From 90b8effb5d8cb60e84b4c56e4a5a759b09d5390dc7a90c3056fbc039c40de447 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 16 Mar 2023 17:55:19 +0000 Subject: [PATCH 1/2] - Conflict with otherproviders(ffmpeg-tools). OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=194 --- ffmpeg-4.changes | 5 +++++ ffmpeg-4.spec | 3 +-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index f0c1317..6a6272f 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Mar 16 17:54:51 UTC 2023 - Jan Engelhardt + +- Conflict with otherproviders(ffmpeg-tools). + ------------------------------------------------------------------- Fri Jan 20 07:22:58 UTC 2023 - Alynx Zhou diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index ffbb872..d91c0e5 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -259,10 +259,9 @@ BuildRequires: pkgconfig(x264) BuildRequires: pkgconfig(x265) %endif Provides: ffmpeg-tools = %version -Obsoletes: ffmpeg-tools < %version +Conflicts: ffmpeg-tools Provides: ffmpeg = %version Obsoletes: ffmpeg < %version -Conflicts: ffmpeg-5 Requires: libavcodec58_134 = %version-%release Requires: libavdevice58_13 = %version-%release Requires: libavfilter7_110 = %version-%release From e77fa35c44fa4c38fcdcabc1ecd9825025312ec8006541fcd0150e286a5d5e0b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 19 Apr 2023 22:09:03 +0000 Subject: [PATCH 2/2] Accepting request 1080436 from home:iznogood:branches:multimedia:libs - Update to version 4.4.4: * avcodec/012v: Order operations for odd size handling * avcodec/alsdec: The minimal block is at least 7 bits * avcodec/bink: - Avoid undefined out of array end pointers in binkb_decode_plane() - Fix off by 1 error in ref end * avcodec/eac3dec: avoid float noise in fixed mode addition to overflow * avcodec/eatgq: : Check index increments in tgq_decode_block() * avcodec/escape124: - Fix signdness of end of input check - Fix some return codes * avcodec/ffv1dec: - Check that num h/v slices is supported - Fail earlier if prior context is corrupted - Restructure slice coordinate reading a bit * avcodec/mjpegenc: take into account component count when writing the SOF header size * avcodec/mlpdec: Check max matrix instead of max channel in noise check * avcodec/motionpixels: Mask pixels to valid values * avcodec/mpeg12dec: Check input size * avcodec/nvenc: - Fix b-frame DTS behavior with fractional framerates - Fix vbv buffer size in cq mode * avcodec/pictordec: Remove mid exit branch * avcodec/pngdec: Check deloco index more exactly * avcodec/rpzaenc: stop accessing out of bounds frame * avcodec/scpr3: Check bx * avcodec/scpr: Test bx before use * avcodec/snowenc: Fix visual weight calculation * avcodec/speedhq: Check buf_size to be big enough for DC * avcodec/sunrast: Fix maplength check * avcodec/tests/snowenc: - Fix 2nd test - Return a failure if DWT/IDWT mismatches - Unbreak DWT tests * avcodec/tiff: Ignore tile_count * avcodec/utils: - Allocate a line more for VC1 and WMV3 - Ensure linesize for SVQ3 - Use 32pixel alignment for bink * avcodec/videodsp_template: Adjust pointers to avoid undefined pointer things * avcodec/vp3: Add missing check for av_malloc * avcodec/wavpack: - Avoid undefined shift in get_tail() - Check for end of input in wv_unpack_dsd_high() * avcodec/xpmdec: Check size