File ffmpeg-6.changes of Package ffmpeg-6
-------------------------------------------------------------------
Wed Apr 16 13:49:05 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add 7a089ed.patch:
Backport 7a089ed8 from upstream, avformat/avidec: Fix integer
overflow iff ULONG_MAX < INT64_MAX.
https://github.com/ffmpeg/ffmpeg/commit/7a089ed.patch
(CVE-2024-36618, bsc#1234020)
-------------------------------------------------------------------
Fri Mar 21 05:24:02 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2025-22921.patch:
Backport 7f9c7f98 from upstream, clear array length when
freeing it.
(CVE-2025-22921, bsc#1237382)
-------------------------------------------------------------------
Fri Mar 21 04:49:12 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2025-25473.patch:
Backport c08d3004 from upstream, clear FFFormatContext packet.
When packet_buffer is used in mux.c, and if a muxing process fails
at a point where packets remained in said queue.
(CVE-2025-25473, bsc#1237351)
-------------------------------------------------------------------
Fri Mar 21 04:22:02 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2025-0518.patch:
Backport b5b6391d from upstream, fixes memory data leak when
use sscanf().
(CVE-2025-0518, bsc#1236007)
-------------------------------------------------------------------
Fri Mar 21 03:52:18 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2025-22919.patch:
Backport 1446e37d from upstream, check for valid sample rate
As the sample rate <= 0 is invalid.
(CVE-2025-22919, bsc#1237371)
-------------------------------------------------------------------
Fri Mar 21 03:21:06 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2024-12361.patch:
Backport 4065ff69 from upstream, add check for av_packet_new_side_data()
to avoid null pointer dereference if allocation fails.
(CVE-2024-12361, bsc#1237358)
-------------------------------------------------------------------
Fri Mar 21 02:48:12 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2024-35365.patch:
Backport ced5c5fdb from upstream, Fix double-free on error.
(CVE-2024-35365, bsc#1235091)
-------------------------------------------------------------------
Fri Mar 21 02:06:21 UTC 2025 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2024-35368.patch:
Backport 45133009 from upstream, After having created the
AVBuffer that is put into frame->buf[0], ownership of several
objects Fix double-free on the AVFrame is unreferenced.
(CVE-2024-35368, bsc#1234028)
-------------------------------------------------------------------
Wed Mar 5 09:46:09 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
to build with SVT-AV1 3.0.0.
-------------------------------------------------------------------
Wed Jan 1 11:13:35 UTC 2025 - Dave Plater <davejplater@gmail.com>
- Update to version 6.1.2 and fix Factory build.
avcodec/pnmdec: Use 64bit for input size check (CVE-2024-7055, bsc#1229026)
avcodec/mpegvideo_enc: Fix 1 line and one column images (CVE-2024-32230, bsc#1227296)
avcodec/tests: rename the bundled Mesa AV1 vulkan video headers.
avformat/dxa: Adjust order of operations around block align (CVE-2024-36613, bsc#1235092)
avformat/cafdec: dont seek beyond 64bit (CVE-2024-36617, bsc#1234019)
avformat/westwood_vqa: Fix 2g packets (CVE-2024-36616, bsc#1234018)
avcodec/wavarc: fix signed integer overflow in block type 6/19 (CVE-2024-36619, bsc#1234023)
etc
- Remove patches already merged to upstream:
0001-avcodec-tests-rename-the-bundled-Mesa-AV1-vulkan-vid.patch
ffmpeg-6-CVE-2024-7055.patch
ffmpeg-6-CVE-2024-32230.patch
-------------------------------------------------------------------
Mon Sep 30 12:34:56 UTC 2024 - olaf@aepfle.de
- Fix assertion due to missing priv_data cleanup on failed VAAPI
acceleration with 11013-avcodec-decode-clean-up-if-get_hw_frames_parameters-.patch
(ffmpeg#11013, vlc#28811)
-------------------------------------------------------------------
Sun Sep 29 07:36:13 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Update ffmpeg-6.spec:
Disable xvid plugin build and dependence, since legal reviewers
are concerned xvid patents have not expired in Brazil, which should
not be used in a commercial context.
https://en.wikipedia.org/wiki/Xvid
-------------------------------------------------------------------
Thu Sep 26 10:02:20 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
- no longer build against libmfx; build also 15.5 against libvpl
(boo#1230983, boo#1219494)
- dropping support for libmfx below covers:
* libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
* libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
* libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
* libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
* libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
* Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892)
* Drop libmfx dependency from our product (jira #PED-10024)
-------------------------------------------------------------------
Fri Sep 6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2024-7055.patch:
Backport 3faadbe2 from upstream, Use 64bit for input size check,
Fixes: out of array read, Fixes: poc3.
