commit ffmpeg-4 for openSUSE:Factory

Source-Sync Tue, 25 Feb 2025 07:51:20 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ffmpeg-4 for openSUSE:Factory 
checked in at 2025-02-25 16:40:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ffmpeg-4 (Old)
 and      /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1873 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "ffmpeg-4"

Tue Feb 25 16:40:19 2025 rev:74 rq:1248239 version:4.4.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/ffmpeg-4/ffmpeg-4.changes        2025-02-22 
20:05:35.230789064 +0100
+++ /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1873/ffmpeg-4.changes      
2025-02-25 16:41:11.570880450 +0100
@@ -1,0 +2,41 @@
+Fri Feb 19 05:17:22 UTC 2025 - Cliff Zhao <[email protected]>
+
+- Add ffmpeg-7-CVE-2025-22921.patch:
+  Backporting 7f9c7f98 from upstream, clear array length when
+  freeing it.
+  (CVE-2025-22921, bsc#1237382)
+
+-------------------------------------------------------------------
+Fri Feb 19 04:27:06 UTC 2025 - Cliff Zhao <[email protected]>
+
+- Add ffmpeg-7-CVE-2025-25473.patch:
+  Backporting c08d3004 from upstream, clear FFFormatContext packet.
+  When packet_buffer is used in mux.c, and if a muxing process fails
+  at a point where packets remained in said queue.
+  (CVE-2025-25473, bsc#1237351)
+
+-------------------------------------------------------------------
+Fri Feb 19 03:18:02 UTC 2025 - Cliff Zhao <[email protected]>
+
+- Add ffmpeg-7-CVE-2025-0518.patch:
+  Backporting b5b6391d from upstream, fixes memory data leak when
+  use sscanf().
+  (CVE-2025-0518, bsc#1236007)
+
+-------------------------------------------------------------------
+Fri Feb 19 02:58:01 UTC 2025 - Cliff Zhao <[email protected]>
+
+- Add ffmpeg-7-CVE-2025-22919.patch:
+  Backporting 1446e37d from upstream, check for valid sample rate
+  As the sample rate <= 0 is invalid.
+  (CVE-2025-22919, bsc#1237371)
+
+-------------------------------------------------------------------
+Fri Feb 19 01:48:22 UTC 2025 - Cliff Zhao <[email protected]>
+
+- Add ffmpeg-4-CVE-2024-12361.patch:
+  Backporting 4065ff69 from upstream, add check for av_packet_new_side_data()
+  to avoid null pointer dereference if allocation fails.
+  (CVE-2024-12361, bsc#1237358)
+
+-------------------------------------------------------------------
@@ -10,0 +52,3 @@
+  Fixes: 
51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
+  Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in 
type 'int'
+  (CVE-2024-36613, bsc#1235092)

New:
----
  ffmpeg-4-CVE-2024-12361.patch
  ffmpeg-4-CVE-2025-0518.patch
  ffmpeg-4-CVE-2025-22919.patch
  ffmpeg-4-CVE-2025-22921.patch
  ffmpeg-4-CVE-2025-25473.patch

BETA DEBUG BEGIN:
  New:
- Add ffmpeg-4-CVE-2024-12361.patch:
  Backporting 4065ff69 from upstream, add check for av_packet_new_side_data()
  New: WARN: ffmpeg-4-CVE-2025-0518.patch not found in changes
 
  New: WARN: ffmpeg-4-CVE-2025-22919.patch not found in changes
 
  New: WARN: ffmpeg-4-CVE-2025-22921.patch not found in changes
 
  New: WARN: ffmpeg-4-CVE-2025-25473.patch not found in changes
 
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ffmpeg-4.spec ++++++
--- /var/tmp/diff_new_pack.rFEAVf/_old  2025-02-25 16:41:12.598923401 +0100
+++ /var/tmp/diff_new_pack.rFEAVf/_new  2025-02-25 16:41:12.598923401 +0100
@@ -137,6 +137,11 @@
 Patch17:        ffmpeg-CVE-2023-49502.patch
 Patch22:        ffmpeg-c99.patch
 Patch23:        0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
+Patch24:        ffmpeg-4-CVE-2024-12361.patch
+Patch25:        ffmpeg-4-CVE-2025-22919.patch
+Patch26:        ffmpeg-4-CVE-2025-0518.patch
+Patch27:        ffmpeg-4-CVE-2025-25473.patch
+Patch28:        ffmpeg-4-CVE-2025-22921.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel

++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.rFEAVf/_old  2025-02-25 16:41:12.654925741 +0100
+++ /var/tmp/diff_new_pack.rFEAVf/_new  2025-02-25 16:41:12.658925907 +0100
@@ -1,5 +1,5 @@
-mtime: 1740184381
-commit: b6a9351332f68f9e2bb88064077f83991397ad6f174d995f76f27f9fb779232e
+mtime: 1740428378
+commit: 71230d5ab33ebb8b540bce6771743d3d17a008cbe9ffb2831c8c2522bb9e4f9a
 url: https://src.opensuse.org/jengelh/ffmpeg-4
 revision: master
 

++++++ build.specials.obscpio ++++++
diff: old/*: No such file or directory
diff: new/*: No such file or directory

++++++ ffmpeg-4-CVE-2024-12361.patch ++++++
>From 4065ff69a2ed49872f8694a03d0642b18c9d977c Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <[email protected]>
Date: Mon, 10 Jun 2024 14:18:11 +0000
Subject: [PATCH] avcodec/mpegvideo_enc: Add check for
 av_packet_new_side_data()

Add check for av_packet_new_side_data() to avoid null pointer
dereference if allocation fails.

