Ubuntu
ffmpeg package

New bug fix releases 3.4.11, 4.2.7 and 4.4.2

  1. Jammy (22.04)
  2. Bug #1970674
Bug #1970674 reported by Luís Infante da Câmara
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ffmpeg (Ubuntu)
Fix Released
Undecided
Luís Infante da Câmara
Bionic
Fix Released
Undecided
Eduardo Barretto
Focal
Fix Released
Undecided
Eduardo Barretto
Impish
Fix Released
Undecided
Eduardo Barretto
Jammy
Fix Released
Undecided
Eduardo Barretto

Bug Description

Bug fix versions 3.4.11 and 4.2.7 were released this month and bug fix version 4.4.2 was released in April.

Please update the versions in Bionic, Focal, Impish and Jammy.

Debian has released an advisory on May 1.

See original description
Luís Infante da Câmara (luis220413)
information type: Private Security → Public Security
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

tags: added: community-security
Luís Infante da Câmara (luis220413)
summary: - New bug fix releases 3.4.10, 4.2.6 and 4.4.2
+ New bug fix releases 3.4.11, 4.2.7 and 4.4.2
Luís Infante da Câmara (luis220413)
description: updated
Changed in ffmpeg (Ubuntu):
status: New → In Progress
description: updated
Changed in ffmpeg (Ubuntu):
assignee: nobody → Luís Cunha dos Reis Infante da Câmara (luis220413)
description: updated
description: updated
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

Patches for Impish and Jammy will be added tomorrow.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "ffmpeg_bionic.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :
Changed in ffmpeg (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Hi Luis,

Thanks for contacting us and helping make Ubuntu better.
I will be going through your debdiffs, but bear with me as those are minor version updates.
I will let you know when the binaries get to -proposed and I would appreciate if you could test them.

Changed in ffmpeg (Ubuntu Bionic):
assignee: nobody → Eduardo Barretto (ebarretto)
Changed in ffmpeg (Ubuntu Focal):
assignee: nobody → Eduardo Barretto (ebarretto)
Changed in ffmpeg (Ubuntu Impish):
assignee: nobody → Eduardo Barretto (ebarretto)
Changed in ffmpeg (Ubuntu Jammy):
assignee: nobody → Eduardo Barretto (ebarretto)
Changed in ffmpeg (Ubuntu Bionic):
status: New → In Progress
Changed in ffmpeg (Ubuntu Focal):
status: New → In Progress
Changed in ffmpeg (Ubuntu Impish):
status: New → In Progress
Changed in ffmpeg (Ubuntu Jammy):
status: New → In Progress
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Hi Luis,
I've uploaded the binaries to -proposed, could you please test them?
Thanks

Changed in ffmpeg (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in ffmpeg (Ubuntu Focal):
status: In Progress → Fix Committed
Changed in ffmpeg (Ubuntu Impish):
status: In Progress → Fix Committed
Changed in ffmpeg (Ubuntu Jammy):
status: In Progress → Fix Committed
Revision history for this message
Luís Infante da Câmara (luis220413) wrote (last edit ):

Lintian only reported that the upstream tarball is missing a signature.

Please add the attached signature when uploading to the Ubuntu 18.04 archive.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote (last edit ):

Test vsynth_lena-amv is failing in 18.04: the expected and actual input file hashes are different.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote (last edit ):

For 18.04, I have run the tests as follows from the source directory (based on the testing rule in debian/rules and the instructions in doc/fate.texi):
$ debuild -us -uc
$ export LD_LIBRARY_PATH="libavcodec:libavdevice:libavfilter:libavformat:libavresample:libavutil:libpostproc:libswresample:libswscale"
$ cd debian/standard
$ make -j1 fate-rsync SAMPLES=fate-suite/
$ make -j1 fate SAMPLES=fate-suite/

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

All tests from the upstream testsuite (FATE) pass on 20.04.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

For the version in Ubuntu 20.04, Lintian only reported that the upstream tarball is missing a signature.

Please add the attached signature when uploading to the Ubuntu 20.04 archive.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

For 20.04, I have run the tests as follows (based on the same files as in 18.04, but of course in the source of 20.04):

$ debuild -us -uc
$ export LD_LIBRARY_PATH="libavcodec:libavdevice:libavfilter:libavformat:libavresample:libavutil:libpostproc:libswresample:libswscale"
$ cd debian/standard
$ make fate-rsync SAMPLES=fate-suite/
$ make fate -k SAMPLES=fate-suite/

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Hi Luis,

Thanks for testing!

