Package Release Info


Update Info: openSUSE-2019-547
Available in Package Hub : 12 SP2-SP5





Change Logs

* Sun Jul 22 2018
- Version update to 2.8.15:
  * avcodec/dvdsub_parser: Allocate input padding
  * avcodec/dvdsub_parser: Init output buf/size
  * avcodec/imgconvert: fix possible null pointer dereference
  * swresample/arm: rename labels to fix xcode build error
  * avformat/utils: fix mixed declarations and code
  * libwebpenc_animencoder: add missing braces to struct initialization
  * avformat/movenc: Check input sample count
  * avcodec/mjpegdec: Check for odd progressive RGB
  * avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
  * avformat/mms: Add missing chunksize check
  * avformat/pva: Check for EOF before retrying in read_part_of_packet()
  * avcodec/indeo4: Check for end of bitstream in decode_mb_info()
  * avcodec/shorten: Fix undefined addition in shorten_decode_frame()
  * avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
  * avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
  * avcodec/escape124: Fix spelling errors in comment
  * avcodec/ra144: Fix integer overflow in ff_eval_refl()
  * avcodec/cscd: Check output buffer size for lzo.
  * avcodec/escape124: Check buf_size against num_superblocks
  * avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
  * avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
  * avutil/common: Fix undefined behavior in av_clip_uintp2_c()
  * fftools/ffmpeg: Fallback to duration if sample rate is unavailable
  * avformat/mov: Only set pkt->duration to non negative values
  * avcodec/h264_mc_template: Only prefetch motion if the list is used.
  * avcodec/xwddec: Use ff_set_dimensions()
  * avcodec/wavpack: Fix overflow in adding tail
  * avcodec/shorten: Fix multiple integer overflows
  * avcodec/shorten: Sanity check nmeans
  * avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
  * avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
  * avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
  * avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
  * avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
  * avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
  * avcodec/fic: Avoid some magic numbers related to cursors
  * avcodec/g2meet: ask for sample with overflowing RGB
  * avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
  * avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
  * avcodec/mlpdec: Only change noise_type if the related fields are valid
  * indeo4: Decode all or nothing of a band header.
  * avformat/mov: Only fail for STCO/STSC contradictions if both exist
  * avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
  * avcodec/fic: Check available input space for cursor
  * avcodec/g2meet: Check RGB upper limit
  * avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
  * avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
  * avcodec/g2meet: Change order of operations to avoid undefined behavior
  * avcodec/flac_parser: Fix infinite loop
  * avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
  * avcodec/error_resilience: Fix integer overflow in filter181()
  * avcodec/h263dec: Check slice_ret in mspeg4 slice loop
  * avcodec/elsdec: Fix memleaks
  * avcodec/vc1_block: simplify ac_val computation
  * avcodec/ffv1enc: Check that the crc + version combination is supported
  * lavf/http.c: Free allocated client URLContext in case of error.
  * avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
  * avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
  * avcodec/dfa: Check dimension against maximum
  * avcodec/cinepak: Skip empty frames
  * avcodec/cinepak: move some checks prior to frame allocation
  * swresample/arm: remove unintentional relocation.
  * doc/APIchanges: Fix typos in hashes
  * avformat/utils: Check cur_dts in update_initial_timestamps() more
  * avcodec/utils: Enforce minimum width also for VP5/6
  * avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
  * avcodec/mjpegdec: Check input buffer size.
