%define bname gstreamer0.10 %define name %bname-ffmpeg %define oname gst-ffmpeg %define version 0.10.11 %define release %mkrel 3 %define subrel 2 %define gstver 0.10.22 # _with = default off, _without = default on %bcond_without external_ffmpeg # (Anssi 01/2008) External ffmpeg disabled because of issues: # with FLV file with totem: # ** ERROR:(gstffmpegdec.c:731):gst_ffmpegdec_get_buffer: code should not be reached # with VDR stream as per manual pipeline in http://bugzilla.gnome.org/show_bug.cgi?id=506902 : # (gst-launch-0.10:23590): GStreamer-CRITICAL **: gst_value_set_fraction: assertion `denominator != 0' failed # No playback in either case. Summary: Gstreamer plugin for the ffmpeg codec Name: %{name} Version: %{version} Release: %{release} Source0: http://gstreamer.freedesktop.org/src/gst-ffmpeg/%{oname}-%{version}.tar.bz2 Source1: http://ffmpeg.org/releases/ffmpeg-0.6.5.tar.bz2 # (Anssi 01/2008) Enable mpegts demuxer as well, for now. # If either # https://core.fluendo.com/gstreamer/trac/ticket/88 or # http://bugzilla.gnome.org/show_bug.cgi?id=347342 # will be fixed, we should probably remove this patch and package the # "native" non-ffmpeg MPL-licensed fluendo-mpegdemux, which is apparently # highly preferred to ffmpeg plugin by upstream. Patch0: gst-ffmpeg-enable-mpegts.patch # security fixes for bundled ffmpeg, taken from already fixed ffmpeg package # http://svnweb.mageia.org/packages/updates/1/ffmpeg/current/SOURCES/ Patch1: ffmpeg-0.6.3-mga-check_all_svq3_get_ue_golomb_returns.patch Patch2: CVE-2011-1196.patch Patch3: CVE-2011-3362.patch # patches taken from http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/maverick/ffmpeg/maverick-updates/files/head:/debian/patches/ Patch4: CVE-2011-1931.patch Patch5: CVE-2011-2161.patch Patch6: fix-CVE-2011-0480.patch Patch7: fix-CVE-2011-0723.patch Patch8: fix-CVE-2010-3429.patch Patch9: fix-CVE-2010-4704.patch Patch10: CVE-2011-3504.patch Patch11: CVE-2011-4351.patch Patch12: CVE-2011-4352.patch Patch13: CVE-2011-4353.patch Patch14: CVE-2011-4364.patch Patch15: CVE-2011-4579.patch # patches taken from already fixed mplayer package # http://svnweb.mageia.org/packages/updates/1/mplayer/current/SOURCES/ Patch16: ffmpeg-CVE-2011-0722.patch Patch17: ffmpeg-mov_bad_timings.patch Patch18: ffmpeg-mp3_outlen.patch Patch19: ffmpeg-vorbis_zero_samplerate.patch Patch20: CVE-2011-3892.patch # rediffed from http://git.videolan.org/?p=ffmpeg.git;a=patch;h=a5e0afe3c936220a793db0cdae04bb228f1904e0 Patch21: CVE-2011-3893-rediff.patch Patch22: CVE-2011-3895.patch License: GPLv2+ Group: Video URL: http://www.gstreamer.net BuildRequires: libgstreamer-plugins-base-devel >= %gstver BuildRequires: liborc-devel >= 0.4.5 BuildRequires: freetype2-devel BuildRequires: libcheck-devel %ifnarch %arm %mips BuildRequires: valgrind %endif BuildRequires: libbzip2-devel %if %with external_ffmpeg BuildRequires: ffmpeg-devel %endif BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot %description Video codec plugin for GStreamer based on the ffmpeg libraries. %prep %setup -q -n %oname-%version %patch0 -p1 -b .mpegts # update the bundled ffmpeg copy to latest ffmpeg upstream relese pushd gst-libs/ext/ rm -rf ffmpeg tar xf %{SOURCE1} mv ffmpeg-0.6.5/ ffmpeg/ popd #%patch1 -p1 -b .check_all_svq3_get_ue_golomb_returns #%patch2 -p1 -b .CVE-2011-1196 #%patch3 -p1 -b .CVE-2011-3362 #%patch4 -p1 -b .CVE-2011-1931 #%patch5 -p1 -b .CVE-2011-2161 #%patch6 -p1 -b .fix-CVE-2011-0480 #%patch7 -p1 -b .fix-CVE-2011-0723 #%patch8 -p1 -b .fix-CVE-2010-3429 #%patch9 -p1 -b .fix-CVE-2010-4704 #%patch10 -p1 -b .CVE-2011-3504 #%patch11 -p1 -b .CVE-2011-4351 #%patch12 -p1 -b .CVE-2011-4352 #%patch13 -p1 -b .CVE-2011-4353 #%patch14 -p1 -b .CVE-2011-4364 #%patch15 -p1 -b .CVE-2011-4579 #%patch16 -p1 -b .CVE-2011-0722 #%patch17 -p1 -b .ffmpeg-mov_bad_timings #%patch18 -p1 -b .ffmpeg-mp3_outlen #%patch19 -p1 -b .ffmpeg-vorbis_zero_samplerate #%patch20 -p1 -b .CVE-2011-3892 #%patch21 -p1 -b .CVE-2011-3893 #%patch22 -p1 -b .CVE-2011-3895 #cd ../../../ %build %define _disable_ld_no_undefined 1 # gst-ffmpeg mp3 decoder has issues (eg no seeking support), disable it since # gst-plugins-bad and gst-fluendo both ship better mp3 decoders %configure2_5x \ --with-package-name='%{distribution} %name package' \ --with-package-origin='http://www.mageia.org/' \ --with-ffmpeg-extra-configure='--disable-decoder=mp3 --disable-decoder=mp3on4 --disable-decoder=mp3adu --disable-demuxer=mp3 --disable-demuxer=asf' \ %if %with external_ffmpeg --with-system-ffmpeg %endif %make %check cd tests/check #gw fails in iurt #make check %install rm -rf $RPM_BUILD_ROOT %makeinstall_std rm -f %buildroot%_libdir/gstreamer*/*a %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %doc README NEWS TODO ChangeLog AUTHORS %_libdir/gstreamer-0.10/libgstffmpeg.so %_libdir/gstreamer-0.10/libgstffmpegscale.so %_libdir/gstreamer-0.10/libgstpostproc.so %changelog * Sat Feb 04 2012 shlomif <shlomif> 0.10.11-3.2.mga1 + Revision: 204490 - fixed CVE-2011-3504, arbitrary code execution via a crafted Matroska file (from Ubuntu, CVE-2011-3504.patch) - fixed CVE-2011-4351, buffer overflow via error within the QDM2 decoder (from Ubuntu, CVE-2011-4351.patch) - fixed CVE-2011-4352, buffer overflow within the "vp3_dequant()" function (from Ubuntu, CVE-2011-4352.patch) - fixed CVE-2011-4353, out-of-bounds reads via errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions (from Ubuntu, CVE-2011-4353.patch) - fixed CVE-2011-4364, denial of service or arbitrary code execution via a malformed VMD file (from Ubuntu, CVE-2011-4364.patch) - fixed CVE-2011-4579, memory corruption via an error within the "svq1_decode_frame()" function (from Ubuntu, CVE-2011-4579.patch) - fixed CVE-2011-0722, denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file (from Mandriva, fmpeg-CVE-2011-0722.patch) - security fix for ffmpeg-mov_bad_timings (from Mandriva) - security fix for ffmpeg-mp3_outlen (from Mandriva) - security fix for ffmpeg-vorbis_zero_samplerate (from Mandriva) - fixed CVE-2011-3892, double free vulnerability in the theora decoder (from upstream, CVE-2011-3892.patch) - fixed CVE-2011-3893, Out of bounds reads in MKV and Vorbis media handlers (from upstream, CVE-2011-3893-rediff.patch) + doktor5000 <doktor5000> - fixed CVE-2011-1196, denial of service and possible code execution via malformed OGG file (from Ubuntu, cve-2011-1196.patch) - fixed CVE-2011-3362, arbitrary code execution via malformed CAVS file (from Ubuntu, cve-2011-3362.patch) - fix unchecked return values that may cause a crash (from upstream, check_all_svq3_get_ue_golomb_returns.patch) - fixed CVE-2011-1931, denial of service and possible code execution via malformed AMV file (from Ubuntu, CVE-2011-1931.patch) - fixed CVE-2011-2161, denial of service via malformed APE file (from Ubuntu, CVE-2011-2161.patch) - fixed CVE-2011-0480, denial of service and possible code execution via crafted WebM file (rediffed from Ubuntu, mplayer-1.4.0-mga-fix-CVE-2011-0480.patch) - fixed CVE-2011-0723, denial of service and possible code execution via crafted VC1 file (from Ubuntu, fix-CVE-2011-0723.patch) - fixed CVE-2010-3429, arbitrary offset dereference vulnerability in flic video codec (from Ubuntu, fix-CVE-2010-3429.patch) - fixed CVE-2010-4704, denial of service via crafted .ogg file (from Ubuntu, fix-CVE-2010-4704.patch) * Sun Jan 16 2011 ahmad <ahmad> 0.10.11-3.mga1 + Revision: 20342 - adapt configure options to Mageia - imported package gstreamer0.10-ffmpeg * Fri Nov 05 2010 Funda Wang <fwang@mandriva.org> 0.10.11-2mdv2011.0 + Revision: 593556 - rebuild for gstreamer provides * Thu Jul 15 2010 Götz Waschk <waschk@mandriva.org> 0.10.11-1mdv2011.0 + Revision: 553768 - new version - bump gstreamer dep - replace dep on liboil by orc * Wed Jun 16 2010 Frederic Crozat <fcrozat@mandriva.com> 0.10.10-2mdv2010.1 + Revision: 548144 - Disable asf demuxer, it doesn't work, unlike the one in gst-plugins-ugly * Sun Mar 07 2010 Götz Waschk <waschk@mandriva.org> 0.10.10-1mdv2010.1 + Revision: 515548 - update to new version 0.10.10 * Tue Feb 23 2010 Christophe Fergeau <cfergeau@mandriva.com> 0.10.9-2mdv2010.1 + Revision: 510211 - disable mp3 plugin This plugin is a bit broken (doesn't support seeking) and is redundant with the plugin from gstreamer-plugins-ugly and what is shipped by codeina * Mon Oct 05 2009 Götz Waschk <waschk@mandriva.org> 0.10.9-1mdv2010.0 + Revision: 454214 - new version * Fri Sep 25 2009 Olivier Blin <oblin@mandriva.com> 0.10.8-2mdv2010.0 + Revision: 448985 - disable valgrind on mips & arm (from Arnaud Patard) * Tue Jun 30 2009 Götz Waschk <waschk@mandriva.org> 0.10.8-1mdv2010.0 + Revision: 390848 - new version - disable --no-undefined to fix build * Sat Mar 21 2009 Götz Waschk <waschk@mandriva.org> 0.10.7-1mdv2009.1 + Revision: 359799 - new version - drop patches 1,2 * Thu Mar 05 2009 Götz Waschk <waschk@mandriva.org> 0.10.6-2mdv2009.1 + Revision: 348833 - fix crash with aac audio (bug #48032) - fix format string * Sat Nov 29 2008 Götz Waschk <waschk@mandriva.org> 0.10.6-1mdv2009.1 + Revision: 307977 - new version - update file list - drop old patch * Sat Sep 06 2008 Götz Waschk <waschk@mandriva.org> 0.10.5-2mdv2009.0 + Revision: 282040 - rebuild + Frederik Himpe <fhimpe@mandriva.org> - Fix BuildRequires (configure script