aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2011-12-25 20:11:09 +0100
committerMichael Niedermayer <michaelni@gmx.at>2011-12-25 20:11:09 +0100
commitd32ea79ea2afdca9f7a3979dc4294b5275d410be (patch)
tree96c93177cd6ca665c0d33e866b001c288f8efef7
parent57eb787ed3fabe4eb996aa2aad3fd4b10fa5c878 (diff)
parent6b156c45638ceb2e076586b7efeb4cf9e04e0a84 (diff)
downloadffmpeg-d32ea79ea2afdca9f7a3979dc4294b5275d410be.tar.gz
Merge remote-tracking branch 'qatar/release/0.6' into release/0.6n0.6.4
* qatar/release/0.6: Release notes and changelog for 0.6.4 Conflicts: Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--Changelog59
-rw-r--r--RELEASE18
2 files changed, 77 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index 8536a0e1b2..ddedcc70b0 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,65 @@ Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
version 0.6.4:
+- 4xm: Add a check in decode_i_frame to prevent buffer overreads
+- wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits.
+- swscale: #include "libavutil/mathematics.h"
+- vp3dec: Check coefficient index in vp3_dequant() (CVE-2011-4352)
+- svq1dec: call avcodec_set_dimensions() after dimensions changed. (CVE-2011-4579)
+- commits related to CVE-2011-4353:
+ - vp6: Fix illegal read.
+ - vp6: Reset the internal state when aborting key frames header parsing
+ - vp6: Check for huffman tree build errors
+ - vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling
+- commits related to CVE-2011-4351:
+ - qdm2: check output buffer size before decoding
+ - Fix qdm2 decoder packet handling to match the api
+ - Fix out of bound reads in the QDM2 decoder.
+ - Check for out of bound writes in the QDM2 decoder.
+- vmd: fix segfaults on corruped streams (CVE-2011-4364)
+- rv34: Check for invalid slice offsets
+- rv34: Fix potential overreads
+- rv34: Avoid NULL dereference on corrupted bitstream
+- rv10: Reject slices that does not have the same type as the first one
+- oggdec: fix out of bound write in the ogg demuxer
+- smacker: fix a few off by 1 errors
+- Check for invalid VLC value in smacker decoder.
+- Check and propagate errors when VLC trees cannot be built in smacker decoder.
+- Fixed off by one packet size allocation in the smacker demuxer.
+- Check for invalid packet size in the smacker demuxer.
+- ape demuxer: fix segfault on memory allocation failure.
+- Fixed size given to init_get_bits() in xan decoder.
+- smacker demuxer: handle possible av_realloc() failure.
+- Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
+- indeo2: fail if input buffer too small
+- indeo2: init_get_bits size in bits instead of bytes
+- wavpack: Check error codes rather than working around error conditions.
+- Fixed invalid writes and reads in wavpack decoder on corrupted bitstreams.
+- cpu detection: avoid a signed overflow
+- h264: correct implicit weight table computation for long ref pics
+- h264: correct the check for invalid long term frame index in MMCO decode
+- rv10/20: tell decoder to use edge emulation
+- flvenc: use int64_t to store offsets
+- VC-1: fix reading of custom PAR.
+- h264: notice memory allocation failure
+- libx264: do not set pic quality if no frame is output
+- mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata.
+- rv30: return AVERROR(EINVAL) instead of EINVAL
+- Do not decode RV30 files if the extradata is too small
+- aacps: skip some memcpy() if src and dst would be equal
+- mpegts: fix Continuity Counter error detection
+- alsa: fallback to buffer_size/4 for period_size.
+- mxfenc: fix ignored drop flag in binary timecode representation.
+- dca: set AVCodecContext frame_size for DTS audio
+- H.264: fix overreads of qscale_table
+- postprocess.c: filter name needs to be double 0 terminated
+- Replace strncpy() with av_strlcpy() in libpostproc.
+- jpegdec: actually search for and parse RSTn
+- riff: Add mpgv MPEG-2 fourcc
+- Added M701 codec_tag for mpeg2video
+
+
+version 0.6.3:
- fix compilation with --enable-hardcoded-tables
- mjpeg: Detect overreads in mjpeg_decode_scan() and error out.
diff --git a/RELEASE b/RELEASE
index 97f04d6ae6..8193b2877b 100644
--- a/RELEASE
+++ b/RELEASE
@@ -158,3 +158,21 @@ been backported from the Libav 0.7.2 release. Distributors and system
integrators are encouraged to update and share their patches against
this branch.
For a full list of changes please see the Changelog file.
+
+
+* 0.6.4
+
+General notes
+-------------
+
+This mostly maintenance-only release that addresses a number a number of
+bugs such as security and compilation issues that have been brought to
+our attention. Among other (rather minor) fixes, this release features
+fixes for the QDM2 decoder (CVE-2011-4351), vp3 decoder (CVE-2011-4352),
+DoS in the VP5/VP6 decoders (CVE-2011-4353), a buffer overflow in the
+Sierra VMD decoder CVE-2011-4364, and a safety fix in the svq1 decoder
+(CVE-2011-4579).
+
+Distributors and system integrators are encouraged
+to update and share their patches against this branch. For a full list
+of changes please see the Changelog file.