  * lavc/libopusdec: Allow avcodec_open2 to call .close
  * avcodec/movtextdec: Check style_start/end
  * avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
  * swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
  * avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
  * avcodec/cscd: Error out when LZ* decompression fails
  * avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
  * avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
  * avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
  * avcodec/get_bits: Make sure the input bitstream with padding can be addressed
  * avformat/mov: Check STSC and remove invalid entries
  * avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
  * avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
  * avcodec/wmalosslessdec: Reset num_saved_bits on error path
  * avformat/mov: Fix integer overflows related to sample_duration
  * avformat/oggparseogm: Check lb against psize
  * avformat/oggparseogm: Fix undefined shift in ogm_packet()
  * avformat/avidec: Fix integer overflow in cum_len check
  * avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
  * avformat/utils: Fix integer overflow of fps_first/last_dts
  * libavformat/oggparsevorbis: Fix memleak on multiple headers
  * avcodec/bintext: sanity check dimensions
  * avcodec/utvideodec: Check subsample factors
  * avcodec/smc: Check input packet size
  * avcodec/cavsdec: Check alpha/beta offset
  * avcodec/diracdec: Fix integer overflow in mv computation
  * avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
  * avcodec/diracdec: Use int64 in global mv to prevent overflow
  * avformat/hvcc: zero initialize the nal buffers past the last written byte
* Fri Jul 06 2018
- Fix typo in swresample name
* Wed Jul 04 2018
- Disable the full build as we are not primary package anywhere
* Wed Jul 04 2018
- Fix copy&pasto in package name
* Tue Jul 03 2018
- Add macros to allow conflicting with all other devel projects
  to ensure we always install only one specific ffmpeg
* Thu Jun 14 2018
- Split back all the develpackages to match up ffmpeg3 and ffmpeg4
* Thu Jun 14 2018
- Update to new bugfix release 2.8.14:
  * Various fixes around, merging the patches previously applied
  * See included Changelog for details
- Drop merged patches:
  * 0001-avcodec-exr-Check-tile-positions.patch
  * 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch
  * 0001-avformat-mov-Fix-DoS-in-read_tfra.patch
- Use %autopatch
* Wed Jun 13 2018
- Sync with ffmpeg-4
* Tue Sep 12 2017
- Add patches 0001-avformat-asfdec-Fix-DoS-in-asf_build_simple_index.patch
  [CVE-2017-14223] [boo#1058019],
  [CVE-2017-14222] [boo#1058020]
* Mon Sep 04 2017
- Update to new bugfix release 2.8.13
  * avformat/hls: Fix DoS due to infinite loop
    [CVE-2017-14058] [boo#1056762]
  * avformat/asfdec: Fix DoS due to lack of eof check
    [CVE-2017-14057] [boo#1056761]
  * avformat/cinedec: Fix DoS due to lack of eof check
    [CVE-2017-14059] [boo#1056763]
  * avformat/rl2: Fix DoS due to lack of eof check
    (code not enabled in openSUSE, though in packman)
    [CVE-2017-14056] [boo#1056760]
  * avformat/mvdec: Fix DoS due to lack of eof check
    [CVE-2017-14055] [boo#1056766]
  * avformat/mxfdec: Fix Sign error in mxf_read_primer_pack
    [CVE-2017-14169] [boo#1057536]
  * avformat/mxfdec: Fix DoS issues in mxf_read_index_entry_array
    [CVE-2017-14170] [boo#1057537]
  * avformat/nsvdec: Fix DoS due to lack of eof check in
    nsvs_file_offset loop. [CVE-2017-14171] [boo#1057539]
  * avutil/pixdesc: av_color_primaries_name NULL deref fixed
    [CVE-2017-14225] [boo#1058018]
* Sat Aug 26 2017
- Unconditionalize celt, ass, openjpeg, webp, libva, vdpau.
* Fri Aug 25 2017
- Build unconditionally with lame and twolame
* Mon Jun 19 2017
- Update to new upstream release 2.8.12
  * Lots of integer overflow fixes, see the included Changelog for
    full details. bsc#1046211
* Tue Apr 18 2017
- Enable AC3 and MP3 decoding to match multimedia:libs/ffmpeg (3.x)
* Sat Apr 01 2017
- Update to new upstream release 2.8.11
  * pgssubdec: reset rle_data_len/rle_remaining_len on allocation
  * avformat/oggdec: Skip streams in duration correction that did
  not had their duration set.
  * avcodec/mpeg4videodec: Fix undefined shifts in
  * avformat/avidec: skip odml master index chunks in avi_sync
  * avcodec/pngdec: Fix off by 1 size in decode_zbuf()
  * lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
  * lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
  * resolved CVE-2016-9561 [boo#1015120],
  CVE-2017-7863 [boo#1034179], CVE-2017-7865 [boo#1034177],
  CVE-2017-7866 [boo#1034176]
* Sat Apr 01 2017
- Update to 2.8.10 to fix boo#1022920 VUL-0: CVE-2016-10190
- Removed patches 0001-avcodec-ansi-Check-dimensions.patch,
  0001-avformat-avidec-Remove-ancient-assert.patch and
  They are incorporated in this version.
- Upstream changes:
  * avformat/http: Match chunksize checks to master..3.0
  * Changelog: fix typos
  * ffserver: Check chunk size
  * Avoid using the term "file" and prefer "url" in some docs
  and comments
  * avformat/rtmppkt: Check for packet size mismatches
  * zmqsend: Initialize ret to 0
  * configure: check for strtoull on msvc
  * http: move chunk handling from http_read_stream() to
  * http: make length/offset-related variables unsigned.
