commit ffmpeg for openSUSE:Factory

Thu, 15 Feb 2018 04:20:07 -0800 

Hello community,

here is the log from the commit of package ffmpeg for openSUSE:Factory checked 
in at 2018-02-15 13:19:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ffmpeg (Old)
 and      /work/SRC/openSUSE:Factory/.ffmpeg.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ffmpeg"

Thu Feb 15 13:19:46 2018 rev:39 rq:575798 version:3.4.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/ffmpeg/ffmpeg.changes    2017-12-19 
10:45:15.375673983 +0100
+++ /work/SRC/openSUSE:Factory/.ffmpeg.new/ffmpeg.changes       2018-02-15 
13:19:55.408137837 +0100
@@ -1,0 +2,14 @@
+Mon Feb 12 11:55:47 UTC 2018 - jeng...@inai.de
+
+- Update to new bugfix release 3.4.2
+  * Fix integer overflows, multiplication overflows, undefined
+    shifts, and verify buffer lengths.
+  * avfilter/vf_transpose: Fix used plane count
+    [boo#1078488, CVE-2018-6392]
+  * avcodec/utvideodec: Fix bytes left check in decode_frame()
+    [boo#1079368, CVE-2018-6621] 
+- Enable use of libzvbi for displaying teletext subtitles.
+- Fixed a DoS in swri_audio_convert(), added cve-2017-17555.diff
+  [boo#1072366, CVE-2017-17555].
+
+-------------------------------------------------------------------
@@ -5,0 +20,3 @@
+  * Fixed the gmc_mmx function which failed to validate width
+    and height [boo#1070762, CVE-2017-17081]
+  * Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840]
@@ -54,0 +72,2 @@
+- Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186]
+- Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672]

Old:
----
  ffmpeg-3.4.1.tar.xz
  ffmpeg-3.4.1.tar.xz.asc

New:
----
  cve-2017-17555.diff
  ffmpeg-3.4.2.tar.xz
  ffmpeg-3.4.2.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ffmpeg.spec ++++++
--- /var/tmp/diff_new_pack.AxdkYx/_old  2018-02-15 13:19:57.368066800 +0100
+++ /var/tmp/diff_new_pack.AxdkYx/_new  2018-02-15 13:19:57.372066655 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package ffmpeg
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -30,7 +30,7 @@
 %bcond_with    opencore
 
 Name:           ffmpeg
-Version:        3.4.1
+Version:        3.4.2
 Release:        0
 Summary:        Library for working with various multimedia formats
 License:        LGPL-2.1+ and GPL-2.0+
@@ -47,8 +47,9 @@
 Source99:       baselibs.conf
 Patch1:         ffmpeg-libcdio_cdda-pkgconfig.patch
 Patch2:         ffmpeg-arm6l.diff
-Patch4:         ffmpeg-new-coder-errors.diff
-Patch5:         ffmpeg-codec-choice.diff
+Patch3:         ffmpeg-new-coder-errors.diff
+Patch4:         ffmpeg-codec-choice.diff
+Patch5:         cve-2017-17555.diff
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel
@@ -92,6 +93,7 @@
 BuildRequires:  pkgconfig(xext)
 BuildRequires:  pkgconfig(xfixes)
 BuildRequires:  pkgconfig(zlib)
+BuildRequires:  pkgconfig(zvbi-0.2)
 %if 0%{?BUILD_ORIG}
 %if %{with fdk_aac}
 BuildRequires:  pkgconfig(fdk-aac)
@@ -390,7 +392,7 @@
 
 %prep
 %setup -q
-%patch -P 1 -P 2 -P 4 -P 5 -p1
+%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1
 
 %build
 perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c
@@ -430,6 +432,7 @@
        --enable-libvorbis \
        --enable-libvpx \
        --enable-libwebp \
+       --enable-libzvbi \
        --enable-vaapi \
        --enable-vdpau \
 %if 0%{?BUILD_ORIG}

++++++ cve-2017-17555.diff ++++++
From: Jan Engelhardt <jeng...@inai.de>
Date: 2018-02-12 13:30:29.256158366 +0100

References: https://bugzilla.suse.com/show_bug.cgi?id=1072366
References: CVE-2017-17555

diff --git a/libswresample/audioconvert.c b/libswresample/audioconvert.c
index 96ce84ac44..a2dae9c82d 100644
--- a/libswresample/audioconvert.c
+++ b/libswresample/audioconvert.c
@@ -239,7 +239,7 @@ int swri_audio_convert(AudioConvert *ctx, AudioData *out, 
AudioData *in, int len
         const uint8_t *pi= ich < 0 ? ctx->silence : in->ch[ich];
         uint8_t       *po= out->ch[ch];
         uint8_t *end= po + os*len;
-        if(!po)
+        if (!pi || !po)
             continue;
         ctx->conv_f(po+off*os, pi+off*is, is, os, end);
     }
++++++ ffmpeg-3.4.1.tar.xz -> ffmpeg-3.4.2.tar.xz ++++++
/work/SRC/openSUSE:Factory/ffmpeg/ffmpeg-3.4.1.tar.xz 
/work/SRC/openSUSE:Factory/.ffmpeg.new/ffmpeg-3.4.2.tar.xz differ: char 27, 
line 1

Reply via email to