Fix typo CVE bugID.

0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch

@@ -0,0 +1,33 @@
+From d1ed5c06e3edc5f2b5f3664c80121fa55b0baa95 Mon Sep 17 00:00:00 2001
+From: Gyan Doshi <ffmpeg@gyani.pro>
+Date: Sat, 22 Feb 2025 10:38:53 +0530
+Subject: [PATCH] avcodec/libsvtav1: unbreak build with latest svtav1
+
+SVT-AV1 made a change in their public API in 988e930c but without a
+version bump or any other accessible marker, thus breaking ffmpeg build
+with current versions of SVT-AV1.
+
+They have finally bumped versions a month later, so check added.
+---
+ libavcodec/libsvtav1.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libavcodec/libsvtav1.c b/libavcodec/libsvtav1.c
+index 79b28eb4df..43fe531fde 100644
+--- a/libavcodec/libsvtav1.c
++++ b/libavcodec/libsvtav1.c
+@@ -435,7 +435,11 @@ static av_cold int eb_enc_init(AVCodecContext *avctx)
+ 
+     svt_enc->eos_flag = EOS_NOT_REACHED;
+ 
++#if SVT_AV1_CHECK_VERSION(3, 0, 0)
++    svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, &svt_enc->enc_params);
++#else
+     svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, svt_enc, &svt_enc->enc_params);
++#endif
+     if (svt_ret != EB_ErrorNone) {
+         return svt_print_error(avctx, svt_ret, "Error initializing encoder handle");
+     }
+-- 
+2.48.1
+

ffmpeg-4-CVE-2024-12361.patch

@@ -0,0 +1,32 @@
+From 4065ff69a2ed49872f8694a03d0642b18c9d977c Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiashengjiangcool@outlook.com>
+Date: Mon, 10 Jun 2024 14:18:11 +0000
+Subject: [PATCH] avcodec/mpegvideo_enc: Add check for
+ av_packet_new_side_data()
+
+Add check for av_packet_new_side_data() to avoid null pointer
+dereference if allocation fails.
+
+Fixes: bdc1220eeb ("h263enc: Add an option for outputting info about MBs as side data")
+Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
+Signed-off-by: Anton Khirnov <anton@khirnov.net>
+---
+ libavcodec/mpegvideo_enc.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
+index 620ca08869..d33754d115 100644
+--- a/libavcodec/mpegvideo_enc.c
++++ b/libavcodec/mpegvideo_enc.c
+@@ -1825,6 +1825,8 @@ int ff_mpv_encode_picture(AVCodecContext *avctx, AVPacket *pkt,
+             s->mb_info_ptr = av_packet_new_side_data(pkt,
+                                  AV_PKT_DATA_H263_MB_INFO,
+                                  s->mb_width*s->mb_height*12);
++            if (!s->mb_info_ptr)
++                return AVERROR(ENOMEM);
+             s->prev_mb_info = s->last_mb_info = s->mb_info_size = 0;
+         }
+ 
+-- 
+2.44.0
+

ffmpeg-4-CVE-2024-35368.patch

@@ -0,0 +1,31 @@
+From 4513300989502090c4fd6560544dce399a8cd53c Mon Sep 17 00:00:00 2001
+From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+Date: Sun, 24 Sep 2023 13:15:48 +0200
+Subject: [PATCH] avcodec/rkmppdec: Fix double-free on error
+
+After having created the AVBuffer that is put into frame->buf[0],
+ownership of several objects (namely an AVDRMFrameDescriptor,
+an MppFrame and some AVBufferRefs framecontextref and decoder_ref)
+has passed to the AVBuffer and therefore to the frame.
+Yet it has nevertheless been freed manually on error
+afterwards, which would lead to a double-free as soon
+as the AVFrame is unreferenced.
+
+Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
+---
+ libavcodec/rkmppdec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/libavcodec/rkmppdec.c
++++ b/libavcodec/rkmppdec.c
+@@ -460,8 +460,8 @@
+ 
+             frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref);
+             if (!frame->hw_frames_ctx) {
+-                ret = AVERROR(ENOMEM);
+-                goto fail;
++                av_frame_unref(frame);
++                return AVERROR(ENOMEM);
+             }
+ 
+             return 0;

