ffmpeg (7:2.8.17-0ubuntu0.1+esm10) xenial-security; urgency=medium

  * SECURITY UPDATE: Out of Bounds Read
    - debian/patches/CVE-2025-0518.patch: Check return value of sscanf
    - CVE-2025-0518
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2025-22919.patch: Check for valid sample rate
    - CVE-2025-22919

 -- Bruce Cable <bruce.cable@canonical.com>  Thu, 22 May 2025 09:58:30 +1000

ffmpeg (7:2.8.17-0ubuntu0.1+esm9) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2024-36617.patch: libavformat/cafdec.c: add
      check for integer overflow
    - CVE-2024-36617

 -- Bruce Cable <bruce.cable@canonical.com>  Tue, 07 Jan 2025 11:29:33 +1100

ffmpeg (7:2.8.17-0ubuntu0.1+esm8) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-32230.patch: avcodec/mpegvideo_enc: Fix 1 line
      and one column images
    - CVE-2024-32230

 -- Octavio Galland <octavio.galland@canonical.com>  Wed, 28 Aug 2024 17:56:46 -0300

ffmpeg (7:2.8.17-0ubuntu0.1+esm7) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-50010.patch: avfilter/vf_gradfun: Do not
      overread last line
    - CVE-2023-50010

 -- Allen Huang <allen.huang@canonical.com>  Wed, 29 May 2024 10:58:59 +0100

ffmpeg (7:2.8.17-0ubuntu0.1+esm6) xenial-security; urgency=medium

  * SECURITY UPDATE: memory leak in inavi_add_ientry function in avienc.c
    - debian/patches/CVE-2020-22039.patch: fix memory leaks and
      return values
    - CVE-2020-22039
  * SECURITY UPDATE: memory leak in fifo_alloc_common function in 
    libavutil/fifo.c
    - debian/patches/CVE-2020-22043.patch: fix memory leaks and 
      return values
    - CVE-2020-22043
  * SECURITY UPDATE: overflow vulnerability in av_timecode_make_string
    in libavutil/timecode.c
    - debian/patches/CVE-2021-28429.patch: avoid fps overflow
    - CVE-2021-28429.patch
  * SECURITY UPDATE: memory leaks in filter_frame function in 
    libavfilter/vf_tile.c
    - debian/patches/CVE-2020-22051-1.patch: Introducing deinit
      function to handle memory leaks
    - debian/patches/CVE-2020-22051-2.patch: Fix memory leaks  
      options fails
    - CVE-2020-22051 

 -- Nick Galanis <nick.galanis@canonical.com>  Mon, 09 Oct 2023 12:32:19 +0100

ffmpeg (7:2.8.17-0ubuntu0.1+esm5) xenial-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference if memory allocation fails
    - debian/patches/CVE-2022-3109.patch: check edge_emu_buffer
    - CVE-2022-3109
  * SECURITY UPDATE: null pointer dereference in libavcodec/nutdec.c 
    - debian/patches/CVE-2022-3341.patch: check avformat_new_stream
    - CVE-2022-3341

 -- Mark Esler <mark.esler@canonical.com>  Mon, 13 Mar 2023 11:50:18 -0500

ffmpeg (7:2.8.17-0ubuntu0.1+esm4) xenial-security; urgency=medium

  * SECURITY UPDATE: memory leak in av_dict_set function in dict.c
    - debian/patches/CVE-2020-22054.patch: free swresample dictionary during
      cleanup.
    - CVE-2020-22054
  * SECURITY UPDATE: out-of-bounds write in decode_frame in libavcodec/exr.c
    - debian/patches/CVE-2020-35965.patch: check ymin vs. h.
    - CVE-2020-35965
  * SECURITY UPDATE: no read_probe function assigned to tty demuxer
    - debian/patches/CVE-2021-3566-1.patch: add probe function.
    - debian/patches/CVE-2021-3566-2.patch: fix division by 0 in probe.
    - debian/patches/CVE-2021-3566-3.patch: make probing strict for first 8
      bytes.
    - debian/patches/CVE-2021-3566-4.patch: add seeking support.
    - debian/patches/CVE-2021-3566-5.patch: fix last timestamp for fate.
    - CVE-2021-3566
  * SECURITY UPDATE: no return value check for init_vlc
    - debian/patches/CVE-2021-38114.patch: check and propagate function return
      value. 
    - CVE-2021-38114
  * SECURITY UPDATE: no return value check for init_get_bits
    - debian/patches/CVE-2021-38171.patch: include return value check for 
      init_get_bits in adts_decode_extradata.
    - CVE-2021-38171
  * SECURITY UPDATE: assertion failure due to negative frame duration values
    - debian/patches/CVE-2021-38291.patch: don't return negative values in
      av_get_audio_frame_duration().
    - CVE-2021-38291

