From 3c3fb2af326629c2fc9f573ed78209dc36c8b72dcdf02f82a1a2df6930a395e3 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 25 Apr 2024 21:52:31 +0000 Subject: [PATCH] move metadata into patch OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-5?expand=0&rev=89 --- ffmpeg-5.spec | 4 ---- ffmpeg-CVE-2023-49502.patch | 37 +++++++++++++++++++------------------ ffmpeg-CVE-2023-50007.patch | 11 ++++++----- ffmpeg-CVE-2023-50008.patch | 11 ++++++----- ffmpeg-CVE-2023-51793.patch | 21 +++++++++++---------- 5 files changed, 42 insertions(+), 42 deletions(-) diff --git a/ffmpeg-5.spec b/ffmpeg-5.spec index 6bda629..2deeee9 100644 --- a/ffmpeg-5.spec +++ b/ffmpeg-5.spec @@ -121,13 +121,9 @@ Patch16: 0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch Patch90: ffmpeg-chromium.patch Patch91: ffmpeg-dlopen-openh264.patch Patch93: soname.diff -# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50007.patch CVE-2023-50007 bsc#1223253 qzhao@suse.com -- Fix crash with EOF handling. Patch94: ffmpeg-CVE-2023-50007.patch -# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50008.patch CVE-2023-50008 bsc#1223254 qzhao@suse.com -- Fix memory leaks. Patch95: ffmpeg-CVE-2023-50008.patch -# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-49502.patch CVE-2023-49502 bsc#1223235 qzhao@suse.com -- Account for chroma sub-sampling in min size calculation. Patch96: ffmpeg-CVE-2023-49502.patch -# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-51793.patch CVE-2023-51793 bsc#1223272 qzhao@suse.com -- Fix odd height handling. Patch97: ffmpeg-CVE-2023-51793.patch %if %{with amf_sdk} BuildRequires: AMF-devel diff --git a/ffmpeg-CVE-2023-49502.patch b/ffmpeg-CVE-2023-49502.patch index e741937..f7137b4 100644 --- a/ffmpeg-CVE-2023-49502.patch +++ b/ffmpeg-CVE-2023-49502.patch @@ -1,22 +1,23 @@ -commit 737ede405b11a37fdd61d19cf25df296a0cb0b75 -Author: Cosmin Stejerean -Date: Wed Dec 6 18:39:32 2023 +0800 +From 737ede405b11a37fdd61d19cf25df296a0cb0b75 +From: Cosmin Stejerean +Date: Wed Dec 6 18:39:32 2023 +0800 +Subject: avfilter/bwdif: account for chroma sub-sampling in min size calculation +References: https://bugzilla.opensuse.org/1223235 +References: CVE-2023-49502 - avfilter/bwdif: account for chroma sub-sampling in min size calculation - - The current logic for detecting frames that are too small for the - algorithm does not account for chroma sub-sampling, and so a sample - where the luma plane is large enough, but the chroma planes are not - will not be rejected. In that event, a heap overflow will occur. - - This change adjusts the logic to consider the chroma planes and makes - the change to all three bwdif implementations. - - Fixes #10688 - - Signed-off-by: Cosmin Stejerean - Reviewed-by: Thomas Mundt - Signed-off-by: Philip Langdale +The current logic for detecting frames that are too small for the +algorithm does not account for chroma sub-sampling, and so a sample +where the luma plane is large enough, but the chroma planes are not +will not be