ffmpeg-4-CVE-2025-0518.patch

@@ -0,0 +1,29 @@
+From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 6 Jan 2025 22:01:39 +0100
+Subject: [PATCH] avfilter/af_pan: Fix sscanf() use
+
+Fixes: Memory Data Leak
+
+Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavfilter/af_pan.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
+index 0d20b0307b..5feb2439c7 100644
+--- a/libavfilter/af_pan.c
++++ b/libavfilter/af_pan.c
+@@ -196,7 +196,7 @@ static av_cold int init(AVFilterContext *ctx)
+         sign = 1;
+         while (1) {
+             gain = 1;
+-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
++            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
+                 arg += len;
+             if (parse_channel_name(&arg, &in_ch_id, &named)){
+                 av_log(ctx, AV_LOG_ERROR,
+-- 
+2.44.0
+

ffmpeg-4-CVE-2025-22919.patch

@@ -0,0 +1,29 @@
+From 1446e37d3d032e1452844778b3e6ba2c20f0c322 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Mon, 30 Dec 2024 00:25:41 -0300
+Subject: [PATCH] avfilter/buffersrc: check for valid sample rate
+
+A sample rate <= 0 is invalid.
+
+Fixes an assert in ffmpeg_enc.c that assumed a valid sample rate would be set.
+Fixes ticket #11385.
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavfilter/buffersrc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/libavfilter/buffersrc.c
++++ b/libavfilter/buffersrc.c
+@@ -337,6 +337,11 @@
+         return AVERROR(EINVAL);
+     }
+ 
++    if (s->sample_rate <= 0) {
++        av_log(ctx, AV_LOG_ERROR, "Sample rate not set\n");
++        return AVERROR(EINVAL);
++    }
++
+     if (!s->time_base.num)
+         s->time_base = (AVRational){1, s->sample_rate};
+ 

ffmpeg-4-CVE-2025-22921.patch

@@ -0,0 +1,29 @@
+From 7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Wed, 1 Jan 2025 23:58:39 -0300
+Subject: [PATCH] avcodec/jpeg2000dec: clear array length when freeing it
+
+Fixes NULL pointer dereferences.
+Fixes ticket #11393.
+
+Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavcodec/jpeg2000dec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
+index e5e897a29f..b82d85d5ee 100644
+--- a/libavcodec/jpeg2000dec.c
++++ b/libavcodec/jpeg2000dec.c
+@@ -1521,6 +1521,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile,
+                 }
+             }
+             av_freep(&cblk->lengthinc);
++            cblk->nb_lengthinc = 0;
+         }
+     }
+     // Save state of stream
+-- 
+2.44.0
+

ffmpeg-4-CVE-2025-25473.patch

@@ -0,0 +1,26 @@
+From c08d300481b8ebb846cd43a473988fdbc6793d1b Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Fri, 17 Jan 2025 00:05:31 -0300
+Subject: [PATCH] avformat/avformat: also clear FFFormatContext packet queue
+ when closing a muxer
+
+packet_buffer is used in mux.c, and if a muxing process fails at a point where
+packets remained in said queue, they will leak.
+
+Fixes ticket #11419
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavformat/avformat.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/libavformat/utils.c
++++ b/libavformat/utils.c
+@@ -4478,6 +4478,7 @@
+     av_dict_free(&s->internal->id3v2_meta);
+     av_packet_free(&s->internal->pkt);
+     av_packet_free(&s->internal->parse_pkt);
++    avpriv_packet_list_free(&s->internal->packet_buffer, &s->internal->packet_buffer_end);
+     av_freep(&s->streams);
+     flush_packet_queue(s);
+     av_freep(&s->internal);

