#7437 closed enhancement (fixed)
vlc-2.2.2
| Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
|---|---|---|---|
| Priority: | high | Milestone: | 7.9 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by ) ¶
Includes security fixes ¶
Update of codecs and libraries to fix 3rd party security issues (like TALOS-CAN-0036, TALOS-CAN-0037, CVE-2015-7981, CVE-2015-8126
http://download.videolan.org/pub/videolan/vlc/2.2.2/vlc-2.2.2.tar.xz
http://download.videolan.org/pub/videolan/vlc/2.2.2/vlc-2.2.2.tar.xz.asc
http://download.videolan.org/pub/videolan/vlc/2.2.2/vlc-2.2.2.tar.xz.md5
f98d60f0f59ef72b6e3407f2ff09bda6 *vlc-2.2.2.tar.xz
https://www.videolan.org/developers/vlc-branch/NEWS
Changes between 2.2.1 and 2.2.2: -------------------------------- Access: • Fix SetupFormat for continuous framesize in v4l2 • Fix off-by-one buffer overflow in RealRtsp module • Fix screen recording aspect-ratio, framerate and potential crash • Fix Windows directshow input freeze • Fix MMS segmentation fault/abort when server forces a large allocation Demux: • Fix support for ms-dvr files • Fix time detection in AVI files over HTTP • HLS: fix hang on stop, crashes and small improvements • Fix mp4 NULL dereference reported by by Fortinet's FortiGuard Labs • Fix regression for VC-1 in WMV • Fix MXF crashes on stop • Fix EAC3 detection in some TS files Decoders: • Fix importing surface from main memory in VDPAU • Fix possible double-free in ADPCM decoder • Support 9-bit and 10-bit GBR planar formats • Support GoToMeeting 2 and GoToMeeting 3 codecs • Fix crash in teletext (zvbi) decoder • Fix Bluray subtitles (PGS) timestamps Audio output: • Fix audio drop after a flush with pulseaudio • Fix audio initialization on iOS • Fix audio stuttering with AirPlay devices on OS X (2 sec delay needs to be set manually by the user) • Fix pulseaudio latency computation • Fix alsa default device selection Skins2: • Fix video control that fails to show up • Fix UTF-8 conversion issues • Fix Unicode folders location failing to open the skins • Fix crash over malformed skins bitmaps • Fix fullscreen for Gnome3/Unity Window Managers OS X: • Support for OS X El Capitan • Fix code signature for releases on El Capitan • Improve resume dialog, starting time, preferences, lua extensions • Fix threads ordering, preferences crashes, URL drag'n drops Qt: • Fix crash when opening multiple items on Windows • Fix recent items appending when using a playlist • Improve addons manager dialog, playlist • Fix changing the audio-device in the menu • Fix key and mouse event support for Qt >= 5.5 under X11 • Fix memory leaks Video Output: • Fix build if one disables XCB but activate VDPAU on Unix • Fix Direct3D plane allocation size to avoid colour bleeding • Fix some crashes in swscale resizing Misc: • Fix build with recent FreeRDP versions • Fix interface crashes when input-title-format option is empty • Fix MP4 mux divide-by-zero crash • Improve PNG encoding time • Fix some UPnP initialization lag • Rewrite of the Jamendo Service Discovery • Fix snapshot aspect ratio for anamorphic contents • Fix custom snapshot sizes • Dynamic generation of GnuTLS Diffie-Hellman parameters • Fix "vb" transcoding parameter • Fix superfluous audio channel extraction in the core • Fix miscellaneous crashes, double-frees, integer overflows, infinite loops, read overflow, invalid frees and division by zero issues • Fix support for lua 5.2 and fix XSS in the http interface • Update and improve Soundcloud, Vimeo and Youtube scripts • Update of codecs and libraries to fix 3rd party security issues (like TALOS-CAN-0036, TALOS-CAN-0037, CVE-2015-7981, CVE-2015-8126 Translations: • Add Kashmiri and Maithili languages • Update of most translations libVLC: • Expose audio mute, cork and volume change events: libvlc_MediaPlayerCorked, libvlc_MediaPlayerUncorked, libvlc_MediaPlayerMuted, libvlc_MediaPlayerUnmuted and libvlc_MediaPlayerAudioVolume • Fix propagation of libvlc_MediaPlayerTitleChanged event Translations: • Update of most translations
Change History (8)
comment:1 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 9 years ago
| Description: | modified (diff) |
|---|---|
| Priority: | normal → high |
comment:3 by , 9 years ago
comment:4 by , 9 years ago
Open a ticket for what? There are upstream fixes in version control in many packages that we don't bother with. For vlc, we just need to do pathremove for the appropriate variables within a subshell. Not sure if the variable is PATH or PKG_CONFIG_PATH.
follow-up: 7 comment:5 by , 9 years ago
It is PKG_CONFIG_PATH and it is done, soon to commit.
What I meant is that we could fix Qt5, during the freeze, and then test all packages against.
VLC has over 5 fixes already. And it would be interesting building as many packages as possible with Qt5, to get rid of Qt4, eventually.
But OK, will not open a ticket.
comment:7 by , 9 years ago
Replying to fo:
What I meant is that we could fix Qt5, during the freeze, and then test all packages against.
VLC has over 5 fixes already. And it would be interesting building as many packages as possible with Qt5, to get rid of Qt4, eventually.
We will not be removing Qt4 this cycle, so I think it is premature to spend time on this now. I agree with the concept though.
This package needs one more fix to build: again, hide qt5 from PKG_CONFIG_PATH.
It could probably be avoided (from what I read), by fixing Qt5., reasoning follows.
There is a configure test giving the error (line broken by me):
Search the string "You cannot ..." gives many hits.
One of the first:
http://www.mailbrowse.com/videolan-vlc-commits/30489.html
Essentially, Qt5 needs to be patched:
https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=0f68f8920573cdce1729a285a92ac8582df32841
which essentially is:
--- a/src/widgets/kernel/qwidget.cpp +++ b/src/widgets/kernel/qwidget.cpp @@ -7169,7 +7169,7 @@ void QWidgetPrivate::setGeometry_sys(int x, int y, int w, int h, bool isMove) bool needsShow = false; - if (q->isWindow()) { + if (q->isWindow() || q->windowHandle()) { if (!(data.window_state & Qt::WindowFullScreen) && (w == 0 || h == 0)) { q->setAttribute(Qt::WA_OutsideWSRange, true); if (q->isVisible() && q->testAttribute(Qt::WA_Mapped))Just a single line modification.
However, I think that the best time to do that is during freeze or not at açç, if 5.5.2 comes with the fix before LFS7.9.
Reason is that many packages depend ob Qt and install bits and peaces under /opt/qt5. It would be too much work for now, which will be doubled soon.
Should I open a ticket?