Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ffmpeg-6 for openSUSE:Factory checked in at 2024-04-26 23:26:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-6 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-6.new.1880 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-6" Fri Apr 26 23:26:10 2024 rev:11 rq:1170119 version:6.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-6/ffmpeg-6.changes 2024-04-24 15:13:41.047680092 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg-6.new.1880/ffmpeg-6.changes 2024-04-26 23:26:12.034602408 +0200 @@ -1,0 +2,14 @@ +Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qz...@suse.com> + +- Add ffmpeg-CVE-2023-50008.patch: + Backporting 5f87a68c from upstream, Fix memory leaks. + (CVE-2023-50008 bsc#1223254) + +------------------------------------------------------------------- +Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qz...@suse.com> + +- Add ffmpeg-CVE-2023-50007.patch: + Backporting b1942734 from upstream, Fix crash with EOF handling. + (CVE-2023-50007 bsc#1223253) + +------------------------------------------------------------------- New: ---- ffmpeg-CVE-2023-50007.patch ffmpeg-CVE-2023-50008.patch BETA DEBUG BEGIN: New: - Add ffmpeg-CVE-2023-50007.patch: Backporting b1942734 from upstream, Fix crash with EOF handling. New: - Add ffmpeg-CVE-2023-50008.patch: Backporting 5f87a68c from upstream, Fix memory leaks. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-6.spec ++++++ --- /var/tmp/diff_new_pack.U1DjD8/_old 2024-04-26 23:26:13.178644166 +0200 +++ /var/tmp/diff_new_pack.U1DjD8/_new 2024-04-26 23:26:13.182644311 +0200 @@ -120,7 +120,8 @@ Patch13: 0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch Patch90: ffmpeg-chromium.patch Patch91: ffmpeg-dlopen-openh264.patch - +Patch92: ffmpeg-CVE-2023-50007.patch +Patch93: ffmpeg-CVE-2023-50008.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel >= 3.98.3 @@ -841,6 +842,8 @@ Patch13: 0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch Patch90: ffmpeg-chromium.patch Patch91: ffmpeg-dlopen-openh264.patch +Patch92: ffmpeg-CVE-2023-50007.patch +Patch93: ffmpeg-CVE-2023-50008.patch BuildRequires: c_compiler Requires: this-is-only-for-build-envs ++++++ ffmpeg-CVE-2023-50007.patch ++++++ >From b1942734c7cbcdc9034034373abcc9ecb9644c47 Mon Sep 17 00:00:00 2001 From: Paul B Mahol <one...@gmail.com> Date: Mon, 27 Nov 2023 11:45:34 +0100 Subject: [PATCH] avfilter/af_afwtdn: fix crash with EOF handling References: https://bugzilla.opensuse.org/1223253 References: CVE-2023-50007 diff -Nura ffmpeg-6.1.1/libavfilter/af_afwtdn.c ffmpeg-6.1.1_new/libavfilter/af_afwtdn.c --- ffmpeg-6.1.1/libavfilter/af_afwtdn.c 2023-11-11 08:25:17.000000000 +0800 +++ ffmpeg-6.1.1_new/libavfilter/af_afwtdn.c 2024-04-25 14:15:23.737350315 +0800 @@ -408,6 +408,7 @@ uint64_t sn; int64_t eof_pts; + int eof; int wavelet_type; int channels; @@ -1069,7 +1070,7 @@ s->drop_samples = 0; } else { if (s->padd_samples < 0 && eof) { - out->nb_samples += s->padd_samples; + out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples); s->padd_samples = 0; } if (!eof) @@ -1208,23 +1209,26 @@ FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink); - ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in); - if (ret < 0) - return ret; - if (ret > 0) - return filter_frame(inlink, in); + if (!s->eof) { + ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in); + if (ret < 0) + return ret; + if (ret > 0) + return filter_frame(inlink, in); + } if (ff_inlink_acknowledge_status(inlink, &status, &pts)) { - if (status == AVERROR_EOF) { - while (s->padd_samples != 0) { - ret = filter_frame(inlink, NULL); - if (ret < 0) - return ret; - } - ff_outlink_set_status(outlink, status, pts); - return ret; - } + if (status == AVERROR_EOF) + s->eof = 1; } + + if (s->eof && s->padd_samples != 0) { + return filter_frame(inlink, NULL); + } else if (s->eof) { + ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts); + return 0; + } + FF_FILTER_FORWARD_WANTED(outlink, inlink); return FFERROR_NOT_READY; ++++++ ffmpeg-CVE-2023-50008.patch ++++++ >From 5f87a68cf70dafeab2fb89b42e41a4c29053b89b Mon Sep 17 00:00:00 2001 From: Paul B Mahol <one...@gmail.com> Date: Mon Nov 27 12:08:20 2023 +0100 Subject: avfilter/vf_colorcorrect: fix memory leaks References: https://bugzilla.opensuse.org/1223254 References: CVE-2023-50008 diff -Nura ffmpeg-6.1.1/libavfilter/vf_colorcorrect.c ffmpeg-6.1.1_new/libavfilter/vf_colorcorrect.c --- ffmpeg-6.1.1/libavfilter/vf_colorcorrect.c 2023-11-11 08:25:17.000000000 +0800 +++ ffmpeg-6.1.1_new/libavfilter/vf_colorcorrect.c 2024-04-25 14:35:29.717468737 +0800 @@ -497,6 +497,8 @@ ColorCorrectContext *s = ctx->priv; av_freep(&s->analyzeret); + av_freep(&s->uhistogram); + av_freep(&s->vhistogram); } static const AVFilterPad colorcorrect_inputs[] = {
