Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dav1d for openSUSE:Factory checked
in at 2024-06-13 15:37:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dav1d (Old)
and /work/SRC/openSUSE:Factory/.dav1d.new.19518 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dav1d"
Thu Jun 13 15:37:52 2024 rev:38 rq:1180243 version:1.4.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/dav1d/dav1d.changes 2024-05-28
17:27:51.033884565 +0200
+++ /work/SRC/openSUSE:Factory/.dav1d.new.19518/dav1d.changes 2024-06-13
15:38:10.054298579 +0200
@@ -1,0 +2,8 @@
+Wed Jun 12 15:13:55 UTC 2024 - Luigi Baldoni <aloi...@gmx.com>
+
+- Update to version 1.4.3
+ * AArch64: Fix potential out of bounds access in DotProd H/HV
+ filters
+ * cli: Prevent buffer over-read
+
+-------------------------------------------------------------------
Old:
----
dav1d-1.4.2.tar.gz
New:
----
dav1d-1.4.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dav1d.spec ++++++
--- /var/tmp/diff_new_pack.lnsDPt/_old 2024-06-13 15:38:10.514315364 +0200
+++ /var/tmp/diff_new_pack.lnsDPt/_new 2024-06-13 15:38:10.518315511 +0200
@@ -19,7 +19,7 @@
%define sover 7
Name: dav1d
-Version: 1.4.2
+Version: 1.4.3
Release: 0
Summary: An AV1 decoder
License: BSD-2-Clause
++++++ dav1d-1.4.2.tar.gz -> dav1d-1.4.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dav1d-1.4.2/NEWS new/dav1d-1.4.3/NEWS
--- old/dav1d-1.4.2/NEWS 2024-05-25 10:03:32.000000000 +0200
+++ new/dav1d-1.4.3/NEWS 2024-06-12 15:17:10.000000000 +0200
@@ -1,3 +1,11 @@
+Changes for 1.4.3 'Road Runner':
+--------------------------------
+
+1.4.3 is a small release focused on security issues
+ - AArch64: Fix potential out of bounds access in DotProd H/HV filters
+ - cli: Prevent buffer over-read
+
+
Changes for 1.4.2 'Road Runner':
--------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dav1d-1.4.2/meson.build new/dav1d-1.4.3/meson.build
--- old/dav1d-1.4.2/meson.build 2024-05-25 10:03:32.000000000 +0200
+++ new/dav1d-1.4.3/meson.build 2024-06-12 15:17:10.000000000 +0200
@@ -1,4 +1,4 @@
-# Copyright © 2018-2022, VideoLAN and dav1d authors
+# Copyright © 2018-2024, VideoLAN and dav1d authors
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
project('dav1d', ['c'],
- version: '1.4.2',
+ version: '1.4.3',
default_options: ['c_std=c99',
'warning_level=2',
'buildtype=release',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dav1d-1.4.2/src/arm/64/mc_dotprod.S
new/dav1d-1.4.3/src/arm/64/mc_dotprod.S
--- old/dav1d-1.4.2/src/arm/64/mc_dotprod.S 2024-05-25 10:03:32.000000000
+0200
+++ new/dav1d-1.4.3/src/arm/64/mc_dotprod.S 2024-06-12 15:17:10.000000000
+0200
@@ -52,14 +52,12 @@
// Shuffle indices to permute horizontal samples in preparation for input to
// SDOT instructions. The 8-tap horizontal convolution uses sample indices in
the
-// interval of [-3, 4] relative to the current sample position. We load samples
-// from index value -4 to keep loads word aligned, so the shuffle bytes are
-// translated by 1 to handle this.
+// interval of [-3, 4] relative to the current sample position.
.align 4
L(h_tbl_neon_dotprod):
- .byte 1, 2, 3, 4, 2, 3, 4, 5, 3, 4, 5, 6, 4, 5, 6, 7
- .byte 5, 6, 7, 8, 6, 7, 8, 9, 7, 8, 9, 10, 8, 9, 10, 11
- .byte 9, 10, 11, 12, 10, 11, 12, 13, 11, 12, 13, 14, 12, 13, 14, 15
+ .byte 0, 1, 2, 3, 1, 2, 3, 4, 2, 3, 4, 5, 3, 4, 5, 6
+ .byte 4, 5, 6, 7, 5, 6, 7, 8, 6, 7, 8, 9, 7, 8, 9, 10
+ .byte 8, 9, 10, 11, 9, 10, 11, 12, 10, 11, 12, 13, 11, 12, 13, 14
// Vertical convolutions are also using SDOT instructions, where a 128-bit
// register contains a transposed 4x4 matrix of values. Subsequent iterations
of
@@ -683,7 +681,7 @@
mov w13, 0x2002 // FILTER_WEIGHT * 128 +
rounding
dup v27.4s, w13 // put H overrides this
.endif
- sub \src, \src, #4 // src - 4
+ sub \src, \src, #3 // src - 3
ubfx w9, \mx, #7, #7
and \mx, \mx, #0x7F
ubfx w11, w14, #7, #7 // for HV
@@ -699,7 +697,7 @@
// HV cases
cmp \h, #4
csel w14, w14, w11, le
- sub \src, \src, \s_strd, lsl #1 // src - s_strd * 2 - 4
+ sub \src, \src, \s_strd, lsl #1 // src - s_strd * 2 - 3
add \xmy, x12, x14, lsl #3 // subpel V filter address
mov x15, x30
ldr d7, [\xmy]
@@ -711,7 +709,7 @@
b.ne L(\type\()_6tap_hv_\isa) // vertical != SHARP1
// HV 8-tap cases
- sub \src, \src, \s_strd // src - s_strd * 3 - 4
+ sub \src, \src, \s_strd // src - s_strd * 3 - 3
cmp \w, #4
b.eq 40f
.ifc \type, put
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dav1d-1.4.2/tools/input/parse.h
new/dav1d-1.4.3/tools/input/parse.h
--- old/dav1d-1.4.2/tools/input/parse.h 2024-05-25 10:03:32.000000000 +0200
+++ new/dav1d-1.4.3/tools/input/parse.h 2024-06-12 15:17:10.000000000 +0200
@@ -89,6 +89,8 @@
buf_size--;
if (extension_flag) {
+ if (!buf_size)
+ return -1;
buf++;
buf_size--;
// ignore fields
