Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ffmpeg-5 for openSUSE:Factory
checked in at 2024-07-28 17:19:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ffmpeg-5 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg-5.new.1882 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-5"
Sun Jul 28 17:19:08 2024 rev:27 rq:1189863 version:5.1.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/ffmpeg-5/ffmpeg-5.changes 2024-05-29
19:37:04.463144111 +0200
+++ /work/SRC/openSUSE:Factory/.ffmpeg-5.new.1882/ffmpeg-5.changes
2024-07-28 17:19:43.688475691 +0200
@@ -1,0 +2,15 @@
+Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao <qz...@suse.com>
+
+- Add ffmpeg-5-CVE-2024-32230.patch:
+ Backporting 96449cfe from upstream, Fix 1 line and one column images.
+ (CVE-2024-32230, bsc#1227296)
+
+-------------------------------------------------------------------
+Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao <qz...@suse.com>
+
+- Add ffmpeg-5-CVE-2024-32228.patch:
+ Backporting 45964876 from upstream, Fix segfault on invalid film
+ grain metadata.
+ (CVE-2024-32228, bsc#1227277)
+
+-------------------------------------------------------------------
New:
----
_scmsync.obsinfo
ffmpeg-5-CVE-2024-32228.patch
ffmpeg-5-CVE-2024-32230.patch
BETA DEBUG BEGIN:
New:
- Add ffmpeg-5-CVE-2024-32228.patch:
Backporting 45964876 from upstream, Fix segfault on invalid film
New:
- Add ffmpeg-5-CVE-2024-32230.patch:
Backporting 96449cfe from upstream, Fix 1 line and one column images.
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ffmpeg-5.spec ++++++
--- /var/tmp/diff_new_pack.OM2Wi3/_old 2024-07-28 17:19:44.692515824 +0200
+++ /var/tmp/diff_new_pack.OM2Wi3/_new 2024-07-28 17:19:44.696515983 +0200
@@ -17,9 +17,6 @@
%define flavor @BUILD_FLAVOR@%{nil}
-#
-# preamble is present twice, watch out
-#
%if "%{flavor}" != "ffmpeg-5-mini"
# Create proper conflicts to make sure we require all from one version
@@ -91,10 +88,8 @@
Summary: Set of libraries for working with various multimedia formats
License: GPL-3.0-or-later
Group: Productivity/Multimedia/Video/Editors and Convertors
-URL: https://ffmpeg.org/
-
-#Freshcode-URL: http://freshcode.club/projects/ffmpeg
#Git-Clone: git://source.ffmpeg.org/ffmpeg
+URL: https://ffmpeg.org/
Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz
Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
Source3: ffmpeg-5-rpmlintrc
@@ -104,7 +99,6 @@
Source92: ffmpeg_get_dlopen_headers.sh
Source98: http://ffmpeg.org/ffmpeg-devel.asc#/ffmpeg-5.keyring
Source99: baselibs.conf
-
Patch1: ffmpeg-arm6l.diff
Patch2: ffmpeg-new-coder-errors.diff
Patch3: ffmpeg-codec-choice.diff
@@ -129,6 +123,11 @@
Patch98: ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
Patch99: ffmpeg-CVE-2023-50009.patch
Patch100: ffmpeg-CVE-2023-50010.patch
+Patch101: ffmpeg-5-CVE-2024-32228.patch
+Patch102: ffmpeg-5-CVE-2024-32230.patch
+#
+# preamble is present twice, watch out
+#
%if %{with amf_sdk}
BuildRequires: AMF-devel
%endif
@@ -856,14 +855,15 @@
Patch90: ffmpeg-chromium.patch
Patch91: ffmpeg-dlopen-openh264.patch
Patch93: soname.diff
-# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50007.patch CVE-2023-50007 bsc#1223253
qz...@suse.com -- Fix crash with EOF handling.
Patch94: ffmpeg-CVE-2023-50007.patch
-# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50008.patch CVE-2023-50008 bsc#1223254
qz...@suse.com -- Fix memory leaks.
Patch95: ffmpeg-CVE-2023-50008.patch
-# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-49502.patch CVE-2023-49502 bsc#1223235
qz...@suse.com -- Account for chroma sub-sampling in min size calculation.
