Accepting request 1247599 from multimedia:libs

- Adjust bconds to build the package in SLFO without xvidcore.

OBS-URL: https://build.opensuse.org/request/show/1247599
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ffmpeg-5?expand=0&rev=32

_scmsync.obsinfo

@@ -1,3 +1,3 @@
-mtime: 1725238028
-commit: f7cbde4c4585e82dbaf00774b029e89a77dd6840681582736eedb198aac1be87
+mtime: 1740132616
+commit: f642b77c8aaa296e37df4f026f890e745fe5512a05b2a55bb4944ca58950260f
 url: https://src.opensuse.org/jengelh/ffmpeg-5.git

ffmpeg-5-CVE-2024-7055.patch

@@ -0,0 +1,29 @@
+From 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 18 Jul 2024 21:12:54 +0200
+Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
+References: CVE-2024-7055
+References: bsc#1229026
+Upstream: Backport from upstream
+
+Fixes: out of array read
+Fixes: poc3
+
+Reported-by: VulDB CNA Team
+Found-by: CookedMelon
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavcodec/pnmdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- ffmpeg-5.1.4/libavcodec/pnmdec.c
++++ ffmpeg-5.1.4_new/libavcodec/pnmdec.c
+@@ -260,7 +260,7 @@
+         break;
+     case AV_PIX_FMT_GBRPF32:
+         if (!s->half) {
+-        if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
++        if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
+             return AVERROR_INVALIDDATA;
+         scale = 1.f / s->scale;
+         if (s->endian) {

ffmpeg-5.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Adjust bconds to build the package in SLFO without xvidcore.
+
+-------------------------------------------------------------------
+Fri Sep  6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-5-CVE-2024-7055.patch:
+  Backporting 3faadbe2 from upstream, Use 64bit for input size check,
+  Fixes: out of array read, Fixes: poc3.
+  (CVE-2024-7055, bsc#1229026)
+
 -------------------------------------------------------------------
 Sun Sep  1 18:04:27 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 
@@ -48,7 +61,7 @@ Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50010.patch:
   Backporting e4d2666b from upstream, fixes the out of array access.
-  (CVE-2023-50010 bsc#1223256)
+  (CVE-2023-50010, bsc#1223256)
 
 -------------------------------------------------------------------
 Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@@ -62,7 +75,7 @@ Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-CVE-2023-50009.patch:
   Backporting c443658d from upstream, Fix small inputs with
    gaussian_blur().
-  (CVE-2023-50009 bsc#1223255)
+  (CVE-2023-50009, bsc#1223255)
 
 -------------------------------------------------------------------
 Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -70,14 +83,14 @@ Tue Apr 24 10:48:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch:
   Backporting cf1f5744 from upstream, Templatify function
   ff_gaussian_blur and ff_sobel to prepare fix support for CVE-2023-50009.
-  (CVE-2023-50009 bsc#1223255)
+  (CVE-2023-50009, bsc#1223255)
 
 -------------------------------------------------------------------
 Thu Apr 23 16:14:18 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-51793.patch:
   Backporting 0ecc1f0e from upstream, Fix odd height handling.
-  (CVE-2023-51793 bsc#1223272)
+  (CVE-2023-51793, bsc#1223272)
 
 -------------------------------------------------------------------
 Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
@@ -85,21 +98,21 @@ Thu Apr 23 15:35:32 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-CVE-2023-49502.patch:
   Backporting 737ede40 from upstream, account for chroma sub-sampling
   in min size calculation.
-  (CVE-2023-49502 bsc#1223235)
+  (CVE-2023-49502, bsc#1223235)
 
 -------------------------------------------------------------------
 Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50008.patch:
   Backporting 5f87a68c from upstream, Fix memory leaks.
-  (CVE-2023-50008 bsc#1223254)
+  (CVE-2023-50008, bsc#1223254)
 
 -------------------------------------------------------------------
 Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
 - Add ffmpeg-CVE-2023-50007.patch:
   Backporting b1942734 from upstream, Fix crash with EOF handling.
-  (CVE-2023-50007 bsc#1223253)
+  (CVE-2023-50007, bsc#1223253)
 
 -------------------------------------------------------------------
 Mon Apr 22 23:10:31 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

ffmpeg-5.spec

@@ -61,7 +61,7 @@
 %bcond_with    x265
 %bcond_with    xvid
 
-%if 0%{?suse_version} > 1500
+%if 0%{?suse_version} > 1600
 %bcond_without mysofa
 %bcond_without vidstab
 %bcond_without codec2
@@ -71,12 +71,22 @@
 %bcond_without opencore
 %bcond_without xvid
 %else
+%if 0%{?suse_version} > 1500
+%bcond_without mysofa
+%bcond_without vidstab
+%bcond_without codec2
+%bcond_without rubberband
+%bcond_without vulkan
+%bcond_without amrwb
+%bcond_without opencore
+%else
 %bcond_with mysofa
 %bcond_with vidstab
 %bcond_with codec2
 %bcond_with rubberband
 %bcond_with vulkan
 %endif
+%endif
 
 %define _name ffmpeg
 %define _major_version 5
@@ -127,6 +137,7 @@ Patch99:        ffmpeg-CVE-2023-50009.patch
 Patch100:       ffmpeg-CVE-2023-50010.patch
 Patch102:       ffmpeg-5-CVE-2024-32230.patch
 Patch103:       ffmpeg-5-CVE-2024-7272.patch
+Patch104:       ffmpeg-5-CVE-2024-7055.patch
 #
 # preamble is present twice, watch out
 #