[Bug 1659112] Re: package libavformat-ffmpeg56:i386 7:2.8.10-0ubuntu0.16.04.1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configu

2017-02-13 Thread Andreas Cadhalpun
The dpkg history log contains:
Start-Date: 2017-01-06  21:09:48
Commandline: aptdaemon role='role-upgrade-system' sender=':1.77'
Install: [...]
Error: Sub-process /usr/bin/dpkg exited unexpectedly
End-Date: 2017-01-06  21:11:03

This looks like dpkg crashed, which would explain why libavformat is in
a bad/inconsistent state.

Please provide (the relevant part of) /var/log/apt/term.log, so that
this can be debugged further.

** Changed in: ffmpeg (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659112

Title:
  package libavformat-ffmpeg56:i386 7:2.8.10-0ubuntu0.16.04.1 failed to
  install/upgrade: package is in a very bad inconsistent state; you
  should  reinstall it before attempting configuration

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1659112/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1664403] Re: FFmpeg security fixes February 2017 (xenial)

2017-02-13 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a xenial chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/pkg-
multimedia/ffmpeg.git/log/?h=xenial

** Patch added: "debdiff for 2.8.11"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1664403/+attachment/4818549/+files/ffmpeg_2.8.11.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664403

Title:
   FFmpeg security fixes February 2017 (xenial)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1664403/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1664402] Re: FFmpeg security fixes February 2017 (yakkety)

2017-02-13 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a xenial chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/pkg-
multimedia/ffmpeg.git/log/?h=xenial

** Patch added: "debdiff for 3.0.7"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1664402/+attachment/4818548/+files/ffmpeg_3.0.7.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664402

Title:
  FFmpeg security fixes February 2017 (yakkety)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1664402/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1664403] [NEW] FFmpeg security fixes February 2017 (xenial)

2017-02-13 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 2.8.11 fixing a number of crashes and other potentially security
relevant issues was released.

This includes fixes for CVE-2016-9561, CVE-2017-5024 and CVE-2017-5025.

>From the upstream Changelog:

version 2.8.11
- avcodec/h264_slice: Clear ref_counts on redundant slices
- lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
- lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
- avcodec/pictordec: Fix logic error
- avcodec/movtextdec: Fix decode_styl() cleanup
- lavf/matroskadec: fix is_keyframe for early Blocks
- configure: bump year
- avcodec/pngdec: Check trns more completely
- avcodec/interplayvideo: Move parameter change check up
- avcodec/mjpegdec: Check for for the bitstream end in 
mjpeg_decode_scan_progressive_ac()
- avformat/flacdec: Check avio_read result when reading flac block header.
- avcodec/utils: correct align value for interplay
- avcodec/vp56: Check for the bitstream end, pass error codes on
- avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan()
- avcodec/pngdec: Fix off by 1 size in decode_zbuf()
- avformat/avidec: skip odml master index chunks in avi_sync
- avcodec/mjpegdec: Check for rgb before flipping
- avutil/random_seed: Reduce the time needed on systems with very low precision 
clock()
- avutil/random_seed: Improve get_generic_seed() with higher precision clock()
- avformat/utils: Print verbose error message if stream count exceeds 
max_streams
- avformat/options_table: Set the default maximum number of streams to 1000
- avutil: Add av_image_check_size2()
- avformat: Add max_streams option
- avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be 
allocated
- avcodec/mpeg4videodec: Fix undefined shifts in 
mpeg4_decode_sprite_trajectory()
- avformat/oggdec: Skip streams in duration correction that did not had their 
duration set.
- avcodec/ffv1enc: Fix size of first slice
- pgssubdec: reset rle_data_len/rle_remaining_len on allocation error

** Affects: ffmpeg (Ubuntu)
 Importance: Undecided
 Status: New

** Information type changed from Private Security to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9561

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-5024

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-5025

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664403

Title:
   FFmpeg security fixes February 2017 (xenial)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1664403/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1664402] [NEW] FFmpeg security fixes February 2017 (yakkety)

2017-02-13 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 3.0.7 fixing a number of crashes and other potentially security
relevant issues was released.

This includes fixes for CVE-2016-9561 (3.0.6) and
CVE-2017-5024/CVE-2017-5025 (3.0.7).

>From the upstream Changelog:

version 3.0.7
- avcodec/h264_slice: Clear ref_counts on redundant slices
- lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
- lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
- avcodec/pictordec: Fix logic error
- avcodec/movtextdec: Fix decode_styl() cleanup
- lavf/matroskadec: fix is_keyframe for early Blocks

version 3.0.6:
- avcodec/pngdec: Check trns more completely
- avcodec/interplayvideo: Move parameter change check up
- avcodec/mjpegdec: Check for for the bitstream end in 
mjpeg_decode_scan_progressive_ac()
- avformat/flacdec: Check avio_read result when reading flac block header.
- avcodec/utils: correct align value for interplay
- avcodec/vp56: Check for the bitstream end, pass error codes on
- avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan()
- avcodec/pngdec: Fix off by 1 size in decode_zbuf()
- avformat/avidec: skip odml master index chunks in avi_sync
- avcodec/mjpegdec: Check for rgb before flipping
- avutil/random_seed: Reduce the time needed on systems with very low precision 
clock()
- avutil/random_seed: Improve get_generic_seed() with higher precision clock()
- avformat/utils: Print verbose error message if stream count exceeds 
max_streams
- avformat/options_table: Set the default maximum number of streams to 1000
- pgssubdec: reset rle_data_len/rle_remaining_len on allocation error
- avutil: Add av_image_check_size2()
- avformat: Add max_streams option
- avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be 
allocated
- avcodec/mpeg4videodec: Fix undefined shifts in 
mpeg4_decode_sprite_trajectory()
- avformat/oggdec: Skip streams in duration correction that did not had their 
duration set.
- avcodec/ffv1enc: Fix size of first slice

** Affects: ffmpeg (Ubuntu)
 Importance: Undecided
 Status: New

** Information type changed from Private Security to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9561

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-5024

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-5025

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664402

Title:
  FFmpeg security fixes February 2017 (yakkety)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1664402/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1653782] Re: remove / compile without libschroedinger, libtheora, libspeex, ...

2017-01-04 Thread Andreas Cadhalpun
This has already been reported before (https://bugs.debian.org/786670) and my 
opinion hasn't changed:
I don't think these external libraries increase the attack surface much.

The bug I mentioned was closed by disabling the two external libraries that 
turned out to be problematic, libopenjpeg and libschroedinger.
The issues in openjpeg have been fixed (in openjpeg2), while libschroedinger 
got removed entirely.

As I don't think there is anything else to be done about this, I'm
closing this bug as won't fix.

** Bug watch added: Debian Bug tracker #786670
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786670

** Changed in: ffmpeg (Ubuntu)
   Status: New => Confirmed

** Changed in: ffmpeg (Ubuntu)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1653782

Title:
  remove / compile without libschroedinger, libtheora, libspeex, ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1653782/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1652757] Re: package libavformat57:amd64 7:3.0.2-1ubuntu3 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration

2016-12-30 Thread Andreas Cadhalpun
Your logs show that while you were trying to install chromium, 
unattended-upgrades was running in the background and that failed, so the 
failure is unrelated to chromium.
The unattended-upgrades update was also tried on the preceding days and also 
failed, but unfortunately it is not clear from the logs what the actual problem 
was.

Please provide (the relevant part of) /var/log/apt/term.log, so that
this can be debugged further.

In general, it is a bad idea to report multiple problems in one bug report, 
because it makes tracking the bugs (and their fixes) much more complicated.
Thus please open a separate against ubuntu-software bug about your second 
problem.

** Changed in: ffmpeg (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1652757

Title:
  package libavformat57:amd64 7:3.0.2-1ubuntu3 failed to
  install/upgrade: package is in a very bad inconsistent state; you
  should  reinstall it before attempting configuration

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1652757/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1649158] Re: package ffmpeg 7:3.0.2-1ubuntu3 failed to install/upgrade: trying to overwrite '/usr/bin/ffmpeg', which is also in package ffmpeg-20090322-i486 1-2

2016-12-11 Thread Andreas Cadhalpun
There is no package 'ffmpeg-20090322-i486' in Ubuntu 16.10.
Hence I'm closing this bug as invalid.
Just remove that package with 'sudo apt-get purge ffmpeg-20090322-i486' and 
your problem will be gone.

** Changed in: ffmpeg (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1649158

Title:
  package ffmpeg 7:3.0.2-1ubuntu3 failed to install/upgrade: trying to
  overwrite '/usr/bin/ffmpeg', which is also in package
  ffmpeg-20090322-i486 1-2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1649158/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)

2016-12-10 Thread Andreas Cadhalpun
Debdiff mentioning the CVEs in the changelog is attached.

** Patch added: "debdiff for 2.8.10"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+attachment/4790034/+files/ffmpeg_2.8.10.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647226

Title:
  FFmpeg security fixes December 2016 (xenial)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)

2016-12-10 Thread Andreas Cadhalpun
For 2.8.9 there are now CVEs available [1]:
CVE-2016-7502, CVE-2016-7785, CVE-2016-7905, CVE-2016-7562

1: https://ffmpeg.org/security.html

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7502

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7562

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7785

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7905

** Changed in: ffmpeg (Ubuntu)
   Status: Invalid => New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647226

Title:
  FFmpeg security fixes December 2016 (xenial)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1647226] Re: FFmpeg security fixes December 2016 (xenial)

2016-12-10 Thread Andreas Cadhalpun
CVEs aren't available yet, but this fixes important security issues like:
https://trac.ffmpeg.org/ticket/5992
https://trac.ffmpeg.org/ticket/5994

** Bug watch added: FFmpeg Trac bug tracker #5992
   https://trac.ffmpeg.org/ticket/5992

** Bug watch added: FFmpeg Trac bug tracker #5994
   https://trac.ffmpeg.org/ticket/5994

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647226

Title:
  FFmpeg security fixes December 2016 (xenial)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1648265] Re: FFmpeg security fixes December 2016 II

2016-12-07 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a yakkety chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/pkg-
multimedia/ffmpeg.git/log/?h=yakkety

** Patch added: "debdiff for 3.0.5"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1648265/+attachment/4788853/+files/ffmpeg_3.0.5.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648265

Title:
  FFmpeg security fixes December 2016 II

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1648265/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1648265] [NEW] FFmpeg security fixes December 2016 II

2016-12-07 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 3.0.5 fixing a number of crashes and other potentially security
relevant issues was released.

This includes fixes for CVE-2016-5199 (3.0.4) and
CVE-2016-6164/CVE-2016-6881 (3.0.3).

>From the upstream Changelog:

version 3.0.5:
- configure: check for strtoull on msvc
- http: move chunk handling from http_read_stream() to http_buf_read().
- http: make length/offset-related variables unsigned.
- ffserver: Check chunk size
- Avoid using the term "file" and prefer "url" in some docs and comments
- avformat/rtmppkt: Check for packet size mismatches
- zmqsend: Initialize ret to 0
- avcodec/rawdec: check for side data before checking its size
- avcodec/flacdec: Fix undefined shift in decode_subframe()
- avcodec/get_bits: Fix get_sbits_long(0)
- avformat/ffmdec: Check media type for chunks
- avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()
- avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c
- avformat/oggparsespeex: Check frames_per_packet and packet_size
- avformat/utils: Check start/end before computing duration in 
update_stream_timings()
- avcodec/flac_parser: Update nb_headers_buffered
- avformat/idroqdec: Check chunk_size for being too large
- avformat/mpeg: Adjust vid probe threshold to correct mis-detection
- avcodec/rv40: Test remaining space in loop of get_dimension()
- avcodec/ituh263dec: Avoid spending a long time in slice sync
- avcodec/movtextdec: Add error message for tsmb_size check
- avcodec/movtextdec: Fix tsmb_size check==0 check
- avcodec/movtextdec: Fix potential integer overflow
- avcodec/sunrast: Fix input buffer pointer check
- avcodec/tscc:  Check side data size before use
- avcodec/rawdec: Check side data size before use
- avcodec/msvideo1: Check side data size before use
- avcodec/qpeg:  Check side data size before use
- avcodec/qtrle:  Check side data size before use
- avcodec/msrle:  Check side data size before use
- avcodec/kmvc:  Check side data size before use
- avcodec/idcinvideo: Check side data size before use
- avcodec/cinepak: Check side data size before use
- avcodec/8bps: Check side data size before use
- avcodec/dvdsubdec: Fix off by 1 error
- avcodec/dvdsubdec: Fix buf_size check
- vp9: change order of operations in adapt_prob().
- avcodec/interplayvideo: Check side data size before use
- avformat/mxfdec: Check size to avoid integer overflow in 
mxf_read_utf16_string()
- avcodec/mpegvideo_enc: Clear mmx state in ff_mpv_reallocate_putbitbuffer()
- avcodec/utils: Clear MMX state before returning from 
avcodec_default_execute*()
- avformat/icodec: Fix crash probing fuzzed file
- dcstr: fix division by zero
- rsd: limit number of channels
- mss2: only use error correction for matching block counts
- softfloat: decrease MIN_EXP to cover full float range
- libopusdec: default to stereo for invalid number of channels
- pgssubdec: only set w/h/linesize when allocating data
- sbgdec: prevent NULL pointer access
- smacker: limit recursion depth of smacker_decode_bigtree
- mxfdec: fix NULL pointer dereference in mxf_read_packet_old
- libschroedingerdec: fix leaking of framewithpts
- libschroedingerdec: don't produce empty frames
- softfloat: handle -INT_MAX correctly
- filmstripdec: correctly check image dimensions
- pnmdec: make sure v is capped by maxval
- smvjpegdec: make sure cur_frame is not negative
- icodec: correctly check avio_read return value
- dvbsubdec: fix division by zero in compute_default_clut
- proresdec_lgpl: explicitly check coff[3] against slice_data_size
- escape124: reject codebook size 0
- icodec: add ico_read_close to fix leaking ico->images
- icodec: fix leaking pkt on error
- mpegts: prevent division by zero
- matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header
- mpegaudio_parser: don't return AVERROR_PATCHWELCOME
- mxfdec: fix NULL pointer dereference
- lzf: update pointer p after realloc
- diracdec: check return code of get_buffer_with_edge
- ppc: pixblockdsp: do unaligned block accesses correctly again
- interplayacm: increase bitstream buffer size by AV_INPUT_BUFFER_PADDING_SIZE
- interplayacm: validate number of channels
- interplayacm: check for too large b
- mpeg12dec: unref discarded picture from extradata
- cavsdec: unref frame before referencing again
- avformat: prevent triggering request_probe assert in ff_read_packet
- avcodec/avpacket: fix leak on realloc in av_packet_add_side_data()


