Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libaom for openSUSE:Factory checked
in at 2021-09-03 21:26:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libaom (Old)
and /work/SRC/openSUSE:Factory/.libaom.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libaom"
Fri Sep 3 21:26:04 2021 rev:6 rq:915099 version:3.1.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/libaom/libaom.changes 2021-07-18
23:44:57.763039799 +0200
+++ /work/SRC/openSUSE:Factory/.libaom.new.1899/libaom.changes 2021-09-03
21:26:51.254221238 +0200
@@ -1,0 +2,19 @@
+Wed Aug 25 09:13:44 UTC 2021 - pgaj...@suse.com
+
+- security update
+- added patches
+ fix CVE-2021-30475 [bsc#1189497], Buffer overflow in aom_dsp/noise_model.c
+ + libaom-CVE-2021-30475.patch
+
+-------------------------------------------------------------------
+Wed Aug 25 08:32:17 UTC 2021 - pgaj...@suse.com
+
+- Update to version 3.1.2:
+ * Update AUTHORS,CHANGELOG,CMakeLists.txt for v3.1.2
+ * Avoid chroma resampling for 420mpeg2 input
+ * Check array has two elements before using index 1
+ * Fix DecodeScalabilityTest failure in realtime only
+ * Store temporal_id and spatial_id of decoded frame
+ * exports.cmake: use APPLE and WIN32 and use def for mingw-w64
+
+-------------------------------------------------------------------
Old:
----
libaom-3.1.1.obscpio
New:
----
libaom-3.1.2.obscpio
libaom-CVE-2021-30475.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libaom.spec ++++++
--- /var/tmp/diff_new_pack.LJSETo/_old 2021-09-03 21:26:52.150223010 +0200
+++ /var/tmp/diff_new_pack.LJSETo/_new 2021-09-03 21:26:52.154223017 +0200
@@ -20,7 +20,7 @@
%define __builder ninja
%define __builddir _build
Name: libaom
-Version: 3.1.1
+Version: 3.1.2
Release: 0
Summary: AV1 codec library
License: BSD-2-Clause
@@ -29,6 +29,8 @@
Source0: %{name}-%{version}.tar.xz
Source99: baselibs.conf
Patch0: libaom-0001-Do-not-disable-_FORTIFY_SOURCE.patch
+# CVE-2021-30475 [bsc#1189497], Buffer overflow in aom_dsp/noise_model.c
+Patch1: libaom-CVE-2021-30475.patch
BuildRequires: c++_compiler
BuildRequires: cmake >= 3.6
BuildRequires: doxygen
++++++ _service ++++++
--- /var/tmp/diff_new_pack.LJSETo/_old 2021-09-03 21:26:52.190223089 +0200
+++ /var/tmp/diff_new_pack.LJSETo/_new 2021-09-03 21:26:52.194223097 +0200
@@ -5,7 +5,7 @@
<param name="filename">libaom</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v([0-9\.]*)</param>
- <param name="revision">v3.1.1</param>
+ <param name="revision">v3.1.2</param>
<param name="changesgenerate">enable</param>
</service>
<service name="tar" mode="buildtime" />
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.LJSETo/_old 2021-09-03 21:26:52.214223136 +0200
+++ /var/tmp/diff_new_pack.LJSETo/_new 2021-09-03 21:26:52.214223136 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://aomedia.googlesource.com/aom</param>
- <param
name="changesrevision">7fadc0e77130efb05f52979b0deaba9b6a1bba6d</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">ae2be8030200925895fa6e98bd274ffdb595cbf6</param></service></servicedata>
\ No newline at end of file
++++++ libaom-3.1.1.obscpio -> libaom-3.1.2.obscpio ++++++
/work/SRC/openSUSE:Factory/libaom/libaom-3.1.1.obscpio
/work/SRC/openSUSE:Factory/.libaom.new.1899/libaom-3.1.2.obscpio differ: char
28, line 1
++++++ libaom-CVE-2021-30475.patch ++++++
--- a/aom_dsp/noise_model.c
+++ b/aom_dsp/noise_model.c
@@ -214,7 +214,7 @@ static void
set_chroma_coefficient_fallback_soln(aom_equation_system_t *eqns) {
int aom_noise_strength_lut_init(aom_noise_strength_lut_t *lut, int num_points)
{
if (!lut) return 0;
- if (num_points < 0) return 0;
+ if (num_points <= 0) return 0;
lut->num_points = 0;
lut->points = (double(*)[2])aom_malloc(num_points * sizeof(*lut->points));
if (!lut->points) return 0;
@@ -1153,12 +1153,24 @@ int
aom_noise_model_get_grain_parameters(aom_noise_model_t *const noise_model,
// Convert the scaling functions to 8 bit values
aom_noise_strength_lut_t scaling_points[3];
- aom_noise_strength_solver_fit_piecewise(
- &noise_model->combined_state[0].strength_solver, 14, scaling_points + 0);
- aom_noise_strength_solver_fit_piecewise(
- &noise_model->combined_state[1].strength_solver, 10, scaling_points + 1);
- aom_noise_strength_solver_fit_piecewise(
- &noise_model->combined_state[2].strength_solver, 10, scaling_points + 2);
+ if (!aom_noise_strength_solver_fit_piecewise(
+ &noise_model->combined_state[0].strength_solver, 14,
+ scaling_points + 0)) {
+ return 0;
+ }
+ if (!aom_noise_strength_solver_fit_piecewise(
+ &noise_model->combined_state[1].strength_solver, 10,
+ scaling_points + 1)) {
+ aom_noise_strength_lut_free(scaling_points + 0);
+ return 0;
+ }
+ if (!aom_noise_strength_solver_fit_piecewise(
+ &noise_model->combined_state[2].strength_solver, 10,
+ scaling_points + 2)) {
+ aom_noise_strength_lut_free(scaling_points + 0);
+ aom_noise_strength_lut_free(scaling_points + 1);
+ return 0;
+ }
// Both the domain and the range of the scaling functions in the film_grain
// are normalized to 8-bit (e.g., they are implicitly scaled during grain
++++++ libaom.obsinfo ++++++
--- /var/tmp/diff_new_pack.LJSETo/_old 2021-09-03 21:26:52.274223255 +0200
+++ /var/tmp/diff_new_pack.LJSETo/_new 2021-09-03 21:26:52.274223255 +0200
@@ -1,5 +1,5 @@
name: libaom
-version: 3.1.1
-mtime: 1623186295
-commit: 7fadc0e77130efb05f52979b0deaba9b6a1bba6d
+version: 3.1.2
+mtime: 1626819795
+commit: ae2be8030200925895fa6e98bd274ffdb595cbf6
