Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ffmpeg-4 for openSUSE:Factory checked in at 2025-03-28 09:35:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-4 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-4.new.2696 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-4" Fri Mar 28 09:35:54 2025 rev:80 rq:1256073 version:4.4.5 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-4/ffmpeg-4.changes 2025-03-13 15:04:24.581706976 +0100 +++ /work/SRC/openSUSE:Factory/.ffmpeg-4.new.2696/ffmpeg-4.changes 2025-03-28 09:36:04.433753659 +0100 @@ -11 +11 @@ - Backporting 7f9c7f98 from upstream, clear array length when + Backport 7f9c7f98 from upstream, clear array length when @@ -19 +19 @@ - Backporting c08d3004 from upstream, clear FFFormatContext packet. + Backport c08d3004 from upstream, clear FFFormatContext packet. @@ -28 +28 @@ - Backporting b5b6391d from upstream, fixes memory data leak when + Backport b5b6391d from upstream, fixes memory data leak when @@ -36 +36 @@ - Backporting 1446e37d from upstream, check for valid sample rate + Backport 1446e37d from upstream, check for valid sample rate @@ -44 +44 @@ - Backporting 4065ff69 from upstream, add check for av_packet_new_side_data() + Backport 4065ff69 from upstream, add check for av_packet_new_side_data() @@ -52 +52 @@ - Backporting 45133009 from upstream, After having created the + Backport 45133009 from upstream, After having created the @@ -74,0 +75 @@ + (CVE-2023-51798, bsc#1223304) @@ -85 +86 @@ - Backporting 3faadbe2 from upstream, Use 64bit for input size check, + Backport 3faadbe2 from upstream, Use 64bit for input size check, @@ -105 +106 @@ - Backporting 96449cfe from upstream, Fix 1 line and one column images. + Backport 96449cfe from upstream, Fix 1 line and one column images. @@ -112 +113 @@ - Backporting e4d2666b from upstream, fixes the out of array access. + Backport e4d2666b from upstream, fixes the out of array access. @@ -125 +126 @@ - Backporting 0ecc1f0e from upstream, Fix odd height handling. + Backport 0ecc1f0e from upstream, Fix odd height handling. @@ -132 +133 @@ - Backporting 737ede40 from upstream, account for chroma sub-sampling + Backport 737ede40 from upstream, account for chroma sub-sampling @@ -139,2 +140,3 @@ -- Address boo#1223304/CVE-2023-51798: add patch - 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch +- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch: + Backport 68146f06 from upstream, Check pts before division. + (CVE-2023-51798, bsc#1223304) @@ -145,2 +147,11 @@ -- Address boo#1223070/CVE-2024-31578: add patch - 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch +- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch: + Backport 76a48e85 from upstream, Check length. + (CVE-2024-31578, bsc#1223070) + +------------------------------------------------------------------- +Mon Feb 12 18:23:41 UTC 2024 - Stefan Dirsch <sndir...@suse.com> + +- ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch + * fixes build against dav1d, which has been updated in + SUSE:SLE-15-SP5:Update (where apparently no rebuild of ffmpeg-4 + had been triggered) @@ -151,2 +162,11 @@ -- drop support for libmfx, which is no longer supported upstream - at all (boo#1219494) +- no longer build against libmfx; build also 15.5 against libvpl + (boo#1230983, boo#1219494) + +- dropping support for libmfx below covers: + * libmfx: improper input validation (CVE-2023-48368, bsc#1226897) + * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898) + * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899) + * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900) + * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901) + * Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892) + * Drop libmfx dependency from our product (jira #PED-10024) @@ -170 +190 @@ - Backporting 01fc3034 from upstream, Fix build with new binutils + Backport 01fc3034 from upstream, Fix build with new binutils New: ---- ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch BETA DEBUG BEGIN: New: - ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch * fixes build against dav1d, which has been updated in BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-4.spec ++++++ --- /var/tmp/diff_new_pack.3HRqUR/_old 2025-03-28 09:36:05.289789141 +0100 +++ /var/tmp/diff_new_pack.3HRqUR/_new 2025-03-28 09:36:05.289789141 +0100 @@ -144,6 +144,7 @@ Patch27: ffmpeg-4-CVE-2025-0518.patch Patch28: ffmpeg-4-CVE-2025-25473.patch Patch29: ffmpeg-4-CVE-2025-22921.patch +Patch30: ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.3HRqUR/_old 2025-03-28 09:36:05.341791297 +0100 +++ /var/tmp/diff_new_pack.3HRqUR/_new 2025-03-28 09:36:05.341791297 +0100 @@ -1,5 +1,5 @@ -mtime: 1741802095 -commit: 5d7becce2922140a0cba7bad200cf85e644953395c6565bd7406b306572f1c50 +mtime: 1742937378 +commit: 2ddfcb257c4def857918761587f2fed206c5baa5c74592ae5648d10e6952095e url: https://src.opensuse.org/jengelh/ffmpeg-4 revision: master ++++++ build.specials.obscpio ++++++ ++++++ ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch ++++++ commit e204846ec16c1ab34c7f3a681734cf5190433018 Author: James Almer <jamr...@gmail.com> Date: Fri Sep 3 13:50:32 2021 -0300 avcodec/libdav1d: fix compilation after recent libdav1d API changes They were done in preparation for an upcoming 1.0 release. Keep supporting previous releases for the time being. Reviewed-by: BBB Signed-off-by: James Almer <jamr...@gmail.com> --- a/libavcodec/libdav1d.c +++ b/libavcodec/libdav1d.c @@ -202,6 +202,9 @@ Libdav1dContext *dav1d = c->priv_data; Dav1dData *data = &dav1d->data; Dav1dPicture pic = { 0 }, *p = &pic; +#if FF_DAV1D_VERSION_AT_LEAST(5,1) + enum Dav1dEventFlags event_flags = 0; +#endif int res; if (!data->sz) { @@ -280,6 +283,11 @@ frame->linesize[1] = p->stride[1]; frame->linesize[2] = p->stride[1]; +#if FF_DAV1D_VERSION_AT_LEAST(5,1) + dav1d_get_event_flags(dav1d->c, &event_flags); + if (c->pix_fmt == AV_PIX_FMT_NONE || + event_flags & DAV1D_EVENT_FLAG_NEW_SEQUENCE) +#endif c->profile = p->seq_hdr->profile; c->level = ((p->seq_hdr->operating_points[0].major_level - 2) << 2) | p->seq_hdr->operating_points[0].minor_level;
