SUSE-SU-2025:1128-1

This update for ffmpeg-4 fixes the following issues:

• CVE-2020-22037: Fixed unchecked return value of the init_vlc function (bsc#1186756)
• CVE-2024-12361: Fixed null pointer dereference (bsc#1237358)
• CVE-2024-35368: Fixed double free via the rkmppretrieveframe function within libavcodec/rkmppdec.c (bsc#1234028)
• CVE-2024-36613: Fixed integer overflow in the DXA demuxer of the libavformat library (bsc#1235092)
• CVE-2025-0518: Fixed memory leak due to unchecked sscanf return value (bsc#1236007)
• CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371)
• CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382)
• CVE-2025-25473: Fixed memory leak in avformatfreecontext() (bsc#1237351)

Other fixes:

• Build with SVT-AV1 3.0.0.

• Update to release 4.4.5:

• Adjust bconds to build the package in SLFO without xvidcore.
• Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch (bsc#1229338)
• Add ffmpeg-c99.patch so that the package conforms to the C99 standard and builds on i586 with GCC 14.
• No longer build against libmfx; build against libvpl (bsc#1230983, bsc#1219494)
• Drop libmfx dependency from our product (jira #PED-10024)
• Update patch to build with glslang 14
• Disable vmaf integration as ffmpeg-4 cannot handle vmaf>=3
• Copy codec list from ffmpeg-6

• Resolve build failure with binutils >= 2.41. (bsc#1215945)

• Update to version 4.4.4:

  • avcodec/012v: Order operations for odd size handling
  • avcodec/alsdec: The minimal block is at least 7 bits
  • avcodec/bink:
    • Avoid undefined out of array end pointers in
      binkbdecodeplane()
    • Fix off by 1 error in ref end
  • avcodec/eac3dec: avoid float noise in fixed mode addition to
    overflow
  • avcodec/eatgq: : Check index increments in tgqdecodeblock()
  • avcodec/escape124:
    • Fix signdness of end of input check
    • Fix some return codes
  • avcodec/ffv1dec:
    • Check that num h/v slices is supported
    • Fail earlier if prior context is corrupted
    • Restructure slice coordinate reading a bit
  • avcodec/mjpegenc: take into account component count when
    writing the SOF header size
  • avcodec/mlpdec: Check max matrix instead of max channel in
    noise check
  • avcodec/motionpixels: Mask pixels to valid values
  • avcodec/mpeg12dec: Check input size
  • avcodec/nvenc:
    • Fix b-frame DTS behavior with fractional framerates
    • Fix vbv buffer size in cq mode
  • avcodec/pictordec: Remove mid exit branch
  • avcodec/pngdec: Check deloco index more exactly
  • avcodec/rpzaenc: stop accessing out of bounds frame
  • avcodec/scpr3: Check bx
  • avcodec/scpr: Test bx before use
  • avcodec/snowenc: Fix visual weight calculation
  • avcodec/speedhq: Check buf_size to be big enough for DC
  • avcodec/sunrast: Fix maplength check
  • avcodec/tests/snowenc:
    • Fix 2nd test
    • Return a failure if DWT/IDWT mismatches
    • Unbreak DWT tests
  • avcodec/tiff: Ignore tile_count
  • avcodec/utils:
    • Allocate a line more for VC1 and WMV3
    • Ensure linesize for SVQ3
    • Use 32pixel alignment for bink
  • avcodec/videodsp_template: Adjust pointers to avoid undefined
    pointer things
  • avcodec/vp3: Add missing check for av_malloc
  • avcodec/wavpack:
    • Avoid undefined shift in gettail()
    • Check for end of input in wvunpackdsdhigh()
  • avcodec/xpmdec: Check size before allocation to avoid
    truncation
  • avfilter/vf_untile: swap the chroma shift values used for plane
    offsets
  • avformat/id3v2: Check taglen in read_uslt()
  • avformat/mov: Check samplesize and offset to avoid integer
    overflow
  • avformat/mxfdec: Use 64bit in remainder
  • avformat/nutdec: Add check for avformatnewstream
  • avformat/replaygain: avoid undefined / negative abs
  • swscale/input: Use more unsigned intermediates
  • swscale/output: Bias 16bps output calculations to improve non
    overflowing range
  • swscale: aarch64: Fix yuv2rgb with negative stride
  • Use https for repository links

• Update to version 4.4.3:

  • Stable bug fix release, mainly codecs, filter and format fixes.

• Add patch to detect SDL2 >= 2.1.0 (bsc#1202848):

• Update to version 4.4.2:

  • Stable bug fix release, mainly codecs, filter and format fixes.

• Add conflicts for ffmpeg-5's tools

• Enable Vulkan filters
• Fix OS version check, so nvcodec is enabled for Leap too.

• Disamble libsmbclient usage (can always be built with
  --with-smbclient): the usecase of ffmpeg directly accessing
  smb:// shares is quite constructed (most users will have their
  smb shares mounted).

• Update to version 4.4.1:

  • Stable bug fix release, mainly codecs and format fixes.