Pullup ticket #6177 - requested by nia

multimedia/ffmpeg2: security fix

Revisions pulled up:
- multimedia/ffmpeg2/Makefile                                   1.56
- multimedia/ffmpeg2/Makefile.common                            1.59
- multimedia/ffmpeg2/distinfo                                   1.58

---
   Module Name:	pkgsrc
   Committed By:	nia
   Date:		Thu Apr 23 16:34:21 UTC 2020

   Modified Files:
   	pkgsrc/multimedia/ffmpeg2: Makefile Makefile.common distinfo

   Log Message:
   ffmpeg2: Very late update to 2.8.15

   version 2.8.15:
   - avcodec/dvdsub_parser: Allocate input padding
   - avcodec/dvdsub_parser: Init output buf/size
   - avcodec/imgconvert: fix possible null pointer dereference
   - swresample/arm: rename labels to fix xcode build error
   - avformat/utils: fix mixed declarations and code
   - libwebpenc_animencoder: add missing braces to struct initialization
   - avformat/movenc: Check input sample count
   - avcodec/mjpegdec: Check for odd progressive RGB
   - avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
   - avformat/mms: Add missing chunksize check
   - avformat/pva: Check for EOF before retrying in read_part_of_packet()
   - avcodec/indeo4: Check for end of bitstream in decode_mb_info()
   - avcodec/shorten: Fix undefined addition in shorten_decode_frame()
   - avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
   - avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
   - avcodec/escape124: Fix spelling errors in comment
   - avcodec/ra144: Fix integer overflow in ff_eval_refl()
   - avcodec/cscd: Check output buffer size for lzo.
   - avcodec/escape124: Check buf_size against num_superblocks
   - avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
   - avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
   - avutil/common: Fix undefined behavior in av_clip_uintp2_c()
   - fftools/ffmpeg: Fallback to duration if sample rate is unavailable
   - avformat/mov: Only set pkt->duration to non negative values
   - avcodec/h264_mc_template: Only prefetch motion if the list is used.
   - avcodec/xwddec: Use ff_set_dimensions()
   - avcodec/wavpack: Fix overflow in adding tail
   - avcodec/shorten: Fix multiple integer overflows
   - avcodec/shorten: Sanity check nmeans
   - avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
   - avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
   - avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
   - avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
   - avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
   - avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
   - avcodec/fic: Avoid some magic numbers related to cursors
   - avcodec/g2meet: ask for sample with overflowing RGB
   - avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
   - avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
   - avcodec/mlpdec: Only change noise_type if the related fields are valid
   - indeo4: Decode all or nothing of a band header.
   - avformat/mov: Only fail for STCO/STSC contradictions if both exist
   - avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
   - avcodec/fic: Check available input space for cursor
   - avcodec/g2meet: Check RGB upper limit
   - avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
   - avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
   - avcodec/g2meet: Change order of operations to avoid undefined behavior
   - avcodec/flac_parser: Fix infinite loop
   - avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
   - avcodec/error_resilience: Fix integer overflow in filter181()
   - avcodec/h263dec: Check slice_ret in mspeg4 slice loop
   - avcodec/elsdec: Fix memleaks
   - avcodec/vc1_block: simplify ac_val computation
   - avcodec/ffv1enc: Check that the crc + version combination is supported
   - lavf/http.c: Free allocated client URLContext in case of error.
   - avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
   - avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
   - avcodec/dfa: Check dimension against maximum
   - avcodec/cinepak: Skip empty frames
   - avcodec/cinepak: move some checks prior to frame allocation
   - swresample/arm: remove unintentional relocation.
   - doc/APIchanges: Fix typos in hashes
   - avformat/utils: Check cur_dts in update_initial_timestamps() more
   - avcodec/utils: Enforce minimum width also for VP5/6
   - avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
   - avcodec/mjpegdec: Check input buffer size.
   - lavc/libopusdec: Allow avcodec_open2 to call .close
   - avcodec/movtextdec: Check style_start/end
   - avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
   - swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
   - avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
   - avcodec/cscd: Error out when LZ* decompression fails
   - avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
   - avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
   - avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
   - avcodec/get_bits: Make sure the input bitstream with padding can be addressed
   - avformat/mov: Check STSC and remove invalid entries
   - avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
   - avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
   - avcodec/wmalosslessdec: Reset num_saved_bits on error path
   - avformat/mov: Fix integer overflows related to sample_duration
   - avformat/oggparseogm: Check lb against psize
   - avformat/oggparseogm: Fix undefined shift in ogm_packet()
   - avformat/avidec: Fix integer overflow in cum_len check
   - avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
   - avformat/utils: Fix integer overflow of fps_first/last_dts
   - libavformat/oggparsevorbis: Fix memleak on multiple headers
   - avcodec/bintext: sanity check dimensions
   - avcodec/utvideodec: Check subsample factors
   - avcodec/smc: Check input packet size
   - avcodec/cavsdec: Check alpha/beta offset
   - avcodec/diracdec: Fix integer overflow in mv computation
   - avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
   - avcodec/diracdec: Use int64 in global mv to prevent overflow
   - avformat/hvcc: zero initialize the nal buffers past the last written byte

3 files changed, 8 insertions, 9 deletions

diff --git a/multimedia/ffmpeg2/Makefile b/multimedia/ffmpeg2/Makefile
index 53a78a56e6f..3532d2b5638 100644
--- a/multimedia/ffmpeg2/Makefile
+++ b/multimedia/ffmpeg2/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2020/03/10 22:10:38 wiz Exp $
+# $NetBSD: Makefile,v 1.54.2.1 2020/04/30 07:54:55 bsiegert Exp $
 
 PKGNAME=	${DISTNAME:S/ffmpeg/ffmpeg2/}
-PKGREVISION=	13
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://ffmpeg.mplayerhq.hu/
 COMMENT=	Decoding, encoding and streaming software (v2.x)
diff --git a/multimedia/ffmpeg2/Makefile.common b/multimedia/ffmpeg2/Makefile.common
index 9c1e6ac5068..25771758ac7 100644
--- a/multimedia/ffmpeg2/Makefile.common
+++ b/multimedia/ffmpeg2/Makefile.common
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.58 2019/11/03 17:12:00 rillig Exp $
+# $NetBSD: Makefile.common,v 1.58.2.1 2020/04/30 07:54:55 bsiegert Exp $
 # used by multimedia/ffmpeg2/Makefile
 # used by multimedia/ffplay2/Makefile
 
-DISTNAME=	ffmpeg-2.8.14
+DISTNAME=	ffmpeg-2.8.15
 CATEGORIES=	multimedia
 MASTER_SITES=	http://www.ffmpeg.org/releases/
 EXTRACT_SUFX=	.tar.xz
diff --git a/multimedia/ffmpeg2/distinfo b/multimedia/ffmpeg2/distinfo
index 2ec93815787..4a95b3dea08 100644
--- a/multimedia/ffmpeg2/distinfo
+++ b/multimedia/ffmpeg2/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.57 2019/01/03 11:56:08 bsiegert Exp $
+$NetBSD: distinfo,v 1.57.8.1 2020/04/30 07:54:55 bsiegert Exp $
 
-SHA1 (ffmpeg-2.8.14.tar.xz) = 43162d7304e5d1df5a6991ae677c8e445d71cb36
-RMD160 (ffmpeg-2.8.14.tar.xz) = 6bafc3233679651e495988a33e9dd2f093419f9a
-SHA512 (ffmpeg-2.8.14.tar.xz) = 395ad0f17fc560c8d975d640ae4cdcb3b47322b3045f3873e9de7a137b6a2cca9bf1e10a1817187b338771c11787557b18b5778fc7ab37a095afacbece538a40
-Size (ffmpeg-2.8.14.tar.xz) = 7222108 bytes
+SHA1 (ffmpeg-2.8.15.tar.xz) = a48aa2baa385e8c0b9c52a7eb3f02f15829ba1a6
+RMD160 (ffmpeg-2.8.15.tar.xz) = 65688b36c5e451f9d4885ac75221f950df9921c5
+SHA512 (ffmpeg-2.8.15.tar.xz) = 9043518c7244789e801020b1661c43a3f45e1bf023f8b1e4249b9d11975747f2d1ad71b051c44756f560b16c78fd029816b875a6194dbd4d2726174d224af5fb
+Size (ffmpeg-2.8.15.tar.xz) = 7228272 bytes
 SHA1 (patch-Makefile) = e3cb5cedccd2840f36ab90cd2f4b7987e1098a56
 SHA1 (patch-configure) = bdc91d620c077f82739a901255241799cd7dc477
 SHA1 (patch-doc_Makefile) = 48d3b3ccd800303a73fcda79e78533228f79d750