before allocation to avoid truncation * avfilter/vf_untile: swap the chroma shift values used for plane offsets * avformat/id3v2: Check taglen in read_uslt() * avformat/mov: Check samplesize and offset to avoid integer overflow * avformat/mxfdec: Use 64bit in remainder * avformat/nutdec: Add check for avformat_new_stream * avformat/replaygain: avoid undefined / negative abs * swscale/input: Use more unsigned intermediates * swscale/output: Bias 16bps output calculations to improve non overflowing range * swscale: aarch64: Fix yuv2rgb with negative stride * Use https for repository links - Drop patches fixed upstream: * ffmpeg-CVE-2022-3964.patch * ffmpeg-CVE-2022-3109.patch * ffmpeg-CVE-2022-3341.patch - Use ldconfig_scriptlets macro. OBS-URL: https://build.opensuse.org/request/show/1080436 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=195 --- ffmpeg-4.4.3.tar.xz | 3 -- ffmpeg-4.4.3.tar.xz.asc | 11 ------ ffmpeg-4.4.4.tar.xz | 3 ++ ffmpeg-4.4.4.tar.xz.asc | 11 ++++++ ffmpeg-4.changes | 73 ++++++++++++++++++++++++++++++++++++++ ffmpeg-4.spec | 32 ++++++----------- ffmpeg-CVE-2022-3109.patch | 18 ---------- ffmpeg-CVE-2022-3341.patch | 44 ----------------------- ffmpeg-CVE-2022-3964.patch | 70 ------------------------------------ 9 files changed, 97 insertions(+), 168 deletions(-) delete mode 100644 ffmpeg-4.4.3.tar.xz delete mode 100644 ffmpeg-4.4.3.tar.xz.asc create mode 100644 ffmpeg-4.4.4.tar.xz create mode 100644 ffmpeg-4.4.4.tar.xz.asc delete mode 100644 ffmpeg-CVE-2022-3109.patch delete mode 100644 ffmpeg-CVE-2022-3341.patch delete mode 100644 ffmpeg-CVE-2022-3964.patch diff --git a/ffmpeg-4.4.3.tar.xz b/ffmpeg-4.4.3.tar.xz deleted file mode 100644 index bcf5e7e..0000000 --- a/ffmpeg-4.4.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6c5b6c195e61534766a0b5fe16acc919170c883362612816d0a1c7f4f947006e -size 9566020 diff --git a/ffmpeg-4.4.3.tar.xz.asc b/ffmpeg-4.4.3.tar.xz.asc deleted file mode 100644 index 46c3235..0000000 --- a/ffmpeg-4.4.3.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQFMBAABCAA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmNDHJkYHGZmbXBlZy1k -ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljY/vAH/jLAuIyOsVl0B+FkziukD1kY -l8OBOgZSe1Nfi3sw3Zke58QseVkT9wFhdKXs3wmhMOZHHgPYWH7ps2O3OSGw0UNH -NJqU7NPoGY8t8+YQS7gRoGkGyXKruHaz7qw7JMfLPeTSTR/+CI145wKkArgh1lsF -zsVMYz+7aBH3EzuJJPm1DjtOvIT6Q8LIhELIgiyQb8I6V+Xb6od5Ty3mO35CBO2q -j31iow7sOFA758SYUcKeqWo+K8gYV7lEco1d3ouQ23JxIoExIuV7dipEFrWAl+0x -kdALcl3ZQbb/bRheG9Ndk0eQqo0pZdKv+NNs9A6Bo2TATme6NkLbXOg4fkZ+Hug= -=u5U1 ------END PGP SIGNATURE----- diff --git a/ffmpeg-4.4.4.tar.xz b/ffmpeg-4.4.4.tar.xz new file mode 100644 index 0000000..0034acb --- /dev/null +++ b/ffmpeg-4.4.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e80b380d595c809060f66f96a5d849511ef4a76a26b76eacf5778b94c3570309 +size 9565584 diff --git a/ffmpeg-4.4.4.tar.xz.asc b/ffmpeg-4.4.4.tar.xz.asc new file mode 100644 index 0000000..188b614 --- /dev/null +++ b/ffmpeg-4.4.4.