Package Release Info


Update Info: openSUSE-2016-1203
Available in Package Hub : 12 SP1-SP5





Change Logs

* Sat Oct 08 2016
- Fix multiple vulnerabilities in ffmpeg [boo#1003806]
  * CVE-2016-7562: out-of-bounds array write fault via specially
    crafted avi files
    add 0001-avcodec-ansi-Check-dimensions.patch
  * CVE-2016-7502: out-of-bounds array write via incorrect block
    add 0001-avcodec-cavsdsp-use-av_clip_uint8-for-idct.patch
  * CVE-2016-7905: null-point-exception when decoding avi files
    with crafted 'gab2' structs
    add 0001-avformat-avidec-Check-nb_streams-in-read_gab2_sub.patch
  * CVE-2016-7555: memory leak when decoding avi files with crafted
    'strh' struct
    add 0001-avformat-avidec-Fix-memleak-with-dv-in-avi.patch
  * CVE-2016-7785: assert fault via avi files with crafted 'strh'
    add 0001-avformat-avidec-Remove-ancient-assert.patch
* Tue Sep 27 2016
- Update to new maintenance release 2.8.8
  * avformat/oggparsevp8: fix pts calculation on pages ending with an invisible frame
  * avcodec/mjpegdec: Do not try to detect last scan but apply idct after all scans for progressive jpeg
  * avformat/oggparseopus: Check that granule pos is within the supported range
  * avformat/utils: Check bps before using it in a shift in ff_get_pcm_codec_id()
  * ffmpeg: Check that r_frame_rate is set before attempting to use it
  * avformat/utils: Do not compute the bitrate from duration == 0
  * avformat/utils: Check negative bps before shifting in ff_get_pcm_codec_id()
  * avformat/avidec: Detect index with too short entries
  * avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and libavformat/utils.c
  * avformat/allformats: Making av_register_all() thread-safe.
  * avcodec/vp9_parser: Check the input frame sizes for being consistent
  * avformat/oggdec: Fix integer overflow with invalid pts
  * avcodec/ffv1enc: Fix assertion failure with non zero bits per sample
  * avcodec/diracdec: Check numx/y
  * avformat/avidec: Fix infinite loop in avi_read_nikon()
- Add 0001-avcodec-exr-Check-tile-positions.patch [bnc#998636]
Version: 2.8.6-2.1
* Tue Feb 02 2016
- Update to version 2.8.6
  * avcodec/jpeg2000dec: More completely check cdef
  * avutil/opt: check for and handle errors in av_opt_set_dict2()
  * avcodec/flacenc: fix calculation of bits required in case
    of custom sample rate
  * avformat: Document urls a bit
  * avformat/libquvi: Set default demuxer and protocol
  * avformat/concat: Check protocol prefix
  * doc/demuxers: Document enable_drefs and use_absolute_path
  * avcodec/mjpegdec: Check for end for both bytes in unescaping
  * avcodec/mpegvideo_enc: Check for integer overflow in
  * avformat/avformat: Replace some references to filenames by
  * avcodec/wmaenc: Check ff_wma_init() for failure
  * avcodec/mpeg12enc: Move high resolution thread check to
    before initializing threads
  * avformat/img2dec: Use AVOpenCallback
  * avformat/avio: Limit url option parsing to the documented
  * avformat/img2dec: do not interpret the filename by default
    if a IO context has been opened
  * avcodec/ass_split: Fix null pointer dereference in
  * mov: Add an option to toggle dref opening
  * avcodec/gif: Fix lzw buffer size
  * avcodec/put_bits: Assert buf_ptr in flush_put_bits()
  * avcodec/tiff: Check subsample & rps values more completely
  * swscale/swscale: Add some sanity checks for srcSlice*
  * swscale/x86/rgb2rgb_template: Fix planar2x() for short
  * swscale/swscale_unscaled: Fix odd height inputs for
  * swscale/swscale_unscaled: Fix odd height inputs for
  * avcodec/aacenc: Check both channels for finiteness
  * asfdec_o: check for too small size in asf_read_unknown
  * asfdec_o: break if EOF is reached after
  * asfdec_o: make sure packet_size is non-zero before seeking
  * asfdec_o: prevent overflow causing seekback
  * asfdec_o: check avio_skip in asf_read_simple_index
  * asfdec_o: reject size > INT64_MAX in asf_read_unknown
  * asfdec_o: only set asf_pkt->data_size after sanity checks
  * Merge commit '8375dc1dd101d51baa430f34c0bcadfa37873896'
  * dca: fix misaligned access in avpriv_dca_convert_bitstream
  * brstm: fix missing closing brace
  * brstm: also allocate b->table in read_packet
  * brstm: make sure an ADPC chunk was read for adpcm_thp
  * vorbisdec: reject rangebits 0 with non-0 partitions
  * vorbisdec: reject channel mapping with less than two
  * ffmdec: reset packet_end in case of failure
  * avformat/ipmovie: put video decoding_map_size into packet
    and use it in decoder
  * avformat/brstm: fix overflow
* Sun Jan 17 2016
- Update to version 2.8.5
  * Fixes CVE-2016-1897 and CVE-2016-1898 [boo#961937]
* Mon Dec 28 2015
- Update to version 2.8.4
  * Many bugfixes, see the included Changelog for all the changes.