Regarding 18.04 test failure, I tried to reproduce here and it is passing fine:
`...
GEN tests/data/vsynth_lena.yuv
TEST vsynth_lena-amv
TEST vsynth_lena-asv1
TEST vsynth_lena-asv2
TEST vsynth_lena-cinepak
TEST vsynth_lena-cljr
TEST vsynth_lena-dnxhd-720p
TEST vsynth_lena-dnxhd-720p-rd
...`

Could you gather more information on the failure?

Regarding the litian issues I will be adding the missing signatures, thanks for providing them.

We got your email on the version, I shall be fixing it, probably after we have an ok from you that the test are passing fine and no other changes are needed.

Did you get a chance to test impish and jammy?

Thanks again

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

For the version in Ubuntu 21.10, Lintian reported a typo in an architecture name and that the upstream tarball is missing a signature.

Please add the attached signature when uploading to the Ubuntu 21.10 and 22.04 archives.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

All tests from the upstream testsuite (FATE) pass on 21.10.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

All tests from the upstream testsuite (FATE) pass on 22.04.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

Patch for typo in architecture name for Ubuntu 22.04

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

Running Lintian on the changes file for Ubuntu 22.04 (amd64) reports the following warnings:

W: ffmpeg-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/01/31a3a53a5037d9cfce0b08e65bdf645b5fc6a6.debug]
W: ffmpeg-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/11/d6ba1af19b58684bb4d9ec94ce27e8875a9a86.debug]
W: ffmpeg-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/ca/9a440e0e634449b6d5c328fbc4868d4d3ff142.debug]
W: ffmpeg-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/d8/68041f35b67ed9d73e571b7e178cafffac394d.debug]
W: ffmpeg source: orig-tarball-missing-upstream-signature ffmpeg_4.4.2.orig.tar.xz

The last warning can be fixed with the signature in comment 17.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

Patch for typo in architecture name for Ubuntu 21.10

Revision history for this message
Luís Infante da Câmara (luis220413) wrote (last edit ):

The test failed on 18.04 due to an integrity issue when receiving the input file for the failed test.

I will re-run the test suite now, but with the following commands (I only added the -k option to the last command):
$ debuild -us -uc
$ export LD_LIBRARY_PATH="libavcodec:libavdevice:libavfilter:libavformat:libavresample:libavutil:libpostproc:libswresample:libswscale"
$ cd debian/standard
$ make -j1 fate-rsync SAMPLES=fate-suite/
$ make -k -j1 fate SAMPLES=fate-suite/

Revision history for this message
Luís Infante da Câmara (luis220413) wrote (last edit ):

The tests did not finish in 24 minutes and one test (sub2video) is taking 15 minutes. I will retest on 18.04 now and publish results tomorrow.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote (last edit ):

Test sub2video is taking 9 hours.

Stack trace:
(gdb) i s
#0 0x00007fff62bf5974 in clock_gettime ()
#1 0x00007f88bdf30d06 in __GI___clock_gettime (clock_id=clock_id@entry=1, tp=tp@entry=0x7fff62bdeea0) at ../sysdeps/unix/clock_gettime.c:115
#2 0x00007f88be7fa8d1 in av_gettime_relative () at src/libavutil/time.c:64
#3 0x000055cb53c4c782 in transcode () at src/fftools/ffmpeg.c:4621
#4 0x000055cb53c4c782 in main (argc=<optimised out>, argv=<optimised out>) at src/fftools/ffmpeg.c:4840

I wrote a command that, if the test run time reaches 12 hours, the test process is terminated and, after 10 minutes, killed.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote (last edit ):
Download full text (106.9 KiB)

The vsynth_lena* tests are failing on 18.04.
A tarball of the .err files referenced below is attached.