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQFMBAABCAA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmQ2/oUYHGZmbXBlZy1k +ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYkGMH/iRlBGO1ZcCPnNpJt6pAqxcY +cP4hmanIPLLBPQfbHIwGUJDiTDIpXuFeWC7dt08Q8ndXtXbjTJ0T+hZP7Riuzns8 +bwXfrCRioKlmIZSUg9WMErNW+vE/nUFn20q4PdzaWbeUbIsZEW6Btt4C4JuBCLsn +K2WZa7/GwaMnLLPIUIaNzW//aeUj11IhY74qB3k5nOhidgptY1en7xa9x1kZ3dvW +wx2vO+2fS5SlvBfj2KFAey+FX2LAEZFjRaiWRnzlO5daqO4acWMtRAQeMk5rs21W +NeTZUqZoPaaNfcFz1yWsBv19Fte4R9D8oD4TwMd5ikZZ2hjV+N+EMEFNWLoH02Q= +=e6RR +-----END PGP SIGNATURE----- diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index 6a6272f..13eb368 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -1,3 +1,76 @@ +------------------------------------------------------------------- +Wed Apr 19 21:00:41 UTC 2023 - Bjørn Lie + +- Update to version 4.4.4: + * avcodec/012v: Order operations for odd size handling + * avcodec/alsdec: The minimal block is at least 7 bits + * avcodec/bink: + - Avoid undefined out of array end pointers in + binkb_decode_plane() + - Fix off by 1 error in ref end + * avcodec/eac3dec: avoid float noise in fixed mode addition to + overflow + * avcodec/eatgq: : Check index increments in tgq_decode_block() + * avcodec/escape124: + - Fix signdness of end of input check + - Fix some return codes + * avcodec/ffv1dec: + - Check that num h/v slices is supported + - Fail earlier if prior context is corrupted + - Restructure slice coordinate reading a bit + * avcodec/mjpegenc: take into account component count when + writing the SOF header size + * avcodec/mlpdec: Check max matrix instead of max channel in + noise check + * avcodec/motionpixels: Mask pixels to valid values + * avcodec/mpeg12dec: Check input size + * avcodec/nvenc: + - Fix b-frame DTS behavior with fractional framerates + - Fix vbv buffer size in cq mode + * avcodec/pictordec: Remove mid exit branch + * avcodec/pngdec: Check deloco index more exactly + * avcodec/rpzaenc: stop accessing out of bounds frame + * avcodec/scpr3: Check bx + * avcodec/scpr: Test bx before use + * avcodec/snowenc: Fix visual weight calculation + * avcodec/speedhq: Check buf_size to be big enough for DC + * avcodec/sunrast: Fix maplength check + * avcodec/tests/snowenc: + - Fix 2nd test + - Return a failure if DWT/IDWT mismatches + - Unbreak DWT tests + * avcodec/tiff: Ignore tile_count + * avcodec/utils: + - Allocate a line more for VC1 and WMV3 + - Ensure linesize for SVQ3 + - Use 32pixel alignment for bink + * avcodec/videodsp_template: Adjust pointers to avoid undefined + pointer things + * avcodec/vp3: Add missing check for av_malloc + * avcodec/wavpack: + - Avoid undefined shift in get_tail() + - Check for end of input in wv_unpack_dsd_high() + * avcodec/xpmdec: Check size before allocation to avoid + truncation + * avfilter/vf_untile: swap the chroma shift values used for plane + offsets + * avformat/id3v2: Check taglen in read_uslt() + * avformat/mov: Check samplesize and offset to avoid integer + overflow + * avformat/mxfdec: Use 64bit in remainder + * avformat/nutdec: Add check for avformat_new_stream + * avformat/replaygain: avoid undefined / negative abs + * swscale/input: Use more unsigned intermediates + * swscale/output: Bias 16bps output calculations to improve non + overflowing range + * swscale: aarch64: Fix yuv2rgb with negative stride + * Use https for repository links +- Drop patches fixed upstream: + * ffmpeg-CVE-2022-3964.patch + * ffmpeg-CVE-2022-3109.patch + * ffmpeg-CVE-2022-3341.patch +- Use ldconfig_scriptlets