Publishing details
Changelog
libav (6:11.7-1~deb8u1~ubuntu14.04.1~ppa1) trusty; urgency=medium
* No-change backport to trusty
libav (6:11.7-1~deb8u1) jessie-security; urgency=medium
* New upstream release fixing a security issue.
- mov: Check the entries value when parsing dref boxes (CVE-2016-3062)
* debian/patches/CVE-2016-2326.patch: Removed, included upstream.
libav (6:11.6-1~deb8u1) jessie-security; urgency=medium
* New upstream release fixing multiple security issues.
- concat: disable by default (CVE-2016-1897, CVE-2016-1898)
- aac_parser: add required padding for GetBitContext buffer
- ac3_parser: add required padding for GetBitContext buffer
- imc: add required padding for GetBitContext buffer
- h263: Always check both dimensions
- opusdec: properly handle mismatching configurations in multichannel
streams
- mov: Correctly allocate ctts_data
- aac: Wait to know the channels before allocating frame
- rtpdec_asf: Check memory allocation and free memory on error
- jack: Check memory allocation
- mov: Check memory allocation
- mkv: Correctly report the latest packet had been flushed
- aic: Fix slice size computation for widths multiples of 32 macroblocks
- webp: Make sure enough bytes are available
- g726: Do not crash on user mistake
- bytestream2: set the reader to the end when reading more than available
- vp7: bound checking in vp7_decode_frame_header
- mux: Make sure that the data is actually written
- file: properly forward errors from file_read() and file_write()
- mmvideo: Make sure the rle does not write over the frame boundaries
- opus: Buffer the samples from the correct offset
- nut: Use the correct codec_tag when multiple are available
- truemotion2: Fix the buffer check
- mimic: Always return on failure
- msnwc_tcp: Correctly report failure
- rpza: Check the blocks left before processing one
- dvdsubdec: Validate the RLE offsets
- avi: Validate the stream-id for DV as well
- mov: Use the correct type for size
* debian/confflags: Force --disable-protocol=concat.
* debian/patches/CVE-2016-2326.patch: avformat/asfenc: Check pts.
(CVE-2016-2326)
libav (6:11.4-1~deb8u1) jessie-security; urgency=high
[ Sebastian Ramacher ]
* New upstream release fixing multiple security issues.
- h264: Make sure reinit failures mark the context as not initialized
(CVE-2015-3417)
- msrle: Use FFABS to determine the frame size in msrle_decode_pal4
(CVE-2015-3395)
- cavs: Remove an unneeded scratch buffer
- configure: Disable i686 for i586 and lower CPUs (debian/783082)
- mjpegenc: Fix JFIF header byte ordering (bug/808)
- nut: Make sure to clean up on read_header failure
- png: Set the color range as full range
- avi: Validate sample_size
- nut: Check chapter creation in decode_info_header
- alac: Reject rice_limit 0 if compression is used
- ape: Support _0000 files with nblock smaller than 64
- mux: Do not leave stale side data pointers in ff_interleave_add_packet()
- avresample: Reallocate the internal buffer to the correct size (bug/825)
- mpegts: Update the PSI/SI table only if the version change
- rtsp: Make sure we don't write too many transport entries into a
fixed-size array
- rtpenc_jpeg: Handle case of picture dimensions not dividing by 8
- mov: Fix little endian audio detection
- x86: Put COPY3_IF_LT under HAVE_6REGS (gentoo/541930)
- roqvideoenc: set enc->avctx in roq_encode_init
- mp3: Properly use AVCodecContext API
- libvpx: Fix mixed use of av_malloc() and av_reallocp()
- Revert "lavfi: always check av_expr_parse_and_eval() return value"
- alsdec: only adapt order for positive max_order
- alsdec: check sample pointer range in revert_channel_correlation
- aacpsy: correct calculation of minath in psy_3gpp_init
- alsdec: limit avctx->bits_per_raw_sample to 32
- aasc: return correct buffer size from aasc_decode_frame
- matroskadec: fix crash when parsing invalid mkv
- avconv: do not overwrite the stream codec context for streamcopy
- webp: ensure that each transform is only used once
- h264_ps: properly check cropping parameters against overflow
- hevc: zero the correct variables on invalid crop parameters
- hevc: make the crop sizes unsigned
[ Reinhard Tartler]
* drop 01-configure-disable-i686-for-i586
libav (6:11.3-1+deb8u1) jessie; urgency=medium
* Fix use of illegal instruction on i586. (Closes: #783082)
- debian/confflags: Pass correct value to --cpu. Thanks to Bernhard
Übelacker for the patch.
- debian/patches:
+ 01-configure-disable-i686-for-i586.patch: Upstream patch to disable
i686 instructions on i586.
+ 02-configure-disable-ebx-gcc-4.9.patch: Workaround build failure with
gcc 4.9 and newer by disabling the use of ebx in handwritten assembler
code. Thanks to Bernhard Übelacker for the initial patch.
libav (6:11.3-1) unstable; urgency=medium
* New upstream release fixing multiple security issues.
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- adxdec: set avctx->channels in adx_read_header
- rmenc: limit packet size
- webp: validate the distance prefix code
- rv10: check size of s->mb_width * s->mb_height
- eamad: check for out of bounds read (CID/1257500)
- mdec: check for out of bounds read (CID/1257501)
- configure: Properly fail when libcdio/cdparanoia is not found
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- aic: Fix decoding files with odd dimensions
- vorbis: Check the vlc value in setup_classifs
- arm: Suppress tags about used cpu arch and extensions
- prores: Extend the padding check to 16bit
- icecast: Do not use chunked post, allows feeding to icecast properly
- img2dec: correctly use the parsed value from -start_number
- h264_cabac: Break infinite loops
- hevc_deblock: Fix compilation with nasm (libav #795)
- h264: initialize H264Context.avctx in init_thread_copy
- h264: Do not share rbsp_buffer across threads
- h264: only ref cur_pic in update_thread_context if it is initialized
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266)
- log: Unbreak no-tty support on 256color terminals
libav (6:11.2-1) unstable; urgency=medium
* New upstream release fixing multiple security issues. (Closes: #773626)
- h264: restore a block mistakenly removed in e10fd08a
- on2avc: check number of channels (CVE-2014-8549)
- smc: fix the bounds check (CVE-2014-8548)
- gifdec: refactor interleave end handling (CVE-2014-8547)
- mmvideo: check frame dimensions (CVE-2014-8543)
- jvdec: check frame dimensions (CVE-2014-8542)
- mjpegdec: check for pixel format changes (CVE-2014-8541)
- mov: avoid a memleak when multiple stss boxes are present
- vc1: Do not assume seek happens after decoding
- avconv: Use the mpeg12 private option scan_offset (Closes: #773055)
- xsub: Support DXSA subtitles
- mp3dec: fix reading the Xing tag
- matroskaenc: write correct Display{Width, Height} in stereo encoding
- configure: Fix enabling memalign_hack automatically
- mp3enc: fix a triggerable assert
- latm: Do not give a score for a single instance
- mp3: Tweak the probe scores
- matroskaenc: write correct Display{Width, Height} in stereo encoding
- coverity: Fix most of the reported warnings and issues
* debian/control: Add myself to Uploaders.
libav (6:11.1-1) unstable; urgency=medium
* Team upload.
* Upload to unstable.
libav (6:11.1-1~exp1) experimental; urgency=medium
[ upstream ]
* New release.
+ Replace lena.pnm.
Closes: bug#771126.
+ Treat all '*.pnm' files as non-text file.
+ opusdec: Ensure all substreams have same number of coded samples.
+ lavu: Fix memory leaks by using a mutex instead of atomics.
+ lavu: Add wrappers for the pthreads mutex API.
+ mp3enc: Fix a triggerable assert.
+ resample: Avoid off-by-1 errors in PTS calcs.
+ imc: Fix order of operations in coefficients read.
+ hevc_mvs: Ensure to always initialize the temporal MV fully.
+ hevc_mvs: Initialize the temporal MV in case of missing ref.
+ h264: Reset ret to avoid propagating minor failures.
+ hevc: Initialize mergecand_list to 0.
+ mpeg12: Always invoke the get_format() callback.
+ h264: Always invoke the get_format() callback.
+ Update default FATE URL for release/11.
+ apetag: Fix APE tag size check.
