Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ffmpeg-5 for openSUSE:Factory checked in at 2024-07-28 17:19:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-5 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-5.new.1882 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ffmpeg-5" Sun Jul 28 17:19:08 2024 rev:27 rq:1189863 version:5.1.4 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-5/ffmpeg-5.changes 2024-05-29 19:37:04.463144111 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg-5.new.1882/ffmpeg-5.changes 2024-07-28 17:19:43.688475691 +0200 @@ -1,0 +2,15 @@ +Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com> + +- Add ffmpeg-5-CVE-2024-32230.patch: + Backporting 96449cfe from upstream, Fix 1 line and one column images. + (CVE-2024-32230, bsc#1227296) + +------------------------------------------------------------------- +Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com> + +- Add ffmpeg-5-CVE-2024-32228.patch: + Backporting 45964876 from upstream, Fix segfault on invalid film + grain metadata. + (CVE-2024-32228, bsc#1227277) + +------------------------------------------------------------------- New: ---- _scmsync.obsinfo ffmpeg-5-CVE-2024-32228.patch ffmpeg-5-CVE-2024-32230.patch BETA DEBUG BEGIN: New: - Add ffmpeg-5-CVE-2024-32228.patch: Backporting 45964876 from upstream, Fix segfault on invalid film New: - Add ffmpeg-5-CVE-2024-32230.patch: Backporting 96449cfe from upstream, Fix 1 line and one column images. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-5.spec ++++++ --- /var/tmp/diff_new_pack.OM2Wi3/_old 2024-07-28 17:19:44.692515824 +0200 +++ /var/tmp/diff_new_pack.OM2Wi3/_new 2024-07-28 17:19:44.696515983 +0200 @@ -17,9 +17,6 @@ %define flavor @BUILD_FLAVOR@%{nil} -# -# preamble is present twice, watch out -# %if "%{flavor}" != "ffmpeg-5-mini" # Create proper conflicts to make sure we require all from one version @@ -91,10 +88,8 @@ Summary: Set of libraries for working with various multimedia formats License: GPL-3.0-or-later Group: Productivity/Multimedia/Video/Editors and Convertors -URL: https://ffmpeg.org/ - -#Freshcode-URL: http://freshcode.club/projects/ffmpeg #Git-Clone: git://source.ffmpeg.org/ffmpeg +URL: https://ffmpeg.org/ Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc Source3: ffmpeg-5-rpmlintrc @@ -104,7 +99,6 @@ Source92: ffmpeg_get_dlopen_headers.sh Source98: http://ffmpeg.org/ffmpeg-devel.asc#/ffmpeg-5.keyring Source99: baselibs.conf - Patch1: ffmpeg-arm6l.diff Patch2: ffmpeg-new-coder-errors.diff Patch3: ffmpeg-codec-choice.diff @@ -129,6 +123,11 @@ Patch98: ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch Patch99: ffmpeg-CVE-2023-50009.patch Patch100: ffmpeg-CVE-2023-50010.patch +Patch101: ffmpeg-5-CVE-2024-32228.patch +Patch102: ffmpeg-5-CVE-2024-32230.patch +# +# preamble is present twice, watch out +# %if %{with amf_sdk} BuildRequires: AMF-devel %endif @@ -856,14 +855,15 @@ Patch90: ffmpeg-chromium.patch Patch91: ffmpeg-dlopen-openh264.patch Patch93: soname.diff -# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50007.patch CVE-2023-50007 bsc#1223253 qzhao@suse.com -- Fix crash with EOF handling. Patch94: ffmpeg-CVE-2023-50007.patch -# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-50008.patch CVE-2023-50008 bsc#1223254 qzhao@suse.com -- Fix memory leaks. Patch95: ffmpeg-CVE-2023-50008.patch -# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-49502.patch CVE-2023-49502 bsc#1223235 qzhao@suse.com -- Account for chroma sub-sampling in min size calculation. Patch96: ffmpeg-CVE-2023-49502.patch -# PATCH-FIX-UPSTREAM