aboutsummaryrefslogtreecommitdiffstats
path: root/RELEASE
blob: e68779b5b210c0e457d995a6cfd9d188eee141ad (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
Release Notes
=============

* 0.5 "Bike Shed World Domination" March 3, 2009

General notes
-------------

It has been so long since the last release that this should be considered the
first FFmpeg release of recent times. Because of the way things have unfolded to
date, the notes for this version cannot be entirely conventional.

See the Changelog file for a list of significant changes.

Please note that our policy on bug reports has not changed. We still only accept
bug reports against HEAD of the FFmpeg trunk repository. If you are experiencing
any issues with any formally released version of FFmpeg, please try a current
version of the development code to check if the issue still exists. If it does,
make your report against the development code following the usual bug reporting
guidelines.

API notes
---------

In the next release, it is intended to remove a number of deprecated APIs. We
decided to put out a release that includes said APIs for the benefit of third
party software.

As such, this release:
- provides a sync point for said APIs
- increases awareness of API changes
- allows the next release to detail how to transition from the old to the new

The deprecated APIs to be removed are:
- imgconvert (to be replaced by libswscale)
- vhook (to be replaced by libavfilter)

If at all possible, do not use the deprecated APIs. All notes on API changes
should appear in doc/APIchanges.



* 0.5.1 March 2, 2010

General notes
-------------

This point release includes some minor updates to make the 0.5 release series
usable for users that need to retain the existing behavior as closely as
possible. The changes follow below:

Security fixes
--------------

Various programming errors in container and codec implementations
may lead to denial of service or the execution of arbitrary code
if the user is tricked into opening a malformed media file or stream.

Affected and updated have been the implementations of the following
codecs and container formats:

 - the Vorbis audio codec
 - the FF Video 1 codec
 - the MPEG audio codec
 - the H264 video codec
 - the MLP codec
 - the HuffYUV codec
 - the ASF demuxer
 - the Ogg container implementation
 - the MOV container implementation

Symbol Versioning enabled
-------------------------

The backported symbol versioning change is enabled on platforms that support
it. This allows users to upgrade from 0.5.1 to the upcoming 0.6 release
without having to recompile their applications. Please note that distributors
have to recompile applications against 0.5.1 before upgrading to 0.6.

libx264.c backport
------------------

This release includes a backport to the libx264 wrapper that allows FFmpeg to
be compiled against newer versions of libx264 up to API version 85.

licensing changes
-----------------

Previously both libswscale and our AC-3 decoder had GPLed parts. These have
been replaced by fresh LGPL code. x86 optimizations for libswscale remain GPL,
but the C code is fully functional. Optimizations for other architectures have
been relicensed to LGPL.

AMR-NB decoding/encoding and AMR-WB decoding is now possible through the free
software OpenCORE libraries as an alternative to the non-free libamr libraries.

We found out that libfaac contains non-free parts and is not LGPL as previously
claimed. We have changed configure to reflect this. You now have to pass the
--enable-nonfree option if you wish to compile with libfaac support enabled.

Furthermore the non-free bits in libavcodec/fdctref.c have been rewritten. Note
well that they were only used in a test program and never compiled into any
FFmpeg library.



* 0.5.2 May 25, 2010

General notes
-------------

This is a maintenance-only release that addresses a small number of security
and portability issues. Distributors and system integrators are encouraged
to update and share their patches against this branch.



* 0.5.3 Oct 18, 2010

General notes
-------------

This is (again) another maintenance-only release that addresses a fix
for seekable HTTP and an exploitable bug in the FLIC decoder
(cf. CVE-2010-3429 for details). Distributors and system integrators are
encouraged to update and share their patches against this branch.



* 0.5.4 Mar 17, 2011

General notes
-------------

This is the first release that we cut after git migration. It is another
maintenance-only release that addresses several security issues that were
brought to our attention. In detail, fixes for RV30/40, WMV, Vorbis and
VC-1 have been backported from trunk. Distributors and system integrators
are encouraged to update and share their patches against this branch.



* 0.5.5 Nov 11, 2011

General notes
-------------

This maintenance-only release addresses several security issues that
were brought to our attention. In detail, fixes for the MJPEG decoder,
the CAVS decoder (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974), and the
Matroska decoder (MSVR11-011/CVE-2011-3504) have been
corrected. Additional, this release contains fixes for compilation with
gcc-4.6. Distributors and system integrators are encouraged to update
and share their patches against this branch.



* 0.5.6 Dec 25, 2011

General notes
-------------

This maintenance-only release addresses several security issues that
were brought to our attention. In details, it features fixes for the
QDM2 decoder (CVE-2011-4351), DoS in the VP5/VP6 decoders
(CVE-2011-4353), and a buffer overflow in the Sierra VMD decoder
CVE-2011-4364, and a safety fix in the SVQ1 decoder (CVE-2011-4579).
CVE-2011-4352, a bug in the VP3 decoder, is not known to affect this
release.

Distributors and system integrators are encouraged to update and share
their patches against this branch.



* 0.5.7 Jan 11, 2012

General notes
-------------

This mostly maintenance-only release that addresses a number a number of
bugs such as security and compilation issues that have been brought to
our attention. Among other (rather minor) fixes, this release features
fixes for the VP3 decoder (CVE-2011-3892), vorbis decoder, and matroska
demuxer (CVE-2011-3893 and CVE-2011-3895).

Distributors and system integrators are encouraged
to update and share their patches against this branch.  For a full list
of changes please see the Changelog file.