Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libaom for openSUSE:Factory checked in at 2021-09-03 21:26:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libaom (Old) and /work/SRC/openSUSE:Factory/.libaom.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libaom" Fri Sep 3 21:26:04 2021 rev:6 rq:915099 version:3.1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libaom/libaom.changes 2021-07-18 23:44:57.763039799 +0200 +++ /work/SRC/openSUSE:Factory/.libaom.new.1899/libaom.changes 2021-09-03 21:26:51.254221238 +0200 @@ -1,0 +2,19 @@ +Wed Aug 25 09:13:44 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2021-30475 [bsc#1189497], Buffer overflow in aom_dsp/noise_model.c + + libaom-CVE-2021-30475.patch + +------------------------------------------------------------------- +Wed Aug 25 08:32:17 UTC 2021 - pgaj...@suse.com + +- Update to version 3.1.2: + * Update AUTHORS,CHANGELOG,CMakeLists.txt for v3.1.2 + * Avoid chroma resampling for 420mpeg2 input + * Check array has two elements before using index 1 + * Fix DecodeScalabilityTest failure in realtime only + * Store temporal_id and spatial_id of decoded frame + * exports.cmake: use APPLE and WIN32 and use def for mingw-w64 + +------------------------------------------------------------------- Old: ---- libaom-3.1.1.obscpio New: ---- libaom-3.1.2.obscpio libaom-CVE-2021-30475.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libaom.spec ++++++ --- /var/tmp/diff_new_pack.LJSETo/_old 2021-09-03 21:26:52.150223010 +0200 +++ /var/tmp/diff_new_pack.LJSETo/_new 2021-09-03 21:26:52.154223017 +0200 @@ -20,7 +20,7 @@ %define __builder ninja %define __builddir _build Name: libaom -Version: 3.1.1 +Version: 3.1.2 Release: 0 Summary: AV1 codec library License: BSD-2-Clause @@ -29,6 +29,8 @@ Source0: %{name}-%{version}.tar.xz Source99: baselibs.conf Patch0: libaom-0001-Do-not-disable-_FORTIFY_SOURCE.patch +# CVE-2021-30475 [bsc#1189497], Buffer overflow in aom_dsp/noise_model.c +Patch1: libaom-CVE-2021-30475.patch BuildRequires: c++_compiler BuildRequires: cmake >= 3.6 BuildRequires: doxygen ++++++ _service ++++++ --- /var/tmp/diff_new_pack.LJSETo/_old 2021-09-03 21:26:52.190223089 +0200 +++ /var/tmp/diff_new_pack.LJSETo/_new 2021-09-03 21:26:52.194223097 +0200 @@ -5,7 +5,7 @@ <param name="filename">libaom</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v([0-9\.]*)</param> - <param name="revision">v3.1.1</param> + <param name="revision">v3.1.2</param> <param name="changesgenerate">enable</param> </service> <service name="tar" mode="buildtime" /> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.LJSETo/_old 2021-09-03 21:26:52.214223136 +0200 +++ /var/tmp/diff_new_pack.LJSETo/_new 2021-09-03 21:26:52.214223136 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://aomedia.googlesource.com/aom</param> - <param name="changesrevision">7fadc0e77130efb05f52979b0deaba9b6a1bba6d</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">ae2be8030200925895fa6e98bd274ffdb595cbf6</param></service></servicedata> \ No newline at end of file ++++++ libaom-3.1.1.obscpio -> libaom-3.1.2.obscpio ++++++ /work/SRC/openSUSE:Factory/libaom/libaom-3.1.1.obscpio /work/SRC/openSUSE:Factory/.libaom.new.1899/libaom-3.1.2.obscpio differ: char 28, line 1 ++++++ libaom-CVE-2021-30475.patch ++++++ --- a/aom_dsp/noise_model.c +++ b/aom_dsp/noise_model.c @@ -214,7 +214,7 @@ static void set_chroma_coefficient_fallback_soln(aom_equation_system_t *eqns) { int aom_noise_strength_lut_init(aom_noise_strength_lut_t *lut, int num_points) { if (!lut) return 0; - if (num_points < 0) return 0; + if (num_points <= 0) return 0; lut->num_points = 0; lut->points = (double(*)[2])aom_malloc(num_points * sizeof(*lut->points)); if (!lut->points) return 0; @@ -1153,12 +1153,24 @@ int aom_noise_model_get_grain_parameters(aom_noise_model_t *const noise_model, // Convert the scaling functions to 8 bit values aom_noise_strength_lut_t scaling_points[3]; - aom_noise_strength_solver_fit_piecewise( - &noise_model->combined_state[0].strength_solver, 14, scaling_points + 0); - aom_noise_strength_solver_fit_piecewise( - &noise_model->combined_state[1].strength_solver, 10, scaling_points + 1); - aom_noise_strength_solver_fit_piecewise( - &noise_model->combined_state[2].strength_solver, 10, scaling_points + 2); + if (!aom_noise_strength_solver_fit_piecewise( + &noise_model->combined_state[0].strength_solver, 14, + scaling_points + 0)) { + return 0; + } + if (!aom_noise_strength_solver_fit_piecewise( + &noise_model->combined_state[1].strength_solver, 10, + scaling_points + 1)) { + aom_noise_strength_lut_free(scaling_points + 0); + return 0; + } + if (!aom_noise_strength_solver_fit_piecewise( + &noise_model->combined_state[2].strength_solver, 10, + scaling_points + 2)) { + aom_noise_strength_lut_free(scaling_points + 0); + aom_noise_strength_lut_free(scaling_points + 1); + return 0; + } // Both the domain and the range of the scaling functions in the film_grain // are normalized to 8-bit (e.g., they are implicitly scaled during grain ++++++ libaom.obsinfo ++++++ --- /var/tmp/diff_new_pack.LJSETo/_old 2021-09-03 21:26:52.274223255 +0200 +++ /var/tmp/diff_new_pack.LJSETo/_new 2021-09-03 21:26:52.274223255 +0200 @@ -1,5 +1,5 @@ name: libaom -version: 3.1.1 -mtime: 1623186295 -commit: 7fadc0e77130efb05f52979b0deaba9b6a1bba6d +version: 3.1.2 +mtime: 1626819795 +commit: ae2be8030200925895fa6e98bd274ffdb595cbf6