ffmpeg-4.changes

@@ -1,17 +1,83 @@
+-------------------------------------------------------------------
+Wed Mar  5 09:46:09 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
+  to build with SVT-AV1 3.0.0.
+
+-------------------------------------------------------------------
+Fri Feb 19 05:17:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2025-22921.patch:
+  Backporting 7f9c7f98 from upstream, clear array length when
+  freeing it.
+  (CVE-2025-22921, bsc#1237382)
+
+-------------------------------------------------------------------
+Fri Feb 19 04:27:06 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2025-25473.patch:
+  Backporting c08d3004 from upstream, clear FFFormatContext packet.
+  When packet_buffer is used in mux.c, and if a muxing process fails
+  at a point where packets remained in said queue.
+  (CVE-2025-25473, bsc#1237351)
+
+-------------------------------------------------------------------
+Fri Feb 19 03:18:02 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2025-0518.patch:
+  Backporting b5b6391d from upstream, fixes memory data leak when
+  use sscanf().
+  (CVE-2025-0518, bsc#1236007)
+
+-------------------------------------------------------------------
+Fri Feb 19 02:58:01 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2025-22919.patch:
+  Backporting 1446e37d from upstream, check for valid sample rate
+  As the sample rate <= 0 is invalid.
+  (CVE-2025-22919, bsc#1237371)
+
+-------------------------------------------------------------------
+Fri Feb 19 01:48:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2024-12361.patch:
+  Backporting 4065ff69 from upstream, add check for av_packet_new_side_data()
+  to avoid null pointer dereference if allocation fails.
+  (CVE-2024-12361, bsc#1237358)
+
+-------------------------------------------------------------------
+Fri Feb 19 01:11:17 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2024-35368.patch:
+  Backporting 45133009 from upstream, After having created the
+  AVBuffer that is put into frame->buf[0], ownership of several
+  objects Fix double-free on the AVFrame is unreferenced.
+  (CVE-2024-35368, bsc#1234028)
+
 -------------------------------------------------------------------
 Mon Jan  6 11:53:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
 
 - Update to release 4.4.5
   * Reliability/bug fixes
+  Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
+  Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int'
+  (CVE-2024-36613, bsc#1235092)
 - Delete
   0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
   0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
   0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
   ffmpeg-CVE-2023-51793.patch
   0001-avfilter-af_stereowiden-Check-length.patch
+  ffmpeg-fix-new-binutils.patch
   ffmpeg-CVE-2023-50010.patch
   ffmpeg-4-CVE-2024-32230.patch
   ffmpeg-4-CVE-2024-7055.patch (all merged)
+  (CVE-2023-51798, bsc#1223304)
+
+-------------------------------------------------------------------
+Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Adjust bconds to build the package in SLFO without xvidcore.
 
 -------------------------------------------------------------------
 Fri Sep  6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -45,7 +111,7 @@ Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50010.patch:
   Backporting e4d2666b from upstream, fixes the out of array access.
-  (CVE-2023-a50010, bsc#1223256)
+  (CVE-2023-50010, bsc#1223256)
 
 -------------------------------------------------------------------
 Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@@ -71,20 +137,39 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 -------------------------------------------------------------------
 Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 
-- Address boo#1223304/CVE-2023-51798: add patch
-  0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
+- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch:
+  Backporting 68146f06 from upstream, Check pts before division.
+  (CVE-2023-51798, bsc#1223304)
 
 -------------------------------------------------------------------
 Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 
-- Address boo#1223070/CVE-2024-31578: add patch
-  0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
+- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch:
+  Backporting 76a48e85 from upstream, Check length.
+  (CVE-2024-31578, bsc#1223070)
+
+-------------------------------------------------------------------
+Mon Feb 12 18:23:41 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
+
+- ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
+  * fixes build against dav1d, which has been updated in
+    SUSE:SLE-15-SP5:Update (where apparently no rebuild of ffmpeg-4
+    had been triggered)
 
 -------------------------------------------------------------------
 Fri Feb  2 09:34:15 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
 
-- drop support for libmfx, which is no longer supported upstream
-  at all (boo#1219494)
+- no longer build against libmfx; build also 15.5 against libvpl
+ (boo#1230983, boo#1219494)
+
+- dropping support for libmfx below covers:
+  * libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
+  * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
+  * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
+  * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
+  * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
+  * Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892)
+  * Drop libmfx dependency from our product (jira #PED-10024)
 
 -------------------------------------------------------------------
 Tue Dec 26 13:36:38 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
@@ -98,6 +183,13 @@ Wed Dec  6 08:50:00 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
 
 - Copy codec list from ffmpeg-6
 
+-------------------------------------------------------------------
+Fri Nov  3 08:17:13 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- Add ffmpeg-fix-new-binutils.patch:
+  Backporting 01fc3034 from upstream, Fix build with new binutils
+  (bsc#1215309)
+
 -------------------------------------------------------------------
 Mon Oct 30 11:16:43 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
 