(CVE-2024-7055, bsc#1229026)
-------------------------------------------------------------------
Sun Sep 1 18:04:27 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
[boo#1229338]
-------------------------------------------------------------------
Wed Aug 14 14:38:37 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
- Remove ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and
ffmpeg-6-CVE-2024-32228.patch to make the bot happy.
- Renumber patches.
-------------------------------------------------------------------
Tue Aug 13 18:59:14 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
- Disable ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and
ffmpeg-6-CVE-2024-32228.patch as they brake compilation with
BUILD_ORIG enabled, i.e. Packman.
-------------------------------------------------------------------
Fri Jul 26 14:28:59 UTC 2024 - Filip Kastl <filip.kastl@suse.com>
- Add ffmpeg-c99.patch so that the package conforms to the C99
standard and builds on i586 with GCC 14.
-------------------------------------------------------------------
Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2024-32230.patch:
Backport 96449cfe from upstream, Fix 1 line and one column images.
(CVE-2024-32230, bsc#1227296)
-------------------------------------------------------------------
Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2024-32228.patch:
Backport 45964876 from upstream, Fix segfault on invalid film
grain metadata.
(CVE-2024-32228, bsc#1227277)
-------------------------------------------------------------------
Tue Jul 2 11:56:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch:
Backport 5d7f234e from upstream, document that there can be multiple
complex filtergraphs to prepare dependence code for CVE-2024-32228.
(CVE-2024-32228, bsc#1227277)
-------------------------------------------------------------------
Tue Jul 2 11:55:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2024-32228-shim-f50382cb.patch:
Backport f50382cb from upstream, implement AFGS1 parsing.
to prepare dependence code for CVE-2024-32228.
(CVE-2024-32228, bsc#1227277)
-------------------------------------------------------------------
Tue Jul 2 11:54:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-6-CVE-2024-32228-shim-1535d338.patch:
Backport 1535d338 from upstream, add AOM film grain synthesis,
to prepare dependence code for CVE-2024-32228.
(CVE-2024-32228, bsc#1227277)
-------------------------------------------------------------------
Thu Apr 23 14:05:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-50008.patch:
Backport 5f87a68c from upstream, Fix memory leaks.
(CVE-2023-50008, bsc#1223254)
-------------------------------------------------------------------
Thu Apr 23 12:22:53 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add ffmpeg-CVE-2023-50007.patch:
Backport b1942734 from upstream, Fix crash with EOF handling.
(CVE-2023-50007, bsc#1223253)
-------------------------------------------------------------------
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Address boo#1223215/CVE-2023-49501: add patch
0001-avfilter-asrc_afirsrc-fix-by-one-smaller-allocation-.patch
- Address boo#1223235/CVE-2023-49502: add patch
0001-avfilter-bwdif-account-for-chroma-sub-sampling-in-mi.patch
- Address boo#1222730/CVE-2023-49528: add patches
0001-avfilter-af_dialoguenhance-fix-overreads.patch,
0001-avfilter-af_dialoguenhance-simplify-channels-copy.patch,
0001-avfilter-af_dialoguenhance-do-output-scaling-once.patch
- Address boo#1223070/CVE-2024-31578: add patch
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
- Address boo#1223085/CVE-2024-31582: add patch
0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
-------------------------------------------------------------------
Fri Mar 22 09:25:28 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Add 0001-avcodec-tests-rename-the-bundled-Mesa-AV1-vulkan-vid.patch
-------------------------------------------------------------------
Thu Mar 14 18:58:31 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Let the ffmpeg-6 main program be combinable with ffmpeg-6-mini-libs
-------------------------------------------------------------------
Mon Jan 15 11:11:08 UTC 2024 - Enrico Belleri <kilgore.trout@idesmi.eu>
- Update to version 6.1.1:
* libaribcaption decoder
* Playdate video decoder and demuxer
* Extend VAAPI support for libva-win32 on Windows
* afireqsrc audio source filter
* arls filter