 -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Thu, 24 Feb 2022 09:30:00 -0300

ffmpeg (7:2.8.17-0ubuntu0.1+esm3) xenial-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow gaussian blur filter
    - debian/patches/CVE-2020-22032.patch: fix heap buffer overflow.
    - CVE-2020-22032
  * SECURITY UPDATE: memory leak in avcodec_alloc_context3 function
    - debian/patches/CVE-2020-22037.patch: free AVCodecContext structure on
      error during init.
    - CVE-2020-22037
  * SECURITY UPDATE: memory leak in v_frame_alloc function
    - debian/patches/CVE-2020-22040.patch: fix memory leaks.
    - CVE-2020-22040
  * SECURITY UPDATE: memory leak in av_buffersrc_add_frame_flags function
    - debian/patches/CVE-2020-22041.patch: fix memory leaks.
    - CVE-2020-22041
  * SECURITY UPDATE: memory leak in link_filter_inouts function
    - debian/patches/CVE-2020-22042.patch: fix leak of AVFilterInOut in case
      of error.
    - CVE-2020-22042
  * SECURITY UPDATE: memory leak in url_open_dyn_buf_internal function
    - debian/patches/CVE-2020-22044.patch: don't allocate a dynamic
      AVIOContext if no index is going to be written.
    - CVE-2020-22044
  * SECURITY UPDATE: memory leak in avpriv_float_dsp_allocl function
    - debian/patches/CVE-2020-22046.patch: fix memory leak.
    - CVE-2020-22046
  * SECURITY UPDATE: memory leak in wtvfile_open_sector function
    - debian/patches/CVE-2020-22049.patch: fix memleak when reading header
      fails.
    - CVE-2020-22049

 -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Thu, 17 Feb 2022 07:46:35 -0300

ffmpeg (7:2.8.17-0ubuntu0.1+esm2) xenial-security; urgency=medium

  * SECURITY UPDATE: heap use-after-free when remuxing rtp hint tracks
    - debian/patches/CVE-2020-21688.patch: fix segfault when remuxing rtp hint
      stream.
    - CVE-2020-21688
  * SECURITY UPDATE: heap use-after-free in the mpeg_mux_write_packet function
    at libavformat/mpegenc.c 
    - debian/patches/CVE-2020-21697-pre.patch: check for av_mallocz() failure.
    - debian/patches/CVE-2020-21697.patch: ensure packet queue stays valid.
    - CVE-2020-21697
  * SECURITY UPDATE: heap buffer overflow at libavcodec/get_bits.h when
    writing mov files
    - debian/patches/CVE-2020-22016.patch: add missing padding to output 
      track.
    - CVE-2020-22016
  * SECURITY UPDATE: heap buffer overflow in the build_diff_map function at 
    libavfilter/vf_fieldmatch.c
    - debian/patches/CVE-2020-22020.patch: fix heap buffer overflow and fix
      use of uninitialized values. 
    - CVE-2020-22020
  * SECURITY UPDATE: heap buffer overflow in the filter_edges function at 
    libavfilter/vf_yadif.c
    - debian/patches/CVE-2020-22021.patch: fix handling of tiny images. 
    - CVE-2020-22021
  * SECURITY UPDATE: heap buffer overflow in filter_frame function at 
    libavfilter/vf_fieldorder.c
    - debian/patches/CVE-2020-22022.patch: fix heap-buffer overflow.
    - CVE-2020-22022
  * SECURITY UPDATE: heap buffer overflow in the gaussian_blur function at
    libavfilter/vf_edgedetect.c
    - debian/patches/CVE-2020-22025.patch: check if height is big enough.
    - CVE-2020-22025
  * SECURITY UPDATE: heap buffer overflow in the filter16_complex_low function
    at libavfilter/vf_w3fdif.c 
    - debian/patches/CVE-2020-22031.patch: deny processing small videos. 
    - CVE-2020-22031