ffmpeg-CVE-2023-51793.patch CVE-2023-51793 bsc#1223272 qzhao@suse.com -- Fix odd height handling. Patch97: ffmpeg-CVE-2023-51793.patch +Patch98: ffmpeg-Templatify-ff_gaussian_blur-and-ff-function.patch +Patch99: ffmpeg-CVE-2023-50009.patch +Patch100: ffmpeg-CVE-2023-50010.patch +Patch101: ffmpeg-5-CVE-2024-32228.patch +Patch102: ffmpeg-5-CVE-2024-32230.patch BuildRequires: c_compiler Requires: this-is-only-for-build-envs ++++++ _scmsync.obsinfo ++++++ mtime: 1722060037 commit: 456a43c1eebd82b4c31280ed1c60abf81fcf3b36972b699ec8ecf09e62712afb url: https://src.opensuse.org/jengelh/ffmpeg-5.git ++++++ ffmpeg-5-CVE-2024-32228.patch ++++++ From 459648761f5412acdc3317d5bac982ceaa257584 Author: Niklas Haas <git@haasn.dev> Date: Sat Apr 6 13:11:09 2024 +0200 Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata References: CVE-2024-32228 References: bsc#1227277 Upstream: Backport from upstream Invalid input files may contain film grain metadata which survives ff_h274_film_grain_params_supported() but does not pass av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end(). Fix this by duplicating the av_film_grain_params_select() check at frame init time. An alternative solution here would be to defer the incompatibility check to hevc_frame_end(), but this has the downside of allocating a film grain buffer even when we already know we can't apply film grain. Fixes: https://trac.ffmpeg.org/ticket/10951 --- ffmpeg-5.1.4/libavcodec/hevcdec.c +++ ffmpeg-5.1.4_new/libavcodec/hevcdec.c @@ -3035,12 +3035,29 @@ goto fail; } - s->ref->frame->key_frame = IS_IRAP(s); + if (IS_IRAP(s)) + s->ref->frame->flags |= AV_FRAME_FLAG_KEY; + else + s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY; - s->ref->needs_fg = s->sei.film_grain_characteristics.present && + s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present || + s->sei.common.aom_film_grain.enable) && !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) && !s->avctx->hwaccel; + ret = set_side_data(s); + if (ret < 0) + goto fail; + + if (s->ref->needs_fg && + ( s->sei.common.film_grain_characteristics.present && + !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, + s->ref->frame->format)) + || !av_film_grain_params_select(s->ref->frame)) { + av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown, + "Unsupported film grain parameters. Ignoring film grain.\n"); + s->ref->needs_fg = 0; + } if (s->ref->needs_fg) { s->ref->frame_grain->format = s->ref->frame->format; s->ref->frame_grain->width = s->ref->frame->width; @@ -3049,10 +3066,6 @@ goto fail; } - ret = set_side_data(s); - if (ret < 0) - goto fail; - s->frame->pict_type = 3 - s->sh.slice_type; if (!IS_IRAP(s)) ++++++ ffmpeg-5-CVE-2024-32230.patch ++++++ From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 Author: Michael Niedermayer <michael@niedermayer.cc> Date: Mon Apr 8 18:38:42 2024 +0200 Subject: avcodec/mpegvideo_enc: Fix 1 line and one column images References: CVE-2024-32230 References: bsc#1227296 Upstream: Backport from upstream Fixes: Ticket10952 Fixes: poc21ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- ffmpeg-5.1.4/libavcodec/mpegvideo_enc.c +++ ffmpeg-5.1.4_new/libavcodec/mpegvideo_enc.c @@ -1087,8 +1087,8 @@ int dst_stride = i ? s->uvlinesize : s->linesize; int h_shift = i ? h_chroma_shift : 0; int v_shift = i ? v_chroma_shift : 0; - int w = s->width >> h_shift; - int h = s->height >> v_shift; + int w = AV_CEIL_RSHIFT(s->width , h_shift); + int h = AV_CEIL_RSHIFT(s->height, v_shift); uint8_t *src = pic_arg->data[i]; uint8_t *dst = pic->f->data[i]; int vpad = 16;