commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-09-13 21:37:02 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Wed Sep 13 21:37:02 2017 rev:12 rq:523675 version:2.8.13 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-09-07 22:12:17.858725709 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-09-13 21:37:14.111943970 +0200 @@ -1,0 +2,8 @@ +Tue Sep 12 11:05:31 UTC 2017 - jeng...@inai.de + +- Add patches 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch + [CVE-2017-14223] [boo#1058019], + 0001-avformat-mov-Fix-DoS-in-read_tfra.patch + [CVE-2017-14222] [boo#1058020] + +--- @@ -21,0 +30,2 @@ + * avutil/pixdesc: av_color_primaries_name NULL deref fixed +[CVE-2017-14225] [boo#1058018] New: 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch 0001-avformat-mov-Fix-DoS-in-read_tfra.patch Other differences: -- ++ ffmpeg2.spec ++ --- /var/tmp/diff_new_pack.NWVc6C/_old 2017-09-13 21:37:14.999819046 +0200 +++ /var/tmp/diff_new_pack.NWVc6C/_new 2017-09-13 21:37:14.999819046 +0200 @@ -48,6 +48,8 @@ Patch4: ffmpeg-new-coder-errors.diff Patch5: ffmpeg-codec-choice.diff Patch6: 0001-avcodec-exr-Check-tile-positions.patch +Patch7: 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch +Patch8: 0001-avformat-mov-Fix-DoS-in-read_tfra.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel @@ -273,7 +275,7 @@ %prep %setup -qn ffmpeg-%version -%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -P 7 -P 8 -p1 %build perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c ++ 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch ++ >From b61e5a878c845b8bee1267fdb75c293feb00ae0d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 5 Sep 2017 00:16:29 +0200 Subject: [PATCH] avformat/asfdec: Fix DoS in asf_build_simple_index() Fixes: Missing EOF check in loop No testcase Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer (cherry picked from commit afc9c683ed9db01edb357bc8c19edad4282b3a97) Signed-off-by: Michael Niedermayer --- libavformat/asfdec_f.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index f3acbae280..cc648b9a2f 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -1610,6 +1610,11 @@ static int asf_build_simple_index(AVFormatContext *s, int stream_index) int64_t pos = s->internal->data_offset + s->packet_size * (int64_t)pktnum; int64_t index_pts = FFMAX(av_rescale(itime, i, 1) - asf->hdr.preroll, 0); +if (avio_feof(s->pb)) { +ret = AVERROR_INVALIDDATA; +goto end; +} + if (pos != last_pos) { av_log(s, AV_LOG_DEBUG, "pktnum:%d, pktct:%d pts: %"PRId64"\n", pktnum, pktct, index_pts); -- 2.14.1 ++ 0001-avformat-mov-Fix-DoS-in-read_tfra.patch ++ >From d9cf9f5af82228b588828ae2692acccec588fdac Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 5 Sep 2017 00:16:29 +0200 Subject: [PATCH] avformat/mov: Fix DoS in read_tfra() Fixes: Missing EOF check in loop No testcase Found-by: Xiaohei and Wangchu from Alibaba Security Team Signed-off-by: Michael Niedermayer (cherry picked from commit 9cb4eb772839c5e1de2855d126bf74ff16d13382) Signed-off-by: Michael Niedermayer --- libavformat/mov.c | 7 +++ 1 file changed, 7 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 6b1cee8d6c..90b068f091 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5873,6 +5873,13 @@ static int read_tfra(MOVContext *mov, AVIOContext *f) } for (i = 0; i < index->item_count; i++) { int64_t time, offset; + +if (avio_feof(f)) { +index->item_count = 0; +av_freep(&index->items); +return AVERROR_INVALIDDATA; +} + if (version == 1) { time = avio_rb64(f); offset = avio_rb64(f); -- 2.14.1
