ffmpeg-4-4.4.5-150600.13.16.1

- Add ffmpeg-4-CVE-2025-22921.patch:
  Backport 7f9c7f98 from upstream, clear array length when
  freeing it.
  (CVE-2025-22921, bsc#1237382)

- Add ffmpeg-4-CVE-2025-25473.patch:
  Backport c08d3004 from upstream, clear FFFormatContext packet.
  When packet_buffer is used in mux.c, and if a muxing process fails
  at a point where packets remained in said queue.
  (CVE-2025-25473, bsc#1237351)

- Add ffmpeg-4-CVE-2025-0518.patch:
  Backport b5b6391d from upstream, fixes memory data leak when
  use sscanf().
  (CVE-2025-0518, bsc#1236007)

- Add ffmpeg-4-CVE-2025-22919.patch:
  Backport 1446e37d from upstream, check for valid sample rate
  As the sample rate <= 0 is invalid.
  (CVE-2025-22919, bsc#1237371)

- Add ffmpeg-4-CVE-2024-12361.patch:
  Backport 4065ff69 from upstream, add check for av_packet_new_side_data()
  to avoid null pointer dereference if allocation fails.
  (CVE-2024-12361, bsc#1237358)

- Add ffmpeg-4-CVE-2024-35368.patch:
  Backport 45133009 from upstream, After having created the
  AVBuffer that is put into frame->buf[0], ownership of several
  objects Fix double-free on the AVFrame is unreferenced.
  (CVE-2024-35368, bsc#1234028)

- Update to release 4.4.5
  * Reliability/bug fixes
  Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
  Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int'
  (CVE-2024-36613, bsc#1235092)
  avformat/cafdec: dont seek beyond 64bit (CVE-2024-36617, bsc#1234019).
  avformat/westwood_vqa: Fix 2g packets (CVE-2024-36616, bsc#1234018).
- Delete
  0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
  0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
  0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
  ffmpeg-CVE-2023-51793.patch
  0001-avfilter-af_stereowiden-Check-length.patch
  ffmpeg-fix-new-binutils.patch
  ffmpeg-CVE-2023-50010.patch
  ffmpeg-4-CVE-2024-32230.patch
  ffmpeg-4-CVE-2024-7055.patch (all merged)
  (CVE-2023-51798, bsc#1223304)

- Adjust bconds to build the package in SLFO without xvidcore.

- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
  [boo#1229338]

- Add ffmpeg-c99.patch so that the package conforms to the C99
  standard and builds on i586 with GCC 14.

- Add 0001-avfilter-af_stereowiden-Check-length.patch
  [boo#1223437, CVE-2023-51794]

- Add ffmpeg-CVE-2023-51793.patch:
  Backport 0ecc1f0e from upstream, Fix odd height handling.
  (CVE-2023-51793, bsc#1223272)

- Add ffmpeg-CVE-2023-49502.patch:
  Backport 737ede40 from upstream, account for chroma sub-sampling
  in min size calculation.
  (CVE-2023-49502, bsc#1223235)

- Add 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch:
  Backport 68146f06 from upstream, Check pts before division.
  (CVE-2023-51798, bsc#1223304)

- Add 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch:
  Backport 76a48e85 from upstream, Check length.
  (CVE-2024-31578, bsc#1223070)

- drop support for libmfx, which is no longer supported upstream
  at all (boo#1219494)

- Update ffmpeg-glslang-cxx17.patch to build with glslang 14
- Disable vmaf integration as ffmpeg-4 cannot handle vmaf>=3
- Delete vmaf-trim-usr-local.patch

- Add ffmpeg-4-CVE-2024-7055.patch:
  Backport 3faadbe2 from upstream, Use 64bit for input size check,
  Fixes: out of array read, Fixes: poc3.
  (CVE-2024-7055, bsc#1229026)

- dropping support for libmfx below covers:
  * libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
  * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
  * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
  * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
  * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
  * Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892)
  * Drop libmfx dependency from our product (jira #PED-10024)

- Add ffmpeg-4-CVE-2023-51798.patch:
  Backporting 68146f06 from upstream, Check pts before division.
  (CVE-2023-51798 bsc#1223304)

- Add ffmpeg-4-CVE-2024-32230.patch:
  Backport 96449cfe from upstream, Fix 1 line and one column images.
  (CVE-2024-32230, bsc#1227296)

- Add ffmpeg-CVE-2020-22021.patch: Backport from upstream to fix
  Buffer Overflow vulnerability in filter_edges function in
  libavfilter/vf_yadif.c (CVE-2020-22021, bsc#1186586).

- ffmpeg-avcodec-libdav1d-fix-compilation-after-recent-libdav.patch,
  ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
  * fixes build against dav1d, which has been updated in
    SUSE:SLE-15-SP5:Update (where apparently no rebuild of ffmpeg-4
    had been triggered)

- ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
  * fixes build against dav1d, which has been updated in
    SUSE:SLE-15-SP5:Update (where apparently no rebuild of ffmpeg-4
    had been triggered)

- Add ffmpeg-CVE-2023-51794.patch: Fix heap buffer overflow at
  libavfilter (CVE-2023-51794, bsc#1223437).

- Add ffmpeg-CVE-2020-22021.patch: Backport from upstream to fix
  Buffer Overflow vulnerability in filter_edges function in
  libavfilter/vf_yadif.c (CVE-2020-22021, bsc#1186586).

- Add ffmpeg-CVE-2023-50010.patch:
  Backport e4d2666b from upstream, fixes the out of array access.
  (CVE-2023-a50010, bsc#1223256)

- Add ffmpeg-CVE-2024-31578.patch:
  Backporting ab0fdaed from upstream, Fix heap use after free when
  vulkan_frames_init failed.
  (CVE-2024-31578 bsc#1223070)

- Add ffmpeg-CVE-2023-51793.patch:
  Backporting 0ecc1f0e from upstream, Fix odd height handling, Fix
  out of array access.
  (CVE-2023-51793 bsc#1223272)

- Add ffmpeg-CVE-2023-49502.patch
  Backporting 737ede40 from upstream, Adjusts the logic to consider
  the chroma planes and makes the change to all three bwdif
  implementations.
  (CVE-2023-49502 bsc#1223235)

- ffmpeg-fix-new-binutils.patch.txt: fix build with new binutils
  (bsc#1215309)

- Add ffmpeg-CVE-2022-48434.patch: Backport from upstream to fix
  use after free in libavcodec/pthread_frame.c (bsc#1209934).

- Add ffmpeg-CVE-2022-3341.patch: Backport from upstream to fix
  null pointer dereference in decode_main_header() in
  libavformat/nutdec.c (bsc#1206778).

- Add ffmpeg-CVE-2022-3109.patch: Backport from upstream to fix
  null pointer dereference in vp3_decode_frame() (bsc#1206442).

- Add ffmpeg-CVE-2022-3964.patch: Backport from upstream to fix
  out of bounds read in update_block_in_prev_frame() (bsc#1205388).

- Add ffmpeg-CVE-2021-38171.patch: Backport from upstream to fix
  adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4
  does not check the init_get_bits return value (bsc#1189724).

- Add ffmpeg-CVE-2021-38114.patch: Backport from upstream to fix
  the return value of the init_vlc function is not checked
  (bsc#1189142).

- Remove second hunk of ffmpeg-CVE-2020-22046.patch, that contains
  a goto to a none existing label. In order to distinguish this
  patch from the original, I renamed it to
  ffmpeg-4.4-CVE-2020-22046.patch
- While at it, refresh the other patches with offsets

- Add ffmpeg-CVE-2020-22046.patch: Backport from upstream to fix
  a denial of service vulnerability exists in FFmpeg 4.2 due to a
  memory leak in the avpriv_float_dsp_allocl function in
  libavutil/float_dsp.c (bsc#1186849).
- Add ffmpeg-CVE-2021-33815.patch: Backport from upstream to fix
  dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an
  out-of-bounds array access because dc_count is not strictly
  checked (bsc#1186865).

- Enable SVT-AV1 encoding

- Enable vulkan on on Leap 15

- Enable libdavd1 on Leap 15.2+ [boo#1184830]

- Update to release 4.4
  * New demuxers, AV1 support improvements, and other enhancements.
  * AV1 monochrome encoding support.
- Remove ffmpeg_altivec_yuv2rgb_novsx.patch (merged)

- update to 4.3.2:
  * lots of oss-fuzz reported overflow fixes, see included ChangeLog
- drop
    ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch
    0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch
    0001-avformat-vividas-improve-extradata-packing-checks-in.patch: upstream

- Add 0001-avformat-vividas-improve-extradata-packing-checks-in.patch
  [boo#1180519] [CVE-2020-35964]

- remove dependency on OpenJPEG, this is obsolete since ffmpeg 4.0,
  we already build against OpenJPEG 2.1.
  see changes:
  - Dropped support for OpenJPEG versions 2.0 and below. Using OpenJPEG now
    requires 2.1 (or later) and pkg-config.