Fixes: bdc1220eeb ("h263enc: Add an option for outputting info about MBs as 
side data")
Signed-off-by: Jiasheng Jiang <[email protected]>
Signed-off-by: Anton Khirnov <[email protected]>
---
 libavcodec/mpegvideo_enc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
index 620ca08869..d33754d115 100644
--- a/libavcodec/mpegvideo_enc.c
+++ b/libavcodec/mpegvideo_enc.c
@@ -1825,6 +1825,8 @@ int ff_mpv_encode_picture(AVCodecContext *avctx, AVPacket 
*pkt,
             s->mb_info_ptr = av_packet_new_side_data(pkt,
                                  AV_PKT_DATA_H263_MB_INFO,
                                  s->mb_width*s->mb_height*12);
+            if (!s->mb_info_ptr)
+                return AVERROR(ENOMEM);
             s->prev_mb_info = s->last_mb_info = s->mb_info_size = 0;
         }
 
-- 
2.44.0


++++++ ffmpeg-4-CVE-2025-0518.patch ++++++
>From b5b6391d64807578ab872dc58fb8aa621dcfc38a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <[email protected]>
Date: Mon, 6 Jan 2025 22:01:39 +0100
Subject: [PATCH] avfilter/af_pan: Fix sscanf() use

Fixes: Memory Data Leak

Found-by: Simcha Kosman <[email protected]>
Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavfilter/af_pan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
index 0d20b0307b..5feb2439c7 100644
--- a/libavfilter/af_pan.c
+++ b/libavfilter/af_pan.c
@@ -196,7 +196,7 @@ static av_cold int init(AVFilterContext *ctx)
         sign = 1;
         while (1) {
             gain = 1;
-            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
+            if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
                 arg += len;
             if (parse_channel_name(&arg, &in_ch_id, &named)){
                 av_log(ctx, AV_LOG_ERROR,
-- 
2.44.0


++++++ ffmpeg-4-CVE-2025-22919.patch ++++++
>From 1446e37d3d032e1452844778b3e6ba2c20f0c322 Mon Sep 17 00:00:00 2001
From: James Almer <[email protected]>
Date: Mon, 30 Dec 2024 00:25:41 -0300
Subject: [PATCH] avfilter/buffersrc: check for valid sample rate

A sample rate <= 0 is invalid.

Fixes an assert in ffmpeg_enc.c that assumed a valid sample rate would be set.
Fixes ticket #11385.

Signed-off-by: James Almer <[email protected]>
---
 libavfilter/buffersrc.c | 5 +++++
 1 file changed, 5 insertions(+)

--- a/libavfilter/buffersrc.c
+++ b/libavfilter/buffersrc.c
@@ -337,6 +337,11 @@
         return AVERROR(EINVAL);
     }
 
+    if (s->sample_rate <= 0) {
+        av_log(ctx, AV_LOG_ERROR, "Sample rate not set\n");
+        return AVERROR(EINVAL);
+    }
+
     if (!s->time_base.num)
         s->time_base = (AVRational){1, s->sample_rate};
 

++++++ ffmpeg-4-CVE-2025-22921.patch ++++++
>From 7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 Mon Sep 17 00:00:00 2001
From: James Almer <[email protected]>
Date: Wed, 1 Jan 2025 23:58:39 -0300
Subject: [PATCH] avcodec/jpeg2000dec: clear array length when freeing it

Fixes NULL pointer dereferences.
Fixes ticket #11393.

Reviewed-by: Michael Niedermayer <[email protected]>
Signed-off-by: James Almer <[email protected]>
---
 libavcodec/jpeg2000dec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index e5e897a29f..b82d85d5ee 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -1521,6 +1521,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext 
*s, Jpeg2000Tile *tile,
                 }
             }
             av_freep(&cblk->lengthinc);
+            cblk->nb_lengthinc = 0;
         }
     }
     // Save state of stream
-- 
2.44.0


++++++ ffmpeg-4-CVE-2025-25473.patch ++++++
>From c08d300481b8ebb846cd43a473988fdbc6793d1b Mon Sep 17 00:00:00 2001
From: James Almer <[email protected]>
Date: Fri, 17 Jan 2025 00:05:31 -0300
Subject: [PATCH] avformat/avformat: also clear FFFormatContext packet queue
 when closing a muxer

packet_buffer is used in mux.c, and if a muxing process fails at a point where
packets remained in said queue, they will leak.

Fixes ticket #11419

Signed-off-by: James Almer <[email protected]>
---
 libavformat/avformat.c | 1 +
 1 file changed, 1 insertion(+)

--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -4478,6 +4478,7 @@
     av_dict_free(&s->internal->id3v2_meta);
     av_packet_free(&s->internal->pkt);
     av_packet_free(&s->internal->parse_pkt);
+    avpriv_packet_list_free(&s->internal->packet_buffer, 
&s->internal->packet_buffer_end);
     av_freep(&s->streams);
     flush_packet_queue(s);
     av_freep(&s->internal);

commit ffmpeg-4 for openSUSE:Factory

Reply via email to