version 3.0.4:
- libopenjpegenc: fix out-of-bounds reads when filling the edges
- libopenjpegenc: stop reusing image data buffer for openjpeg 2
- configure: fix detection of libopenjpeg
- cmdutils: fix typos
- lavfi: fix typos
- lavc: fix typos
- tools: fix grammar error
- ffmpeg: remove unused and errorneous AVFrame timestamp check
- Support for MIPS cpu P6600
- avutil/mips/generic_macros_msa: rename macro variable which causes segfault 
for mips r
- avformat/avidec: Check nb_streams in read_gab2_sub()
- 

[Bug 1647226] Re: FFmpeg security fixes December 2016

2016-12-07 Thread Andreas Cadhalpun
There has been another release fixing bugs in network code:

version 2.8.10
- avformat/http: Match chunksize checks to master..3.0
- Changelog: fix typos
- ffserver: Check chunk size
- Avoid using the term "file" and prefer "url" in some docs and comments
- avformat/rtmppkt: Check for packet size mismatches
- zmqsend: Initialize ret to 0
- configure: check for strtoull on msvc
- http: move chunk handling from http_read_stream() to http_buf_read().
- http: make length/offset-related variables unsigned.

Attached is the new debdiff. (git repo is at [1])

Testing performed (in a xenial chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/pkg-
multimedia/ffmpeg.git/log/?h=xenial

** Patch added: "debdiff for 2.8.10"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+attachment/4788802/+files/ffmpeg_2.8.10.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647226

Title:
  FFmpeg security fixes December 2016

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1647226] Re: FFmpeg security fixes December 2016

2016-12-04 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a xenial chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/pkg-
multimedia/ffmpeg.git/log/?h=xenial

** Patch added: "debdiff for 2.8.9"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+attachment/4787437/+files/ffmpeg_2.8.9.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647226

Title:
  FFmpeg security fixes December 2016

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1647226] [NEW] FFmpeg security fixes December 2016

2016-12-04 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 2.8.9 fixing a number of crashes and other potentially security
relevant issues was released.

>From the upstream Changelog:

version 2.8.9
- avcodec/flacdec: Fix undefined shift in decode_subframe()
- avcodec/get_bits: Fix get_sbits_long(0)
- avformat/ffmdec: Check media type for chunks
- avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()
- avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c
- avformat/oggparsespeex: Check frames_per_packet and packet_size
- avformat/utils: Check start/end before computing duration in 
update_stream_timings()
- avcodec/flac_parser: Update nb_headers_buffered
- avformat/idroqdec: Check chunk_size for being too large
- filmstripdec: correctly check image dimensions
- mss2: only use error correction for matching block counts
- softfloat: decrease MIN_EXP to cover full float range
- libopusdec: default to stereo for invalid number of channels
- sbgdec: prevent NULL pointer access
- smacker: limit recursion depth of smacker_decode_bigtree
- mxfdec: fix NULL pointer dereference in mxf_read_packet_old
- libschroedingerdec: fix leaking of framewithpts
- libschroedingerdec: don't produce empty frames
- softfloat: handle -INT_MAX correctly
- pnmdec: make sure v is capped by maxval
- smvjpegdec: make sure cur_frame is not negative
- icodec: correctly check avio_read return value
- icodec: fix leaking pkt on error
- dvbsubdec: fix division by zero in compute_default_clut
- proresdec_lgpl: explicitly check coff[3] against slice_data_size
- escape124: reject codebook size 0
- mpegts: prevent division by zero
- matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header
- mpegaudio_parser: don't return AVERROR_PATCHWELCOME
- mxfdec: fix NULL pointer dereference
- diracdec: check return code of get_buffer_with_edge
- ppc: pixblockdsp: do unaligned block accesses correctly again
- mpeg12dec: unref discarded picture from extradata
- cavsdec: unref frame before referencing again
- avformat: prevent triggering request_probe assert in ff_read_packet
- avformat/mpeg: Adjust vid probe threshold to correct mis-detection
- avcodec/rv40: Test remaining space in loop of get_dimension()
- avcodec/ituh263dec: Avoid spending a long time in slice sync
- avcodec/movtextdec: Add error message for tsmb_size check
- avcodec/movtextdec: Fix tsmb_size check==0 check
- avcodec/movtextdec: Fix potential integer overflow
- avcodec/sunrast: Fix input buffer pointer check
- avcodec/tscc:  Check side data size before use
- avcodec/rawdec: Check side data size before use
- avcodec/msvideo1: Check side data size before use
- avcodec/qpeg:  Check side data size before use
- avcodec/qtrle:  Check side data size before use
- avcodec/msrle:  Check side data size before use
- avcodec/kmvc:  Check side data size before use
- avcodec/idcinvideo: Check side data size before use
- avcodec/cinepak: Check side data size before use
- avcodec/8bps: Check side data size before use
- avcodec/dvdsubdec: Fix off by 1 error
- avcodec/dvdsubdec: Fix buf_size check
- vp9: change order of operations in adapt_prob().
- avcodec/interplayvideo: Check side data size before use
- avformat/mxfdec: Check size to avoid integer overflow in 
mxf_read_utf16_string()
- avcodec/mpegvideo_enc: Clear mmx state in ff_mpv_reallocate_putbitbuffer()
- avcodec/utils: Clear MMX state before returning from 
avcodec_default_execute*()
- cmdutils: fix typos
- lavfi: fix typos
- lavc: fix typos
- tools: fix grammar error
- avutil/mips/generic_macros_msa: rename macro variable which causes segfault 
for mips r6
- videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations.
- avformat/avidec: Check nb_streams in read_gab2_sub()
- avformat/avidec: Remove ancient assert
- lavc/movtextdec.c: Avoid infinite loop on invalid data.
- avcodec/ansi: Check dimensions
- avcodec/cavsdsp: use av_clip_uint8() for idct

** Affects: ffmpeg (Ubuntu)
 Importance: Undecided
 Status: New

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647226

Title:
  FFmpeg security fixes December 2016

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1647226/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1642901] Re: ffmpeg dependent on libSDL-1.2.so.0 instead libsdl2-2.0-0

2016-11-18 Thread Andreas Cadhalpun
I've just verified that ffmpeg 3.2-2 from zesty starts fine after installation 
in a minimal chroot.
Your problem is caused by third-party libraries.
To identify the problematic one, try running the following command:
$ for lib in $(ldd /usr/bin/ffmpeg | sed 's/.*=> \(.*\) (.*/\1/'); do [ -e 
"$lib" ] && ldd "$lib" | grep libSDL && echo "$lib"; done
libSDL2-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0 
(0x7f2c0db1e000)
/usr/lib/x86_64-linux-gnu/libavdevice.so.57

As you can see, there is no libSDL1.2 here thus I'm closing this bug as
invalid.

** Changed in: ffmpeg (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1642901

Title:
  ffmpeg dependent on libSDL-1.2.so.0 instead libsdl2-2.0-0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1642901/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1572167] Re: package libavcodec-ffmpeg-extra56:amd64 7:2.7.6-0ubuntu0.15.10.1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting co

2016-11-06 Thread Andreas Cadhalpun
This looks like another problem in software-center/aptdaemon, similar to
#1509169 and #1511571. Thus I'm reassinging the bug.

** Package changed: ffmpeg (Ubuntu) => aptdaemon (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1572167

Title:
  package libavcodec-ffmpeg-extra56:amd64 7:2.7.6-0ubuntu0.15.10.1
  failed to install/upgrade: package is in a very bad inconsistent
  state; you should  reinstall it before attempting configuration

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1572167/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1583166] Re: problem with downloading and installing Ubuntu Restricted Extras

2016-11-06 Thread Andreas Cadhalpun
*** This bug is a duplicate of bug 1511571 ***
https://bugs.launchpad.net/bugs/1511571

** This bug has been marked a duplicate of bug 1511571
   package libavcodec-ffmpeg56 (not installed) failed to install/upgrade: 
conflicting packages - not installing libavcodec-ffmpeg56:amd64

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1583166

Title:
  problem with downloading and installing Ubuntu Restricted Extras

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1583166/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1626220] Re: please remove openjpeg

2016-11-06 Thread Andreas Cadhalpun
ffmpeg was synced from Debian, so it uses openjpeg2 now also in Ubuntu.

** Changed in: ffmpeg (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1626220

Title:
  please remove openjpeg

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/calligra/+bug/1626220/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1628595] Re: libavcodec & friends versions outdated

2016-11-06 Thread Andreas Cadhalpun
A new ffmpeg version was synced from Debian, so this bug can be closed.

** Changed in: ffmpeg (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1628595

Title:
  libavcodec & friends versions outdated

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1628595/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1635443] Re: Sync ffmpeg 7:3.1.4-1 (universe) from Debian unstable (main)

2016-10-22 Thread Andreas Cadhalpun
Sorry about that. I mistakenly thought this fix was included in 3.1, but
it was only committed a few days after that was released.

I've cherry-picked it for the next Debian release.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635443

Title:
  Sync ffmpeg 7:3.1.4-1 (universe) from Debian unstable (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1635443/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1635443] [NEW] Sync ffmpeg 7:3.1.4-1 (universe) from Debian unstable (main)

2016-10-20 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

Please sync ffmpeg 7:3.1.4-1 (universe) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * 
debian/patches/0001-tests-checkasm-pixblockdsp-Test-8-byte-aligned-posit.patch:
Cherry-pick patch from upstream to fix tests on armhf (on arm64, as our
builders are) (LP: #1612058).
  * Resynchronise with Debian.  Remaining changes:
- Compile with -O2 rather than -O3 on s390x, to work around
  https://bugs.launchpad.net/bugs/1526324.

Both patches can be dropped:
 * The checkasm fix was cherry-picked from upstream and is included
   in the new release.
 * The s390x workaround should no longer be necessary since gcc-6 is the 
   default compiler, because the bug only affects gcc-5.

In the new upstream versions the following CVEs were fixed:
 * CVE-2016-6164 (in 3.1.1)
 * CVE-2016-6671 (in 3.1.2)
 * CVE-2016-6920 and CVE-2016-6881 (in 3.1.3)
 * CVE-2016-7122, CVE-2016-7450, CVE-2016-7502, CVE-2016-7555,
   CVE-2016-7562, CVE-2016-7785 and CVE-2016-7905 (in 3.1.4)

This would also fix LP: #1626220 and LP: #1628595.

Changelog entries since current zesty version 7:3.0.2-1ubuntu3:

ffmpeg (7:3.1.4-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * Disable librtmp support, because the built-in RTMP support is better.

  [ Andreas Cadhalpun ]
  * Import new upstream bugfix release 3.1.4.
 - Fixes CVE-2016-7122, CVE-2016-7450, CVE-2016-7502, CVE-2016-7555,
   CVE-2016-7562, CVE-2016-7785 and CVE-2016-7905. (Closes: #840434)
  * Fix typos.
  * Replace libopencv-dev build-dependency with libopencv-imgproc-dev.
  * Improve build-time optimization for libavfilter-extra.
  * Mention sofalizer in libavfilter-extra6 description.
  * Remove redundant nocheck test.
  * Add libopenjpegenc-recreate-image-data-buffer.patch to fix autopkg
test crashes.
  * Let the encdec test print the command before executing it.
  * Update encdec*_list.txt.
  * Re-enable the libopenjpeg decoder.
  * Enable libzmq on hurd, as it is now available there.
  * Use 'set -e' to abort build on configure failure.
  * Only set CC/CXX if they differ from the default.
  * Set configure options for cross-building.

 -- Andreas Cadhalpun <andreas.cadhal...@googlemail.com>  Tue, 11 Oct
2016 21:17:10 +0200

ffmpeg (7:3.1.3-2) unstable; urgency=medium

  * Team upload.

  [ Balint Reczey ]
  * Enable OCR using Tesseract in libavfilter-extra* (Closes: 822555)

  [ Sebastian Ramacher ]
  * debian/libavcodec*.lintian-overrides: Remove unused lintian override.
  * debian/rules:
- Enable all hardening options except pie.
- Apply the same optimization for libavfilter extra flavor.
  * debian/{control,rules}: Build libavfilter extra flavor with --enable-netcdf.

 -- Sebastian Ramacher <sramac...@debian.org>  Wed, 28 Sep 2016 21:42:19
+0200

ffmpeg (7:3.1.3-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/{rules,*.symbols}: Remove symbol files and generate tighter
dependencies using a dh_makeshlibs override. (Closes: #835645)
  * debian/copyright: Fix dep5-copyright-license-name-not-unique.

 -- Sebastian Ramacher <sramac...@debian.org>  Sun, 28 Aug 2016 12:12:44
+0200

ffmpeg (7:3.1.2-1) unstable; urgency=medium

  * New upstream release.
  * debian/patches:
- fix-vaapi-default-values.patch: Removed, applied upstream.
- Revert-configure-Enable-GCC-vectorization-on-4.9-on-.patch: Removed,
  included upstream.

 -- Sebastian Ramacher <sramac...@debian.org>  Wed, 10 Aug 2016 20:42:29
+0200

ffmpeg (7:3.1.1-4) unstable; urgency=high

  * debian/control:
- Remove obsolete Conflicts.
- Remove obsolete Breaks against dmo packages.
  * debian/patches/fix-vaapi-default-values.patch: Use local independent
default values. Thanks to Carl Eugen Hoyos. (Closes: #831529)

 -- Sebastian Ramacher <sramac...@debian.org>  Wed, 03 Aug 2016 15:16:59
+0200

ffmpeg (7:3.1.1-3) unstable; urgency=medium

  [ James Clarke ]
  * debian/rules: Re-enable x264 on sparc64 as the linker has been fixed.
(Closes: #831582)

  [ Sebastian Ramacher ]
  * debian/patches/Revert-configure-Enable-GCC-vectorization-on-4.9-on-.patch:
Apply upstream patch to disable GCC vectorization.

 -- Sebastian Ramacher <sramac...@debian.org>  Thu, 21 Jul 2016 20:26:12
+0200

ffmpeg (7:3.1.1-2) unstable; urgency=medium

  * Team upload.

  [ Aurelien Jarno ]
  * debian/rules: Fix FTBFS on mips64el by adding --disable-mips64r6. (Closes:
#830868)

 -- Sebastian Ramacher <sramac...@debian.org>  Tue, 12 Jul 2016 16:38:52
+0200

ffmpeg (7:3.1.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/rules:
- Really build with opencv everywhere. (Closes: #827868)
- Remove obsolete comments.
- Build with --enable-libebur128.
  * debian/patches
- lavf-mpegts-Return-small-probe-score-for-very-short-.patch: Removed,
  include

[Bug 1581156] Re: Update to bugfix release 2.8.8 in Xenial

2016-10-15 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a xenial chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/pkg-
multimedia/ffmpeg.git/log/?h=xenial

** Patch added: "debdiff for 2.8.8"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1581156/+attachment/4761570/+files/ffmpeg_2.8.8.debdiff

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6164

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6881

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581156

Title:
  Update to bugfix release 2.8.8 in Xenial

To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1581156/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1541622] [NEW] FFmpeg security fixes February 2016

2016-02-03 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 2.7.6 fixing a number of crashes and other potentially security
relevant issues (including CVE-2016-2213) was released.

>From the upstream Changelog:

version 2.7.6
- avcodec/jpeg2000dec: More completely check cdef
- avutil/opt: check for and handle errors in av_opt_set_dict2()
- avcodec/flacenc: fix calculation of bits required in case of custom sample 
rate
- avformat: Document urls a bit
- avformat/libquvi: Set default demuxer and protocol limitations
- avformat/concat: Check protocol prefix
- doc/demuxers: Document enable_drefs and use_absolute_path
- avcodec/mjpegdec: Check for end for both bytes in unescaping
- avcodec/mpegvideo_enc: Check for integer overflow in 
ff_mpv_reallocate_putbitbuffer()
- avformat/avformat: Replace some references to filenames by urls
- avcodec/wmaenc: Check ff_wma_init() for failure
- avcodec/mpeg12enc: Move high resolution thread check to before initializing 
threads
- avformat/img2dec: Use AVOpenCallback
- avformat/avio: Limit url option parsing to the documented cases
- avformat/img2dec: do not interpret the filename by default if a IO context 
has been opened
- avcodec/ass_split: Fix null pointer dereference in ff_ass_style_get()
- mov: Add an option to toggle dref opening
- avcodec/gif: Fix lzw buffer size
- avcodec/put_bits: Assert buf_ptr in flush_put_bits()
- avcodec/tiff: Check subsample & rps values more completely
- swscale/swscale: Add some sanity checks for srcSlice* parameters
- swscale/x86/rgb2rgb_template: Fix planar2x() for short width
- swscale/swscale_unscaled: Fix odd height inputs for bayer_to_yv12_wrapper()
- swscale/swscale_unscaled: Fix odd height inputs for bayer_to_rgb24_wrapper()
- avcodec/aacenc: Check both channels for finiteness
- swscale/swscale-test: Fix slice height in random reference data creation.
- dca: fix misaligned access in avpriv_dca_convert_bitstream
- brstm: fix missing closing brace
- brstm: also allocate b->table in read_packet
- brstm: make sure an ADPC chunk was read for adpcm_thp
- vorbisdec: reject rangebits 0 with non-0 partitions
- vorbisdec: reject channel mapping with less than two channels
- ffmdec: reset packet_end in case of failure
- avformat/ipmovie: put video decoding_map_size into packet and use it in 
decoder

** Affects: ffmpeg (Ubuntu)
 Importance: Undecided
 Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1541622

Title:
   FFmpeg security fixes February 2016

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1541622/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1541622] Re: FFmpeg security fixes February 2016

2016-02-03 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a wily chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/pkg-multimedia/ffmpeg.git/log/?h=wily

** Patch added: "debdiff for 2.7.6"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1541622/+attachment/4563274/+files/ffmpeg_2.7.6.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1541622

Title:
   FFmpeg security fixes February 2016

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1541622/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1541622] Re: FFmpeg security fixes February 2016

2016-02-03 Thread Andreas Cadhalpun
As I understand it vivid will be EOL'ed tomorrow, so I don't think it'll need 
an update for this.
However, I could prepare a debdiff for 2.5.11 if that would be useful.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1541622

Title:
   FFmpeg security fixes February 2016

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1541622/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1533367] Re: ffmpeg allows Server-Side Request Forgery attack

2016-01-19 Thread Andreas Cadhalpun
Filipp, if an issue is fixed in libavformat it doesn't affect programs
using this dynamic library  (like mplayer) anymore, once they have been
restarted after libavformat has been upgraded.

To fix this issue in xenial, 2.8.5-1 needs to be merged from
Debian/unstable.

Attached is a debdiff for vivid. (git repo is at [1])

Testing performed (in a vivid chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * no regression in the autopkgtests from 2.8.5-1

>From the upstream Changelog:

version 2.5.10
- configure: bump copyright year to 2016
- avformat/hls: Even stricter URL checks
- avformat/hls: More strict url checks
- swscale/utils: Detect and skip unneeded sws_setColorspaceDetails() calls
- swscale/yuv2rgb: Increase YUV2RGB table headroom
- swscale/yuv2rgb: Factor YUVRGB_TABLE_LUMA_HEADROOM out
- avformat/hls: forbid all protocols except http(s) & file
- avformat/aviobuf: Fix end check in put_str16()
- avformat/asfenc: Check pts
- avcodec/mpeg4video: Check time_incr
- avcodec/wavpackenc: Check the number of channels
- avcodec/wavpackenc: Headers are per channel
- avcodec/dvdec: Fix "left shift of negative value -254"
- avcodec/mjpegdec: Fix negative shift
- avcodec/mss2: Check for repeat overflow
- avformat: Add integer fps from 31 to 60 to get_std_framerate()
- avcodec/mpegvideo_enc: Clip bits_per_raw_sample within valid range
- avfilter/vf_scale: set proper out frame color range
- avcodec/motion_est: Fix mv_penalty table size
- avcodec/h264_slice: Fix integer overflow in implicit weight computation
- swscale/utils: Use normal bilinear scaler if fast cannot be used due to tiny 
dimensions
- avcodec/put_bits: Always check buffer end before writing
- mjpegdec: extend check for incompatible values of s->rgb and s->ls
- swscale/utils: Fix intermediate format for cascaded alpha downscaling
- avcodec/h264_refs: Fix long_idx check
- avfilter/vf_mpdecimate: Add missing emms_c()
- avformat/mxfenc: Do not crash if there is no packet in the first stream
- avformat/utils: estimate_timings_from_pts - increase retry counter, fixes 
invalid duration for ts files with hevc codec
- avformat/matroskaenc: Check codecdelay before use
- avutil/mathematics: Fix division by 0
- x86/float_dsp: zero extend offset from ff_scalarproduct_float_sse
- avcodec/mpeg4videodec: also for empty partitioned slices
- nuv: sanitize negative fps rate
- rawdec: only exempt BIT0 with need_copy from buffer sanity check
- mlvdec: check that index_entries exist
- nutdec: reject negative value_len in read_sm_data
- xwddec: prevent overflow of lsize * avctx->height
- nutdec: only copy the header if it exists
- exr: fix out of bounds read in get_code
- on2avc: limit number of bits to 30 in get_egolomb
- sonic: make sure num_taps * channels is not larger than frame_size
- opus_silk: fix typo causing overflow in silk_stabilize_lsf
- ffm: reject invalid codec_id and codec_type
- aaccoder: prevent crash of anmr coder
- ffmdec: reject zero-sized chunks
- swscale/x86/rgb2rgb_template: Fallback to mmx in interleaveBytes() if the 
alignment is insufficient for SSE*
- swscale/x86/rgb2rgb_template: Do not crash on misaligend stride

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=vivid

** Patch added: "debdiff for 2.5.10"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1533367/+attachment/4553060/+files/ffmpeg_2.5.10.diff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1533367

Title:
  ffmpeg allows Server-Side Request Forgery attack

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1533367/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1533367] Re: ffmpeg allows Server-Side Request Forgery attack

2016-01-15 Thread Andreas Cadhalpun
CVE-2016-1897 (concat) and CVE-2016-1898 (subfile) were assigned to this
bug, which (among other potentially security relevant issues) is fixed
in FFmpeg 2.7.5 (the lines below starting with avformat/hls refer to
this bug).

Attached is a debdiff. (git repo is at [1])

Testing performed (in a wily chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

>From the upstream Changelog:

version 2.7.5
- configure: bump copyright year to 2016
- avformat/hls: Even stricter URL checks
- avformat/hls: More strict url checks
- swscale/utils: Detect and skip unneeded sws_setColorspaceDetails() calls
- swscale/yuv2rgb: Increase YUV2RGB table headroom
- swscale/yuv2rgb: Factor YUVRGB_TABLE_LUMA_HEADROOM out
- avformat/hls: forbid all protocols except http(s) & file
- avformat/aviobuf: Fix end check in put_str16()
- avformat/asfenc: Check pts
- avcodec/mpeg4video: Check time_incr
- avcodec/wavpackenc: Check the number of channels
- avcodec/wavpackenc: Headers are per channel
- avcodec/aacdec_template: Check id_map
- avcodec/dvdec: Fix "left shift of negative value -254"
- avcodec/mjpegdec: Fix negative shift
- avcodec/mss2: Check for repeat overflow
- avformat: Add integer fps from 31 to 60 to get_std_framerate()
- avcodec/mpegvideo_enc: Clip bits_per_raw_sample within valid range
- avfilter/vf_scale: set proper out frame color range
- avcodec/motion_est: Fix mv_penalty table size
- avcodec/h264_slice: Fix integer overflow in implicit weight computation
- swscale/utils: Use normal bilinear scaler if fast cannot be used due to tiny 
dimensions
- avcodec/put_bits: Always check buffer end before writing
- mjpegdec: extend check for incompatible values of s->rgb and s->ls
- swscale/utils: Fix intermediate format for cascaded alpha downscaling
- x86/float_dsp: zero extend offset from ff_scalarproduct_float_sse
- avfilter/vf_zoompan: do not free frame we pushed to lavfi


1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=wily

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1897

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1898

** Patch added: "debdiff for 2.7.5"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1533367/+attachment/4550765/+files/ffmpeg_2.7.5.diff

** Changed in: ffmpeg (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1533367

Title:
  ffmpeg allows Server-Side Request Forgery attack

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1533367/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1528682] Re: FFmpeg security fixes December 2015 II

2015-12-27 Thread Andreas Cadhalpun
A few more CVEs were assigned to fixes in this update:
CVE-2015-8661, CVE-2015-8662 and CVE-2015-8663

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8661

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8662

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8663

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528682

Title:
  FFmpeg security fixes December 2015 II

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1528682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1528682] Re: FFmpeg security fixes December 2015 II

2015-12-22 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a wily chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=wily

** Patch added: "debdiff for 2.7.4"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1528682/+attachment/4539179/+files/ffmpeg_2.7.4.diff

** Description changed:

- Fmpeg 2.7.4 fixing a number of crashes and other potentially security
+ FFmpeg 2.7.4 fixing a number of crashes and other potentially security
  relevant issues (including CVE-2015-6761) was released.
  