Patch96: ffmpeg-CVE-2023-49502.patch
-# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-51793.patch CVE-2023-51793 bsc#1223272
qz...@suse.com -- Fix odd height handling.
Patch97: ffmpeg-CVE-2023-51793.patch
+Patch98: ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch
+Patch99: ffmpeg-CVE-2023-50009.patch
+Patch100: ffmpeg-CVE-2023-50010.patch
+Patch101: ffmpeg-5-CVE-2024-32228.patch
+Patch102: ffmpeg-5-CVE-2024-32230.patch
BuildRequires: c_compiler
Requires: this-is-only-for-build-envs
++++++ _scmsync.obsinfo ++++++
mtime: 1722060037
commit: 456a43c1eebd82b4c31280ed1c60abf81fcf3b36972b699ec8ecf09e62712afb
url: https://src.opensuse.org/jengelh/ffmpeg-5.git
++++++ ffmpeg-5-CVE-2024-32228.patch ++++++
>From 459648761f5412acdc3317d5bac982ceaa257584
Author: Niklas Haas <g...@haasn.dev>
Date: Sat Apr 6 13:11:09 2024 +0200
Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
References: CVE-2024-32228
References: bsc#1227277
Upstream: Backport from upstream
Invalid input files may contain film grain metadata which survives
ff_h274_film_grain_params_supported() but does not pass
av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
Fix this by duplicating the av_film_grain_params_select() check at frame
init time.
An alternative solution here would be to defer the incompatibility check
to hevc_frame_end(), but this has the downside of allocating a film
grain buffer even when we already know we can't apply film grain.
Fixes: https://trac.ffmpeg.org/ticket/10951
--- ffmpeg-5.1.4/libavcodec/hevcdec.c
+++ ffmpeg-5.1.4_new/libavcodec/hevcdec.c
@@ -3035,12 +3035,29 @@
goto fail;
}
- s->ref->frame->key_frame = IS_IRAP(s);
+ if (IS_IRAP(s))
+ s->ref->frame->flags |= AV_FRAME_FLAG_KEY;
+ else
+ s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY;
- s->ref->needs_fg = s->sei.film_grain_characteristics.present &&
+ s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present ||
+ s->sei.common.aom_film_grain.enable) &&
!(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
!s->avctx->hwaccel;
+ ret = set_side_data(s);
+ if (ret < 0)
+ goto fail;
+
+ if (s->ref->needs_fg &&
+ ( s->sei.common.film_grain_characteristics.present &&
+
!ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
+ s->ref->frame->format))
+ || !av_film_grain_params_select(s->ref->frame)) {
+ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG,
&s->film_grain_warning_shown,
+ "Unsupported film grain parameters. Ignoring film
grain.\n");
+ s->ref->needs_fg = 0;
+ }
if (s->ref->needs_fg) {
s->ref->frame_grain->format = s->ref->frame->format;
s->ref->frame_grain->width = s->ref->frame->width;
@@ -3049,10 +3066,6 @@
goto fail;
}
- ret = set_side_data(s);
- if (ret < 0)
- goto fail;
-
s->frame->pict_type = 3 - s->sh.slice_type;
if (!IS_IRAP(s))
++++++ ffmpeg-5-CVE-2024-32230.patch ++++++
>From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
Author: Michael Niedermayer <mich...@niedermayer.cc>
Date: Mon Apr 8 18:38:42 2024 +0200
Subject: avcodec/mpegvideo_enc: Fix 1 line and one column images
References: CVE-2024-32230
References: bsc#1227296
Upstream: Backport from upstream
Fixes: Ticket10952
Fixes: poc21ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
--- ffmpeg-5.1.4/libavcodec/mpegvideo_enc.c
+++ ffmpeg-5.1.4_new/libavcodec/mpegvideo_enc.c
@@ -1087,8 +1087,8 @@
int dst_stride = i ? s->uvlinesize : s->linesize;
int h_shift = i ? h_chroma_shift : 0;
int v_shift = i ? v_chroma_shift : 0;
- int w = s->width >> h_shift;
- int h = s->height >> v_shift;
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
uint8_t *src = pic_arg->data[i];
uint8_t *dst = pic->f->data[i];
int vpad = 16;
