Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ffmpeg-4 for openSUSE:Factory
checked in at 2023-01-24 19:41:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ffmpeg-4 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg-4.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-4"
Tue Jan 24 19:41:56 2023 rev:57 rq:1060279 version:4.4.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/ffmpeg-4/ffmpeg-4.changes 2022-12-24
14:52:02.671545127 +0100
+++ /work/SRC/openSUSE:Factory/.ffmpeg-4.new.32243/ffmpeg-4.changes
2023-01-24 20:19:47.644322485 +0100
@@ -1,0 +2,7 @@
+Fri Jan 20 07:22:58 UTC 2023 - Alynx Zhou <alynx.z...@suse.com>
+
+- Add ffmpeg-CVE-2022-3341.patch: Backport from upstream to fix
+ null pointer dereference in decode_main_header() in
+ libavformat/nutdec.c (bsc#1206778).
+
+-------------------------------------------------------------------
New:
----
ffmpeg-CVE-2022-3341.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ffmpeg-4.spec ++++++
--- /var/tmp/diff_new_pack.Ic2TVQ/_old 2023-01-24 20:19:48.336326055 +0100
+++ /var/tmp/diff_new_pack.Ic2TVQ/_new 2023-01-24 20:19:48.344326096 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ffmpeg-4
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -122,6 +122,7 @@
Patch11: ffmpeg-libglslang-detection.patch
Patch12: ffmpeg-CVE-2022-3964.patch
Patch13: ffmpeg-CVE-2022-3109.patch
+Patch14: ffmpeg-CVE-2022-3341.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel
++++++ ffmpeg-CVE-2022-3341.patch ++++++
diff --unified --recursive --text --new-file --color
ffmpeg-4.4.3.old/libavformat/nutdec.c ffmpeg-4.4.3.new/libavformat/nutdec.c
--- ffmpeg-4.4.3.old/libavformat/nutdec.c 2022-10-10 03:04:43.000000000
+0800
+++ ffmpeg-4.4.3.new/libavformat/nutdec.c 2023-01-20 15:33:38.060002545
+0800
@@ -358,8 +358,12 @@
ret = AVERROR(ENOMEM);
goto fail;
}
- for (i = 0; i < stream_count; i++)
- avformat_new_stream(s, NULL);
+ for (i = 0; i < stream_count; i++) {
+ if (!avformat_new_stream(s, NULL)) {
+ ret = AVERROR(ENOMEM);
+ goto fail;
+ }
+ }
return 0;
fail:
@@ -807,19 +811,23 @@
NUTContext *nut = s->priv_data;
AVIOContext *bc = s->pb;
int64_t pos;
- int initialized_stream_count;
+ int initialized_stream_count, ret;
nut->avf = s;
/* main header */
pos = 0;
+ ret = 0;
do {
+ if (ret == AVERROR(ENOMEM))
+ return ret;
+
pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
if (pos < 0 + 1) {
av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
goto fail;
}
- } while (decode_main_header(nut) < 0);
+ } while ((ret = decode_main_header(nut)) < 0);
/* stream headers */
pos = 0;