  * resolving CVE-2015-8661 [boo#960385], CVE-2015-8662 [boo#960384],
  CVE-2015-8663 [boo#960383]
- Drop ffmpeg-remove_some_unused_ctrl_id_mappings.patch, fixed
* Tue Dec 22 2015
- Obsolete ffmpeg-tools from packman
* Mon Dec 21 2015
- Add some provides to make it easier for firefox to recommend
  this package for installation
* Sat Dec 19 2015
- Added patch ffmpeg-remove_some_unused_ctrl_id_mappings.patch to
  successfully build against libvpx >= 1.5 (at least on PMBS).
* Thu Dec 17 2015
- Add buildconditionals for libass,libva,vdpau to fix build in SLE_11
* Mon Dec 14 2015
- Rename bcond dca to dcadec
- Add more buildconditionals to get closer to removal of BUILD_ORIG
* Wed Dec 09 2015
- Remove unused imlib2
* Mon Dec 07 2015
- Sync with packman changes
  * All packman specific changes are protected with BUILD_ORIG
- Added the following patches
  * ffmpeg-2.4.5-arm6l.patch
  * ffmpeg-libcdio_cdda-pkgconfig.patch
* Sun Nov 29 2015
- Update to new upstream maintenance release 2.8.3
  * avformat/matroskadec: Check subtitle stream before dereferencing
  * avcodec/jpeg2000dec: Fix potential integer overflow with tile
  * avcodec/jpeg2000dec: Check for duplicate SIZ marker
  * avcodec/jpeg2000: Change coord to 32bit to support larger than
  32k width or height
  * avcodec/jpeg2000dec: Check SIZ dimensions to be within the
  supported range
  * avcodec/jpeg2000: Check comp coords to be within the supported
  * dds: validate compressed source buffer size
  * dds: validate source buffer size before copying
  * softfloat: assert when the argument of av_sqrt_sf is negative
- Fixes CVE-2015-8363 [bnc#957114], CVE-2015-8364 [bnc#957115],
  CVE-2015-8365 [bnc#957116]
* Sat Nov 14 2015
- Update to new upstream release 2.8.2, containing fixes for the
  following security issues:
  * CVE-2015-8216 boo#955346
  * CVE-2015-8217 boo#955347
  * CVE-2015-8218 boo#955348
  * CVE-2015-8219 boo#955350
- Upstream changes:
  * various fixes in the aac_fixed decoder
  * various fixes in softfloat
  * swresample/resample: increase precision for compensation
  * lavf/mov: add support for sidx fragment indexes
  * avformat/mxfenc: Only store user comment related tags when needed
  * ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format.
  * apng: use correct size for output buffer
  * jvdec: avoid unsigned overflow in comparison
  * avcodec/jpeg2000dec: Clip all tile coordinates
  * avcodec/microdvddec: Check for string end in 'P' case
  * avcodec/dirac_parser: Fix undefined memcpy() use
  * avformat/xmv: Discard remainder of packet on error
  * avformat/xmv: factor return check out of if/else
  * avcodec/mpeg12dec: Do not call show_bits() with invalid bits
  * avcodec/faxcompr: Add missing runs check in decode_uncompressed()
  * libavutil/channel_layout: Check strtol*() for failure
  * avformat/mpegts: Only start probing data streams within probe_packets
  * avcodec/hevc_ps: Check chroma_format_idc
  * avcodec/ffv1dec: Check for 0 quant tables
  * avcodec/mjpegdec: Reinitialize IDCT on BPP changes
  * avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
  * avcodec/h264_slice: Disable slice threads if there are multiple access units in a packet
  * avformat/hls: update cookies on setcookie response
  * opusdec: Don't run vector_fmul_scalar on zero length arrays
  * avcodec/opusdec: Fix extra samples read index
  * avcodec/ffv1: Initialize vlc_state on allocation
  * avcodec/ffv1dec: update progress in case of broken pointer chains
  * avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons
  * rtsp: Allow $ as interleaved packet indicator before a complete response header
  * videodsp: don't overread edges in vfix3 emu_edge.
