Add ffmpeg-5-CVE-2024-32228.patch, ffmpeg-5-CVE-2024-32230.patch: backport fixes from upstream to fix CVE issues.

This commit is contained in:
Cliff Zhao 2024-07-24 20:27:35 +08:00
parent b1d0945196
commit d7766bca89
14 changed files with 137 additions and 23 deletions

View File

@ -1,16 +1,14 @@
commit cf1f57443158bcbe84a213e8dc631a302993f9a2
Author: Thilo Borgmann <thilo.borgmann@mail.de>
Date: Mon Jul 18 16:09:46 2022 +0200
Subject: lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel
References: CVE-2023-50009
References: https://bugzilla.opensuse.org/1172423
References: bsc#1172423
Upstream: Backport from upstream
lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel
Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur
and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao
[Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur
and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao]
diff --git a/libavfilter/edge_common.c b/libavfilter/edge_common.c
index d72e8521cd..ebd47d7c53 100644
--- a/libavfilter/edge_common.c
+++ b/libavfilter/edge_common.c
@@ -46,33 +46,13 @@ static int get_rounded_direction(int gx, int gy)
@ -312,4 +310,3 @@ index 90390ceb3e..603f06f141 100644
* ignore the rest, so we need a clean output buffer */
--
2.41.0

View File

@ -0,0 +1,66 @@
From 459648761f5412acdc3317d5bac982ceaa257584
Author: Niklas Haas <git@haasn.dev>
Date: Sat Apr 6 13:11:09 2024 +0200
Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
References: CVE-2024-32228
References: bsc#1227277
Upstream: Backport from upstream
Invalid input files may contain film grain metadata which survives
ff_h274_film_grain_params_supported() but does not pass
av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
Fix this by duplicating the av_film_grain_params_select() check at frame
init time.
An alternative solution here would be to defer the incompatibility check
to hevc_frame_end(), but this has the downside of allocating a film
grain buffer even when we already know we can't apply film grain.
Fixes: https://trac.ffmpeg.org/ticket/10951
--- ffmpeg-5.1.4/libavcodec/hevcdec.c
+++ ffmpeg-5.1.4_new/libavcodec/hevcdec.c
@@ -3035,12 +3035,29 @@
goto fail;
}
- s->ref->frame->key_frame = IS_IRAP(s);
+ if (IS_IRAP(s))
+ s->ref->frame->flags |= AV_FRAME_FLAG_KEY;
+ else
+ s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY;
- s->ref->needs_fg = s->sei.film_grain_characteristics.present &&
+ s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present ||
+ s->sei.common.aom_film_grain.enable) &&
!(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
!s->avctx->hwaccel;
+ ret = set_side_data(s);
+ if (ret < 0)
+ goto fail;
+
+ if (s->ref->needs_fg &&
+ ( s->sei.common.film_grain_characteristics.present &&
+ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
+ s->ref->frame->format))
+ || !av_film_grain_params_select(s->ref->frame)) {
+ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
+ "Unsupported film grain parameters. Ignoring film grain.\n");
+ s->ref->needs_fg = 0;
+ }
if (s->ref->needs_fg) {
s->ref->frame_grain->format = s->ref->frame->format;
s->ref->frame_grain->width = s->ref->frame->width;
@@ -3049,10 +3066,6 @@
goto fail;
}
- ret = set_side_data(s);
- if (ret < 0)
- goto fail;
-
s->frame->pict_type = 3 - s->sh.slice_type;
if (!IS_IRAP(s))

View File

@ -0,0 +1,25 @@
From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon Apr 8 18:38:42 2024 +0200
Subject: avcodec/mpegvideo_enc: Fix 1 line and one column images
References: CVE-2024-32230
References: bsc#1227296
Upstream: Backport from upstream
Fixes: Ticket10952
Fixes: poc21ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
--- ffmpeg-5.1.4/libavcodec/mpegvideo_enc.c
+++ ffmpeg-5.1.4_new/libavcodec/mpegvideo_enc.c
@@ -1087,8 +1087,8 @@
int dst_stride = i ? s->uvlinesize : s->linesize;
int h_shift = i ? h_chroma_shift : 0;
int v_shift = i ? v_chroma_shift : 0;
- int w = s->width >> h_shift;
- int h = s->height >> v_shift;
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
uint8_t *src = pic_arg->data[i];
uint8_t *dst = pic->f->data[i];
int vpad = 16;

Binary file not shown.