  From the upstream Changelog:
  
  version 2.7.4
  - nuv: sanitize negative fps rate
  - rawdec: only exempt BIT0 with need_copy from buffer sanity check
  - mlvdec: check that index_entries exist
  - nutdec: reject negative value_len in read_sm_data
  - xwddec: prevent overflow of lsize * avctx->height
  - nutdec: only copy the header if it exists
  - exr: fix out of bounds read in get_code
  - on2avc: limit number of bits to 30 in get_egolomb
  - avcodec/mpeg4videodec: also for empty partitioned slices
  - avcodec/h264_refs: Fix long_idx check
  - avcodec/h264_mc_template: prefetch list1 only if it is used in the MB
  - avcodec/h264_slice: Simplify ref2frm indexing
  - Revert "avcodec/aarch64/neon.S: Update neon.s for transpose_4x4H"
  - avfilter/vf_mpdecimate: Add missing emms_c()
  - sonic: make sure num_taps * channels is not larger than frame_size
  - opus_silk: fix typo causing overflow in silk_stabilize_lsf
  - ffm: reject invalid codec_id and codec_type
  - golomb: always check for invalid UE golomb codes in get_ue_golomb
  - aaccoder: prevent crash of anmr coder
  - ffmdec: reject zero-sized chunks
  - swscale/x86/rgb2rgb_template: Fallback to mmx in interleaveBytes() if the 
alignment is insufficient for SSE*
  - swscale/x86/rgb2rgb_template: Do not crash on misaligend stride
  - avformat/mxfenc: Do not crash if there is no packet in the first stream
  - avcodec/aarch64/neon.S: Update neon.s for transpose_4x4H
  - avformat/utils: estimate_timings_from_pts - increase retry counter, fixes 
invalid duration for ts files with hevc codec
  - avformat/matroskaenc: Check codecdelay before use
  - avutil/mathematics: Fix division by 0
  - mjpegdec: consider chroma subsampling in size check
  - avcodec/hevc: Check max ctb addresses for WPP
  - avcodec/vp3: ensure header is parsed successfully before tables
  - avcodec/jpeg2000dec: Check bpno in decode_cblk()
  - avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented 
in type int
  - swscale/utils: Fix for runtime error: left shift of negative value -1
  - avcodec/hevc: Fix integer overflow of entry_point_offset
  - avcodec/dirac_parser: Check that there is a previous PU before accessing it
  - avcodec/dirac_parser: Add basic validity checks for next_pu_offset and 
prev_pu_offset
  - avcodec/dirac_parser: Fix potential overflows in pointer checks
  - avcodec/wmaprodec: Check bits per sample to be within the range not causing 
integer overflows
  - avcodec/wmaprodec: Fix overflow of cutoff
  - avformat/smacker: fix integer overflow with pts_inc
  - avcodec/vp3: Fix "runtime error: left shift of negative value"
  - mpegencts: Fix overflow in cbr mode period calculations
  - avutil/timecode: Fix fps check
  - avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from 
av_rescale_rnd() for overflows
  - avcodec/apedec: Check length in long_filter_high_3800()
  - avcodec/vp3: always set pix_fmt in theora_decode_header()
  - avcodec/mpeg4videodec: Check available data before reading custom matrix
  - avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
  - avutil/integer: Fix av_mod_i() with negative dividend
  - avformat/dump: Fix integer overflow in av_dump_format()
  - avcodec/h264_refs: Check that long references match before use
  - avcodec/utils: Clear dimensions in ff_get_buffer() on failure
  - avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()
  - avcodec/vp3: Clear context on reinitialization failure
  - avcodec/hevc: allocate entries unconditionally
  - avcodec/hevc_cabac: Fix multiple integer overflows
  - avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()
  - avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
  - avcodec/hevc: Check entry_point_offsets
  - avcodec/cabac: Check initial cabac decoder state
  - avcodec/cabac_functions: Fix "left shift of negative value -31767"
  - avcodec/h264_slice: Limit max_contexts when slice_context_count is 
initialized
  - avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup
  - avcodec/ffv1dec: Clear quant_table_count if its invalid
  - avcodec/ffv1dec: Print an error if the quant table count is invalid
  - doc/filters/drawtext: fix centering example
  - hqx: correct type and size check of info_offset
  - mxfdec: check edit_rate also for physical_track
  - mpegvideo: clear 

[Bug 1528682] [NEW] FFmpeg security fixes December 2015 II

2015-12-22 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

Fmpeg 2.7.4 fixing a number of crashes and other potentially security
relevant issues (including CVE-2015-6761) was released.

>From the upstream Changelog:

version 2.7.4
- nuv: sanitize negative fps rate
- rawdec: only exempt BIT0 with need_copy from buffer sanity check
- mlvdec: check that index_entries exist
- nutdec: reject negative value_len in read_sm_data
- xwddec: prevent overflow of lsize * avctx->height
- nutdec: only copy the header if it exists
- exr: fix out of bounds read in get_code
- on2avc: limit number of bits to 30 in get_egolomb
- avcodec/mpeg4videodec: also for empty partitioned slices
- avcodec/h264_refs: Fix long_idx check
- avcodec/h264_mc_template: prefetch list1 only if it is used in the MB
- avcodec/h264_slice: Simplify ref2frm indexing
- Revert "avcodec/aarch64/neon.S: Update neon.s for transpose_4x4H"
- avfilter/vf_mpdecimate: Add missing emms_c()
- sonic: make sure num_taps * channels is not larger than frame_size
- opus_silk: fix typo causing overflow in silk_stabilize_lsf
- ffm: reject invalid codec_id and codec_type
- golomb: always check for invalid UE golomb codes in get_ue_golomb
- aaccoder: prevent crash of anmr coder
- ffmdec: reject zero-sized chunks
- swscale/x86/rgb2rgb_template: Fallback to mmx in interleaveBytes() if the 
alignment is insufficient for SSE*
- swscale/x86/rgb2rgb_template: Do not crash on misaligend stride
- avformat/mxfenc: Do not crash if there is no packet in the first stream
- avcodec/aarch64/neon.S: Update neon.s for transpose_4x4H
- avformat/utils: estimate_timings_from_pts - increase retry counter, fixes 
invalid duration for ts files with hevc codec
- avformat/matroskaenc: Check codecdelay before use
- avutil/mathematics: Fix division by 0
- mjpegdec: consider chroma subsampling in size check
- avcodec/hevc: Check max ctb addresses for WPP
- avcodec/vp3: ensure header is parsed successfully before tables
- avcodec/jpeg2000dec: Check bpno in decode_cblk()
- avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented 
in type int
- swscale/utils: Fix for runtime error: left shift of negative value -1
- avcodec/hevc: Fix integer overflow of entry_point_offset
- avcodec/dirac_parser: Check that there is a previous PU before accessing it
- avcodec/dirac_parser: Add basic validity checks for next_pu_offset and 
prev_pu_offset
- avcodec/dirac_parser: Fix potential overflows in pointer checks
- avcodec/wmaprodec: Check bits per sample to be within the range not causing 
integer overflows
- avcodec/wmaprodec: Fix overflow of cutoff
- avformat/smacker: fix integer overflow with pts_inc
- avcodec/vp3: Fix "runtime error: left shift of negative value"
- mpegencts: Fix overflow in cbr mode period calculations
- avutil/timecode: Fix fps check
- avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() 
for overflows
- avcodec/apedec: Check length in long_filter_high_3800()
- avcodec/vp3: always set pix_fmt in theora_decode_header()
- avcodec/mpeg4videodec: Check available data before reading custom matrix
- avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
- avutil/integer: Fix av_mod_i() with negative dividend
- avformat/dump: Fix integer overflow in av_dump_format()
- avcodec/h264_refs: Check that long references match before use
- avcodec/utils: Clear dimensions in ff_get_buffer() on failure
- avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()
- avcodec/vp3: Clear context on reinitialization failure
- avcodec/hevc: allocate entries unconditionally
- avcodec/hevc_cabac: Fix multiple integer overflows
- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()
- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
- avcodec/hevc: Check entry_point_offsets
- avcodec/cabac: Check initial cabac decoder state
- avcodec/cabac_functions: Fix "left shift of negative value -31767"
- avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized
- avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup
- avcodec/ffv1dec: Clear quant_table_count if its invalid
- avcodec/ffv1dec: Print an error if the quant table count is invalid
- doc/filters/drawtext: fix centering example
- hqx: correct type and size check of info_offset
- mxfdec: check edit_rate also for physical_track
- mpegvideo: clear overread in clear_context
- dvdsubdec: validate offset2 similar to offset1
- aacdec: don't return frames without data from aac_decode_er_frame
- avcodec/takdec: Use memove, avoid undefined memcpy() use
- riffdec: prevent negative bit rate

** Affects: ffmpeg (Ubuntu)
 Importance: Undecided
 Status: New

** Information type changed from Private Security to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-6761

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

[Bug 1523692] [NEW] FFmpeg security fixes December 2015

2015-12-07 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 2.5.9 fixing a number of crashes and other potentially security relevant 
issues (including CVE-2015-6761, CVE-2015-8216, CVE-2015-8219, CVE-2015-8363, 
CVE-2015-8364 and CVE-2015-8365) was released.
>From the upstream Changelog:

version 2.5.9
- avcodec/hevc: Check max ctb addresses for WPP
- avcodec/vp3: ensure header is parsed successfully before tables
- avcodec/jpeg2000dec: Check bpno in decode_cblk()
- avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented 
in type int
- swscale/utils: Fix for runtime error: left shift of negative value -1
- avcodec/hevc: Fix integer overflow of entry_point_offset
- avcodec/dirac_parser: Check that there is a previous PU before accessing it
- avcodec/dirac_parser: Add basic validity checks for next_pu_offset and 
prev_pu_offset
- avcodec/dirac_parser: Fix potential overflows in pointer checks
- avcodec/wmaprodec: Check bits per sample to be within the range not causing 
integer overflows
- avcodec/wmaprodec: Fix overflow of cutoff
- avformat/smacker: fix integer overflow with pts_inc
- avcodec/vp3: Fix "runtime error: left shift of negative value"
- mpegencts: Fix overflow in cbr mode period calculations
- avutil/timecode: Fix fps check
- avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() 
for overflows
- avcodec/apedec: Check length in long_filter_high_3800()
- avcodec/vp3: always set pix_fmt in theora_decode_header()
- avcodec/mpeg4videodec: Check available data before reading custom matrix
- avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
- avutil/integer: Fix av_mod_i() with negative dividend
- avformat/dump: Fix integer overflow in av_dump_format()
- avcodec/utils: Clear dimensions in ff_get_buffer() on failure
- avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()
- avcodec/vp3: Clear context on reinitialization failure
- avcodec/hevc: allocate entries unconditionally
- avcodec/hevc_cabac: Fix multiple integer overflows
- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()
- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
- avcodec/hevc: Check entry_point_offsets
- avcodec/cabac: Check initial cabac decoder state
- avcodec/cabac_functions: Fix "left shift of negative value -31767"
- avcodec/ffv1dec: Clear quant_table_count if its invalid
- avcodec/ffv1dec: Print an error if the quant table count is invalid
- doc/filters/drawtext: fix centering example
- avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized
- avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup
- rtmpcrypt: Do the xtea decryption in little endian mode
- avformat/matroskadec: Check subtitle stream before dereferencing
- avformat/utils: Do not init parser if probing is unfinished
- avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions
- avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range
- avcodec/jpeg2000: Check comp coords to be within the supported size
- avcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()
- avcodec/wmaprodec: Check for overread in decode_packet()
- avcodec/smacker: Check that the data size is a multiple of a sample vector
- avcodec/takdec: Skip last p2 sample (which is unused)
- avcodec/dxtory: Fix input size check in dxtory_decode_v1_410()
- avcodec/dxtory: Fix input size check in dxtory_decode_v1_420()
- avcodec/error_resilience: avoid accessing previous or next frames tables 
beyond height
- avcodec/dpx: Move need_align to act per line
- avcodec/flashsv: Check size before updating it
- avcodec/ivi: Check image dimensions
- avcodec/utils: Better check for channels in av_get_audio_frame_duration()
- avcodec/jpeg2000dec: Check for duplicate SIZ marker
- avcodec/jpeg2000dec: Clip all tile coordinates
- avcodec/microdvddec: Check for string end in 'P' case
- avcodec/dirac_parser: Fix undefined memcpy() use
- avformat/xmv: Discard remainder of packet on error
- avformat/xmv: factor return check out of if/else
- libavutil/channel_layout: Check strtol*() for failure
- avcodec/ffv1dec: Check for 0 quant tables
- avcodec/mjpegdec: Reinitialize IDCT on BPP changes
- avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
- avutil/file_open: avoid file handle inheritance on Windows
- opusdec: Don't run vector_fmul_scalar on zero length arrays
- avcodec/ffv1: Initialize vlc_state on allocation
- avcodec/ffv1dec: update progress in case of broken pointer chains
- avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header 
decoding fails for other reasons
- avformat/httpauth: Add space after commas in HTTP/RTSP auth header
- avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise
- avcodec/ffv1dec: Fix off by 1 error in quant_table_count check
- avcodec/ffv1dec: Explicitly check read_quant_table() return value
- avcodec/rangecoder: 

[Bug 1523692] Re: FFmpeg security fixes December 2015

2015-12-07 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a vivid chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * no regressions in the autopkgtests from 2.8.3-1

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=vivid

** Patch added: "debdiff for 2.5.9"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1523692/+attachment/4531184/+files/ffmpeg_2.5.9.diff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1523692

Title:
   FFmpeg security fixes December 2015

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1523692/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1522823] Re: package libavcodec-ffmpeg56 (not installed) failed to install/upgrade: conflicting packages - not installing libavcodec-ffmpeg56:amd64

2015-12-04 Thread Andreas Cadhalpun
*** This bug is a duplicate of bug 1511571 ***
https://bugs.launchpad.net/bugs/1511571

** This bug has been marked a duplicate of bug 1511571
   package libavcodec-ffmpeg56 (not installed) failed to install/upgrade: 
conflicting packages - not installing libavcodec-ffmpeg56:amd64

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1522823

Title:
  package libavcodec-ffmpeg56 (not installed) failed to install/upgrade:
  conflicting packages - not installing libavcodec-ffmpeg56:amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1522823/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1518549] [NEW] FFmpeg security fixes November 2015

2015-11-21 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 2.7.3 fixing a number of crashes and other potentially security
relevant issues (including CVE-2015-8216, CVE-2015-8217 and
CVE-2015-8219) was released.

