Hello community, here is the log from the commit of package ffmpeg-4 for openSUSE:Factory checked in at 2020-05-13 22:55:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-4 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-4.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-4" Wed May 13 22:55:09 2020 rev:27 rq:802662 version:4.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-4/ffmpeg-4.changes 2020-04-07 10:24:16.766026475 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg-4.new.2738/ffmpeg-4.changes 2020-05-13 22:55:10.462902711 +0200 @@ -1,0 +2,16 @@ +Mon May 11 09:40:09 UTC 2020 - Jan Engelhardt <[email protected]> + +- Throw out v4l2 m2m. This is likely the same case as boo#1041794. + +------------------------------------------------------------------- +Thu Apr 30 18:00:28 UTC 2020 - Matwey Kornilov <[email protected]> + +- Enable v4l2 m2m encoders and decoders + +------------------------------------------------------------------- +Wed Apr 29 12:16:11 UTC 2020 - Jan Engelhardt <[email protected]> + +- Add 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch + [boo#1170767] + +------------------------------------------------------------------- New: ---- 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-4.spec ++++++ --- /var/tmp/diff_new_pack.Y4gstl/_old 2020-05-13 22:55:11.254904256 +0200 +++ /var/tmp/diff_new_pack.Y4gstl/_new 2020-05-13 22:55:11.258904264 +0200 @@ -118,6 +118,7 @@ Patch7: ffmpeg4_swscale_replace_illegal_vector_keyword.patch Patch8: ffmpeg4_swscale_fix_altivec_vsx_recent_gcc.patch Patch9: 929e5159bc13da374b83f5627879c607acce180b.patch +Patch10: 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel ++++++ 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch ++++++ >From 1812352d767ccf5431aa440123e2e260a4db2726 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Sat, 7 Mar 2020 15:42:58 +0100 Subject: [PATCH] avcodec/cbs_jpeg: Check length for SOS Fixes: out of array access Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584 Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/cbs_jpeg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c index 6bbce5f89b..89512a26bb 100644 --- a/libavcodec/cbs_jpeg.c +++ b/libavcodec/cbs_jpeg.c @@ -197,6 +197,9 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx, if (marker == JPEG_MARKER_SOS) { length = AV_RB16(frag->data + start); + if (length > end - start) + return AVERROR_INVALIDDATA; + data_ref = NULL; data = av_malloc(end - start + AV_INPUT_BUFFER_PADDING_SIZE); -- 2.26.2 ++++++ enable_decoders ++++++ --- /var/tmp/diff_new_pack.Y4gstl/_old 2020-05-13 22:55:11.338904420 +0200 +++ /var/tmp/diff_new_pack.Y4gstl/_new 2020-05-13 22:55:11.338904420 +0200 @@ -30,15 +30,15 @@ libvpx_vp8 # libvpx libvpx_vp9 # libvpx mjpeg # mjpegtools -mpeg1video -mpeg2video -#mpeg4 mp1 # twolame/lame mp1float # twolame/lame mp2 # twolame mp2float # twolame mp3 # lame mp3float # lame +mpeg1video +mpeg2video +#mpeg4 opus # libopus pam # trivial pbm # trivial @@ -99,6 +99,7 @@ vp9 # libvpx webp # libwebp webvtt # trivial +wrapped_avframe # passthrough xbm # trivial xwd # xwd y41p # trivial ++++++ enable_encoders ++++++ --- /var/tmp/diff_new_pack.Y4gstl/_old 2020-05-13 22:55:11.362904467 +0200 +++ /var/tmp/diff_new_pack.Y4gstl/_new 2020-05-13 22:55:11.366904475 +0200 @@ -27,10 +27,10 @@ libwebp libwebp_anim mjpeg # mjpegtools -mpeg1video -mpeg2video mp2 # twolame mp2fixed # twolame +mpeg1video +mpeg2video opus # opus pam pbm # trivial @@ -78,6 +78,7 @@ v410 # trivial vorbis # libvorbis webvtt # trivial +wrapped_avframe # passthrough xbm # (X11) xwd # xwd y41p # trivial