@@ -114,6 +206,14 @@ Tue Jun 27 07:42:23 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
 
 - Add 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
 
+-------------------------------------------------------------------
+Thu Apr 27 09:27:53 UTC 2023 - Alynx Zhou <alynx.zhou@suse.com>
+
+- Add ffmpeg-4-CVE-2022-48434.patch:
+  Backport d4b7b3c0 from upstream, Fix use after free in
+  libavcodec/pthread_frame.c.
+  (CVE-2022-48434, bsc#1209934)
+
 -------------------------------------------------------------------
 Wed Apr 19 21:00:41 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 
@@ -121,7 +221,7 @@ Wed Apr 19 21:00:41 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
   * avcodec/012v: Order operations for odd size handling
   * avcodec/alsdec: The minimal block is at least 7 bits
   * avcodec/bink:
-    - Avoid undefined out of array end pointers in 
+    - Avoid undefined out of array end pointers in
       binkb_decode_plane()
     - Fix off by 1 error in ref end
   * avcodec/eac3dec: avoid float noise in fixed mode addition to
@@ -185,7 +285,9 @@ Wed Apr 19 21:00:41 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
   * ffmpeg-CVE-2022-3964.patch
   * ffmpeg-CVE-2022-3109.patch
   * ffmpeg-CVE-2022-3341.patch
+  * ffmpeg-4-CVE-2022-48434.patch
 - Use ldconfig_scriptlets macro.
+  (CVE-2022-48434, bsc#1209934)
 
 -------------------------------------------------------------------
 Thu Mar 16 17:54:51 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
@@ -280,6 +382,8 @@ Thu Oct 28 15:58:30 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
   * ffmpeg-CVE-2021-38114.patch
   * ffmpeg-CVE-2021-38171.patch
   * ffmpeg-CVE-2020-22037.patch
+- fix avfilter/vf_yadif: Fix handing of tiny images.
+  (CVE-2020-22021, bsc#1186586)
 
 -------------------------------------------------------------------
 Sun Sep 26 02:44:57 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>
@@ -305,7 +409,7 @@ Tue Aug 10 09:38:39 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>
 -------------------------------------------------------------------
 Sat Jul 10 10:11:32 UTC 2021 - Hans-Peter Jansen <hpj@urpla.net>
 
-- Remove second hunk of ffmpeg-CVE-2020-22046.patch, that contains 
+- Remove second hunk of ffmpeg-CVE-2020-22046.patch, that contains
   a goto to a none existing label. In order to distinguish this
   patch from the original, I renamed it to
   ffmpeg-4.4-CVE-2020-22046.patch
@@ -331,7 +435,7 @@ Fri Jun  4 12:29:16 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
 -------------------------------------------------------------------
 Thu May 20 23:16:09 UTC 2021 - Daniel Molkentin <daniel.molkentin@suse.com>
 
-- Enable vulkan on on Leap 15 
+- Enable vulkan on on Leap 15
 
 -------------------------------------------------------------------
 Fri Apr 16 10:20:15 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
@@ -350,8 +454,8 @@ Fri Apr  9 18:52:46 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
 Sun Mar 14 21:08:02 UTC 2021 - Dirk Müller <dmueller@suse.com>
 
 - update to 4.3.2:
-  * lots of oss-fuzz reported overflow fixes, see included ChangeLog 
-- drop 
+  * lots of oss-fuzz reported overflow fixes, see included ChangeLog
+- drop
       ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch
       0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch
       0001-avformat-vividas-improve-extradata-packing-checks-in.patch: upstream
@@ -367,7 +471,7 @@ Sun Jan 24 11:22:02 UTC 2021 - Dirk Müller <dmueller@suse.com>
 
 - remove dependency on OpenJPEG, this is obsolete since ffmpeg 4.0,
   we already build against OpenJPEG 2.1.
-  see changes: 
+  see changes:
     - Dropped support for OpenJPEG versions 2.0 and below. Using OpenJPEG now
       requires 2.1 (or later) and pkg-config.
 
