)
+         s->out.ch_count  = s->out_ch_layout.nb_channels;
+     if (!s-> in.ch_count && !s-> user_in_ch_layout)
+         s-> in.ch_count  = s->in_ch_layout.nb_channels;
++
++    if (!(ret = av_channel_layout_check(&s->in_ch_layout)) || s->in_ch_layout.nb_channels > SWR_CH_MAX) {
++        if (ret)
++            av_channel_layout_describe(&s->in_ch_layout, l1, sizeof(l1));
++        av_log(s, AV_LOG_WARNING, "Input channel layout \"%s\" is invalid or unsupported.\n", ret ? l1 : "");
++        return AVERROR(EINVAL);
++    }
++
++    if (!(ret = av_channel_layout_check(&s->out_ch_layout)) || s->out_ch_layout.nb_channels > SWR_CH_MAX) {
++        if (ret)
++            av_channel_layout_describe(&s->out_ch_layout, l2, sizeof(l2));
++        av_log(s, AV_LOG_WARNING, "Output channel layout \"%s\" is invalid or unsupported.\n", ret ? l2 : "");
++        return AVERROR(EINVAL);
++    }
+ #else
+     s->out.ch_count  = s-> user_out_chlayout.nb_channels;
+     s-> in.ch_count  = s->  user_in_chlayout.nb_channels;
+ 
++    if (!(ret = av_channel_layout_check(&s->user_in_chlayout)) || s->user_in_chlayout.nb_channels > SWR_CH_MAX) {
++        if (ret)
++            av_channel_layout_describe(&s->user_in_chlayout, l1, sizeof(l1));
++        av_log(s, AV_LOG_WARNING, "Input channel layout \"%s\" is invalid or unsupported.\n", ret ? l1 : "");
++        return AVERROR(EINVAL);
++    }
++
++    if (!(ret = av_channel_layout_check(&s->user_out_chlayout)) || s->user_out_chlayout.nb_channels > SWR_CH_MAX) {
++        if (ret)
++            av_channel_layout_describe(&s->user_out_chlayout, l2, sizeof(l2));
++        av_log(s, AV_LOG_WARNING, "Output channel layout \"%s\" is invalid or unsupported.\n", ret ? l2 : "");
++        return AVERROR(EINVAL);
++    }
++
+     ret  = av_channel_layout_copy(&s->in_ch_layout, &s->user_in_chlayout);
+     ret |= av_channel_layout_copy(&s->out_ch_layout, &s->user_out_chlayout);
+     if (ret < 0)
+@@ -261,18 +289,6 @@ av_cold int swr_init(struct SwrContext *s){
+ 
+     s->dither.method = s->user_dither_method;
+ 
+-    if (!av_channel_layout_check(&s->in_ch_layout) || s->in_ch_layout.nb_channels > SWR_CH_MAX) {
+-        av_channel_layout_describe(&s->in_ch_layout, l1, sizeof(l1));
+-        av_log(s, AV_LOG_WARNING, "Input channel layout \"%s\" is invalid or unsupported.\n", l1);
+-        av_channel_layout_uninit(&s->in_ch_layout);
+-    }
+-
+-    if (!av_channel_layout_check(&s->out_ch_layout) || s->out_ch_layout.nb_channels > SWR_CH_MAX) {
+-        av_channel_layout_describe(&s->out_ch_layout, l2, sizeof(l2));
+-        av_log(s, AV_LOG_WARNING, "Output channel layout \"%s\" is invalid or unsupported.\n", l2);
+-        av_channel_layout_uninit(&s->out_ch_layout);
+-    }
+-
+     switch(s->engine){
+ #if CONFIG_LIBSOXR
+         case SWR_ENGINE_SOXR: s->resampler = &swri_soxr_resampler; break;
+@@ -291,9 +307,9 @@ av_cold int swr_init(struct SwrContext *s){
+         av_channel_layout_uninit(&s->in_ch_layout);
+     }
+ 
+-    if (!s->in_ch_layout.nb_channels || s->in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC)
++    if (s->in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC)
+         av_channel_layout_default(&s->in_ch_layout, s->used_ch_count);
+-    if (!s->out_ch_layout.nb_channels || s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC)
++    if (s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC)
+         av_channel_layout_default(&s->out_ch_layout, s->out.ch_count);
+ 
+     s->rematrix = av_channel_layout_compare(&s->out_ch_layout, &s->in_ch_layout) ||
+-- 
+2.41.0
+

ffmpeg-5.changes

@@ -1,3 +1,46 @@
+-------------------------------------------------------------------
+Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Adjust bconds to build the package in SLFO without xvidcore.
+
+-------------------------------------------------------------------
+Fri Sep  6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-7055.patch:
+  Backporting 3faadbe2 from upstream, Use 64bit for input size check,
+  Fixes: out of array read, Fixes: poc3.
+  (CVE-2024-7055, bsc#1229026)
+
+-------------------------------------------------------------------
+Sun Sep  1 18:04:27 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+  [boo#1229338]
+- Add 0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch
+  (resolve FTBFS on i586)
+
+-------------------------------------------------------------------
+Sun Aug 18 01:42:12 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-7272.patch:
+  Backporting 9903ba28 from upstream, error out on invalid layouts,
+  * If it's unsupported or invalid, then there's no point trying to
+  rebuild it using a value that may have been derived from the same
+  layout to begin with.
+  * Move the checks before the attempts at copying the layout while
+  at it.
+  (CVE-2024-7272, bsc#1229261)
+
+-------------------------------------------------------------------
+Thu Aug 15 09:56:01 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Remove ffmpeg-5-CVE-2024-32228.patch as it adds/modifies code
+  which fails to build with BUILD_ORIG=1. (`HEVCSEI` has no
+  member named `common`; implicit declaration of function
+  `ff_h274_film_grain_params_supported`,
+  `av_film_grain_params_select`; `HEVCContext` has no member
+  named `film_grain_warning_shown`)
+
 -------------------------------------------------------------------
 Tue Jul  2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
@@ -13,25 +56,12 @@ Tue Jul  2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
   grain metadata.
   (CVE-2024-32228, bsc#1227277)
 
--------------------------------------------------------------------
-Tue Jul  2 11:28:10 UTC 2024 - Cliff Zhao <qzhao@suse.com>
-
-- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number)
-  ffmpeg-4.4-CVE-2020-22046.patch
-  ffmpeg-5-CVE-2023-50007.patch
-  ffmpeg-5-CVE-2023-50008.patch
-  ffmpeg-5-CVE-2023-49502.patch
-  ffmpeg-5-CVE-2023-51793.patch
-  ffmpeg-5-CVE-2023-50009.patch
-  ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
-  ffmpeg-5-CVE-2023-50010.patch
-
 -------------------------------------------------------------------
 Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50010.patch:
   Backporting e4d2666b from upstream, fixes the out of array access.
-  (CVE-2023-50010 bsc#1223256)
+  (CVE-2023-50010, bsc#1223256)
 
 -------------------------------------------------------------------
 Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@@ -45,22 +75,22 @@ Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-CVE-2023-50009.patch:
   Backporting c443658d from upstream, Fix small inputs with
    gaussian_blur().
-  (CVE-2023-50009 bsc#1223255)
+  (CVE-2023-50009, bsc#1223255)
 
 -------------------------------------------------------------------
 Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
-- Add ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch:
+- Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch:
   Backporting cf1f5744 from upstream, Templatify function
   ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009.
-  (CVE-2023-50009 bsc#1223255)
+  (CVE-2023-50009, bsc#1223255)
 
 -------------------------------------------------------------------
 Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-51793.patch:
   Backporting 0ecc1f0e from upstream, Fix odd height handling.
-  (CVE-2023-51793 bsc#1223272)
+  (CVE-2023-51793, bsc#1223272)
 
 -------------------------------------------------------------------
 Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -68,21 +98,21 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-CVE-2023-49502.patch:
   Backporting 737ede40 from upstream, account for chroma sub-sampling
   in min size calculation.
-  (CVE-2023-49502 bsc#1223235)
+  (CVE-2023-49502, bsc#1223235)
 
 -------------------------------------------------------------------
 Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50008.patch:
   Backporting 5f87a68c from upstream, Fix memory leaks.
-  (CVE-2023-50008 bsc#1223254)
+  (CVE-2023-50008, bsc#1223254)
 
 -------------------------------------------------------------------
 Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50007.patch:
   Backporting b1942734 from upstream, Fix crash with EOF handling.
-  (CVE-2023-50007 bsc#1223253)
+  (CVE-2023-50007, bsc#1223253)
 
 -------------------------------------------------------------------
 Mon Apr 22 23:10:31 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

ffmpeg-5.spec

@@ -17,9 +17,6 @@
 
 
 %define flavor @BUILD_FLAVOR@%{nil}
-#
-# preamble is present twice, watch out
-#
 %if "%{flavor}" != "ffmpeg-5-mini"
 
 # Create proper conflicts to make sure we require all from one version
@@ -64,7 +61,7 @@
 %bcond_with    x265
 %bcond_with    xvid
 
-%if 0%{?suse_version} > 1500
+%if 0%{?suse_version} > 1600
 %bcond_without mysofa
 %bcond_without vidstab
 %bcond_without codec2
@@ -74,12 +71,22 @@
 %bcond_without opencore
 %bcond_without xvid
 %else
+%if 0%{?suse_version} > 1500
+%bcond_without mysofa
+%bcond_without vidstab
+%bcond_without codec2
+%bcond_without rubberband
+%bcond_without vulkan
+%bcond_without amrwb
+%bcond_without opencore
+%else
 %bcond_with mysofa
 %bcond_with vidstab
 %bcond_with codec2
 %bcond_with rubberband
 %bcond_with vulkan
 %endif
+%endif
 
