From dc794d7096e32557cdc98339919aa1c12fe07c22 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sat, 23 Mar 2013 09:43:26 +0100 Subject: [PATCH 1/4] fate: fetch samples that match the release series The idea is to ensure that 'make fate-rsync' always fetches the fate samples that work with this release. --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 4e4eb897c0..8b56b4c3ee 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -104,7 +104,7 @@ $(FATE_AVCONV) $(FATE_SAMPLES_AVCONV): avconv$(EXESUF) ifdef SAMPLES FATE += $(FATE_SAMPLES) fate-rsync: - rsync -vaLW rsync://fate-suite.libav.org/fate-suite/ $(SAMPLES) + rsync -vaLW rsync://fate-suite.libav.org/fate-suite-9/ $(SAMPLES) else fate-rsync: @echo "use 'make fate-rsync SAMPLES=/path/to/samples' to sync the fate suite" From 9d5f16f6fe23640ee90c92b3737d9d30c2f994f3 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sat, 23 Mar 2013 08:29:04 +0100 Subject: [PATCH 2/4] add missed CVE reference in 9.2 release --- Changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Changelog b/Changelog index 707bc69a67..7229eba90b 100644 --- a/Changelog +++ b/Changelog @@ -28,7 +28,7 @@ version 9.2: - libopencore-amr: Conditionally compile decoder and encoder bits - arm: Fall back to runtime cpu feature detection via /proc/cpuinfo - xxan: properly handle odd heights -- msrledec: check bounds before constructing a possibly invalid pointer, +- msrledec: check bounds before constructing a possibly invalid pointer (CVE-2496) - qtrle: fix the topmost line for 1bit - aasc: fix output for msrle compression - yop: check for input overreads From 2dfe3a7b4dda1ff94b31aaf1dd50f208b63dc301 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sat, 23 Mar 2013 08:29:24 +0100 Subject: [PATCH 3/4] update Changelog --- Changelog | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/Changelog b/Changelog index 7229eba90b..b7f7e94f6a 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,29 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 9.4: +- atrac3: avoid oversized shifting in decode_bytes() +- eamad: allocate a dummy reference frame when the real one is missing +- ffv1: fix calculating slice dimensions for version 2 +- flacdec: simplify bounds checking in flac_probe() +- h264: check for luma and chroma bit dept being equal (CVE-2013-2277) +- hqdn3d: Fix out of array read in LOWPASS +- iff: validate CMAP palette size (CVE-2013-2495) +- ivi_common: do not call MC for intra frames when dc_transform is unset +- libmp3lame: use the correct remaining buffer size when flushing +- lzo: fix overflow checking in copy_backptr() +- mp3dec: Fix VBR bit rate parsing +- png: use av_mallocz_array() for the zlib zalloc function +- roqvideodec: fix a potential infinite loop in roqvideo_decode_frame() +- shorten: fix various programming mistakes +- vf_gradfun: fix uninitialized variable use +- vf_hqdn3d: fix uninitialized variable use +- vmdaudio: fix invalid reads when packet size is not a multiple of chunk size +- wmadec: require block_align to be set +- wmaprodec: require block_align to be set +- wmaprodec: return an error, not 0, when the input is too small +- xxan: fix invalid memory access in xan_decode_frame_type0() + version 9.3: - h264: fix deadlocks with broken/fuzzed files - flvdec: make decoder more robust From 2e06758479650f6e2a8820c7105f2d193a701175 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Sun, 31 Mar 2013 10:38:00 +0200 Subject: [PATCH 4/4] Prepare for 9.5 Release --- RELEASE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE b/RELEASE index 0359f24328..592f36ef3a 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -9.4 +9.5