Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 711144 (CVE-2019-13390, CVE-2019-17539, CVE-2019-17542)

Summary: <media-video/ffmpeg-4.2.0: Multiple vulnerabilities (CVE-2019-{17539,17542,13390})
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: media-video
Priority: Normal Keywords: PullRequest
Version: unspecifiedFlags: nattka: sanity-check-
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=719940
https://github.com/gentoo/gentoo/pull/16793
Whiteboard: B3 [glsa+ cve]
Package list:
media-video/ffmpeg-4.2.2 amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 app-text/tesseract-4.1.1 amd64 arm arm64 ppc ppc64 x86 media-libs/dav1d-0.5.2 amd64 arm arm64 ppc ppc64 x86 media-libs/aribb24-1.0.3-r2 amd64 arm arm64 ppc ppc64 x86 app-text/tessdata_fast-4.0.0 media-libs/vidstab-1.1.0-r2 arm ia64 ppc ppc64
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 692418, 718012    
Attachments:
Description Flags
tatt tests (ppc64)
none
tatt tests (ppc) none

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 04:07:57 UTC 
1) CVE-2019-17539
Description:
"In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer."

Patch: https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c


2) CVE-2019-17542
Description:
"FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c."

Patch: https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-02 16:15:22 UTC 
3) CVE-2019-13312

Description:
"block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read."

Bug: https://trac.ffmpeg.org/ticket/7980
Patch: see bug

4) CVE-2019-13390

Description:
"In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c."

Bug: https://trac.ffmpeg.org/ticket/7979
Patch: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
Comment 2 Stabilization helper bot gentoo-dev 2020-03-15 20:04:11 UTC 
An automated check of this bug failed - repoman reported dependency errors (203 lines truncated): 

> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=media-libs/dav1d-0.4.0:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/aribb24-1.0.3-r2[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=app-text/tesseract-4.1.0-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=media-libs/dav1d-0.4.0:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/aribb24-1.0.3-r2[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=app-text/tesseract-4.1.0-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=media-libs/dav1d-0.4.0:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=media-libs/aribb24-1.0.3-r2[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]', '>=app-text/tesseract-4.1.0-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
Comment 3 Matt Turner gentoo-dev 2020-03-16 01:12:11 UTC 
This is perhaps still wrong, but closer to what we need to stabilize. Note the new stables for arm.
Comment 4 Stabilization helper bot gentoo-dev 2020-03-16 02:04:10 UTC 
An automated check of this bug failed - repoman reported dependency errors (200 lines truncated): 

> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: arm(default/linux/arm/17.0) ['media-plugins/frei0r-plugins', '>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: RDEPEND: arm(default/linux/arm/17.0) ['media-plugins/frei0r-plugins', '>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: ia64(default/linux/ia64/17.0) ['>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad app-text/tesseract/tesseract-4.1.1.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=app-text/tessdata_fast-4.0.0']
> dependency.bad app-text/tesseract/tesseract-4.1.1.ebuild: RDEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=app-text/tessdata_fast-4.0.0']
> dependency.bad app-text/tesseract/tesseract-4.1.1.ebuild: RDEPEND: amd64(default/linux/amd64/17.0/desktop/gnome) ['>=app-text/tessdata_fast-4.0.0']
Comment 5 Rolf Eike Beer archtester 2020-03-19 21:44:44 UTC 
sparc stable
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2020-03-20 05:25:40 UTC 
Added to an existing GLSA Request.
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-03-22 08:53:50 UTC 
amd64 stable
Comment 8 Stabilization helper bot gentoo-dev 2020-03-22 09:11:22 UTC 
An automated check of this bug failed - repoman reported dependency errors (105 lines truncated): 

> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: arm(default/linux/arm/17.0) ['media-plugins/frei0r-plugins', '>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: RDEPEND: arm(default/linux/arm/17.0) ['media-plugins/frei0r-plugins', '>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: ia64(default/linux/ia64/17.0) ['>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2020-03-30 15:07:24 UTC 
This issue was resolved and addressed in
 GLSA 202003-65 at https://security.gentoo.org/glsa/202003-65
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-30 15:08:01 UTC 
Re-opening for remaining architectures.
Comment 11 Stabilization helper bot gentoo-dev 2020-03-30 16:03:35 UTC 
An automated check of this bug failed - repoman reported dependency errors (92 lines truncated): 

> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/17.0) ['>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: RDEPEND: ppc(default/linux/powerpc/ppc32/17.0) ['>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/17.0/desktop) ['>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-plugins/frei0r-plugins/frei0r-plugins-1.6.1.ebuild: DEPEND: arm(default/linux/arm/17.0) ['>=media-libs/opencv-2.3.0:=', '>=media-libs/gavl-1.2.0']
> dependency.bad media-plugins/frei0r-plugins/frei0r-plugins-1.6.1.ebuild: RDEPEND: arm(default/linux/arm/17.0) ['>=media-libs/opencv-2.3.0:=', '>=media-libs/gavl-1.2.0']
> dependency.badindev media-plugins/frei0r-plugins/frei0r-plugins-1.6.1.ebuild: DEPEND: arm(default/linux/arm/17.0/armv4) ['>=media-libs/opencv-2.3.0:=', '>=media-libs/gavl-1.2.0']
Comment 12 Matt Turner gentoo-dev 2020-04-03 19:37:39 UTC 
stable ia64 keywords dropped to unstable
Comment 13 Matt Turner gentoo-dev 2020-04-03 19:38:15 UTC 
Also, if you want arch teams to see this, you either need to mask some USE flags or fix the package list.
Comment 14 Stabilization helper bot gentoo-dev 2020-04-03 20:03:48 UTC 
An automated check of this bug failed - repoman reported dependency errors (92 lines truncated): 

> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/17.0) ['>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: RDEPEND: ppc(default/linux/powerpc/ppc32/17.0) ['>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-video/ffmpeg/ffmpeg-4.2.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/17.0/desktop) ['>=media-libs/vidstab-1.1.0[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-plugins/frei0r-plugins/frei0r-plugins-1.6.1.ebuild: DEPEND: arm(default/linux/arm/17.0) ['>=media-libs/opencv-2.3.0:=', '>=media-libs/gavl-1.2.0']
> dependency.bad media-plugins/frei0r-plugins/frei0r-plugins-1.6.1.ebuild: RDEPEND: arm(default/linux/arm/17.0) ['>=media-libs/opencv-2.3.0:=', '>=media-libs/gavl-1.2.0']
> dependency.badindev media-plugins/frei0r-plugins/frei0r-plugins-1.6.1.ebuild: DEPEND: arm(default/linux/arm/17.0/armv4) ['>=media-libs/opencv-2.3.0:=', '>=media-libs/gavl-1.2.0']
Comment 15 NATTkA bot gentoo-dev 2020-04-06 11:26:24 UTC 
Sanity check failed:

> nonsolvable depset(depend) keyword(arm) dev profile (default/linux/arm/17.0/armv4) (31 total): solutions: [ >=media-libs/gavl-1.2.0, >=media-libs/opencv-2.3.0:= ]
> nonsolvable depset(depend) keyword(arm) stable profile (default/linux/arm/17.0) (1 total): solutions: [ >=media-libs/gavl-1.2.0, >=media-libs/opencv-2.3.0:= ]
> nonsolvable depset(depend) keyword(ppc) stable profile (default/linux/powerpc/ppc32/17.0) (17 total): solutions: [ >=media-libs/vidstab-1.1.0 ]
> nonsolvable depset(rdepend) keyword(arm) dev profile (default/linux/arm/17.0/armv4) (31 total): solutions: [ >=media-libs/gavl-1.2.0, >=media-libs/opencv-2.3.0:= ]
> nonsolvable depset(rdepend) keyword(arm) stable profile (default/linux/arm/17.0) (1 total): solutions: [ >=media-libs/gavl-1.2.0, >=media-libs/opencv-2.3.0:= ]
> nonsolvable depset(rdepend) keyword(ppc) stable profile (default/linux/powerpc/ppc32/17.0) (17 total): solutions: [ >=media-libs/vidstab-1.1.0 ]
Comment 16 NATTkA bot gentoo-dev 2020-04-06 23:32:47 UTC 
Sanity check failed:

> nonsolvable depset(depend) keyword(arm) dev profile (default/linux/arm/17.0/armv4) (31 total): solutions: [ >=media-libs/opencv-2.3.0:=, >=media-libs/gavl-1.2.0 ]
> nonsolvable depset(depend) keyword(arm) stable profile (default/linux/arm/17.0) (1 total): solutions: [ >=media-libs/opencv-2.3.0:=, >=media-libs/gavl-1.2.0 ]
> nonsolvable depset(depend) keyword(ppc) stable profile (default/linux/powerpc/ppc32/17.0) (17 total): solutions: [ >=media-libs/vidstab-1.1.0 ]
> nonsolvable depset(rdepend) keyword(arm) dev profile (default/linux/arm/17.0/armv4) (31 total): solutions: [ >=media-libs/opencv-2.3.0:=, >=media-libs/gavl-1.2.0 ]
> nonsolvable depset(rdepend) keyword(arm) stable profile (default/linux/arm/17.0) (1 total): solutions: [ >=media-libs/opencv-2.3.0:=, >=media-libs/gavl-1.2.0 ]
> nonsolvable depset(rdepend) keyword(ppc) stable profile (default/linux/powerpc/ppc32/17.0) (17 total): solutions: [ >=media-libs/vidstab-1.1.0 ]
Comment 17 NATTkA bot gentoo-dev 2020-04-07 11:36:25 UTC 
Sanity check failed:

> nonsolvable depset(depend) keyword(arm) dev profile (default/linux/arm/17.0/armv4) (31 total): solutions: [ >=media-libs/gavl-1.2.0, >=media-libs/opencv-2.3.0:= ]
> nonsolvable depset(depend) keyword(arm) stable profile (default/linux/arm/17.0) (1 total): solutions: [ >=media-libs/gavl-1.2.0, >=media-libs/opencv-2.3.0:= ]
> nonsolvable depset(depend) keyword(ppc) stable profile (default/linux/powerpc/ppc32/17.0) (17 total): solutions: [ >=media-libs/vidstab-1.1.0 ]
> nonsolvable depset(rdepend) keyword(arm) dev profile (default/linux/arm/17.0/armv4) (31 total): solutions: [ >=media-libs/gavl-1.2.0, >=media-libs/opencv-2.3.0:= ]
> nonsolvable depset(rdepend) keyword(arm) stable profile (default/linux/arm/17.0) (1 total): solutions: [ >=media-libs/gavl-1.2.0, >=media-libs/opencv-2.3.0:= ]
> nonsolvable depset(rdepend) keyword(ppc) stable profile (default/linux/powerpc/ppc32/17.0) (17 total): solutions: [ >=media-libs/vidstab-1.1.0 ]
Comment 18 ernsteiswuerfel archtester 2020-04-07 23:23:09 UTC 
Created attachment 631222 [details]
tatt tests (ppc64)

Looking good on ppc64.

redeps media-libs/gegl-0.3.26 (bug #686202) media-libs/chromaprint-1.4.3 (bug #702202) fail.
Comment 19 NATTkA bot gentoo-dev 2020-04-07 23:37:42 UTC 
Sanity check failed:

> media-video/ffmpeg-4.2.2
>   depend ppc stable profile default/linux/powerpc/ppc32/17.0 (17 total)
>     >=media-libs/vidstab-1.1.0
>   rdepend ppc stable profile default/linux/powerpc/ppc32/17.0 (17 total)
>     >=media-libs/vidstab-1.1.0
> media-plugins/frei0r-plugins-1.6.1
>   depend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   rdepend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   depend arm stable profile default/linux/arm/17.0 (1 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   rdepend arm stable profile default/linux/arm/17.0 (1 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
Comment 20 Rolf Eike Beer archtester 2020-04-10 11:17:50 UTC 
~hppa is fine
Comment 21 NATTkA bot gentoo-dev 2020-04-10 11:23:22 UTC 
Sanity check failed:

> media-video/ffmpeg-4.2.2
>   depend ppc64 stable profile default/linux/powerpc/ppc64/17.0/64bit-userland (7 total)
>     >=media-libs/vidstab-1.1.0
>   rdepend ppc64 stable profile default/linux/powerpc/ppc64/17.0/64bit-userland (7 total)
>     >=media-libs/vidstab-1.1.0
> media-plugins/frei0r-plugins-1.6.1
>   depend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   rdepend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   depend arm stable profile default/linux/arm/17.0 (1 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   rdepend arm stable profile default/linux/arm/17.0 (1 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
Comment 22 NATTkA bot gentoo-dev 2020-04-10 11:39:07 UTC 
Sanity check failed:

> media-plugins/frei0r-plugins-1.6.1
>   depend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   rdepend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   depend arm stable profile default/linux/arm/17.0 (1 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   rdepend arm stable profile default/linux/arm/17.0 (1 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
Comment 23 Mart Raudsepp gentoo-dev 2020-04-11 17:34:24 UTC 
arm64 stable
Comment 24 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-18 08:11:58 UTC 
@ppc, ppc64, x86, arm: ping.
Comment 25 ernsteiswuerfel archtester 2020-04-20 15:14:59 UTC 
Created attachment 633872 [details]
tatt tests (ppc)

Looking good on ppc.
Comment 26 NATTkA bot gentoo-dev 2020-04-21 18:59:28 UTC 
Sanity check failed:

> media-plugins/frei0r-plugins-1.6.1
>   depend arm stable profile default/linux/arm/17.0 (1 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   depend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   rdepend arm stable profile default/linux/arm/17.0 (1 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
>   rdepend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=media-libs/gavl-1.2.0
>     >=media-libs/opencv-2.3.0:=
Comment 27 NATTkA bot gentoo-dev 2020-04-21 19:20:04 UTC 
Sanity check failed:

> media-libs/opencv-3.4.1-r7
>   depend arm stable profile default/linux/arm/17.0 (1 total)
>     >=dev-java/ant-core-1.8.2:0
>     >=dev-java/java-config-2.2.0-r3
>     >=dev-java/javatoolkit-0.3.0-r2
>     >=virtual/jdk-1.6
>     >=virtual/jre-1.6:*
>     dev-cpp/eigen:3
>     sci-libs/gdal:=
>     sci-libs/hdf5
>   depend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=dev-java/ant-core-1.8.2:0
>     >=dev-java/java-config-2.2.0-r3
>     >=dev-java/javatoolkit-0.3.0-r2
>     >=virtual/jdk-1.6
>     >=virtual/jre-1.6:*
>     dev-cpp/eigen:3
>     sci-libs/gdal:=
>     sci-libs/hdf5
>   rdepend arm stable profile default/linux/arm/17.0 (1 total)
>     >=dev-java/java-config-2.2.0-r3
>     >=virtual/jre-1.6:*
>     sci-libs/gdal:=
>     sci-libs/hdf5
>   rdepend arm dev profile default/linux/arm/17.0/armv4 (31 total)
>     >=dev-java/java-config-2.2.0-r3
>     >=virtual/jre-1.6:*
>     sci-libs/gdal:=
>     sci-libs/hdf5
Comment 28 Larry the Git Cow gentoo-dev 2020-04-21 21:57:07 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=450db5510ba124f5b9ab0172586bc022f5d79946

commit 450db5510ba124f5b9ab0172586bc022f5d79946
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-04-21 21:55:33 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-04-21 21:56:59 +0000

    profiles: arm: stable mask media-video/ffmpeg[frei0r]
    
    Bug: https://bugs.gentoo.org/711144
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 profiles/arch/arm/package.use.stable.mask | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 29 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-04-25 10:40:59 UTC 
arm stable
Comment 30 Georgy Yakovlev archtester gentoo-dev 2020-04-26 05:13:36 UTC 
ppc64 stable
Comment 31 Thomas Deutschmann (RETIRED) gentoo-dev 2020-04-26 23:48:02 UTC 
x86 stable
Comment 32 Agostino Sarubbo gentoo-dev 2020-05-01 13:59:24 UTC 
ppc stable.

Maintainer(s), please cleanup.
Comment 33 NATTkA bot gentoo-dev 2020-05-01 14:01:14 UTC 
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 34 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-18 02:36:48 UTC 
@maintainer(s), ping, please cleanup
Comment 35 NATTkA bot gentoo-dev 2020-07-08 14:01:07 UTC 
Unable to check for sanity:

> no match for package: media-video/ffmpeg-4.2.2
Comment 36 Larry the Git Cow gentoo-dev 2020-07-27 16:40:24 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5aad0c4b02393043056f044fa39114bc1aa595ae

commit 5aad0c4b02393043056f044fa39114bc1aa595ae
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-07-23 21:06:52 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-27 16:40:18 +0000

    media-video/ffmpeg: security cleanup (drop <4.2.4)
    
    Bug: https://bugs.gentoo.org/711144
    Bug: https://bugs.gentoo.org/718012
    Bug: https://bugs.gentoo.org/719940
    Bug: https://bugs.gentoo.org/727450
    Package-Manager: Portage-3.0.0, Repoman-2.3.23
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Signed-off-by: Sam James <sam@gentoo.org>

 media-video/ffmpeg/Manifest                        |   2 -
 media-video/ffmpeg/ffmpeg-3.4.6-r1.ebuild          | 490 ------------------
 media-video/ffmpeg/ffmpeg-4.2.3.ebuild             | 556 ---------------------
 media-video/ffmpeg/files/chromium.patch            |  36 --
 ...mpeg-3.4.6-fix-building-against-fdk-aac-2.patch |  74 ---
 media-video/ffmpeg/metadata.xml                    |   1 -
 6 files changed, 1159 deletions(-)