Merge version 1.0.3-1+rpi1+deb10u1 and 1.0.11-0+deb10u4 to produce 1.0.11-0+deb10u4...

diff --cc configure.ac
Simple merge

diff --cc debian/changelog
index b7ec952d74908e4e669ebf4ccd8a005f9e6d75e3,f2981258b4257dbc697b0929b2b5a3fed494fb01..5b38f7502d4a4407fd4a08a30ccb37243bf7eb12
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,48 +1,55 @@@
- libde265 (1.0.3-1+rpi1+deb10u1) buster-staging; urgency=medium
++libde265 (1.0.11-0+deb10u4+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought forward from 1.0.2-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 04 Oct 2015 21:44:10 +0000]
 +  * Disable neon.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Thu, 15 Dec 2022 22:08:54 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Sun, 12 Mar 2023 10:22:16 +0000
++
+ libde265 (1.0.11-0+deb10u4) buster-security; urgency=medium
+ 
+   * Non-maintainer upload by the LTS Security Team.
+   * Import new upstream version, based on the 1.0.11-0+deb11u1 package
+     from bullseye.
+     - fixing:
+       CVE-2023-24751, CVE-2023-24752, CVE-2023-24754, CVE-2023-24755,
+       CVE-2023-24756, CVE-2023-24757, CVE-2023-24758 and CVE-2023-25221.
+     - dropping no longer needed patches that have been integrated or
+       made obsolete by the new upstream version.
+ 
+  -- Tobias Frost <tobi@debian.org>  Sat, 04 Mar 2023 17:01:58 +0100
+ 
+ libde265 (1.0.3-1+deb10u3) buster-security; urgency=medium
+ 
+   * Non-maintainer upload by the LTS Security Team.
+   * Source-only upload. (Last upload was accidentially a binary-upload)
+ 
+  -- Tobias Frost <tobi@debian.org>  Tue, 24 Jan 2023 22:39:16 +0100
+ 
+ libde265 (1.0.3-1+deb10u2) buster-security; urgency=medium
+ 
+   * Non-maintainer upload by the LTS Security Team.
+   * Add patches:
+     - reject_reference_pics_from_different_sps.patch
+     - use_sps_from_the_image.patch
+     - recycle_sps_if_possible.patch
+   * Cherry-pick additional patches from upstream:
+     check-4-negative-Q-value.patch
+     CVE-2022-43245-fix-asan-wildpointer-apply_sao_internal.patch
+   * Add patch "fix-invalid-memory-access.patch" to avoid out-of-bound
+     array access leading to crashes.
+   * Add patch CVE-2020-21596-global-buffer-overflow.patch
+   * Add patch to avoid use-after-free problems.
+   * Cumulative, the patches are fixing:
+     CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2022-43235,
+     CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239,
+     CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243,
+     CVE-2022-43244, CVE-2022-43245, CVE-2022-43248, CVE-2022-43249,
+     CVE-2022-43250, CVE-2022-43252, CVE-2022-43253, CVE-2022-47655.
+     (Closes: #1029357, #1029397, #1025816, #1027179)
+    * Amend changelog of 1.0.3-1+deb10u1, as it turned out that the
+      fix for CVE 2020-51999 and CVE 2021-36408 fixed other issues too.
+ 
+  -- Tobias Frost <tobi@debian.org>  Tue, 24 Jan 2023 21:42:47 +0100
  
  libde265 (1.0.3-1+deb10u1) buster-security; urgency=medium
  

diff --cc debian/patches/series
index f2c6168a89a0c2ec1245afc7f18aae79965ee33e,d7f7424eec43735252350e885a8ea9fd852e379f..b9b42f0f3819d5dca65990c2be45bff8a1a637c5
--- 1/debian/patches/series
--- 2/debian/patches/series
+++ b/debian/patches/series
@@@ -1,10 -1,5 +1,6 @@@
  only_export_decoder_api.patch
  disable_tools.patch
- ffmpeg_2.9.patch
- CVE-2020-21599.patch
- CVE-2021-35452.patch
- CVE-2021-36408.patch
- CVE-2021-36409.patch
- CVE-2021-36410.patch
- CVE-2021-36411.patch
+ reject_reference_pics_from_different_sps.patch
+ use_sps_from_the_image.patch
+ recycle_sps_if_possible.patch
 +disable-neon.patch