From patchwork Wed Aug 21 18:07:01 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bernd Kuhls <bernd.kuhls@t-online.de>
X-Patchwork-Id: 1151055
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=busybox.net
	(client-ip=140.211.166.133; helo=hemlock.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=t-online.de
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46DFxJ2r0Nz9s3Z
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Thu, 22 Aug 2019 04:07:15 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id 55AE788184;
	Wed, 21 Aug 2019 18:07:11 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id rQ6YLbH9p957; Wed, 21 Aug 2019 18:07:10 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 14DAB88173;
	Wed, 21 Aug 2019 18:07:10 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	by ash.osuosl.org (Postfix) with ESMTP id 90C681BF417
	for <buildroot@lists.busybox.net>;
	Wed, 21 Aug 2019 18:07:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 8E00A203FC
	for <buildroot@lists.busybox.net>;
	Wed, 21 Aug 2019 18:07:09 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id BvtttzN0b9eg for <buildroot@lists.busybox.net>;
	Wed, 21 Aug 2019 18:07:08 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mailout06.t-online.de (mailout06.t-online.de [194.25.134.19])
	by silver.osuosl.org (Postfix) with ESMTPS id 68D74203F4
	for <buildroot@buildroot.org>; Wed, 21 Aug 2019 18:07:08 +0000 (UTC)
Received: from fwd41.aul.t-online.de (fwd41.aul.t-online.de [172.20.27.139])
	by mailout06.t-online.de (Postfix) with SMTP id 128BB41AD908;
	Wed, 21 Aug 2019 20:07:07 +0200 (CEST)
Received: from fli4l.lan.fli4l
	(SOVpwwZUQh9P4u2fSWtgCed1LEiFUxVBT6+0n95AILiwjvygH3Pb3pRFd57zGJRg8n@[84.161.182.96])
	by fwd41.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted)
	esmtp id 1i0V0g-1w2Og40; Wed, 21 Aug 2019 20:07:02 +0200
Received: from mahler.lan.fli4l ([192.168.1.1]:33988)
	by fli4l.lan.fli4l with esmtp (Exim 4.92.1)
	(envelope-from <bernd.kuhls@t-online.de>)
	id 1i0V0g-000359-7a; Wed, 21 Aug 2019 20:07:02 +0200
From: Bernd Kuhls <bernd.kuhls@t-online.de>
To: buildroot@buildroot.org
Date: Wed, 21 Aug 2019 20:07:01 +0200
Message-Id: <20190821180701.6796-2-bernd.kuhls@t-online.de>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190821180701.6796-1-bernd.kuhls@t-online.de>
References: <20190821180701.6796-1-bernd.kuhls@t-online.de>
MIME-Version: 1.0
X-ID: SOVpwwZUQh9P4u2fSWtgCed1LEiFUxVBT6+0n95AILiwjvygH3Pb3pRFd57zGJRg8n
X-TOI-MSGID: a9df3b3c-308c-45d9-8981-cd3e1a676fcb
Subject: [Buildroot] [PATCH 2/2] package/vlc: security bump version to 3.0.8
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Simon Dawson <spdawson@gmail.com>,
	Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Release notes: https://www.videolan.org/developers/vlc-branch/NEWS

Fixes the following security bugs:
 * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
 * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
 * Fix a read buffer overflow in the FAAD decoder
 * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
 * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
 * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
 * Fix a use after free in the ASF demuxer (CVE-2019-14533)
 * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
 * Fix a null dereference in the dvdnav demuxer
 * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
 * Fix a null dereference in the AVI demuxer
 * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
 * Fix a division by zero in the ASF demuxer (CVE-2019-14535)

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 package/vlc/vlc.hash | 12 ++++++------
 package/vlc/vlc.mk   |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/package/vlc/vlc.hash b/package/vlc/vlc.hash
index ba053ea963..d1d3e45b0c 100644
--- a/package/vlc/vlc.hash
+++ b/package/vlc/vlc.hash
@@ -1,9 +1,9 @@
-# From http://download.videolan.org/pub/videolan/vlc/3.0.7.1/vlc-3.0.7.1.tar.xz.sha256
-sha256 0655804371096772f06104b75c21cde8a76e3b6c8a2fdadc97914f082c6264f5 vlc-3.0.7.1.tar.xz
-# From http://download.videolan.org/pub/videolan/vlc/3.0.7.1/vlc-3.0.7.1.tar.xz.sha1
-sha1 3f6f9e56695eeea662b86602963721f1ac7afd23 vlc-3.0.7.1.tar.xz
-# From http://download.videolan.org/pub/videolan/vlc/3.0.7.1/vlc-3.0.7.1.tar.xz.md5
-md5 1adf2fe21070378b0e45ad163d3b232d vlc-3.0.7.1.tar.xz
+# From http://download.videolan.org/pub/videolan/vlc/3.0.8/vlc-3.0.8.tar.xz.sha256
+sha256 e0149ef4a20a19b9ecd87309c2d27787ee3f47dfd47c6639644bc1f6fd95bdf6 vlc-3.0.8.tar.xz
+# From http://download.videolan.org/pub/videolan/vlc/3.0.8/vlc-3.0.8.tar.xz.sha1
+sha1 424a9795e051c198e7fa28107b15809ee6820d43 vlc-3.0.8.tar.xz
+# From http://download.videolan.org/pub/videolan/vlc/3.0.8/vlc-3.0.8.tar.xz.md5
+md5 744442ec0c145453ea1d257914c8072e vlc-3.0.8.tar.xz
 # Locally computed
 sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
 sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
index a736643159..ae12e89b8a 100644
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-VLC_VERSION = 3.0.7.1
+VLC_VERSION = 3.0.8
 VLC_SITE = https://get.videolan.org/vlc/$(VLC_VERSION)
 VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
 VLC_LICENSE = GPL-2.0+, LGPL-2.1+