Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2016-09-30 15:24:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg2" Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-08-26 23:15:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2016-09-30 15:24:43.000000000 +0200 @@ -1,0 +2,21 @@ +Tue Sep 27 16:05:27 UTC 2016 - [email protected] + +- Update to new maintenance release 2.8.8 +* avformat/oggparsevp8: fix pts calculation on pages ending with an invisible frame +* avcodec/mjpegdec: Do not try to detect last scan but apply idct after all scans for progressive jpeg +* avformat/oggparseopus: Check that granule pos is within the supported range +* avformat/utils: Check bps before using it in a shift in ff_get_pcm_codec_id() +* ffmpeg: Check that r_frame_rate is set before attempting to use it +* avformat/utils: Do not compute the bitrate from duration == 0 +* avformat/utils: Check negative bps before shifting in ff_get_pcm_codec_id() +* avformat/avidec: Detect index with too short entries +* avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and libavformat/utils.c +* avformat/allformats: Making av_register_all() thread-safe. +* avcodec/vp9_parser: Check the input frame sizes for being consistent +* avformat/oggdec: Fix integer overflow with invalid pts +* avcodec/ffv1enc: Fix assertion failure with non zero bits per sample +* avcodec/diracdec: Check numx/y +* avformat/avidec: Fix infinite loop in avi_read_nikon() +- Add 0001-avcodec-exr-Check-tile-positions.patch [bnc#998636] + +------------------------------------------------------------------- Old: ---- ffmpeg-2.8.7.tar.xz ffmpeg-2.8.7.tar.xz.asc New: ---- 0001-avcodec-exr-Check-tile-positions.patch ffmpeg-2.8.8.tar.xz ffmpeg-2.8.8.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg2.spec ++++++ --- /var/tmp/diff_new_pack.rMdrHU/_old 2016-09-30 15:24:45.000000000 +0200 +++ /var/tmp/diff_new_pack.rMdrHU/_new 2016-09-30 15:24:45.000000000 +0200 @@ -32,7 +32,7 @@ %bcond_without webp Name: ffmpeg2 -Version: 2.8.7 +Version: 2.8.8 Release: 0 Summary: Library for working with various multimedia formats License: LGPL-2.1+ and GPL-2.0+ @@ -54,6 +54,7 @@ Patch3: ffmpeg-pkgconfig-version.patch Patch4: ffmpeg-new-coder-errors.diff Patch5: ffmpeg-codec-choice.diff +Patch6: 0001-avcodec-exr-Check-tile-positions.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: pkg-config @@ -271,7 +272,7 @@ %prep %setup -qn ffmpeg-%version -%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1 %build perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c ++++++ 0001-avcodec-exr-Check-tile-positions.patch ++++++ >From 01aee8148d4fa439cce678a11f5110656c98de1f* Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Wed, 17 Aug 2016 21:22:29 +0200 Subject: [PATCH] avcodec/exr: Check tile positions X-Desc: Backport attempt to 2.8.8 by [email protected] References: CVE-2016-6920 References: https://bugzilla.suse.com/show_bug.cgi?id=998636 This also disabled the case of mixed x/ymin with tiles, the code handles these cases inconsistent for the 2 coordinate axis and is unlikely working correctly. Fixes crash Fixes: poc1.exr, poc2.exr Found-by: Yaoguang Chen of Aliapy unLimit Security Team Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/exr.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) Index: ffmpeg-2.8.8/libavcodec/exr.c =================================================================== --- ffmpeg-2.8.8.orig/libavcodec/exr.c +++ ffmpeg-2.8.8/libavcodec/exr.c @@ -836,7 +836,8 @@ static int decode_block(AVCodecContext * uint32_t xdelta = s->xdelta; uint16_t *ptr_x; uint8_t *ptr; - uint32_t data_size, line; + uint32_t data_size; + uint64_t line, col = 0; const uint8_t *src; int axmax = (avctx->width - (s->xmax + 1)) * 2 * s->desc->nb_components; int bxmin = s->xmin * 2 * s->desc->nb_components; @@ -849,9 +850,15 @@ static int decode_block(AVCodecContext * if (line_offset > buf_size - 8) return AVERROR_INVALIDDATA; + if (s->xmin || s->ymin) { + avpriv_report_missing_feature(s->avctx, "Tiles with xmin/ymin"); + return AVERROR_PATCHWELCOME; + } + src = buf + line_offset + 8; line = AV_RL32(src - 8); - if (line < s->ymin || line > s->ymax) + if (line < s->ymin || line > s->ymax || + col < s->xmin || col > s->xmax) return AVERROR_INVALIDDATA; data_size = AV_RL32(src - 4); ++++++ ffmpeg-2.8.7.tar.xz -> ffmpeg-2.8.8.tar.xz ++++++ /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg-2.8.7.tar.xz /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg-2.8.8.tar.xz differ: char 26, line 1
