Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ffmpeg-7 for openSUSE:Factory checked in at 2025-02-25 16:39:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-7 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-7.new.1873 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-7" Tue Feb 25 16:39:52 2025 rev:10 rq:1248138 version:7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-7/ffmpeg-7.changes 2024-10-16 23:36:37.107621172 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg-7.new.1873/ffmpeg-7.changes 2025-02-25 16:40:29.425119661 +0100 @@ -1,0 +2,33 @@ +Fri Feb 19 05:17:22 UTC 2025 - Cliff Zhao <qz...@suse.com> + +- Add ffmpeg-7-CVE-2025-22921.patch: + Backporting 7f9c7f98 from upstream, clear array length when + freeing it. + (CVE-2025-22921, bsc#1237382) + +------------------------------------------------------------------- +Fri Feb 19 04:27:06 UTC 2025 - Cliff Zhao <qz...@suse.com> + +- Add ffmpeg-7-CVE-2025-25473.patch: + Backporting c08d3004 from upstream, clear FFFormatContext packet. + When packet_buffer is used in mux.c, and if a muxing process fails + at a point where packets remained in said queue. + (CVE-2025-25473, bsc#1237351) + +------------------------------------------------------------------- +Fri Feb 19 03:18:02 UTC 2025 - Cliff Zhao <qz...@suse.com> + +- Add ffmpeg-7-CVE-2025-0518.patch: + Backporting b5b6391d from upstream, fixes memory data leak when + use sscanf(). + (CVE-2025-0518, bsc#1236007) + +------------------------------------------------------------------- +Fri Feb 19 02:58:01 UTC 2025 - Cliff Zhao <qz...@suse.com> + +- Add ffmpeg-7-CVE-2025-22919.patch: + Backporting 1446e37d from upstream, check for valid sample rate + As the sample rate <= 0 is invalid. + (CVE-2025-22919, bsc#1237371) + +------------------------------------------------------------------- @@ -24,0 +58,2 @@ + * avcodec/mpegvideo_enc: Add check for av_packet_new_side_data (CVE-2024-12361, bsc#1237358) + * avformat/dump: print only the actual streams in a tile grid group (CVE-2025-22920, bsc#1237380) @@ -72,0 +108,2 @@ + * fftools/ffmpeg_mux_init: Fix double-free on error (CVE-2024-35365, bsc#1235091) + * avformat/dxa: Adjust order of operations around block align (CVE-2024-36613, bsc#1235092) New: ---- ffmpeg-7-CVE-2025-0518.patch ffmpeg-7-CVE-2025-22919.patch ffmpeg-7-CVE-2025-22921.patch ffmpeg-7-CVE-2025-25473.patch BETA DEBUG BEGIN: New: - Add ffmpeg-7-CVE-2025-0518.patch: Backporting b5b6391d from upstream, fixes memory data leak when New: - Add ffmpeg-7-CVE-2025-22919.patch: Backporting 1446e37d from upstream, check for valid sample rate New: - Add ffmpeg-7-CVE-2025-22921.patch: Backporting 7f9c7f98 from upstream, clear array length when New: - Add ffmpeg-7-CVE-2025-25473.patch: Backporting c08d3004 from upstream, clear FFFormatContext packet. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-7.spec ++++++ --- /var/tmp/diff_new_pack.USBI9t/_old 2025-02-25 16:40:32.077230463 +0100 +++ /var/tmp/diff_new_pack.USBI9t/_new 2025-02-25 16:40:32.109231800 +0100 @@ -120,6 +120,10 @@ Patch10: ffmpeg-chromium.patch Patch91: ffmpeg-dlopen-openh264.patch Patch15: 11013-avcodec-decode-clean-up-if-get_hw_frames_parameters-.patch +Patch16: ffmpeg-7-CVE-2025-22919.patch +Patch17: ffmpeg-7-CVE-2025-0518.patch +Patch18: ffmpeg-7-CVE-2025-25473.patch +Patch19: ffmpeg-7-CVE-2025-22921.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel >= 3.98.3 @@ -257,6 +261,14 @@ Requires: (libpostproc58 = %version-%release or ffmpeg-7-mini-libs = %version-%release) Requires: (libswresample5 = %version-%release or ffmpeg-7-mini-libs = %version-%release) Requires: (libswscale8 = %version-%release or ffmpeg-7-mini-libs = %version-%release) +%if "%flavor" == "ffmpeg-7-mini" +# Patches may subtly change internal APIs, so we're sticking %%release in +# Requires lines. It also conveniently blocks openSUSE libav* being combined +# with Packman libav*, due to PM's unique %%release numbers. +# This use of %%release with %flavor however requires bcnt synchro: +# +#!BcntSyncTag: ffmpeg-7 +%endif %description FFmpeg is a multimedia framework, able to decode, encode, ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.USBI9t/_old 2025-02-25 16:40:32.657254695 +0100 +++ /var/tmp/diff_new_pack.USBI9t/_new 2025-02-25 16:40:32.697256366 +0100 @@ -1,5 +1,5 @@ -mtime: 1728982933 -commit: 32cbe46280190beb53660e8ea40da248a198ba6eb095ea8a9dc9caccc4963886 +mtime: 1740402399 +commit: fba0c8d5aee6456fbfe57c31817aaff4ce7ba3d31509ca778be2c36ad4b1dff5 url: https://src.opensuse.org/jengelh/ffmpeg-7 revision: master ++++++ build.specials.obscpio ++++++ diff: old/*: No such file or directory diff: new/*: No such file or directory ++++++ ffmpeg-7-CVE-2025-0518.patch ++++++ >From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <mich...@niedermayer.cc> Date: Mon, 6 Jan 2025 22:01:39 +0100 Subject: [PATCH] avfilter/af_pan: Fix sscanf() use Fixes: Memory Data Leak Found-by: Simcha Kosman <simcha.kos...@cyberark.com> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavfilter/af_pan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c index 0d20b0307b..5feb2439c7 100644 --- a/libavfilter/af_pan.c +++ b/libavfilter/af_pan.c @@ -196,7 +196,7 @@ static av_cold int init(AVFilterContext *ctx) sign = 1; while (1) { gain = 1; - if (sscanf(arg, "%lf%n *%n", &gain, &len, &len)) + if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1) arg += len; if (parse_channel_name(&arg, &in_ch_id, &named)){ av_log(ctx, AV_LOG_ERROR, -- 2.44.0 ++++++ ffmpeg-7-CVE-2025-22919.patch ++++++ >From 1446e37d3d032e1452844778b3e6ba2c20f0c322 Mon Sep 17 00:00:00 2001 From: James Almer <jamr...@gmail.com> Date: Mon, 30 Dec 2024 00:25:41 -0300 Subject: [PATCH] avfilter/buffersrc: check for valid sample rate A sample rate <= 0 is invalid. Fixes an assert in ffmpeg_enc.c that assumed a valid sample rate would be set. Fixes ticket #11385. Signed-off-by: James Almer <jamr...@gmail.com> --- libavfilter/buffersrc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavfilter/buffersrc.c b/libavfilter/buffersrc.c index bdf8b14451..c921803c67 100644 --- a/libavfilter/buffersrc.c +++ b/libavfilter/buffersrc.c @@ -421,6 +421,11 @@ static av_cold int init_audio(AVFilterContext *ctx) av_channel_layout_describe(&s->ch_layout, buf, sizeof(buf)); } + if (s->sample_rate <= 0) { + av_log(ctx, AV_LOG_ERROR, "Sample rate not set\n"); + return AVERROR(EINVAL); + } + if (!s->time_base.num) s->time_base = (AVRational){1, s->sample_rate}; -- 2.44.0 ++++++ ffmpeg-7-CVE-2025-22921.patch ++++++ >From 7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 Mon Sep 17 00:00:00 2001 From: James Almer <jamr...@gmail.com> Date: Wed, 1 Jan 2025 23:58:39 -0300 Subject: [PATCH] avcodec/jpeg2000dec: clear array length when freeing it Fixes NULL pointer dereferences. Fixes ticket #11393. Reviewed-by: Michael Niedermayer <mich...@niedermayer.cc> Signed-off-by: James Almer <jamr...@gmail.com> --- libavcodec/jpeg2000dec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index e5e897a29f..b82d85d5ee 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -1521,6 +1521,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile, } } av_freep(&cblk->lengthinc); + cblk->nb_lengthinc = 0; } } // Save state of stream -- 2.44.0 ++++++ ffmpeg-7-CVE-2025-25473.patch ++++++ >From c08d300481b8ebb846cd43a473988fdbc6793d1b Mon Sep 17 00:00:00 2001 From: James Almer <jamr...@gmail.com> Date: Fri, 17 Jan 2025 00:05:31 -0300 Subject: [PATCH] avformat/avformat: also clear FFFormatContext packet queue when closing a muxer packet_buffer is used in mux.c, and if a muxing process fails at a point where packets remained in said queue, they will leak. Fixes ticket #11419 Signed-off-by: James Almer <jamr...@gmail.com> --- libavformat/avformat.c | 1 + 1 file changed, 1 insertion(+) --- a/libavformat/avformat.c +++ b/libavformat/avformat.c @@ -184,6 +184,7 @@ av_dict_free(&si->id3v2_meta); av_packet_free(&si->pkt); av_packet_free(&si->parse_pkt); + avpriv_packet_list_free(&si->packet_buffer); av_freep(&s->streams); av_freep(&s->stream_groups); ff_flush_packet_queue(s);