  * avformat/mp3dec: improve junk skipping heuristic
  * concatdec: fix file_start_time calculation regression
  * avcodec: loongson optimize h264dsp idct and loop filter with mmi
  * avcodec/jpeg2000dec: Clear properties in jpeg2000_dec_cleanup() too
  * avformat/hls: add support for EXT-X-MAP
  * avformat/hls: fix segment selection regression on track changes of live streams
  * configure: Require libkvazaar < 0.7.
  * avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup
- Drop ffmpeg-mov-sidx-fragment.patch, fixed upstream.
* Sat Oct 31 2015
- Update to new upstream release 2.8.1
  * Minor bugfix release
  * Includes all changes from. Ffmpeg-mt,
    libav master of 2015-08-28, libav 11 as of 2015-08-28
- Add ffmpeg-mov-sidx-fragment.patch to add sidx fragment indexes.
  Needed for new mpv release.
* Wed Sep 09 2015
- Update to new upstream release 2.8
  * DirectDraw Surface image/texture decoder
  * Many improvements to the JPEG 2000 decoder
  * New video filters: colorkey, SSIM, showvolume, adrawgraph,
  drawgraph, removegrain, erosion, dilation, deflate, inflate,
  reverse, atadenoise, aphasemeter, showfreqs, vectorscope,
  waveform, hstack, vstack, framerate
  * New audio filters: Dynamic Audio Normalizer as dynaudnorm
  filter, areverse, random, deband, sidechaincompress,
  * allyuv and allrgb video sources
  * Switched default encoders for webm to VP9 and Opus
  * Removed experimental flag from the JPEG 2000 encoder
* Mon Jul 20 2015
- Update to new upstream release 2.7.2
- webp: fix infinite loop in webp_decode_frame
- huffyuvdec: validate image size
- avcodec/vp8: Check buffer size in vp8_decode_frame_header()
- avcodec/vp8: Fix null pointer dereference in ff_vp8_decode_free()
- avutil/fifo: Fix the case where func() returns less bytes than
  requested in av_fifo_generic_write()
- bytestream2: set the reader to the end when reading more than
- oggparsedirac: check return value of init_get_bits
- vp9/update_prob: prevent out of bounds table read
- avcodec/pngdec: Check values before updating context in
- avcodec/pngdec: Copy IHDR & plte state from last thread
- avcodec/pngdec: Require a IHDR chunk before fctl
- avcodec/pngdec: Only allow one IHDR chunk
- ffmpeg: Do not use the data/size of a bitstream filter
  after failure
* Thu Jun 25 2015
- Enable codecs for audio: PCM, Speex, CELT, FLAC, ILBC, Opus
- Enable codecs for image: BMP/PCX/TGA, TIFF, Sun/SGI/X11 raster
  raw Huff-compressed or uncompressed YUV
- Update to new upstream release 2.7.1
  * postproc: fix unaligned access
  * avcodec/flacenc: Fix Invalid Rice order
  * tls_gnutls: fix hang on disconnection
  * avcodec/ffv1enc: fix bps for >8bit yuv when not explicitly set
  * avio: fix potential crashes when combining ffio_ensure_seekback + crc
  * ffmpeg_opt: Check for localtime() failure
  * configure: Disable VSX on unspecified / generic CPUs
* Thu Jun 25 2015
- Enabled 'bluray' protocol
* Wed Jun 10 2015
- Update to new upstream release 2.7
  * New encoders: apng (PNG with alpha)
  * New decoders: TDSC (a JPEG/BGR24/zlib format)
  * New audio filters: chorus
  * New video filters: cover_rect, detelecine, fftfilt, find_rect
- Enable codecs: 012v, ansi, apng, bmp, exr, ffv1, ffvhuff
  * unpack DivX-style packed B-frames in MPEG-4 bitstream filter
  * WebM Live Chunk Muxer
  * nvenc level and tier options
- Canopus HQ/HQA decoder
- Automatically rotate videos based on metadata in ffmpeg
- improved Quickdraw compatibility
- VP9 high bit-depth and extended colorspaces decoding support
- WebPAnimEncoder API when available for encoding and muxing WebP
- Direct3D11-accelerated decoding
- Support Secure Transport
- Multipart JPEG demuxer
* Sat May 23 2015
- Fix building with BUILD_ORIG
* Sun May 17 2015
- Update to new upstream release 2.6.3
  * avcodec/libtheoraenc: Check for av_malloc failure
  * ffmpeg_opt: Fix -timestamp parsing
  * avcodec/cavsdec: Use ff_set_dimensions()
  * swr: fix alignment issue caused by 8ch sse functions
  * avcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt()
  * avformat/matroskadec: Cleanup error handling for bz2 & zlib
  * avformat/matroskaenc: Check ff_vorbiscomment_length in
  * avcodec/mpeg12dec: use the correct dimensions for checking SAR
  * xcbgrab: Validate the capture area
  * xcbgrab: Do not assume the non shm image data is always available
  * avfilter/lavfutils: disable frame threads when decoding a single
  * ffmpeg: remove incorrect network deinit
  * OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c
  * libvpxenc: only set noise reduction w/vp8
  * vp9: remove another optimization branch in iadst16 which causes
  * network: Do not leave context locked on error
  * vp9: remove one optimization branch in iadst16 which causes
  * swresample: Allow reinitialization without ever setting channel
  * imgutils: initialize palette padding bytes in av_image_alloc
  * id3v2: catch avio_read errors in check_tag
  * avi: Validate sample_size
  * diracdec: avoid overflow of bytes*8 in decode_lowdelay
  * diracdec: prevent overflow in data_unit_size check
  * matroskadec: use uint64_t instead of int for index_scale
  * pngdec: don't use AV_PIX_FMT_MONOBLACK for apng
  * pngdec: return correct error code from decode_frame_common
  * swscale/ppc/swscale_altivec.c: POWER LE support in yuv2planeX_8()
  delete macro GET_VF() it was wrong
  * matroskadec: export cover art correctly
  * mxfenc: don't try to write footer without header
- Enable building avresample for extra API compat
- Remove ffmpeg-pkgconfig-requires.diff: RPM's is
  scanning Requires.private too.
Version: 2.8.10-9.1
* Sat Mar 25 2017
- Update to version 3.1.6 to fix boo#1022920 VUL-0: CVE-2016-10190
- Refreshed all patches
- Upstream changes:
  * http: move chunk handling from http_read_stream() to http_buf_read().
  * http: make length/offset-related variables unsigned.
  * ffserver: Check chunk size
  * Avoid using the term "file" and prefer "url" in some docs and comments
  * avformat/rtmppkt: Check for packet size mismatches
  * zmqsend: Initialize ret to 0
  * avcodec/rawdec: check for side data before checking its size
  * avcodec/flacdec: Fix undefined shift in decode_subframe()
  * avcodec/get_bits: Fix get_sbits_long(0)
  * avformat/ffmdec: Check media type for chunks
  * avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()
  * avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c
  * avformat/oggparsespeex: Check frames_per_packet and packet_size
  * avformat/utils: Check start/end before computing duration in update_stream_timings()
  * avcodec/flac_parser: Update nb_headers_buffered
  * avformat/idroqdec: Check chunk_size for being too large
  * avformat/utils: Fix type mismatch
  * avformat/mpeg: Adjust vid probe threshold to correct mis-detection
  * avcodec/rv40: Test remaining space in loop of get_dimension()
  * avcodec/ituh263dec: Avoid spending a long time in slice sync
  * avcodec/movtextdec: Add error message for tsmb_size check
  * avcodec/movtextdec: Fix tsmb_size check==0 check
  * avcodec/movtextdec: Fix potential integer overflow
  * avcodec/sunrast: Fix input buffer pointer check
  * avcodec/tscc:  Check side data size before use
  * avcodec/rawdec: Check side data size before use
  * avcodec/msvideo1: Check side data size before use
  * avcodec/qpeg:  Check side data size before use
  * avcodec/qtrle:  Check side data size before use
  * avcodec/msrle:  Check side data size before use
  * avcodec/kmvc:  Check side data size before use
  * avcodec/idcinvideo: Check side data size before use
  * avcodec/cinepak: Check side data size before use
  * avcodec/8bps: Check side data size before use
  * avformat/flvdec: Fix regression losing streams
  * avcodec/dvdsubdec: Fix off by 1 error
  * avformat/isom: Fix old API regression with exporting max bitrate
  * avcodec/dvdsubdec: Fix buf_size check
  * vp9: change order of operations in adapt_prob().