>From the upstream Changelog:

version 2.7.3:
- rtmpcrypt: Do the xtea decryption in little endian mode
- Update versions for 2.7.3
- avformat/matroskadec: Check subtitle stream before dereferencing
- avformat/utils: Do not init parser if probing is unfinished
- avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions
- avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range
- avcodec/jpeg2000: Check comp coords to be within the supported size
- avcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()
- avcodec/wmaprodec: Check for overread in decode_packet()
- avcodec/smacker: Check that the data size is a multiple of a sample vector
- avcodec/takdec: Skip last p2 sample (which is unused)
- avcodec/dxtory: Fix input size check in dxtory_decode_v1_410()
- avcodec/dxtory: Fix input size check in dxtory_decode_v1_420()
- avcodec/error_resilience: avoid accessing previous or next frames tables 
beyond height
- avcodec/dpx: Move need_align to act per line
- avcodec/flashsv: Check size before updating it
- avcodec/ivi: Check image dimensions
- avcodec/utils: Better check for channels in av_get_audio_frame_duration()
- avcodec/jpeg2000dec: Check for duplicate SIZ marker
- tests/fate/avformat: Fix fate-lavf
- doc/ffmpeg: Clarify that the sdp_file option requires an rtp output.
- ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format.
- apng: use correct size for output buffer
- jvdec: avoid unsigned overflow in comparison
- avcodec/hevc_ps: Check chroma_format_idc
- avcodec/jpeg2000dec: Clip all tile coordinates
- avcodec/microdvddec: Check for string end in 'P' case
- avcodec/dirac_parser: Fix undefined memcpy() use
- avformat/xmv: Discard remainder of packet on error
- avformat/xmv: factor return check out of if/else
- avcodec/mpeg12dec: Do not call show_bits() with invalid bits
- libavutil/channel_layout: Check strtol*() for failure
- avcodec/ffv1dec: Check for 0 quant tables
- avcodec/mjpegdec: Reinitialize IDCT on BPP changes
- avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
- avutil/file_open: avoid file handle inheritance on Windows
- avcodec/h264_slice: Disable slice threads if there are multiple access units 
in a packet
- opusdec: Don't run vector_fmul_scalar on zero length arrays
- avcodec/ffv1: Initialize vlc_state on allocation
- avcodec/ffv1dec: update progress in case of broken pointer chains
- avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header 
decoding fails for other reasons
- avformat/httpauth: Add space after commas in HTTP/RTSP auth header
- avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise
- avcodec/ffv1dec: Fix off by 1 error in quant_table_count check
- avcodec/ffv1dec: Explicitly check read_quant_table() return value
- avcodec/rangecoder: Check e
- avutil/log: fix zero length gnu_printf format string warning
- lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.
- avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG
- avfilter/af_asyncts: use llabs for int64_t
- avcodec/g2meet: Also clear tile dimensions on header_fail
- avcodec/g2meet: Fix potential overflow in tile dimensions check
- avcodec/svq1dec: Check init_get_bits8() for failure
- avcodec/tta: Check init_get_bits8() for failure
- avcodec/vp3: Check init_get_bits8() for failure
- swresample/swresample: Fix integer overflow in seed calculation
- avformat/mov: Fix integer overflow in FFABS
- avutil/common: Add FFNABS()
- avutil/common: Document FFABS() corner case
- avformat/dump: Fix integer overflow in aspect ratio calculation
- avformat/mxg: Use memmove()
- avcodec/truemotion1: Check for even width
- avcodec/mpeg12dec: Set dimensions in mpeg1_decode_sequence() only in absence 
of errors
- avcodec/libopusenc: Fix infinite loop on flushing after 0 input
- avformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long 
loops
- avformat/hevc: Fix parsing errors
- ffmpeg: Use correct codec_id for av_parser_change() check
- ffmpeg: Check av_parser_change() for failure
- ffmpeg: Check for RAWVIDEO and do not relay only on AVFMT_RAWPICTURE
- ffmpeg: check avpicture_fill() return value
- avformat/mux: Update sidedata in ff_write_chained()
- avcodec/flashsvenc: Correct max dimension in error message
- avcodec/svq1enc: Check dimensions
- avcodec/dcaenc: clear bitstream end
- libavcodec/aacdec_template: Use init_get_bits8() in aac_decode_frame()
- rawdec: fix mjpeg probing buffer size check
- rawdec: fix mjpeg probing
- configure: loongson disable expensive optimizations in gcc O3 optimization
- videodsp: don't overread edges in vfix3 emu_edge.
- avformat/mp3dec: improve junk skipping heuristic
- avformat/hls: add support for EXT-X-MAP
- 

[Bug 1518549] Re: FFmpeg security fixes November 2015

2015-11-21 Thread Andreas Cadhalpun
** Description changed:

  FFmpeg 2.7.3 fixing a number of crashes and other potentially security
  relevant issues (including CVE-2015-8216, CVE-2015-8217 and
  CVE-2015-8219) was released.
  
  From the upstream Changelog:
  
  version 2.7.3:
  - rtmpcrypt: Do the xtea decryption in little endian mode
  - Update versions for 2.7.3
  - avformat/matroskadec: Check subtitle stream before dereferencing
  - avformat/utils: Do not init parser if probing is unfinished
  - avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions
  - avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range
  - avcodec/jpeg2000: Check comp coords to be within the supported size
  - avcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()
  - avcodec/wmaprodec: Check for overread in decode_packet()
  - avcodec/smacker: Check that the data size is a multiple of a sample vector
  - avcodec/takdec: Skip last p2 sample (which is unused)
  - avcodec/dxtory: Fix input size check in dxtory_decode_v1_410()
  - avcodec/dxtory: Fix input size check in dxtory_decode_v1_420()
  - avcodec/error_resilience: avoid accessing previous or next frames tables 
beyond height
  - avcodec/dpx: Move need_align to act per line
  - avcodec/flashsv: Check size before updating it
  - avcodec/ivi: Check image dimensions
  - avcodec/utils: Better check for channels in av_get_audio_frame_duration()
  - avcodec/jpeg2000dec: Check for duplicate SIZ marker
  - tests/fate/avformat: Fix fate-lavf
  - doc/ffmpeg: Clarify that the sdp_file option requires an rtp output.
  - ffmpeg: Don't try and write sdp info if none of the outputs had an rtp 
format.
  - apng: use correct size for output buffer
  - jvdec: avoid unsigned overflow in comparison
  - avcodec/hevc_ps: Check chroma_format_idc
  - avcodec/jpeg2000dec: Clip all tile coordinates
  - avcodec/microdvddec: Check for string end in 'P' case
  - avcodec/dirac_parser: Fix undefined memcpy() use
  - avformat/xmv: Discard remainder of packet on error
  - avformat/xmv: factor return check out of if/else
  - avcodec/mpeg12dec: Do not call show_bits() with invalid bits
  - libavutil/channel_layout: Check strtol*() for failure
  - avcodec/ffv1dec: Check for 0 quant tables
  - avcodec/mjpegdec: Reinitialize IDCT on BPP changes
  - avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
  - avutil/file_open: avoid file handle inheritance on Windows
  - avcodec/h264_slice: Disable slice threads if there are multiple access 
units in a packet
  - opusdec: Don't run vector_fmul_scalar on zero length arrays
  - avcodec/ffv1: Initialize vlc_state on allocation
  - avcodec/ffv1dec: update progress in case of broken pointer chains
  - avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice 
header decoding fails for other reasons
  - avformat/httpauth: Add space after commas in HTTP/RTSP auth header
  - avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise
  - avcodec/ffv1dec: Fix off by 1 error in quant_table_count check
  - avcodec/ffv1dec: Explicitly check read_quant_table() return value
  - avcodec/rangecoder: Check e
  - avutil/log: fix zero length gnu_printf format string warning
  - lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.
  - avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG
  - avfilter/af_asyncts: use llabs for int64_t
  - avcodec/g2meet: Also clear tile dimensions on header_fail
  - avcodec/g2meet: Fix potential overflow in tile dimensions check
  - avcodec/svq1dec: Check init_get_bits8() for failure
  - avcodec/tta: Check init_get_bits8() for failure
  - avcodec/vp3: Check init_get_bits8() for failure
  - swresample/swresample: Fix integer overflow in seed calculation
  - avformat/mov: Fix integer overflow in FFABS
  - avutil/common: Add FFNABS()
  - avutil/common: Document FFABS() corner case
  - avformat/dump: Fix integer overflow in aspect ratio calculation
  - avformat/mxg: Use memmove()
  - avcodec/truemotion1: Check for even width
  - avcodec/mpeg12dec: Set dimensions in mpeg1_decode_sequence() only in 
absence of errors
  - avcodec/libopusenc: Fix infinite loop on flushing after 0 input
  - avformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long 
loops
  - avformat/hevc: Fix parsing errors
  - ffmpeg: Use correct codec_id for av_parser_change() check
  - ffmpeg: Check av_parser_change() for failure
  - ffmpeg: Check for RAWVIDEO and do not relay only on AVFMT_RAWPICTURE
  - ffmpeg: check avpicture_fill() return value
  - avformat/mux: Update sidedata in ff_write_chained()
  - avcodec/flashsvenc: Correct max dimension in error message
  - avcodec/svq1enc: Check dimensions
  - avcodec/dcaenc: clear bitstream end
  - libavcodec/aacdec_template: Use init_get_bits8() in aac_decode_frame()
  - rawdec: fix mjpeg probing buffer size check
  - rawdec: fix mjpeg probing
  - configure: loongson disable expensive optimizations in gcc O3 optimization
  - videodsp: don't overread edges 

[Bug 1518549] Re: FFmpeg security fixes November 2015

2015-11-21 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a wily chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=wily

** Patch added: "debdiff for 2.7.3"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1518549/+attachment/4523003/+files/ffmpeg_2.7.3.diff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1518549

Title:
  FFmpeg security fixes November 2015

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1518549/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1517126] Re: package libavcodec-ffmpeg56 (not installed) failed to install/upgrade: conflicting packages - not installing libavcodec-ffmpeg56:amd64

2015-11-19 Thread Andreas Cadhalpun
*** This bug is a duplicate of bug 1511571 ***
https://bugs.launchpad.net/bugs/1511571

If you can figure out how to reproduce this bug in a freshly installed
virtual machine, that would probably help.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1517126

Title:
  package libavcodec-ffmpeg56 (not installed) failed to install/upgrade:
  conflicting packages - not installing libavcodec-ffmpeg56:amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1517126/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1517126] Re: package libavcodec-ffmpeg56 (not installed) failed to install/upgrade: conflicting packages - not installing libavcodec-ffmpeg56:amd64

2015-11-19 Thread Andreas Cadhalpun
*** This bug is a duplicate of bug 1511571 ***
https://bugs.launchpad.net/bugs/1511571

Thanks for trying to find a way to reproduce this.
I'm not sure what your question is about, but the important point is 'freshly 
installed', so that it can be easily reproduced by everyone.
If you have a spare partition, you can also use that, but using a VM should be 
easier.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1517126

Title:
  package libavcodec-ffmpeg56 (not installed) failed to install/upgrade:
  conflicting packages - not installing libavcodec-ffmpeg56:amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1517126/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1517126] Re: package libavcodec-ffmpeg56 (not installed) failed to install/upgrade: conflicting packages - not installing libavcodec-ffmpeg56:amd64

2015-11-19 Thread Andreas Cadhalpun
*** This bug is a duplicate of bug 1511571 ***
https://bugs.launchpad.net/bugs/1511571

** This bug has been marked a duplicate of bug 1511571
   package libavcodec-ffmpeg56 (not installed) failed to install/upgrade: 
conflicting packages - not installing libavcodec-ffmpeg56:amd64

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1517126

Title:
  package libavcodec-ffmpeg56 (not installed) failed to install/upgrade:
  conflicting packages - not installing libavcodec-ffmpeg56:amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1517126/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1513985] Re: ffmpeg test idct8x8 (SIMPLE-ARM) fails on ARM32 when built with binutils from the trunk

2015-11-10 Thread Andreas Cadhalpun
A small clarification: the SIMPLE-ARM implementation can also be
selected at runtime, e.g. with the '-idct simplearm' option. That's
mainly useful for debugging purposes, though.

