From f667a2bdbfec0b361e63a06f6c78839cd4245621634bf93b031c9155678c434e Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Thu, 25 Apr 2024 08:01:51 +0000
Subject: [PATCH] Accepting request 1170107 from
home:qzhao:branches:multimedia:libs
Add ffmpeg-CVE-2023-50007.patch ffmpeg-CVE-2023-50008.patch to fix CVE bugs.
OBS-URL: https://build.opensuse.org/request/show/1170107
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-6?expand=0&rev=34
---
ffmpeg-6.changes | 14 ++++++++
ffmpeg-6.spec | 9 ++++-
ffmpeg-CVE-2023-50007.patch | 67 +++++++++++++++++++++++++++++++++++++
ffmpeg-CVE-2023-50008.patch | 18 ++++++++++
4 files changed, 107 insertions(+), 1 deletion(-)
create mode 100644 ffmpeg-CVE-2023-50007.patch
create mode 100644 ffmpeg-CVE-2023-50008.patch
diff --git a/ffmpeg-6.changes b/ffmpeg-6.changes
index 2e94c14..d5f8388 100644
--- a/ffmpeg-6.changes
+++ b/ffmpeg-6.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-CVE-2023-50008.patch:
+ Backporting 5f87a68c from upstream, Fix memory leaks.
+ (CVE-2023-50008 bsc#1223254)
+
+-------------------------------------------------------------------
+Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-CVE-2023-50007.patch:
+ Backporting b1942734 from upstream, Fix crash with EOF handling.
+ (CVE-2023-50007 bsc#1223253)
+
-------------------------------------------------------------------
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
diff --git a/ffmpeg-6.spec b/ffmpeg-6.spec
index 8b13fe6..7ab050d 100644
--- a/ffmpeg-6.spec
+++ b/ffmpeg-6.spec
@@ -120,7 +120,10 @@ Patch12: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
Patch13: 0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
Patch90: ffmpeg-chromium.patch
Patch91: ffmpeg-dlopen-openh264.patch
-
+# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50007.patch CVE-2023-50007 bsc#1223253 qzhao@suse.com -- Fix crash with EOF handling.
+Patch92: ffmpeg-CVE-2023-50007.patch
+# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50008.patch CVE-2023-50008 bsc#1223254 qzhao@suse.com -- Fix memory leaks.
+Patch93: ffmpeg-CVE-2023-50008.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel >= 3.98.3
@@ -841,6 +844,10 @@ Patch12: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
Patch13: 0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
Patch90: ffmpeg-chromium.patch
Patch91: ffmpeg-dlopen-openh264.patch
+# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50007.patch CVE-2023-50007 bsc#1223253 qzhao@suse.com -- Fix crash with EOF handling.
+Patch92: ffmpeg-CVE-2023-50007.patch
+# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50008.patch CVE-2023-50008 bsc#1223254 qzhao@suse.com -- Fix memory leaks.
+Patch93: ffmpeg-CVE-2023-50008.patch
BuildRequires: c_compiler
Requires: this-is-only-for-build-envs
diff --git a/ffmpeg-CVE-2023-50007.patch b/ffmpeg-CVE-2023-50007.patch
new file mode 100644
index 0000000..f970722
--- /dev/null
+++ b/ffmpeg-CVE-2023-50007.patch
@@ -0,0 +1,67 @@
+commit b1942734c7cbcdc9034034373abcc9ecb9644c47
+Author: Paul B Mahol <onemda@gmail.com>
+Date: Mon Nov 27 11:45:34 2023 +0100
+
+ avfilter/af_afwtdn: fix crash with EOF handling
+
+diff -Nura ffmpeg-6.1.1/libavfilter/af_afwtdn.c ffmpeg-6.1.1_new/libavfilter/af_afwtdn.c
+--- ffmpeg-6.1.1/libavfilter/af_afwtdn.c 2023-11-11 08:25:17.000000000 +0800
++++ ffmpeg-6.1.1_new/libavfilter/af_afwtdn.c 2024-04-25 14:15:23.737350315 +0800
+@@ -408,6 +408,7 @@
+
+ uint64_t sn;
+ int64_t eof_pts;
++ int eof;
+
+ int wavelet_type;
+ int channels;
+@@ -1069,7 +1070,7 @@
+ s->drop_samples = 0;
+ } else {
+ if (s->padd_samples < 0 && eof) {
+- out->nb_samples += s->padd_samples;
++ out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples);
+ s->padd_samples = 0;
+ }
+ if (!eof)
+@@ -1208,23 +1209,26 @@
+
+ FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink);
+
+- ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
+- if (ret < 0)
+- return ret;
+- if (ret > 0)
+- return filter_frame(inlink, in);
++ if (!s->eof) {
++ ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
++ if (ret < 0)
++ return ret;
++ if (ret > 0)
++ return filter_frame(inlink, in);
++ }
+
+ if (ff_inlink_acknowledge_status(inlink, &status, &pts)) {
+- if (status == AVERROR_EOF) {
+- while (s->padd_samples != 0) {
+- ret = filter_frame(inlink, NULL);
+- if (ret < 0)
+- return ret;
+- }
+- ff_outlink_set_status(outlink, status, pts);
+- return ret;
+- }
++ if (status == AVERROR_EOF)
++ s->eof = 1;
+ }
++
++ if (s->eof && s->padd_samples != 0) {
++ return filter_frame(inlink, NULL);
++ } else if (s->eof) {
++ ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts);
++ return 0;
++ }
++
+ FF_FILTER_FORWARD_WANTED(outlink, inlink);
+
+ return FFERROR_NOT_READY;
diff --git a/ffmpeg-CVE-2023-50008.patch b/ffmpeg-CVE-2023-50008.patch
new file mode 100644
index 0000000..0502a62
--- /dev/null
+++ b/ffmpeg-CVE-2023-50008.patch
@@ -0,0 +1,18 @@
+commit 5f87a68cf70dafeab2fb89b42e41a4c29053b89b
+Author: Paul B Mahol <onemda@gmail.com>
+Date: Mon Nov 27 12:08:20 2023 +0100
+
+ avfilter/vf_colorcorrect: fix memory leaks
+
+diff -Nura ffmpeg-6.1.1/libavfilter/vf_colorcorrect.c ffmpeg-6.1.1_new/libavfilter/vf_colorcorrect.c
+--- ffmpeg-6.1.1/libavfilter/vf_colorcorrect.c 2023-11-11 08:25:17.000000000 +0800
++++ ffmpeg-6.1.1_new/libavfilter/vf_colorcorrect.c 2024-04-25 14:35:29.717468737 +0800
+@@ -497,6 +497,8 @@
+ ColorCorrectContext *s = ctx->priv;
+
+ av_freep(&s->analyzeret);
++ av_freep(&s->uhistogram);
++ av_freep(&s->vhistogram);
+ }
+
+ static const AVFilterPad colorcorrect_inputs[] = {