forked from jengelh/ffmpeg-5
Add ffmpeg-5-CVE-2024-32228.patch, ffmpeg-5-CVE-2024-32230.patch: backport fixes from upstream to fix CVE issues.
This commit is contained in:
parent
b1d0945196
commit
d7766bca89
@ -1,16 +1,14 @@
|
||||
commit cf1f57443158bcbe84a213e8dc631a302993f9a2
|
||||
Author: Thilo Borgmann <thilo.borgmann@mail.de>
|
||||
Date: Mon Jul 18 16:09:46 2022 +0200
|
||||
Subject: lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel
|
||||
References: CVE-2023-50009
|
||||
References: https://bugzilla.opensuse.org/1172423
|
||||
References: bsc#1172423
|
||||
Upstream: Backport from upstream
|
||||
|
||||
lavfi/edge_common: Templatify ff_gaussian_blur and ff_sobel
|
||||
Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur
|
||||
and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao
|
||||
|
||||
[Backport cf1f5744 from upstream, Templatify function ff_gaussian_blur
|
||||
and ff_sobel to prepare fix support for CVE-2023-50009. -qzhao]
|
||||
|
||||
diff --git a/libavfilter/edge_common.c b/libavfilter/edge_common.c
|
||||
index d72e8521cd..ebd47d7c53 100644
|
||||
--- a/libavfilter/edge_common.c
|
||||
+++ b/libavfilter/edge_common.c
|
||||
@@ -46,33 +46,13 @@ static int get_rounded_direction(int gx, int gy)
|
||||
@ -312,4 +310,3 @@ index 90390ceb3e..603f06f141 100644
|
||||
* ignore the rest, so we need a clean output buffer */
|
||||
--
|
||||
2.41.0
|
||||
|
66
ffmpeg-5-CVE-2024-32228.patch
Normal file
66
ffmpeg-5-CVE-2024-32228.patch
Normal file
@ -0,0 +1,66 @@
|
||||
From 459648761f5412acdc3317d5bac982ceaa257584
|
||||
Author: Niklas Haas <git@haasn.dev>
|
||||
Date: Sat Apr 6 13:11:09 2024 +0200
|
||||
Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
|
||||
References: CVE-2024-32228
|
||||
References: bsc#1227277
|
||||
Upstream: Backport from upstream
|
||||
|
||||
Invalid input files may contain film grain metadata which survives
|
||||
ff_h274_film_grain_params_supported() but does not pass
|
||||
av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
|
||||
|
||||
Fix this by duplicating the av_film_grain_params_select() check at frame
|
||||
init time.
|
||||
|
||||
An alternative solution here would be to defer the incompatibility check
|
||||
to hevc_frame_end(), but this has the downside of allocating a film
|
||||
grain buffer even when we already know we can't apply film grain.
|
||||
|
||||
Fixes: https://trac.ffmpeg.org/ticket/10951
|
||||
|
||||
--- ffmpeg-5.1.4/libavcodec/hevcdec.c
|
||||
+++ ffmpeg-5.1.4_new/libavcodec/hevcdec.c
|
||||
@@ -3035,12 +3035,29 @@
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- s->ref->frame->key_frame = IS_IRAP(s);
|
||||
+ if (IS_IRAP(s))
|
||||
+ s->ref->frame->flags |= AV_FRAME_FLAG_KEY;
|
||||
+ else
|
||||
+ s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY;
|
||||
|
||||
- s->ref->needs_fg = s->sei.film_grain_characteristics.present &&
|
||||
+ s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present ||
|
||||
+ s->sei.common.aom_film_grain.enable) &&
|
||||
!(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
|
||||
!s->avctx->hwaccel;
|
||||
|
||||
+ ret = set_side_data(s);
|
||||
+ if (ret < 0)
|
||||
+ goto fail;
|
||||
+
|
||||
+ if (s->ref->needs_fg &&
|
||||
+ ( s->sei.common.film_grain_characteristics.present &&
|
||||
+ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
|
||||
+ s->ref->frame->format))
|
||||
+ || !av_film_grain_params_select(s->ref->frame)) {
|
||||
+ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
|
||||
+ "Unsupported film grain parameters. Ignoring film grain.\n");
|
||||
+ s->ref->needs_fg = 0;
|
||||
+ }
|
||||
if (s->ref->needs_fg) {
|
||||
s->ref->frame_grain->format = s->ref->frame->format;
|
||||
s->ref->frame_grain->width = s->ref->frame->width;
|
||||
@@ -3049,10 +3066,6 @@
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- ret = set_side_data(s);
|
||||
- if (ret < 0)
|
||||
- goto fail;
|
||||
-
|
||||
s->frame->pict_type = 3 - s->sh.slice_type;
|
||||
|
||||
if (!IS_IRAP(s))
|
25
ffmpeg-5-CVE-2024-32230.patch
Normal file
25
ffmpeg-5-CVE-2024-32230.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
|
||||
Author: Michael Niedermayer <michael@niedermayer.cc>
|
||||
Date: Mon Apr 8 18:38:42 2024 +0200
|
||||
Subject: avcodec/mpegvideo_enc: Fix 1 line and one column images
|
||||
References: CVE-2024-32230
|
||||
References: bsc#1227296
|
||||
Upstream: Backport from upstream
|
||||
|
||||
Fixes: Ticket10952
|
||||
Fixes: poc21ffmpeg
|
||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||
|
||||
--- ffmpeg-5.1.4/libavcodec/mpegvideo_enc.c
|
||||
+++ ffmpeg-5.1.4_new/libavcodec/mpegvideo_enc.c
|
||||
@@ -1087,8 +1087,8 @@
|
||||
int dst_stride = i ? s->uvlinesize : s->linesize;
|
||||
int h_shift = i ? h_chroma_shift : 0;
|
||||
int v_shift = i ? v_chroma_shift : 0;
|
||||
- int w = s->width >> h_shift;
|
||||
- int h = s->height >> v_shift;
|
||||
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
|
||||
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
|
||||
uint8_t *src = pic_arg->data[i];
|
||||
uint8_t *dst = pic->f->data[i];
|
||||
int vpad = 16;
|
Binary file not shown.
@ -1,3 +1,31 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-5-CVE-2024-32230.patch:
|
||||
Backporting 96449cfe from upstream, Fix 1 line and one column images.
|
||||
(CVE-2024-32230, bsc#1227296)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-5-CVE-2024-32228.patch:
|
||||
Backporting 45964876 from upstream, Fix segfault on invalid film
|
||||
grain metadata.
|
||||
(CVE-2024-32228, bsc#1227277)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 11:28:10 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Rename CVE patches as SUSE CVE standard:(package name)-%(CVE number)
|
||||
ffmpeg-4.4-CVE-2020-22046.patch
|
||||
ffmpeg-5-CVE-2023-50007.patch
|
||||
ffmpeg-5-CVE-2023-50008.patch
|
||||
ffmpeg-5-CVE-2023-49502.patch
|
||||
ffmpeg-5-CVE-2023-51793.patch
|
||||
ffmpeg-5-CVE-2023-50009.patch
|
||||
ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
|
||||
ffmpeg-5-CVE-2023-50010.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
@ -22,7 +50,7 @@ Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch:
|
||||
- Add ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch:
|
||||
Backporting cf1f5744 from upstream, Templatify function
|
||||
ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009.
|
||||
(CVE-2023-50009 bsc#1223255)
|
||||
|
@ -92,9 +92,6 @@ Summary: Set of libraries for working with various multimedia formats
|
||||
License: GPL-3.0-or-later
|
||||
Group: Productivity/Multimedia/Video/Editors and Convertors
|
||||
URL: https://ffmpeg.org/
|
||||
|
||||
#Freshcode-URL: http://freshcode.club/projects/ffmpeg
|
||||
#Git-Clone: git://source.ffmpeg.org/ffmpeg
|
||||
Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz
|
||||
Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
|
||||
Source3: ffmpeg-5-rpmlintrc
|
||||
@ -104,13 +101,12 @@ Source6: ffmpeg-dlopen-headers.tar.xz
|
||||
Source92: ffmpeg_get_dlopen_headers.sh
|
||||
Source98: http://ffmpeg.org/ffmpeg-devel.asc#/ffmpeg-5.keyring
|
||||
Source99: baselibs.conf
|
||||
|
||||
Patch1: ffmpeg-arm6l.diff
|
||||
Patch2: ffmpeg-new-coder-errors.diff
|
||||
Patch3: ffmpeg-codec-choice.diff
|
||||
Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch
|
||||
Patch5: work-around-abi-break.patch
|
||||
Patch9: ffmpeg-4.4-CVE-2020-22046.patch
|
||||
Patch9: ffmpeg-4-CVE-2020-22046.patch
|
||||
Patch10: 0001-avfilter-af_dialoguenhance-fix-overreads.patch
|
||||
Patch11: 0001-avfilter-af_dialoguenhance-simplify-channels-copy.patch
|
||||
Patch12: 0001-avfilter-af_dialoguenhance-do-output-scaling-once.patch
|
||||
@ -122,13 +118,15 @@ Patch17: 0001-avfilter-af_stereowiden-Check-length.patch
|
||||
Patch90: ffmpeg-chromium.patch
|
||||
Patch91: ffmpeg-dlopen-openh264.patch
|
||||
Patch93: soname.diff
|
||||
Patch94: ffmpeg-CVE-2023-50007.patch
|
||||
Patch95: ffmpeg-CVE-2023-50008.patch
|
||||
Patch96: ffmpeg-CVE-2023-49502.patch
|
||||
Patch97: ffmpeg-CVE-2023-51793.patch
|
||||
Patch98: ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
|
||||
Patch99: ffmpeg-CVE-2023-50009.patch
|
||||
Patch100: ffmpeg-CVE-2023-50010.patch
|
||||
Patch94: ffmpeg-5-CVE-2023-50007.patch
|
||||
Patch95: ffmpeg-5-CVE-2023-50008.patch
|
||||
Patch96: ffmpeg-5-CVE-2023-49502.patch
|
||||
Patch97: ffmpeg-5-CVE-2023-51793.patch
|
||||
Patch98: ffmpeg-5-CVE-2023-50009-shim-cf1f5744.patch
|
||||
Patch99: ffmpeg-5-CVE-2023-50009.patch
|
||||
Patch100: ffmpeg-5-CVE-2023-50010.patch
|
||||
Patch101: ffmpeg-5-CVE-2024-32228.patch
|
||||
Patch102: ffmpeg-5-CVE-2024-32230.patch
|
||||
%if %{with amf_sdk}
|
||||
BuildRequires: AMF-devel
|
||||
%endif
|
||||
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user