commit ffmpeg-4 for openSUSE:Factory

Source-Sync Mon, 29 Apr 2024 08:58:17 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ffmpeg-4 for openSUSE:Factory 
checked in at 2024-04-29 17:57:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ffmpeg-4 (Old)
 and      /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1880 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "ffmpeg-4"

Mon Apr 29 17:57:27 2024 rev:66 rq:1170359 version:4.4.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/ffmpeg-4/ffmpeg-4.changes        2024-04-26 
23:26:13.954672490 +0200
+++ /work/SRC/openSUSE:Factory/.ffmpeg-4.new.1880/ffmpeg-4.changes      
2024-04-29 17:57:29.749515237 +0200
@@ -1,0 +2,6 @@
+Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jeng...@inai.de>
+
+- Add 0001-avfilter-af_stereowiden-Check-length.patch
+  [boo#1223437, CVE-2023-51794]
+
+-------------------------------------------------------------------

New:
----
  0001-avfilter-af_stereowiden-Check-length.patch

BETA DEBUG BEGIN:
  New:
- Add 0001-avfilter-af_stereowiden-Check-length.patch
  [boo#1223437, CVE-2023-51794]
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ffmpeg-4.spec ++++++
--- /var/tmp/diff_new_pack.3hPHR4/_old  2024-04-29 17:57:31.073563394 +0200
+++ /var/tmp/diff_new_pack.3hPHR4/_new  2024-04-29 17:57:31.077563540 +0200
@@ -129,6 +129,7 @@
 Patch16:        0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
 Patch17:        ffmpeg-CVE-2023-49502.patch
 Patch18:        ffmpeg-CVE-2023-51793.patch
+Patch19:        0001-avfilter-af_stereowiden-Check-length.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel

++++++ 0001-avfilter-af_stereowiden-Check-length.patch ++++++
>From 50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <mich...@niedermayer.cc>
Date: Sat, 23 Dec 2023 04:03:01 +0100
Subject: [PATCH] avfilter/af_stereowiden: Check length
References: https://bugzilla.opensuse.org/1223437
References: CVE-2023-51794

Fixes: out of array access
Fixes: tickets/10746/poc13ffmpeg

Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavfilter/af_stereowiden.c |    2 ++
 1 file changed, 2 insertions(+)

Index: ffmpeg-4.4.4/libavfilter/af_stereowiden.c
===================================================================
--- ffmpeg-4.4.4.orig/libavfilter/af_stereowiden.c
+++ ffmpeg-4.4.4/libavfilter/af_stereowiden.c
@@ -75,6 +75,8 @@ static int config_input(AVFilterLink *in
 
     s->length = s->delay * inlink->sample_rate / 1000;
     s->length *= 2;
+    if (s->length == 0)
+        return AVERROR(EINVAL);
     s->buffer = av_calloc(s->length, sizeof(*s->buffer));
     if (!s->buffer)
         return AVERROR(ENOMEM);

commit ffmpeg-4 for openSUSE:Factory

Reply via email to