 -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Fri, 11 Feb 2022 11:36:23 -0300

ffmpeg (7:2.8.17-0ubuntu0.1+esm1) xenial-security; urgency=medium

  * SECURITY UPDATE: division by zero in libavcodec/lpc.h
    - debian/patches/CVE-2020-20445.patch: avoid floating point division by 0.
    - CVE-2020-20445
  * SECURITY UPDATE: division by zero in libavcodec/aacpsy.c
    - debian/patches/CVE-2020-20446.patch: avoid floating point division by 0
      of norm_fac.
    - CVE-2020-20446
  * SECURITY UPDATE: memory leak in option parsing operation
    - debian/patches/CVE-2020-20451.patch: fix leak of options when parsing
      options fails.
    - CVE-2020-20451
  * SECURITY UPDATE: division by zero in libavcodec/aaccoder.c
    - debian/patches/CVE-2020-20453.patch: avoid 0 lambda.
    - CVE-2020-20453
  * SECURITY UPDATE: division by zero in libavfilter/vf_lenscorrection.c
    - debian/patches/CVE-2020-20892.patch: fix division by 0.
    - CVE-2020-20892
  * SECURITY UPDATE: out-of-bounds read in long_term_filter function
    - debian/patches/CVE-2020-20902.patch: avoid computing invalid temporary
      pointers for ff_acelp_weighted_vector_sum().
    - CVE-2020-20902
  * SECURITY UPDATE: heap-based buffer overflow in libavcodec/pngenc.c
    - debian/patches/CVE-2020-21041.patch: remove support for monowhite pixel
      format.
    - CVE-2020-21041

 -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Fri, 04 Feb 2022 10:44:34 -0300

ffmpeg (7:2.8.17-0ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release.
    - Fixes CVE-2018-15822, CVE-2019-11338, CVE-2019-12730,
      CVE-2019-17542 and CVE-2020-13904.

 -- Eduardo Barretto <eduardo.barretto@canonical.com>  Wed, 15 Jul 2020 10:53:56 -0300

ffmpeg (7:2.8.15-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release.
    - Fixes CVE-2018-7557, CVE-2018-12458 and CVE-2018-13302.

 -- Eduardo Barretto <eduardo.barretto@canonical.com>  Wed, 22 Aug 2018 12:59:03 -0300

ffmpeg (7:2.8.14-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream bugfix release. (LP: #1697785)
    - Fixes CVE-2017-9991, CVE-2017-9992, CVE-2017-9993, CVE-2017-9994,
      CVE-2017-9996, CVE-2017-11399, CVE-2017-11665, CVE-2017-14055,
      CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059,
      CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222,
      CVE-2017-14223, CVE-2017-14225, CVE-2017-15672, CVE-2017-17081.

 -- James Cowgill <jcowgill@debian.org>  Tue, 10 Apr 2018 14:49:07 +0100

ffmpeg (7:2.8.11-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * Import new upstream bugfix release 2.8.11. (LP: #1664403)
    Fixes CVE-2016-9561, CVE-2017-5024 and CVE-2017-5025.
  * Add new av_image_check_size2 symbol to libavutil55.symbols.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 14 Feb 2017 00:49:10 +0100

ffmpeg (7:2.8.10-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream bugfix release 2.8.10. (LP: #1647226)
    Fixes CVE-2016-7502, CVE-2016-7562, CVE-2016-7785 and CVE-2016-7905.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 10 Dec 2016 17:41:36 +0100

ffmpeg (7:2.8.8-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * Import new upstream bugfix release 2.8.8. (LP: #1581156)
     - Fixes CVE-2016-6164 and CVE-2016-6881.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 15 Oct 2016 16:58:13 +0200

ffmpeg (7:2.8.6-1ubuntu2) xenial; urgency=medium

  * No-change rebuild for zeromq3 transition.

