Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-04-17 10:21:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg2" Mon Apr 17 10:21:04 2017 rev:6 rq:484299 version:2.8.11 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-03-13 15:27:35.396253095 +0100 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-04-17 10:21:08.854091389 +0200 @@ -1,0 +2,116 @@ +Sat Apr 1 07:37:40 UTC 2017 - [email protected] + +- Update to new upstream release 2.8.11 + * pgssubdec: reset rle_data_len/rle_remaining_len on allocation + error + * avformat/oggdec: Skip streams in duration correction that did + not had their duration set. + * avcodec/mpeg4videodec: Fix undefined shifts in + mpeg4_decode_sprite_trajectory() + * avformat/avidec: skip odml master index chunks in avi_sync + * avcodec/pngdec: Fix off by 1 size in decode_zbuf() + * lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr + * lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid + +------------------------------------------------------------------- +Sat Apr 1 06:33:50 UTC 2017 - [email protected] + +- Update to 2.8.10 to fix boo#1022920 VUL-0: CVE-2016-10190 +- Removed patches 0001-avcodec-ansi-Check-dimensions.patch, + 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch, + 0001-avformat-avidec-Remove-ancient-assert.patch and + 0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch. + They are incorporated in this version. +- Upstream changes: + * avformat/http: Match chunksize checks to master..3.0 + * Changelog: fix typos + * ffserver: Check chunk size + * Avoid using the term "file" and prefer "url" in some docs + and comments + * avformat/rtmppkt: Check for packet size mismatches + * zmqsend: Initialize ret to 0 + * configure: check for strtoull on msvc + * http: move chunk handling from http_read_stream() to + http_buf_read(). + * http: make length/offset-related variables unsigned. + * avcodec/flacdec: Fix undefined shift in decode_subframe() + * avcodec/get_bits: Fix get_sbits_long(0) + * avformat/ffmdec: Check media type for chunks + * avcodec/flacdec: Fix signed integer overflow in + decode_subframe_fixed() + * avcodec/flacdsp_template: Fix undefined shift in + flac_decorrelate_indep_c + * avformat/oggparsespeex: Check frames_per_packet and packet_size + * avformat/utils: Check start/end before computing duration in + update_stream_timings() + * avcodec/flac_parser: Update nb_headers_buffered + * avformat/idroqdec: Check chunk_size for being too large + * filmstripdec: correctly check image dimensions + * mss2: only use error correction for matching block counts + * softfloat: decrease MIN_EXP to cover full float range + * libopusdec: default to stereo for invalid number of channels + * sbgdec: prevent NULL pointer access + * smacker: limit recursion depth of smacker_decode_bigtree + * mxfdec: fix NULL pointer dereference in mxf_read_packet_old + * libschroedingerdec: fix leaking of framewithpts + * libschroedingerdec: don't produce empty frames + * softfloat: handle -INT_MAX correctly + * pnmdec: make sure v is capped by maxval + * smvjpegdec: make sure cur_frame is not negative + * icodec: correctly check avio_read return value + * icodec: fix leaking pkt on error + * dvbsubdec: fix division by zero in compute_default_clut + * proresdec_lgpl: explicitly check coff[3] against slice_data_size + * escape124: reject codebook size 0 + * mpegts: prevent division by zero + * matroskadec: fix NULL pointer dereference in + webm_dash_manifest_read_header + * mpegaudio_parser: don't return AVERROR_PATCHWELCOME + * mxfdec: fix NULL pointer dereference + * diracdec: check return code of get_buffer_with_edge + * ppc: pixblockdsp: do unaligned block accesses correctly again + * mpeg12dec: unref discarded picture from extradata + * cavsdec: unref frame before referencing again + * avformat: prevent triggering request_probe assert in ff_read_packet + * avformat/mpeg: Adjust vid probe threshold to correct mis-detection + * avcodec/rv40: Test remaining space in loop of get_dimension() + * avcodec/ituh263dec: Avoid spending a long time in slice sync + * avcodec/movtextdec: Add error message for tsmb_size check + * avcodec/movtextdec: Fix tsmb_size check==0 check + * avcodec/movtextdec: Fix potential integer overflow + * avcodec/sunrast: Fix input buffer pointer check + * avcodec/tscc: Check side data size before use + * avcodec/rawdec: Check side data size before use + * avcodec/msvideo1: Check side data size before use + * avcodec/qpeg: Check side data size before use + * avcodec/qtrle: Check side data size before use + * avcodec/msrle: Check side data size before use + * avcodec/kmvc: Check side data size before use + * avcodec/idcinvideo: Check side data size before use + * avcodec/cinepak: Check side data size before use + * avcodec/8bps: Check side data size before use + * avcodec/dvdsubdec: Fix off by 1 error + * avcodec/dvdsubdec: Fix buf_size check + * vp9: change order of operations in adapt_prob(). + * avcodec/interplayvideo: Check side data size before use + * avformat/mxfdec: Check size to avoid integer overflow in + mxf_read_utf16_string() + * avcodec/mpegvideo_enc: Clear mmx state in + ff_mpv_reallocate_putbitbuffer() + * avcodec/utils: Clear MMX state before returning from + avcodec_default_execute*() + * cmdutils: fix typos + * lavfi: fix typos + * lavc: fix typos + * tools: fix grammar error + * avutil/mips/generic_macros_msa: rename macro variable which + causes segfault for mips r6 + * videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES + iterations. + * avformat/avidec: Check nb_streams in read_gab2_sub() + * avformat/avidec: Remove ancient assert + * lavc/movtextdec.c: Avoid infinite loop on invalid data. + * avcodec/ansi: Check dimensions + * avcodec/cavsdsp: use av_clip_uint8() for idct + +------------------------------------------------------------------- Old: ---- 0001-avcodec-ansi-Check-dimensions.patch 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch 0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch 0001-avformat-avidec-Remove-ancient-assert.patch ffmpeg-2.8.8.tar.xz ffmpeg-2.8.8.tar.xz.asc New: ---- ffmpeg-2.8.11.tar.xz ffmpeg-2.8.11.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg2.spec ++++++ --- /var/tmp/diff_new_pack.vANRqs/_old 2017-04-17 10:21:09.845950919 +0200 +++ /var/tmp/diff_new_pack.vANRqs/_new 2017-04-17 10:21:09.849950352 +0200 @@ -1,7 +1,7 @@ # # spec file for package ffmpeg2 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,7 +33,7 @@ %bcond_without webp Name: ffmpeg2 -Version: 2.8.8 +Version: 2.8.11 Release: 0 Summary: Library for working with various multimedia formats License: LGPL-2.1+ and GPL-2.0+ @@ -56,10 +56,6 @@ Patch4: ffmpeg-new-coder-errors.diff Patch5: ffmpeg-codec-choice.diff Patch6: 0001-avcodec-exr-Check-tile-positions.patch -Patch7: 0001-avcodec-ansi-Check-dimensions.patch -Patch8: 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch -Patch9: 0001-avformat-avidec-Remove-ancient-assert.patch -Patch10: 0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: pkg-config @@ -301,7 +297,7 @@ %prep %setup -qn ffmpeg-%version -%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -P 7 -P 8 -P 9 -P 10 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1 %build perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c ++++++ ffmpeg-2.4.5-arm6l.patch ++++++ --- /var/tmp/diff_new_pack.vANRqs/_old 2017-04-17 10:21:09.941937325 +0200 +++ /var/tmp/diff_new_pack.vANRqs/_new 2017-04-17 10:21:09.945936759 +0200 @@ -2,10 +2,10 @@ libavutil/arm/timer.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: ffmpeg-3.0.1/libavutil/arm/timer.h +Index: ffmpeg-2.8.3/libavutil/arm/timer.h =================================================================== ---- ffmpeg-3.0.1.orig/libavutil/arm/timer.h -+++ ffmpeg-3.0.1/libavutil/arm/timer.h +--- ffmpeg-2.8.3.orig/libavutil/arm/timer.h ++++ ffmpeg-2.8.3/libavutil/arm/timer.h @@ -24,7 +24,7 @@ #include <stdint.h> #include "config.h" ++++++ ffmpeg-2.8.8.tar.xz -> ffmpeg-2.8.11.tar.xz ++++++ /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg-2.8.8.tar.xz /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg-2.8.11.tar.xz differ: char 27, line 1 ++++++ ffmpeg-libcdio_cdda-pkgconfig.patch ++++++ --- /var/tmp/diff_new_pack.vANRqs/_old 2017-04-17 10:21:09.985931094 +0200 +++ /var/tmp/diff_new_pack.vANRqs/_new 2017-04-17 10:21:09.985931094 +0200 @@ -2,11 +2,11 @@ configure | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -Index: ffmpeg-3.0.1/configure +Index: ffmpeg-2.8.3/configure =================================================================== ---- ffmpeg-3.0.1.orig/configure -+++ ffmpeg-3.0.1/configure -@@ -5714,8 +5714,9 @@ enabled jack_indev && check_lib2 jack/ja +--- ffmpeg-2.8.3.orig/configure ++++ ffmpeg-2.8.3/configure +@@ -5453,8 +5453,9 @@ enabled jack_indev && check_lib2 jack/ja enabled_any sndio_indev sndio_outdev && check_lib2 sndio.h sio_open -lsndio if enabled libcdio; then
