Hello community, here is the log from the commit of package ffmpeg2 for openSUSE:Factory checked in at 2016-09-30 15:24:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg2 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ffmpeg2" Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg2/ffmpeg2.changes 2016-08-26 23:15:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg2.new/ffmpeg2.changes 2016-09-30 15:24:43.000000000 +0200 @@ -1,0 +2,21 @@ +Tue Sep 27 16:05:27 UTC 2016 - jengelh@inai.de + +- Update to new maintenance release 2.8.8 +* avformat/oggparsevp8: fix pts calculation on pages ending with an invisible frame +* avcodec/mjpegdec: Do not try to detect last scan but apply idct after all scans for progressive jpeg +* avformat/oggparseopus: Check that granule pos is within the supported range +* avformat/utils: Check bps before using it in a shift in ff_get_pcm_codec_id() +* ffmpeg: Check that r_frame_rate is set before attempting to use it +* avformat/utils: Do not compute the bitrate from duration == 0 +* avformat/utils: Check negative bps before shifting in ff_get_pcm_codec_id() +* avformat/avidec: Detect index with too short entries +* avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and libavformat/utils.c +* avformat/allformats: Making av_register_all() thread-safe. +* avcodec/vp9_parser: Check the input frame sizes for being consistent +* avformat/oggdec: Fix integer overflow with invalid pts +* avcodec/ffv1enc: Fix assertion failure with non zero bits per sample +* avcodec/diracdec: Check numx/y +* avformat/avidec: Fix infinite loop in avi_read_nikon() +- Add 0001-avcodec-exr-Check-tile-positions.patch [bnc#998636] + +------------------------------------------------------------------- Old: ---- ffmpeg-2.8.7.tar.xz ffmpeg-2.8.7.tar.xz.asc New: ---- 0001-avcodec-exr-Check-tile-positions.patch ffmpeg-2.8.8.tar.xz ffmpeg-2.8.8.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg2.spec ++++++ --- /var/tmp/diff_new_pack.rMdrHU/_old 2016-09-30 15:24:45.000000000 +0200 +++ /var/tmp/diff_new_pack.rMdrHU/_new 2016-09-30 15:24:45.000000000 +0200 @@ -32,7 +32,7 @@ %bcond_without webp Name: ffmpeg2 -Version: 2.8.7 +Version: 2.8.8 Release: 0 Summary: Library for working with various multimedia formats License: LGPL-2.1+ and GPL-2.0+ @@ -54,6 +54,7 @@ Patch3: ffmpeg-pkgconfig-version.patch Patch4: ffmpeg-new-coder-errors.diff Patch5: ffmpeg-codec-choice.diff +Patch6: 0001-avcodec-exr-Check-tile-positions.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: pkg-config @@ -271,7 +272,7 @@ %prep %setup -qn ffmpeg-%version -%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -p1 %build perl -i -pe 's{__TIME__|__DATE__}{"$&"}g' *.c ++++++ 0001-avcodec-exr-Check-tile-positions.patch ++++++
From 01aee8148d4fa439cce678a11f5110656c98de1f* Mon Sep 17 00:00:00 2001 From: Michael Niedermayer
Date: Wed, 17 Aug 2016 21:22:29 +0200 Subject: [PATCH] avcodec/exr: Check tile positions X-Desc: Backport attempt to 2.8.8 by jengelh@inai.de References: CVE-2016-6920 References: https://bugzilla.suse.com/show_bug.cgi?id=998636
This also disabled the case of mixed x/ymin with tiles, the code
handles these cases inconsistent for the 2 coordinate axis and is
unlikely working correctly.
Fixes crash
Fixes: poc1.exr, poc2.exr
Found-by: Yaoguang Chen of Aliapy unLimit Security Team
Signed-off-by: Michael Niedermayer