- Add ffmpeg_altivec_yuv2rgb_novsx.patch for ppc64 (BE) as per
  https://trac.ffmpeg.org/ticket/8750
  https://bugzilla.opensuse.org/show_bug.cgi?id=1179332

- Enable VMAF. This can be used to compute VMAF/PSNR/SSIM.
- Add vmaf-trim-usr-local.patch .

- Adjust soversion.patch to include a symlink [boo#1177667]
- Add 0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch

- Apply upstream fix to avoid segfaults in x86/yuv2rgb conversion
  ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch

- Add librav1e support

- Update to version 4.3.1:
  * Stable bug fix release, mainly codecs and format fixes.

- Add soversion.patch to workaround ELF ABI breakage.

- Update to release 4.3
  * A plethora of new video filters
  * Intel QSV-accelerated VP9 decoding
  * VDPAU VP9 hwaccel
  * QSV-accelerated VP9 encoding
  * AV1 frame merge bitstream filter
  * AV1 Annex B demuxer
  * Expanded styling support for 3GPP Timed Text Subtitles
  * Support for muxing PCM and PGS in M2TS
- Drop ffmpeg-prefer-dav1d-for-playback.patch
  (solved differently)
- Drop ffmpeg4_swscale_replace_illegal_vector_keyword.patch,
  ffmpeg4_swscale_fix_altivec_vsx_recent_gcc.patch,
  929e5159bc13da374b83f5627879c607acce180b.patch
  (merged)

- Update to version 4.2.3:
  * Stable bug fix release, mainly codecs and format fixes.
- Drop 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch: Fixed
  upstream.

- Enable dav1d decoder to support av1 (fixes boo#1184830)

- fix ffmpeg-4.2-dlopen-fdk_aac.patch, there is no libfdk-aac.so.1

- Update to version 4.2.1:
  * Stable bug fix release, mainly codecs and format fixes.
- Drop upstream fixed patch:
  0001-avcodec-h2645_parse-zero-initialize-the-rbsp-buffer.patch

- Add 0001-avcodec-h2645_parse-zero-initialize-the-rbsp-buffer.patch
  [boo#1149839, CVE-2019-15942]

- Make ffmpeg-4.2-dlopen-fdk_aac.patch less verbose

- Rename ffmpeg-4.2-dlopen-faac-mp3lame-opencore-x264-x265-xvid.patch
  to ffmpeg-4.2-dlopen-fdk_aac.patch since we need dlopen only
  for fdk_aac and looks like some other parts of the patch is
  buggy.

- Sync ffmpeg-4.2-dlopen-faac-mp3lame-opencore-x264-x265-xvid.patch
  from upstream.

- Disable LTO for arm, fixes build.

- avoid ppc64le build error upstream issue
  https://trac.ffmpeg.org/ticket/7861
  Add ffmpeg4_swscale_replace_illegal_vector_keyword.patch
  Add ffmpeg4_swscale_fix_altivec_vsx_recent_gcc.patch

- Add ffmpeg-prefer-dav1d-for-playback.patch: Prefer using dav1d
  for av1 playback over libaom.

- Update to FFmpeg 4.2 "Ada"
  * tpad filter
  * AV1 decoding support through libdav1d
  * dedot filter
  * chromashift and rgbashift filters
  * freezedetect filter
  * truehd_core bitstream filter
  * dhav demuxer
  * PCM-DVD encoder
  * GIF parser
  * vividas demuxer
  * hymt decoder
  * anlmdn filter
  * maskfun filter
  * hcom demuxer and decoder
  * ARBC decoder
  * libaribb24 based ARIB STD-B24 caption support (profiles A and C)
  * Support decoding of HEVC 4:4:4 content in nvdec and cuviddec
  * removed libndi-newtek
  * agm decoder
  * KUX demuxer
  * AV1 frame split bitstream filter
  * lscr decoder
  * lagfun filter
  * asoftclip filter
  * Support decoding of HEVC 4:4:4 content in vdpau
  * colorhold filter
  * xmedian filter
  * asr filter
  * showspatial multimedia filter
  * VP4 video decoder
  * IFV demuxer
  * derain filter
  * deesser filter
  * mov muxer writes tracks with unspecified language instead
    of English by default
  * added support for using clang to compile CUDA kernels
- Drop ffmpeg-avcodec-libdav1d-AV1-decoder-wrapper.patch, merged
  upstream.
- Rebase and rename
  ffmpeg-4.1-dlopen-faac-mp3lame-opencore-x264-x265-xvid.patch
  to
  ffmpeg-4.2-dlopen-faac-mp3lame-opencore-x264-x265-xvid.patch
- See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete
  changelog.