Regarding the binutils bug:
Attached testcase test.S doesn't require compiling ffmpeg, but simply:
$ gcc -g -c -o test.o test.S

Analyzing the difference of 'objdump -d test.o' between variants built
with working and broken binutils show that the working binutils always
always uses 'ldr.w' for ldr, while the broken version sometimes
optimizes this to 'movw', which is a correct alternative, but one time
to 'movt', which only sets half of the register.

** Attachment added: "testcase"
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1513985/+attachment/4516473/+files/test.S

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1513985

Title:
  ffmpeg test idct8x8 (SIMPLE-ARM) fails on ARM32 when built with
  binutils from the trunk

To manage notifications about this bug go to:
https://bugs.launchpad.net/binutils/+bug/1513985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1514233] Re: Ubuntu 15.10 freezes during operation.

2015-11-10 Thread Andreas Cadhalpun
I can't imagine that Ubuntu freezing is an ffmpeg bug.
I guess you meant to file a bug against linux, so I'm reassigning this bug 
there.

But for this bug report to be useful you have to provide more information,
at least excerpts of /var/log/syslog from the time, when the freezing happens.

** Package changed: ffmpeg (Ubuntu) => linux (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1514233

Title:
  Ubuntu 15.10 freezes during operation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1514233/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1513985] Re: ffmpeg test idct8x8 (NEON) fails on ARM32 when built with binutils from the trunk

2015-11-07 Thread Andreas Cadhalpun
Debugging the failing command 'libavcodec/dct-test -i' with gdb shows
that this is clearly a binutils bug.

* Working with binutils 2.25.1-6ubuntu1:
Breakpoint 1, __end_a_evaluation () at libavcodec/arm/simple_idct_arm.S:239
239 ldr r10, =MASK_MSHW  @ R10=0x
(gdb) disas
Dump of assembler code for function __end_a_evaluation:
   0x00012c08 <+0>: add.w   r8, r6, r0
   0x00012c0c <+4>: add.w   r9, r2, r1
=> 0x00012c10 <+8>: ldr.w   r10, [pc, #540] ; 0x12e30 
<__end_bef_a_evaluation+44>
   0x00012c14 <+12>:and.w   r9, r10, r9, lsl #5
   0x00012c18 <+16>:mvn.w   r11, r10
   0x00012c1c <+20>:and.w   r8, r11, r8, asr #11
   0x00012c20 <+24>:orr.w   r8, r8, r9
   0x00012c24 <+28>:str.w   r8, [lr]
   0x00012c28 <+32>:add.w   r8, r3, r5
   0x00012c2c <+36>:add.w   r9, r4, r7
   0x00012c30 <+40>:and.w   r9, r10, r9, lsl #5
   0x00012c34 <+44>:and.w   r8, r11, r8, asr #11
   0x00012c38 <+48>:orr.w   r8, r8, r9
   0x00012c3c <+52>:str.w   r8, [lr, #4]
   0x00012c40 <+56>:sub.w   r8, r4, r7
   0x00012c44 <+60>:sub.w   r9, r3, r5
   0x00012c48 <+64>:and.w   r9, r10, r9, lsl #5
   0x00012c4c <+68>:and.w   r8, r11, r8, asr #11
   0x00012c50 <+72>:orr.w   r8, r8, r9
   0x00012c54 <+76>:str.w   r8, [lr, #8]
   0x00012c58 <+80>:sub.w   r8, r2, r1
   0x00012c5c <+84>:sub.w   r9, r6, r0
   0x00012c60 <+88>:and.w   r9, r10, r9, lsl #5
   0x00012c64 <+92>:and.w   r8, r11, r8, asr #11
   0x00012c68 <+96>:orr.w   r8, r8, r9
   0x00012c6c <+100>:   str.w   r8, [lr, #12]
   0x00012c70 <+104>:   b.n 0x12c92 <__end_row_loop>
End of assembler dump.
(gdb) info registers r10
r100x22a3   8867
(gdb) n
240 and r9, r10, r9, lsl #ROW_SHIFT2MSHW @ R9=0x & 
((a1+b1)<<5)
(gdb) info registers r10
r100x   -65536

This correctly sets the r10 register to 0x.

 * Broken with bintuils 2.25.51.20151028-0ubuntu1:
Breakpoint 1, __end_a_evaluation () at libavcodec/arm/simple_idct_arm.S:239
239 ldr r10, =MASK_MSHW  @ R10=0x
(gdb) disas
Dump of assembler code for function __end_a_evaluation:
   0x00012c08 <+0>: add.w   r8, r6, r0
   0x00012c0c <+4>: add.w   r9, r2, r1
=> 0x00012c10 <+8>: movtr10, #65535 ; 0x
   0x00012c14 <+12>:and.w   r9, r10, r9, lsl #5
   0x00012c18 <+16>:mvn.w   r11, r10
   0x00012c1c <+20>:and.w   r8, r11, r8, asr #11
   0x00012c20 <+24>:orr.w   r8, r8, r9
   0x00012c24 <+28>:str.w   r8, [lr]
   0x00012c28 <+32>:add.w   r8, r3, r5
   0x00012c2c <+36>:add.w   r9, r4, r7
   0x00012c30 <+40>:and.w   r9, r10, r9, lsl #5
   0x00012c34 <+44>:and.w   r8, r11, r8, asr #11
   0x00012c38 <+48>:orr.w   r8, r8, r9
   0x00012c3c <+52>:str.w   r8, [lr, #4]
   0x00012c40 <+56>:sub.w   r8, r4, r7
   0x00012c44 <+60>:sub.w   r9, r3, r5
   0x00012c48 <+64>:and.w   r9, r10, r9, lsl #5
   0x00012c4c <+68>:and.w   r8, r11, r8, asr #11
   0x00012c50 <+72>:orr.w   r8, r8, r9
   0x00012c54 <+76>:str.w   r8, [lr, #8]
   0x00012c58 <+80>:sub.w   r8, r2, r1
   0x00012c5c <+84>:sub.w   r9, r6, r0
   0x00012c60 <+88>:and.w   r9, r10, r9, lsl #5
   0x00012c64 <+92>:and.w   r8, r11, r8, asr #11
   0x00012c68 <+96>:orr.w   r8, r8, r9
   0x00012c6c <+100>:   str.w   r8, [lr, #12]
   0x00012c70 <+104>:   b.n 0x12c92 <__end_row_loop>
End of assembler dump.
(gdb) info registers r10
r100x22a3   8867
(gdb) n
240 and r9, r10, r9, lsl #ROW_SHIFT2MSHW @ R9=0x & 
((a1+b1)<<5)
(gdb) info registers r10
r100x22a3   -56669

This only sets the upper half of r10, leaving the lower half untouched.

** Changed in: binutils (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1513985

Title:
  ffmpeg test idct8x8 (NEON) fails on ARM32 when built with binutils
  from the trunk

To manage notifications about this bug go to:
https://bugs.launchpad.net/binutils/+bug/1513985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1511571] Re: package libavcodec-ffmpeg56 (not installed) failed to install/upgrade: conflicting packages - not installing libavcodec-ffmpeg56:amd64

2015-11-01 Thread Andreas Cadhalpun
So,  apparently, the Software Center can't deal with conflicts correctly, thus 
I'm reassigning this bug to it.
That libavcodec-ffmpeg56 and libavcodec-ffmpeg-extra56 conflict is intentional 
and certainly not a bug.

** Package changed: ffmpeg (Ubuntu) => software-center (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1511571

Title:
  package libavcodec-ffmpeg56 (not installed) failed to install/upgrade:
  conflicting packages - not installing libavcodec-ffmpeg56:amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-center/+bug/1511571/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1509960] Re: package ffmpeg (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/qt-faststart', which is also in package libav-tools 6:9.18-0ubuntu0.14.04.1

2015-10-26 Thread Andreas Cadhalpun
This is a duplicate of bug #1458359 and just as invalid.

** Changed in: ffmpeg (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1509960

Title:
  package ffmpeg (not installed) failed to install/upgrade: trying to
  overwrite '/usr/bin/qt-faststart', which is also in package libav-
  tools 6:9.18-0ubuntu0.14.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1509960/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1491048] Re: Transition from libav

2015-10-24 Thread Andreas Cadhalpun
The transition tracker shows that all rebuilds have been done by now, so
I'm closing this bug.

** Changed in: ffmpeg (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1491048

Title:
  Transition from libav

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1491048/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1509169] Re: package libavcodec-ffmpeg56 (not installed) failed to install/upgrade: conflicting packages - not installing libavcodec-ffmpeg56:amd64

2015-10-24 Thread Andreas Cadhalpun
libavcodec-ffmpeg56 intentionally conflicts with libavcodec-ffmpeg-extra56.
I'm not sure what you did, but according to DpkgHistoryLog.txt it involves 
aptdaemon, which seems to not handle conflicts correctly.
But since this is definitely not a bug in libavcodec-ffmpeg56, I'm reassigning 
this report to aptdaemon now.

** Package changed: ffmpeg (Ubuntu) => aptdaemon (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1509169

Title:
  package libavcodec-ffmpeg56 (not installed) failed to install/upgrade:
  conflicting packages - not installing libavcodec-ffmpeg56:amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1509169/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1480311] Re: FFmpeg security fixes July 2015

2015-07-31 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a vivid chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * no regressions in the autopkgtests from 2.7.2-1

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=vivid

** Patch added: debdiff for 2.5.8
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1480311/+attachment/4436979/+files/ffmpeg_2.5.8.diff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1480311

Title:
  FFmpeg security fixes July 2015

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1480311/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1480311] [NEW] FFmpeg security fixes July 2015

2015-07-31 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 2.5.8 fixing a number of crashes and other potentially security relevant 
issues was released.
From the upstream Changelog:

version 2.5.8
- snow: remove an obsolete av_assert2
- huffyuvdec: validate image size
- vc1dec: use get_bits_long and limit the read bits to 32
- mpegaudiodec: copy AVFloatDSPContext from first context to all contexts
- libshine: fix support for shine 3.0
- avidec: check for valid bit_rate range
- avformat/nut: support WavPack
- avcodec/diracdec: Check slices malloc and propagate error code
- avcodec/vp8: Check buffer size in vp8_decode_frame_header()
- avcodec/vp8: Fix null pointer dereference in ff_vp8_decode_free()
- avcodec/diracdec: Check for hpel_base allocation failure
- avcodec/rv34: Clear pointers in ff_rv34_decode_init_thread_copy()
- avfilter/af_aresample: Check ff_all_* for allocation failures
- avcodec/pthread_frame: clear priv_data, avoid stale pointer in error case
- swscale/utils: Clear pix buffers
- avutil/fifo: Fix the case where func() returns less bytes than requested in 
av_fifo_generic_write()
- avformat/mov: Fix deallocation when MOVStreamContext failed to allocate
- ffmpeg: Fix crash with ost-last_frame allocation failure
- ffmpeg: Fix cleanup with ost = NULL
- avcodec/pthread_frame: check avctx on deallocation
- avcodec/sanm: Reset sizes in destroy_buffers()
- avcodec/alac: Clear pointers in allocate_buffers()
- bytestream2: set the reader to the end when reading more than available
- avcodec/utils: use a minimum 32pixel width in  avcodec_align_dimensions2() 
for H.264
- avcodec/mpegvideo: Clear pointers in ff_mpv_common_init()
- oggparsedirac: check return value of init_get_bits
- wmalosslessdec: reset frame-nb_samples on packet loss
- wmalosslessdec: avoid reading 0 bits with get_bits
- avcodec/rawenc: Use ff_alloc_packet() instead of ff_alloc_packet2()
- avcodec/aacsbr: Assert that bs_num_env is positive
- avcodec/aacsbr: check that the element type matches before applying SBR
- avcodec/h264_slice: Use w/h from the AVFrame instead of mb_w/h
- vp9/update_prob: prevent out of bounds table read
- avfilter/vf_transpose: Fix rounding error
- avcodec/pngdec: Check values before updating context in decode_fctl_chunk()
- avcodec/pngdec: Require a IHDR chunk before fctl
- avcodec/pngdec: Only allow one IHDR chunk
- wmavoice: limit wmavoice_decode_packet return value to packet size
- swscale/swscale_unscaled: Fix rounding difference with RGBA output between 
little and big endian
- ffmpeg: Do not use the data/size of a bitstream filter after failure
- swscale/x86/rgb2rgb_template: fix signedness of v in 
shuffle_bytes_2103_{mmx,mmxext}
- swscale/x86/rgb2rgb_template: add missing xmm clobbers
- vda: unlock the pixel buffer base address.
- swscale/rgb2rgb_template: Fix signedness of v in shuffle_bytes_2103_c()
- swscale/rgb2rgb_template: Implement shuffle_bytes_0321_c and fix 
shuffle_bytes_2103_c on BE
- swscale/rgb2rgb_template: Disable shuffle_bytes_2103_c on big endian
- swr: Remember previously set int_sample_format from user
- matroskadec: check audio sample rate
- matroskadec: validate audio channels and bitdepth
- avcodec/dpxenc: implement write16/32 as functions
- postproc: fix unaligned access
- ffmpeg: Free last_frame instead of just unref
- avio: fix potential crashes when combining ffio_ensure_seekback + crc
- h264: er: Copy from the previous reference only if compatible
- sonic: set avctx-channels in sonic_decode_init
- vp8: change mv_{min,max}.{x,y} type to int
- vp9: change type of tile_size from unsigned to int64_t
- arm: only enable setend on ARMv6
- libopenjpegdec: check existence of image component data
- mov: abort on EOF in ff_mov_read_chan
- ffmpeg_opt: Check for localtime() failure
- avformat: Fix bug in parse_rps for HEVC.
- takdec: ensure chan2 is a valid channel index
- avcodec/h264_slice: Use AVFrame diemensions for grayscale handling
- avdevice/lavfi: do not rescale AV_NOPTS_VALUE in lavfi_read_packet()
- libavutil/channel_layout: Correctly return layout when channel specification 
ends with a trailing 'c'.
- avcodec/jpeg2000dec: Check that coords match before applying ICT
- avformat/ffmdec: Check ffio_set_buf_size() return value
- avcodec/adpcm: Check for overreads
- avcodec/alsdec: Check for overread
- avcodec/atrac3plusdec: consume only as many bytes as available
- libavutil/softfloat: Fix av_normalize1_sf bias.
- swresample/swresample: Cleanup on init failure.
- Revert avformat/rtpenc: check av_packet_get_side_data() return, fix null ptr 
dereference
- avformat/mxfenc: Accept MXF D-10 with 49.999840 Mbit/sec
- swresample/dither: check memory allocation
- libopenjpegenc: add NULL check for img before accessing it
- swresample: Check the return value of resampler-init()
- h264: Make sure reinit failures mark the context as not initialized
- ffmpeg_opt: Set the video VBV parameters only for the video stream from 
-target
- avcodec/bitstream: Assert that 

