Release notes: https://www.videolan.org/developers/vlc-branch/NEWS
Fixes the following security bugs:
* Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
* Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
* Fix a read buffer overflow in the FAAD decoder
* Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
* Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
* Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
* Fix a use after free in the ASF demuxer (CVE-2019-14533)
* Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
* Fix a null dereference in the dvdnav demuxer
* Fix a null dereference in the ASF demuxer (CVE-2019-14534)
* Fix a null dereference in the AVI demuxer
* Fix a division by zero in the CAF demuxer (CVE-2019-14498)
* Fix a division by zero in the ASF demuxer (CVE-2019-14535)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Rebased patch 0006, removed patch 0008 which is included in upstream
release version, renumbered remaining patches.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 550c42509c "package/vlc: fix
linking with tremor" fixed build with BR2_PACKAGE_TREMOR and without
BR2_PACKAGE_LIBVORBIS. However, it breaks build if BR2_PACKAGE_TREMOR
and BR2_PACKAGE_LIBVORBIS are both enabled.
Indeed, by overiding VORBIS_LIBS by -lvorbisidec, link of
codec/.libs/libvorbis_plugin_la-vorbis.o with -lvorbis
failed because VORBIS_LIBS is normally used to save "-logg
-lvorbis -lvorbisenc":
PKG_ENABLE_MODULES_VLC([VORBIS], [], [ogg vorbis >= 1.1 vorbisenc >= 1.1], [Vorbis decoder and encoder], [auto])
So replace fourth patch by an upstreamable patch which uses pkg-config
to set TREMOR_LIBS if tremor is found instead of "hacking" VORBIS_LIBS
Fixes:
- http://autobuild.buildroot.org/results/85a7bb1996b78dee037d5900b124cbdf5b66a6ac
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
vlc 3.0.4 is also affected by gcc bug internal compiler error on or1k
hw/vaapi/vlc_vaapi.c: In function 'pool_pic_destroy_cb':
hw/vaapi/vlc_vaapi.c:568:1: internal compiler error: in merge_overlapping_regs, at regrename.c:304
}
Fixes:
- http://autobuild.buildroot.org/results/771e88e7fb06714dd4b7246f82b95dffcedde343
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes
configure: error: The skins2 module depends on the Qt interface. Without
it you will not be able to open any dialog box from the interface, which
makes the skins2 interface rather useless. Install the Qt development
package or alternatively you can also configure with: --disable-qt
--disable-skins2.
http://autobuild.buildroot.net/results/ddb/ddb1ab48adb9705c44ed3d6d800b6d01ad52ac8c/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Some live555 libraries were missing in LIVE555_LIBS.
Instead of maintaining the list of live555 library files we use pkgconf
instead.
Fixes
http://autobuild.buildroot.net/results/744/7445bdc2fdcb28aa7f58c0249653329414e447df/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
No code changes. The upcoming bump to vlc 3.0.3 will add another eleven
--disable-* options to CONF_OPTS. To stay on top of things we sort the
current entries before we begin the version bump.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes configure warning:
checking for SPEEX... yes
checking for SPEEXDSP... no
configure: WARNING: Package speexdsp was not found in the pkg-config search path.
Perhaps you should add the directory containing `speexdsp.pc'
to the PKG_CONFIG_PATH environment variable
Package 'speexdsp', required by 'world', not found.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes configure warning:
checking for SPEEX... yes
checking for SPEEXDSP... no
configure: WARNING: Package speexdsp was not found in the pkg-config search path.
Perhaps you should add the directory containing `speexdsp.pc'
to the PKG_CONFIG_PATH environment variable
Package 'speexdsp', required by 'world', not found.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
VLC uses Git as its version control system, so it makes sense to use
Git formatted patches.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit cb7aa25df8 has disabled upnp support
as --disable-upnp and --enable-upnp are both set if libupnp or libupnp18
is enabled
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>