- Update to version 4.1.4
  * See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete
    changelog.

- Add pkgconfig(libva-drm), pkgconfig(libva-x11) BuildRequires: and
  conditional pkgconfig(libmfx) BuildRequires: Build intel-mediasdk
  support when possible.

- Add back pkgconfig(fdk-aac) BuildRequires since we still need
  the headers at compile time.
- Fix include paths in
  ffmpeg-4.1-dlopen-faac-mp3lame-opencore-x264-x265-xvid.patch

- Add ffmpeg-4.1-dlopen-faac-mp3lame-opencore-x264-x265-xvid.patch
  from OpenMandriva to optionally enable runtime enabling of
  fdkaac/lame/x264/x265
- Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen
- Rename bcond fdk_aac to fdk_aac_dlopen
- Remove fdk-aac BuildRequires now it's only dlopen'd

- Enable LTO for all except i586 (boo#1133123).

- Disable LTO again, as it breaks build for i586 (boo#1133123).

- Throw out svt-av1. The build is unable to complete
  in openSUSE:Factory.

- Use %make_build in order to provide parallel build for tools/*.
  And make output verbose.

- Enable LTO for new SUSE versions (boo#1133123).

- Update patch 0001-Add-ability-for-ffmpeg-to-run-svt-av1.patch
  from upstream

- Update to version 4.1.3:
  * Updates and bug fixes for codecs, filters and formats.
    [boo#1133153, boo#1133155, CVE-2019-11338, CVE-2019-11339]

- Add 0001-avformat-flvenc-Check-audio-packet-size.patch
  [CVE-2018-15822, boo#1105869]

- Update to version 4.0.2:
  * CVE-2018-13300: out of array read (boo#1100348, CVE-2018-13300)
  * Various bugfixes and a revert

- bsc#1092241 Enable webvtt encoders and decoders.

- Build codec2 encoder and decoder, add libcodec2 to
  enable_decoders and enable_encoders.

- Enable mpeg 1 and 2 encoders.

- Add conditional pkgconfig(aom) BuildRequires and pass
  - -enable-libaom to configure as well as add libaom and libaom_av1
  to enable_decoders and enable_encoders: Build AOMedia Video 1
  (AV1) support.

- Provide ffmpeg symbol without version on main package too

- Prefix all the devel packages and conflict between releases
  * Provide always the %version-%release of the respective build

- Fix setup call to enter to proper folder

- Conflict with other ffmpeg-devel packages, simply always pull
  one of them

- Reintroduce conditional libxvid support since FFmpeg?s
  MPEG4-ASP encoder is not quite up to par

- Avoid double-nesting BUILD_ORIG with %withs.
  (Reintroduces with_opencore)

- bsc#1103064 attempt to allow migration from the unprefixed devel
  packages cleanly

- Reduce the optional conditional for the SLE12 backports to
  cover everything, most of the packages in old codestreams were
  not really ready as they need additional baselibs/etc.
  * Since these are new features user will simply wait or use TW

- Enable "kmsgrab" input device

- Redo the nvidia condition based on review feeback

- Do not condition nvidia based on BUILD_ORIG all the support is in
  TW only and not on different instances as such safeguard it with
  version check only bsc#1102532

- Add new bconds to build on SLE12 backports project without
  requiring extra packages:
  * %bcond_without codec2
  * %bcond_without bs2b
  * %bcond_without lv2
  * %bcond_without rubberband
  * %bcond_without soxr
  * %bcond_without zmq

- Fix typo in swresample name

- Conditionalize full build to be primary only on Leap15+

- Add macros to allow conflicting with all other devel projects
  to ensure we always install only one specific ffmpeg