  * avcodec/flacdec: Fix undefined shift in decode_subframe()
  * avcodec/get_bits: Fix get_sbits_long(0)
  * avformat/ffmdec: Check media type for chunks
  * avcodec/flacdec: Fix signed integer overflow in
  * avcodec/flacdsp_template: Fix undefined shift in
  * avformat/oggparsespeex: Check frames_per_packet and packet_size
  * avformat/utils: Check start/end before computing duration in
  * avcodec/flac_parser: Update nb_headers_buffered
  * avformat/idroqdec: Check chunk_size for being too large
  * filmstripdec: correctly check image dimensions
  * mss2: only use error correction for matching block counts
  * softfloat: decrease MIN_EXP to cover full float range
  * libopusdec: default to stereo for invalid number of channels
  * sbgdec: prevent NULL pointer access
  * smacker: limit recursion depth of smacker_decode_bigtree
  * mxfdec: fix NULL pointer dereference in mxf_read_packet_old
  * libschroedingerdec: fix leaking of framewithpts
  * libschroedingerdec: don't produce empty frames
  * softfloat: handle -INT_MAX correctly
  * pnmdec: make sure v is capped by maxval
  * smvjpegdec: make sure cur_frame is not negative
  * icodec: correctly check avio_read return value
  * icodec: fix leaking pkt on error
  * dvbsubdec: fix division by zero in compute_default_clut
  * proresdec_lgpl: explicitly check coff[3] against slice_data_size
  * escape124: reject codebook size 0
  * mpegts: prevent division by zero
  * matroskadec: fix NULL pointer dereference in
  * mpegaudio_parser: don't return AVERROR_PATCHWELCOME
  * mxfdec: fix NULL pointer dereference
  * diracdec: check return code of get_buffer_with_edge
  * ppc: pixblockdsp: do unaligned block accesses correctly again
  * mpeg12dec: unref discarded picture from extradata
  * cavsdec: unref frame before referencing again
  * avformat: prevent triggering request_probe assert in ff_read_packet
  * avformat/mpeg: Adjust vid probe threshold to correct mis-detection
  * avcodec/rv40: Test remaining space in loop of get_dimension()
  * avcodec/ituh263dec: Avoid spending a long time in slice sync
  * avcodec/movtextdec: Add error message for tsmb_size check
  * avcodec/movtextdec: Fix tsmb_size check==0 check
  * avcodec/movtextdec: Fix potential integer overflow
  * avcodec/sunrast: Fix input buffer pointer check
  * avcodec/tscc:  Check side data size before use
  * avcodec/rawdec: Check side data size before use
  * avcodec/msvideo1: Check side data size before use
  * avcodec/qpeg:  Check side data size before use
  * avcodec/qtrle:  Check side data size before use
  * avcodec/msrle:  Check side data size before use
  * avcodec/kmvc:  Check side data size before use
  * avcodec/idcinvideo: Check side data size before use
  * avcodec/cinepak: Check side data size before use
  * avcodec/8bps: Check side data size before use
  * avcodec/dvdsubdec: Fix off by 1 error
  * avcodec/dvdsubdec: Fix buf_size check
  * vp9: change order of operations in adapt_prob().
  * avcodec/interplayvideo: Check side data size before use
  * avformat/mxfdec: Check size to avoid integer overflow in
  * avcodec/mpegvideo_enc: Clear mmx state in
  * avcodec/utils: Clear MMX state before returning from
  * cmdutils: fix typos
  * lavfi: fix typos
  * lavc: fix typos
  * tools: fix grammar error
  * avutil/mips/generic_macros_msa: rename macro variable which
  causes segfault for mips r6
  * videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES
  * avformat/avidec: Check nb_streams in read_gab2_sub()
  * avformat/avidec: Remove ancient assert
  * lavc/movtextdec.c: Avoid infinite loop on invalid data.
  * avcodec/ansi: Check dimensions
  * avcodec/cavsdsp: use av_clip_uint8() for idct
  * resolved CVE-2016-10190 [boo#1022920],
  CVE-2016-10191 [boo#1022921], CVE-2016-10192 [boo#1022922]
* Sat Feb 11 2017
- Make sure each subpkg comes from the same src.rpm
* Fri Oct 28 2016
- Enable libfdk_aac if it is available at buildtime
* Sat Oct 08 2016
- Add 0001-avcodec-ansi-Check-dimensions.patch,
  0001-avformat-avidec-Remove-ancient-assert.patch [boo#1003806]
* Wed Sep 28 2016
- Have libavcodec56 additionally provide libavcodec56(unrestricted)
  when building unrestricted: allow third party packages to require
  the unrestricted codec. The existing -full provides is not
  suitable as it can be provided by multiple libavcodec* packages,
  whereas we require a specific ABI version.