 -- Matthias Klose <doko@ubuntu.com>  Mon, 14 Mar 2016 19:20:44 +0000

ffmpeg (7:2.8.6-1ubuntu1) xenial; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Compile with -O2 rather than -O3 on s390x, to work around
      https://bugs.launchpad.net/bugs/1526324.
  * Should fix LP: #1533367

 -- Iain Lane <iain@orangesquash.org.uk>  Thu, 25 Feb 2016 17:48:20 +0000

ffmpeg (7:2.8.6-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.8.6.
  * Update Standards-Version to 3.9.7.
     - Move documentatation from /u/s/d/ffmpeg-doc/ to /u/s/d/ffmpeg/.
  * Use https for the Vcs-Git link.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 02 Feb 2016 23:46:23 +0100

ffmpeg (7:2.8.5-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.8.5.
     - Fixes CVE-2016-1897 and CVE-2016-1898.
  * Update doc-make-apidoc-output-independent-of-SRC_PATH.patch.
  * Add patch to make out-of-tree builds bit-identical to in-tree-builds.
  * Enable the now available opencv and frei0r on mips64el.
  * Fix altivec-extra compile time optimization.
  * Update copyright year for the debian files.
  * Change priority of libavcodec*-extra* to extra.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Fri, 15 Jan 2016 20:23:56 +0100

ffmpeg (7:2.8.4-1ubuntu4) xenial; urgency=medium

  * No-change rebuild for gnutls transition.

 -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Feb 2016 22:41:03 +0000

ffmpeg (7:2.8.4-1ubuntu3) xenial; urgency=medium

  * No-change rebuild for x265 transition.

 -- Matthias Klose <doko@ubuntu.com>  Fri, 12 Feb 2016 09:46:11 +0000

ffmpeg (7:2.8.4-1ubuntu2) xenial; urgency=medium

  * Rebuild against libvpx3.

 -- Colin Watson <cjwatson@ubuntu.com>  Thu, 07 Jan 2016 00:55:36 +0000

ffmpeg (7:2.8.4-1ubuntu1) xenial; urgency=medium

  * Compile with -O2 rather than -O3 on s390x, to work around
    https://bugs.launchpad.net/bugs/1526324.

 -- Colin Watson <cjwatson@ubuntu.com>  Thu, 24 Dec 2015 03:15:28 +0000

ffmpeg (7:2.8.4-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.8.4.
  * Change section of libavcodec-extra from libs to metapackages.
  * Re-enable libsoxr as glibc bug #793641 is now fixed in testing.
  * Add patch to make apidoc output independent of SRC_PATH.
  * Also build standard flavor in a subdirectory. (Closes: #804284)

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 20 Dec 2015 23:12:56 +0100

ffmpeg (7:2.8.3-1) unstable; urgency=medium

  * Switch debian/watch to xz instead of gz.
  * Import new upstream bugfix release 2.8.3.
    Fixes CVE-2015-8363, CVE-2015-8364 and CVE-2015-8365. (Closes: #806519)
  * Respect CC and CXX from the environment in debian/rules.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 28 Nov 2015 11:39:49 +0100

ffmpeg (7:2.8.2-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.8.2.
     - videodsp: don't overread edges in vfix3 emu_edge. (Closes: #801745)
  * Drop avcodec-vp8-Do-not-use-num_coeff_partitions-in-thread.patch
    included upstream.
  * Use system bootstrap for ffmpeg-doc.
  * Remove now unused bootstrap sources.
  * Add build-profile support for stage1, disabling frei0r, opencv and x264.
  * Drop now unnecessary embedded-library lintian-overrides.
  * Re-enable libdc1394 on sparc64, as libudev is working again.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 12 Nov 2015 23:58:49 +0100

ffmpeg (7:2.8.1-1) unstable; urgency=medium

  [ Balint Reczey ]
  * Add myself to uploaders.

  [ Andreas Cadhalpun ]
  * Import new upstream bugfix release 2.8.1.
  * Remove hls-only-seek-if-there-is-an-offset.patch included upstream.
  * Add avcodec-vp8-Do-not-use-num_coeff_partitions-in-thread.patch to
    fix CVE-2015-6761.
  * Enable x264 on mips64el and opencv on alpha.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 15 Oct 2015 00:26:09 +0200

ffmpeg (7:2.8-1) unstable; urgency=medium

  [ Fabian Greffrath ]
  * Pass the --dbg-package=ffmpeg-dbg parameter only to dh_strip.
  * Add alternative Depends: libavcodec-ffmpeg-extra56 to libavcodec-dev and
    ffmpeg-dbg to allow for building and debugging with this library installed.

