* Sun Jul 22 2018 tchvatal@suse.com
- Version update to 2.8.15:
* avcodec/dvdsub_parser: Allocate input padding
* avcodec/dvdsub_parser: Init output buf/size
* avcodec/imgconvert: fix possible null pointer dereference
* swresample/arm: rename labels to fix xcode build error
* avformat/utils: fix mixed declarations and code
* libwebpenc_animencoder: add missing braces to struct initialization
* avformat/movenc: Check input sample count
* avcodec/mjpegdec: Check for odd progressive RGB
* avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
* avformat/mms: Add missing chunksize check
* avformat/pva: Check for EOF before retrying in read_part_of_packet()
* avcodec/indeo4: Check for end of bitstream in decode_mb_info()
* avcodec/shorten: Fix undefined addition in shorten_decode_frame()
* avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
* avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
* avcodec/escape124: Fix spelling errors in comment
* avcodec/ra144: Fix integer overflow in ff_eval_refl()
* avcodec/cscd: Check output buffer size for lzo.
* avcodec/escape124: Check buf_size against num_superblocks
* avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
* avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
* avutil/common: Fix undefined behavior in av_clip_uintp2_c()
* fftools/ffmpeg: Fallback to duration if sample rate is unavailable
* avformat/mov: Only set pkt->duration to non negative values
* avcodec/h264_mc_template: Only prefetch motion if the list is used.
* avcodec/xwddec: Use ff_set_dimensions()
* avcodec/wavpack: Fix overflow in adding tail
* avcodec/shorten: Fix multiple integer overflows
* avcodec/shorten: Sanity check nmeans
* avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
* avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
* avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
* avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
* avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
* avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
* avcodec/fic: Avoid some magic numbers related to cursors
* avcodec/g2meet: ask for sample with overflowing RGB
* avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
* avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
* avcodec/mlpdec: Only change noise_type if the related fields are valid
* indeo4: Decode all or nothing of a band header.
* avformat/mov: Only fail for STCO/STSC contradictions if both exist
* avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
* avcodec/fic: Check available input space for cursor
* avcodec/g2meet: Check RGB upper limit
* avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
* avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
* avcodec/g2meet: Change order of operations to avoid undefined behavior
* avcodec/flac_parser: Fix infinite loop
* avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
* avcodec/error_resilience: Fix integer overflow in filter181()
* avcodec/h263dec: Check slice_ret in mspeg4 slice loop
* avcodec/elsdec: Fix memleaks
* avcodec/vc1_block: simplify ac_val computation
* avcodec/ffv1enc: Check that the crc + version combination is supported
* lavf/http.c: Free allocated client URLContext in case of error.
* avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
* avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
* avcodec/dfa: Check dimension against maximum
* avcodec/cinepak: Skip empty frames
* avcodec/cinepak: move some checks prior to frame allocation
* swresample/arm: remove unintentional relocation.
* doc/APIchanges: Fix typos in hashes
* avformat/utils: Check cur_dts in update_initial_timestamps() more
* avcodec/utils: Enforce minimum width also for VP5/6
* avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
* avcodec/mjpegdec: Check input buffer size.
* lavc/libopusdec: Allow avcodec_open2 to call .close
* avcodec/movtextdec: Check style_start/end
* avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
* swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
* avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
* avcodec/cscd: Error out when LZ* decompression fails
* avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
* avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
* avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
* avcodec/get_bits: Make sure the input bitstream with padding can be addressed
* avformat/mov: Check STSC and remove invalid entries
* avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
* avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
* avcodec/wmalosslessdec: Reset num_saved_bits on error path
* avformat/mov: Fix integer overflows related to sample_duration
* avformat/oggparseogm: Check lb against psize