- Conditionalize the vidstab build to not pull it on old releases
- Conditionalize srt support to not pull it on older releases
  - ------------------------------------------------------------------

- Enable ffnvcodec when building with NVIDIA support

- Add pkgconfig(srt) BuildRequires and pass --enable-libsrt to
  configure, enable srt support.
- Refresh patches with quilt:
  * cve-2017-17555.diff
  * ffmpeg-codec-choice.diff
  * ffmpeg-libcdio_cdda-pkgconfig.patch
  * ffmpeg-new-coder-errors.diff

- Enable libxml2 (used by MPEG DASH demuxer)

- Update to new upstream release 4.0.1
  * Fixed some integer overflows, undefined shifts, negative
    shifts, division by 0, and a null pointer deref.

- Enable pkgconfig(vidstab) BuildRequires unconditionally, now
  available in openSUSE.

- Conditionalize openmpt build to be resolvable on Leap 42.3

- Conditionalize mysofa build to be resolvable on Leap 15

- Conditionalize zimg to build on Leap 42.3

- Use autopatch

- Move license markings to the libs itself
- Add condition to switch between full build and lib only one
- Add provides/obsoletes on the ffmpeg private headers

- Enable libdavd1 on Leap 15.2+ [boo#1184830]

- Update to release 4.4
  * New demuxers, AV1 support improvements, and other enhancements.
  * AV1 monochrome encoding support.
- Remove ffmpeg_altivec_yuv2rgb_novsx.patch (merged)

- update to 4.3.2:
  * lots of oss-fuzz reported overflow fixes, see included ChangeLog
- drop
    ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch
    0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch
    0001-avformat-vividas-improve-extradata-packing-checks-in.patch: upstream

- Add 0001-avformat-vividas-improve-extradata-packing-checks-in.patch
  [boo#1180519] [CVE-2020-35964]

- remove dependency on OpenJPEG, this is obsolete since ffmpeg 4.0,
  we already build against OpenJPEG 2.1.
  see changes:
  - Dropped support for OpenJPEG versions 2.0 and below. Using OpenJPEG now
    requires 2.1 (or later) and pkg-config.

- Add ffmpeg_altivec_yuv2rgb_novsx.patch for ppc64 (BE) as per
  https://trac.ffmpeg.org/ticket/8750
  https://bugzilla.opensuse.org/show_bug.cgi?id=1179332

- Enable VMAF. This can be used to compute VMAF/PSNR/SSIM.
- Add vmaf-trim-usr-local.patch .

- Adjust soversion.patch to include a symlink [boo#1177667]
- Add 0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch

- Apply upstream fix to avoid segfaults in x86/yuv2rgb conversion
  ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch

- Add librav1e support

- Update to version 4.3.1:
  * Stable bug fix release, mainly codecs and format fixes.

- Add soversion.patch to workaround ELF ABI breakage.

- Update to release 4.3
  * A plethora of new video filters
  * Intel QSV-accelerated VP9 decoding
  * VDPAU VP9 hwaccel
  * QSV-accelerated VP9 encoding
  * AV1 frame merge bitstream filter
  * AV1 Annex B demuxer
  * Expanded styling support for 3GPP Timed Text Subtitles
  * Support for muxing PCM and PGS in M2TS
- Drop ffmpeg-prefer-dav1d-for-playback.patch
  (solved differently)
- Drop ffmpeg4_swscale_replace_illegal_vector_keyword.patch,
  ffmpeg4_swscale_fix_altivec_vsx_recent_gcc.patch,
  929e5159bc13da374b83f5627879c607acce180b.patch
  (merged)

- Update to version 4.2.3:
  * Stable bug fix release, mainly codecs and format fixes.
- Drop 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch: Fixed
  upstream.

- libfdk-aac is now .so.2, not .so.1.

- Throw out v4l2 m2m. This is likely the same case as boo#1041794.

- Enable v4l2 m2m encoders and decoders

- Add 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch
  [boo#1170767]

- Add Samba support for Factory (as this needs a fix in Samba itself)
  Add --enable-libsmbclient to configure, add BR on pkgconfig(smbclient)
- License is now GPLv3+ by default (--enable-version3)

- Always build the binary ffmpeg-4 even on Leap releases boo#1167628:
  * The conflicts in place should allow users to decide if they
    want to use ffmpeg from ffmpeg package or ffmpeg-4 from this
    package