Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch

Backporting 3faadbe2 from upstream, Use 64bit for input size check,
Fixes: out of array read, Fixes: poc3.
(CVE-2024-7055, bsc#1229026)

0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch

@@ -0,0 +1,33 @@
+From d1ed5c06e3edc5f2b5f3664c80121fa55b0baa95 Mon Sep 17 00:00:00 2001
+From: Gyan Doshi <ffmpeg@gyani.pro>
+Date: Sat, 22 Feb 2025 10:38:53 +0530
+Subject: [PATCH] avcodec/libsvtav1: unbreak build with latest svtav1
+
+SVT-AV1 made a change in their public API in 988e930c but without a
+version bump or any other accessible marker, thus breaking ffmpeg build
+with current versions of SVT-AV1.
+
+They have finally bumped versions a month later, so check added.
+---
+ libavcodec/libsvtav1.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libavcodec/libsvtav1.c b/libavcodec/libsvtav1.c
+index 79b28eb4df..43fe531fde 100644
+--- a/libavcodec/libsvtav1.c
++++ b/libavcodec/libsvtav1.c
+@@ -435,7 +435,11 @@ static av_cold int eb_enc_init(AVCodecContext *avctx)
+ 
+     svt_enc->eos_flag = EOS_NOT_REACHED;
+ 
++#if SVT_AV1_CHECK_VERSION(3, 0, 0)
++    svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, &svt_enc->enc_params);
++#else
+     svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, svt_enc, &svt_enc->enc_params);
++#endif
+     if (svt_ret != EB_ErrorNone) {
+         return svt_print_error(avctx, svt_ret, "Error initializing encoder handle");
+     }
+-- 
+2.48.1
+

_scmsync.obsinfo

@@ -1,4 +0,0 @@
-mtime: 1740428378
-commit: 71230d5ab33ebb8b540bce6771743d3d17a008cbe9ffb2831c8c2522bb9e4f9a
-url: https://src.opensuse.org/jengelh/ffmpeg-4
-revision: master

build.specials.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:974fa8fcaa2ecd171378f6699384b1fecfc6b627c3ce859f3a74aa063646bc39
-size 256

ffmpeg-4-CVE-2024-35368.patch

@@ -0,0 +1,31 @@
+From 4513300989502090c4fd6560544dce399a8cd53c Mon Sep 17 00:00:00 2001
+From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date: Sun, 24 Sep 2023 13:15:48 +0200
+Subject: [PATCH] avcodec/rkmppdec: Fix double-free on error
+
+After having created the AVBuffer that is put into frame->buf[0],
+ownership of several objects (namely an AVDRMFrameDescriptor,
+an MppFrame and some AVBufferRefs framecontextref and decoder_ref)
+has passed to the AVBuffer and therefore to the frame.
+Yet it has nevertheless been freed manually on error
+afterwards, which would lead to a double-free as soon
+as the AVFrame is unreferenced.
+
+Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+---
+ libavcodec/rkmppdec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/libavcodec/rkmppdec.c
++++ b/libavcodec/rkmppdec.c
+@@ -460,8 +460,8 @@
+ 
+             frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref);
+             if (!frame->hw_frames_ctx) {
+-                ret = AVERROR(ENOMEM);
+-                goto fail;
++                av_frame_unref(frame);
++                return AVERROR(ENOMEM);
+             }
+ 
+             return 0;

ffmpeg-4.changes

@@ -1,7 +1,13 @@
+-------------------------------------------------------------------
+Wed Mar  5 09:46:09 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
+  to build with SVT-AV1 3.0.0.
+
 -------------------------------------------------------------------
 Fri Feb 19 05:17:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 
-- Add ffmpeg-7-CVE-2025-22921.patch:
+- Add ffmpeg-4-CVE-2025-22921.patch:
   Backporting 7f9c7f98 from upstream, clear array length when
   freeing it.
   (CVE-2025-22921, bsc#1237382)
@@ -9,7 +15,7 @@ Fri Feb 19 05:17:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 -------------------------------------------------------------------
 Fri Feb 19 04:27:06 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 
-- Add ffmpeg-7-CVE-2025-25473.patch:
+- Add ffmpeg-4-CVE-2025-25473.patch:
   Backporting c08d3004 from upstream, clear FFFormatContext packet.
   When packet_buffer is used in mux.c, and if a muxing process fails
   at a point where packets remained in said queue.
@@ -18,7 +24,7 @@ Fri Feb 19 04:27:06 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 -------------------------------------------------------------------
 Fri Feb 19 03:18:02 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 
-- Add ffmpeg-7-CVE-2025-0518.patch:
+- Add ffmpeg-4-CVE-2025-0518.patch:
   Backporting b5b6391d from upstream, fixes memory data leak when
   use sscanf().
   (CVE-2025-0518, bsc#1236007)
@@ -26,7 +32,7 @@ Fri Feb 19 03:18:02 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 -------------------------------------------------------------------
 Fri Feb 19 02:58:01 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 
-- Add ffmpeg-7-CVE-2025-22919.patch:
+- Add ffmpeg-4-CVE-2025-22919.patch:
   Backporting 1446e37d from upstream, check for valid sample rate
   As the sample rate <= 0 is invalid.
   (CVE-2025-22919, bsc#1237371)
@@ -40,9 +46,13 @@ Fri Feb 19 01:48:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
   (CVE-2024-12361, bsc#1237358)
 
 -------------------------------------------------------------------
-Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+Fri Feb 19 01:11:17 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 
-- Adjust bconds to build the package in SLFO without xvidcore.
+- Add ffmpeg-4-CVE-2024-35368.patch:
+  Backporting 45133009 from upstream, After having created the
+  AVBuffer that is put into frame->buf[0], ownership of several
+  objects Fix double-free on the AVFrame is unreferenced.
+  (CVE-2024-35368, bsc#1234028)
 
 -------------------------------------------------------------------
 Mon Jan  6 11:53:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
@@ -62,6 +72,11 @@ Mon Jan  6 11:53:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
   ffmpeg-4-CVE-2024-32230.patch
   ffmpeg-4-CVE-2024-7055.patch (all merged)
 
+-------------------------------------------------------------------
+Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Adjust bconds to build the package in SLFO without xvidcore.
+
 -------------------------------------------------------------------
 Fri Sep  6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 

ffmpeg-4.spec

@@ -134,14 +134,16 @@ Patch10:        ffmpeg-chromium.patch
 Patch11:        ffmpeg-libglslang-detection.patch
 Patch14:        ffmpeg-glslang-cxx17.patch
 Patch15:        0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
+Patch16:        0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
 Patch17:        ffmpeg-CVE-2023-49502.patch
 Patch22:        ffmpeg-c99.patch
 Patch23:        0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
-Patch24:        ffmpeg-4-CVE-2024-12361.patch
-Patch25:        ffmpeg-4-CVE-2025-22919.patch
-Patch26:        ffmpeg-4-CVE-2025-0518.patch
-Patch27:        ffmpeg-4-CVE-2025-25473.patch
-Patch28:        ffmpeg-4-CVE-2025-22921.patch
+Patch24:        ffmpeg-4-CVE-2024-35368.patch
+Patch25:        ffmpeg-4-CVE-2024-12361.patch
+Patch26:        ffmpeg-4-CVE-2025-22919.patch
+Patch27:        ffmpeg-4-CVE-2025-0518.patch
+Patch28:        ffmpeg-4-CVE-2025-25473.patch
+Patch29:        ffmpeg-4-CVE-2025-22921.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel