From 810db304f3766699ce758aa98e72cd7c5793a6bb1b3ba6e9fb00a6d3bee98807 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 14 Aug 2024 08:49:42 +0000
Subject: [PATCH 1/2] - Disable ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and
   ffmpeg-6-CVE-2024-32228.patch as they brake compilation with   BUILD_ORIG
 enabled, i.e. Packman.

Packages in Packman fail to build for quite some time now. I bisected it to these two patches. Can we please disable for now until we get a proper solution so that Packman users get at least CVE fixes for the rest? Thx!

OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-6?expand=0&rev=43
---
 ffmpeg-6.changes | 7 +++++++
 ffmpeg-6.spec    | 8 ++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/ffmpeg-6.changes b/ffmpeg-6.changes
index f98e0c9..331b21a 100644
--- a/ffmpeg-6.changes
+++ b/ffmpeg-6.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Aug 13 18:59:14 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Disable ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and
+  ffmpeg-6-CVE-2024-32228.patch as they brake compilation with
+  BUILD_ORIG enabled, i.e. Packman.
+
 -------------------------------------------------------------------
 Fri Jul 26 14:28:59 UTC 2024 - Filip Kastl <filip.kastl@suse.com>
 
diff --git a/ffmpeg-6.spec b/ffmpeg-6.spec
index 78ef649..d3f8f93 100644
--- a/ffmpeg-6.spec
+++ b/ffmpeg-6.spec
@@ -121,8 +121,8 @@ Patch92:        ffmpeg-CVE-2023-50007.patch
 Patch93:        ffmpeg-CVE-2023-50008.patch
 Patch94:        ffmpeg-6-CVE-2024-32228-shim-1535d338.patch
 Patch95:        ffmpeg-6-CVE-2024-32228-shim-f50382cb.patch
-Patch96:        ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch
-Patch97:        ffmpeg-6-CVE-2024-32228.patch
+#Patch96:        ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch
+#Patch97:        ffmpeg-6-CVE-2024-32228.patch
 Patch98:        ffmpeg-6-CVE-2024-32230.patch
 Patch99:        ffmpeg-c99.patch
 #
@@ -852,8 +852,8 @@ Patch92:        ffmpeg-CVE-2023-50007.patch
 Patch93:        ffmpeg-CVE-2023-50008.patch
 Patch94:        ffmpeg-6-CVE-2024-32228-shim-1535d338.patch
 Patch95:        ffmpeg-6-CVE-2024-32228-shim-f50382cb.patch
-Patch96:        ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch
-Patch97:        ffmpeg-6-CVE-2024-32228.patch
+#Patch96:        ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch
+#Patch97:        ffmpeg-6-CVE-2024-32228.patch
 Patch98:        ffmpeg-6-CVE-2024-32230.patch
 Patch99:        ffmpeg-c99.patch
 BuildRequires:  c_compiler

From 07e03ab73735e3519430c5103f2ee960ec21651315a81c217f28869661169079 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 14 Aug 2024 18:35:59 +0000
Subject: [PATCH 2/2] - Remove ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and 
  ffmpeg-6-CVE-2024-32228.patch to make the bot happy. - Renumber patches.

OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-6?expand=0&rev=44
---
 ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch | 101 --------------------
 ffmpeg-6-CVE-2024-32228.patch               |  58 -----------
 ffmpeg-6.changes                            |   7 ++
 ffmpeg-6.spec                               |  12 +--
 4 files changed, 11 insertions(+), 167 deletions(-)
 delete mode 100644 ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch
 delete mode 100644 ffmpeg-6-CVE-2024-32228.patch

diff --git a/ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch b/ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch
deleted file mode 100644
index 4185e9e..0000000
--- a/ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 5d7f234e7ec45ccc385dca8c5fbe3b887af1c2c6 Mon Sep 17 00:00:00 2001
-Author: Niklas Haas <git@haasn.dev>
-Date: Wed, 4 Oct 2023 14:05:24 +0200
-Subject: [PATCH] avcodec/hevcdec: apply AOM film grain synthesis
-References: CVE-2024-32228
-References: bsc#1227277
-Upstream: Backport from upstream
-
-Following the usual logic for H.274 film grain.
-
-diff --git a/libavcodec/Makefile b/libavcodec/Makefile
-index 824845276a..7ef2e03ca6 10064
---- a/libavcodec/Makefile
-+++ b/libavcodec/Makefile
-@@ -432,7 +432,7 @@ OBJS-$(CONFIG_HDR_ENCODER)             += hdrenc.o
- OBJS-$(CONFIG_HEVC_DECODER)            += hevcdec.o hevc_mvs.o \
-                                           hevc_cabac.o hevc_refs.o hevcpred.o    \
-                                           hevcdsp.o hevc_filter.o hevc_data.o \
--                                          h274.o
-+                                          h274.o aom_film_grain.o
- OBJS-$(CONFIG_HEVC_AMF_ENCODER)        += amfenc_hevc.o
- OBJS-$(CONFIG_HEVC_CUVID_DECODER)      += cuviddec.o
- OBJS-$(CONFIG_HEVC_MEDIACODEC_DECODER) += mediacodecdec.o
-diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
-index 76aa6b4588..575836e340 100644
---- a/libavcodec/hevcdec.c
-+++ b/libavcodec/hevcdec.c
-@@ -35,6 +35,7 @@
- #include "libavutil/pixdesc.h"
- #include "libavutil/timecode.h"
- 
-+#include "aom_film_grain.h"
- #include "bswapdsp.h"
- #include "cabac_functions.h"
- #include "codec_internal.h"
-@@ -388,7 +389,8 @@ static int export_stream_params_from_sei(HEVCContext *s)
-         avctx->color_trc = s->sei.common.alternative_transfer.preferred_transfer_characteristics;
-     }
- 
--    if (s->sei.common.film_grain_characteristics.present)
-+    if (s->sei.common.film_grain_characteristics.present ||
-+        s->sei.common.aom_film_grain.enable)
-         avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN;
- 
-     return 0;
-@@ -2885,11 +2887,13 @@ static int hevc_frame_start(HEVCContext *s)
-     else
-         s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY;
- 
--    s->ref->needs_fg = s->sei.common.film_grain_characteristics.present &&
-+    s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present ||
-+                        s->sei.common.aom_film_grain.enable) &&
-         !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
-         !s->avctx->hwaccel;
- 
-     if (s->ref->needs_fg &&
-+        s->sei.common.film_grain_characteristics.present &&
-         !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
-                                              s->ref->frame->format)) {
-         av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
-@@ -2934,14 +2938,24 @@ fail:
- static int hevc_frame_end(HEVCContext *s)
- {
-     HEVCFrame *out = s->ref;
--    const AVFrameSideData *sd;
-+    const AVFilmGrainParams *fgp;
-     av_unused int ret;
- 
-     if (out->needs_fg) {
--        sd = av_frame_get_side_data(out->frame, AV_FRAME_DATA_FILM_GRAIN_PARAMS);
--        av_assert0(out->frame_grain->buf[0] && sd);
--        ret = ff_h274_apply_film_grain(out->frame_grain, out->frame, &s->h274db,
--                                       (AVFilmGrainParams *) sd->data);
-+        av_assert0(out->frame_grain->buf[0]);
-+        fgp = av_film_grain_params_select(out->frame);
-+        switch (fgp->type) {
-+        case AV_FILM_GRAIN_PARAMS_NONE:
-+            av_assert0(0);
-+            return AVERROR_BUG;
-+        case AV_FILM_GRAIN_PARAMS_H274:
-+            ret = ff_h274_apply_film_grain(out->frame_grain, out->frame,
-+                                           &s->h274db, fgp);
-+            break;
-+        case AV_FILM_GRAIN_PARAMS_AV1:
-+            ret = ff_aom_apply_film_grain(out->frame_grain, out->frame, fgp);
-+            break;
-+        }
-         av_assert1(ret >= 0);
-     }
- 
-@@ -3596,6 +3610,7 @@ static int hevc_update_thread_context(AVCodecContext *dst,
-     s->sei.common.alternative_transfer = s0->sei.common.alternative_transfer;
-     s->sei.common.mastering_display    = s0->sei.common.mastering_display;
-     s->sei.common.content_light        = s0->sei.common.content_light;
-+    s->sei.common.aom_film_grain       = s0->sei.common.aom_film_grain;
- 
-     ret = export_stream_params_from_sei(s);
-     if (ret < 0)
--- 
-2.41.0
-
diff --git a/ffmpeg-6-CVE-2024-32228.patch b/ffmpeg-6-CVE-2024-32228.patch
deleted file mode 100644
index e293a2a..0000000
--- a/ffmpeg-6-CVE-2024-32228.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 459648761f5412acdc3317d5bac982ceaa257584 Mon Sep 17 00:00:00 2001
-Author: Niklas Haas <git@haasn.dev>
-Date: Sat Apr 6 13:11:09 2024 +0200
-Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
-References: CVE-2024-32228
-References: bsc#1227277
-Upstream: Backport from upstream
-
-Invalid input files may contain film grain metadata which survives
-ff_h274_film_grain_params_supported() but does not pass
-av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
-
-Fix this by duplicating the av_film_grain_params_select() check at frame
-init time.
-
-An alternative solution here would be to defer the incompatibility check
-to hevc_frame_end(), but this has the downside of allocating a film
-grain buffer even when we already know we can't apply film grain.
-
-Fixes: https://trac.ffmpeg.org/ticket/10951
-
-diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
-index 727b02f0f4..d3b668af00 100644
---- a/libavcodec/hevcdec.c
-+++ b/libavcodec/hevcdec.c
-@@ -2893,10 +2893,15 @@ static int hevc_frame_start(HEVCContext *s)
-         !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
-         !s->avctx->hwaccel;
- 
-+    ret = set_side_data(s);
-+    if (ret < 0)
-+        goto fail;
-+
-     if (s->ref->needs_fg &&
--        s->sei.common.film_grain_characteristics.present &&
--        !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
--                                             s->ref->frame->format)) {
-+        ( s->sei.common.film_grain_characteristics.present &&
-+          !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
-+                                             s->ref->frame->format))
-+          || !av_film_grain_params_select(s->ref->frame)) {
-         av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
-                     "Unsupported film grain parameters. Ignoring film grain.\n");
-         s->ref->needs_fg = 0;
-@@ -2910,10 +2915,6 @@ static int hevc_frame_start(HEVCContext *s)
-             goto fail;
-     }
- 
--    ret = set_side_data(s);
--    if (ret < 0)
--        goto fail;
--
-     s->frame->pict_type = 3 - s->sh.slice_type;
- 
-     if (!IS_IRAP(s))
--- 
-2.41.0
-
diff --git a/ffmpeg-6.changes b/ffmpeg-6.changes
index 331b21a..5c82c38 100644
--- a/ffmpeg-6.changes
+++ b/ffmpeg-6.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Aug 14 14:38:37 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Remove ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and
+  ffmpeg-6-CVE-2024-32228.patch to make the bot happy.
+- Renumber patches.
+
 -------------------------------------------------------------------
 Tue Aug 13 18:59:14 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
 