[ Jonas Smedegaard ]
* Drop patches now included upstream.
libav (6:11-2) unstable; urgency=medium
* add patches post v11 release, all of which will be included in the
next point release:
- 0001-apetag-Fix-APE-tag-size-check.patch
- 0002-Update-default-FATE-URL-for-release-11.patch
- 0003-h264-Always-invoke-the-get_format-callback.patch
- 0004-mpeg12-Always-invoke-the-get_format-callback.patch
- 0005-hevc-Initialize-mergecand_list-to-0.patch
- 0006-h264-reset-ret-to-avoid-propagating-minor-failures.patch
- 0007-hevc_mvs-initialize-the-temporal-MV-in-case-of-missi.patch
- 0008-hevc_mvs-make-sure-to-always-initialize-the-temporal.patch
- 0009-imc-fix-order-of-operations-in-coefficients-read.patch
- 0010-resample-Avoid-off-by-1-errors-in-PTS-calcs.patch
libav (6:11-1) unstable; urgency=low
* Upload final 11 release
- matroskadec: parse stereo mode on decoding (Closes: #757185)
libav (6:11~beta1-3) unstable; urgency=low
* Add post-release upstream patches
* Remove unapplied patches
* Remove /etc/avserver.conf (Closes: #760763)
libav (6:11~beta1-2) unstable; urgency=medium
[ Reinhard Tartler ]
* Make libavcodec-dev depend on libavresample-dev
[ Rico Tzschichholz ]
* Some fixes and leftovers from soname bumps
libav (6:11~beta1-1) experimental; urgency=low
* New upstream Release v11~alpha2
* build against libgnutls28-dev (Closes: #758447)
* Bump shlibs
libav (6:11~alpha2-1) experimental; urgency=low
* New upstream Release v11~alpha2
- ffv1dec: check global parameters (CVE-2013-7020)
- mpegts: Check writing a PMTs (CVE-2014-2263)
- avcodec: Postpone FF_IDCT_XVIDMMX removal until the next version
bump (fixes gst-libav FTBFS)
* Bump shlibs
* Add helper scripts for doing mass rebuilds
libav (6:11~alpha1-1) experimental; urgency=low
* New upstream Release v11~alpha1
- Fixes Unchecked conversion from double to enum (Closes: #749164)
* Add some post v11_alpha1 patches from upstream
* All SONAMEs bumped because of internal changes, but external API is
promised to have not changed
libav (6:10.4-1) unstable; urgency=medium
* New Upstream Release v10.3
- mpegts: Do not try to write a PMT larger than SECTION_SIZE
(CVE-2014-2263)
- mpegts: Define the section length with a constant
- ffv1dec: check that global parameters do not change in version 0/1
(CVE-2013-7020)
- h264: fix interpretation of interleaved stereo modes
- svq1: do not modify the input packet
- cdgraphics: do not return 0 from the decode function
- cdgraphics: switch to bytestream2 (CVE-2013-3674)
- jpeg2000: enable 4 component pixel formats
- stereo3d: add missing include guards
- huffyuvdec: check width size for yuv422p (CVE-2013-0848)
- mmvideo: check horizontal coordinate too (CVE-2013-3672)
- wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098)
* build against libgnutls28-dev (Closes: #758447)
libav (6:10.3-1) unstable; urgency=medium
* New Upstream Release v10.3
- huffyuv: Check and propagate function return values (CVE-2013-0868)
- h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946)
- pgssubdec: Check RLE size before copying (CVE-2013-0852)
- video4linux2: Avoid a floating point exception
- vf_select: Drop a debug av_log with an unchecked double to enum conversion
- librtmp: Don't free the temp url at the end of rtmp_open
- arm: Avoid using the 'setend' instruction on ARMv7 and newer
- avplay: Handle pixel aspect ratio properly
- eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851)
- pg2meet: allow size changes within original sizes
- af_compand: make sure request_frame always outputs at least one frame
libav (6:10.2-2) unstable; urgency=low
[ Reinhard Tartler ]
* Fixed typo in debian/NEWS (Closes: #753453)
[ Stefan Lippers-Hollmann ]
* libavcodec-extra: declare as Section: metapackages (Closes: #747921)
libav (6:10.2-1) unstable; urgency=high
* Bumping severity for critical LZO security issue.
* New Upstream Release v10.2
- aarch64: Use the correct syntax for relocations (Closes: #751856,
- LP: #1323144)
- ppc: Fix compilation for ppc64le (ELFv2) (LP: #1263802)
- avconv: make -shortest work with streamcopy
- lzo: Handle integer overflow (Reported by Don A. Bailey)
- Check if an mp3 header is using a reserved sample rate.
- Check mp3 header before calling avpriv_mpegaudio_decode_header().
- jpeg2000: fix dereferencing invalid pointers during cleanup
- avpacket: fix copying side data in av_packet_copy_props()
- oggenc: Set the right AVOption size for the pref_duration option
- adpcm: Avoid reading out of bounds in the IMA QT trellis encoder
- adpcm: Write the proper predictor in trellis mode in IMA QT
* No longer build avserver (Closes: #734335)
* Clarify licensing in debian/copyright (Closes: #698019)
libav (6:10.1-1) unstable; urgency=low
* New upstream release 10:
- pcm-dvd: Fix 20bit decoding (bug/592)
- avi: Improve non-interleaved detection (bug/666)
- arm: hpeldsp: fix put_pixels8_y2_{,no_rnd_}armv6
- arm: hpeldsp: prevent overreads in armv6 asm (bug/646)
- avfilter: Add missing emms_c when needed
- rtmpproto: Check the buffer sizes when copying app/playpath strings
- swscale: Fix an undefined behaviour
- vp9: Read the frame size as unsigned
- dcadec: Use correct channel count in stereo downmix check
- dcadec: Do not decode the XCh extension when downmixing to stereo
- matroska: add the Opus mapping
- matroskadec: read the CodecDelay element
- rtmpproto: Make sure to pass on the error code if read_connect failed
- lavr: allocate the resampling buffer with a positive size
- mp3enc: Properly write bitrate value in XING header (Closes: #736088)
- golomb: Fix the implementation of get_se_golomb_long
* Drop debian/libav-tools.maintscript. ffserver is no longer found in
stable, and this seems to cause other problems today (Closes: #742676)
libav (6:10-2) experimental; urgency=low
* Recompile against libx264-142 and librtmp1
* Bump standards version, no changes needed
* Drop Andres Meija from uploaders. Thanks Andres for your contributions
to the libav package! (Closes: #743526).
libav (6:10-1) experimental; urgency=low
* New upstream release 10. Full changelog avaialble at:
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10
libav (6:10~beta2-2) experimental; urgency=low
* Drop unnecessary packages: libavformat-extra-, libavutil-extra,
libavfilter-extra and libavdevice-extra.
* Incorporate post-beta2 patches, including the icy header detection
patches (Closes: #740421)
* Add a note about 'ffmpeg' in libav-tools's package description
(Closes: #729469)
libav (6:10~beta2-1) experimental; urgency=low
* New Upstream release 10_beta2. This upstream git snapshot has too many
changes to list here, cf. to the upstream Changelog:
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10_beta2
libav (6:10~beta1-2) experimental; urgency=low
* New Upstream release 10_beta1. This upstream git snapshot has too many
changes to list here, cf. to the upstream Changelog:
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10_beta1
- works with H.264 that has different bit depth between chroma and luma,
Closes: #738599
* Bump shlibs
libav (6:10~alpha2-1) experimental; urgency=low
* New Upstream release 10_alpha2. This upstream git snapshot has too many
changes to list here, cf. to the upstream Changelog:
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10_alpha2
libav (6:10~alpha1-1) experimental; urgency=low
* New Upstream release 10_alpha1. This upstream git snapshot has too many
changes to list here, cf. to the upstream Changelog:
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10_alpha1
- Opus in Ogg demuxing Closes: #733884, #720563, LP: #1265196
- avprobe output is now standard INI or JSON. Closes: #715467
- Properly working defaults in libx264 wrapper, Closes: #687048
- avconv -t option can now be used for inputs, to limit the duration of
data read from an input file, Closes: #722003
-- Micah Gersten <email address hidden> Tue, 14 Jun 2016 16:28:18 -0500
Builds
Package files