subject:"commit libav for openSUSE\:Factory"

commit libav for openSUSE:Factory

2015-10-12 Thread h_root

Hello community,

here is the log from the commit of package libav for openSUSE:Factory checked 
in at 2015-10-12 10:02:57

Comparing /work/SRC/openSUSE:Factory/libav (Old)
 and  /work/SRC/openSUSE:Factory/.libav.new (New)


Package is "libav"

Changes:

--- /work/SRC/openSUSE:Factory/libav/libav.changes  2015-06-16 
14:06:26.0 +0200
+++ /work/SRC/openSUSE:Factory/.libav.new/libav.changes 2015-10-12 
10:03:30.0 +0200
@@ -1,0 +2,6 @@
+Fri Oct  9 22:09:09 UTC 2015 - mplus...@suse.com
+
+- Add for for CVE-2015-5479
+  * CVE-2015-5479.patch
+
+---

New:

  CVE-2015-5479.patch



Other differences:
--
++ libav.spec ++
--- /var/tmp/diff_new_pack.nBXBxS/_old  2015-10-12 10:03:31.0 +0200
+++ /var/tmp/diff_new_pack.nBXBxS/_new  2015-10-12 10:03:31.0 +0200
@@ -31,6 +31,8 @@
 Group:  Development/Libraries/C and C++
 Url:https://libav.org/
 Source: http://%{name}.org/releases/%{name}-%{version}.tar.xz
+# fix for CVE-2015-5479 upstream commit 
0a49a62f998747cfa564d98d36a459fe70d3299b
+Patch0: CVE-2015-5479.patch
 BuildRequires:  libgsm-devel
 BuildRequires:  pkg-config
 BuildRequires:  yasm
@@ -208,6 +210,7 @@
 
 %prep
 %setup -q
+%patch0 -p1
 
 # Remove build time references so build-compare can do its work
 FAKE_BUILDTIME=$(LC_ALL=C date -u -r %{_sourcedir}/%{name}.changes '+%%H:%%M')

++ CVE-2015-5479.patch ++
From: Luca Barbato 
Date: Fri, 26 Jun 2015 13:57:16 + (+0200)
Subject: h263: Always check both dimensions
X-Git-Url: 
https://git.libav.org/?p=libav.git;a=commitdiff_plain;h=0a49a62f998747cfa564d98d36a459fe70d3299b

h263: Always check both dimensions

CC: libav-sta...@libav.org
Found-By: a...@gentoo.org
---

Index: libav-11.4/libavcodec/ituh263dec.c
===
--- libav-11.4.orig/libavcodec/ituh263dec.c
+++ libav-11.4/libavcodec/ituh263dec.c
@@ -30,6 +30,7 @@
 #include 
 
 #include "libavutil/attributes.h"
+#include "libavutil/imgutils.h"
 #include "libavutil/internal.h"
 #include "libavutil/mathematics.h"
 #include "avcodec.h"
@@ -866,7 +867,7 @@ end:
 /* most is hardcoded. should extend to handle all h263 streams */
 int ff_h263_decode_picture_header(MpegEncContext *s)
 {
-int format, width, height, i;
+int format, width, height, i, ret;
 uint32_t startcode;
 
 align_get_bits(&s->gb);
@@ -917,8 +918,6 @@ int ff_h263_decode_picture_header(MpegEn
 /* H.263v1 */
 width = ff_h263_format[format][0];
 height = ff_h263_format[format][1];
-if (!width)
-return -1;
 
 s->pict_type = AV_PICTURE_TYPE_I + get_bits1(&s->gb);
 
@@ -1071,6 +1070,9 @@ int ff_h263_decode_picture_header(MpegEn
 s->qscale = get_bits(&s->gb, 5);
 }
 
+if ((ret = av_image_check_size(s->width, s->height, 0, s)) < 0)
+return ret;
+
 s->mb_width = (s->width  + 15) / 16;
 s->mb_height = (s->height  + 15) / 16;
 s->mb_num = s->mb_width * s->mb_height;

commit libav for openSUSE:Factory

2015-06-16 Thread h_root

Hello community,

here is the log from the commit of package libav for openSUSE:Factory checked 
in at 2015-06-16 14:06:19

Comparing /work/SRC/openSUSE:Factory/libav (Old)
 and  /work/SRC/openSUSE:Factory/.libav.new (New)


Package is "libav"

Changes:

--- /work/SRC/openSUSE:Factory/libav/libav.changes  2015-04-21 
10:53:02.0 +0200
+++ /work/SRC/openSUSE:Factory/.libav.new/libav.changes 2015-06-16 
14:06:26.0 +0200
@@ -1,0 +2,47 @@
+Tue Jun 16 09:10:41 UTC 2015 - mplus...@suse.com
+
+- Update to 11.4
+  * h264: Make sure reinit failures mark the context as not 
+initialized (CVE-2015-3417)
+  * msrle: Use FFABS to determine the frame size in 
+msrle_decode_pal4 (CVE-2015-3395)
+  * cavs: Remove an unneeded scratch buffer
+  * configure: Disable i686 for i586 and lower CPUs (debian/783082)
+  * mjpegenc: Fix JFIF header byte ordering (bug/808)
+  * nut: Make sure to clean up on read_header failure
+  * png: Set the color range as full range
+  * avi: Validate sample_size
+  * nut: Check chapter creation in decode_info_header
+  * alac: Reject rice_limit 0 if compression is used
+  * ape: Support _ files with nblock smaller than 64
+  * mux: Do not leave stale side data pointers in 
+ff_interleave_add_packet()
+  * avresample: Reallocate the internal buffer to the correct size 
+(bug/825)
+  * mpegts: Update the PSI/SI table only if the version change
+  * rtsp: Make sure we don't write too many transport entries into 
+a fixed-size array
+  * rtpenc_jpeg: Handle case of picture dimensions not dividing 
+by 8
+  * mov: Fix little endian audio detection
+  * x86: Put COPY3_IF_LT under HAVE_6REGS (gentoo/541930)
+  * roqvideoenc: set enc->avctx in roq_encode_init
+  * mp3: Properly use AVCodecContext API
+  * libvpx: Fix mixed use of av_malloc() and av_reallocp()
+  * Revert "lavfi: always check av_expr_parse_and_eval() return 
+value"
+  * alsdec: only adapt order for positive max_order
+  * alsdec: check sample pointer range in 
+revert_channel_correlation
+  * aacpsy: correct calculation of minath in psy_3gpp_init
+  * alsdec: limit avctx->bits_per_raw_sample to 32
+  * aasc: return correct buffer size from aasc_decode_frame
+  * matroskadec: fix crash when parsing invalid mkv
+  * avconv: do not overwrite the stream codec context for 
+streamcopy
+  * webp: ensure that each transform is only used once
+  * h264_ps: properly check cropping parameters against overflow
+  * hevc: zero the correct variables on invalid crop parameters
+  * hevc: make the crop sizes unsigned
+
+---

Old:

  libav-11.3.tar.xz

New:

  libav-11.4.tar.xz



Other differences:
--
++ libav.spec ++
--- /var/tmp/diff_new_pack.5UIJMM/_old  2015-06-16 14:06:27.0 +0200
+++ /var/tmp/diff_new_pack.5UIJMM/_new  2015-06-16 14:06:27.0 +0200
@@ -24,7 +24,7 @@
 %define avutilso  libavutil-libav54
 %define swscaleso libswscale-libav3
 Name:   libav
-Version:11.3
+Version:11.4
 Release:0
 Summary:Library working with various multimedia formats
 License:GPL-2.0+

++ libav-11.3.tar.xz -> libav-11.4.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libav-11.3/Changelog new/libav-11.4/Changelog
--- old/libav-11.3/Changelog2015-03-09 02:54:09.0 +0100
+++ new/libav-11.4/Changelog2015-05-31 16:56:19.0 +0200
@@ -1,6 +1,42 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+version 11.4:
+
+ - h264: Make sure reinit failures mark the context as not initialized 
(CVE-2015-3417)
+ - msrle: Use FFABS to determine the frame size in msrle_decode_pal4 
(CVE-2015-3395)
+ - cavs: Remove an unneeded scratch buffer
+ - configure: Disable i686 for i586 and lower CPUs (debian/783082)
+ - mjpegenc: Fix JFIF header byte ordering (bug/808)
+ - nut: Make sure to clean up on read_header failure
+ - png: Set the color range as full range
+ - avi: Validate sample_size
+ - nut: Check chapter creation in decode_info_header
+ - alac: Reject rice_limit 0 if compression is used
+ - ape: Support _ files with nblock smaller than 64
+ - mux: Do not leave stale side data pointers in ff_interleave_add_packet()
+ - avresample: Reallocate the internal buffer to the correct size (bug/825)
+ - mpegts: Update the PSI/SI table only if the version change
+ - rtsp: Make sure we don't write too many transport entries into a fixed-size 
array
+ - rtpenc_jpeg: Handle case of picture dimensions not dividing by 8
+ - mov: Fix little endian audio detection
+ - x86: Put COPY3_IF_LT

commit libav for openSUSE:Factory

2015-04-21 Thread h_root

Hello community,

here is the log from the commit of package libav for openSUSE:Factory checked 
in at 2015-04-21 10:52:58

Comparing /work/SRC/openSUSE:Factory/libav (Old)
 and  /work/SRC/openSUSE:Factory/.libav.new (New)


Package is "libav"

Changes:

--- /work/SRC/openSUSE:Factory/libav/libav.changes  2015-03-28 
18:38:23.0 +0100
+++ /work/SRC/openSUSE:Factory/.libav.new/libav.changes 2015-04-21 
10:53:02.0 +0200
@@ -1,0 +2,32 @@
+Mon Apr 20 07:56:59 UTC 2015 - mplus...@suse.com
+
+- Update to 11.3
+  * utvideodec: Handle slice_height being zero (CVE-2014-9604)
+  * adxdec: set avctx->channels in adx_read_header
+  * rmenc: limit packet size
+  * webp: validate the distance prefix code
+  * rv10: check size of s->mb_width * s->mb_height
+  * eamad: check for out of bounds read (CID/1257500)
+  * mdec: check for out of bounds read (CID/1257501)
+  * configure: Properly fail when libcdio/cdparanoia is not found
+  * tiff: Check that there is no aliasing in pixel format selection 
+(CVE-2014-8544)
+  * aic: Fix decoding files with odd dimensions
+  * vorbis: Check the vlc value in setup_classifs
+  * arm: Suppress tags about used cpu arch and extensions
+  * prores: Extend the padding check to 16bit
+  * icecast: Do not use chunked post, allows feeding to icecast 
+properly
+  * img2dec: correctly use the parsed value from -start_number
+  * h264_cabac: Break infinite loops
+  * hevc_deblock: Fix compilation with nasm (libav #795)
+  * h264: initialize H264Context.avctx in init_thread_copy
+  * h264: Do not share rbsp_buffer across threads
+  * h264: only ref cur_pic in update_thread_context if it is 
+initialized
+  * matroskadec: Fix read-after-free in matroska_read_seek() 
+(chromium #427266)
+  * log: Unbreak no-tty support on 256color terminals
+- Swith to pkgconfig style dependencies
+
+---

Old:

  libav-11.2.tar.xz

New:

  libav-11.3.tar.xz



Other differences:
--
++ libav.spec ++
--- /var/tmp/diff_new_pack.cDJrmL/_old  2015-04-21 10:53:02.0 +0200
+++ /var/tmp/diff_new_pack.cDJrmL/_new  2015-04-21 10:53:02.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package libav
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,41 +24,40 @@
 %define avutilso  libavutil-libav54
 %define swscaleso libswscale-libav3
 Name:   libav
-Version:11.2
+Version:11.3
 Release:0
 Summary:Library working with various multimedia formats
 License:GPL-2.0+
 Group:  Development/Libraries/C and C++
 Url:https://libav.org/
 Source: http://%{name}.org/releases/%{name}-%{version}.tar.xz
-BuildRequires:  alsa-devel
-BuildRequires:  freetype2-devel
-BuildRequires:  frei0r-plugins-devel
-BuildRequires:  gnutls-devel
-BuildRequires:  libSDL-devel
-BuildRequires:  libX11-devel
-BuildRequires:  libXext-devel
-BuildRequires:  libXfixes-devel
-BuildRequires:  libbz2-devel
-BuildRequires:  libcdio-paranoia-devel
-BuildRequires:  libdc1394-devel
 BuildRequires:  libgsm-devel
-BuildRequires:  libjack-devel
-BuildRequires:  libopus-devel
-BuildRequires:  libpulse-devel
-BuildRequires:  libraw1394-devel
-BuildRequires:  libtheora-devel
-BuildRequires:  libva-devel
-BuildRequires:  libvdpau-devel
-BuildRequires:  libvorbis-devel
-BuildRequires:  libvpx-devel
-BuildRequires:  openjpeg-devel
-BuildRequires:  pkgconfig
-BuildRequires:  schroedinger-devel
-BuildRequires:  speex-devel
-BuildRequires:  xz
+BuildRequires:  pkg-config
 BuildRequires:  yasm
-BuildRequires:  zlib-devel
+BuildRequires:  pkgconfig(alsa)
+BuildRequires:  pkgconfig(bzip2)
+BuildRequires:  pkgconfig(freetype2)
+BuildRequires:  pkgconfig(frei0r)
+BuildRequires:  pkgconfig(gnutls)
+BuildRequires:  pkgconfig(jack)
+BuildRequires:  pkgconfig(libcdio_paranoia)
+BuildRequires:  pkgconfig(libdc1394-2)
+BuildRequires:  pkgconfig(libopenjpeg)
+BuildRequires:  pkgconfig(libpulse)
+BuildRequires:  pkgconfig(libraw1394)
+BuildRequires:  pkgconfig(libva)
+BuildRequires:  pkgconfig(opus)
+BuildRequires:  pkgconfig(schroedinger-1.0)
+BuildRequires:  pkgconfig(sdl)
+BuildRequires:  pkgconfig(speex)
+BuildRequires:  pkgconfig(theora)
+BuildRequires:  pkgconfig(vdpau)
+BuildRequires:  pkgconfig(vorbis)
+BuildRequires:  pkgconfig(vpx)
+BuildRequires:  pkgconfig(x11)
+BuildRequires:  pkgconfig(xext)
+BuildRequires:  pkgconfig(xfixes)
+BuildRequires:  pkgconfig(zlib)
 BuildRoot:  %{_tmppath}/%{name}-%{versio

commit libav for openSUSE:Factory

commit libav for openSUSE:Factory

commit libav for openSUSE:Factory

3 matches

Site Navigation

Mail list logo

Footer information