macro. + ------------------------------------------------------------------- Thu Mar 16 17:54:51 UTC 2023 - Jan Engelhardt diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index d91c0e5..24a45f3 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -95,7 +95,7 @@ %define _major_version 4 %define _major_expected 5 Name: ffmpeg-4 -Version: 4.4.3 +Version: 4.4.4 Release: 0 Summary: Set of libraries for working with various multimedia formats License: GPL-3.0-or-later @@ -120,9 +120,6 @@ Patch8: vmaf-trim-usr-local.patch Patch9: ffmpeg-4.4-CVE-2020-22046.patch Patch10: ffmpeg-chromium.patch Patch11: ffmpeg-libglslang-detection.patch -Patch12: ffmpeg-CVE-2022-3964.patch -Patch13: ffmpeg-CVE-2022-3109.patch -Patch14: ffmpeg-CVE-2022-3341.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel @@ -788,24 +785,15 @@ for i in libavformat/options_table.h libavformat/os_support.h \ cp -a $i "$b/%_includedir/ffmpeg/private/$i" done -%post -n libavcodec58_134 -p /sbin/ldconfig -%postun -n libavcodec58_134 -p /sbin/ldconfig -%post -n libavdevice58_13 -p /sbin/ldconfig -%postun -n libavdevice58_13 -p /sbin/ldconfig -%post -n libavfilter7_110 -p /sbin/ldconfig -%postun -n libavfilter7_110 -p /sbin/ldconfig -%post -n libavformat58_76 -p /sbin/ldconfig -%postun -n libavformat58_76 -p /sbin/ldconfig -%post -n libavresample4_0 -p /sbin/ldconfig -%postun -n libavresample4_0 -p /sbin/ldconfig -%post -n libavutil56_70 -p /sbin/ldconfig -%postun -n libavutil56_70 -p /sbin/ldconfig -%post -n libpostproc55_9 -p /sbin/ldconfig -%postun -n libpostproc55_9 -p /sbin/ldconfig -%post -n libswresample3_9 -p /sbin/ldconfig -%postun -n libswresample3_9 -p /sbin/ldconfig -%post -n libswscale5_9 -p /sbin/ldconfig -%postun -n libswscale5_9 -p /sbin/ldconfig +%ldconfig_scriptlets -n libavcodec58_134 +%ldconfig_scriptlets -n libavdevice58_13 +%ldconfig_scriptlets -n libavfilter7_110 +%ldconfig_scriptlets -n libavformat58_76 +%ldconfig_scriptlets -n libavresample4_0 +%ldconfig_scriptlets -n libavutil56_70 +%ldconfig_scriptlets -n libpostproc55_9 +%ldconfig_scriptlets -n libswresample3_9 +%ldconfig_scriptlets -n libswscale5_9 %files %doc Changelog CREDITS README.md diff --git a/ffmpeg-CVE-2022-3109.patch b/ffmpeg-CVE-2022-3109.patch deleted file mode 100644 index d952c1a..0000000 --- a/ffmpeg-CVE-2022-3109.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --unified --recursive --text --new-file --color ffmpeg-4.4.3.old/libavcodec/vp3.c ffmpeg-4.4.3.new/libavcodec/vp3.c ---- ffmpeg-4.4.3.old/libavcodec/vp3.c 2022-10-10 03:04:38.000000000 +0800 -+++ ffmpeg-4.4.3.new/libavcodec/vp3.c 2022-12-23 16:25:47.902576459 +0800 -@@ -2683,8 +2683,13 @@ - if ((ret = ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF)) < 0) - goto error; - -- if (!s->edge_emu_buffer) -+ if (!s->edge_emu_buffer) { - s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0])); -+ if (!s->edge_emu_buffer) { -+ ret = AVERROR(ENOMEM); -+ goto error; -+ } -+ } - - if (s->keyframe) { - if (!s->theora) { diff --git a/ffmpeg-CVE-2022-3341.patch b/ffmpeg-CVE-2022-3341.patch deleted file mode 100644 index 69d06af..0000000 --- a/ffmpeg-CVE-2022-3341.