-
libav (6:9.20-0ubuntu0.14.04.1) trusty-security; urgency=medium
* SECURITY UPDATE: Updated to 9.20 to fix various crashes with
invalid-free, corrupted double-linked list or out-of-bounds read
(LP: #1643467)
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 07 Dec 2016 15:36:50 -0500
-
libav (6:9.18-0ubuntu0.14.04.1) trusty-security; urgency=medium
* Update to 9.18 to fix multiple security issues (LP: #1432610,
LP: #1370175)
- CVE-2013-7020
- CVE-2014-8542
- CVE-2014-8543
- CVE-2014-8544
- CVE-2014-8547
- CVE-2014-8548
- CVE-2014-9604
-- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 08:16:54 -0400
-
libav (6:9.16-0ubuntu0.14.04.1) trusty-security; urgency=medium
* New upstream release 9.14:
- vp3: Copy all 3 frames for thread updates (CVE-2011-3934)
- mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263)
- mpegts: Define the section length with a constant
- error_concealment: avoid using the picture if not fully setup (CVE-2013-0860)
- svq1: do not modify the input packet
- cdgraphics: do not return 0 from the decode function
- cdgraphics: switch to bytestream2 (CVE-2013-3674)
- huffyuvdec: check width size for yuv422p (CVE-2013-0848)
- mmvideo: check horizontal coordinate too (CVE-2013-3672)
- wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098)
- lavc: Check the image size before calling get_buffer (CVE-2011-3935)
- huffyuv: Check and propagate function return values (CVE-2013-0868)
- h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946)
- h264_sei: check SEI size
- pgssubdec: Check RLE size before copying (CVE-2013-0852)
- fate: Add dependencies for dct/fft/mdct/rdft tests
- video4linux2: Avoid a floating point exception
- vf_select: Drop a debug av_log with an unchecked double to enum conversion
- eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851)
-- Reinhard Tartler <email address hidden> Sat, 09 Aug 2014 19:50:43 -0400
-
libav (6:9.14-0ubuntu0.14.04.1) trusty-security; urgency=medium
* New upstream release 9.14:
- Many security fixes issues LP: #1341216
- adpcm: Write the proper predictor in trellis mode in IMA QT
- adpcm: Avoid reading out of bounds in the IMA QT trellis encoder
- Check mp3 header before calling avpriv_mpegaudio_decode_header() (bug/705)
- Check if an mp3 header is using a reserved sample rate
- lzo: Handle integer overflow (bug/704)
- avconv: make -shortest work with streamcopy
* Drop broken dpkg-maintscript, LP: #1315672
-- Reinhard Tartler <email address hidden> Sat, 12 Jul 2014 18:33:45 -0400
-
libav (6:9.13-0ubuntu0.14.04.1) trusty-security; urgency=medium
* Merge from unstable, remaining changes:
- build-depend on libtiff5-dev rather than libtiff4-dev,
avoids FTBFS caused by imlib
* New upstream release 9.13:
- Many security fixes issues LP: #1277173
- swscale: Fix an undefined behaviour
- matroska: add the Opus mapping
- mp3enc: Properly write bitrate value in XING header (Closes: #736088)
- origin/pu/9 oggdec: add support for Opus in Ogg demuxing
(Fixes: libav/603, Closes: #720563)
- apedec: do not buffer decoded samples over AVPackets (Closes: #744901)
- isom: lpcm in mov default to big endian
- movdec: handle 0x7fff langcode as macintosh per the specs
- h264: reset next_output_pic earlier in start_frame()
(Fixes: libav/672, Closes: #741240, LP: #1288206)
- rtmpproto: Make sure to pass on the error code if read_connect failed
- lavr: allocate the resampling buffer with a positive size
- tiffdec: use bytestream2 to simplify overread/overwrite protection
- resample: fix avresample_get_delay() return value
- avi: Improve non-interleaved detection (Fixes: libav/666)
- af_channelmap: fix ONE_STR mapping mode
- movenc: allow override of "writing application" tag
- matroskaenc: allow override of "writing application" tag
- avfilter: Add missing emms_c when needed
- build: Use pkg-config for openjpeg (Fixes: libav/387)
- mpeg12: check scantable indices in all decode_block functions
- sgidec: fix buffer size check in expand_rle_row()
- adx: check that the offset is not negative
- mpegvideo: set reference/pict_type on generated reference frames
- h264: Fix various crashes found in samples pointed by Mateusz
"j00ru" Jurczyk and Gynvael Coldwind - Thanks!
* Rebuild is reported to fix vaapi, Closes: #745655
* Fix invocation of dpkg-maintscript helper, LP: #1315672
* cleanup leftovers of the former libav-source package
* Simplify listing packages with dh_listpackage
* Drop transitional arch:all -extra- packages
* Bump standards version to 3.9.5, no changes needed
libav (6:9.11-4) unstable; urgency=medium
* Imported Upstream version 9.11
- bumped severity because of many security relevant changes
- update freetype header detection
libav (6:9.11-3) unstable; urgency=low
* Add upstream patch to enable PIC on s390(x), Closes: #726733
libav (6:9.11-2ubuntu3) utopic; urgency=high
* No change rebuild against librtmp1.
-- Reinhard Tartler <email address hidden> Sun, 04 May 2014 16:11:03 -0400
-
libav (6:9.11-2ubuntu2) trusty; urgency=medium
* No-change rebuild for x264 soname bump.
-- Matthias Klose <email address hidden> Mon, 24 Mar 2014 05:55:46 +0000
-
libav (6:9.11-2ubuntu1) trusty; urgency=low
* Merge from unstable, remaining changes:
- build-depend on libtiff5-dev rather than libtiff4-dev,
avoids FTBFS caused by imlib
* This version of libav supports Opus in Ogg (LP: #1265196)
libav (6:9.11-2) unstable; urgency=low
* Avoid the use of pipes to not cover segfaulting libavcodecs (cf. #726733)
* refactor call_and_install_avconv_dump functionality
* Rebuild against libfreetype 2.5.1 (closes: #731307)
* i386 shared builds must be optimized for 586, (closes: 728928, #688384)
libav (6:9.11-1) unstable; urgency=low
* Imported Upstream version 9.11
- drop patch mathematics-remove-asserts-from-av_rescale_rnd.patch,
merged upstream
- mathematics: remove asserts from av_rescale_rnd, (Closes: #718805)
* Support Opus in Ogg containers (Closes: #733884, 720563)
* Refactor conffile moving
* No longer build-depend on libtiff4-dev. Closes: #736020
* Disable opencv filter because of #737584
* Check upstream OpenPGP signatures (Closes: #723692)
libav (6:9.10-3) unstable; urgency=low
* Add upstream patch: mathematics: remove asserts from av_rescale_rnd
Closes: #718805
* Remove the makeinfo patch, it just disables generation of the html
equivalents of the manpages
* No longer build-depend on libtiff4-dev. Closes: #736020
libav (6:9.10-2) unstable; urgency=low
[ Fabian Greffrath ]
* Fix upstream changelog link in previous changelog entry.
* Transition from the "texi2html" utility to the "makeinfo" utility from the
texinfo package, fixes build-depends-on-obsolete-package lintian error and
addresses <https://lists.debian.org/debian-devel/2013/05/msg01516.html>.
* debhelper (>= 9) is now available in stable and old-bpo.
* Use "set -e" in the body of the libav-tools maintainer scripts.
* Fix vcs-field-not-canonical lintian warning.
* Set executable permissions for qt-faststart, fixes unstripped-binary-or-object
lintian warning.
* Fix some spelling errors detected by lintian.
[ Reinhard Tartler ]
* compile against libtiff5-dev
* Drop some special code paths for building the ubuntu flavor
(no longer necessary over there)
-- Reinhard Tartler <email address hidden> Sun, 02 Mar 2014 14:57:25 -0500
-
libav (6:9.10-1ubuntu7) trusty; urgency=medium
* Drop build-deps arch restriction for libav, bootstrap complete.
-- Dimitri John Ledkov <email address hidden> Mon, 23 Dec 2013 20:00:22 +0000
-
libav (6:9.10-1ubuntu6) trusty; urgency=medium
* Disable altivec optimization for all build flavours on ppc64*.
-- Dimitri John Ledkov <email address hidden> Mon, 23 Dec 2013 14:47:28 +0000
-
libav (6:9.10-1ubuntu5) trusty; urgency=medium
* Build altivec flavor on powerpc only.
-- Dimitri John Ledkov <email address hidden> Mon, 23 Dec 2013 09:47:10 +0000
-
libav (6:9.10-1ubuntu4) trusty; urgency=medium
* Add altivec flavor build for ppc64,ppc64el.
-- Dimitri John Ledkov <email address hidden> Mon, 23 Dec 2013 09:37:09 +0000
-
libav (6:9.10-1ubuntu3) trusty; urgency=medium
* Specify --enable-pic for ppc64, ppc64el.
-- Dimitri John Ledkov <email address hidden> Mon, 23 Dec 2013 09:22:44 +0000
-
libav (6:9.10-1ubuntu2) trusty; urgency=medium
* Bootstrap libav on ppc64el.
-- Dimitri John Ledkov <email address hidden> Mon, 23 Dec 2013 03:45:49 +0000
-
libav (6:9.10-1ubuntu1) trusty; urgency=low
* Build all -extra flavors from this source package, as libav got demoted
from main to universe, cf LP: #1243235
* Simplify debian/rules to follow exactly the code that debian executes
* New upstream (LP: #1180288) fixes lots of security issues (LP: #1242802)
* Merge from unstable, remaining changes:
- build-depend on libtiff5-dev rather than libtiff4-dev,
avoids FTBFS caused by imlib
- follow the regular debian codepaths
libav (6:9.10-1) unstable; urgency=medium
* New upstream release 9.10
* Too many security related upstream changes to list here, please cf. to
upstream changelog:
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.9
* Urgency set to medium because new upstream release fixes many security issues.
* Do not accidentally overwrite installed binaries from different flavors.
Thanks to Fabian Greffrath for the patch (Closes: #725956)
libav (6:9.9-1) experimental; urgency=low
* New upstream release 9.9
* Too many security related upstream changes to list here, please cf. to
upstream changelog. Closes: #717009
libav (6:9.8-2) unstable; urgency=low
* Upload to unstable
* Weaken dependencies on libx264, opencv and frei0r for now to allow
compilation. This dependency will be tightened as soon as the
libraries have been updated in unstable.
libav (6:9.8-1) experimental; urgency=low
* New upstream release 9.8, Closes: #716734, #716735
* Upstream Changes:
- kmvc: Clip pixel position to valid range
- kmvc: Use fixed sized arrays in the context
- indeo: Reject negative array indexes
- indeo: Check for reference when inheriting motion vectors
- indeo: Properly forward the error codes
- mjpeg: Check the unescaped size for overflows
- wmapro: Error out on impossible scale factor offsets
- wmapro: Check the min_samples_per_subframe
- wmapro: Return early on unsupported condition
- wmapro: Check num_vec_coeffs against the actual available buffer
- wmapro: Make sure there is room to store the current packet
- lavc: Move put_bits_left in put_bits.h
- 4xm: Do not overread the source buffer in decode_p_block
- 4xm: Check bitstream_size boundary before using it
libav (6:9.7-1) experimental; urgency=low
* New upstream release 9.7, Most of the following fixes resulted from
test samples that the Google Security Team has kindly made available:
- 4xm: fix several programming errors to avoid crashes, etc.
- apetag: use int64_t for filesize
- jpegls: Fix invalid writes to memory
- ljpeg: use the correct number of components in YUV
- mjpeg: Validate sampling factors
- mjpegdec: properly report unsupported disabled features
- mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac
- mpegvideo: allocate sufficiently large scratch buffer for interlaced vid
- pixdesc: mark gray8 as pseudopal
- smacker: fix several programming errors to avoid crashes, etc.
- tiff: do not overread the source buffer
- vmd: drop incomplete chunks and spurious samples
- vmdav: convert to bytestream2 to avoid invalid reads and writes
- wavpack: check packet size early
- wavpack: use bytestream2 in wavpack_decode_block
- wavpack: validate samples size parsed in wavpack_decode_block
libav (6:9.6-2) experimental; urgency=low
* Tighten build dependency on libx264, Closes: #709817
* Introduce the libavcodec-extra meta-package
* No longer check for --enable-dirac switch
* Bump standards version
* Cleanup some obsolete Package relationship fields
* Drop obsolete DM-Upload field
* libavcodec-extra: add misc:Depends substvar
* Factor out binary-indep builds
* Install tool HTML documentation into libav-tools package
libav (6:9.6-1) experimental; urgency=low
* New Upstream release 9.6
- wav: Always seek to an even offset, Bug #500, LP: #1174737
- various security relevant patches
libav (6:9.5-1) experimental; urgency=low
* New Upstream version 9.5:
- Most of the following fixes resulted from test samples that
the Google Security Team has kindly made available
libav (6:9.4-1) experimental; urgency=low
* Imported Upstream version 9.4
- h264: check for luma and chroma bit dept being equal (CVE-2013-2277)
- iff: validate CMAP palette size (CVE-2013-2495)
- Thus, closes: #703200
* debian/watch: download xz files and tigthen checks
libav (6:9.3-1) experimental; urgency=low
[ Jonas Smedegaard ]
* Stop using CDBS.
[ Reinhard Tartler ]
* Imported Upstream version 9.2 (never uploaded, though)
* Imported Upstream version 9.3:
- Fixes CVE-2013-0894
* drop 02-fix-build-on-non-armv5te.patch, merged upstream
libav (6:9.1-3) experimental; urgency=low
* Build-depend on libopus-dev.
* Stop needlessly build-depending on libcv-dev.
* Tighten build-dependencies on frei0r-plugins-dev, libopencv-dev and
libx264-dev, to use experimental packages.
* Have libav-tools and libavfilter3 suggest frei0r-plugins.
* Add upstream patch 02 to fix build on armel without armv5te support.
libav (6:9.1-2) experimental; urgency=low
[ Jonas Smedegaard ]
* Document all licensing of binary packages in README.Debian (not
partly as comment in copyright file), to avoid confusing source
issued licenses with binary resolved licensing.
[ Reinhard Tartler ]
* Bump shlibs to 6:9.1-1
* Fix internal shlibs
libav (6:9.1-1) experimental; urgency=low
[ Jonas Smedegaard ]
* Rewrite copyright file using copyright format 1.0.
Closes: bug#694657. Thanks to Francesco Poli.
* Include CDBS utils.mk, to track future copyright/licensing changes.
Build-depend on cdbs. Update README.source.
[ Reinhard Tartler ]
* Imported Upstream version 9
- New releases fixes (among others) CVE-2012-2882 CVE-2012-5359
CVE-2012-5360 CVE-2012-5361, Closes: #694483
* drop debian/recordshow.sh
* ignore shlib-with-non-pic-code also for libavcodec-extra-54
* make libavcodec54/libavcodec-extra-54 properly conflict/replace each other
libav (6:9~beta3-1) experimental; urgency=low
* New upstream version.
libav (6:9~beta2-4) experimental; urgency=low
* Fix compilation on the buildds
libav (6:9~beta2-3) experimental; urgency=low
* Include all post 9beta2 patches
- Fixes linking with libavfilter/libavutil, Closes: #693040
* libavresample1: Unbreak partial updates by adding Replaces
relationship with libavresample0, Closes: #693327
* Fix installation of doxygen HTML pages.
* add lintian override for libavcodec-extra-54
libav (6:9~beta2-2) experimental; urgency=low
* add post 9 beta2 patches
* import bits from ubuntu to minimize the diff
* Remove stale Conflicts/Replaces on libavutil51, fixes instability
issues with libavutil51.
libav (6:9~beta2-1) experimental; urgency=low
* new upstream release: libav 9 beta2
* Imported Upstream version 9~beta2
* SONAME bump: libavutil51->libavutil52, (Closes: #691088)
* bump shlibs file
* fix package names to follow correct soname of libavresample1
libav (6:9~beta1-1) experimental; urgency=low
[ Fabian Greffrath ]
* Imported Upstream version 6:0.8.99-3213-gd16860a
[ Andres Mejia ]
* Update libav-doc doc base. (Closes: #674139)
[ Fabian Greffrath ]
* Use the cond_enable() macro for all additional features in
debian/confflags.
* Tidy up and sort configuration flags.
* Add a debian/README.source file that describes how to rebuild libav with a
reduced feature set in order to avoid circular build-dependencies for
bootstrapping.
* Restrict Build-Depends to "yasm [any-amd64 any-i386]" and explicitely
disable it if not found.
[ Reinhard Tartler ]
* add dependency on libavcodec54 to libav-dbg
* add Pre-Depend on dpkg to libav-tools to ensure smooth updates
* libav-tools.install: make files to install more explicit
[ Loïc Minier ]
* Install the shared flavor last
* control/Uploaders: update my email address
[ Reinhard Tartler ]
* Declare a 'Breaks' relationship against mplayer, Closes: #671934
* Bug fix: "Multi-Arch: foreign libraries", thanks to Stepan Golosunov.
* Remove Multi-arch header from the empty, transitional -extra- packages
[ Fabian Greffrath ]
* Mention qt-faststart in the long description (Closes: #681491.)
* Install all debug symbols into libav-dbg (Closes: #680602).
* Do not run doxygen if it is not installed.
* Fix up debian/changelog and get dependencies right accordingly.
[ Reinhard Tartler ]
* Make libav-extra-dbg arch:all
* Fix generation of shlibs file (Closes: #679542)
[ Fabian Greffrath ]
* Also make libav-regular-dbg 'arch: all' for consistency with the other debug packages.
* Fix generation of shlibs file not only for libavcodec*, but for all the other library packages as well.
* Use xz compression for binary packages, thanks Ansgar Burchardt (Closes: #683895).
[ Reinhard Tartler ]
* Drop the package libav-regular-dbg
[ Fabian Greffrath ]
* Clarify relations between libavcodec54 and libavcodec-extra-54 in debian/control.
[ Reinhard Tartler ]
* New Upstream version: 9 beta1
* remove compatibility links for ff* tools.
* New release fixes all known CVE entries so far (Closes: #688847)
* libav-dbg: avoid dependency on 'ffmpeg' package
* remove package libav-extra-dbg
* allow co-installation of libav-dbg with libavcodec-extra-54
* temporarily disable libopus support until #690563 is fixed
libav (6:0.8.99-1537-gacb2c79-2) experimental; urgency=low
[ Rico Tzschichholz ]
* Fix lintian-overrides after soname bump
* Fix some conflicts/replaces
* Bump shlibs version
[ Reinhard Tartler ]
* Update changelog
libav (6:0.8.99-1537-gacb2c79-1) experimental; urgency=low
* New upstream snapshot
- Drop patches applied upstream
- Longer build libpostproc, dropped upstream
- follow soname bump of libavcodec and libavformat 53->54
- New library: libswresample
* no longer build and use dirac, removed upstream in favor of libschroedinger
* remove deprecated ffmpeg package
* bump shlibs version
libav (6:0.8.8-1) unstable; urgency=low
* Imported Upstream version 0.8.7, new releases fixes a number of
security relevant patches.
* backport patch from upstream to make samplefmt auto-aling buffers
(Closes: #713856)
-- Reinhard Tartler <email address hidden> Tue, 22 Oct 2013 23:24:08 -0400
-
libav (6:0.8.7-1ubuntu2) saucy; urgency=low
* debian/patches/{05-aarch64-support.patch,06-aarch64-pie.patch}:
- Backport basic aarch64 support from git.
-- William Grant <email address hidden> Fri, 11 Oct 2013 16:59:06 +1100