View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-5-CVE-2024-32230.patch:
Backporting 96449cfe from upstream, Fix 1 line and one column images.
(CVE-2024-32230, bsc#1227296)
-------------------------------------------------------------------
Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-5-CVE-2024-32228.patch:
Backporting 45964876 from upstream, Fix segfault on invalid film
grain metadata.
(CVE-2024-32228, bsc#1227277)
-------------------------------------------------------------------
Tue Jul 2 11:28:10 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number)
ffmpeg-4.4-CVE-2020-22046.patch
ffmpeg-5-CVE-2023-50007.patch
ffmpeg-5-CVE-2023-50008.patch
ffmpeg-5-CVE-2023-49502.patch
ffmpeg-5-CVE-2023-51793.patch
ffmpeg-5-CVE-2023-50009.patch
ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
ffmpeg-5-CVE-2023-50010.patch
-------------------------------------------------------------------
Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@ -22,7 +50,7 @@ Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
-------------------------------------------------------------------
Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch:
- Add ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch:
Backporting cf1f5744 from upstream, Templatify function
ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009.
(CVE-2023-50009 bsc#1223255)

View File

@ -92,9 +92,6 @@ Summary: Set of libraries for working with various multimedia formats
License: GPL-3.0-or-later
Group: Productivity/Multimedia/Video/Editors and Convertors
URL: https://ffmpeg.org/
#Freshcode-URL: http://freshcode.club/projects/ffmpeg
#Git-Clone: git://source.ffmpeg.org/ffmpeg
Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz
Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
Source3: ffmpeg-5-rpmlintrc
@ -104,13 +101,12 @@ Source6: ffmpeg-dlopen-headers.tar.xz
Source92: ffmpeg_get_dlopen_headers.sh
Source98: http://ffmpeg.org/ffmpeg-devel.asc#/ffmpeg-5.keyring
Source99: baselibs.conf
Patch1: ffmpeg-arm6l.diff
Patch2: ffmpeg-new-coder-errors.diff
Patch3: ffmpeg-codec-choice.diff
Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch
Patch5: work-around-abi-break.patch
Patch9: ffmpeg-4.4-CVE-2020-22046.patch
Patch9: ffmpeg-4-CVE-2020-22046.patch
Patch10: 0001-avfilter-af_dialoguenhance-fix-overreads.patch
Patch11: 0001-avfilter-af_dialoguenhance-simplify-channels-copy.patch
Patch12: 0001-avfilter-af_dialoguenhance-do-output-scaling-once.patch
@ -122,13 +118,15 @@ Patch17: 0001-avfilter-af_stereowiden-Check-length.patch
Patch90: ffmpeg-chromium.patch
Patch91: ffmpeg-dlopen-openh264.patch
Patch93: soname.diff
Patch94: ffmpeg-CVE-2023-50007.patch
Patch95: ffmpeg-CVE-2023-50008.patch
Patch96: ffmpeg-CVE-2023-49502.patch
Patch97: ffmpeg-CVE-2023-51793.patch
Patch98: ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
Patch99: ffmpeg-CVE-2023-50009.patch
Patch100: ffmpeg-CVE-2023-50010.patch
Patch94: ffmpeg-5-CVE-2023-50007.patch
Patch95: ffmpeg-5-CVE-2023-50008.patch
Patch96: ffmpeg-5-CVE-2023-49502.patch
Patch97: ffmpeg-5-CVE-2023-51793.patch
Patch98: ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch
Patch99: ffmpeg-5-CVE-2023-50009.patch
Patch100: ffmpeg-5-CVE-2023-50010.patch
Patch101: ffmpeg-5-CVE-2024-32228.patch
Patch102: ffmpeg-5-CVE-2024-32230.patch
%if %{with amf_sdk}
BuildRequires: AMF-devel
%endif

Binary file not shown.