commit ffmpeg2 for openSUSE:Factory
Hello community,
here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked
in at 2017-09-13 21:37:02
Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New)
Package is "ffmpeg2"
Wed Sep 13 21:37:02 2017 rev:12 rq:523675 version:2.8.13
Changes:
--- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-09-07
22:12:17.858725709 +0200
+++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-09-13
21:37:14.111943970 +0200
@@ -1,0 +2,8 @@
+Tue Sep 12 11:05:31 UTC 2017 - jeng...@inai.de
+
+- Add patches 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch
+ [CVE-2017-14223] [boo#1058019],
+ 0001-avformat-mov-Fix-DoS-in-read_tfra.patch
+ [CVE-2017-14222] [boo#1058020]
+
+---
@@ -21,0 +30,2 @@
+ * avutil/pixdesc: av_color_primaries_name NULL deref fixed
+[CVE-2017-14225] [boo#1058018]
New:
0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch
0001-avformat-mov-Fix-DoS-in-read_tfra.patch
Other differences:
--
++ ffmpeg2.spec ++
--- /var/tmp/diff_new_pack.NWVc6C/_old 2017-09-13 21:37:14.999819046 +0200
+++ /var/tmp/diff_new_pack.NWVc6C/_new 2017-09-13 21:37:14.999819046 +0200
@@ -48,6 +48,8 @@
Patch4: ffmpeg-new-coder-errors.diff
Patch5: ffmpeg-codec-choice.diff
Patch6: 0001-avcodec-exr-Check-tile-positions.patch
+Patch7: 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch
+Patch8: 0001-avformat-mov-Fix-DoS-in-read_tfra.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel
@@ -273,7 +275,7 @@
%prep
%setup -qn ffmpeg-%version
-%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1
+%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -P 7 -P 8 -p1
%build
perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c
++ 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch ++
>From b61e5a878c845b8bee1267fdb75c293feb00ae0d Mon Sep 17 00:00:00 2001
From: Michael Niedermayer
Date: Tue, 5 Sep 2017 00:16:29 +0200
Subject: [PATCH] avformat/asfdec: Fix DoS in asf_build_simple_index()
Fixes: Missing EOF check in loop
No testcase
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer
(cherry picked from commit afc9c683ed9db01edb357bc8c19edad4282b3a97)
Signed-off-by: Michael Niedermayer
---
libavformat/asfdec_f.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index f3acbae280..cc648b9a2f 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -1610,6 +1610,11 @@ static int asf_build_simple_index(AVFormatContext *s,
int stream_index)
int64_t pos = s->internal->data_offset + s->packet_size *
(int64_t)pktnum;
int64_t index_pts = FFMAX(av_rescale(itime, i, 1) -
asf->hdr.preroll, 0);
+if (avio_feof(s->pb)) {
+ret = AVERROR_INVALIDDATA;
+goto end;
+}
+
if (pos != last_pos) {
av_log(s, AV_LOG_DEBUG, "pktnum:%d, pktct:%d pts:
%"PRId64"\n",
pktnum, pktct, index_pts);
--
2.14.1
++ 0001-avformat-mov-Fix-DoS-in-read_tfra.patch ++
>From d9cf9f5af82228b588828ae2692acccec588fdac Mon Sep 17 00:00:00 2001
From: Michael Niedermayer
Date: Tue, 5 Sep 2017 00:16:29 +0200
Subject: [PATCH] avformat/mov: Fix DoS in read_tfra()
Fixes: Missing EOF check in loop
No testcase
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9cb4eb772839c5e1de2855d126bf74ff16d13382)
Signed-off-by: Michael Niedermayer
---
libavformat/mov.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 6b1cee8d6c..90b068f091 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5873,6 +5873,13 @@ static int read_tfra(MOVContext *mov, AVIOContext *f)
}
for (i = 0; i < index->item_count; i++) {
int64_t time, offset;
+
+if (avio_feof(f)) {
+index->item_count = 0;
+av_freep(&index->items);
+return AVERROR_INVALIDDATA;
+}
+
if (version == 1) {
time = avio_rb64(f);
offset = avio_rb64(f);
--
2.14.1
commit ffmpeg2 for openSUSE:Factory
Hello community,
here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked
in at 2017-09-07 22:12:01
Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New)
Package is "ffmpeg2"
Thu Sep 7 22:12:01 2017 rev:11 rq:521947 version:2.8.13
Changes:
--- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-08-29
11:42:24.722437366 +0200
+++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-09-07
22:12:17.858725709 +0200
@@ -1,0 +2,27 @@
+Mon Sep 4 20:12:29 UTC 2017 - jeng...@inai.de
+
+- Update to new bugfix release 2.8.13
+ * avformat/hls: Fix DoS due to infinite loop
+[CVE-2017-14058] [boo#1056762]
+ * avformat/asfdec: Fix DoS due to lack of eof check
+[CVE-2017-14057] [boo#1056761]
+ * avformat/cinedec: Fix DoS due to lack of eof check
+[CVE-2017-14059] [boo#1056763]
+ * avformat/rl2: Fix DoS due to lack of eof check
+(code not enabled in openSUSE, though in packman)
+[CVE-2017-14056] [boo#1056760]
+ * avformat/mvdec: Fix DoS due to lack of eof check
+[CVE-2017-14055] [boo#1056766]
+ * avformat/mxfdec: Fix Sign error in mxf_read_primer_pack
+[CVE-2017-14169] [boo#1057536]
+ * avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array
+[CVE-2017-14170] [boo#1057537]
+ * avformat/nsvdec: Fix DoS due to lack of eof check in
+nsvs_file_offset loop. [CVE-2017-14171] [boo#1057539]
+
+---
+Sat Aug 26 14:56:55 UTC 2017 - jeng...@inai.de
+
+- Unconditionalize celt, ass, openjpeg, webp, libva, vdpau.
+
+---
Old:
ffmpeg-2.8.12.tar.xz
ffmpeg-2.8.12.tar.xz.asc
New:
ffmpeg-2.8.13.tar.xz
ffmpeg-2.8.13.tar.xz.asc
Other differences:
--
++ ffmpeg2.spec ++
--- /var/tmp/diff_new_pack.1RZqlc/_old 2017-09-07 22:12:20.786313107 +0200
+++ /var/tmp/diff_new_pack.1RZqlc/_new 2017-09-07 22:12:20.786313107 +0200
@@ -23,15 +23,9 @@
%bcond_withx265
%bcond_withxvid
%bcond_withopencore
-%bcond_without celt
-%bcond_without libass
-%bcond_without libva
-%bcond_without openjpeg
-%bcond_without vdpau
-%bcond_without webp
Name: ffmpeg2
-Version:2.8.12
+Version:2.8.13
Release:0
Summary:Library for working with various multimedia formats
License:LGPL-2.1+ and GPL-2.0+
@@ -56,39 +50,29 @@
Patch6: 0001-avcodec-exr-Check-tile-positions.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
+BuildRequires: libmp3lame-devel
BuildRequires: pkg-config
BuildRequires: yasm
BuildRequires: pkgconfig(alsa)
BuildRequires: pkgconfig(bzip2)
-%if %{with celt}
BuildRequires: pkgconfig(celt) >= 0.11.0
-%endif
-BuildRequires: libmp3lame-devel
BuildRequires: pkgconfig(enca)
BuildRequires: pkgconfig(fontconfig) >= 2.4.2
BuildRequires: pkgconfig(freetype2)
BuildRequires: pkgconfig(fribidi) >= 0.19.0
BuildRequires: pkgconfig(gnutls)
BuildRequires: pkgconfig(jack)
-%if %{with libass}
BuildRequires: pkgconfig(libass)
-%endif
BuildRequires: pkgconfig(libbluray)
BuildRequires: pkgconfig(libcdio)
BuildRequires: pkgconfig(libcdio_paranoia)
BuildRequires: pkgconfig(libdc1394-2)
BuildRequires: pkgconfig(liboil-0.3) >= 0.3.15
-%if %{with openjpeg}
BuildRequires: pkgconfig(libopenjpeg)
-%endif
BuildRequires: pkgconfig(libpulse)
BuildRequires: pkgconfig(libraw1394)
-%if %{with libva}
BuildRequires: pkgconfig(libva) >= 0.35.0
-%endif
-%if %{with webp}
BuildRequires: pkgconfig(libwebp) >= 0.4
-%endif
BuildRequires: pkgconfig(ogg)
BuildRequires: pkgconfig(opus)
BuildRequires: pkgconfig(schroedinger-1.0)
@@ -96,9 +80,7 @@
BuildRequires: pkgconfig(speex)
BuildRequires: pkgconfig(theora) >= 1.1
BuildRequires: pkgconfig(twolame)
-%if %{with vdpau}
BuildRequires: pkgconfig(vdpau)
-%endif
BuildRequires: pkgconfig(vorbis)
BuildRequires: pkgconfig(vpx) >= 1.3.0
BuildRequires: pkgconfig(x11)
@@ -311,20 +293,14 @@
--enable-libcdio \
--enable-gnutls \
--enable-ladspa \
-%if %{with libass}
--enable-libass \
-%endif
--enable-libbluray \
-%if %{with celt}
--enable-libcelt \
-%endif
--enable-libcdio \
--enable-libdc1394 \
--enable-libfreetype \
--enable-libgsm \
-%if %{with openjpeg}
--enable-libopenjpeg \
-%endif
--enable-libopus \
--enable-libpulse \
--enable-libschroedinger \
@@ -332,17 +308,11 @@
--enable-libtheora \
--enable-libvorbis \
--enable-libvpx \
-%if %{with webp}
--enable-libwebp \
-%endif
--enable-pic \
--enable-pthreads \
-%if %{wit
commit ffmpeg2 for openSUSE:Factory
Hello community,
here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked
in at 2017-08-29 11:42:22
Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New)
Package is "ffmpeg2"
Tue Aug 29 11:42:22 2017 rev:10 rq:518724 version:2.8.12
Changes:
--- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-06-29
15:16:47.362854841 +0200
+++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-08-29
11:42:24.722437366 +0200
@@ -1,0 +2,5 @@
+Fri Aug 25 06:34:58 UTC 2017 - o...@aepfle.de
+
+- Build unconditionally with lame and twolame
+
+---
Other differences:
--
++ ffmpeg2.spec ++
--- /var/tmp/diff_new_pack.R5DHr9/_old 2017-08-29 11:42:26.142237205 +0200
+++ /var/tmp/diff_new_pack.R5DHr9/_new 2017-08-29 11:42:26.146236641 +0200
@@ -17,9 +17,7 @@
%bcond_withfdk_aac
-%bcond_withlame
%bcond_withlibrtmp
-%bcond_withtwolame
%bcond_withvo_aacenc
%bcond_withx264
%bcond_withx265
@@ -65,6 +63,7 @@
%if %{with celt}
BuildRequires: pkgconfig(celt) >= 0.11.0
%endif
+BuildRequires: libmp3lame-devel
BuildRequires: pkgconfig(enca)
BuildRequires: pkgconfig(fontconfig) >= 2.4.2
BuildRequires: pkgconfig(freetype2)
@@ -96,6 +95,7 @@
BuildRequires: pkgconfig(sdl)
BuildRequires: pkgconfig(speex)
BuildRequires: pkgconfig(theora) >= 1.1
+BuildRequires: pkgconfig(twolame)
%if %{with vdpau}
BuildRequires: pkgconfig(vdpau)
%endif
@@ -117,18 +117,12 @@
%if %{with librtmp}
BuildRequires: pkgconfig(librtmp)
%endif
-%if %{with lame}
-BuildRequires: libmp3lame-devel
-%endif
%if %{with xvid}
BuildRequires: libxvidcore-devel
%endif
%if %{with opencore}
BuildRequires: pkgconfig(opencore-amrnb)
%endif
-%if %{with twolame}
-BuildRequires: pkgconfig(twolame)
-%endif
%if %{with x264}
BuildRequires: pkgconfig(x264)
%endif
@@ -353,17 +347,13 @@
%if %{with fdk_aac}
--enable-libfdk_aac --enable-nonfree \
%endif
-%if %{with lame}
--enable-libmp3lame \
-%endif
%if %{with opencore}
--enable-libopencore-amrnb \
--enable-libopencore-amrwb \
--enable-version3 \
%endif
-%if %{with twolame}
--enable-libtwolame \
-%endif
%if %{with x264}
--enable-libx264 \
%endif
++ enable_decoders ++
--- /var/tmp/diff_new_pack.R5DHr9/_old 2017-08-29 11:42:26.202228748 +0200
+++ /var/tmp/diff_new_pack.R5DHr9/_new 2017-08-29 11:42:26.210227620 +0200
@@ -26,7 +26,9 @@
#mpeg1video # libav
#mpeg2video # libav
#mpeg4 # libav
-mp3 # ffmpeg(3.x)
+mp1
+mp2 # twolame
+mp3 # lame
opus # libopus
pam # trivial
pbm # trivial
++ enable_encoders ++
--- /var/tmp/diff_new_pack.R5DHr9/_old 2017-08-29 11:42:26.266219726 +0200
+++ /var/tmp/diff_new_pack.R5DHr9/_new 2017-08-29 11:42:26.270219162 +0200
@@ -20,6 +20,9 @@
libwebp
libwebp_anim
mjpeg
+mp1
+mp2 # twolame
+mp3 # lame
pam
pbm
pcm_alaw
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-06-29 15:16:36 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Thu Jun 29 15:16:36 2017 rev:9 rq:506789 version:2.8.12 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-06-21 13:51:30.043535624 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-06-29 15:16:47.362854841 +0200 @@ -6 +6 @@ -full details. +full details. bsc#1046211 Other differences: --
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-06-21 13:51:27 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Wed Jun 21 13:51:27 2017 rev:8 rq:504602 version:2.8.12 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-04-30 21:10:21.499235512 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-06-21 13:51:30.043535624 +0200 @@ -1,0 +2,7 @@ +Mon Jun 19 10:12:22 UTC 2017 - idon...@suse.com + +- Update to new upstream release 2.8.12 + * Lots of integer overflow fixes, see the included Changelog for +full details. + +--- Old: ffmpeg-2.8.11.tar.xz ffmpeg-2.8.11.tar.xz.asc New: ffmpeg-2.8.12.tar.xz ffmpeg-2.8.12.tar.xz.asc Other differences: -- ++ ffmpeg2.spec ++ --- /var/tmp/diff_new_pack.9jKm5f/_old 2017-06-21 13:51:31.475333654 +0200 +++ /var/tmp/diff_new_pack.9jKm5f/_new 2017-06-21 13:51:31.479333090 +0200 @@ -33,7 +33,7 @@ %bcond_without webp Name: ffmpeg2 -Version:2.8.11 +Version:2.8.12 Release:0 Summary:Library for working with various multimedia formats License:LGPL-2.1+ and GPL-2.0+ ++ ffmpeg-2.8.11.tar.xz -> ffmpeg-2.8.12.tar.xz ++ /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg-2.8.11.tar.xz /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg-2.8.12.tar.xz differ: char 26, line 1
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-04-30 21:10:19 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Sun Apr 30 21:10:19 2017 rev:7 rq:491052 version:2.8.11 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-04-17 10:21:08.854091389 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-04-30 21:10:21.499235512 +0200 @@ -1,0 +2,5 @@ +Tue Apr 18 15:41:45 UTC 2017 - jeng...@inai.de + +- Enable AC3 and MP3 decoding to match multimedia:libs/ffmpeg (3.x) + +--- @@ -14,0 +20,3 @@ + * resolved CVE-2016-9561 [boo#1015120], + CVE-2017-7863 [boo#1034179], CVE-2017-7865 [boo#1034177], + CVE-2017-7866 [boo#1034176] @@ -115,0 +124,2 @@ + * resolved CVE-2016-10190 [boo#1022920], + CVE-2016-10191 [boo#1022921], CVE-2016-10192 [boo#1022922] Other differences: -- ++ enable_decoders ++ --- /var/tmp/diff_new_pack.2VaTNF/_old 2017-04-30 21:10:22.607079333 +0200 +++ /var/tmp/diff_new_pack.2VaTNF/_new 2017-04-30 21:10:22.607079333 +0200 @@ -1,3 +1,4 @@ +ac3 # ffmpeg(3.x) ansi # trivial apng ass # trivial @@ -25,6 +26,7 @@ #mpeg1video # libav #mpeg2video # libav #mpeg4 # libav +mp3 # ffmpeg(3.x) opus # libopus pam # trivial pbm # trivial
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-04-17 10:21:04 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Mon Apr 17 10:21:04 2017 rev:6 rq:484299 version:2.8.11 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-03-13 15:27:35.396253095 +0100 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-04-17 10:21:08.854091389 +0200 @@ -1,0 +2,116 @@ +Sat Apr 1 07:37:40 UTC 2017 - jeng...@inai.de + +- Update to new upstream release 2.8.11 + * pgssubdec: reset rle_data_len/rle_remaining_len on allocation + error + * avformat/oggdec: Skip streams in duration correction that did + not had their duration set. + * avcodec/mpeg4videodec: Fix undefined shifts in + mpeg4_decode_sprite_trajectory() + * avformat/avidec: skip odml master index chunks in avi_sync + * avcodec/pngdec: Fix off by 1 size in decode_zbuf() + * lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr + * lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid + +--- +Sat Apr 1 06:33:50 UTC 2017 - davejpla...@gmail.com + +- Update to 2.8.10 to fix boo#1022920 VUL-0: CVE-2016-10190 +- Removed patches 0001-avcodec-ansi-Check-dimensions.patch, + 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch, + 0001-avformat-avidec-Remove-ancient-assert.patch and + 0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch. + They are incorporated in this version. +- Upstream changes: + * avformat/http: Match chunksize checks to master..3.0 + * Changelog: fix typos + * ffserver: Check chunk size + * Avoid using the term "file" and prefer "url" in some docs + and comments + * avformat/rtmppkt: Check for packet size mismatches + * zmqsend: Initialize ret to 0 + * configure: check for strtoull on msvc + * http: move chunk handling from http_read_stream() to + http_buf_read(). + * http: make length/offset-related variables unsigned. + * avcodec/flacdec: Fix undefined shift in decode_subframe() + * avcodec/get_bits: Fix get_sbits_long(0) + * avformat/ffmdec: Check media type for chunks + * avcodec/flacdec: Fix signed integer overflow in + decode_subframe_fixed() + * avcodec/flacdsp_template: Fix undefined shift in + flac_decorrelate_indep_c + * avformat/oggparsespeex: Check frames_per_packet and packet_size + * avformat/utils: Check start/end before computing duration in + update_stream_timings() + * avcodec/flac_parser: Update nb_headers_buffered + * avformat/idroqdec: Check chunk_size for being too large + * filmstripdec: correctly check image dimensions + * mss2: only use error correction for matching block counts + * softfloat: decrease MIN_EXP to cover full float range + * libopusdec: default to stereo for invalid number of channels + * sbgdec: prevent NULL pointer access + * smacker: limit recursion depth of smacker_decode_bigtree + * mxfdec: fix NULL pointer dereference in mxf_read_packet_old + * libschroedingerdec: fix leaking of framewithpts + * libschroedingerdec: don't produce empty frames + * softfloat: handle -INT_MAX correctly + * pnmdec: make sure v is capped by maxval + * smvjpegdec: make sure cur_frame is not negative + * icodec: correctly check avio_read return value + * icodec: fix leaking pkt on error + * dvbsubdec: fix division by zero in compute_default_clut + * proresdec_lgpl: explicitly check coff[3] against slice_data_size + * escape124: reject codebook size 0 + * mpegts: prevent division by zero + * matroskadec: fix NULL pointer dereference in + webm_dash_manifest_read_header + * mpegaudio_parser: don't return AVERROR_PATCHWELCOME + * mxfdec: fix NULL pointer dereference + * diracdec: check return code of get_buffer_with_edge + * ppc: pixblockdsp: do unaligned block accesses correctly again + * mpeg12dec: unref discarded picture from extradata + * cavsdec: unref frame before referencing again + * avformat: prevent triggering request_probe assert in ff_read_packet + * avformat/mpeg: Adjust vid probe threshold to correct mis-detection + * avcodec/rv40: Test remaining space in loop of get_dimension() + * avcodec/ituh263dec: Avoid spending a long time in slice sync + * avcodec/movtextdec: Add error message for tsmb_size check + * avcodec/movtextdec: Fix tsmb_size check==0 check + * avcodec/movtextdec: Fix potential integer overflow + * avcodec/sunrast: Fix input buffer pointer check + * avcodec/tscc: Check side data size before use + * avcodec/rawdec: Check side data size before use + * avcodec/msvideo1: Check side data size before use + * avcodec/qpeg: Check side data size before use + * avcodec/qtrle: Check side data size before use + * avcodec/msrle: Check side data size before use + * avcodec/kmvc: Check side data
commit ffmpeg2 for openSUSE:Factory
Hello community,
here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked
in at 2017-03-13 15:27:34
Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New)
Package is "ffmpeg2"
Mon Mar 13 15:27:34 2017 rev:5 rq:459650 version:2.8.8
Changes:
--- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-11-03
11:09:50.0 +0100
+++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-03-13
15:27:35.396253095 +0100
@@ -1,0 +2,5 @@
+Sat Feb 11 09:13:02 UTC 2017 - o...@aepfle.de
+
+- Make sure each subpkg comes from the same src.rpm
+
+---
Other differences:
--
++ ffmpeg2.spec ++
--- /var/tmp/diff_new_pack.psW368/_old 2017-03-13 15:27:36.684071075 +0100
+++ /var/tmp/diff_new_pack.psW368/_new 2017-03-13 15:27:36.688070510 +0100
@@ -156,6 +156,8 @@
%package -n libavcodec56
Summary:FFmpeg codec library
Group: System/Libraries
+Requires: libavutil54 = %version-%release
+Requires: libswresample1 = %version-%release
# For mozillas
Provides: libavcodec = %version-%release
%if 0%{?BUILD_ORIG}
@@ -176,6 +178,10 @@
%package -n libavdevice56
Summary:FFmpeg device library
Group: System/Libraries
+Requires: libavcodec56 = %version-%release
+Requires: libavfilter5 = %version-%release
+Requires: libavformat56 = %version-%release
+Requires: libavutil54 = %version-%release
%description -n libavdevice56
The libavdevice library provides a generic framework for grabbing from
@@ -186,6 +192,13 @@
%package -n libavfilter5
Summary:FFmpeg audio and video filtering library
Group: System/Libraries
+Requires: libavcodec56 = %version-%release
+Requires: libavformat56 = %version-%release
+Requires: libavresample2 = %version-%release
+Requires: libavutil54 = %version-%release
+Requires: libpostproc53 = %version-%release
+Requires: libswresample1 = %version-%release
+Requires: libswscale3 = %version-%release
%description -n libavfilter5
The libavfilter library provides a generic audio/video filtering
@@ -194,6 +207,8 @@
%package -n libavformat56
Summary:FFmpeg's stream format library
Group: System/Libraries
+Requires: libavcodec56 = %version-%release
+Requires: libavutil54 = %version-%release
%description -n libavformat56
The libavformat library provides a generic framework for multiplexing
@@ -208,6 +223,7 @@
%package -n libavresample2
Summary:FFmpeg alternate audio resampling library
Group: System/Libraries
+Requires: libavutil54 = %version-%release
%description -n libavresample2
An audio resampling library that is being provided for drop-in
@@ -229,6 +245,7 @@
%package -n libpostproc53
Summary:FFmpeg post-processing library
Group: System/Libraries
+Requires: libavutil54 = %version-%release
%description -n libpostproc53
A library with video postprocessing filters, such as deblocking and
@@ -238,6 +255,7 @@
%package -n libswresample1
Summary:FFmpeg software resampling library
Group: System/Libraries
+Requires: libavutil54 = %version-%release
%description -n libswresample1
The libswresample library performs audio conversion between different
@@ -246,6 +264,7 @@
%package -n libswscale3
Summary:FFmpeg image scaling and colorspace/pixel conversion library
Group: System/Libraries
+Requires: libavutil54 = %version-%release
%description -n libswscale3
The libswscale library performs image scaling and colorspace and
commit ffmpeg2 for openSUSE:Factory
Hello community,
here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked
in at 2016-11-03 11:09:49
Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New)
Package is "ffmpeg2"
Changes:
--- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-10-14
09:05:32.0 +0200
+++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2016-11-03
11:09:50.0 +0100
@@ -1,0 +2,5 @@
+Fri Oct 28 17:58:28 UTC 2016 - o...@aepfle.de
+
+- Enable libfdk_aac if it is available at buildtime
+
+---
Other differences:
--
++ ffmpeg2.spec ++
--- /var/tmp/diff_new_pack.kg5XB0/_old 2016-11-03 11:09:51.0 +0100
+++ /var/tmp/diff_new_pack.kg5XB0/_new 2016-11-03 11:09:51.0 +0100
@@ -16,6 +16,7 @@
#
+%bcond_withfdk_aac
%bcond_withlame
%bcond_withlibrtmp
%bcond_withtwolame
@@ -114,6 +115,9 @@
BuildRequires: pkgconfig(xfixes)
BuildRequires: pkgconfig(zlib)
%if 0%{?BUILD_ORIG}
+%if %{with fdk_aac}
+BuildRequires: pkgconfig(fdk-aac)
+%endif
%if %{with librtmp}
BuildRequires: pkgconfig(librtmp)
%endif
@@ -331,6 +335,9 @@
--enable-vdpau \
%endif
%if 0%{?BUILD_ORIG}
+%if %{with fdk_aac}
+ --enable-libfdk_aac --enable-nonfree \
+%endif
%if %{with lame}
--enable-libmp3lame \
%endif
commit ffmpeg2 for openSUSE:Factory
Hello community,
here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked
in at 2016-10-14 09:05:32
Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New)
Package is "ffmpeg2"
Changes:
--- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-09-30
15:24:43.0 +0200
+++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2016-10-14
09:05:32.0 +0200
@@ -1,0 +2,17 @@
+Sat Oct 8 17:44:47 UTC 2016 - jeng...@inai.de
+
+- Add 0001-avcodec-ansi-Check-dimensions.patch,
+ 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch
+ 0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch
+ 0001-avformat-avidec-Remove-ancient-assert.patch [boo#1003806]
+
+---
+Wed Sep 28 18:42:19 UTC 2016 - dims...@opensuse.org
+
+- Have libavcodec56 additionally provide libavcodec56(unrestricted)
+ when building unrestricted: allow third party packages to require
+ the unrestricted codec. The existing -full provides is not
+ suitable as it can be provided by multiple libavcodec* packages,
+ whereas we require a specific ABI version.
+
+---
New:
0001-avcodec-ansi-Check-dimensions.patch
0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch
0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch
0001-avformat-avidec-Remove-ancient-assert.patch
Other differences:
--
++ ffmpeg2.spec ++
--- /var/tmp/diff_new_pack.NDibJS/_old 2016-10-14 09:05:34.0 +0200
+++ /var/tmp/diff_new_pack.NDibJS/_new 2016-10-14 09:05:34.0 +0200
@@ -55,6 +55,10 @@
Patch4: ffmpeg-new-coder-errors.diff
Patch5: ffmpeg-codec-choice.diff
Patch6: 0001-avcodec-exr-Check-tile-positions.patch
+Patch7: 0001-avcodec-ansi-Check-dimensions.patch
+Patch8: 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch
+Patch9: 0001-avformat-avidec-Remove-ancient-assert.patch
+Patch10:0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
BuildRequires: pkg-config
@@ -152,6 +156,8 @@
Provides: libavcodec = %version-%release
%if 0%{?BUILD_ORIG}
Provides: libavcodec-full = %version-%release
+# This can be required by packages likes vlc-codecs - following the shlib name
to not get random lib providers
+Provides: libavcodec56(unrestricted)
%endif
%description -n libavcodec56
@@ -272,7 +278,7 @@
%prep
%setup -qn ffmpeg-%version
-%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1
+%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -P 7 -P 8 -P 9 -P 10 -p1
%build
perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c
++ 0001-avcodec-ansi-Check-dimensions.patch ++
>From ab737ab31d4f126ed5a13a6a0498824141925108 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer
Date: Mon, 26 Sep 2016 20:25:59 +0200
Subject: [PATCH] avcodec/ansi: Check dimensions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes: 1.avi
Found-by: 连一汉
Signed-off-by: Michael Niedermayer
(cherry picked from commit 69449da436169e7facaa6d1f3bcbc41cf6ce2754)
Signed-off-by: Michael Niedermayer
---
libavcodec/ansi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/ansi.c b/libavcodec/ansi.c
index 21d5ae1..98ea9e3 100644
--- a/libavcodec/ansi.c
+++ b/libavcodec/ansi.c
@@ -94,6 +94,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
int ret = ff_set_dimensions(avctx, 80 << 3, 25 << 4);
if (ret < 0)
return ret;
+} else if (avctx->width % FONT_WIDTH || avctx->height % s->font_height) {
+av_log(avctx, AV_LOG_ERROR, "Invalid dimensions %d %d\n",
avctx->width, avctx->height);
+return AVERROR(EINVAL);
}
return 0;
}
--
2.6.6
++ 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch ++
>From 69b00a7fb6faa1b19b5687a5762ff4f94d5ff9aa Mon Sep 17 00:00:00 2001
From: Michael Niedermayer
Date: Mon, 19 Sep 2016 15:25:38 +0200
Subject: [PATCH] avcodec/cavsdsp: use av_clip_uint8() for idct
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes out of array read
Fixes: 1.swf
Found-by: 连一汉
Tested-by: 连一汉
Signed-off-by: Michael Niedermayer
(cherry picked from commit 0e318f110bcd6bb8e7de9127f2747272e60f48d7)
Signed-off-by: Michael Niedermayer
---
libavcodec/cavsdsp.c | 17 -
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/libavcodec/cavsdsp.c b/libavcodec/cavsdsp.c
index 91f6d73..df9490a 100644
--- a/libavcodec/cavsdsp.c
+++ b/libavcodec/cavsdsp.c
@@ -188,7 +188,6 @@ static void cavs
commit ffmpeg2 for openSUSE:Factory
Hello community,
here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked
in at 2016-09-30 15:24:30
Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New)
Package is "ffmpeg2"
Changes:
--- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-08-26
23:15:58.0 +0200
+++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2016-09-30
15:24:43.0 +0200
@@ -1,0 +2,21 @@
+Tue Sep 27 16:05:27 UTC 2016 - jeng...@inai.de
+
+- Update to new maintenance release 2.8.8
+* avformat/oggparsevp8: fix pts calculation on pages ending with an invisible
frame
+* avcodec/mjpegdec: Do not try to detect last scan but apply idct after all
scans for progressive jpeg
+* avformat/oggparseopus: Check that granule pos is within the supported range
+* avformat/utils: Check bps before using it in a shift in ff_get_pcm_codec_id()
+* ffmpeg: Check that r_frame_rate is set before attempting to use it
+* avformat/utils: Do not compute the bitrate from duration == 0
+* avformat/utils: Check negative bps before shifting in ff_get_pcm_codec_id()
+* avformat/avidec: Detect index with too short entries
+* avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and
libavformat/utils.c
+* avformat/allformats: Making av_register_all() thread-safe.
+* avcodec/vp9_parser: Check the input frame sizes for being consistent
+* avformat/oggdec: Fix integer overflow with invalid pts
+* avcodec/ffv1enc: Fix assertion failure with non zero bits per sample
+* avcodec/diracdec: Check numx/y
+* avformat/avidec: Fix infinite loop in avi_read_nikon()
+- Add 0001-avcodec-exr-Check-tile-positions.patch [bnc#998636]
+
+---
Old:
ffmpeg-2.8.7.tar.xz
ffmpeg-2.8.7.tar.xz.asc
New:
0001-avcodec-exr-Check-tile-positions.patch
ffmpeg-2.8.8.tar.xz
ffmpeg-2.8.8.tar.xz.asc
Other differences:
--
++ ffmpeg2.spec ++
--- /var/tmp/diff_new_pack.rMdrHU/_old 2016-09-30 15:24:45.0 +0200
+++ /var/tmp/diff_new_pack.rMdrHU/_new 2016-09-30 15:24:45.0 +0200
@@ -32,7 +32,7 @@
%bcond_without webp
Name: ffmpeg2
-Version:2.8.7
+Version:2.8.8
Release:0
Summary:Library for working with various multimedia formats
License:LGPL-2.1+ and GPL-2.0+
@@ -54,6 +54,7 @@
Patch3: ffmpeg-pkgconfig-version.patch
Patch4: ffmpeg-new-coder-errors.diff
Patch5: ffmpeg-codec-choice.diff
+Patch6: 0001-avcodec-exr-Check-tile-positions.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
BuildRequires: pkg-config
@@ -271,7 +272,7 @@
%prep
%setup -qn ffmpeg-%version
-%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1
+%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1
%build
perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c
++ 0001-avcodec-exr-Check-tile-positions.patch ++
>From 01aee8148d4fa439cce678a11f5110656c98de1f* Mon Sep 17 00:00:00 2001
From: Michael Niedermayer
Date: Wed, 17 Aug 2016 21:22:29 +0200
Subject: [PATCH] avcodec/exr: Check tile positions
X-Desc: Backport attempt to 2.8.8 by jeng...@inai.de
References: CVE-2016-6920
References: https://bugzilla.suse.com/show_bug.cgi?id=998636
This also disabled the case of mixed x/ymin with tiles, the code
handles these cases inconsistent for the 2 coordinate axis and is
unlikely working correctly.
Fixes crash
Fixes: poc1.exr, poc2.exr
Found-by: Yaoguang Chen of Aliapy unLimit Security Team
Signed-off-by: Michael Niedermayer
---
libavcodec/exr.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
Index: ffmpeg-2.8.8/libavcodec/exr.c
===
--- ffmpeg-2.8.8.orig/libavcodec/exr.c
+++ ffmpeg-2.8.8/libavcodec/exr.c
@@ -836,7 +836,8 @@ static int decode_block(AVCodecContext *
uint32_t xdelta = s->xdelta;
uint16_t *ptr_x;
uint8_t *ptr;
-uint32_t data_size, line;
+uint32_t data_size;
+uint64_t line, col = 0;
const uint8_t *src;
int axmax = (avctx->width - (s->xmax + 1)) * 2 * s->desc->nb_components;
int bxmin = s->xmin * 2 * s->desc->nb_components;
@@ -849,9 +850,15 @@ static int decode_block(AVCodecContext *
if (line_offset > buf_size - 8)
return AVERROR_INVALIDDATA;
+if (s->xmin || s->ymin) {
+avpriv_report_missing_feature(s->avctx, "Tiles with xmin/ymin");
+return AVERROR_PATCHWELCOME;
+}
+
src = buf + line_offset + 8;
line = AV_RL32(src - 8);
-if (line < s->ymin || line > s->ymax)
+if (line < s->ymin || line > s->ymax ||
+col < s->xmin || col > s->xmax)
return AVERROR_INVALIDDATA;
data_size = AV_RL32(sr