requests libbzip2-devel) - Update to new version 0.10.5 - Remove plugin doc files which don't exist anymore * Wed Aug 06 2008 Thierry Vignaud <tv@mandriva.org> 0.10.4-2mdv2009.0 + Revision: 264629 - rebuild early 2009.0 package (before pixel changes) * Fri May 23 2008 Götz Waschk <waschk@mandriva.org> 0.10.4-1mdv2009.0 + Revision: 210275 - new version - update patch 0 - drop patch 1 * Thu Mar 13 2008 Götz Waschk <waschk@mandriva.org> 0.10.3-4mdv2008.1 + Revision: 187334 - add Mandriva branding + Anssi Hannula <anssi@mandriva.org> - add build switch for building with external ffmpeg, disabled because by default because of issues + Olivier Blin <oblin@mandriva.com> - restore BuildRoot * Tue Jan 01 2008 Anssi Hannula <anssi@mandriva.org> 0.10.3-3mdv2008.1 + Revision: 140164 - enable ffmpeg-powered MPEG TS demuxer until there is a fully working alternative (http://bugzilla.gnome.org/show_bug.cgi?id=347342) + Thierry Vignaud <tv@mandriva.org> - kill re-definition of %%buildroot on Pixel's request * Thu Dec 06 2007 Götz Waschk <waschk@mandriva.org> 0.10.3-2mdv2008.1 + Revision: 115833 - fix buildrequires - new version * Sun Nov 04 2007 Adam Williamson <awilliamson@mandriva.org> 0.10.2-2mdv2008.1 + Revision: 105674 - new license policy - rebuild for 2008.1 * Thu Dec 14 2006 Götz Waschk <waschk@mandriva.org> 0.10.2-1mdv2007.0 + Revision: 97008 - Import gstreamer0.10-ffmpeg * Thu Dec 14 2006 Götz Waschk <waschk@mandriva.org> 0.10.2-1mdv2007.1 - fix buildrequires - add docs - add support for tests - update file list - New version 0.10.2 * Fri Jul 21 2006 Götz Waschk <waschk@mandriva.org> 0.10.1-1mdv2007.0 - Rebuild * Tue Apr 04 2006 Götz Waschk <waschk@mandriva.org> 0.10.1-1mdk - drop patch - New release 0.10.1 * Wed Dec 14 2005 Götz Waschk <waschk@mandriva.org> 0.10.0-2mdk - patch for CVE-2005-4048 * Tue Dec 06 2005 Götz Waschk <waschk@mandriva.org> 0.10.0-1mdk - New release 0.10.0 - bump deps * Fri Oct 28 2005 Götz Waschk <waschk@mandriva.org> 0.8.7-1mdk - New release 0.8.7 * Mon Aug 08 2005 Götz Waschk <waschk@mandriva.org> 0.8.6-1mdk - update file list - remove gcc workaround - New release 0.8.6 * Fri Jun 17 2005 Götz Waschk <waschk@mandriva.org> 0.8.5-2mdk - replace prereq by current syntax - fix buildrequires * Thu Jun 16 2005 Götz Waschk <waschk@mandriva.org> 0.8.5-1mdk - ugly workaround for bug 16170 - New release 0.8.5 * Mon Mar 14 2005 Götz Waschk <waschk@linux-mandrake.com> 0.8.4-1mdk - New release 0.8.4 * Mon Dec 27 2004 Goetz Waschk <waschk@linux-mandrake.com> 0.8.3-1mdk - New release 0.8.3 * Mon Oct 11 2004 Goetz Waschk <waschk@linux-mandrake.com> 0.8.2-1mdk - New release 0.8.2 * Fri Oct 08 2004 Götz Waschk <waschk@linux-mandrake.com> 0.8.1.2-1mdk - new version * Sat Jul 17 2004 Götz Waschk <waschk@linux-mandrake.com> 0.8.1-1mdk - reenable libtoolize - add source URL - New release 0.8.1 * Fri Apr 16 2004 Götz Waschk <waschk@linux-mandrake.com> 0.8.0-2mdk - prerequires gstreamer08-tools for the post script - add post installation script - fix doc listing * Thu Apr 08 2004 Götz Waschk <waschk@linux-mandrake.com> 0.8.0-1mdk - initial package