diff --git a/ffmpeg-4.4-CVE-2020-22046.patch b/ffmpeg-4-CVE-2020-22046.patch similarity index 100% rename from ffmpeg-4.4-CVE-2020-22046.patch rename to ffmpeg-4-CVE-2020-22046.patch diff --git a/ffmpeg-CVE-2023-49502.patch b/ffmpeg-5-CVE-2023-49502.patch similarity index 100% rename from ffmpeg-CVE-2023-49502.patch rename to ffmpeg-5-CVE-2023-49502.patch diff --git a/ffmpeg-CVE-2023-50007.patch b/ffmpeg-5-CVE-2023-50007.patch similarity index 100% rename from ffmpeg-CVE-2023-50007.patch rename to ffmpeg-5-CVE-2023-50007.patch diff --git a/ffmpeg-CVE-2023-50008.patch b/ffmpeg-5-CVE-2023-50008.patch similarity index 100% rename from ffmpeg-CVE-2023-50008.patch rename to ffmpeg-5-CVE-2023-50008.patch diff --git a/ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch b/ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch similarity index 97% rename from ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch rename to ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch index a796a16..e7e64a7 100644 --- a/ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch +++ b/ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch @@ -1,16 +1,14 @@ commit cf1f57443158bcbe84a213e8dc631a302993f9a2 Author: Thilo Borgmann Date: Mon Jul 18 16:09:46 2022 +0200 +Subject: lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel References: CVE-2023-50009 -References: https://bugzilla.opensuse.org/1172423 +References: bsc#1172423 +Upstream: Backport from upstream -lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel +Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur +and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao -[Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur -and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao] - -diff --git a/libavfilter/edge_common.c b/libavfilter/edge_common.c -index d72e8521cd..ebd47d7c53 100644 --- a/libavfilter/edge_common.c +++ b/libavfilter/edge_common.c @@ -46,33 +46,13 @@ static int get_rounded_direction(int gx, int gy) @@ -312,4 +310,3 @@ index 90390ceb3e..603f06f141 100644 * ignore the rest, so we need a clean output buffer */ -- 2.41.0 - diff --git a/ffmpeg-CVE-2023-50009.patch b/ffmpeg-5-CVE-2023-50009.patch similarity index 100% rename from ffmpeg-CVE-2023-50009.patch rename to ffmpeg-5-CVE-2023-50009.patch diff --git a/ffmpeg-CVE-2023-50010.patch b/ffmpeg-5-CVE-2023-50010.patch similarity index 100% rename from ffmpeg-CVE-2023-50010.patch rename to ffmpeg-5-CVE-2023-50010.patch diff --git a/ffmpeg-CVE-2023-51793.patch b/ffmpeg-5-CVE-2023-51793.patch similarity index 100% rename from ffmpeg-CVE-2023-51793.patch rename to ffmpeg-5-CVE-2023-51793.patch diff --git a/ffmpeg-5-CVE-2024-32228.patch b/ffmpeg-5-CVE-2024-32228.patch new file mode 100644 index 0000000..5fe925a --- /dev/null +++ b/ffmpeg-5-CVE-2024-32228.patch @@ -0,0 +1,66 @@ +From 459648761f5412acdc3317d5bac982ceaa257584 +Author: Niklas Haas +Date: Sat Apr 6 13:11:09 2024 +0200 +Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata +References: CVE-2024-32228 +References: bsc#1227277 +Upstream: Backport from upstream + +Invalid input files may contain film grain metadata which survives +ff_h274_film_grain_params_supported() but does not pass +av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end(). + +Fix this by duplicating the av_film_grain_params_select() check at frame +init time. + +An alternative solution here would be to defer the incompatibility check +to hevc_frame_end(), but this has the downside of allocating a film +grain buffer even when we already know we can't apply film grain. + +Fixes: https://trac.ffmpeg.org/ticket/10951 + +--- ffmpeg-5.1.4/libavcodec/hevcdec.c ++++ ffmpeg-5.1.4_new/libavcodec/hevcdec.c +@@ -3035,12 +3035,29 @@ + goto fail; + } + +- s->ref->frame->key_frame = IS_IRAP(s); ++ if (IS_IRAP(s)) ++ s->ref->frame->flags |= AV_FRAME_FLAG_KEY; ++ else ++ s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY; + +- s->ref->needs_fg = s->sei.film_grain_characteristics.present && ++ s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present || ++ s->sei.common.aom_film_grain.enable) && + !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) && + !s->avctx->hwaccel; + ++ ret = set_side_data(s); ++ if (ret < 0) ++ goto fail; ++ ++ if (s->ref->needs_fg && ++ ( s->sei.common.film_grain_characteristics.present && ++ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, ++ s->ref->frame->format)) ++ || !av_film_grain_params_select(s->ref->frame)) { ++ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown, ++ "Unsupported film grain parameters. Ignoring film grain.\n"); ++ s->ref->needs_fg = 0; ++ } + if (s->ref->needs_fg) { + s->ref->frame_grain->format = s->ref->frame->format; + s->ref->frame_grain->width = s->ref->frame->width; +@@ -3049,10 +3066,6 @@ + goto fail; + } + +- ret = set_side_data(s); +- if (ret < 0) +- goto fail; +- + s->frame->pict_type = 3 - s->sh.slice_type; + + if (!IS_IRAP(s)) diff --git a/ffmpeg-5-CVE-2024-32230.patch b/ffmpeg-5-CVE-2024-32230.patch new file mode 100644 index 0000000..7828de3 --- /dev/null +++ b/ffmpeg-5-CVE-2024-32230.patch @@ -0,0 +1,25 @@ +From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 +Author: Michael Niedermayer +Date: Mon Apr 8 18:38:42 2024 +0200 +Subject: avcodec/mpegvideo_enc: Fix 1 line and one column images +References: CVE-2024-32230 +References: bsc#1227296 +Upstream: Backport from upstream + +Fixes: Ticket10952 +Fixes: poc21ffmpeg +Signed-off-by: Michael Niedermayer + +--- ffmpeg-5.1.4/libavcodec/mpegvideo_enc.c ++++ ffmpeg-5.1.4_new/libavcodec/mpegvideo_enc.c +@@ -1087,8 +1087,8 @@ + int dst_stride = i ? s->uvlinesize : s->linesize; + int h_shift = i ? h_chroma_shift : 0; + int v_shift = i ? v_chroma_shift : 0; +- int w = s->width >> h_shift; +- int h = s->height >> v_shift; ++ int w = AV_CEIL_RSHIFT(s->width , h_shift); ++ int h = AV_CEIL_RSHIFT(s->height, v_shift); + uint8_t *src = pic_arg->data[i]; + uint8_t *dst = pic->f->data[i]; + int vpad = 16; diff --git a/ffmpeg-5.1.4.tar.xz b/ffmpeg-5.1.4.tar.xz index 9a1695d..3252991 100644 Binary files a/ffmpeg-5.1.4.tar.xz and b/ffmpeg-5.1.4.tar.xz differ diff --git a/ffmpeg-5.changes b/ffmpeg-5.changes index 3ece908..8bf01b4 100644 --- a/ffmpeg-5.changes +++ b/ffmpeg-5.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao + +- Add ffmpeg-5-CVE-2024-32230.patch: + Backporting 96449cfe from upstream, Fix 1 line and one column images. + (CVE-2024-32230, bsc#1227296) + +------------------------------------------------------------------- +Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao + +- Add ffmpeg-5-CVE-2024-32228.patch: + Backporting 45964876 from upstream, Fix segfault on invalid film + grain metadata. + (CVE-2024-32228, bsc#1227277) + +------------------------------------------------------------------- +Tue Jul 2 11:28:10 UTC 2024 - Cliff Zhao + +- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number) + ffmpeg-4.4-CVE-2020-22046.patch + ffmpeg-5-CVE-2023-50007.patch + ffmpeg-5-CVE-2023-50008.patch + ffmpeg-5-CVE-2023-49502.patch + ffmpeg-5-CVE-2023-51793.patch + ffmpeg-5-CVE-2023-50009.patch + ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch + ffmpeg-5-CVE-2023-50010.patch + ------------------------------------------------------------------- Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao @@ -22,7 +50,7 @@ Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao ------------------------------------------------------------------- Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao -- Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch: +- Add ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch: Backporting cf1f5744 from upstream, Templatify function ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009. (CVE-2023-50009 bsc#1223255) @@ -267,7 +295,7 @@ Thu Jan 5 12:57:10 UTC 2023 - Jan Engelhardt ------------------------------------------------------------------- Mon Dec 12 21:18:30 UTC 2022 - Dirk Müller -- build for x86_64 subarchs the same way like for baseline +- build for x86_64 subarchs the same way like for baseline ------------------------------------------------------------------- Thu Dec 8 11:27:56 UTC 2022 - Callum Farmer @@ -418,7 +446,7 @@ Sat Apr 9 22:36:13 UTC 2022 - Dirk Müller * avcodec/libdav1d: free the Dav1dData packet on dav1d_send_data() failure * avcodec/h264_parser: don't alter decoder private data * configure: link to libatomic when it's present - * fate/ffmpeg: add missing samples dependency to fate-shortest + * fate/ffmpeg: add missing samples dependency to fate-shortest ------------------------------------------------------------------- Thu Mar 10 13:37:06 UTC 2022 - Bjørn Lie diff --git a/ffmpeg-5.spec b/ffmpeg-5.spec index 117cd60..137db54 100644 --- a/ffmpeg-5.spec +++ b/ffmpeg-5.spec @@ -92,9 +92,6 @@ Summary: Set of libraries for working with various multimedia formats License: GPL-3.0-or-later Group: Productivity/Multimedia/Video/Editors and Convertors URL: https://ffmpeg.org/ - -#Freshcode-URL: http://freshcode.club/projects/ffmpeg -#Git-Clone: git://source.ffmpeg.org/ffmpeg Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc Source3: ffmpeg-5-rpmlintrc @@ -104,13 +101,12 @@ Source6: ffmpeg-dlopen-headers.tar.xz Source92: ffmpeg_get_dlopen_headers.sh Source98: http://ffmpeg.org/ffmpeg-devel.asc#/ffmpeg-5.keyring Source99: baselibs.conf - Patch1: ffmpeg-arm6l.diff Patch2: ffmpeg-new-coder-errors.diff Patch3: ffmpeg-codec-choice.diff Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch Patch5: work-around-abi-break.patch -Patch9: ffmpeg-4.4-CVE-2020-22046.patch +Patch9: ffmpeg-4-CVE-2020-22046.patch Patch10: 0001-avfilter-af_dialoguenhance-fix-overreads.patch Patch11: 0001-avfilter-af_dialoguenhance-simplify-channels-copy.patch Patch12: 0001-avfilter-af_dialoguenhance-do-output-scaling-once.patch @@ -122,13 +118,15 @@ Patch17: 0001-avfilter-af_stereowiden-Check-length.patch Patch90: ffmpeg-chromium.patch Patch91: ffmpeg-dlopen-openh264.patch Patch93: soname.diff -Patch94: ffmpeg-CVE-2023-50007.patch -Patch95: ffmpeg-CVE-2023-50008.patch -Patch96: ffmpeg-CVE-2023-49502.patch -Patch97: ffmpeg-CVE-2023-51793.patch -Patch98: ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch -Patch99: ffmpeg-CVE-2023-50009.patch -Patch100: ffmpeg-CVE-2023-50010.patch +Patch94: ffmpeg-5-CVE-2023-50007.patch +Patch95: ffmpeg-5-CVE-2023-50008.patch +Patch96: ffmpeg-5-CVE-2023-49502.patch +Patch97: ffmpeg-5-CVE-2023-51793.patch +Patch98: ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch +Patch99: ffmpeg-5-CVE-2023-50009.patch +Patch100: ffmpeg-5-CVE-2023-50010.patch +Patch101: ffmpeg-5-CVE-2024-32228.patch +Patch102: ffmpeg-5-CVE-2024-32230.patch %if %{with amf_sdk} BuildRequires: AMF-devel %endif diff --git a/ffmpeg-dlopen-headers.tar.xz b/ffmpeg-dlopen-headers.tar.xz index c72db64..e7ece3c 100644 Binary files a/ffmpeg-dlopen-headers.tar.xz and b/ffmpeg-dlopen-headers.tar.xz differ