Opened 14 years ago

Closed 14 years ago

#2494 closed task (fixed)

xine-lib-1.11.1

Reported by: ken@… Owned by: ken@…
Priority: normal Milestone: 6.3
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

From the website

A new xine-lib version is now available. This release contains a security fix (array index vulnerability, CVE-2008-0073). There are also a few bug fixes; we've also made sure that it's compilable against current ffmpeg SVN as well as older versions.

Change History (8)

comment:1 by ken@…, 14 years ago

Owner: changed from blfs-book@… to ken@…
Status: newassigned

comment:2 by ken@…, 14 years ago

Summary: xine-lib-1.11xine-lib-1.11.1

Make that 1.11.1

 30.03.2008  	 xine-lib 1.1.11.1
A new xine-lib version is now available. This release contains a security fix (integer overflow, possibly leading to buffer overflow, CVE-2008-1482). There are also a few bug fixes, and yet another copy-and-paste announcement. 

comment:3 by Randy McMurchy, 14 years ago

Sigh...

Is there a patch we could use instead of updating?

Otherwise let's don't update and/or close the ticket until this version is tested with Totem (and whatever else uses it). Last time (1.1.10.1) Dan tested everything but Totem and I did the Totem check.

Ken, if you don't have Totem installed, I can do it again if we cannot find a patch.

in reply to:  3 ; comment:4 by ken@…, 14 years ago

Replying to randy@linuxfromscratch.org:

Otherwise let's don't update and/or close the ticket until this version is tested with Totem (and whatever else uses it). Last time (1.1.10.1) Dan tested everything but Totem and I did the Totem check.

I'm doing this on my older LFS-6.3 version (ran out of space on the newer one before I got as far as kde). The users I have are xine-ui and kaffeine (which I think isn't in the book). I do have totem, but using gstreamer (for gnash).

At the moment I'm installing xine-lib without the

--enable-static

which I think is insane (anybody who uses that will have to upgrade any users of the static library themselves), then I'll be testing that xine-ui and kaffeine work. After that, I'll test that they also compile against the updated version (I won't be installing those for real, or testing that they work), and I can test that totem compiles against it - it that sufficient for you ?

in reply to:  4 comment:5 by ken@…, 14 years ago

Replying to ken@linuxfromscratch.org: Update: The existing xine-ui-0.99.5 and kaffeine-0.8.5 both work with the updated xine-lib. I've successfully compiled xine-ui-0.99.5, kaffeine-0.8.6 (what was handy). I've compiled and installed amarok-1.4.8. I've compiled totem-2.18.2 using --enable-xine and run src/totem. All testing used a DVD, except for amarok which appears to work but has no facility to play DVDs (so why does it need xine-lib?).

The only other reference to xine-lib I can find in the book is for xfce, but that has been commented out. As far as I'm concerned, this is a drop-in.

comment:6 by Randy McMurchy, 14 years ago

Slam-dunk it dude!

Thanks for doing the testing, Ken.

in reply to:  3 comment:7 by Robert Daniels, 14 years ago

Replying to randy@linuxfromscratch.org:

Otherwise let's don't update and/or close the ticket until this version is tested with Totem (and whatever else uses it). Last time (1.1.10.1) Dan tested everything but Totem and I did the Totem check.

Randy is confused again. ;)

That was me that did the testing on the last update. Not particularly worried about it myself, I just think its kinda funny :)

Anyways, great work on testing everything so quickly, Ken.

comment:8 by ken@…, 14 years ago

Resolution: fixed
Status: assignedclosed

Applied, r7335.

Note: See TracTickets for help on using tickets.