  [ Andreas Cadhalpun ]
  * Import new major upstream release 2.8.
  * Remove the transitional lib*-ffmpeg-dev packages.
  * Drop old Breaks on kodi-bin.
  * Drop workaround for sparc, which is no Debian architecture anymore.
  * Re-enable x265 on alpha, as it's available again.
  * Disable unavailable frei0r, opencv and x264 on mips64el.
  * Disable libopenjpeg (#787275) and libschroedinger (#787957) decoders.
    (Closes: #786670)
  * Disable libdc1394 on sparc64, because it links against the broken due to
    #790560 libudev1.
  * Enable libsnappy support.
  * Add new symbols.
  * Update debian/copyright.
  * Update debian/tests/encdec_list.txt.
  * Add hls-only-seek-if-there-is-an-offset.patch. (Closes: #798189)
  * Add 'Breaks: libavutil-ffmpeg54 (>= 8:0)' to the libraries.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 22 Sep 2015 15:15:20 +0200

ffmpeg (7:2.7.2-2) unstable; urgency=medium

  [ Reinhard Tartler ]
  * Tighten breaks/replaces on libav-tools. (Closes: #793085)
  * Take over the libav-tools package.

  [ Andreas Cadhalpun ]
  * Rename d/libav-tools-links.links to d/libav-tools.links.
  * Disable libsoxr support to workaround glibc bug #793641.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Mon, 17 Aug 2015 22:45:02 +0200

ffmpeg (7:2.7.2-1) unstable; urgency=medium

  [ Reinhard Tartler ]
  * Add myself to uploaders.
  * Merge qt-faststart back into 'ffmpeg'.

  [ Andreas Cadhalpun ]
  * Upload to unstable.
  * Import new upstream bugfix release 2.7.2.
     - Make -xerror with multi-threading more robust. (Closes: #780344)
  * Enable frei0r, opencv, x264, x265 on x32 and x265 on sparc64.
  * Disable x264 on sparc64 due to #792921.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Mon, 20 Jul 2015 10:23:49 +0200

ffmpeg (7:2.7.1-2) experimental; urgency=medium

  [ Andreas Cadhalpun ]
  * Build libavcodec-extra flavor.
  * Add encdec-extra autopkgtest for the libavcodec-extra flavor.
  * Add lib*-dev and libav-tools-links packages.
  * Drop README.Debian.
  * Remove bogus apng-ffm autopkg test.
  * Explicitly build-depend on liblzma-dev used by the tiff decoder.
  * Use the pkg-multimedia repository for the Vcs links.
  * Use the plain lib*-dev packages for the test dependencies.
  * Disable libssh on sparc due to #790067.
  * Remove temporary gdb dependency on sparc64.
  * Enable openal on sparc64.

  [ Carl Eugen Hoyos ]
  * Disable x265 on alpha due to #789807.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 09 Jul 2015 23:42:42 +0200

ffmpeg (7:2.7.1-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.7.1.
  * Use DEB_LDFLAGS_MAINT_STRIP for removing the Bsymbolic-functions flag.
  * Use lissh-gcrypt-dev to avoid linking against libssl.
  * Disable DH_VERBOSE in debian/rules.
  * Add libavresample-ffmpeg2 and qt-faststart dependencies to ffmpeg-dbg.
  * Enable opencv and zvbi on m68k, disable opencv on alpha.
  * Remove unused, optional and private avpriv_emms_yasm from symbols file.
  * Build an altivec flavor on powerpc.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 21 Jun 2015 23:38:07 +0200

ffmpeg (7:2.7-1) unstable; urgency=medium

  * Import new major upstream release 2.7.
     - Suggest new mpeg4_unpack_bframes bitstream filter instead of
       VirtualDub/Avidemux. (Closes: #781510)
  * Add new symbols.
  * Change maintainer to the pkg-multimedia team and move myself to uploaders.
  * Let ffmpeg suggest ffmpeg-doc.
  * Fix encdec autopkgtest to not fail, when skipping tests.
  * Restrict shlib-with-non-pic-code lintian override to i386.
    Thanks to Jakub Wilk for the hint.
  * Use '-strict -2' in the encdec autopkgtest also for probing/decoding.
  * Disable loongson3 optimizations on mips, because they are not always
    available.
  * Update debian/copyright.
  * Update debian/tests/encdec_list.txt.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 11 Jun 2015 00:47:35 +0200

