From: Raspbian automatic forward porter <root@raspbian.org>
Date: Sun, 29 Jan 2023 07:57:28 +0000 (+0000)
Subject: Merge version 1.0.9-1+rpi1 and 1.0.9-1.1 to produce 1.0.9-1.1+rpi1
X-Git-Tag: archive/raspbian/1.0.9-1.1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=13271484b159bdf0aa67c7e95e7912ddf60863ba;p=libde265.git

Merge version 1.0.9-1+rpi1 and 1.0.9-1.1 to produce 1.0.9-1.1+rpi1
---

13271484b159bdf0aa67c7e95e7912ddf60863ba
diff --cc debian/changelog
index 6ef5939,b868b98..fdb9493
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,25 +1,32 @@@
- libde265 (1.0.9-1+rpi1) bookworm-staging; urgency=medium
++libde265 (1.0.9-1.1+rpi1) bookworm-staging; urgency=medium
 +
 +  [changes brought forward from 1.0.2-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 04 Oct 2015 21:44:10 +0000]
 +  * Disable neon.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Tue, 01 Nov 2022 19:37:16 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Sun, 29 Jan 2023 07:57:27 +0000
++
+ libde265 (1.0.9-1.1) unstable; urgency=medium
+ 
+   * Non-maintainer upload.
+   * Apply patches to mitigate asan failures:
+     reject_reference_pics_from_different_sps.patch and
+     use_sps_from_the_image.patch.
+   * Combined, this two patches fixes:
+     - CVE-2022-43243, CVE-2022-43248, CVE-2022-43253 (Closes: #1025816)
+     - CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238,
+       CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242,
+       CVE-2022-43244, CVE-2022-43250, CVE-2022-43252 (Closes: #1027179)
+     - CVE-2022-47655
+   * Additional patch recycle_sps_if_possible.patch to avoid over-rejecting
+     valid video streams due to reject_reference_pics_from_different_sps.patch.
+   * Modifying past changelog entries to indicate when vulnerabilities were
+     fixed:
+     - In 1.0.9-1, in total 11 CVE's. see #1004963 and #1014999
+     - In 1.0.3-1, 1 CVE, see #1029396
+   * drop unused Build-Depends: libjpeg-dev, libpng-dev and libxv-dev
+     (Closes: #981260)
+ 
+  -- Tobias Frost <tobi@debian.org>  Sun, 22 Jan 2023 13:19:20 +0100
  
  libde265 (1.0.9-1) unstable; urgency=medium
  
diff --cc debian/patches/series
index 864bb3c,ae585e8..a98d9e9
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,4 -1,6 +1,7 @@@
  only_export_decoder_api.patch
  disable_tools.patch
  m4-visibility.patch
+ reject_reference_pics_from_different_sps.patch
+ use_sps_from_the_image.patch
+ recycle_sps_if_possible.patch
 +disable-neon.patch