Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ffmpeg-4 for openSUSE:Factory checked in at 2026-01-15 16:48:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-4 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-4" Thu Jan 15 16:48:23 2026 rev:91 rq:1327349 version:4.4.6 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-4/ffmpeg-4.changes 2026-01-12 11:49:18.551577975 +0100 +++ /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1928/ffmpeg-4.changes 2026-01-15 16:49:41.688773662 +0100 @@ -1,0 +2,7 @@ +Thu Jan 15 07:36:04 UTC 2026 - SongChuan Kang <[email protected]> + +- Add ffmpeg-4-CVE-2025-63757.patch: Backport 0c6b7f948 from + upstream. swscale/output: Fix integer overflow in + yuv2ya16_X_c_template() (bsc#1255392, CVE-2025-63757). + +------------------------------------------------------------------- New: ---- ffmpeg-4-CVE-2025-63757.patch ----------(New B)---------- New: - Add ffmpeg-4-CVE-2025-63757.patch: Backport 0c6b7f948 from upstream. swscale/output: Fix integer overflow in ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-4.spec ++++++ --- /var/tmp/diff_new_pack.HomSsN/_old 2026-01-15 16:49:43.044828651 +0100 +++ /var/tmp/diff_new_pack.HomSsN/_new 2026-01-15 16:49:43.048828813 +0100 @@ -150,6 +150,7 @@ Patch37: ffmpeg-4-CVE-2023-6601-shim03-a0cb5722.patch Patch38: ffmpeg-4-CVE-2023-6601-shim04-5b630743.patch Patch39: ffmpeg-4-CVE-2023-6601.patch +Patch40: ffmpeg-4-CVE-2025-63757.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.HomSsN/_old 2026-01-15 16:49:43.140832544 +0100 +++ /var/tmp/diff_new_pack.HomSsN/_new 2026-01-15 16:49:43.144832706 +0100 @@ -1,5 +1,5 @@ -mtime: 1768150023 -commit: 65be89cacb68c556844a421f2bbe7a6a68bc94307f5df0b01c7b523913016551 +mtime: 1768462791 +commit: 3f758ae79df3a0234432bf29100827d6c06909777b20b5e322105ae439094b2b url: https://src.opensuse.org/jengelh/ffmpeg-4 revision: master ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-01-15 11:15:29.000000000 +0100 @@ -0,0 +1 @@ +.osc ++++++ ffmpeg-4-CVE-2025-63757.patch ++++++ >From 95d890bf18e535e1ae5a9e24d801ca021e288804 Mon Sep 17 00:00:00 2001 From: Jonathan Kang <[email protected]> Date: Thu, 15 Jan 2026 15:28:26 +0800 Subject: [PATCH] swscale/output: Fix integer overflow in yuv2ya16_X_c_template() --- libswscale/output.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libswscale/output.c b/libswscale/output.c index be22279229..49af3818b9 100644 --- a/libswscale/output.c +++ b/libswscale/output.c @@ -911,7 +911,7 @@ yuv2ya16_X_c_template(SwsContext *c, const int16_t *lumFilter, int A = 0xffff; for (j = 0; j < lumFilterSize; j++) - Y += lumSrc[j][i] * lumFilter[j]; + Y += lumSrc[j][i] * (unsigned)lumFilter[j]; Y >>= 15; Y += (1<<3) + 0x8000; @@ -920,7 +920,7 @@ yuv2ya16_X_c_template(SwsContext *c, const int16_t *lumFilter, if (hasAlpha) { A = -0x40000000 + (1<<14); for (j = 0; j < lumFilterSize; j++) - A += alpSrc[j][i] * lumFilter[j]; + A += alpSrc[j][i] * (unsigned)lumFilter[j]; A >>= 15; A += 0x8000; -- 2.52.0