  * avcodec/interplayvideo: Check side data size before use
  * mss2: only use error correction for matching block counts
  * softfloat: decrease MIN_EXP to cover full float range
  * libopusdec: default to stereo for invalid number of channels
  * flvdec: require need_context_update when changing codec id
  * pgssubdec: only set w/h/linesize when allocating data
  * sbgdec: prevent NULL pointer access
  * rmdec: validate block alignment
  * smacker: limit recursion depth of smacker_decode_bigtree
  * mxfdec: fix NULL pointer dereference in mxf_read_packet_old
  * ffmdec: validate codec parameters
  * exr: reindent after previous commit
  * exr: fix out-of-bounds read
  * libschroedingerdec: fix leaking of framewithpts
  * libschroedingerdec: don't produce empty frames
  * softfloat: handle -INT_MAX correctly
  * filmstripdec: correctly check image dimensions
  * pnmdec: make sure v is capped by maxval
  * smvjpegdec: make sure cur_frame is not negative
  * icodec: correctly check avio_read return value
  * dvbsubdec: fix division by zero in compute_default_clut
  * proresdec_lgpl: explicitly check coff[3] against slice_data_size
  * escape124: reject codebook size 0
  * icodec: add ico_read_close to fix leaking ico->images
  * icodec: fix leaking pkt on error
  * mpegts: prevent division by zero
  * matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header
  * mpegaudio_parser: don't return AVERROR_PATCHWELCOME
  * mxfdec: fix NULL pointer dereference
  * lzf: update pointer p after realloc
  * diracdec: check return code of get_buffer_with_edge
  * ppc: pixblockdsp: do unaligned block accesses correctly again
  * interplayacm: increase bitstream buffer size by AV_INPUT_BUFFER_PADDING_SIZE
  * interplayacm: validate number of channels
  * interplayacm: check for too large b
  * mpeg12dec: unref discarded picture from extradata
  * cavsdec: unref frame before referencing again
  * dcstr: fix division by zero
  * aiff: check block_align in aiff_read_packet
  * rsd: limit number of channels
  * avformat: prevent triggering request_probe assert in ff_read_packet
  * westwood_aud: prevent division by zero
  * astdec: fix division by zero
  * aiffdec: fix division by zero
  * avcodec/avpacket: fix leak on realloc in av_packet_add_side_data()
  * avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()
  * avcodec/mpegvideo_enc: Clear mmx state in ff_mpv_reallocate_putbitbuffer()
  * avcodec/utils: Clear MMX state before returning from avcodec_default_execute*()
  * doc/examples/demuxing_decoding: Drop AVFrame->pts use
  * libopenjpegenc: fix out-of-bounds reads when filling the edges
  * libopenjpegenc: stop reusing image data buffer for openjpeg 2
  * configure: fix detection of libopenjpeg
  * doc: fix various typos and grammar errors
  * avformat/utils: Update codec_id before using it in the parser init
  * cmdutils: fix typos
  * lavfi: fix typos
  * lavc: fix typos
  * tools: fix grammar error
  * ffmpeg: remove unused and errorneous AVFrame timestamp check
  * Support for MIPS cpu P6600
  * avutil/mips/generic_macros_msa: rename macro variable which causes segfault for mips r6
  * avformat/avidec: Check nb_streams in read_gab2_sub()
  * avformat/avidec: Remove ancient assert
  * avfilter/vf_colorspace: fix range for output colorspace option
  * lavc/mediacodecdec_h264: fix SODB escaping
  * avcodec/nvenc: fix const options for hevc gpu setting
  * avformat/avidec: Fix memleak with dv in avi
  * lavc/movtextdec.c: Avoid infinite loop on invalid data.
  * avcodec/ansi: Check dimensions
  * avcodec/cavsdsp: use av_clip_uint8() for idct
  * avformat/movenc: Check packet in mov_write_single_packet() too
  * avformat/movenc: Factor check_pkt() out
  * avformat/utils: fix timebase error in avformat_seek_file()
  * avcodec/g726: Add missing ADDB output mask
  * avcodec/avpacket: clear side_data_elems
  * avformat/movenc: Check first DTS similar to dts difference
  * avcodec/ccaption_dec: Use simple array instead of AVBuffer
  * avcodec/svq3: Reintroduce slice_type
  * avformat/mov: Fix potential integer overflow in mov_read_keys
  * swscale/swscale_unscaled: Try to fix Rgb16ToPlanarRgb16Wrapper() with slices
  * swscale/swscale_unscaled: Fix packed_16bpc_bswap() with slices
  * avformat/avidec: Fix infinite loop in avi_read_nikon()
  * lavf/utils: Avoid an overflow for huge negative durations.
  * avformat/hls: Fix handling of EXT-X-BYTERANGE streams over 2GB
  * lavc/avpacket: Fix undefined behaviour, do not pass a null pointer to memcpy().
  * lavc/mjpegdec: Do not skip reading quantization tables.
  * cmdutils: fix implicit declaration of SetDllDirectory function