 %define _name ffmpeg
 %define _major_version 5
@@ -107,7 +114,7 @@ Patch2:         ffmpeg-new-coder-errors.diff
 Patch3:         ffmpeg-codec-choice.diff
 Patch4:         ffmpeg-4.2-dlopen-fdk_aac.patch
 Patch5:         work-around-abi-break.patch
-Patch9:         ffmpeg-4-CVE-2020-22046.patch
+Patch9:         ffmpeg-4.4-CVE-2020-22046.patch
 Patch10:        0001-avfilter-af_dialoguenhance-fix-overreads.patch
 Patch11:        0001-avfilter-af_dialoguenhance-simplify-channels-copy.patch
 Patch12:        0001-avfilter-af_dialoguenhance-do-output-scaling-once.patch
@@ -116,18 +123,24 @@ Patch14:        0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
 Patch15:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch16:        0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
 Patch17:        0001-avfilter-af_stereowiden-Check-length.patch
+Patch18:        0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+Patch19:        0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch93:        soname.diff
-Patch94:        ffmpeg-5-CVE-2023-50007.patch
+Patch94:        ffmpeg-CVE-2023-50007.patch
-Patch95:        ffmpeg-5-CVE-2023-50008.patch
+Patch95:        ffmpeg-CVE-2023-50008.patch
-Patch96:        ffmpeg-5-CVE-2023-49502.patch
+Patch96:        ffmpeg-CVE-2023-49502.patch
-Patch97:        ffmpeg-5-CVE-2023-51793.patch
+Patch97:        ffmpeg-CVE-2023-51793.patch
-Patch98:        ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch
+Patch98:        ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
-Patch99:        ffmpeg-5-CVE-2023-50009.patch
+Patch99:        ffmpeg-CVE-2023-50009.patch
-Patch100:       ffmpeg-5-CVE-2023-50010.patch
+Patch100:       ffmpeg-CVE-2023-50010.patch
-Patch101:       ffmpeg-5-CVE-2024-32228.patch
 Patch102:       ffmpeg-5-CVE-2024-32230.patch
+Patch103:       ffmpeg-5-CVE-2024-7272.patch
+Patch104:       ffmpeg-5-CVE-2024-7055.patch
+#
+# preamble is present twice, watch out
+#
 %if %{with amf_sdk}
 BuildRequires:  AMF-devel
 %endif
@@ -852,17 +865,20 @@ Patch14:        0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
 Patch15:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch16:        0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
 Patch17:        0001-avfilter-af_stereowiden-Check-length.patch
+Patch18:        0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+Patch19:        0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch93:        soname.diff
-# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50007.patch CVE-2023-50007 bsc#1223253 qzhao@suse.com -- Fix crash with EOF handling.
 Patch94:        ffmpeg-CVE-2023-50007.patch
-# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50008.patch CVE-2023-50008 bsc#1223254 qzhao@suse.com -- Fix memory leaks.
 Patch95:        ffmpeg-CVE-2023-50008.patch
-# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-49502.patch CVE-2023-49502 bsc#1223235 qzhao@suse.com -- Account for chroma sub-sampling in min size calculation.
 Patch96:        ffmpeg-CVE-2023-49502.patch
-# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-51793.patch CVE-2023-51793 bsc#1223272 qzhao@suse.com -- Fix odd height handling.
 Patch97:        ffmpeg-CVE-2023-51793.patch
+Patch98:        ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
+Patch99:        ffmpeg-CVE-2023-50009.patch
+Patch100:       ffmpeg-CVE-2023-50010.patch
+Patch102:       ffmpeg-5-CVE-2024-32230.patch
+Patch103:       ffmpeg-5-CVE-2024-7272.patch
 BuildRequires:  c_compiler
 Requires:       this-is-only-for-build-envs
 

ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch

@@ -1,14 +1,16 @@
 commit cf1f57443158bcbe84a213e8dc631a302993f9a2
 Author: Thilo Borgmann <thilo.borgmann@mail.de>
 Date:   Mon Jul 18 16:09:46 2022 +0200
-Subject: lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel
 References: CVE-2023-50009
-References: bsc#1172423
+References: https://bugzilla.opensuse.org/1172423
-Upstream: Backport from upstream
 
-Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur
+lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel
-and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao
 
+[Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur
+and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao]
+
+diff --git a/libavfilter/edge_common.c b/libavfilter/edge_common.c
+index d72e8521cd..ebd47d7c53 100644
 --- a/libavfilter/edge_common.c
 +++ b/libavfilter/edge_common.c
 @@ -46,33 +46,13 @@ static int get_rounded_direction(int gx, int gy)
@@ -310,3 +312,4 @@ index 90390ceb3e..603f06f141 100644
           * ignore the rest, so we need a clean output buffer */
 -- 
 2.41.0
+