[Bug 1478337] Re: Unknown encoder 'libx264'

2015-07-26 Thread Andreas Cadhalpun
Then please post the full command line and it's output.

The libx264 encoder works just fine, e.g.:

$ ffmpeg -f lavfi -i testsrc=d=1 -vcodec libx264 output.mp4
ffmpeg version 2.5.7-0ubuntu0.15.04.1 Copyright (c) 2000-2015 the FFmpeg 
developers
  built with gcc 4.9.2 (Ubuntu 4.9.2-10ubuntu13)
  configuration: --prefix=/usr --extra-version=0ubuntu0.15.04.1 
--build-suffix=-ffmpeg --toolchain=hardened --libdir=/usr/lib/x86_64-linux-gnu 
--shlibdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu 
--enable-gpl --enable-shared --disable-stripping --enable-avresample 
--enable-avisynth --enable-ladspa --enable-libass --enable-libbluray 
--enable-libbs2b --enable-libcaca --enable-libcdio --enable-libflite 
--enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgme 
--enable-libgsm --enable-libmodplug --enable-libmp3lame --enable-libopenjpeg 
--enable-libopus --enable-libpulse --enable-libschroedinger --enable-libshine 
--enable-libspeex --enable-libssh --enable-libtheora --enable-libtwolame 
--enable-libvorbis --enable-libwavpack --enable-libwebp --enable-libxvid 
--enable-opengl --enable-x11grab --enable-libdc1394 --enable-libiec61883 
--enable-libzvbi --enable-libzmq --enable-frei0r --enable-libvpx 
--enable-libx264 --enable-libsoxr --enable-gnutls --e
 nable-openal --enable-libopencv --enable-librtmp --enable-libx265
  libavutil  54. 15.100 / 54. 15.100
  libavcodec 56. 13.100 / 56. 13.100
  libavformat56. 15.102 / 56. 15.102
  libavdevice56.  3.100 / 56.  3.100
  libavfilter 5.  2.103 /  5.  2.103
  libavresample   2.  1.  0 /  2.  1.  0
  libswscale  3.  1.101 /  3.  1.101
  libswresample   1.  1.100 /  1.  1.100
  libpostproc53.  3.100 / 53.  3.100
Input #0, lavfi, from 'testsrc=d=1':
  Duration: N/A, start: 0.00, bitrate: N/A
Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 320x240 [SAR 
1:1 DAR 4:3], 25 tbr, 25 tbn, 25 tbc
No pixel format specified, yuv444p for H.264 encoding chosen.
Use -pix_fmt yuv420p for compatibility with outdated media players.
[libx264 @ 0x1c24b60] using SAR=1/1
[libx264 @ 0x1c24b60] using cpu capabilities: MMX2 SSE2Fast SSSE3 SSE4.2 AVX 
AVX2 FMA3 LZCNT BMI2
[libx264 @ 0x1c24b60] profile High 4:4:4 Predictive, level 1.3, 4:4:4 8-bit
[libx264 @ 0x1c24b60] 264 - core 142 r2495 6a301b6 - H.264/MPEG-4 AVC codec - 
Copyleft 2003-2014 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 
deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 
mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 
fast_pskip=1 chroma_qp_offset=4 threads=6 lookahead_threads=1 sliced_threads=0 
nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 
b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 
keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf 
mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00
Output #0, mp4, to 'output.mp4':
  Metadata:
encoder : Lavf56.15.102
Stream #0:0: Video: h264 (libx264) ([33][0][0][0] / 0x0021), yuv444p, 
320x240 [SAR 1:1 DAR 4:3], q=-1--1, 25 fps, 12800 tbn, 25 tbc
Metadata:
  encoder : Lavc56.13.100 libx264
Stream mapping:
  Stream #0:0 - #0:0 (rawvideo (native) - h264 (libx264))
Press [q] to stop, [?] for help
frame=   25 fps=0.0 q=-1.0 Lsize=   9kB time=00:00:00.92 bitrate=  
75.7kbits/s
video:7kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing 
overhead: 14.635430%
[libx264 @ 0x1c24b60] frame I:1 Avg QP:19.50  size:  2846
[libx264 @ 0x1c24b60] frame P:9 Avg QP:17.62  size:   346
[libx264 @ 0x1c24b60] frame B:15Avg QP:14.18  size:64
[libx264 @ 0x1c24b60] consecutive B-frames: 20.0%  0.0%  0.0% 80.0%
[libx264 @ 0x1c24b60] mb I  I16..4: 31.3% 41.7% 27.0%
[libx264 @ 0x1c24b60] mb P  I16..4:  1.2%  2.0%  0.6%  P16..4:  8.6%  3.3%  
2.0%  0.0%  0.0%skip:82.2%
[libx264 @ 0x1c24b60] mb B  I16..4:  0.2%  0.1%  0.0%  B16..8:  4.8%  0.1%  
0.0%  direct: 0.2%  skip:94.5%  L0:39.7% L1:54.9% BI: 5.4%
[libx264 @ 0x1c24b60] 8x8 transform intra:44.1% inter:48.9%
[libx264 @ 0x1c24b60] coded y,u,v intra: 12.2% 11.2% 11.0% inter: 0.7% 0.9% 0.8%
[libx264 @ 0x1c24b60] i16 v,h,dc,p: 71% 19%  3%  7%
[libx264 @ 0x1c24b60] i8 v,h,dc,ddl,ddr,vr,hd,vl,hu: 71%  6% 23%  0%  0%  0%  
0%  0%  0%
[libx264 @ 0x1c24b60] i4 v,h,dc,ddl,ddr,vr,hd,vl,hu: 47% 31% 15%  2%  1%  1%  
0%  2%  0%
[libx264 @ 0x1c24b60] Weighted P-Frames: Y:0.0% UV:0.0%
[libx264 @ 0x1c24b60] ref P L0: 63.4%  5.0% 23.5%  8.1%
[libx264 @ 0x1c24b60] ref B L0: 73.3% 23.3%  3.5%
[libx264 @ 0x1c24b60] ref B L1: 97.8%  2.2%
[libx264 @ 0x1c24b60] kb/s:55.28

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1478337

Title:
  Unknown encoder 'libx264'

To manage notifications about this bug go to:

[Bug 1478337] Re: Unknown encoder 'libx264'

2015-07-26 Thread Andreas Cadhalpun
 ffmpeg version 2.6.2 Copyright (c) 2000-2015 the FFmpeg developers

This version of ffmpeg does not come from Ubuntu, hence closing the bug as 
invalid.
Please report any problems with it wherever you got it from.

The ffmpeg version in vivid is currently 2.5.7-0ubuntu0.15.04.1.
If you want to use a newer ffmpeg versions from Ubuntu, you can try the one 
from wily.

** Changed in: ffmpeg (Ubuntu)
   Status: New = Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1478337

Title:
  Unknown encoder 'libx264'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1478337/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1478337] Re: Unknown encoder 'libx264'

2015-07-26 Thread Andreas Cadhalpun
 Unknown encoder 'lib264'

Looks like you missed the 'x' between 'lib' and '264'.
Using the actual libx264 encoder works fine.
Thus closing this bug as invalid.

** Changed in: ffmpeg (Ubuntu)
   Status: New = Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1478337

Title:
  Unknown encoder 'libx264'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1478337/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1458359] Re: package ffmpeg (not installed) failed to install/upgrade: trying to overwrite '/usr/share/man/man1/qt-faststart.1.gz', which is also in package libav-tools 6:9.18-0ubuntu0.14.04.1

2015-05-25 Thread Andreas Cadhalpun
There is no ffmpeg package in Ubuntu 14.04 LTS Trusty Tahr.

You're trying to install ffmpeg 4:0.5.9-0ubuntu0.10.04.3 from Ubuntu
10.04 LTS Lucid Lynx in trusty, so you should expect problems.

This problem does not exist in the ffmpeg package in Ubuntu 15.04 Vivid
Vervet.

Thus this bug is invalid.

** Changed in: ffmpeg (Ubuntu)
   Status: New = Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1458359

Title:
  package ffmpeg (not installed) failed to install/upgrade: trying to
  overwrite '/usr/share/man/man1/qt-faststart.1.gz', which is also in
  package libav-tools 6:9.18-0ubuntu0.14.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1458359/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1458171] [NEW] FFmpeg security fixes May 2015

2015-05-23 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 2.5.7 fixing a number of crashes and other potentially security relevant 
issues was released.
From the upstream Changelog:

version 2.5.7
- avformat/nutdec: Fix recovery when immedeately after seeking a failure happens
- nutdec: fix memleaks on error in nut_read_header
- rtpenc_jpeg: handle case of picture dimensions not dividing by 8
- avformat/mov: Fix parsing short loci
- avcodec/shorten: Fix code depending on signed overflow behavior
- avcodec/proresdec2: Reset slice_count on deallocation
- ffmpeg_opt: Fix -timestamp parsing
- hevc: make avcodec_decode_video2() fail if get_format() fails
- avcodec/mpeg4audio: add some padding/alignment to MAX_PCE_SIZE
- swr: fix alignment issue caused by 8ch sse functions
- libswscale/x86/hscale_fast_bilinear_simd.c: Include BX in the clobber list on 
x86_64, because it isn't implicitly included when PIC is on.
- aacdec: don't return frames without data
- avformat/matroskadec: Cleanup error handling for bz2  zlib
- avformat/nutdec: Fix use of uinitialized value
- tools/graph2dot: use larger data types than int for array/string sizes
- id3v2: catch avio_read errors in check_tag
- aacsbr: break infinite loop in sbr_hf_calc_npatches
- diracdec: avoid overflow of bytes*8 in decode_lowdelay
- diracdec: prevent overflow in data_unit_size check
- avidec: avoid infinite loop due to negative ast-sample_size
- pngdec: don't use AV_PIX_FMT_MONOBLACK for apng
- avcodec/wavpack: Check L/R values before use to avoid harmless integer 
overflow and undefined behavior in fate
- xcbgrab: Validate the capture area
- xcbgrab: Do not assume the non shm image data is always available
- avfilter/lavfutils: disable frame threads when decoding a single image
- nutdec: fix illegal count check in decode_main_header
- ffmpeg: remove incorrect network deinit
- OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c
- apedec: set s-samples only when init_frame_decoder succeeded
- swscale/ppc/swscale_altivec.c: POWER LE support in yuv2planeX_8() delete 
macro GET_VF()
- libvpxenc: only set noise reduction w/vp8
- tests/fate-run: do not attempt to parse tiny_psnrs output if it failed
- alac: reject rice_limit 0 if compression is used
- alsdec: only adapt order for positive max_order
- alsdec: check sample pointer range in revert_channel_correlation
- tests: drop bc dependency
- fate: Include branch information in the payload header

** Affects: ffmpeg (Ubuntu)
 Importance: Undecided
 Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1458171

Title:
  FFmpeg security fixes May 2015

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1458171/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1458171] Re: FFmpeg security fixes May 2015

2015-05-23 Thread Andreas Cadhalpun
Attached is a debdiff. (git repo is at [1])

Testing performed (in a vivid chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * results of autopkgtests from 2.6.3-1 (in Debian) are unchanged from 2.5.6

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=vivid

** Patch added: ffmpeg-2.5.7.diff
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1458171/+attachment/4402906/+files/ffmpeg-2.5.7.diff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1458171

Title:
  FFmpeg security fixes May 2015

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1458171/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1449905] Re: Add Fraunhofer FDK AAC support to ffmpeg package

2015-05-14 Thread Andreas Cadhalpun
As Carl Eugen explained this bug is invalid.