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-09-07 22:12:01 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Thu Sep 7 22:12:01 2017 rev:11 rq:521947 version:2.8.13 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-08-29 11:42:24.722437366 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-09-07 22:12:17.858725709 +0200 @@ -1,0 +2,27 @@ +Mon Sep 4 20:12:29 UTC 2017 - jeng...@inai.de + +- Update to new bugfix release 2.8.13 + * avformat/hls: Fix DoS due to infinite loop +[CVE-2017-14058] [boo#1056762] + * avformat/asfdec: Fix DoS due to lack of eof check +[CVE-2017-14057] [boo#1056761] + * avformat/cinedec: Fix DoS due to lack of eof check +[CVE-2017-14059] [boo#1056763] + * avformat/rl2: Fix DoS due to lack of eof check +(code not enabled in openSUSE, though in packman) +[CVE-2017-14056] [boo#1056760] + * avformat/mvdec: Fix DoS due to lack of eof check +[CVE-2017-14055] [boo#1056766] + * avformat/mxfdec: Fix Sign error in mxf_read_primer_pack +[CVE-2017-14169] [boo#1057536] + * avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array +[CVE-2017-14170] [boo#1057537] + * avformat/nsvdec: Fix DoS due to lack of eof check in +nsvs_file_offset loop. [CVE-2017-14171] [boo#1057539] + +--- +Sat Aug 26 14:56:55 UTC 2017 - jeng...@inai.de + +- Unconditionalize celt, ass, openjpeg, webp, libva, vdpau. + +--- Old: ffmpeg-2.8.12.tar.xz ffmpeg-2.8.12.tar.xz.asc New: ffmpeg-2.8.13.tar.xz ffmpeg-2.8.13.tar.xz.asc Other differences: -- ++ ffmpeg2.spec ++ --- /var/tmp/diff_new_pack.1RZqlc/_old 2017-09-07 22:12:20.786313107 +0200 +++ /var/tmp/diff_new_pack.1RZqlc/_new 2017-09-07 22:12:20.786313107 +0200 @@ -23,15 +23,9 @@ %bcond_withx265 %bcond_withxvid %bcond_withopencore -%bcond_without celt -%bcond_without libass -%bcond_without libva -%bcond_without openjpeg -%bcond_without vdpau -%bcond_without webp Name: ffmpeg2 -Version:2.8.12 +Version:2.8.13 Release:0 Summary:Library for working with various multimedia formats License:LGPL-2.1+ and GPL-2.0+ @@ -56,39 +50,29 @@ Patch6: 0001-avcodec-exr-Check-tile-positions.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel +BuildRequires: libmp3lame-devel BuildRequires: pkg-config BuildRequires: yasm BuildRequires: pkgconfig(alsa) BuildRequires: pkgconfig(bzip2) -%if %{with celt} BuildRequires: pkgconfig(celt) >= 0.11.0 -%endif -BuildRequires: libmp3lame-devel BuildRequires: pkgconfig(enca) BuildRequires: pkgconfig(fontconfig) >= 2.4.2 BuildRequires: pkgconfig(freetype2) BuildRequires: pkgconfig(fribidi) >= 0.19.0 BuildRequires: pkgconfig(gnutls) BuildRequires: pkgconfig(jack) -%if %{with libass} BuildRequires: pkgconfig(libass) -%endif BuildRequires: pkgconfig(libbluray) BuildRequires: pkgconfig(libcdio) BuildRequires: pkgconfig(libcdio_paranoia) BuildRequires: pkgconfig(libdc1394-2) BuildRequires: pkgconfig(liboil-0.3) >= 0.3.15 -%if %{with openjpeg} BuildRequires: pkgconfig(libopenjpeg) -%endif BuildRequires: pkgconfig(libpulse) BuildRequires: pkgconfig(libraw1394) -%if %{with libva} BuildRequires: pkgconfig(libva) >= 0.35.0 -%endif -%if %{with webp} BuildRequires: pkgconfig(libwebp) >= 0.4 -%endif BuildRequires: pkgconfig(ogg) BuildRequires: pkgconfig(opus) BuildRequires: pkgconfig(schroedinger-1.0) @@ -96,9 +80,7 @@ BuildRequires: pkgconfig(speex) BuildRequires: pkgconfig(theora) >= 1.1 BuildRequires: pkgconfig(twolame) -%if %{with vdpau} BuildRequires: pkgconfig(vdpau) -%endif BuildRequires: pkgconfig(vorbis) BuildRequires: pkgconfig(vpx) >= 1.3.0 BuildRequires: pkgconfig(x11) @@ -311,20 +293,14 @@ --enable-libcdio \ --enable-gnutls \ --enable-ladspa \ -%if %{with libass} --enable-libass \ -%endif --enable-libbluray \ -%if %{with celt} --enable-libcelt \ -%endif --enable-libcdio \ --enable-libdc1394 \ --enable-libfreetype \ --enable-libgsm \ -%if %{with openjpeg} --enable-libopenjpeg \ -%endif --enable-libopus \ --enable-libpulse \ --enable-libschroedinger \ @@ -332,17 +308,11 @@ --enable-libtheora \ --enable-libvorbis \ --enable-libvpx \ -%if %{with webp} --enable-libwebp \ -%endif --enable-pic \ --enable-pthreads \ -%if %{wit