TEST vsynth_lena-asv1
--- /home/user/ffmpeg-3.4.11/tests/ref/vsynth/vsynth_lena-asv1 2020-04-27 22:48:16.000000000 +0100
+++ tests/data/fate/vsynth_lena-asv1 2022-06-04 22:51:41.518760714 +0100
@@ -1,4 +1,3 @@
-fc74737b0ea7de84609e1207d0ee9d93 *tests/data/fate/vsynth_lena-asv1.avi
-689420 tests/data/fate/vsynth_lena-asv1.avi
-a7cdefad200f48ab308c746461a8792e *tests/data/fate/vsynth_lena-asv1.out.rawvideo
-stddev: 5.07 PSNR: 34.03 MAXDIFF: 70 bytes: 7603200/ 7603200
+c591e8c25a1af7471a82ba8c30a87559 *tests/data/fate/vsynth_lena-asv1.avi
+5660 tests/data/fate/vsynth_lena-asv1.avi
+d41d8cd98f00b204e9800998ecf8427e *tests/data/fate/vsynth_lena-asv1.out.rawvideo
Test vsynth_lena-asv1 failed. Look at tests/data/fate/vsynth_lena-asv1.err for details.
make: *** [fate-vsynth_lena-asv1] Error 2
/home/user/ffmpeg-3.4.11/tests/Makefile:225: recipe for target 'fate-vsynth_lena-asv1' failed
TEST vsynth_lena-asv2
--- /home/user/ffmpeg-3.4.11/tests/ref/vsynth/vsynth_lena-asv2 2020-04-27 22:48:16.000000000 +0100
+++ tests/data/fate/vsynth_lena-asv2 2022-06-04 22:51:41.634760714 +0100
@@ -1,4 +1,3 @@
-36b7ff52186fd87027f57f880eb67fd7 *tests/data/fate/vsynth_lena-asv2.avi
-675588 tests/data/fate/vsynth_lena-asv2.avi
-5990db66c7ac0bbe2f98ec2770c1bf3b *tests/data/fate/vsynth_lena-asv2.out.rawvideo
-stddev: 4.57 PSNR: 34.93 MAXDIFF: 47 bytes: 7603200/ 7603200
+1dfc97485898209cf7f40733dd1ad39b *tests/data/fate/vsynth_lena-asv2.avi
+5660 tests/data/fate/vsynth_lena-asv2.avi
+d41d8cd98f00b204e9800998ecf8427e *tests/data/fate/vsynth_lena-asv2.out.rawvideo
Test vsynth_lena-asv2 failed. Look at tests/data/fate/vsynth_lena-asv2.err for details.
make: *** [fate-vsynth_lena-asv2] Error 2
/home/user/ffmpeg-3.4.11/tests/Makefile:225: recipe for target 'fate-vsynth_lena-asv2' failed
TEST vsynth_lena-cinepak
--- /home/user/ffmpeg-3.4.11/tests/ref/vsynth/vsynth_lena-cinepak 2022-05-14 01:19:12.000000000 +0100
+++ tests/data/fate/vsynth_lena-cinepak 2022-06-04 22:51:41.698760714 +0100
@@ -1,4 +1,2 @@
-e3837018f84929f07019ae2eccd303e2 *tests/data/fate/vsynth_lena-cinepak.mov
-88900 tests/data/fate/vsynth_lena-cinepak.mov
-f54ffa70f335ac7b701d7ae34462e001 *tests/data/fate/vsynth_lena-cinepak.out.rawvideo
-stddev: 4.09 PSNR: 35.88 MAXDIFF: 46 bytes: 7603200/ 456192
+61698f3d6764b59ac51387dd0d2572a8 *tests/data/fate/vsynth_lena-cinepak.mov
+152 tests/data/fate/vsynth_lena-cinepak.mov
Test vsynth_lena-cinepak failed. Look at tests/data/fate/vsynth_lena-cinepak.err for details.
make: *** [fate-vsynth_lena-cinepak] Error 1
/home/user/ffmpeg-3.4.11/tests/Makefile:225: recipe for target 'fate-vsynth_lena-cinepak' failed
TEST vsynth_lena-cljr
--- /home/user/ffmpeg-3.4.11/tests/ref/vsynth/vsynth_lena-cljr 2020-04-27 22:48:16.000000000 +0100
+++ tests/data/fate/vsynth_lena-cljr 2022-06-04 22:51:41.870760714 +0100
@@ -1,4 +1,3 @@
-e3579621c868e464da096a41af0674e4 *tests/data/fate/vsynth_lena-cljr.avi
-5075652 tests/data/fate/vsynth_lena-cljr.avi
-965c4a134144b30b24d6d138b03ddb8c *tests/data/fate/vsynth_lena-cljr.out.rawvideo
-stddev: 3.29 PSNR: 37.76 MA...

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

Test force_key_frames is also failing on 18.04.

