Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-09-07 22:12:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg2" Thu Sep 7 22:12:01 2017 rev:11 rq:521947 version:2.8.13 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-08-29 11:42:24.722437366 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-09-07 22:12:17.858725709 +0200 @@ -1,0 +2,27 @@ +Mon Sep 4 20:12:29 UTC 2017 - [email protected] + +- Update to new bugfix release 2.8.13 + * avformat/hls: Fix DoS due to infinite loop + [CVE-2017-14058] [boo#1056762] + * avformat/asfdec: Fix DoS due to lack of eof check + [CVE-2017-14057] [boo#1056761] + * avformat/cinedec: Fix DoS due to lack of eof check + [CVE-2017-14059] [boo#1056763] + * avformat/rl2: Fix DoS due to lack of eof check + (code not enabled in openSUSE, though in packman) + [CVE-2017-14056] [boo#1056760] + * avformat/mvdec: Fix DoS due to lack of eof check + [CVE-2017-14055] [boo#1056766] + * avformat/mxfdec: Fix Sign error in mxf_read_primer_pack + [CVE-2017-14169] [boo#1057536] + * avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array + [CVE-2017-14170] [boo#1057537] + * avformat/nsvdec: Fix DoS due to lack of eof check in + nsvs_file_offset loop. [CVE-2017-14171] [boo#1057539] + +------------------------------------------------------------------- +Sat Aug 26 14:56:55 UTC 2017 - [email protected] + +- Unconditionalize celt, ass, openjpeg, webp, libva, vdpau. + +------------------------------------------------------------------- Old: ---- ffmpeg-2.8.12.tar.xz ffmpeg-2.8.12.tar.xz.asc New: ---- ffmpeg-2.8.13.tar.xz ffmpeg-2.8.13.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg2.spec ++++++ --- /var/tmp/diff_new_pack.1RZqlc/_old 2017-09-07 22:12:20.786313107 +0200 +++ /var/tmp/diff_new_pack.1RZqlc/_new 2017-09-07 22:12:20.786313107 +0200 @@ -23,15 +23,9 @@ %bcond_with x265 %bcond_with xvid %bcond_with opencore -%bcond_without celt -%bcond_without libass -%bcond_without libva -%bcond_without openjpeg -%bcond_without vdpau -%bcond_without webp Name: ffmpeg2 -Version: 2.8.12 +Version: 2.8.13 Release: 0 Summary: Library for working with various multimedia formats License: LGPL-2.1+ and GPL-2.0+ @@ -56,39 +50,29 @@ Patch6: 0001-avcodec-exr-Check-tile-positions.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel +BuildRequires: libmp3lame-devel BuildRequires: pkg-config BuildRequires: yasm BuildRequires: pkgconfig(alsa) BuildRequires: pkgconfig(bzip2) -%if %{with celt} BuildRequires: pkgconfig(celt) >= 0.11.0 -%endif -BuildRequires: libmp3lame-devel BuildRequires: pkgconfig(enca) BuildRequires: pkgconfig(fontconfig) >= 2.4.2 BuildRequires: pkgconfig(freetype2) BuildRequires: pkgconfig(fribidi) >= 0.19.0 BuildRequires: pkgconfig(gnutls) BuildRequires: pkgconfig(jack) -%if %{with libass} BuildRequires: pkgconfig(libass) -%endif BuildRequires: pkgconfig(libbluray) BuildRequires: pkgconfig(libcdio) BuildRequires: pkgconfig(libcdio_paranoia) BuildRequires: pkgconfig(libdc1394-2) BuildRequires: pkgconfig(liboil-0.3) >= 0.3.15 -%if %{with openjpeg} BuildRequires: pkgconfig(libopenjpeg) -%endif BuildRequires: pkgconfig(libpulse) BuildRequires: pkgconfig(libraw1394) -%if %{with libva} BuildRequires: pkgconfig(libva) >= 0.35.0 -%endif -%if %{with webp} BuildRequires: pkgconfig(libwebp) >= 0.4 -%endif BuildRequires: pkgconfig(ogg) BuildRequires: pkgconfig(opus) BuildRequires: pkgconfig(schroedinger-1.0) @@ -96,9 +80,7 @@ BuildRequires: pkgconfig(speex) BuildRequires: pkgconfig(theora) >= 1.1 BuildRequires: pkgconfig(twolame) -%if %{with vdpau} BuildRequires: pkgconfig(vdpau) -%endif BuildRequires: pkgconfig(vorbis) BuildRequires: pkgconfig(vpx) >= 1.3.0 BuildRequires: pkgconfig(x11) @@ -311,20 +293,14 @@ --enable-libcdio \ --enable-gnutls \ --enable-ladspa \ -%if %{with libass} --enable-libass \ -%endif --enable-libbluray \ -%if %{with celt} --enable-libcelt \ -%endif --enable-libcdio \ --enable-libdc1394 \ --enable-libfreetype \ --enable-libgsm \ -%if %{with openjpeg} --enable-libopenjpeg \ -%endif --enable-libopus \ --enable-libpulse \ --enable-libschroedinger \ @@ -332,17 +308,11 @@ --enable-libtheora \ --enable-libvorbis \ --enable-libvpx \ -%if %{with webp} --enable-libwebp \ -%endif --enable-pic \ --enable-pthreads \ -%if %{with libva} --enable-vaapi \ -%endif -%if %{with vdpau} --enable-vdpau \ -%endif %if 0%{?BUILD_ORIG} %if %{with fdk_aac} --enable-libfdk_aac --enable-nonfree \ ++++++ enable_decoders ++++++ --- /var/tmp/diff_new_pack.1RZqlc/_old 2017-09-07 22:12:20.854303525 +0200 +++ /var/tmp/diff_new_pack.1RZqlc/_new 2017-09-07 22:12:20.862302398 +0200 @@ -1,4 +1,4 @@ -ac3 # ffmpeg(3.x) +ac3 ansi # trivial apng ass # trivial @@ -23,12 +23,15 @@ libvpx_vp8 libvpx_vp9 mjpeg # mjpegtools -#mpeg1video # libav -#mpeg2video # libav -#mpeg4 # libav -mp1 +#mpeg1video +#mpeg2video +#mpeg4 +mp1 # twolame/lame +mp1float # twolame/lame mp2 # twolame +mp2float # twolame mp3 # lame +mp3float # lame opus # libopus pam # trivial pbm # trivial ++++++ enable_encoders ++++++ --- /var/tmp/diff_new_pack.1RZqlc/_old 2017-09-07 22:12:20.906296197 +0200 +++ /var/tmp/diff_new_pack.1RZqlc/_new 2017-09-07 22:12:20.910295634 +0200 @@ -9,20 +9,21 @@ huffyuv # trivial+zlib jpegls libgsm +libmp3lame libopenjpeg libopus libschroedinger libspeex libtheora +libtwolame libvorbis libvpx_vp8 libvpx_vp9 libwebp libwebp_anim -mjpeg -mp1 +mjpeg # mjpegtools mp2 # twolame -mp3 # lame +mp2fixed # twolame pam pbm pcm_alaw ++++++ ffmpeg-2.8.12.tar.xz -> ffmpeg-2.8.13.tar.xz ++++++ /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg-2.8.12.tar.xz /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg-2.8.13.tar.xz differ: char 26, line 1