rejected. In that event, a heap overflow will occur. + +This change adjusts the logic to consider the chroma planes and makes +the change to all three bwdif implementations. + +Fixes #10688 + +Signed-off-by: Cosmin Stejerean +Reviewed-by: Thomas Mundt +Signed-off-by: Philip Langdale diff -Nura ffmpeg-5.1.4/libavfilter/vf_bwdif.c ffmpeg-5.1.4_new/libavfilter/vf_bwdif.c --- ffmpeg-5.1.4/libavfilter/vf_bwdif.c 2023-11-10 07:38:51.000000000 +0800 diff --git a/ffmpeg-CVE-2023-50007.patch b/ffmpeg-CVE-2023-50007.patch index e342ee3..365136c 100644 --- a/ffmpeg-CVE-2023-50007.patch +++ b/ffmpeg-CVE-2023-50007.patch @@ -1,8 +1,9 @@ -commit b1942734c7cbcdc9034034373abcc9ecb9644c47 -Author: Paul B Mahol -Date: Mon Nov 27 11:45:34 2023 +0100 - - avfilter/af_afwtdn: fix crash with EOF handling +From b1942734c7cbcdc9034034373abcc9ecb9644c47 +From: Paul B Mahol +Date: Mon Nov 27 11:45:34 2023 +0100 +Subject: avfilter/af_afwtdn: fix crash with EOF handling +References: https://bugzilla.opensuse.org/1223253 +References: CVE-2023-50007 diff -Nura ffmpeg-5.1.4/libavfilter/af_afwtdn.c ffmpeg-5.1.4_new/libavfilter/af_afwtdn.c --- ffmpeg-5.1.4/libavfilter/af_afwtdn.c 2023-11-10 07:38:51.000000000 +0800 diff --git a/ffmpeg-CVE-2023-50008.patch b/ffmpeg-CVE-2023-50008.patch index 9a041fd..a87ff56 100644 --- a/ffmpeg-CVE-2023-50008.patch +++ b/ffmpeg-CVE-2023-50008.patch @@ -1,8 +1,9 @@ -commit 5f87a68cf70dafeab2fb89b42e41a4c29053b89b -Author: Paul B Mahol -Date: Mon Nov 27 12:08:20 2023 +0100 - - avfilter/vf_colorcorrect: fix memory leaks +From 5f87a68cf70dafeab2fb89b42e41a4c29053b89b +From: Paul B Mahol +Date: Mon Nov 27 12:08:20 2023 +0100 +Subject: avfilter/vf_colorcorrect: fix memory leaks +References: https://bugzilla.opensuse.org/1223254 +References: CVE-2023-50008 diff -Nura ffmpeg-5.1.4/libavfilter/vf_colorcorrect.c ffmpeg-5.1.4_new/libavfilter/vf_colorcorrect.c --- ffmpeg-5.1.4/libavfilter/vf_colorcorrect.c 2023-11-10 07:38:51.000000000 +0800 diff --git a/ffmpeg-CVE-2023-51793.patch b/ffmpeg-CVE-2023-51793.patch index 4074c61..18a6bc1 100644 --- a/ffmpeg-CVE-2023-51793.patch +++ b/ffmpeg-CVE-2023-51793.patch @@ -1,14 +1,15 @@ -commit 0ecc1f0e48930723d7a467761b66850811c23e62 -Author: Michael Niedermayer -Date: Fri Dec 22 12:31:35 2023 +0100 +From 0ecc1f0e48930723d7a467761b66850811c23e62 +From: Michael Niedermayer +Date: Fri Dec 22 12:31:35 2023 +0100 +Subject: avfilter/vf_weave: Fix odd height handling +References: https://bugzilla.opensuse.org/1223272 +References: CVE-2023-51793 + +Fixes: out of array access +Fixes: tickets/10743/poc10ffmpeg - avfilter/vf_weave: Fix odd height handling - - Fixes: out of array access - Fixes: tickets/10743/poc10ffmpeg - - Found-by: Zeng Yunxiang and Li Zeyuan - Signed-off-by: Michael Niedermayer +Found-by: Zeng Yunxiang and Li Zeyuan +Signed-off-by: Michael Niedermayer diff -Nura ffmpeg-5.1.4/libavfilter/vf_weave.c ffmpeg-5.1.4_new/libavfilter/vf_weave.c --- ffmpeg-5.1.4/libavfilter/vf_weave.c 2023-11-10 07:38:51.000000000 +0800