You can use the native AAC encoder and report specific bugs if you
encounter any issues with it.

** Changed in: ffmpeg (Ubuntu)
   Status: Confirmed = Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1449905

Title:
  Add Fraunhofer FDK AAC support to ffmpeg package

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1449905/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1449905] Re: Add Fraunhofer FDK AAC support to ffmpeg package

2015-05-02 Thread Andreas Cadhalpun
Hi,

On Wed, 29 Apr 2015, maurizio de santis wrote:
 Fraunhofer FDK AAC is the only decent aac encoder supported by ffmpeg, and
 aac encoding is crucial for web media encodings, which are tipically
 (unfortunately) mp4 with h264/aac encodings.

As Carl Eugen already explained, we can't enable the  Fraunhofer FDK AAC
encoder for legal reasons.

Have you tried the native aac encoder (-c:a aac -strict -2)?

If you can give some details in which way it is inferior to the
Fraunhofer FDK AAC, it could be improved accordingly.

Otherwise we'll have to close this bug as won't fix.

Best regards,
Andreas

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1449905

Title:
  Add Fraunhofer FDK AAC support to ffmpeg package

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1449905/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1436296] Re: FFmpeg security fixes March 2015

2015-04-26 Thread Andreas Cadhalpun
As vivid is released now, this update needs to go through vivid-security.
Attached is an updated debdiff. (git repo is at [1])

Testing performed (in a vivid chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * running the autopkgtests from 2.6.2-1 (in Debian) gives 2 less failures and 
7 less crashes than 2.5.4-1
(Only two failures remain.)


1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=vivid

** Patch added: 2.5.6-0ubuntu0.15.04.1.diff
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+attachment/4384782/+files/2.5.6-0ubuntu0.15.04.1.diff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1436296

Title:
  FFmpeg security fixes March 2015

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1436296] Re: FFmpeg security fixes March 2015

2015-04-19 Thread Andreas Cadhalpun
In the meanwhile FFmpeg 2.5.6 with some more fixes has been released.

version 2.5.6
- avcodec/atrac3plusdsp: fix on stack alignment
- ac3: validate end in ff_ac3_bit_alloc_calc_mask
- aacpsy: avoid psy_band-threshold becoming NaN
- aasc: return correct buffer size from aasc_decode_frame
- msrledec: use signed pixel_ptr in msrle_decode_pal4
- swresample: Allow reinitialization without ever setting channel layouts 
(cherry picked from commit 80a28c7509a4e1aea5b208d56c6646d69c07)
- swresample: Allow reinitialization without ever setting channel counts
- avcodec/h264: Do not fail with randomly truncated VUIs
- avcodec/h264_ps: Move truncation check from VUI to SPS
- avcodec/h264: Be more tolerant to changing pps id between slices
- avcodec/aacdec: Fix storing state before PCE decode
- avcodec/h264: reset the counts in the correct context
- avcodec/h264_slice: Do not reset mb_aff_frame per slice
- avcodec/h264: finish previous slices before switching to single thread mode
- avcodec/h264: Fix race between slices where one overwrites data from the next
- avcodec/h264_refs: Do not set reference to things which do not exist
- avcodec/h264: Fail for invalid mixed IDR / non IDR frames in slice threading 
mode
- h264: avoid unnecessary calls to get_format
- avcodec/msrledec: restructure msrle_decode_pal4() based on the line number 
instead of the pixel pointer

I updated the vivid branch on Alioth [1].

It builds fine in a vivid chroot, including build time tests.
Attached is a debdiff from 2.5.4-1.

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git/log/?h=vivid

** Patch added: 2.5.6.diff
   
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+attachment/4379593/+files/2.5.6.diff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1436296

Title:
  FFmpeg security fixes March 2015

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1436296] [NEW] FFmpeg security fixes March 2015

2015-03-25 Thread Andreas Cadhalpun
*** This bug is a security vulnerability ***

Public security bug reported:

FFmpeg 2.5.5 fixing a number of crashes and other potentially security relevant 
issues was released.
From the upstream Changelog:

version 2.5.5:
- vp9: make above buffer pointer 32-byte aligned.
- avcodec/dnxhddec: Check that the frame is interlaced before using cur_field
- avformat/mov: Disallow .. in dref unless use_absolute_path is set
- avformat/mov: Check for string truncation in mov_open_dref()
- avformat/mov: Use sizeof(filename) instead of a literal number
- eac3dec: fix scaling
- ac3_fixed: fix computation of spx_noise_blend
- ac3_fixed: fix out-of-bound read
- ac3dec_fixed: always use the USE_FIXED=1 variant of the AC3DecodeContext
- avcodec/012v: redesign main loop
- avcodec/012v: Check dimensions more completely
- asfenc: fix leaking asf-index_ptr on error
- avcodec/options_table: remove extradata_size from the AVOptions table
- ffmdec: limit the backward seek to the last resync position
- ffmdec: make sure the time base is valid
- ffmdec: fix infinite loop at EOF
- ffmdec: initialize f_cprv, f_stvi and f_stau
- avformat/rm: limit packet size
- avcodec/webp: validate the distance prefix code
- avcodec/rv10: check size of s-mb_width * s-mb_height
- eamad: check for out of bounds read
- mdec: check for out of bounds read
- arm: Suppress tags about used cpu arch and extensions
- aic: Fix decoding files with odd dimensions
- avcodec/tiff: move bpp check to after end:
- mxfdec: Fix the error handling for when strftime fails
- avcodec/opusdec: Fix delayed sample value
- avcodec/opusdec: Clear out pointers per packet
- avcodec/utils: Align YUV411 by as much as the other YUV variants
- vp9: fix segmentation map retention with threading enabled.
- webp: ensure that each transform is only used once
- doc/protocols/tcp: fix units of listen_timeout option value, from 
microseconds to milliseconds
- fix VP9 packet decoder returning 0 instead of the used data size
- avformat/flvenc: check that the codec_tag fits in the available bits
- avcodec/utils: use correct printf specifier in ff_set_sar
- avutil/imgutils: correctly check for negative SAR components
- swscale/utils: clear formatConvBuffer on allocation
- avformat/bit: only accept the g729 codec and 1 channel
- avformat/bit: check that pkt-size is 10 in write_packet
- avformat/adxdec: check avctx-channels for invalid values
- avformat/adxdec: set avctx-channels in adx_read_header
- Fix buffer_size argument to init_put_bits() in multiple encoders.
- mips/acelp_filters: fix incorrect register constraint
- avcodec/hevc_ps: Sanity checks for some log2_* values
- avcodec/zmbv: Check len before reading in decode_frame()
- avcodec/h264: Only reinit quant tables if a new PPS is allowed
- avcodec/snowdec: Fix ref value check
- swscale/utils: More carefully merge and clear coefficients outside the input
- avcodec/a64multienc: Assert that the Packet size does not grow
- avcodec/a64multienc: simplify frame handling code
- avcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop
- avcodec/a64multienc: initialize mc_meta_charset to zero
- avcodec/a64multienc: don't set incorrect packet size
- avcodec/a64multienc: use av_frame_ref instead of copying the frame
- avcodec/x86/mlpdsp_init: Simplify mlp_filter_channel_x86()
- h264: initialize H264Context.avctx in init_thread_copy
- wtvdec: fix integer overflow resulting in errors with large files
- avcodec/gif: fix off by one in column offsetting finding


Since Debian has already the next major upstream version 2.6.1, syncing is 
probably incompatible with the vivid freeze.
Thus I've created a vivid branch in the git repository on Alioth [1], where I 
imported 2.5.5.
I'm attaching the debdiff.

I've tested the resulting package using the autopkgtests from 2.6.1-1
and only 2 failures remain of the 4 failures and 7 crashes with 2.5.4.

1: https://anonscm.debian.org/cgit/collab-maint/ffmpeg.git

** Affects: ffmpeg (Ubuntu)
 Importance: Undecided
 Status: New

** Patch added: 2.5.5.debdiff
   
https://bugs.launchpad.net/bugs/1436296/+attachment/4355449/+files/2.5.5.debdiff

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1436296

Title:
  FFmpeg security fixes March 2015

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1436296/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1427891] [NEW] Sync ffmpeg 7:2.5.4-1 (universe) from Debian unstable (main)

2015-03-03 Thread Andreas Cadhalpun
Public bug reported:

Please sync ffmpeg 7:2.5.4-1 (universe) from Debian unstable (main)

This upload fixes the FTBFS on ppc64el, which prevented the previous upstream
bugfix releases from entering vivid (they are stuck in proposed).

The following CVEs were fixed:
 * CVE-2014-9602, CVE-2014-9603, CVE-2014-9604 (in 2.5.2)
 * CVE-2015-1872 (in 2.5.4)

Changelog entries since current vivid version 7:2.5.3-1:

ffmpeg (7:2.5.4-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.5.4.
  * Drop configure-enable-vsx-together-with-altivec-for-ppc64el.patch
included upstream.
  * Add patches making the build binary reproducible.
  * Stop using faketime.
  * Correctly handle noopt in DEB_BUILD_OPTIONS.
  * Disable assembler optimizations on ppc64el, as they don't work yet.
  * Disable assembler optimizations on mips64(el), as they don't work yet.
Thanks to James Cowgill. (Closes: #776649)
  * Fix dep5-copyright-license-name-not-unique lintian warnings.

 -- Andreas Cadhalpun andreas.cadhal...@googlemail.com  Sat, 14 Feb
2015 23:14:52 +0100

** Affects: ffmpeg (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1427891

Title:
  Sync ffmpeg 7:2.5.4-1 (universe) from Debian unstable (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1427891/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 930040] Re: ffmpeg shows too much output at start up

2015-02-20 Thread Andreas Cadhalpun
There is now a -hide_banner option that hides the startup messages, see:
https://trac.ffmpeg.org/ticket/3246

** Bug watch added: FFmpeg Trac bug tracker #3246
   https://trac.ffmpeg.org/ticket/3246

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/930040

Title:
  ffmpeg shows too much output at start up

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/930040/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1353711] Re: package ffmpeg (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/qt-faststart', which is also in package libav-tools 6:9.14-0ubuntu0.14.04.1

2015-02-20 Thread Andreas Cadhalpun
There is no ffmpeg package in Ubuntu 14.04 and the ffmpeg package in
Ubuntu 15.04 doesn't have this problem. Thus this bug is invalid. Please
report the problem wherever you obtained your ffmpeg package from.

** Changed in: ffmpeg (Ubuntu)
   Status: Confirmed = Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1353711

Title:
  package ffmpeg (not installed) failed to install/upgrade: trying to
  overwrite '/usr/bin/qt-faststart', which is also in package libav-
  tools 6:9.14-0ubuntu0.14.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1353711/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 930040] Re: ffmpeg shows too much output at start up

2015-02-20 Thread Andreas Cadhalpun
** Changed in: ffmpeg (Ubuntu)
   Status: Fix Committed = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/930040

Title:
  ffmpeg shows too much output at start up

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/930040/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1173981] Re: gnome-shell crashes when zoom larger than 6

2013-11-16 Thread Andreas Cadhalpun
This problem does not exist anymore in Ubuntu Gnome 13.10 with gnome-shell 
3.8.4-0ubuntu5.
The bug can be closed.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1173981

Title:
  gnome-shell crashes when zoom larger than 6

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1173981/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1173981] [NEW] gnome-shell crashes when zoom larger than 6

2013-04-28 Thread Andreas Cadhalpun
Public bug reported:

I am using Ubuntu 13.04 with Gnome 3.8 from the PPA.

How to reproduce the bug:
 - Go to the gnome-control-center, accessibility, zoom, options.
 - Turn the zoom on.
 - Change the zoom factor to 6,00.
 - Gnome-shell will crash and even a reboot does not bring it back. Only 
reinstalling packages from gnome3-ppa and then restarting restores the 
gnome-shell.

Zoom factors smaller than 6 work well and produce no problems.

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: gnome-shell 3.8.1-0ubuntu1~raring1.2 [origin: 
LP-PPA-gnome3-team-gnome3]
ProcVersionSignature: Ubuntu 3.8.0-19.29-generic 3.8.8
Uname: Linux 3.8.0-19-generic x86_64
ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
CrashDB: ubuntu
Date: Sun Apr 28 17:14:50 2013
DisplayManager: gdm
EcryptfsInUse: Yes
GsettingsChanges:
 
InstallationDate: Installed on 2013-04-26 (1 days ago)
InstallationMedia: Ubuntu-GNOME 13.04 Raring Ringtail - Release amd64 
(20130424)
MarkForUpload: True
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=set
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: gnome-shell
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: gnome-shell (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug gnome3

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1173981

Title:
  gnome-shell crashes when zoom larger than 6

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1173981/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs