Packages changed: LibVNCServer ffmpeg (3.4.4 -> 3.4.2) hdf5 (1.10.4 -> 1.10.5) shotwell (0.30.8 -> 0.30.9) tmux (3.1~rc1 -> 3.1b) === Details === ==== LibVNCServer ==== - security update - added patches fix CVE-2019-15690 [bsc#1160471], heap buffer overflow + LibVNCServer-CVE-2019-15690.patch fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value + LibVNCServer-CVE-2019-20788.patch - security update - added patches CVE-2019-15681 [bsc#1155419] + LibVNCServer-CVE-2019-15681.patch - note the correct way how to run the testsuite, it does not seem to be usable as it is, though (segfaults) ==== ffmpeg ==== Version update (3.4.4 -> 3.4.2) Subpackages: libavcodec57 libavformat57 libavutil55 libswresample2 libswscale4 - Add ffmpeg-CVE-2019-17542.patch: Backport from upstream to fix a heap-based buffer overflow problem in vqa_decode_chunk (bnc#1154064 CVE-2019-17542). - Add ffmpeg-CVE-2018-13301.patch: Backport from upstream to fix a NULL pointer dereference while converting a crafted AVI file to MPEG4 in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c(bnc#1100352). - Add ffmpeg-CVE-2019-9718.patch: Make backport from commit 1f00c97 to fix a denial of service issue (CVE-2019-9718, boo#1129715). - Add ffmpeg-CVE-2019-12730.patch: Make backport from commit ed188f6 to check for scanf() failure (CVE-2019-12730, bsc#1137526). - Add ffmpeg-CVE-2018-14394.patch: Make backport from commit 3a2d21b to fix a divide-by-zero issue (CVE-2018-14394, boo#1101888). - Add ffmpeg-CVE-2018-14395.patch: Make backport from commit fa19fbc to fix a divide-by-zero issue (CVE-2018-14395, boo#1101889). - Add ffmpeg-CVE-2018-13305.patch to add a missing check for negative values of the mqaunt variable (CVE-2018-13305, bsc#1100345). - Rename cve-2017-17555.diff to ffmpeg-CVE-2017-17555.diff. - Add ffmpeg-CVE-2018-12458.patch: Make backport from commit e1182fa to fix an improper integer type (CVE-2018-12458, bsc#1097983). - Add ffmpeg-CVE-2018-13300.patch: Make backport from commit 95556e2 to fix an out-of-array read (CVE-2018-13300, boo#1100348). - Add ffmpeg-CVE-2018-15822.patch: Make backport from commit 6b67d7f to fix an assertion failure (CVE-2018-15822, boo#1105869). - Added ffmpeg-CVE-2018-1999010.patch: Fixed multiple out of array access vulnerabilities in the mms protocol that could result in accessing out of bound data via specially crafted input files (CVE-2018-1999010 bnc#1102899). - Added ffmpeg-CVE-2018-1999011.patch: Fixed a heap buffer overflow in asf_o format demuxer that could result in remote code execution (CVE-2018-1999011 bnc#1102689) - Added ffmpeg-CVE-2018-1999012.patch: Fix an inifnite loop vulnerability in pva format demuxer that can result in excessive amount of ressource allocation like CPU an RAM (CVE-2018-1999012 bnc#1102688). - Added ffmpeg-CVE-2018-1999013.patch: Fix an use-after-free vulnerability in the realmedia demuxer that can result in vulnerability, which allowed attackers to read heap memory (CVE-2018-1999013, bnc#1102687). - Add ffmpeg-CVE-2018-13302.patch: Make backport from commit ed22dc2 to fix out of array access issue (bnc#1100356, CVE-2018-13302). - Create a new package ffmpeg-private-devel which contains some headers under /usr/include/ffmpeg/private that were not installed by upstream. Those headers are needed by the libav package in order to build avconv and other tools using the libav* libraries generated by ffmpeg instead of its own. No other package should require ffmpeg-private-devel. - Build and install also the sidxindex tool - Enable mpeg1video and mpeg2video in enable_decoders, and remove it from disable-decoders call given to configure, mpeg2 now available in openSUSE. - enable video stabilization/deshaking via libvidstab (optional) - Update to new bugfix release 3.4.2 * Fix integer overflows, multiplication overflows, undefined shifts, and verify buffer lengths. * avfilter/vf_transpose: Fix used plane count [boo#1078488, CVE-2018-6392] * avcodec/utvideodec: Fix bytes left check in decode_frame() [boo#1079368, CVE-2018-6621] - Enable use of libzvbi for displaying teletext subtitles. - Fixed a DoS in swri_audio_convert(), added cve-2017-17555.diff [boo#1072366, CVE-2017-17555]. - Update to new bugfix release 3.4.1 * Fixed integer overflows, division by zero, illegal bit shifts * Fixed the gmc_mmx function which failed to validate width and height [boo#1070762, CVE-2017-17081] * Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840] * ffplay: use SDL2 audio API - Removed 0001-avcodec-x86-mpegvideodsp-Fix-signedness-bug-in-need_.patch (upstreamed). - Add 0001-avcodec-x86-mpegvideodsp-Fix-signedness-bug-in-need_.patch [boo#1070762] - install also doc/ffserver.conf - Get rid of ffmpeg-pkgconfig-version.patch. - Update to new upstream release 3.4 * New video filters: deflicker, doublewave, lumakey, pixscope, oscilloscope, robterts, limiter, libvmaf, unpremultiply, tlut2, floodifll, pseudocolor, despill, convolve, vmafmotion. * New audio filters: afir, crossfeed, surround, headphone, superequalizer, haas. * Some video filters with several inputs now use a common set of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They must always be used by name. * librsvg support for svg rasterization * spec-compliant VP9 muxing support in MP4 * Remove the libnut and libschroedinger muxer/demuxer wrappers * drop deprecated qtkit input device (use avfoundation instead) * SUP/PGS subtitle muxer * VP9 tile threading support * KMS screen grabber * CUDA thumbnail filter * V4L2 mem2mem HW assisted codecs * Rockchip MPP hardware decoding * (Not in openSUSE builds, only original ones:) * Gremlin Digital Video demuxer and decoder * Additional frame format support for Interplay MVE movies * Dolby E decoder and SMPTE 337M demuxer * raw G.726 muxer and demuxer, left- and right-justified * NewTek NDI input/output device * FITS demuxer, muxer, decoder and encoder - Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186] - Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672] - Fixed a denial of service in rtmppkt [boo#1082335, CVE-2017-11665] - Update to new upstream release 3.3.4. * avutil/pixdesc: fixed NULL deref in av_color_primaries_name [CVE-2017-14225] [boo#1058018] * avformat/asfdec: Fix DoS in asf_build_simple_index [CVE-2017-14223] [boo#1058019] * avformat/mov: Fix DoS in read_tfra [CVE-2017-14222] [boo#1058020]. - Dropped integrated patches: D 0001-avformat-hls-Fix-DoS-due-to-infinite-loop.patch D 0001-avformat-nsvdec-Fix-DoS-due-to-lack-of-eof-check-in-.patch D 0002-avformat-asfdec-Fix-DoS-due-to-lack-of-eof-check.patch D 0002-avformat-mxfdec-Fix-DoS-issues-in-mxf_read_index_ent.patch D 0003-avformat-cinedec-Fix-DoS-due-to-lack-of-eof-check.patch D 0003-avformat-mxfdec-Fix-Sign-error-in-mxf_read_primer_pa.patch D 0004-avformat-rmdec-Fix-DoS-due-to-lack-of-eof-check.patch D 0005-avformat-rl2-Fix-DoS-due-to-lack-of-eof-check.patch D 0006-avformat-mvdec-Fix-DoS-due-to-lack-of-eof-check.patch - Add 0001-avformat-nsvdec-Fix-DoS-due-to-lack-of-eof-check-in-.patch [CVE-2017-14171] [boo#1057539], 0002-avformat-mxfdec-Fix-DoS-issues-in-mxf_read_index_ent.patch [CVE-2017-14170] [boo#1057537], 0003-avformat-mxfdec-Fix-Sign-error-in-mxf_read_primer_pa.patch [CVE-2017-14169] [boo#1057536] - Add 0001-avformat-hls-Fix-DoS-due-to-infinite-loop.patch [CVE-2017-14058] [boo#1056762], 0002-avformat-asfdec-Fix-DoS-due-to-lack-of-eof-check.patch [CVE-2017-14057] [boo#1056761], 0003-avformat-cinedec-Fix-DoS-due-to-lack-of-eof-check.patch [CVE-2017-14059] [boo#1056763], 0004-avformat-rmdec-Fix-DoS-due-to-lack-of-eof-check.patch [CVE-2017-14054] [boo#1056765], 0005-avformat-rl2-Fix-DoS-due-to-lack-of-eof-check.patch (code not enabled in openSUSE, though in packman) [CVE-2017-14056] [boo#1056760], 0006-avformat-mvdec-Fix-DoS-due-to-lack-of-eof-check.patch [CVE-2017-14055] [boo#1056766] - Unconditionalize celt, ass, openjpeg, webp, netcdf, libva, vdpau. - Build unconditionally with lame and twolame - Update to maintenance release 3.3.3 * Various fixes for integer overflows, too-large bit shifts and buffer length checks. - Drop 0001-avcodec-apedec-Fix-integer-overflow.patch (included upstream) - Add 0001-avcodec-apedec-Fix-integer-overflow.patch to address CVE-2017-11399 [boo#1049095] - Enabled cuda and cuvid for unrestricted build. - Fixed typos in devel package descriptions. - Update to new upstream release 3.3.2 * Various fixes for integer overflows and too-large bit shifts - Disable cuda support to fix boo#1041794: ffmpeg 3.3. enablement of cuda prevents H264/avc1.4d400d videos from playing on Youtube - Refreshed patches: ffmpeg-codec-choice.diff ffmpeg-libcdio_cdda-pkgconfig.patch ffmpeg-pkgconfig-version.patch and ffmpeg-new-coder-errors.diff - Add additional checks to ensure MPEG is off - Update to new upstream release 3.3.1 * Fix uninitialized variables, signed integer overflow, excess shift operations. Add boundary checks. - Enable ac3 per request from idonmez - Update to new upstream release 3.3 * EBU R128 implementation now within ffmpeg, not relying on external library anymore * New video filters "premultiply", "readeia608", "threshold", "midequalizer" * Support for spherical videos * New decoders: 16.8 and 24.0 floating point PCM, XPM * New demuxers: MIDI Sample Dump Standard, Sample Dump eXchange demuxer * MJPEG encoding uses Optimal Huffman tables now * Native Opus encoder * Support .mov with multiple sample description tables * Removed the legacy X11 screen grabber, use XCB instead * Removed asyncts filter (use af_aresample instead) * resolved CVE-2016-10190 [boo#1022920], CVE-2016-10191 [boo#1022921], CVE-2016-10192 [boo#1022922], CVE-2017-7859 [boo#1034183], CVE-2017-7862 [boo#1034181], CVE-2017-7863 [boo#1034179], CVE-2017-7865 [boo#1034177], CVE-2017-7866 [boo#1034176] - Enable mp3 decoding - Have libavcodec57 additionally provide libavcodec57(unrestricted) when building unrestricted: allow third party packages to require the unrestricted codec. The existing -full provides is not suitable as it can be provided by multiple libavcodec* packages, whereas we require a specific ABI version. - Update to new upstream release 3.2.4 * lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr * lavf/mov.c: Avoid OOB in mov_read_udta_string() * lavf/mov.c: Avoid heap allocation wraps in mov_read_{senc,saiz}() - Make sure each subpkg comes from the same src.rpm - Update to new upstream release 3.2.3 * Maintenance release with bugfixes * ffplay: fix sws_scale possible out of bounds array access - Drop version number from patch: ffmpeg-2.4.5-arm6l.patch -> ffmpeg-arm6l.diff - Wrap netcdf support in build condtional because it is a drop-in pkg - Enable all muxers and demuxers as they are just descriptor of format thus do not change the behaviour in any relevant way. * The best user now gets is proper interpretation of the format and failure to play it without proper de/encoder * Recommended by vlc team to be done this way :) - Update to new upstream release 3.2.2 * avformat/rtmppkt: Check for packet size mismatches * avcodec/flacdec: Fix undefined shift in decode_subframe() * avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed() * avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c - Update to version 3.2.1: * avcodec/aac_adtstoasc_bsf: validate and forward extradata if the stream is already ASC * libopusdec: default to stereo for invalid number of channels * sbgdec: prevent NULL pointer access * rmdec: validate block alignment * smacker: limit recursion depth of smacker_decode_bigtree * mxfdec: fix NULL pointer dereference in mxf_read_packet_old * ffmdec: validate codec parameters * avformat/mpeg: Adjust vid probe threshold to correct mis-detection * avcodec/avpacket: fix leak on realloc in av_packet_add_side_data() * avformat/apngenc: use the stream parameters extradata if available * ffprobe: fix crash in case -of is specified with an empty string * exr: fix out-of-bounds read * libschroedingerdec: fix leaking of framewithpts * filmstripdec: correctly check image dimensions * icodec: fix leaking pkt on error * dvbsubdec: fix division by zero in compute_default_clut * escape124: reject codebook size 0 * mpegts: prevent division by zero * matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header * mxfdec: fix NULL pointer dereference * avcodec/mpeg4videodec: Workaround interlaced mpeg4 edge MC bug * avcodec/mpegvideo: Fix edge emu buffer overlap with interlaced mpeg4 * avcodec/ituh263dec: Avoid spending a long time in slice sync * avcodec: Check side data size before use * avformat/flvdec: Fix regression losing streams - Update to new upstream release 3.2 * SDL2 output device and ffplay support * SDL1 output device and SDL1 support removed * New: libopenmpt demuxer, fifo muxer, True Audio (TTA) muxer * New filters: weave, gblur, avgblur, sobel, prewitt, vaguedenoiser, yuvtestsrc, lut2, hysteresis, maskedclamp, crystalizer, acrusher, bitplanenoise, sidedata, asidedata * Non-Local Means (nlmeans) denoising filter * 16-bit support in curves filter and selectivecolor filter * Added threads option per filter instance * The "curves" filter does not automatically insert points at x=0 and x=1 anymore * Matroska muxer now writes CRC32 elements by default in all Level 1 elements * New "tee" protocol * VP8 in Ogg muxing * Floating point support in ALS decoder * Extended mov edit list support * Changed mapping of RTP MIME type G726 to codec g726le. - Drop ffmpeg-fix-CONFIG_VC1DSP-changes.patch (no longer needed) - Enable libfdk_aac if it is available at buildtime - Update to version 3.1.5 * avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string() * avcodec/mpegvideo_enc: Clear mmx state in ff_mpv_reallocate_putbitbuffer() * avcodec/utils: Clear MMX state before returning from avcodec_default_execute*() * libopenjpegenc: fix out-of-bounds reads when filling the edges * libopenjpegenc: stop reusing image data buffer for openjpeg 2 * avformat/utils: Update codec_id before using it in the parser init * ffmpeg: remove unused and errorneous AVFrame timestamp check * Support for MIPS cpu P6600 * avutil/mips/generic_macros_msa: rename macro variable which causes segfault for mips r6 - Update to version 3.1.4 * avformat/avidec: Check nb_streams in read_gab2_sub() * avformat/avidec: Remove ancient assert * avfilter/vf_colorspace: fix range for output colorspace option * lavc/mediacodecdec_h264: fix SODB escaping * avcodec/nvenc: fix const options for hevc gpu setting * avformat/avidec: Fix memleak with dv in avi * lavc/movtextdec.c: Avoid infinite loop on invalid data. * avcodec/ansi: Check dimensions * avcodec/cavsdsp: use av_clip_uint8() for idct * avformat/movenc: Check packet in mov_write_single_packet() too * avformat/movenc: Factor check_pkt() out * avformat/utils: fix timebase error in avformat_seek_file() * avcodec/g726: Add missing ADDB output mask * avcodec/avpacket: clear side_data_elems * avformat/movenc: Check first DTS similar to dts difference * avcodec/ccaption_dec: Use simple array instead of AVBuffer * avcodec/svq3: Reintroduce slice_type * avformat/mov: Fix potential integer overflow in mov_read_keys * swscale/swscale_unscaled: Try to fix Rgb16ToPlanarRgb16Wrapper() with slices * swscale/swscale_unscaled: Fix packed_16bpc_bswap() with slices * avformat/avidec: Fix infinite loop in avi_read_nikon() * lavf/utils: Avoid an overflow for huge negative durations. * avformat/hls: Fix handling of EXT-X-BYTERANGE streams over 2GB * lavc/avpacket: Fix undefined behaviour, do not pass a null pointer to memcpy(). * lavc/mjpegdec: Do not skip reading quantization tables. * cmdutils: fix implicit declaration of SetDllDirectory function - Fix linking errors for arm and aarch64 builds, boo#995937 * Add ffmpeg-fix-CONFIG_VC1DSP-changes.patch - Update to version 3.1.3 * examples/demuxing_decoding: convert to codecpar * avcodec/exr: Check tile positions * avcodec/aacenc: Tighter input checks * avformat/wtvdec: Check pointer before use * libavcodec/wmalosslessdec: Check the remaining bits * avcodec/adpcm: Fix adpcm_ima_wav padding * avcodec/svq3: fix slice size check * avcodec/diracdec: Check numx/y * avcodec/h2645_parse: fix nal size * avcodec/h2645_parse: Use get_nalsize() in ff_h2645_packet_split() * h2645_parse: only read avc length code at the correct position * h2645_parse: don't overread AnnexB NALs within an avc stream * avcodec/h264_parser: Factor get_avc_nalsize() out * avcodec/cfhd: Increase minimum band dimension to 3 * avcodec/indeo2: check ctab * avformat/swfdec: Fix inflate() error code check * avcodec/rawdec: Fix bits_per_coded_sample checks * vcodec/h2645_parse: Clear buffer padding * avcodec/h2645: Fix NAL unit padding * avfilter/drawutils: Fix single plane with alpha * cmdutils: check for SetDllDirectory() availability - Update to version 3.1.2: * avcodec/rawdec: Fix palette handling with changing palettes * avcodec/raw: Fix decoding of ilacetest.mov * avformat/mov: Enable mp3 parsing if a packet needs it * avformat/hls: Sync starting segment across variants on live streams * avformat/hls: Fix regression with ranged media segments * avcodec/ffv1enc: Fix assertion failure with non zero bits per sample * avfilter/af_hdcd: small fix in af_hdcd.c where gain was not being adjusted for "attenuate slowly" * avformat/oggdec: Fix integer overflow with invalid pts * libavcodec/dnxhd: Enable 12-bit DNxHR support. * lavc/vaapi_encode_h26x: Fix a crash if "." is not the decimal separator. * avcodec/vp9_parser: Check the input frame sizes for being consistent * avformat/flvdec: parse keyframe before a/v stream was created add_keyframes_index() when stream created or keyframe parsed * libavformat/rtpdec_asf: zero initialize the AVIOContext struct * libx264: Increase x264 opts character limit to 4096 * avcodec/h264_parser: Set sps/pps_ref * librtmp: Avoid an infinite loop setting connection arguments * avformat/oggparsevp8: fix pts calculation on pages ending with an invisible frame * lavf/vplayerdec: Improve auto-detection. * lavc/mediacodecdec_h264: properly convert extradata to annex-b - Build with netcdf so as to enable af_sofalizer [boo#983398] - Update to version 3.1.1 * doc/APIchanges: document the lavu/lavf field moves * avformat/avformat: Move new field to the end of AVStream * avformat/utils: update deprecated AVStream->codec when the context is updated * avutil/frame: Move new field to the end of AVFrame * libavcodec/exr : fix decoding piz float file. * avformat/mov: Check sample size * lavfi: Move new field to the end of AVFilterContext * lavfi: Move new field to the end of AVFilterLink * ffplay: Fix usage of private lavfi API * lavc/mediacodecdec_h264: add missing NAL headers to SPS/PPS buffers * lavc/pnm_parser: disable parsing for text based PNMs - Update to version 3.1 * DXVA2-accelerated HEVC Main10 decoding * fieldhint filter * loop video filter and aloop audio filter * Bob Weaver deinterlacing filter * firequalizer filter * datascope filter * bench and abench filters * ciescope filter * protocol blacklisting API * MediaCodec H264 decoding * VC-2 HQ RTP payload format (draft v1) depacketizer and packetizer * VP9 RTP payload format (draft v2) packetizer * AudioToolbox audio decoders * AudioToolbox audio encoders * coreimage filter (GPU based image filtering on OSX) * libdcadec removed * bitstream filter for extracting DTS core * ADPCM IMA DAT4 decoder * musx demuxer * aix demuxer * remap filter * hash and framehash muxers * colorspace filter * hdcd filter * readvitc filter * VAAPI-accelerated format conversion and scaling * libnpp/CUDA-accelerated format conversion and scaling * Duck TrueMotion 2.0 Real Time decoder * Wideband Single-bit Data (WSD) demuxer * VAAPI-accelerated H.264/HEVC/MJPEG encoding * DTS Express (LBR) decoder * Generic OpenMAX IL encoder with support for Raspberry Pi * IFF ANIM demuxer & decoder * Direct Stream Transfer (DST) decoder * loudnorm filter * MTAF demuxer and decoder * MagicYUV decoder * OpenExr improvements (tile data and B44/B44A support) * BitJazz SheerVideo decoder * CUDA CUVID H264/HEVC decoder * 10-bit depth support in native utvideo decoder * libutvideo wrapper removed * YUY2 Lossless Codec decoder - Added minimum requirement for libva (0.35.0, matched by 1.3.0 package) - Guard usage of opencore using bcond_with, boo#980542 - Update to version 3.0.2 * avcodec/ttaenc: Reallocate packet if its too small * configure: build fix for P5600 with mips code restructuring * mips: add support for R6 * pgssubdec: fix subpicture output colorspace and range * avcodec/ac3dec: Reset SPX when switching from EAC3 to AC3 * avfilter/vf_drawtext: Check return code of load_glyph() * avformat/mux: Check that deinit is set before calling it * avcodec/takdec: add code that got somehow lost in process of REing * avcodec/apedec: fix decoding of stereo files with one channel full of silence * avcodec/avpacket: Fix off by 5 error * avcodec/h264: Fix for H.264 configuration parsing * avcodec/bmp_parser: Ensure remaining_size is not too small in startcode packet crossing corner case * avcodec/pngdec: Fix alpha detection with skip_frame * Changelog: Make formating consistent * avfilter/src_movie: fix how we check for overflows with seek_point * avcodec/j2kenc: Add attribution to OpenJPEG project: - Dropped dcadec (libdca was merged upstream) - Add ffmpeg-codec-choice.diff - Remove ffmpeg-devel subpackage. All users have been converted to pkgconfig Add Provides/Obsoletes to libavdevice-devel - Add ffmpeg-new-coder-errors.diff - Another try at organizing the codec-enable list. Enable video: AYUV, Dirac, MJPEG, rawvideo, Theora, VP8, VP9, WebP, zlib Enable audio: Celt, GSM, Opus, Speex, Vorbis Enable subtitle: ASS/SSA text, SRT text, UTF-8 plaintext - Update to new maintenance release 3.0.1 * vc2enc: fix use of uninitialized variables in the rate control system * postproc: fix an unaligned access * lavc/hevc: Allow arbitrary garbage in bytestream as long as at least one NAL unit is found. - Update included pkgconfig files to require the exact version of ffmpeg pc files, instead of any later version ffmpeg-pkgconfig-version.patch - Remove the optional vo-aacenc dependency, upstream removed it. - Update to new upstream release 3.0 * New filters: extrastereo, ocr, alimiter, stereowiden, stereotools, rubberband, tremolo, agate, chromakey, displace, and many more. * ffplay dynamic volume control * audio high-order multiband parametric equalizer * automatic bitstream filtering - Update to version 2.8.6 * avcodec/jpeg2000dec: More completely check cdef * avutil/opt: check for and handle errors in av_opt_set_dict2() * avcodec/flacenc: fix calculation of bits required in case of custom sample rate * avformat: Document urls a bit * avformat/libquvi: Set default demuxer and protocol limitations * avformat/concat: Check protocol prefix * doc/demuxers: Document enable_drefs and use_absolute_path * avcodec/mjpegdec: Check for end for both bytes in unescaping * avcodec/mpegvideo_enc: Check for integer overflow in ff_mpv_reallocate_putbitbuffer() * avformat/avformat: Replace some references to filenames by urls * avcodec/wmaenc: Check ff_wma_init() for failure * avcodec/mpeg12enc: Move high resolution thread check to before initializing threads * avformat/img2dec: Use AVOpenCallback * avformat/avio: Limit url option parsing to the documented cases * avformat/img2dec: do not interpret the filename by default if a IO context has been opened * avcodec/ass_split: Fix null pointer dereference in ff_ass_style_get() * mov: Add an option to toggle dref opening * avcodec/gif: Fix lzw buffer size * avcodec/put_bits: Assert buf_ptr in flush_put_bits() * avcodec/tiff: Check subsample & rps values more completely * swscale/swscale: Add some sanity checks for srcSlice* parameters * swscale/x86/rgb2rgb_template: Fix planar2x() for short width * swscale/swscale_unscaled: Fix odd height inputs for bayer_to_yv12_wrapper() * swscale/swscale_unscaled: Fix odd height inputs for bayer_to_rgb24_wrapper() * avcodec/aacenc: Check both channels for finiteness * asfdec_o: check for too small size in asf_read_unknown * asfdec_o: break if EOF is reached after asf_read_packet_header * asfdec_o: make sure packet_size is non-zero before seeking * asfdec_o: prevent overflow causing seekback * asfdec_o: check avio_skip in asf_read_simple_index * asfdec_o: reject size > INT64_MAX in asf_read_unknown * asfdec_o: only set asf_pkt->data_size after sanity checks * Merge commit '8375dc1dd101d51baa430f34c0bcadfa37873896' * dca: fix misaligned access in avpriv_dca_convert_bitstream * brstm: fix missing closing brace * brstm: also allocate b->table in read_packet * brstm: make sure an ADPC chunk was read for adpcm_thp * vorbisdec: reject rangebits 0 with non-0 partitions * vorbisdec: reject channel mapping with less than two channels * ffmdec: reset packet_end in case of failure * avformat/ipmovie: put video decoding_map_size into packet and use it in decoder * avformat/brstm: fix overflow - Update to version 2.8.5 * Fixes CVE-2016-1897 and CVE-2016-1898 [boo#961937] - Update to version 2.8.4 * Many bugfixes, see the included Changelog for all the changes. * resolving CVE-2015-8661 [boo#960385], CVE-2015-8662 [boo#960384], CVE-2015-8663 [boo#960383] - Drop ffmpeg-remove_some_unused_ctrl_id_mappings.patch, fixed upstream. - Obsolete ffmpeg-tools from packman - Add some provides to make it easier for firefox to recommend this package for installation - Added patch ffmpeg-remove_some_unused_ctrl_id_mappings.patch to successfully build against libvpx >= 1.5 (at least on PMBS). - Add buildconditionals for libass,libva,vdpau to fix build in SLE_11 - Rename bcond dca to dcadec - Add more buildconditionals to get closer to removal of BUILD_ORIG - Remove unused imlib2 - Sync with packman changes * All packman specific changes are protected with BUILD_ORIG - Added the following patches * ffmpeg-2.4.5-arm6l.patch * ffmpeg-libcdio_cdda-pkgconfig.patch - Update to new upstream maintenance release 2.8.3 * avformat/matroskadec: Check subtitle stream before dereferencing * avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions * avcodec/jpeg2000dec: Check for duplicate SIZ marker * avcodec/jpeg2000: Change coord to 32bit to support larger than 32k width or height * avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range * avcodec/jpeg2000: Check comp coords to be within the supported size * dds: validate compressed source buffer size * dds: validate source buffer size before copying * softfloat: assert when the argument of av_sqrt_sf is negative - Fixes CVE-2015-8363 [bnc#957114], CVE-2015-8364 [bnc#957115], CVE-2015-8365 [bnc#957116] - Update to new upstream release 2.8.2, containing fixes for the following security issues: * CVE-2015-8216 boo#955346 * CVE-2015-8217 boo#955347 * CVE-2015-8218 boo#955348 * CVE-2015-8219 boo#955350 - Upstream changes: * various fixes in the aac_fixed decoder * various fixes in softfloat * swresample/resample: increase precision for compensation * lavf/mov: add support for sidx fragment indexes * avformat/mxfenc: Only store user comment related tags when needed * ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format. * apng: use correct size for output buffer * jvdec: avoid unsigned overflow in comparison * avcodec/jpeg2000dec: Clip all tile coordinates * avcodec/microdvddec: Check for string end in 'P' case * avcodec/dirac_parser: Fix undefined memcpy() use * avformat/xmv: Discard remainder of packet on error * avformat/xmv: factor return check out of if/else * avcodec/mpeg12dec: Do not call show_bits() with invalid bits * avcodec/faxcompr: Add missing runs check in decode_uncompressed() * libavutil/channel_layout: Check strtol*() for failure * avformat/mpegts: Only start probing data streams within probe_packets * avcodec/hevc_ps: Check chroma_format_idc * avcodec/ffv1dec: Check for 0 quant tables * avcodec/mjpegdec: Reinitialize IDCT on BPP changes * avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it * avcodec/h264_slice: Disable slice threads if there are multiple access units in a packet * avformat/hls: update cookies on setcookie response * opusdec: Don't run vector_fmul_scalar on zero length arrays * avcodec/opusdec: Fix extra samples read index * avcodec/ffv1: Initialize vlc_state on allocation * avcodec/ffv1dec: update progress in case of broken pointer chains * avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons * rtsp: Allow $ as interleaved packet indicator before a complete response header * videodsp: don't overread edges in vfix3 emu_edge. * avformat/mp3dec: improve junk skipping heuristic * concatdec: fix file_start_time calculation regression * avcodec: loongson optimize h264dsp idct and loop filter with mmi * avcodec/jpeg2000dec: Clear properties in jpeg2000_dec_cleanup() too * avformat/hls: add support for EXT-X-MAP * avformat/hls: fix segment selection regression on track changes of live streams * configure: Require libkvazaar < 0.7. * avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup - Drop ffmpeg-mov-sidx-fragment.patch, fixed upstream. - Update to new upstream release 2.8.1 * Minor bugfix release * Includes all changes from. Ffmpeg-mt, libav master of 2015-08-28, libav 11 as of 2015-08-28 - Add ffmpeg-mov-sidx-fragment.patch to add sidx fragment indexes. Needed for new mpv release. - Update to new upstream release 2.8 * DirectDraw Surface image/texture decoder * Many improvements to the JPEG 2000 decoder * New video filters: colorkey, SSIM, showvolume, adrawgraph, drawgraph, removegrain, erosion, dilation, deflate, inflate, reverse, atadenoise, aphasemeter, showfreqs, vectorscope, waveform, hstack, vstack, framerate * New audio filters: Dynamic Audio Normalizer as dynaudnorm filter, areverse, random, deband, sidechaincompress, acrossfade * allyuv and allrgb video sources * Switched default encoders for webm to VP9 and Opus * Removed experimental flag from the JPEG 2000 encoder - Update to new upstream release 2.7.2 - webp: fix infinite loop in webp_decode_frame - huffyuvdec: validate image size - avcodec/vp8: Check buffer size in vp8_decode_frame_header() - avcodec/vp8: Fix null pointer dereference in ff_vp8_decode_free() - avutil/fifo: Fix the case where func() returns less bytes than requested in av_fifo_generic_write() - bytestream2: set the reader to the end when reading more than available - oggparsedirac: check return value of init_get_bits - vp9/update_prob: prevent out of bounds table read - avcodec/pngdec: Check values before updating context in decode_fctl_chunk() - avcodec/pngdec: Copy IHDR & plte state from last thread - avcodec/pngdec: Require a IHDR chunk before fctl - avcodec/pngdec: Only allow one IHDR chunk - ffmpeg: Do not use the data/size of a bitstream filter after failure - Enable codecs for audio: PCM, Speex, CELT, FLAC, ILBC, Opus - Enable codecs for image: BMP/PCX/TGA, TIFF, Sun/SGI/X11 raster raw Huff-compressed or uncompressed YUV - Update to new upstream release 2.7.1 * postproc: fix unaligned access * avcodec/flacenc: Fix Invalid Rice order * tls_gnutls: fix hang on disconnection * avcodec/ffv1enc: fix bps for >8bit yuv when not explicitly set * avio: fix potential crashes when combining ffio_ensure_seekback + crc * ffmpeg_opt: Check for localtime() failure * configure: Disable VSX on unspecified / generic CPUs - Enabled 'bluray' protocol - Update to new upstream release 2.7 * New encoders: apng (PNG with alpha) * New decoders: TDSC (a JPEG/BGR24/zlib format) * New audio filters: chorus * New video filters: cover_rect, detelecine, fftfilt, find_rect - Enable codecs: 012v, ansi, apng, bmp, exr, ffv1, ffvhuff * unpack DivX-style packed B-frames in MPEG-4 bitstream filter * WebM Live Chunk Muxer * nvenc level and tier options - Canopus HQ/HQA decoder - Automatically rotate videos based on metadata in ffmpeg - improved Quickdraw compatibility - VP9 high bit-depth and extended colorspaces decoding support - WebPAnimEncoder API when available for encoding and muxing WebP - Direct3D11-accelerated decoding - Support Secure Transport - Multipart JPEG demuxer - Fix building with BUILD_ORIG - Update to new upstream release 2.6.3 * avcodec/libtheoraenc: Check for av_malloc failure * ffmpeg_opt: Fix -timestamp parsing * avcodec/cavsdec: Use ff_set_dimensions() * swr: fix alignment issue caused by 8ch sse functions * avcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt() * avformat/matroskadec: Cleanup error handling for bz2 & zlib * avformat/matroskaenc: Check ff_vorbiscomment_length in put_flac_codecpriv() * avcodec/mpeg12dec: use the correct dimensions for checking SAR * xcbgrab: Validate the capture area * xcbgrab: Do not assume the non shm image data is always available * avfilter/lavfutils: disable frame threads when decoding a single image * ffmpeg: remove incorrect network deinit * OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c * libvpxenc: only set noise reduction w/vp8 * vp9: remove another optimization branch in iadst16 which causes overflows. * network: Do not leave context locked on error * vp9: remove one optimization branch in iadst16 which causes overflows. * swresample: Allow reinitialization without ever setting channel layouts/counts * imgutils: initialize palette padding bytes in av_image_alloc * id3v2: catch avio_read errors in check_tag * avi: Validate sample_size * diracdec: avoid overflow of bytes*8 in decode_lowdelay * diracdec: prevent overflow in data_unit_size check * matroskadec: use uint64_t instead of int for index_scale * pngdec: don't use AV_PIX_FMT_MONOBLACK for apng * pngdec: return correct error code from decode_frame_common * swscale/ppc/swscale_altivec.c: POWER LE support in yuv2planeX_8() delete macro GET_VF() it was wrong * matroskadec: export cover art correctly * mxfenc: don't try to write footer without header - Enable building avresample for extra API compat - Remove ffmpeg-pkgconfig-requires.diff: RPM's pkgconfigdeps.sh is scanning Requires.private too. - Add baselibs.conf: provide -32bit libraries (used by xine-32bit). - Update to new upstream release 2.6.2 * avformat/utils: avoid discarded streams in av_find_default_stream_index() * avutil/cpu: add missing check for mmxext to av_force_cpu_flags * avformat/http: replace cookies with updated values instead of appending forever - Update to new upstream release 2.6.1 * Maintenance release with some bugfixes - Update to new upstream release 2.6 * The VP9 decoder is now usable on x86(-32) and pre-SSSE3 CPUs. * 10-bit support in the SPP video filter * New video filters: "colorlevels", "tblend", "palettegen", "paletteuse". New audio filters: "dcshift". * The old libmpcodecs wrapper is finally gone * API changes: introduction of device inputs and outputs - Update to new upstream release 2.5.3 * AVFoundation screen-grabbing support, animated WebP decoding support, and Animated PNG support. UDP-Lite support was added. - Initial package (version 2.5.3) for build.opensuse.org ==== hdf5 ==== Version update (1.10.4 -> 1.10.5) Subpackages: libhdf5-103 libhdf5_hl100 - Fix .so number in baselibs.conf for libhdf5_fortran libs (boo#1169793). - Fix library link flags on pkg-config file for HPC builds (boo#1134298). - Remove bogus undefines of suffix and mpi_flavor. suffix is the name of an RPM built-in (like expand or echo), and since RPM 4.15 trying to alter a built-in is an error. Fixes built of serial flavor on Tumbleweed. See https://rpm.org/user_doc/macros.html - Add compat provides for renamed hdf5-openmpi{,-devel} package, see https://en.opensuse.org/openSUSE:Package_dependencies - Fix openmpi1 package naming for SLE/Leap <= 15.1 - Add HPC support for gcc8 and gcc9 (jsc#SLE-7766 & jsc#SLE-8604). - Disable openmpi1 builds for SLE/Leap > 15.1. - Enable openmpi3 builds for Leap and SLE > 15.1 (jsc#SLE-7773). - openmpi has been renamed into openmpi1 - Use -ffat-lto-objects to provide a proper static library. - Re-list hdf5-mpi.patch in the spec file for the sake of a avoiding a script rejecting the package automatically. - Update to version 1.10.5: (jsc#SLE-8501) * https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt - Bump fortran library soname, sonum_F from 100 to 102. - Adjust library installation path, use %hpc_prefix/lib64 in x86_64 and %hpc_libdir in all other cases - Patches refreshed: * hdf5-LD_LIBRARY_PATH.patch * hdf5-1.8.11-abort_unknown_host_config.patch * PPC64LE-Fix-long-double-handling.patch * hdf5-Remove-timestamps-from-binaries.patch * Disable-phdf5-tests.patch - Patch disabled, upstream have changed the file that was being patched, while it could be ported, it's unknown if this patch is still needed. * hdf5-mpi.patch - Patch removed, merged upstream * 0001-Fix-return-value-in-test_libver_bounds_open.patch - Since build machine size issues do not seem to go way, make the %check stage optional: enable with '--with check'. ==== shotwell ==== Version update (0.30.8 -> 0.30.9) Subpackages: shotwell-lang - Update to version 0.30.9: + Fix YouTube OAuth scope. + Updated translations. - Drop shotwell-Make_fatal-warnings_an_option.patch: Fixed upstream. ==== tmux ==== Version update (3.1~rc1 -> 3.1b) - tmux 3.1b: * Fix crash when allow-rename ison and an empty name is set - tmux 3.1a: * Do not close stdout prematurely in control mode since it is needed to print exit messages. Prevents hanging when detaching with iTerm2 - includes changes between 3.1-rc1 and 3.1: * Only search the visible part of the history when marking (highlighting) search terms. This is much faster than searching the whole history and solves problems with large histories. The count of matches shown is now the visible matches rather than all matches * Search using regular expressions in copy mode. search-forward and search-backward use regular expressions by default; the incremental versions do not * Turn off mouse mode 1003 as well as the rest when exiting * Add selection_active format for when the selection is present but not moving with the cursor * Fix dragging with modifier keys, so binding keys such as C-MouseDrag1Pane and C-MouseDragEnd1Pane now work * Add -a to list-keys to also list keys without notes with -N * Do not jump to next word end if already on a word end when selecting a word; fixes select-word with single character words and vi(1) keys * Fix top and bottom pane calculation with pane border status enabled