* avformat/oggparseogm: Fix undefined shift in ogm_packet()
* avformat/avidec: Fix integer overflow in cum_len check
* avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
* avformat/utils: Fix integer overflow of fps_first/last_dts
* libavformat/oggparsevorbis: Fix memleak on multiple headers
* avcodec/bintext: sanity check dimensions
* avcodec/utvideodec: Check subsample factors
* avcodec/smc: Check input packet size
* avcodec/cavsdec: Check alpha/beta offset
* avcodec/diracdec: Fix integer overflow in mv computation
* avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
* avcodec/diracdec: Use int64 in global mv to prevent overflow
* avformat/hvcc: zero initialize the nal buffers past the last written byte
* Fri Jul 06 2018 tchvatal@suse.com
- Fix typo in swresample name
* Wed Jul 04 2018 tchvatal@suse.com
- Disable the full build as we are not primary package anywhere
* Wed Jul 04 2018 tchvatal@suse.com
- Fix copy&pasto in package name
* Tue Jul 03 2018 tchvatal@suse.com
- Add macros to allow conflicting with all other devel projects
to ensure we always install only one specific ffmpeg
* Thu Jun 14 2018 tchvatal@suse.com
- Split back all the develpackages to match up ffmpeg3 and ffmpeg4
* Thu Jun 14 2018 tchvatal@suse.com
- Update to new bugfix release 2.8.14:
* Various fixes around, merging the patches previously applied
* See included Changelog for details
- Drop merged patches:
* 0001-avcodec-exr-Check-tile-positions.patch
* 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch
* 0001-avformat-mov-Fix-DoS-in-read_tfra.patch
- Use %autopatch
* Wed Jun 13 2018 tchvatal@suse.com
- Sync with ffmpeg-4
* Tue Sep 12 2017 jengelh@inai.de
- Add patches 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch
[CVE-2017-14223] [boo#1058019],
0001-avformat-mov-Fix-DoS-in-read_tfra.patch
[CVE-2017-14222] [boo#1058020]
* Mon Sep 04 2017 jengelh@inai.de
- Update to new bugfix release 2.8.13
* avformat/hls: Fix DoS due to infinite loop
[CVE-2017-14058] [boo#1056762]
* avformat/asfdec: Fix DoS due to lack of eof check
[CVE-2017-14057] [boo#1056761]
* avformat/cinedec: Fix DoS due to lack of eof check
[CVE-2017-14059] [boo#1056763]
* avformat/rl2: Fix DoS due to lack of eof check
(code not enabled in openSUSE, though in packman)
[CVE-2017-14056] [boo#1056760]
* avformat/mvdec: Fix DoS due to lack of eof check
[CVE-2017-14055] [boo#1056766]
* avformat/mxfdec: Fix Sign error in mxf_read_primer_pack
[CVE-2017-14169] [boo#1057536]
* avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array
[CVE-2017-14170] [boo#1057537]
* avformat/nsvdec: Fix DoS due to lack of eof check in
nsvs_file_offset loop. [CVE-2017-14171] [boo#1057539]
* avutil/pixdesc: av_color_primaries_name NULL deref fixed
[CVE-2017-14225] [boo#1058018]
* Sat Aug 26 2017 jengelh@inai.de
- Unconditionalize celt, ass, openjpeg, webp, libva, vdpau.
* Fri Aug 25 2017 olaf@aepfle.de
- Build unconditionally with lame and twolame
* Mon Jun 19 2017 idonmez@suse.com
- Update to new upstream release 2.8.12
* Lots of integer overflow fixes, see the included Changelog for
full details. bsc#1046211
* Tue Apr 18 2017 jengelh@inai.de
- Enable AC3 and MP3 decoding to match multimedia:libs/ffmpeg (3.x)
* Sat Apr 01 2017 jengelh@inai.de
- Update to new upstream release 2.8.11
* pgssubdec: reset rle_data_len/rle_remaining_len on allocation
error
* avformat/oggdec: Skip streams in duration correction that did
not had their duration set.
* avcodec/mpeg4videodec: Fix undefined shifts in
mpeg4_decode_sprite_trajectory()
* avformat/avidec: skip odml master index chunks in avi_sync
* avcodec/pngdec: Fix off by 1 size in decode_zbuf()
* lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
* lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
* resolved CVE-2016-9561 [boo#1015120],
CVE-2017-7863 [boo#1034179], CVE-2017-7865 [boo#1034177],
CVE-2017-7866 [boo#1034176]
* Sat Apr 01 2017 davejplater@gmail.com
- Update to 2.8.10 to fix boo#1022920 VUL-0: CVE-2016-10190
- Removed patches 0001-avcodec-ansi-Check-dimensions.patch,
0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch,
0001-avformat-avidec-Remove-ancient-assert.patch and
0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch.
They are incorporated in this version.
- Upstream changes:
* avformat/http: Match chunksize checks to master..3.0
* Changelog: fix typos
* ffserver: Check chunk size
* Avoid using the term "file" and prefer "url" in some docs
and comments
* avformat/rtmppkt: Check for packet size mismatches
* zmqsend: Initialize ret to 0
* configure: check for strtoull on msvc
* http: move chunk handling from http_read_stream() to
http_buf_read().
* http: make length/offset-related variables unsigned.
