Hello community, here is the log from the commit of package libvpx for openSUSE:Factory checked in at 2020-01-12 23:18:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvpx (Old) and /work/SRC/openSUSE:Factory/.libvpx.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvpx" Sun Jan 12 23:18:20 2020 rev:41 rq:762837 version:1.8.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libvpx/libvpx.changes 2019-07-29 17:23:00.450377369 +0200 +++ /work/SRC/openSUSE:Factory/.libvpx.new.6675/libvpx.changes 2020-01-12 23:19:07.106699279 +0100 @@ -1,0 +2,16 @@ +Fri Jan 10 10:35:38 UTC 2020 - Adrian Schröter <[email protected]> + +- Update to version 1.8.2: + Fixes: + - CVE-2019-2126 bsc#1160611: double free in ParseContentEncodingEntry() + - CVE-2019-9325 bsc#1160612: out-of-bounds read + - CVE-2019-9232 bsc#1160613: Fix OOB memory access on fuzzed data + - CVE-2019-9433 bsc#1160614: use-after-free in vp8_deblock() + - CVE-2019-9371 bsc#1160615: resource exhaustion after memory leak + + official changelog: + * This release collects incremental improvements to many aspects of the library. + * Upgrading: + ARCH_* defines have been removed in favor of VPX_ARCH_*. + +------------------------------------------------------------------- Old: ---- libvpx-1.8.1.obscpio New: ---- libvpx-1.8.2.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvpx.spec ++++++ --- /var/tmp/diff_new_pack.yrrKuS/_old 2020-01-12 23:19:08.430699769 +0100 +++ /var/tmp/diff_new_pack.yrrKuS/_new 2020-01-12 23:19:08.434699770 +0100 @@ -1,7 +1,7 @@ # # spec file for package libvpx # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,12 +18,12 @@ %define sover 6 Name: libvpx -Version: 1.8.1 +Version: 1.8.2 Release: 0 Summary: VP8/VP9 codec library License: BSD-3-Clause AND GPL-2.0-or-later Group: Productivity/Multimedia/Other -Url: http://www.webmproject.org/ +URL: http://www.webmproject.org/ Source0: libvpx-%{version}.tar.xz Source1000: baselibs.conf Patch1: libvpx-define-config_pic.patch ++++++ _service ++++++ --- /var/tmp/diff_new_pack.yrrKuS/_old 2020-01-12 23:19:08.450699776 +0100 +++ /var/tmp/diff_new_pack.yrrKuS/_new 2020-01-12 23:19:08.450699776 +0100 @@ -2,8 +2,8 @@ <service name="obs_scm" mode="disabled"> <param name="url">https://github.com/webmproject/libvpx.git</param> <param name="scm">git</param> - <param name="version">1.8.1</param> - <param name="revision">v1.8.1</param> + <param name="version">1.8.2</param> + <param name="revision">v1.8.2</param> </service> <service mode="disabled" name="set_version" /> ++++++ libvpx-1.8.1.obscpio -> libvpx-1.8.2.obscpio ++++++ /work/SRC/openSUSE:Factory/libvpx/libvpx-1.8.1.obscpio /work/SRC/openSUSE:Factory/.libvpx.new.6675/libvpx-1.8.2.obscpio differ: char 28, line 1 ++++++ libvpx.obsinfo ++++++ --- /var/tmp/diff_new_pack.yrrKuS/_old 2020-01-12 23:19:08.482699787 +0100 +++ /var/tmp/diff_new_pack.yrrKuS/_new 2020-01-12 23:19:08.486699789 +0100 @@ -1,5 +1,5 @@ name: libvpx -version: 1.8.1 -mtime: 1563227733 -commit: 8ae686757b708cd8df1d10c71586aff5355cfe1e +version: 1.8.2 +mtime: 1575932960 +commit: 7ec7a33a081aeeb53fed1a8d87e4cbd189152527