* ffmpeg CLI new option: -readrate_initial_burst
* zoneplate video source filter
* command support in the setpts and asetpts filters
* Vulkan decode hwaccel, supporting H264, HEVC and AV1
* color_vulkan filter
* bwdif_vulkan filter
* nlmeans_vulkan filter
* RivaTuner video decoder
* xfade_vulkan filter
* vMix video decoder
* Essential Video Coding parser, muxer and demuxer
* Essential Video Coding frame merge bsf
* bwdif_cuda filter
* Microsoft RLE video encoder
* Raw AC-4 muxer and demuxer
* Raw VVC bitstream parser, muxer and demuxer
* Bitstream filter for editing metadata in VVC streams
* Bitstream filter for converting VVC from MP4 to Annex B
* scale_vt filter for videotoolbox
* transpose_vt filter for videotoolbox
* support for the P_SKIP hinting to speed up libx264 encoding
* Support HEVC,VP9,AV1 codec in enhanced flv format
* apsnr and asisdr audio filters
* OSQ demuxer and decoder
* Support HEVC,VP9,AV1 codec fourcclist in enhanced rtmp protocol
* CRI USM demuxer
* ffmpeg CLI '-top' option deprecated in favor of the setfield filter
* VAAPI AV1 encoder
* ffprobe XML output schema changed to account for multiple variable-fields elements within the same parent element
* ffprobe -output_format option added as an alias of -of
* avfilter/vf_minterpolate: Check pts before division (CVE-2023-51798, bsc#1223304)
* avfilter/vf_weave: Fix odd height handling (CVE-2023-51793, bsc#1223272)
* avfilter/vf_gradfun: Do not overread last line (CVE-2023-50010, bsc#1223256)
- Remove patch6 0001-avfilter-vf_libplacebo-remove-deprecated-field.diff
- Prefer libvpl to libmfx: the latter is deprecated
- Delete ffmpeg-6-private-devel package as it is only needed to build libav-tools
-------------------------------------------------------------------
Wed Nov 22 15:23:54 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
- Enable more decoders and encoders explicitly:
* amrwb via bcond_without for TW only (and in
enable_decoder/encoder)
* opencore via bcond_without for TW only (and in
enable_decoder/encoder)
* xvid via bcond_without for TW only (and in
enable_decoder/encoder)
* h.263 via enable_decoder/encoder and no longer explicitly
disabling in call to configure
* MPEG4 Visual via enable_decoder/encoder and no longer
explicitly disabling in call to configure
* MPEG2 Hardware decoders via enable_decoder/encoder
* And many many more via enable_decoder/encoder.
-------------------------------------------------------------------
Fri Nov 10 10:09:46 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 6.0.1:
* Updates and bugfixes to avcodecs, avformat and avfilters
mainly.
- Drop patch fixed upstream:
* 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
-------------------------------------------------------------------
Wed Oct 4 07:59:01 UTC 2023 - Manfred Hollstein <manfred.h@gmx.net>
- Add 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
to resolve a build failure on 15.4/15.5.
-------------------------------------------------------------------
Mon Jul 31 09:05:39 UTC 2023 - llyyr <llyyr.public@gmail.com>
- Bump required libplacebo version to v6.292.0 or newer for TW
- Temporarily demote deprecation errors to deprecation warnings
for vf_libplacebo
- Add upstream patches to fix build with libplacebo v6:
* 0001-avfilter-vf_libplacebo-remove-deprecated-field.diff
-------------------------------------------------------------------
Mon Apr 10 09:08:08 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Reset fixed leftover value for BUILD_ORIG
-------------------------------------------------------------------
Thu Mar 16 17:56:04 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Conflict with otherproviders(ffmpeg-tools).
-------------------------------------------------------------------
Thu Mar 9 09:02:01 UTC 2023 - Enrico Belleri <idesmi@protonmail.com>
- enable libplacebo filter
- clean old BuildRequires conditions
- add libjxl to enable_encoders
-------------------------------------------------------------------
Tue Feb 28 13:23:08 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Branch from ffmpeg-5.spec
- Remove ffmpeg-4.4-CVE-2020-22046.patch (inapplicable),
no-vk-video-decoding.patch (obsolete),
ffmpeg-CVE-2022-3964.patch (appears merged)
- Update to release 6.0
* FFmpeg now runs every muxer in a separate thread and requires
threading to be enabled for compilation
* VA-API encoding and decoding support for 10/12-bit 422,
10/12-bit 444 VP9 support
* RISC-V optimizations
