Accepting request 1190554 from multimedia:libs

- Add ffmpeg-4-CVE-2024-32230.patch: Backporting 96449cfe from upstream, Fix 1 line and one column images. (CVE-2024-32230, bsc#1227296) OBS-URL: https://build.opensuse.org/request/show/1190554 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ffmpeg-4?expand=0&rev=69
2024-08-01 20:03:26 +00:00 · 2024-08-01 20:03:26 +00:00 · e8adf94974
commit e8adf94974
parent 845e0bd982 5facdfe17d
5 changed files with 35 additions and 4 deletions
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@ -1,4 +1,4 @@
-mtime: 1722057554
-commit: d4a851e48e2ef17c1f3c81416ee204973636088059021e1c36a028ddbb7991c7
+mtime: 1722363442
+commit: 32083452007930a19f6845ff9dabd64715f2bca36f8a20c936c161f6f8480517
 url: https://src.opensuse.org/jengelh/ffmpeg-4
 revision: master
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:8fc0c14f2bc24bf2dda12500e5d5712f81d17ee7a63baeb4b7401f60a0fcb4cb
+oid sha256:c7d87a99962dd15c034670998d85540aad1160cef5a3b1b5eef559451a1edbe8
 size 256
--- a/ffmpeg-4-CVE-2024-32230.patch
+++ b/ffmpeg-4-CVE-2024-32230.patch
@ -0,0 +1,23 @@
+commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
+Author: Michael Niedermayer <michael@niedermayer.cc>
+Date:   Mon Apr 8 18:38:42 2024 +0200
+
+    avcodec/mpegvideo_enc: Fix 1 line and one column images
+    
+    Fixes: Ticket10952
+    Fixes: poc21ffmpeg
+    Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+--- ffmpeg-4.4.4/libavcodec/mpegvideo_enc.c
+++ ffmpeg-4.4.4_new/libavcodec/mpegvideo_enc.c
+@@ -1263,8 +1263,8 @@
+                     int dst_stride = i ? s->uvlinesize : s->linesize;
+                     int h_shift = i ? h_chroma_shift : 0;
+                     int v_shift = i ? v_chroma_shift : 0;
+-                    int w = s->width  >> h_shift;
+-                    int h = s->height >> v_shift;
+                    int w = AV_CEIL_RSHIFT(s->width , h_shift);
+                    int h = AV_CEIL_RSHIFT(s->height, v_shift);
+                     uint8_t *src = pic_arg->data[i];
+                     uint8_t *dst = pic->f->data[i];
+                     int vpad = 16;
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@ -4,6 +4,13 @@ Fri Jul 26 13:19:42 UTC 2024 - Filip Kastl <filip.kastl@suse.com>
 - Add ffmpeg-c99.patch so that the package conforms to the C99
  standard and builds on i586 with GCC 14.

+-------------------------------------------------------------------
+Tue Jul  2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2024-32230.patch:
+  Backporting 96449cfe from upstream, Fix 1 line and one column images.
+  (CVE-2024-32230, bsc#1227296)
+
 -------------------------------------------------------------------
 Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>

--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@ -131,7 +131,8 @@ Patch17:        ffmpeg-CVE-2023-49502.patch
 Patch18:        ffmpeg-CVE-2023-51793.patch
 Patch19:        0001-avfilter-af_stereowiden-Check-length.patch
 Patch20:        ffmpeg-CVE-2023-50010.patch
-Patch21:        ffmpeg-c99.patch
+Patch21:        ffmpeg-4-CVE-2024-32230.patch
+Patch22:        ffmpeg-c99.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel