Accepting request 762837 from multimedia:libs

- Update to version 1.8.2: Fixes: - CVE-2019-2126 bsc#1160611: double free in ParseContentEncodingEntry() - CVE-2019-9325 bsc#1160612: out-of-bounds read - CVE-2019-9232 bsc#1160613: Fix OOB memory access on fuzzed data - CVE-2019-9433 bsc#1160614: use-after-free in vp8_deblock() - CVE-2019-9371 bsc#1160615: resource exhaustion after memory leak official changelog: * This release collects incremental improvements to many aspects of the library. * Upgrading: ARCH_* defines have been removed in favor of VPX_ARCH_*. OBS-URL: https://build.opensuse.org/request/show/762837 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvpx?expand=0&rev=41
2020-01-12 22:18:20 +00:00 · 2020-01-12 22:18:20 +00:00 · 5ac57fc190
commit 5ac57fc190
parent 5a2a3a3b90 da0de52e24
6 changed files with 27 additions and 11 deletions
--- a/4
+++ b/4
@ -2,8 +2,8 @@
  <service name="obs_scm" mode="disabled">
    <param name="url">https://github.com/webmproject/libvpx.git</param>
    <param name="scm">git</param>
-    <param name="version">1.8.1</param>
-    <param name="revision">v1.8.1</param>
+    <param name="version">1.8.2</param>
+    <param name="revision">v1.8.2</param>
  </service>
  <service mode="disabled" name="set_version" />

--- a/libvpx-1.8.1.obscpio
+++ b/libvpx-1.8.1.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:177d5d74158bd809212622dd87e1d6367efaca959c851da4bda34b27b60525d0
-size 18498573
--- a/libvpx-1.8.2.obscpio
+++ b/libvpx-1.8.2.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a9c2217a6a7ba49e36b5a97ff622b905c278311d5f19042c2f894c33c63841d4
+size 22732301
--- a/libvpx.changes
+++ b/libvpx.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Fri Jan 10 10:35:38 UTC 2020 - Adrian Schröter <adrian@suse.de>
+
+- Update to version 1.8.2:
+  Fixes:
+   - CVE-2019-2126 bsc#1160611: double free in ParseContentEncodingEntry()
+   - CVE-2019-9325 bsc#1160612: out-of-bounds read
+   - CVE-2019-9232 bsc#1160613: Fix OOB memory access on fuzzed data
+   - CVE-2019-9433 bsc#1160614: use-after-free in vp8_deblock()
+   - CVE-2019-9371 bsc#1160615: resource exhaustion after memory leak
+
+  official changelog:
+  * This release collects incremental improvements to many aspects of the library.
+  * Upgrading:
+    ARCH_* defines have been removed in favor of VPX_ARCH_*.
+
 -------------------------------------------------------------------
 Thu Jul 18 22:00:25 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>

--- a/libvpx.obsinfo
+++ b/libvpx.obsinfo
@ -1,5 +1,5 @@
 name: libvpx
-version: 1.8.1
-mtime: 1563227733
-commit: 8ae686757b708cd8df1d10c71586aff5355cfe1e
+version: 1.8.2
+mtime: 1575932960
+commit: 7ec7a33a081aeeb53fed1a8d87e4cbd189152527

--- a/libvpx.spec
+++ b/libvpx.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libvpx
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,12 +18,12 @@

 %define         sover 6
 Name:           libvpx
-Version:        1.8.1
+Version:        1.8.2
 Release:        0
 Summary:        VP8/VP9 codec library
 License:        BSD-3-Clause AND GPL-2.0-or-later
 Group:          Productivity/Multimedia/Other
-Url:            http://www.webmproject.org/
+URL:            http://www.webmproject.org/
 Source0:        libvpx-%{version}.tar.xz
 Source1000:     baselibs.conf
 Patch1:         libvpx-define-config_pic.patch