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-08-29 11:42:22 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Tue Aug 29 11:42:22 2017 rev:10 rq:518724 version:2.8.12 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-06-29 15:16:47.362854841 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-08-29 11:42:24.722437366 +0200 @@ -1,0 +2,5 @@ +Fri Aug 25 06:34:58 UTC 2017 - o...@aepfle.de + +- Build unconditionally with lame and twolame + +--- Other differences: -- ++ ffmpeg2.spec ++ --- /var/tmp/diff_new_pack.R5DHr9/_old 2017-08-29 11:42:26.142237205 +0200 +++ /var/tmp/diff_new_pack.R5DHr9/_new 2017-08-29 11:42:26.146236641 +0200 @@ -17,9 +17,7 @@ %bcond_withfdk_aac -%bcond_withlame %bcond_withlibrtmp -%bcond_withtwolame %bcond_withvo_aacenc %bcond_withx264 %bcond_withx265 @@ -65,6 +63,7 @@ %if %{with celt} BuildRequires: pkgconfig(celt) >= 0.11.0 %endif +BuildRequires: libmp3lame-devel BuildRequires: pkgconfig(enca) BuildRequires: pkgconfig(fontconfig) >= 2.4.2 BuildRequires: pkgconfig(freetype2) @@ -96,6 +95,7 @@ BuildRequires: pkgconfig(sdl) BuildRequires: pkgconfig(speex) BuildRequires: pkgconfig(theora) >= 1.1 +BuildRequires: pkgconfig(twolame) %if %{with vdpau} BuildRequires: pkgconfig(vdpau) %endif @@ -117,18 +117,12 @@ %if %{with librtmp} BuildRequires: pkgconfig(librtmp) %endif -%if %{with lame} -BuildRequires: libmp3lame-devel -%endif %if %{with xvid} BuildRequires: libxvidcore-devel %endif %if %{with opencore} BuildRequires: pkgconfig(opencore-amrnb) %endif -%if %{with twolame} -BuildRequires: pkgconfig(twolame) -%endif %if %{with x264} BuildRequires: pkgconfig(x264) %endif @@ -353,17 +347,13 @@ %if %{with fdk_aac} --enable-libfdk_aac --enable-nonfree \ %endif -%if %{with lame} --enable-libmp3lame \ -%endif %if %{with opencore} --enable-libopencore-amrnb \ --enable-libopencore-amrwb \ --enable-version3 \ %endif -%if %{with twolame} --enable-libtwolame \ -%endif %if %{with x264} --enable-libx264 \ %endif ++ enable_decoders ++ --- /var/tmp/diff_new_pack.R5DHr9/_old 2017-08-29 11:42:26.202228748 +0200 +++ /var/tmp/diff_new_pack.R5DHr9/_new 2017-08-29 11:42:26.210227620 +0200 @@ -26,7 +26,9 @@ #mpeg1video # libav #mpeg2video # libav #mpeg4 # libav -mp3 # ffmpeg(3.x) +mp1 +mp2 # twolame +mp3 # lame opus # libopus pam # trivial pbm # trivial ++ enable_encoders ++ --- /var/tmp/diff_new_pack.R5DHr9/_old 2017-08-29 11:42:26.266219726 +0200 +++ /var/tmp/diff_new_pack.R5DHr9/_new 2017-08-29 11:42:26.270219162 +0200 @@ -20,6 +20,9 @@ libwebp libwebp_anim mjpeg +mp1 +mp2 # twolame +mp3 # lame pam pbm pcm_alaw
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-06-29 15:16:36 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Thu Jun 29 15:16:36 2017 rev:9 rq:506789 version:2.8.12 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-06-21 13:51:30.043535624 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-06-29 15:16:47.362854841 +0200 @@ -6 +6 @@ -full details. +full details. bsc#1046211 Other differences: --
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-06-21 13:51:27 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Wed Jun 21 13:51:27 2017 rev:8 rq:504602 version:2.8.12 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-04-30 21:10:21.499235512 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-06-21 13:51:30.043535624 +0200 @@ -1,0 +2,7 @@ +Mon Jun 19 10:12:22 UTC 2017 - idon...@suse.com + +- Update to new upstream release 2.8.12 + * Lots of integer overflow fixes, see the included Changelog for +full details. + +--- Old: ffmpeg-2.8.11.tar.xz ffmpeg-2.8.11.tar.xz.asc New: ffmpeg-2.8.12.tar.xz ffmpeg-2.8.12.tar.xz.asc Other differences: -- ++ ffmpeg2.spec ++ --- /var/tmp/diff_new_pack.9jKm5f/_old 2017-06-21 13:51:31.475333654 +0200 +++ /var/tmp/diff_new_pack.9jKm5f/_new 2017-06-21 13:51:31.479333090 +0200 @@ -33,7 +33,7 @@ %bcond_without webp Name: ffmpeg2 -Version:2.8.11 +Version:2.8.12 Release:0 Summary:Library for working with various multimedia formats License:LGPL-2.1+ and GPL-2.0+ ++ ffmpeg-2.8.11.tar.xz -> ffmpeg-2.8.12.tar.xz ++ /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg-2.8.11.tar.xz /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg-2.8.12.tar.xz differ: char 26, line 1
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-04-30 21:10:19 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Sun Apr 30 21:10:19 2017 rev:7 rq:491052 version:2.8.11 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-04-17 10:21:08.854091389 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-04-30 21:10:21.499235512 +0200 @@ -1,0 +2,5 @@ +Tue Apr 18 15:41:45 UTC 2017 - jeng...@inai.de + +- Enable AC3 and MP3 decoding to match multimedia:libs/ffmpeg (3.x) + +--- @@ -14,0 +20,3 @@ + * resolved CVE-2016-9561 [boo#1015120], + CVE-2017-7863 [boo#1034179], CVE-2017-7865 [boo#1034177], + CVE-2017-7866 [boo#1034176] @@ -115,0 +124,2 @@ + * resolved CVE-2016-10190 [boo#1022920], + CVE-2016-10191 [boo#1022921], CVE-2016-10192 [boo#1022922] Other differences: -- ++ enable_decoders ++ --- /var/tmp/diff_new_pack.2VaTNF/_old 2017-04-30 21:10:22.607079333 +0200 +++ /var/tmp/diff_new_pack.2VaTNF/_new 2017-04-30 21:10:22.607079333 +0200 @@ -1,3 +1,4 @@ +ac3 # ffmpeg(3.x) ansi # trivial apng ass # trivial @@ -25,6 +26,7 @@ #mpeg1video # libav #mpeg2video # libav #mpeg4 # libav +mp3 # ffmpeg(3.x) opus # libopus pam # trivial pbm # trivial
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-04-17 10:21:04 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Mon Apr 17 10:21:04 2017 rev:6 rq:484299 version:2.8.11 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2017-03-13 15:27:35.396253095 +0100 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-04-17 10:21:08.854091389 +0200 @@ -1,0 +2,116 @@ +Sat Apr 1 07:37:40 UTC 2017 - jeng...@inai.de + +- Update to new upstream release 2.8.11 + * pgssubdec: reset rle_data_len/rle_remaining_len on allocation + error + * avformat/oggdec: Skip streams in duration correction that did + not had their duration set. + * avcodec/mpeg4videodec: Fix undefined shifts in + mpeg4_decode_sprite_trajectory() + * avformat/avidec: skip odml master index chunks in avi_sync + * avcodec/pngdec: Fix off by 1 size in decode_zbuf() + * lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr + * lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid + +--- +Sat Apr 1 06:33:50 UTC 2017 - davejpla...@gmail.com + +- Update to 2.8.10 to fix boo#1022920 VUL-0: CVE-2016-10190 +- Removed patches 0001-avcodec-ansi-Check-dimensions.patch, + 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch, + 0001-avformat-avidec-Remove-ancient-assert.patch and + 0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch. + They are incorporated in this version. +- Upstream changes: + * avformat/http: Match chunksize checks to master..3.0 + * Changelog: fix typos + * ffserver: Check chunk size + * Avoid using the term "file" and prefer "url" in some docs + and comments + * avformat/rtmppkt: Check for packet size mismatches + * zmqsend: Initialize ret to 0 + * configure: check for strtoull on msvc + * http: move chunk handling from http_read_stream() to + http_buf_read(). + * http: make length/offset-related variables unsigned. + * avcodec/flacdec: Fix undefined shift in decode_subframe() + * avcodec/get_bits: Fix get_sbits_long(0) + * avformat/ffmdec: Check media type for chunks + * avcodec/flacdec: Fix signed integer overflow in + decode_subframe_fixed() + * avcodec/flacdsp_template: Fix undefined shift in + flac_decorrelate_indep_c + * avformat/oggparsespeex: Check frames_per_packet and packet_size + * avformat/utils: Check start/end before computing duration in + update_stream_timings() + * avcodec/flac_parser: Update nb_headers_buffered + * avformat/idroqdec: Check chunk_size for being too large + * filmstripdec: correctly check image dimensions + * mss2: only use error correction for matching block counts + * softfloat: decrease MIN_EXP to cover full float range + * libopusdec: default to stereo for invalid number of channels + * sbgdec: prevent NULL pointer access + * smacker: limit recursion depth of smacker_decode_bigtree + * mxfdec: fix NULL pointer dereference in mxf_read_packet_old + * libschroedingerdec: fix leaking of framewithpts + * libschroedingerdec: don't produce empty frames + * softfloat: handle -INT_MAX correctly + * pnmdec: make sure v is capped by maxval + * smvjpegdec: make sure cur_frame is not negative + * icodec: correctly check avio_read return value + * icodec: fix leaking pkt on error + * dvbsubdec: fix division by zero in compute_default_clut + * proresdec_lgpl: explicitly check coff[3] against slice_data_size + * escape124: reject codebook size 0 + * mpegts: prevent division by zero + * matroskadec: fix NULL pointer dereference in + webm_dash_manifest_read_header + * mpegaudio_parser: don't return AVERROR_PATCHWELCOME + * mxfdec: fix NULL pointer dereference + * diracdec: check return code of get_buffer_with_edge + * ppc: pixblockdsp: do unaligned block accesses correctly again + * mpeg12dec: unref discarded picture from extradata + * cavsdec: unref frame before referencing again + * avformat: prevent triggering request_probe assert in ff_read_packet + * avformat/mpeg: Adjust vid probe threshold to correct mis-detection + * avcodec/rv40: Test remaining space in loop of get_dimension() + * avcodec/ituh263dec: Avoid spending a long time in slice sync + * avcodec/movtextdec: Add error message for tsmb_size check + * avcodec/movtextdec: Fix tsmb_size check==0 check + * avcodec/movtextdec: Fix potential integer overflow + * avcodec/sunrast: Fix input buffer pointer check + * avcodec/tscc: Check side data size before use + * avcodec/rawdec: Check side data size before use + * avcodec/msvideo1: Check side data size before use + * avcodec/qpeg: Check side data size before use + * avcodec/qtrle: Check side data size before use + * avcodec/msrle: Check side data size before use + * avcodec/kmvc: Check side data
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2017-03-13 15:27:34 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Mon Mar 13 15:27:34 2017 rev:5 rq:459650 version:2.8.8 Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-11-03 11:09:50.0 +0100 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2017-03-13 15:27:35.396253095 +0100 @@ -1,0 +2,5 @@ +Sat Feb 11 09:13:02 UTC 2017 - o...@aepfle.de + +- Make sure each subpkg comes from the same src.rpm + +--- Other differences: -- ++ ffmpeg2.spec ++ --- /var/tmp/diff_new_pack.psW368/_old 2017-03-13 15:27:36.684071075 +0100 +++ /var/tmp/diff_new_pack.psW368/_new 2017-03-13 15:27:36.688070510 +0100 @@ -156,6 +156,8 @@ %package -n libavcodec56 Summary:FFmpeg codec library Group: System/Libraries +Requires: libavutil54 = %version-%release +Requires: libswresample1 = %version-%release # For mozillas Provides: libavcodec = %version-%release %if 0%{?BUILD_ORIG} @@ -176,6 +178,10 @@ %package -n libavdevice56 Summary:FFmpeg device library Group: System/Libraries +Requires: libavcodec56 = %version-%release +Requires: libavfilter5 = %version-%release +Requires: libavformat56 = %version-%release +Requires: libavutil54 = %version-%release %description -n libavdevice56 The libavdevice library provides a generic framework for grabbing from @@ -186,6 +192,13 @@ %package -n libavfilter5 Summary:FFmpeg audio and video filtering library Group: System/Libraries +Requires: libavcodec56 = %version-%release +Requires: libavformat56 = %version-%release +Requires: libavresample2 = %version-%release +Requires: libavutil54 = %version-%release +Requires: libpostproc53 = %version-%release +Requires: libswresample1 = %version-%release +Requires: libswscale3 = %version-%release %description -n libavfilter5 The libavfilter library provides a generic audio/video filtering @@ -194,6 +207,8 @@ %package -n libavformat56 Summary:FFmpeg's stream format library Group: System/Libraries +Requires: libavcodec56 = %version-%release +Requires: libavutil54 = %version-%release %description -n libavformat56 The libavformat library provides a generic framework for multiplexing @@ -208,6 +223,7 @@ %package -n libavresample2 Summary:FFmpeg alternate audio resampling library Group: System/Libraries +Requires: libavutil54 = %version-%release %description -n libavresample2 An audio resampling library that is being provided for drop-in @@ -229,6 +245,7 @@ %package -n libpostproc53 Summary:FFmpeg post-processing library Group: System/Libraries +Requires: libavutil54 = %version-%release %description -n libpostproc53 A library with video postprocessing filters, such as deblocking and @@ -238,6 +255,7 @@ %package -n libswresample1 Summary:FFmpeg software resampling library Group: System/Libraries +Requires: libavutil54 = %version-%release %description -n libswresample1 The libswresample library performs audio conversion between different @@ -246,6 +264,7 @@ %package -n libswscale3 Summary:FFmpeg image scaling and colorspace/pixel conversion library Group: System/Libraries +Requires: libavutil54 = %version-%release %description -n libswscale3 The libswscale library performs image scaling and colorspace and
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2016-11-03 11:09:49 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-10-14 09:05:32.0 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2016-11-03 11:09:50.0 +0100 @@ -1,0 +2,5 @@ +Fri Oct 28 17:58:28 UTC 2016 - o...@aepfle.de + +- Enable libfdk_aac if it is available at buildtime + +--- Other differences: -- ++ ffmpeg2.spec ++ --- /var/tmp/diff_new_pack.kg5XB0/_old 2016-11-03 11:09:51.0 +0100 +++ /var/tmp/diff_new_pack.kg5XB0/_new 2016-11-03 11:09:51.0 +0100 @@ -16,6 +16,7 @@ # +%bcond_withfdk_aac %bcond_withlame %bcond_withlibrtmp %bcond_withtwolame @@ -114,6 +115,9 @@ BuildRequires: pkgconfig(xfixes) BuildRequires: pkgconfig(zlib) %if 0%{?BUILD_ORIG} +%if %{with fdk_aac} +BuildRequires: pkgconfig(fdk-aac) +%endif %if %{with librtmp} BuildRequires: pkgconfig(librtmp) %endif @@ -331,6 +335,9 @@ --enable-vdpau \ %endif %if 0%{?BUILD_ORIG} +%if %{with fdk_aac} + --enable-libfdk_aac --enable-nonfree \ +%endif %if %{with lame} --enable-libmp3lame \ %endif
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2016-10-14 09:05:32 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-09-30 15:24:43.0 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2016-10-14 09:05:32.0 +0200 @@ -1,0 +2,17 @@ +Sat Oct 8 17:44:47 UTC 2016 - jeng...@inai.de + +- Add 0001-avcodec-ansi-Check-dimensions.patch, + 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch + 0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch + 0001-avformat-avidec-Remove-ancient-assert.patch [boo#1003806] + +--- +Wed Sep 28 18:42:19 UTC 2016 - dims...@opensuse.org + +- Have libavcodec56 additionally provide libavcodec56(unrestricted) + when building unrestricted: allow third party packages to require + the unrestricted codec. The existing -full provides is not + suitable as it can be provided by multiple libavcodec* packages, + whereas we require a specific ABI version. + +--- New: 0001-avcodec-ansi-Check-dimensions.patch 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch 0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch 0001-avformat-avidec-Remove-ancient-assert.patch Other differences: -- ++ ffmpeg2.spec ++ --- /var/tmp/diff_new_pack.NDibJS/_old 2016-10-14 09:05:34.0 +0200 +++ /var/tmp/diff_new_pack.NDibJS/_new 2016-10-14 09:05:34.0 +0200 @@ -55,6 +55,10 @@ Patch4: ffmpeg-new-coder-errors.diff Patch5: ffmpeg-codec-choice.diff Patch6: 0001-avcodec-exr-Check-tile-positions.patch +Patch7: 0001-avcodec-ansi-Check-dimensions.patch +Patch8: 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch +Patch9: 0001-avformat-avidec-Remove-ancient-assert.patch +Patch10:0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: pkg-config @@ -152,6 +156,8 @@ Provides: libavcodec = %version-%release %if 0%{?BUILD_ORIG} Provides: libavcodec-full = %version-%release +# This can be required by packages likes vlc-codecs - following the shlib name to not get random lib providers +Provides: libavcodec56(unrestricted) %endif %description -n libavcodec56 @@ -272,7 +278,7 @@ %prep %setup -qn ffmpeg-%version -%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -P 7 -P 8 -P 9 -P 10 -p1 %build perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c ++ 0001-avcodec-ansi-Check-dimensions.patch ++ >From ab737ab31d4f126ed5a13a6a0498824141925108 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 26 Sep 2016 20:25:59 +0200 Subject: [PATCH] avcodec/ansi: Check dimensions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: 1.avi Found-by: 连一汉 Signed-off-by: Michael Niedermayer (cherry picked from commit 69449da436169e7facaa6d1f3bcbc41cf6ce2754) Signed-off-by: Michael Niedermayer --- libavcodec/ansi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/ansi.c b/libavcodec/ansi.c index 21d5ae1..98ea9e3 100644 --- a/libavcodec/ansi.c +++ b/libavcodec/ansi.c @@ -94,6 +94,9 @@ static av_cold int decode_init(AVCodecContext *avctx) int ret = ff_set_dimensions(avctx, 80 << 3, 25 << 4); if (ret < 0) return ret; +} else if (avctx->width % FONT_WIDTH || avctx->height % s->font_height) { +av_log(avctx, AV_LOG_ERROR, "Invalid dimensions %d %d\n", avctx->width, avctx->height); +return AVERROR(EINVAL); } return 0; } -- 2.6.6 ++ 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch ++ >From 69b00a7fb6faa1b19b5687a5762ff4f94d5ff9aa Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 19 Sep 2016 15:25:38 +0200 Subject: [PATCH] avcodec/cavsdsp: use av_clip_uint8() for idct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes out of array read Fixes: 1.swf Found-by: 连一汉 Tested-by: 连一汉 Signed-off-by: Michael Niedermayer (cherry picked from commit 0e318f110bcd6bb8e7de9127f2747272e60f48d7) Signed-off-by: Michael Niedermayer --- libavcodec/cavsdsp.c | 17 - 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/libavcodec/cavsdsp.c b/libavcodec/cavsdsp.c index 91f6d73..df9490a 100644 --- a/libavcodec/cavsdsp.c +++ b/libavcodec/cavsdsp.c @@ -188,7 +188,6 @@ static void cavs
commit ffmpeg2 for openSUSE:Factory
Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2016-09-30 15:24:30 Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) Package is "ffmpeg2" Changes: --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-08-26 23:15:58.0 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2016-09-30 15:24:43.0 +0200 @@ -1,0 +2,21 @@ +Tue Sep 27 16:05:27 UTC 2016 - jeng...@inai.de + +- Update to new maintenance release 2.8.8 +* avformat/oggparsevp8: fix pts calculation on pages ending with an invisible frame +* avcodec/mjpegdec: Do not try to detect last scan but apply idct after all scans for progressive jpeg +* avformat/oggparseopus: Check that granule pos is within the supported range +* avformat/utils: Check bps before using it in a shift in ff_get_pcm_codec_id() +* ffmpeg: Check that r_frame_rate is set before attempting to use it +* avformat/utils: Do not compute the bitrate from duration == 0 +* avformat/utils: Check negative bps before shifting in ff_get_pcm_codec_id() +* avformat/avidec: Detect index with too short entries +* avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and libavformat/utils.c +* avformat/allformats: Making av_register_all() thread-safe. +* avcodec/vp9_parser: Check the input frame sizes for being consistent +* avformat/oggdec: Fix integer overflow with invalid pts +* avcodec/ffv1enc: Fix assertion failure with non zero bits per sample +* avcodec/diracdec: Check numx/y +* avformat/avidec: Fix infinite loop in avi_read_nikon() +- Add 0001-avcodec-exr-Check-tile-positions.patch [bnc#998636] + +--- Old: ffmpeg-2.8.7.tar.xz ffmpeg-2.8.7.tar.xz.asc New: 0001-avcodec-exr-Check-tile-positions.patch ffmpeg-2.8.8.tar.xz ffmpeg-2.8.8.tar.xz.asc Other differences: -- ++ ffmpeg2.spec ++ --- /var/tmp/diff_new_pack.rMdrHU/_old 2016-09-30 15:24:45.0 +0200 +++ /var/tmp/diff_new_pack.rMdrHU/_new 2016-09-30 15:24:45.0 +0200 @@ -32,7 +32,7 @@ %bcond_without webp Name: ffmpeg2 -Version:2.8.7 +Version:2.8.8 Release:0 Summary:Library for working with various multimedia formats License:LGPL-2.1+ and GPL-2.0+ @@ -54,6 +54,7 @@ Patch3: ffmpeg-pkgconfig-version.patch Patch4: ffmpeg-new-coder-errors.diff Patch5: ffmpeg-codec-choice.diff +Patch6: 0001-avcodec-exr-Check-tile-positions.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: pkg-config @@ -271,7 +272,7 @@ %prep %setup -qn ffmpeg-%version -%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1 %build perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c ++ 0001-avcodec-exr-Check-tile-positions.patch ++ >From 01aee8148d4fa439cce678a11f5110656c98de1f* Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Aug 2016 21:22:29 +0200 Subject: [PATCH] avcodec/exr: Check tile positions X-Desc: Backport attempt to 2.8.8 by jeng...@inai.de References: CVE-2016-6920 References: https://bugzilla.suse.com/show_bug.cgi?id=998636 This also disabled the case of mixed x/ymin with tiles, the code handles these cases inconsistent for the 2 coordinate axis and is unlikely working correctly. Fixes crash Fixes: poc1.exr, poc2.exr Found-by: Yaoguang Chen of Aliapy unLimit Security Team Signed-off-by: Michael Niedermayer --- libavcodec/exr.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) Index: ffmpeg-2.8.8/libavcodec/exr.c === --- ffmpeg-2.8.8.orig/libavcodec/exr.c +++ ffmpeg-2.8.8/libavcodec/exr.c @@ -836,7 +836,8 @@ static int decode_block(AVCodecContext * uint32_t xdelta = s->xdelta; uint16_t *ptr_x; uint8_t *ptr; -uint32_t data_size, line; +uint32_t data_size; +uint64_t line, col = 0; const uint8_t *src; int axmax = (avctx->width - (s->xmax + 1)) * 2 * s->desc->nb_components; int bxmin = s->xmin * 2 * s->desc->nb_components; @@ -849,9 +850,15 @@ static int decode_block(AVCodecContext * if (line_offset > buf_size - 8) return AVERROR_INVALIDDATA; +if (s->xmin || s->ymin) { +avpriv_report_missing_feature(s->avctx, "Tiles with xmin/ymin"); +return AVERROR_PATCHWELCOME; +} + src = buf + line_offset + 8; line = AV_RL32(src - 8); -if (line < s->ymin || line > s->ymax) +if (line < s->ymin || line > s->ymax || +col < s->xmin || col > s->xmax) return AVERROR_INVALIDDATA; data_size = AV_RL32(sr