@@ -399,7 +503,7 @@ Mon Jul 27 13:39:27 UTC 2020 - Hans-Peter Jansen <hpj@urpla.net>
 -------------------------------------------------------------------
 Thu Jul 16 10:49:02 UTC 2020 - Alexander Reimelt <alexander.reimelt@protonmail.ch>
 
-- Add librav1e support 
+- Add librav1e support
 
 -------------------------------------------------------------------
 Sun Jul 12 16:08:10 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
@@ -466,7 +570,7 @@ Fri Mar 31 00:41:22 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
 - Add Samba support for Factory (as this needs a fix in Samba itself)
   Add --enable-libsmbclient to configure, add BR on pkgconfig(smbclient)
 - License is now GPLv3+ by default (--enable-version3)
-  
+
 -------------------------------------------------------------------
 Mon Mar 30 07:14:39 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
 

ffmpeg-4.spec

@@ -57,7 +57,7 @@
 %bcond_with    x265
 %bcond_with    xvid
 
-%if 0%{?suse_version} > 1500
+%if 0%{?suse_version} > 1600
 %bcond_without libaom
 %bcond_without mysofa
 %bcond_without vidstab
@@ -73,6 +73,15 @@
 %bcond_without opencore
 %bcond_without xvid
 %else
+%if 0%{?suse_version} > 1500
+%bcond_without mysofa
+%bcond_without vidstab
+%bcond_without codec2
+%bcond_without rubberband
+%bcond_without vulkan
+%bcond_without amrwb
+%bcond_without opencore
+%else
 %bcond_with libaom
 %bcond_with mysofa
 %bcond_with vidstab
@@ -85,6 +94,7 @@
 %bcond_with zmq
 %bcond_with vulkan
 %endif
+%endif
 
 %if 0%{?suse_version} >= 1500
 %bcond_without zimg
@@ -124,9 +134,17 @@ Patch10:        ffmpeg-chromium.patch
 Patch11:        ffmpeg-libglslang-detection.patch
 Patch14:        ffmpeg-glslang-cxx17.patch
 Patch15:        0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
+Patch16:        0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
 Patch17:        ffmpeg-CVE-2023-49502.patch
 Patch22:        ffmpeg-c99.patch
 Patch23:        0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+Patch24:        ffmpeg-4-CVE-2024-35368.patch
+Patch25:        ffmpeg-4-CVE-2024-12361.patch
+Patch26:        ffmpeg-4-CVE-2025-22919.patch
+Patch27:        ffmpeg-4-CVE-2025-0518.patch
+Patch28:        ffmpeg-4-CVE-2025-25473.patch
+Patch29:        ffmpeg-4-CVE-2025-22921.patch
+Patch30:        ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel

ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch

@@ -0,0 +1,36 @@
+commit e204846ec16c1ab34c7f3a681734cf5190433018
+Author: James Almer <jamrial@gmail.com>
+Date:   Fri Sep 3 13:50:32 2021 -0300
+
+    avcodec/libdav1d: fix compilation after recent libdav1d API changes
+
+    They were done in preparation for an upcoming 1.0 release.
+    Keep supporting previous releases for the time being.
+
+    Reviewed-by: BBB
+    Signed-off-by: James Almer <jamrial@gmail.com>
+
+--- a/libavcodec/libdav1d.c
++++ b/libavcodec/libdav1d.c
+@@ -202,6 +202,9 @@
+     Libdav1dContext *dav1d = c->priv_data;
+     Dav1dData *data = &dav1d->data;
+     Dav1dPicture pic = { 0 }, *p = &pic;
++#if FF_DAV1D_VERSION_AT_LEAST(5,1)
++    enum Dav1dEventFlags event_flags = 0;
++#endif
+     int res;
+
+     if (!data->sz) {
+@@ -280,6 +283,11 @@
+     frame->linesize[1] = p->stride[1];
+     frame->linesize[2] = p->stride[1];
+
++#if FF_DAV1D_VERSION_AT_LEAST(5,1)
++    dav1d_get_event_flags(dav1d->c, &event_flags);
++    if (c->pix_fmt == AV_PIX_FMT_NONE ||
++        event_flags & DAV1D_EVENT_FLAG_NEW_SEQUENCE)
++#endif
+     c->profile = p->seq_hdr->profile;
+     c->level = ((p->seq_hdr->operating_points[0].major_level - 2) << 2)
+                | p->seq_hdr->operating_points[0].minor_level;