pool/ffmpeg-4
SHA256
11
0
Fork 3
Code Issues Pull Requests Activity

Compare commits

merge into: pool:leap-16.0
Branches Tags
pool:factory pool:leap-16.0 pool:devel qzhao:master qzhao:Devel qzhao:ffmpeg-4_adjust_bconds
...
pull from: qzhao:Devel
Branches Tags
qzhao:master qzhao:Devel qzhao:ffmpeg-4_adjust_bconds pool:factory pool:leap-16.0 pool:devel

2 Commits
leap-16.0 ... Devel

Author SHA256 Message Date
ZhaoQiang
b820dddcdb Fix typo CVE bugID. 2025-06-11 16:09:40 +08:00
ZhaoQiang
a0ecb7ad2d Porting lost ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch and add lost bugID in changelog. 2025-03-25 14:02:21 +08:00
3 changed files with 66 additions and 9 deletions
Expand all files Collapse all files

38
ffmpeg-4.changes
View File

@@ -72,6 +72,7 @@ Mon Jan 6 11:53:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
ffmpeg-CVE-2023-50010.patch
ffmpeg-4-CVE-2024-32230.patch
ffmpeg-4-CVE-2024-7055.patch (all merged)
(CVE-2023-51798, bsc#1223304)
-------------------------------------------------------------------
Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
@@ -110,7 +111,7 @@ Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-50010.patch:
Backporting e4d2666b from upstream, fixes the out of array access.
(CVE-2023-a50010, bsc#1223256)
(CVE-2023-50010, bsc#1223256)
-------------------------------------------------------------------
Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@@ -136,20 +137,39 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
-------------------------------------------------------------------
Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Address boo#1223304/CVE-2023-51798: add patch
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch:
Backporting 68146f06 from upstream, Check pts before division.
(CVE-2023-51798, bsc#1223304)
-------------------------------------------------------------------
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Address boo#1223070/CVE-2024-31578: add patch
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch:
Backporting 76a48e85 from upstream, Check length.
(CVE-2024-31578, bsc#1223070)
-------------------------------------------------------------------
Mon Feb 12 18:23:41 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
* fixes build against dav1d, which has been updated in
SUSE:SLE-15-SP5:Update (where apparently no rebuild of ffmpeg-4
had been triggered)
-------------------------------------------------------------------
Fri Feb 2 09:34:15 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- drop support for libmfx, which is no longer supported upstream
at all (boo#1219494)
- no longer build against libmfx; build also 15.5 against libvpl
(boo#1230983, boo#1219494)
- dropping support for libmfx below covers:
* libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
* libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
* libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
* libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
* libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
* Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892)
* Drop libmfx dependency from our product (jira #PED-10024)
-------------------------------------------------------------------
Tue Dec 26 13:36:38 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
@@ -169,7 +189,7 @@ Fri Nov 3 08:17:13 UTC 2023 - Marcus Meissner <meissner@suse.com>
- Add ffmpeg-fix-new-binutils.patch:
Backporting 01fc3034 from upstream, Fix build with new binutils
(bsc#1215309)
-------------------------------------------------------------------
Mon Oct 30 11:16:43 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
@@ -550,7 +570,7 @@ Fri Mar 31 00:41:22 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
- Add Samba support for Factory (as this needs a fix in Samba itself)
Add --enable-libsmbclient to configure, add BR on pkgconfig(smbclient)
- License is now GPLv3+ by default (--enable-version3)
-------------------------------------------------------------------
Mon Mar 30 07:14:39 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>

1
ffmpeg-4.spec
View File

@@ -144,6 +144,7 @@ Patch26: ffmpeg-4-CVE-2025-22919.patch
Patch27: ffmpeg-4-CVE-2025-0518.patch
Patch28: ffmpeg-4-CVE-2025-25473.patch
Patch29: ffmpeg-4-CVE-2025-22921.patch
Patch30: ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel

36
ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch Normal file
View File

@@ -0,0 +1,36 @@
commit e204846ec16c1ab34c7f3a681734cf5190433018
Author: James Almer <jamrial@gmail.com>
Date: Fri Sep 3 13:50:32 2021 -0300
avcodec/libdav1d: fix compilation after recent libdav1d API changes
They were done in preparation for an upcoming 1.0 release.
Keep supporting previous releases for the time being.
Reviewed-by: BBB
Signed-off-by: James Almer <jamrial@gmail.com>
--- a/libavcodec/libdav1d.c
+++ b/libavcodec/libdav1d.c
@@ -202,6 +202,9 @@
Libdav1dContext *dav1d = c->priv_data;
Dav1dData *data = &dav1d->data;
Dav1dPicture pic = { 0 }, *p = &pic;
+#if FF_DAV1D_VERSION_AT_LEAST(5,1)
+ enum Dav1dEventFlags event_flags = 0;
+#endif
int res;
if (!data->sz) {
@@ -280,6 +283,11 @@
frame->linesize[1] = p->stride[1];
frame->linesize[2] = p->stride[1];
+#if FF_DAV1D_VERSION_AT_LEAST(5,1)
+ dav1d_get_event_flags(dav1d->c, &event_flags);
+ if (c->pix_fmt == AV_PIX_FMT_NONE ||
+ event_flags & DAV1D_EVENT_FLAG_NEW_SEQUENCE)
+#endif
c->profile = p->seq_hdr->profile;
c->level = ((p->seq_hdr->operating_points[0].major_level - 2) << 2)
| p->seq_hdr->operating_points[0].minor_level;