ffmpeg (7:2.6.3-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.6.3.
  * Don't install the pc-uninstalled directory.
    It is only useful in the source.
  * Use 'set -e' in the autopkgtests.
  * Explicitly build-depend on pkg-config.
  * Enable gnutls and librtmp on sparc64, libvpx and libsdl on x32 and
    opencv on powerpcspe, since they are now available.
  * Disable i686 optimizations on (hurd-)i386, because i586 is still
    supported.
  * Temporarily use gdb in sparc64 builds to investigate test failures.
  * Re-enable assembler optimizations on ppc64el, since they are
    finally really fixed.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 17 May 2015 22:03:38 +0200

ffmpeg (7:2.6.2-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.6.2.
  * Drop build-dependency on bc, the tests use awk since 2.6.
  * Drop override_dh_strip in debian/rules, because binutils is now built
    with --enable-deterministic-archives.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 12 Apr 2015 22:51:20 +0200

ffmpeg (7:2.6.1-1) unstable; urgency=medium

  * Import new major upstream release 2.6.1.
  * Add Breaks and Replaces on libav-tools (<< 6:9~), which shipped ff*
    symlinks. Thanks to Andreas Beckmann. (Closes: #779664)
  * Adapt debian/rules to changes in the configure script:
     - Don't explicitly set shlibdir as it now defaults to libdir.
     - Drop --disable-mips32r2, which has no effect anymore.
     - Don't add --disable-mipsfpu on mips64(el) as it should work there.
  * Enable libx265-dev on sparc, m68k and sh4, where it is now available.
  * Update debian/missing-sources.
  * Drop patches included upstream:
     - configure-use-ar-and-ranlib-in-deterministic-mode-if.patch
     - stop-embedding-the-build-date.patch
  * Add new symbols to debian/*.symbols.
  * Add autopkgtests:
     - examples: compile the example programs
     - encdec: test creating/reading files for many codec/format combinations
  * Update debian/copyright.
  * Add Breaks on kodi-bin (<= 14.0+dfsg1-1), because it uses internal FFmpeg
    API, which was changed incompatibly.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Mon, 16 Mar 2015 23:53:34 +0100

ffmpeg (7:2.5.4-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.5.4.
  * Drop configure-enable-vsx-together-with-altivec-for-ppc64el.patch
    included upstream.
  * Add patches making the build binary reproducible.
  * Stop using faketime.
  * Correctly handle noopt in DEB_BUILD_OPTIONS.
  * Disable assembler optimizations on ppc64el, as they don't work yet.
  * Disable assembler optimizations on mips64(el), as they don't work yet.
    Thanks to James Cowgill. (Closes: #776649)
  * Fix dep5-copyright-license-name-not-unique lintian warnings.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 14 Feb 2015 23:14:52 +0100

ffmpeg (7:2.5.3-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.5.3.
  * Add new av_*_ffversion symbols to the symbols files.
  * Let the test suite continue after the first error.
  * Update copyright year for debian packaging.
  * Re-enable assembler optimizations on armel.
  * Enable x265 on powerpcspe, as it's now available there.
  * Add configure-enable-vsx-together-with-altivec-for-ppc64el.patch to fix
    test failures on ppc64el.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 10 Jan 2015 11:36:54 +0100

ffmpeg (7:2.5.1-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.5.1.
  * Enable assembler optimizations on ppc64el. They should work now.
  * Enable rtmp on powerpcspe, x265 on hppa and zvbi on hurd and kfreebsd,
    as they are now available there.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Tue, 16 Dec 2014 01:20:40 +0100

ffmpeg (7:2.5-1) unstable; urgency=medium

  * Import new major upstream release 2.5.
  * Update debian/copyright.
  * Add new symbols to the symbols files.
  * Disable rtmp on powerpcspe and sparc64 as librtmp-dev is currently
    uninstallable there.
  * Disable opencv on powerpcspe, as it is currently uninstallable.
  * Enable x265 on mips, mipsel and powerpc, as it's now available there.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 06 Dec 2014 14:07:28 +0100

ffmpeg (7:2.4.4-1) unstable; urgency=medium

  * New upstream bugfix release 2.4.4.
  * Drop fix-hppa-tests.patch included upstream.
  * Do not enable gnutls on sparc64 and libzvbi on m68k, because they are
    not available there. Thanks to Carl Eugen Hoyos.
  * Do not enable libsdl and libvpx on x32, because they are not available.
  * Add explicit build-dependencies on libfontconfig1-dev, libfreetype6-dev,
    libgl1-mesa-dev, libpulse-dev and libxext-dev.
  * Add build-dependency on libx265-dev on the architectures, where it is
    already available.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Wed, 03 Dec 2014 00:29:36 +0100

ffmpeg (7:2.4.3-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.4.3.
     - Refresh Change-symbol-versioning.patch.
     - Add new symbols to the libavdevice symbols file.
  * Enable libbs2b on arm64, since it is now available.
  * Disable frei0r and libx264 on x32, libsoxr and openal on sparc64
    and libopencv on m68k, sh4, sparc64 and x32, because they are not
    (yet) avialable there.
  * Disable assembler optimizations on x32, as they wouldn't work there.
  * Include config.log in the build-log, when compiling fails.
  * Add fix-hppa-tests.patch to work around a gcc bug on hppa.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Wed, 05 Nov 2014 01:18:23 +0100

ffmpeg (7:2.4.2-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.4.2.
  * Drop tests_Cat-err-file-in-case-of-error.patch included upstream.
  * Disable assembler optimizations on armel to fix the tests.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Mon, 06 Oct 2014 21:13:39 +0200

ffmpeg (7:2.4.1-1) unstable; urgency=medium

  * Import new upstream bugfix release 2.4.1.
  * Drop patches included upstream:
     - avcodec-x86-vp9lpf_Always-include-x86util.asm.patch
     - fix-build-when-AV_READ_TIME-is-unavailable.patch
     - vf_deshake-rename-Transform.vector-to-Transform.vec.patch
  * Disable Altivec on powerpc to fix test failures.
  * Cherry-pick tests_Cat-err-file-in-case-of-error.patch to ease debugging
    of test failures.
  * Add Breaks and Replaces on old ffmpeg packages to qt-faststart.
  * Disable optimizations on mips(el) to fix test failures.
  * Don't enable libbs2b on arm64, because it is not (yet) available there.
  * Disable assembler optimizations on ppc64el to (hopefully) fix the tests.
  * Upload to unstable.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Fri, 26 Sep 2014 21:58:10 +0200

ffmpeg (7:2.4-2) experimental; urgency=medium

  * Cherrypick patches from upstream:
     - fix-build-when-AV_READ_TIME-is-unavailable.patch:
       This fixes building on armel, mipsel and s390x.
     - vf_deshake-rename-Transform.vector-to-Transform.vec.patch:
       This fixes building on powerpc and ppc64el.
     - avcodec-x86-vp9lpf_Always-include-x86util.asm.patch:
       This fixes the executable stack lintian warning for libavcodec on i386.
  * Add lintian overrides for shlib-with-non-pic-code on i386, where non-PIC
    code is allowed.
  * Don't enable opencl, because it is considered experimental.
  * Bump policy to 3.9.6 (no changes required).
  * Mark ffmpeg-doc as Multi-Arch: foreign.
  * Install the headers in the triplet subdirectory of /usr/include.
    This is necessary, because some headers (e.g. libavutil/avconfig.h)
    are architecture-dependant.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Thu, 18 Sep 2014 21:54:12 +0200

ffmpeg (7:2.4-1) experimental; urgency=medium

  * Import new major upstream release 2.4. (Closes: #729203)
     - Fixes CVE-2014-5271: proresenc_ks: fix buffer overflow
     - Fixes CVE-2014-5272: iff: fix out of array access
     - The non-free image tests/lena.pnm is not shipped anymore.
  * Switch Vcs-Browser to the cgit interface.
  * In the development packages add symbolic links from the standard lib*.so
    library names to the suffixed ones.
    This makes it possible to use the normal linker flags, e.g. '-lavcodec',
    to link against the FFmpeg libraries with '-ffmpeg' suffix.
  * Add missing copyright holders/years to debian/copyright.
  * Fix wildcard-matches-nothing-in-dep5-copyright lintian warnings.
  * Add qt-faststart to the Recommends: of the ffmpeg binary package.
  * Configure with --enable-libshine, since libshine >= 3.0.0 is now available
    in Debian.
  * Drop pkg-config_file_without_build_suffix.patch and instead create symlinks
    from the lib*.pc files to the suffixed lib*-ffmpeg.pc files.
  * Install similar symlinks for the static libraries.
  * Don't hardcode default.css as CSS filename in debian/ffmpeg-doc.install.
  * Drop patches included upstream:
     - makeinfo.patch
     - Fix-spelling.patch
  * Update Change-symbol-versioning.patch.
  * Adapt the packaging to the changed library soversions.
  * Generalize ffmpeg.lintian-overrides with wildcards.
  * Add debian/missing-sources with the sources of the minified CSS files in
    the upstream tarball.
  * Create the minified CSS files during package build instead of using the
    ones shipped in the tarball.
    For this add cleancss and node-less to Build-Depends-Indep.
  * Update debian/copyright.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sun, 14 Sep 2014 23:53:23 +0200

ffmpeg (7:2.3.1-1) experimental; urgency=medium

  * Import new upstream release 2.3.1. (Closes: #729203)
     - Fix integer overflow in LZO code. (CVE-2014-4610)
  * Fix FTBFS in Ubuntu caused by the -Bsymbolic-functions linker flag.
    Thanks to Guillaume Martres for pointing out the fix that Fabian Greffrath
    created for the Libav package.
  * Don't ignore test failures anymore, since gcc-4.9 has been fixed to
    compile FFmpeg correctly. (see #746944)
  * Enable libdc1394 only on linux. This fixes FTBFS on !linux-any.
  * Use wildcards instead of multiarch paths and sonames in lintian
    overrides.
  * Fix building on hurd (patch included upstream in 2.2.3).
  * Improve the description of the debug package.
  * Drop fix-tests.patch. Instead export the LD_LIBRARY_PATH in debian/rules.
  * Improve the comment in debian/copyright, explaining the effective license
    of the binary packages.
  * Change 'Comments:' to the correct 'Comment:' in debian/copyright.
  * Add some missing files to debian/copyright.
  * Call the upstream Makefile from debian/rules to build the apidoc
    instead of calling the doxy-wrapper directly.
  * Add _FFMPEG to the symbol versions of the libraries to ensure that there
    is no confusion, if a binary is linked against FFmpeg and another shared
    library, which is linked against Libav.
  * Update patches to apply cleanly to 2.3.
  * Add new symbols to the .symbols files.
  * Update lintian overrides.
  * Include config.log in the build-log, when configure fails.
  * Add libgnutls28-dev build-dependency, which was previously pulled in as
    a dependency of another build-dependency.
  * Install the release notes into /usr/share/doc/ffmpeg.
  * Add build-dependencies and enable in debian/rules:
     - libbs2b
     - libfribidi
  * Update debian/copyright.
  * Update the dependencies of the *-dev packages.
  * Use packaged libjs-jquery instead of the jquery created by doxygen.
  * Add Fix-spelling patch to fix spelling errors.
  * Mark architecture-dependent symbols as optional.

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Sat, 09 Aug 2014 14:00:38 +0200

ffmpeg (7:2.2.1-1) experimental; urgency=medium

  * Reintroduce FFmpeg to Debian. (Closes: #729203)
    There are far to many changes since FFmpeg 0.5 to mention them here, see:
        https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n2.2.1
    Many security issues have been fixed as well, see:
        https://ffmpeg.org/security.html
    Among them are:
     - 0.5: CVE-2008-4610
     - 0.10: CVE-2011-3941, CVE-2011-3944, CVE-2011-3934, CVE-2011-3946
     - 0.11: CVE-2012-5359, CVE-2012-5360, CVE-2012-5361
     - 1.1: CVE-2012-6618, CVE-2013-0844, CVE-2013-0846, CVE-2013-0848,
            CVE-2013-0849, CVE-2013-0850, CVE-2013-0854, CVE-2013-0856,
            CVE-2013-0858
     - 1.1.1: CVE-2013-0860
     - 1.1.2: CVE-2013-0865, CVE-2013-0867, CVE-2013-0868, CVE-2013-0869
     - 1.1.3: CVE-2013-0873, CVE-2013-2277
     - 1.2: CVE-2012-5150, CVE-2013-0894, CVE-2013-2495, CVE-2013-2496
     - 2.0: CVE-2013-3670, CVE-2013-3672
     - 2.1: CVE-2013-7009, CVE-2013-7010, CVE-2013-7011, CVE-2013-7015,
            CVE-2013-7020
     - 2.1.4: CVE-2014-2263

 -- Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>  Wed, 07 May 2014 16:40:18 +0200
