Format: 1.8 Date: Tue, 14 Jun 2016 16:28:18 -0500 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source Version: 6:11.7-1~deb8u1~ubuntu14.04.1~ppa1 Distribution: trusty Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: Micah Gersten Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra - Libav codec library (additional codecs meta-package) libavcodec-extra-56 - Libav codec library (additional codecs) libavcodec56 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice55 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter5 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat56 - Libav file format library libavresample-dev - Development files for libavresample libavresample2 - Libav audio resampling library libavutil-dev - Development files for libavutil libavutil54 - Libav utility library libswscale-dev - Development files for libswscale libswscale3 - Libav video scaling library Closes: 687048 698019 715467 720563 722003 729469 733884 734335 736088 738599 740421 742676 743526 747921 749164 751856 753453 757185 758447 760763 771126 773055 773626 783082 Launchpad-Bugs-Fixed: 1263802 1265196 1323144 Changes: libav (6:11.7-1~deb8u1~ubuntu14.04.1~ppa1) trusty; urgency=medium . * No-change backport to trusty . libav (6:11.7-1~deb8u1) jessie-security; urgency=medium . * New upstream release fixing a security issue. - mov: Check the entries value when parsing dref boxes (CVE-2016-3062) * debian/patches/CVE-2016-2326.patch: Removed, included upstream. . libav (6:11.6-1~deb8u1) jessie-security; urgency=medium . * New upstream release fixing multiple security issues. - concat: disable by default (CVE-2016-1897, CVE-2016-1898) - aac_parser: add required padding for GetBitContext buffer - ac3_parser: add required padding for GetBitContext buffer - imc: add required padding for GetBitContext buffer - h263: Always check both dimensions - opusdec: properly handle mismatching configurations in multichannel streams - mov: Correctly allocate ctts_data - aac: Wait to know the channels before allocating frame - rtpdec_asf: Check memory allocation and free memory on error - jack: Check memory allocation - mov: Check memory allocation - mkv: Correctly report the latest packet had been flushed - aic: Fix slice size computation for widths multiples of 32 macroblocks - webp: Make sure enough bytes are available - g726: Do not crash on user mistake - bytestream2: set the reader to the end when reading more than available - vp7: bound checking in vp7_decode_frame_header - mux: Make sure that the data is actually written - file: properly forward errors from file_read() and file_write() - mmvideo: Make sure the rle does not write over the frame boundaries - opus: Buffer the samples from the correct offset - nut: Use the correct codec_tag when multiple are available - truemotion2: Fix the buffer check - mimic: Always return on failure - msnwc_tcp: Correctly report failure - rpza: Check the blocks left before processing one - dvdsubdec: Validate the RLE offsets - avi: Validate the stream-id for DV as well - mov: Use the correct type for size * debian/confflags: Force --disable-protocol=concat. * debian/patches/CVE-2016-2326.patch: avformat/asfenc: Check pts. (CVE-2016-2326) . libav (6:11.4-1~deb8u1) jessie-security; urgency=high . [ Sebastian Ramacher ] * New upstream release fixing multiple security issues. - h264: Make sure reinit failures mark the context as not initialized (CVE-2015-3417) - msrle: Use FFABS to determine the frame size in msrle_decode_pal4 (CVE-2015-3395) - cavs: Remove an unneeded scratch buffer - configure: Disable i686 for i586 and lower CPUs (debian/783082) - mjpegenc: Fix JFIF header byte ordering (bug/808) - nut: Make sure to clean up on read_header failure - png: Set the color range as full range - avi: Validate sample_size - nut: Check chapter creation in decode_info_header - alac: Reject rice_limit 0 if compression is used - ape: Support _0000 files with nblock smaller than 64 - mux: Do not leave stale side data pointers in ff_interleave_add_packet() - avresample: Reallocate the internal buffer to the correct size (bug/825) - mpegts: Update the PSI/SI table only if the version change - rtsp: Make sure we don't write too many transport entries into a fixed-size array - rtpenc_jpeg: Handle case of picture dimensions not dividing by 8 - mov: Fix little endian audio detection - x86: Put COPY3_IF_LT under HAVE_6REGS (gentoo/541930) - roqvideoenc: set enc->avctx in roq_encode_init - mp3: Properly use AVCodecContext API - libvpx: Fix mixed use of av_malloc() and av_reallocp() - Revert "lavfi: always check av_expr_parse_and_eval() return value" - alsdec: only adapt order for positive max_order - alsdec: check sample pointer range in revert_channel_correlation - aacpsy: correct calculation of minath in psy_3gpp_init - alsdec: limit avctx->bits_per_raw_sample to 32 - aasc: return correct buffer size from aasc_decode_frame - matroskadec: fix crash when parsing invalid mkv - avconv: do not overwrite the stream codec context for streamcopy - webp: ensure that each transform is only used once - h264_ps: properly check cropping parameters against overflow - hevc: zero the correct variables on invalid crop parameters - hevc: make the crop sizes unsigned . [ Reinhard Tartler] * drop 01-configure-disable-i686-for-i586 . libav (6:11.3-1+deb8u1) jessie; urgency=medium . * Fix use of illegal instruction on i586. (Closes: #783082) - debian/confflags: Pass correct value to --cpu. Thanks to Bernhard Übelacker for the patch. - debian/patches: + 01-configure-disable-i686-for-i586.patch: Upstream patch to disable i686 instructions on i586. + 02-configure-disable-ebx-gcc-4.9.patch: Workaround build failure with gcc 4.9 and newer by disabling the use of ebx in handwritten assembler code. Thanks to Bernhard Übelacker for the initial patch. . libav (6:11.3-1) unstable; urgency=medium . * New upstream release fixing multiple security issues. - utvideodec: Handle slice_height being zero (CVE-2014-9604) - adxdec: set avctx->channels in adx_read_header - rmenc: limit packet size - webp: validate the distance prefix code - rv10: check size of s->mb_width * s->mb_height - eamad: check for out of bounds read (CID/1257500) - mdec: check for out of bounds read (CID/1257501) - configure: Properly fail when libcdio/cdparanoia is not found - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544) - aic: Fix decoding files with odd dimensions - vorbis: Check the vlc value in setup_classifs - arm: Suppress tags about used cpu arch and extensions - prores: Extend the padding check to 16bit - icecast: Do not use chunked post, allows feeding to icecast properly - img2dec: correctly use the parsed value from -start_number - h264_cabac: Break infinite loops - hevc_deblock: Fix compilation with nasm (libav #795) - h264: initialize H264Context.avctx in init_thread_copy - h264: Do not share rbsp_buffer across threads - h264: only ref cur_pic in update_thread_context if it is initialized - matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266) - log: Unbreak no-tty support on 256color terminals . libav (6:11.2-1) unstable; urgency=medium . * New upstream release fixing multiple security issues. (Closes: #773626) - h264: restore a block mistakenly removed in e10fd08a - on2avc: check number of channels (CVE-2014-8549) - smc: fix the bounds check (CVE-2014-8548) - gifdec: refactor interleave end handling (CVE-2014-8547) - mmvideo: check frame dimensions (CVE-2014-8543) - jvdec: check frame dimensions (CVE-2014-8542) - mjpegdec: check for pixel format changes (CVE-2014-8541) - mov: avoid a memleak when multiple stss boxes are present - vc1: Do not assume seek happens after decoding - avconv: Use the mpeg12 private option scan_offset (Closes: #773055) - xsub: Support DXSA subtitles - mp3dec: fix reading the Xing tag - matroskaenc: write correct Display{Width, Height} in stereo encoding - configure: Fix enabling memalign_hack automatically - mp3enc: fix a triggerable assert - latm: Do not give a score for a single instance - mp3: Tweak the probe scores - matroskaenc: write correct Display{Width, Height} in stereo encoding - coverity: Fix most of the reported warnings and issues * debian/control: Add myself to Uploaders. . libav (6:11.1-1) unstable; urgency=medium . * Team upload. * Upload to unstable. . libav (6:11.1-1~exp1) experimental; urgency=medium . [ upstream ] * New release. + Replace lena.pnm. Closes: bug#771126. + Treat all '*.pnm' files as non-text file. + opusdec: Ensure all substreams have same number of coded samples. + lavu: Fix memory leaks by using a mutex instead of atomics. + lavu: Add wrappers for the pthreads mutex API. + mp3enc: Fix a triggerable assert. + resample: Avoid off-by-1 errors in PTS calcs. + imc: Fix order of operations in coefficients read. + hevc_mvs: Ensure to always initialize the temporal MV fully. + hevc_mvs: Initialize the temporal MV in case of missing ref. + h264: Reset ret to avoid propagating minor failures. + hevc: Initialize mergecand_list to 0. + mpeg12: Always invoke the get_format() callback. + h264: Always invoke the get_format() callback. + Update default FATE URL for release/11. + apetag: Fix APE tag size check. . [ Jonas Smedegaard ] * Drop patches now included upstream. . libav (6:11-2) unstable; urgency=medium . * add patches post v11 release, all of which will be included in the next point release: - 0001-apetag-Fix-APE-tag-size-check.patch - 0002-Update-default-FATE-URL-for-release-11.patch - 0003-h264-Always-invoke-the-get_format-callback.patch - 0004-mpeg12-Always-invoke-the-get_format-callback.patch - 0005-hevc-Initialize-mergecand_list-to-0.patch - 0006-h264-reset-ret-to-avoid-propagating-minor-failures.patch - 0007-hevc_mvs-initialize-the-temporal-MV-in-case-of-missi.patch - 0008-hevc_mvs-make-sure-to-always-initialize-the-temporal.patch - 0009-imc-fix-order-of-operations-in-coefficients-read.patch - 0010-resample-Avoid-off-by-1-errors-in-PTS-calcs.patch . libav (6:11-1) unstable; urgency=low . * Upload final 11 release - matroskadec: parse stereo mode on decoding (Closes: #757185) . libav (6:11~beta1-3) unstable; urgency=low . * Add post-release upstream patches * Remove unapplied patches * Remove /etc/avserver.conf (Closes: #760763) . libav (6:11~beta1-2) unstable; urgency=medium . [ Reinhard Tartler ] * Make libavcodec-dev depend on libavresample-dev . [ Rico Tzschichholz ] * Some fixes and leftovers from soname bumps . libav (6:11~beta1-1) experimental; urgency=low . * New upstream Release v11~alpha2 * build against libgnutls28-dev (Closes: #758447) * Bump shlibs . libav (6:11~alpha2-1) experimental; urgency=low . * New upstream Release v11~alpha2 - ffv1dec: check global parameters (CVE-2013-7020) - mpegts: Check writing a PMTs (CVE-2014-2263) - avcodec: Postpone FF_IDCT_XVIDMMX removal until the next version bump (fixes gst-libav FTBFS) * Bump shlibs * Add helper scripts for doing mass rebuilds . libav (6:11~alpha1-1) experimental; urgency=low . * New upstream Release v11~alpha1 - Fixes Unchecked conversion from double to enum (Closes: #749164) * Add some post v11_alpha1 patches from upstream * All SONAMEs bumped because of internal changes, but external API is promised to have not changed . libav (6:10.4-1) unstable; urgency=medium . * New Upstream Release v10.3 - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - ffv1dec: check that global parameters do not change in version 0/1 (CVE-2013-7020) - h264: fix interpretation of interleaved stereo modes - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - jpeg2000: enable 4 component pixel formats - stereo3d: add missing include guards - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) * build against libgnutls28-dev (Closes: #758447) . libav (6:10.3-1) unstable; urgency=medium . * New Upstream Release v10.3 - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - pgssubdec: Check RLE size before copying (CVE-2013-0852) - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - librtmp: Don't free the temp url at the end of rtmp_open - arm: Avoid using the 'setend' instruction on ARMv7 and newer - avplay: Handle pixel aspect ratio properly - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) - pg2meet: allow size changes within original sizes - af_compand: make sure request_frame always outputs at least one frame . libav (6:10.2-2) unstable; urgency=low . [ Reinhard Tartler ] * Fixed typo in debian/NEWS (Closes: #753453) . [ Stefan Lippers-Hollmann ] * libavcodec-extra: declare as Section: metapackages (Closes: #747921) . libav (6:10.2-1) unstable; urgency=high . * Bumping severity for critical LZO security issue. * New Upstream Release v10.2 - aarch64: Use the correct syntax for relocations (Closes: #751856, - LP: #1323144) - ppc: Fix compilation for ppc64le (ELFv2) (LP: #1263802) - avconv: make -shortest work with streamcopy - lzo: Handle integer overflow (Reported by Don A. Bailey) - Check if an mp3 header is using a reserved sample rate. - Check mp3 header before calling avpriv_mpegaudio_decode_header(). - jpeg2000: fix dereferencing invalid pointers during cleanup - avpacket: fix copying side data in av_packet_copy_props() - oggenc: Set the right AVOption size for the pref_duration option - adpcm: Avoid reading out of bounds in the IMA QT trellis encoder - adpcm: Write the proper predictor in trellis mode in IMA QT * No longer build avserver (Closes: #734335) * Clarify licensing in debian/copyright (Closes: #698019) . libav (6:10.1-1) unstable; urgency=low . * New upstream release 10: - pcm-dvd: Fix 20bit decoding (bug/592) - avi: Improve non-interleaved detection (bug/666) - arm: hpeldsp: fix put_pixels8_y2_{,no_rnd_}armv6 - arm: hpeldsp: prevent overreads in armv6 asm (bug/646) - avfilter: Add missing emms_c when needed - rtmpproto: Check the buffer sizes when copying app/playpath strings - swscale: Fix an undefined behaviour - vp9: Read the frame size as unsigned - dcadec: Use correct channel count in stereo downmix check - dcadec: Do not decode the XCh extension when downmixing to stereo - matroska: add the Opus mapping - matroskadec: read the CodecDelay element - rtmpproto: Make sure to pass on the error code if read_connect failed - lavr: allocate the resampling buffer with a positive size - mp3enc: Properly write bitrate value in XING header (Closes: #736088) - golomb: Fix the implementation of get_se_golomb_long * Drop debian/libav-tools.maintscript. ffserver is no longer found in stable, and this seems to cause other problems today (Closes: #742676) . libav (6:10-2) experimental; urgency=low . * Recompile against libx264-142 and librtmp1 * Bump standards version, no changes needed * Drop Andres Meija from uploaders. Thanks Andres for your contributions to the libav package! (Closes: #743526). . libav (6:10-1) experimental; urgency=low . * New upstream release 10. Full changelog avaialble at: http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10 . libav (6:10~beta2-2) experimental; urgency=low . * Drop unnecessary packages: libavformat-extra-, libavutil-extra, libavfilter-extra and libavdevice-extra. * Incorporate post-beta2 patches, including the icy header detection patches (Closes: #740421) * Add a note about 'ffmpeg' in libav-tools's package description (Closes: #729469) . libav (6:10~beta2-1) experimental; urgency=low . * New Upstream release 10_beta2. This upstream git snapshot has too many changes to list here, cf. to the upstream Changelog: http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10_beta2 . libav (6:10~beta1-2) experimental; urgency=low . * New Upstream release 10_beta1. This upstream git snapshot has too many changes to list here, cf. to the upstream Changelog: http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10_beta1 - works with H.264 that has different bit depth between chroma and luma, Closes: #738599 * Bump shlibs . libav (6:10~alpha2-1) experimental; urgency=low . * New Upstream release 10_alpha2. This upstream git snapshot has too many changes to list here, cf. to the upstream Changelog: http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10_alpha2 . libav (6:10~alpha1-1) experimental; urgency=low . * New Upstream release 10_alpha1. This upstream git snapshot has too many changes to list here, cf. to the upstream Changelog: http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v10_alpha1 - Opus in Ogg demuxing Closes: #733884, #720563, LP: #1265196 - avprobe output is now standard INI or JSON. Closes: #715467 - Properly working defaults in libx264 wrapper, Closes: #687048 - avconv -t option can now be used for inputs, to limit the duration of data read from an input file, Closes: #722003 Checksums-Sha1: 60ff8e14b2c9e20cca309c5df7f6e4363fd873a1 3882 libav_11.7-1~deb8u1~ubuntu14.04.1~ppa1.dsc 9f36d136ea353fc6e3826180fe126f52eca7fec4 4861984 libav_11.7.orig.tar.xz 0a61e998ed9dc9f4c971dd0c56f79866f5483175 77812 libav_11.7-1~deb8u1~ubuntu14.04.1~ppa1.debian.tar.gz Checksums-Sha256: dc87d0ab33c630a6624bba3dd067da4f01292dddd531c3996e92b818ff3241e5 3882 libav_11.7-1~deb8u1~ubuntu14.04.1~ppa1.dsc 8c9a75c89c6df58dd5e3f6f735d1ba5448680e23013fd66a51b50b4f49913c46 4861984 libav_11.7.orig.tar.xz a3243677d7e5f39ac2b14fda9ee3a1d8746891bb222f3ea28407237a6e91fbd0 77812 libav_11.7-1~deb8u1~ubuntu14.04.1~ppa1.debian.tar.gz Files: 7cb50d6dd7497b02c4cf53de3569f182 3882 libs optional libav_11.7-1~deb8u1~ubuntu14.04.1~ppa1.dsc 0888316a2c6b43d0a9fa1af4952c9337 4861984 libs optional libav_11.7.orig.tar.xz c5e7019c7f1fdee696f2946bccb10749 77812 libs optional libav_11.7-1~deb8u1~ubuntu14.04.1~ppa1.debian.tar.gz