* avcodec/flacdec: Fix undefined shift in decode_subframe()
* avcodec/get_bits: Fix get_sbits_long(0)
* avformat/ffmdec: Check media type for chunks
* avcodec/flacdec: Fix signed integer overflow in
decode_subframe_fixed()
* avcodec/flacdsp_template: Fix undefined shift in
flac_decorrelate_indep_c
* avformat/oggparsespeex: Check frames_per_packet and packet_size
* avformat/utils: Check start/end before computing duration in
update_stream_timings()
* avcodec/flac_parser: Update nb_headers_buffered
* avformat/idroqdec: Check chunk_size for being too large
* filmstripdec: correctly check image dimensions
* mss2: only use error correction for matching block counts
* softfloat: decrease MIN_EXP to cover full float range
* libopusdec: default to stereo for invalid number of channels
* sbgdec: prevent NULL pointer access
* smacker: limit recursion depth of smacker_decode_bigtree
* mxfdec: fix NULL pointer dereference in mxf_read_packet_old
* libschroedingerdec: fix leaking of framewithpts
* libschroedingerdec: don't produce empty frames
* softfloat: handle -INT_MAX correctly
* pnmdec: make sure v is capped by maxval
* smvjpegdec: make sure cur_frame is not negative
* icodec: correctly check avio_read return value
* icodec: fix leaking pkt on error
* dvbsubdec: fix division by zero in compute_default_clut
* proresdec_lgpl: explicitly check coff[3] against slice_data_size
* escape124: reject codebook size 0
* mpegts: prevent division by zero
* matroskadec: fix NULL pointer dereference in
webm_dash_manifest_read_header
* mpegaudio_parser: don't return AVERROR_PATCHWELCOME
* mxfdec: fix NULL pointer dereference
* diracdec: check return code of get_buffer_with_edge
* ppc: pixblockdsp: do unaligned block accesses correctly again
* mpeg12dec: unref discarded picture from extradata
* cavsdec: unref frame before referencing again
* avformat: prevent triggering request_probe assert in ff_read_packet
* avformat/mpeg: Adjust vid probe threshold to correct mis-detection
* avcodec/rv40: Test remaining space in loop of get_dimension()
* avcodec/ituh263dec: Avoid spending a long time in slice sync
* avcodec/movtextdec: Add error message for tsmb_size check
* avcodec/movtextdec: Fix tsmb_size check==0 check
* avcodec/movtextdec: Fix potential integer overflow
* avcodec/sunrast: Fix input buffer pointer check
* avcodec/tscc: Check side data size before use
* avcodec/rawdec: Check side data size before use
* avcodec/msvideo1: Check side data size before use
* avcodec/qpeg: Check side data size before use
* avcodec/qtrle: Check side data size before use
* avcodec/msrle: Check side data size before use
* avcodec/kmvc: Check side data size before use
* avcodec/idcinvideo: Check side data size before use
* avcodec/cinepak: Check side data size before use
* avcodec/8bps: Check side data size before use
* avcodec/dvdsubdec: Fix off by 1 error
* avcodec/dvdsubdec: Fix buf_size check
* vp9: change order of operations in adapt_prob().
* avcodec/interplayvideo: Check side data size before use
* avformat/mxfdec: Check size to avoid integer overflow in
mxf_read_utf16_string()
* avcodec/mpegvideo_enc: Clear mmx state in
ff_mpv_reallocate_putbitbuffer()
* avcodec/utils: Clear MMX state before returning from
avcodec_default_execute*()
* cmdutils: fix typos
* lavfi: fix typos
* lavc: fix typos
* tools: fix grammar error
* avutil/mips/generic_macros_msa: rename macro variable which
causes segfault for mips r6
* videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES
iterations.
* avformat/avidec: Check nb_streams in read_gab2_sub()
* avformat/avidec: Remove ancient assert
* lavc/movtextdec.c: Avoid infinite loop on invalid data.
* avcodec/ansi: Check dimensions
* avcodec/cavsdsp: use av_clip_uint8() for idct
* resolved CVE-2016-10190 [boo#1022920],
CVE-2016-10191 [boo#1022921], CVE-2016-10192 [boo#1022922]
* Sat Feb 11 2017 olaf@aepfle.de
- Make sure each subpkg comes from the same src.rpm
* Fri Oct 28 2016 olaf@aepfle.de
- Enable libfdk_aac if it is available at buildtime
* Sat Oct 08 2016 jengelh@inai.de
- Add 0001-avcodec-ansi-Check-dimensions.patch,
0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch
0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch
0001-avformat-avidec-Remove-ancient-assert.patch [boo#1003806]
* Wed Sep 28 2016 dimstar@opensuse.org
- Have libavcodec56 additionally provide libavcodec56(unrestricted)
when building unrestricted: allow third party packages to require
the unrestricted codec. The existing -full provides is not
suitable as it can be provided by multiple libavcodec* packages,
whereas we require a specific ABI version.