Adjust bconds to build the package in SLFO without xvidcore

Backporting 3faadbe2 from upstream, Use 64bit for input size check,
Fixes: out of array read, Fixes: poc3.
(CVE-2024-7055, bsc#1229026)

0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch

@@ -0,0 +1,29 @@
+From 6f8e365a2af2b6b21701d41eed3b2e3f8a436eeb Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Wed, 31 Jul 2024 10:00:54 -0300
+Subject: [PATCH] avutil/hwcontext_vaapi: use the correct type for
+ VASurfaceAttribExternalBuffers.buffers
+
+Should fix ticket #11115.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavutil/hwcontext_vaapi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavutil/hwcontext_vaapi.c b/libavutil/hwcontext_vaapi.c
+index 4cb25dd032..15fd84aa40 100644
+--- a/libavutil/hwcontext_vaapi.c
++++ b/libavutil/hwcontext_vaapi.c
+@@ -1225,7 +1225,7 @@ static int vaapi_map_from_drm(AVHWFramesContext *src_fc, AVFrame *dst,
+ 
+     if (!use_prime2 || vas != VA_STATUS_SUCCESS) {
+         int k;
+-        unsigned long buffer_handle;
++        uintptr_t buffer_handle;
+         VASurfaceAttribExternalBuffers buffer_desc;
+         VASurfaceAttrib buffer_attrs[2] = {
+             {
+-- 
+2.46.0
+

0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch

@@ -0,0 +1,58 @@
+From 654bd47716c4f36719fb0f3f7fd8386d5ed0b916 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Fri, 9 Aug 2024 11:32:00 +0100
+Subject: [PATCH] libavcodec/arm/mlpdsp_armv5te: fix label format to work with
+ binutils 2.43
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+binutils 2.43 has stricter validation for labels[1] and results in errors
+when building ffmpeg for armv5:
+
+src/libavcodec/arm/mlpdsp_armv5te.S:232: Error: junk at end of line, first unrecognized character is `0'
+
+Remove the leading zero in the "01" label to resolve this error.
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=226749d5a6ff0d5c607d6428d6c81e1e7e7a994b
+
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+Signed-off-by: Martin Storsjö <martin@martin.st>
+---
+ libavcodec/arm/mlpdsp_armv5te.S | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libavcodec/arm/mlpdsp_armv5te.S b/libavcodec/arm/mlpdsp_armv5te.S
+index 4f9aa485fd..d31568611c 100644
+--- a/libavcodec/arm/mlpdsp_armv5te.S
++++ b/libavcodec/arm/mlpdsp_armv5te.S
+@@ -229,7 +229,7 @@ A .endif
+   .endif
+ 
+         // Begin loop
+-01:
++1:
+   .if TOTAL_TAPS == 0
+         // Things simplify a lot in this case
+         // In fact this could be pipelined further if it's worth it...
+@@ -241,7 +241,7 @@ A .endif
+         str     ST0, [PST, #-4]!
+         str     ST0, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
+         str     ST0, [PSAMP], #4 * MAX_CHANNELS
+-        bne     01b
++        bne     1b
+   .else
+     .if \fir_taps & 1
+       .set LOAD_REG, 1
+@@ -333,7 +333,7 @@ T       orr     AC0, AC0, AC1
+         str     ST3, [PST, #-4]!
+         str     ST2, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
+         str     ST3, [PSAMP], #4 * MAX_CHANNELS
+-        bne     01b
++        bne     1b
+   .endif
+         b       99f
+ 
+-- 
+2.46.0
+

ffmpeg-5-CVE-2024-7055.patch

@@ -0,0 +1,29 @@
+From 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 18 Jul 2024 21:12:54 +0200
+Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
+References: CVE-2024-7055
+References: bsc#1229026
+Upstream: Backport from upstream
+
+Fixes: out of array read
+Fixes: poc3
+
+Reported-by: VulDB CNA Team
+Found-by: CookedMelon
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavcodec/pnmdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- ffmpeg-5.1.4/libavcodec/pnmdec.c
++++ ffmpeg-5.1.4_new/libavcodec/pnmdec.c
+@@ -260,7 +260,7 @@
+         break;
+     case AV_PIX_FMT_GBRPF32:
+         if (!s->half) {
+-        if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
++        if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
+             return AVERROR_INVALIDDATA;
+         scale = 1.f / s->scale;
+         if (s->endian) {

ffmpeg-5-CVE-2024-7272.patch

@@ -0,0 +1,114 @@
+From 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Thu, 8 Sep 2022 19:43:03 -0300
+Subject: [PATCH] swsresample/swresample: error out on invalid layouts
+References: CVE-2024-7272
+References: bsc#1229261
+Upstream: Backport from upstream
+
+If it's unsupported or invalid, then there's no point trying to rebuild it
+using a value that may have been derived from the same layout to begin with.
+
+Move the checks before the attempts at copying the layout while at it.
+
+Fixes ticket #9908.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libswresample/swresample.c | 48 +++++++++++++++++++++++++-------------
+ 1 file changed, 32 insertions(+), 16 deletions(-)
+
+diff --git a/libswresample/swresample.c b/libswresample/swresample.c
+index 6f04d130d3..5884f8d533 100644
+--- a/libswresample/swresample.c
++++ b/libswresample/swresample.c
+@@ -227,7 +227,7 @@ av_cold int swr_init(struct SwrContext *s){
+             s->in_ch_layout.order       = AV_CHANNEL_ORDER_UNSPEC;
+             s->in_ch_layout.nb_channels = s->user_in_ch_count;
+         }
+-    } else
++    } else if (av_channel_layout_check(&s->user_in_chlayout))
+         av_channel_layout_copy(&s->in_ch_layout, &s->user_in_chlayout);
+ 
+     if ((s->user_out_ch_count && s->user_out_ch_count != s->user_out_chlayout.nb_channels) ||
+@@ -240,17 +240,45 @@ av_cold int swr_init(struct SwrContext *s){
+             s->out_ch_layout.order       = AV_CHANNEL_ORDER_UNSPEC;
+             s->out_ch_layout.nb_channels = s->user_out_ch_count;
+         }
+-    } else
++    } else if (av_channel_layout_check(&s->user_out_chlayout))
+         av_channel_layout_copy(&s->out_ch_layout, &s->user_out_chlayout);
+ 
+     if (!s->out.ch_count && !s->user_out_ch_layout)
+         s->out.ch_count  = s->out_ch_layout.nb_channels;
+     if (!s-> in.ch_count && !s-> user_in_ch_layout)
+         s-> in.ch_count  = s->in_ch_layout.nb_channels;
++
++    if (!(ret = av_channel_layout_check(&s->in_ch_layout)) || s->in_ch_layout.nb_channels > SWR_CH_MAX) {
++        if (ret)
++            av_channel_layout_describe(&s->in_ch_layout, l1, sizeof(l1));
++        av_log(s, AV_LOG_WARNING, "Input channel layout \"%s\" is invalid or unsupported.\n", ret ? l1 : "");
++        return AVERROR(EINVAL);
++    }
++
++    if (!(ret = av_channel_layout_check(&s->out_ch_layout)) || s->out_ch_layout.nb_channels > SWR_CH_MAX) {
++        if (ret)
++            av_channel_layout_describe(&s->out_ch_layout, l2, sizeof(l2));
++        av_log(s, AV_LOG_WARNING, "Output channel layout \"%s\" is invalid or unsupported.\n", ret ? l2 : "");
++        return AVERROR(EINVAL);
++    }
+ #else
+     s->out.ch_count  = s-> user_out_chlayout.nb_channels;
+     s-> in.ch_count  = s->  user_in_chlayout.nb_channels;
+ 
++    if (!(ret = av_channel_layout_check(&s->user_in_chlayout)) || s->user_in_chlayout.nb_channels > SWR_CH_MAX) {
++        if (ret)
++            av_channel_layout_describe(&s->user_in_chlayout, l1, sizeof(l1));
++        av_log(s, AV_LOG_WARNING, "Input channel layout \"%s\" is invalid or unsupported.\n", ret ? l1 : "");
++        return AVERROR(EINVAL);
++    }
++
++    if (!(ret = av_channel_layout_check(&s->user_out_chlayout)) || s->user_out_chlayout.nb_channels > SWR_CH_MAX) {
++        if (ret)
++            av_channel_layout_describe(&s->user_out_chlayout, l2, sizeof(l2));
++        av_log(s, AV_LOG_WARNING, "Output channel layout \"%s\" is invalid or unsupported.\n", ret ? l2 : "");
++        return AVERROR(EINVAL);
++    }
++
+     ret  = av_channel_layout_copy(&s->in_ch_layout, &s->user_in_chlayout);
+     ret |= av_channel_layout_copy(&s->out_ch_layout, &s->user_out_chlayout);
+     if (ret < 0)
+@@ -261,18 +289,6 @@ av_cold int swr_init(struct SwrContext *s){
+ 
+     s->dither.method = s->user_dither_method;
+ 
+-    if (!av_channel_layout_check(&s->in_ch_layout) || s->in_ch_layout.nb_channels > SWR_CH_MAX) {
+-        av_channel_layout_describe(&s->in_ch_layout, l1, sizeof(l1));
+-        av_log(s, AV_LOG_WARNING, "Input channel layout \"%s\" is invalid or unsupported.\n", l1);
+-        av_channel_layout_uninit(&s->in_ch_layout);
+-    }
+-
+-    if (!av_channel_layout_check(&s->out_ch_layout) || s->out_ch_layout.nb_channels > SWR_CH_MAX) {
+-        av_channel_layout_describe(&s->out_ch_layout, l2, sizeof(l2));
+-        av_log(s, AV_LOG_WARNING, "Output channel layout \"%s\" is invalid or unsupported.\n", l2);
+-        av_channel_layout_uninit(&s->out_ch_layout);
+-    }
+-
+     switch(s->engine){
+ #if CONFIG_LIBSOXR
+         case SWR_ENGINE_SOXR: s->resampler = &swri_soxr_resampler; break;
+@@ -291,9 +307,9 @@ av_cold int swr_init(struct SwrContext *s){
+         av_channel_layout_uninit(&s->in_ch_layout);
+     }
+ 
+-    if (!s->in_ch_layout.nb_channels || s->in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC)
++    if (s->in_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC)
+         av_channel_layout_default(&s->in_ch_layout, s->used_ch_count);
+-    if (!s->out_ch_layout.nb_channels || s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC)
++    if (s->out_ch_layout.order == AV_CHANNEL_ORDER_UNSPEC)
+         av_channel_layout_default(&s->out_ch_layout, s->out.ch_count);
+ 
+     s->rematrix = av_channel_layout_compare(&s->out_ch_layout, &s->in_ch_layout) ||
+-- 
+2.41.0
+

ffmpeg-5.changes

@@ -1,13 +1,45 @@
+-------------------------------------------------------------------
+Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Adjust bconds to build the package in SLFO without xvidcore.
+
+-------------------------------------------------------------------
+Fri Sep  6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-7055.patch:
+  Backporting 3faadbe2 from upstream, Use 64bit for input size check,
+  Fixes: out of array read, Fixes: poc3.
+  (CVE-2024-7055, bsc#1229026)
+
+-------------------------------------------------------------------
+Sun Sep  1 18:04:27 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+  [boo#1229338]
+- Add 0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch
+  (resolve FTBFS on i586)
+
+-------------------------------------------------------------------
+Sun Aug 18 01:42:12 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-7272.patch:
+  Backporting 9903ba28 from upstream, error out on invalid layouts,
+  * If it's unsupported or invalid, then there's no point trying to
+  rebuild it using a value that may have been derived from the same
+  layout to begin with.
+  * Move the checks before the attempts at copying the layout while
+  at it.
+  (CVE-2024-7272, bsc#1229261)
+
 -------------------------------------------------------------------
 Thu Aug 15 09:56:01 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
+
 - Remove ffmpeg-5-CVE-2024-32228.patch as it adds/modifies code
-  which does not build on Packman. Following errors are generated:
+  which fails to build with BUILD_ORIG=1. (`HEVCSEI` has no
-  * AV_FRAME_FLAG_KEY undeclared
+  member named `common`; implicit declaration of function
-  * 'HEVCSEI' has no member named 'common'
+  `ff_h274_film_grain_params_supported`,
-  * implicit declaration of function 'ff_h274_film_grain_params_supported'
+  `av_film_grain_params_select`; `HEVCContext` has no member
-  * implicit declaration of function 'av_film_grain_params_select'
+  named `film_grain_warning_shown`)
-  * 'HEVCContext' has no member named 'film_grain_warning_shown'
-- Renumber patches
 
 -------------------------------------------------------------------
 Tue Jul  2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -29,7 +61,7 @@ Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50010.patch:
   Backporting e4d2666b from upstream, fixes the out of array access.
-  (CVE-2023-50010 bsc#1223256)
+  (CVE-2023-50010, bsc#1223256)
 
 -------------------------------------------------------------------
 Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@@ -43,7 +75,7 @@ Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-CVE-2023-50009.patch:
   Backporting c443658d from upstream, Fix small inputs with
    gaussian_blur().
-  (CVE-2023-50009 bsc#1223255)
+  (CVE-2023-50009, bsc#1223255)
 
 -------------------------------------------------------------------
 Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -51,14 +83,14 @@ Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch:
   Backporting cf1f5744 from upstream, Templatify function
   ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009.
-  (CVE-2023-50009 bsc#1223255)
+  (CVE-2023-50009, bsc#1223255)
 
 -------------------------------------------------------------------
 Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-51793.patch:
   Backporting 0ecc1f0e from upstream, Fix odd height handling.
-  (CVE-2023-51793 bsc#1223272)
+  (CVE-2023-51793, bsc#1223272)
 
 -------------------------------------------------------------------
 Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -66,21 +98,21 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-CVE-2023-49502.patch:
   Backporting 737ede40 from upstream, account for chroma sub-sampling
   in min size calculation.
-  (CVE-2023-49502 bsc#1223235)
+  (CVE-2023-49502, bsc#1223235)
 
 -------------------------------------------------------------------
 Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50008.patch:
   Backporting 5f87a68c from upstream, Fix memory leaks.
-  (CVE-2023-50008 bsc#1223254)
+  (CVE-2023-50008, bsc#1223254)
 
 -------------------------------------------------------------------
 Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50007.patch:
   Backporting b1942734 from upstream, Fix crash with EOF handling.
-  (CVE-2023-50007 bsc#1223253)
+  (CVE-2023-50007, bsc#1223253)
 
 -------------------------------------------------------------------
 Mon Apr 22 23:10:31 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

ffmpeg-5.spec

@@ -61,7 +61,7 @@
 %bcond_with    x265
 %bcond_with    xvid
 
-%if 0%{?suse_version} > 1500
+%if 0%{?suse_version} > 1600
 %bcond_without mysofa
 %bcond_without vidstab
 %bcond_without codec2
@@ -71,12 +71,22 @@
 %bcond_without opencore
 %bcond_without xvid
 %else
+%if 0%{?suse_version} > 1500
+%bcond_without mysofa
+%bcond_without vidstab
+%bcond_without codec2
+%bcond_without rubberband
+%bcond_without vulkan
+%bcond_without amrwb
+%bcond_without opencore
+%else
 %bcond_with mysofa
 %bcond_with vidstab
 %bcond_with codec2
 %bcond_with rubberband
 %bcond_with vulkan
 %endif
+%endif
 
 %define _name ffmpeg
 %define _major_version 5
@@ -113,6 +123,8 @@ Patch14:        0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
 Patch15:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch16:        0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
 Patch17:        0001-avfilter-af_stereowiden-Check-length.patch
+Patch18:        0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+Patch19:        0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch93:        soname.diff
@@ -123,7 +135,9 @@ Patch97:        ffmpeg-CVE-2023-51793.patch
 Patch98:        ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
 Patch99:        ffmpeg-CVE-2023-50009.patch
 Patch100:       ffmpeg-CVE-2023-50010.patch
-Patch101:       ffmpeg-5-CVE-2024-32230.patch
+Patch102:       ffmpeg-5-CVE-2024-32230.patch
+Patch103:       ffmpeg-5-CVE-2024-7272.patch
+Patch104:       ffmpeg-5-CVE-2024-7055.patch
 #
 # preamble is present twice, watch out
 #
@@ -851,6 +865,8 @@ Patch14:        0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
 Patch15:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch16:        0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
 Patch17:        0001-avfilter-af_stereowiden-Check-length.patch
+Patch18:        0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+Patch19:        0001-avutil-hwcontext_vaapi-use-the-correct-type-for-VASu.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch93:        soname.diff
@@ -861,7 +877,8 @@ Patch97:        ffmpeg-CVE-2023-51793.patch
 Patch98:        ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
 Patch99:        ffmpeg-CVE-2023-50009.patch
 Patch100:       ffmpeg-CVE-2023-50010.patch
-Patch101:       ffmpeg-5-CVE-2024-32230.patch
+Patch102:       ffmpeg-5-CVE-2024-32230.patch
+Patch103:       ffmpeg-5-CVE-2024-7272.patch
 BuildRequires:  c_compiler
 Requires:       this-is-only-for-build-envs