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff --unified --recursive --text --new-file --color ffmpeg-4.4.3.old/libavformat/nutdec.c ffmpeg-4.4.3.new/libavformat/nutdec.c ---- ffmpeg-4.4.3.old/libavformat/nutdec.c 2022-10-10 03:04:43.000000000 +0800 -+++ ffmpeg-4.4.3.new/libavformat/nutdec.c 2023-01-20 15:33:38.060002545 +0800 -@@ -358,8 +358,12 @@ - ret = AVERROR(ENOMEM); - goto fail; - } -- for (i = 0; i < stream_count; i++) -- avformat_new_stream(s, NULL); -+ for (i = 0; i < stream_count; i++) { -+ if (!avformat_new_stream(s, NULL)) { -+ ret = AVERROR(ENOMEM); -+ goto fail; -+ } -+ } - - return 0; - fail: -@@ -807,19 +811,23 @@ - NUTContext *nut = s->priv_data; - AVIOContext *bc = s->pb; - int64_t pos; -- int initialized_stream_count; -+ int initialized_stream_count, ret; - - nut->avf = s; - - /* main header */ - pos = 0; -+ ret = 0; - do { -+ if (ret == AVERROR(ENOMEM)) -+ return ret; -+ - pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; - if (pos < 0 + 1) { - av_log(s, AV_LOG_ERROR, "No main startcode found.\n"); - goto fail; - } -- } while (decode_main_header(nut) < 0); -+ } while ((ret = decode_main_header(nut)) < 0); - - /* stream headers */ - pos = 0; diff --git a/ffmpeg-CVE-2022-3964.patch b/ffmpeg-CVE-2022-3964.patch deleted file mode 100644 index 25842f6..0000000 --- a/ffmpeg-CVE-2022-3964.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/rpzaenc.c ffmpeg-4.4.new/libavcodec/rpzaenc.c ---- ffmpeg-4.4.old/libavcodec/rpzaenc.c 2022-11-15 14:41:42.262978968 +0800 -+++ ffmpeg-4.4.new/libavcodec/rpzaenc.c 2022-11-15 14:43:37.183516204 +0800 -@@ -204,7 +204,7 @@ - - // loop thru and compare pixels - for (y = 0; y < bi->block_height; y++) { -- for (x = 0; x < bi->block_width; x++){ -+ for (x = 0; x < bi->block_width; x++) { - // TODO: optimize - min_r = FFMIN(R(block_ptr[x]), min_r); - min_g = FFMIN(G(block_ptr[x]), min_g); -@@ -276,7 +276,7 @@ - return -1; - - for (i = 0; i < bi->block_height; i++) { -- for (j = 0; j < bi->block_width; j++){ -+ for (j = 0; j < bi->block_width; j++) { - x = GET_CHAN(block_ptr[j], xchannel); - y = GET_CHAN(block_ptr[j], ychannel); - sumx += x; -@@ -323,7 +323,7 @@ - int max_err = 0; - - for (i = 0; i < bi->block_height; i++) { -- for (j = 0; j < bi->block_width; j++){ -+ for (j = 0; j < bi->block_width; j++) { - int x_inc, lin_y, lin_x; - x = GET_CHAN(block_ptr[j], xchannel); - y = GET_CHAN(block_ptr[j], ychannel); -@@ -418,7 +418,9 @@ - uint16_t *dest_pixels, - const BlockInfo *bi, int block_counter) - { -- for (int y = 0; y < 4; y++) { -+ const int y_size = FFMIN(4, bi->image_height - bi->row * 4); -+ -+ for (int y = 0; y < y_size; y++) { - memcpy(dest_pixels, src_pixels, 8); - dest_pixels += bi->rowstride; - src_pixels += bi->rowstride; -@@ -728,13 +730,14 @@ - - if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK - uint16_t *row_ptr; -- int rgb555; -+ int y_size, rgb555; - - block_offset = get_block_info(&bi, block_counter); - - row_ptr = &src_pixels[block_offset]; -+ y_size = FFMIN(4, bi.image_height - bi.row * 4); - -- for (int y = 0; y < 4; y++) { -+ for (int y = 0; y < y_size; y++) { - for (int x = 0; x < 4; x++){ - rgb555 = row_ptr[x] & ~0x8000; - -@@ -743,6 +746,11 @@ - row_ptr += bi.rowstride; - } - -+ for (int y = y_size; y < 4; y++) { -+ for (int x = 0; x < 4; x++) -+ put_bits(&s->pb, 16, 0); -+ } -+ - block_counter++; - } else { // FOUR COLOR BLOCK - block_counter += encode_four_color_block(min_color, max_color,