TEST force_key_frames
--- /home/user/ffmpeg-3.4.11/tests/ref/fate/force_key_frames 2022-05-14 00:07:14.000000000 +0100
+++ tests/data/fate/force_key_frames 2022-06-04 22:55:25.002760714 +0100
@@ -1,4 +1,3 @@
-07567b9528b8de523faaf49e4e1e0fc6 *tests/data/fate/force_key_frames.avi
-113312 tests/data/fate/force_key_frames.avi
-b2e92b97bac0243242281d71108ffdbd *tests/data/fate/force_key_frames.out.framecrc
-stddev:34612.83 PSNR: 5.54 MAXDIFF:61408 bytes: 7603200/ 264
+bbb8942a83e3c1c4e446b6aca998e83a *tests/data/fate/force_key_frames.avi
+5652 tests/data/fate/force_key_frames.avi
+d41d8cd98f00b204e9800998ecf8427e *tests/data/fate/force_key_frames.out.framecrc
Test force_key_frames failed. Look at tests/data/fate/force_key_frames.err for details.
make: *** [fate-force_key_frames] Error 2
/home/user/ffmpeg-3.4.11/tests/Makefile:225: recipe for target 'fate-force_key_frames' failed

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

Complete log for all tests in 18.04. All .err files are either attached or in lena_test_errors.tar.xz.

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Hi Luis,

Thanks again for testing bionic, and for testing impish and jammy.

I still cannot reproduce your test failures in Bionic, which led me to believe this might be a testing environment issue.

Therefore I've went ahead and fixed the versions that were wrong, also added the missing .asc files and fixed the m86k typo as you pointed out and uploaded it to our builders.

I will publish them first time tomorrow

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

What about the ELF errors reported by Lintian in https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1970674/comments/21?

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Those lintian warnings are also present in the current version if you build it, so they were not introduced by this new version.
If you want to give a shot to fix it let me know and I postpone the publishing.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

The ELF errors are due to a bug in dh_strip (bug #1977883).

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 7:4.2.7-0ubuntu0.1

---------------
ffmpeg (7:4.2.7-0ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release (LP: #1970674).
    - Fixes CVE-2020-20445, CVE-2020-20446, CVE-2020-20450, CVE-2020-20453,
      CVE-2020-21041, CVE-2020-21688, CVE-2020-21697, CVE-2020-22015,
      CVE-2020-22017, CVE-2020-22019, CVE-2020-22020, CVE-2020-22021,
      CVE-2020-22022, CVE-2020-22023, CVE-2020-22025, CVE-2020-22026,
      CVE-2020-22027, CVE-2020-22028, CVE-2020-22029, CVE-2020-22030,
      CVE-2020-22031, CVE-2020-22032, CVE-2020-22033, CVE-2020-22034,
      CVE-2020-22035, CVE-2020-22036, CVE-2020-22037, CVE-2020-22042,
      CVE-2020-35965, CVE-2021-38114, CVE-2021-38171 and CVE-2021-38291.

 -- Luís Infante da Câmara <email address hidden> Wed, 18 May 2022 22:24:26 +0100

Changed in ffmpeg (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 7:3.4.11-0ubuntu0.1

---------------
ffmpeg (7:3.4.11-0ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release (LP: #1970674).
    - Fixes CVE-2020-20445, CVE-2020-20446, CVE-2020-20453, CVE-2020-21041,
      CVE-2020-21688, CVE-2020-21697, CVE-2020-22015, CVE-2020-22016,
      CVE-2020-22017, CVE-2020-22019, CVE-2020-22020, CVE-2020-22021,
      CVE-2020-22022, CVE-2020-22023, CVE-2020-22025, CVE-2020-22026,
      CVE-2020-22028, CVE-2020-22031, CVE-2020-22032, CVE-2020-22033,
      CVE-2020-22034, CVE-2020-22036, CVE-2020-22037, CVE-2020-22042,
      CVE-2020-35965, CVE-2021-38114, CVE-2021-38171 and CVE-2021-38291.

 -- Luís Infante da Câmara <email address hidden> Wed, 18 May 2022 21:01:02 +0100

Changed in ffmpeg (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 7:4.4.2-0ubuntu0.21.10.1

---------------
ffmpeg (7:4.4.2-0ubuntu0.21.10.1) impish-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release (LP: #1970674).
    - Fixes CVE-2020-20445, CVE-2020-20446, CVE-2020-20453, CVE-2020-21697,
      CVE-2020-22015, CVE-2020-22019, CVE-2020-22021, CVE-2020-22022,
      CVE-2020-22033, CVE-2020-22037, CVE-2021-38114, CVE-2021-38171 and
      CVE-2021-38291 and security issues without a CVE number
      (see DSA-5124-1 and DSA-5126-1).

 -- Luís Infante da Câmara <email address hidden> Wed, 18 May 2022 23:03:21 +0100

Changed in ffmpeg (Ubuntu Impish):
status: Fix Committed → Fix Released
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

Version 7:4.4.2-0ubuntu0.22.04.1 fixes this bug in Jammy.

Changed in ffmpeg (Ubuntu Jammy):
status: Fix Committed → Fix Released
Changed in ffmpeg (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.