diff --git a/ffmpeg-6.spec b/ffmpeg-6.spec
index d3f8f93..3b00aea 100644
--- a/ffmpeg-6.spec
+++ b/ffmpeg-6.spec
@@ -121,10 +121,8 @@ Patch92:        ffmpeg-CVE-2023-50007.patch
 Patch93:        ffmpeg-CVE-2023-50008.patch
 Patch94:        ffmpeg-6-CVE-2024-32228-shim-1535d338.patch
 Patch95:        ffmpeg-6-CVE-2024-32228-shim-f50382cb.patch
-#Patch96:        ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch
-#Patch97:        ffmpeg-6-CVE-2024-32228.patch
-Patch98:        ffmpeg-6-CVE-2024-32230.patch
-Patch99:        ffmpeg-c99.patch
+Patch96:        ffmpeg-6-CVE-2024-32230.patch
+Patch97:        ffmpeg-c99.patch
 #
 # preamble is present twice, watch out
 #
@@ -852,10 +850,8 @@ Patch92:        ffmpeg-CVE-2023-50007.patch
 Patch93:        ffmpeg-CVE-2023-50008.patch
 Patch94:        ffmpeg-6-CVE-2024-32228-shim-1535d338.patch
 Patch95:        ffmpeg-6-CVE-2024-32228-shim-f50382cb.patch
-#Patch96:        ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch
-#Patch97:        ffmpeg-6-CVE-2024-32228.patch
-Patch98:        ffmpeg-6-CVE-2024-32230.patch
-Patch99:        ffmpeg-c99.patch
+Patch96:        ffmpeg-6-CVE-2024-32230.patch
+Patch97:        ffmpeg-c99.patch
 BuildRequires:  c_compiler
 Requires:       this-is-only-for-build-envs