[1/1] package/vlc: security bump version to 3.0.18

Message ID	20221130212614.1215778-1-bernd.kuhls@t-online.de
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Bernd Kuhls <bernd.kuhls@t-online.de> To: buildroot@buildroot.org Date: Wed, 30 Nov 2022 22:26:14 +0100 Message-Id: <20221130212614.1215778-1-bernd.kuhls@t-online.de> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/vlc: security bump version to 3.0.18 Precedence: list Cc: Simon Dawson <spdawson@gmail.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/1] package/vlc: security bump version to 3.0.18 \| expand [1/1] package/vlc: security bump version to 3.0.18

Message ID

20221130212614.1215778-1-bernd.kuhls@t-online.de

State

Accepted

Headers

From: Bernd Kuhls <bernd.kuhls@t-online.de>
To: buildroot@buildroot.org
Date: Wed, 30 Nov 2022 22:26:14 +0100
Message-Id: <20221130212614.1215778-1-bernd.kuhls@t-online.de>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/1] package/vlc: security bump version to 3.0.18
Precedence: list
Cc: Simon Dawson <spdawson@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/1] package/vlc: security bump version to 3.0.18 | expand

Commit Message

Bernd Kuhls Nov. 30, 2022, 9:26 p.m. UTC

Removed patch 0010, a different fix was applied upstream:
https://code.videolan.org/videolan/vlc/-/commit/05445b74a38d045cb28f71f96ccbe882445a031e

Removed patch 0011 which was backported from upstream.
Renumbered patch 0012 -> 0010.

Release notes:
http://www.videolan.org/vlc/releases/3.0.18.html

Fixes CVE-2022-41325:
http://www.videolan.org/security/sb-vlc3018.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 ...ive555.cpp-fix-build-with-live555-20.patch | 36 --------
 ...> 0010-opengl-missing-library-check.patch} |  0
 ...-fix-compilation-with-upcoming-dav1d.patch | 88 -------------------
 package/vlc/vlc.hash                          |  8 +-
 package/vlc/vlc.mk                            |  2 +-
 5 files changed, 5 insertions(+), 129 deletions(-)
 delete mode 100644 package/vlc/0010-modules-access-live555.cpp-fix-build-with-live555-20.patch
 rename package/vlc/{0012-opengl-missing-library-check.patch => 0010-opengl-missing-library-check.patch} (100%)
 delete mode 100644 package/vlc/0011-dav1d-fix-compilation-with-upcoming-dav1d.patch

Comments

Peter Korsgaard Dec. 1, 2022, 8:55 p.m. UTC | #1

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > Removed patch 0010, a different fix was applied upstream:
 > https://code.videolan.org/videolan/vlc/-/commit/05445b74a38d045cb28f71f96ccbe882445a031e

 > Removed patch 0011 which was backported from upstream.
 > Renumbered patch 0012 -> 0010.

 > Release notes:
 > http://www.videolan.org/vlc/releases/3.0.18.html

 > Fixes CVE-2022-41325:
 > http://www.videolan.org/security/sb-vlc3018.html

 > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

 > +++ b/package/vlc/vlc.hash
 > @@ -1,7 +1,7 @@
 > -# From https://get.videolan.org/vlc/3.0.17.4/vlc-3.0.17.4.tar.xz.sha256
 > -sha256  8c5a62d88a4fb45c1b095cf10befef217dfa87aedcec5184b9e7d590b6dd4133  vlc-3.0.17.4.tar.xz
 > -# From https://get.videolan.org/vlc/3.0.17.4/vlc-3.0.17.4.tar.xz.sha1
 > -sha1  ebcd9939103fda141267c5a8f1c603df4533218e  vlc-3.0.17.4.tar.xz
 > +# From https://get.videolan.org/vlc/3.0.18/vlc-3.0.18.tar.xz.sha256
 > +sha256  57094439c365d8aa8b9b41fa3080cc0eef2befe6025bb5cef722accc625aedec  vlc-3.0.18.tar.xz
 > +# From https://get.videolan.org/vlc/3.0.18/vlc-3.0.18.tar.xz.sha1
 > +sha1  b11ccaa0f5ee15a550564817d60458eb0946f80e *vlc-3.0.18.tar.xz

You have a * before the filename, which get flagged by check-package:

Applying: package/vlc: security bump version to 3.0.18
package/vlc/vlc.hash:4: separation does not match expectation (http://nightly.buildroot.org/#adding-packages-hash)

Committed with that fixed, thanks.

Peter Korsgaard Dec. 7, 2022, 1:27 p.m. UTC | #2

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > Removed patch 0010, a different fix was applied upstream:
 > https://code.videolan.org/videolan/vlc/-/commit/05445b74a38d045cb28f71f96ccbe882445a031e

 > Removed patch 0011 which was backported from upstream.
 > Renumbered patch 0012 -> 0010.

 > Release notes:
 > http://www.videolan.org/vlc/releases/3.0.18.html

 > Fixes CVE-2022-41325:
 > http://www.videolan.org/security/sb-vlc3018.html

 > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Committed to 2022.08.x and 2022.02.x, thanks.

diff --git a/package/vlc/0010-modules-access-live555.cpp-fix-build-with-live555-20.patch b/package/vlc/0010-modules-access-live555.cpp-fix-build-with-live555-20.patch
deleted file mode 100644
index 5f046648d4..0000000000
--- a/package/vlc/0010-modules-access-live555.cpp-fix-build-with-live555-20.patch
+++ /dev/null
@@ -1,36 +0,0 @@ 
-From eba390d13ec4089cd6b9d8687ab3f8905b9d3ac8 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sat, 22 May 2021 22:56:04 +0200
-Subject: [PATCH] modules/access/live555.cpp: fix build with live555 >=
- 2020.12.11
-
-Since live555-2020.12.11, connectionEndpointAddress() member function
-use a "struct sockaddr_storage" in preparation for eventual support of
-IPv6: http://www.live555.com/liveMedia/public/changelog.txt
-
-Fixes:
- - http://autobuild.buildroot.org/results/83170984f96238756c45bf1f4e542363afafd45f
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- modules/access/live555.cpp | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/modules/access/live555.cpp b/modules/access/live555.cpp
-index 9d6e01ae32..32a6c294eb 100644
---- a/modules/access/live555.cpp
-+++ b/modules/access/live555.cpp
-@@ -850,7 +850,9 @@ static int SessionsSetup( demux_t *p_demux )
-             if( !p_sys->b_multicast )
-             {
-                 /* We need different rollover behaviour for multicast */
--                p_sys->b_multicast = IsMulticastAddress( sub->connectionEndpointAddress() );
-+                struct sockaddr_storage tempAddr;
-+                sub->getConnectionEndpointAddress( tempAddr );
-+                p_sys->b_multicast = IsMulticastAddress( tempAddr );
-             }
- 
-             tk = (live_track_t*)malloc( sizeof( live_track_t ) );
--- 
-2.30.2
-
diff --git a/package/vlc/0012-opengl-missing-library-check.patch b/package/vlc/0010-opengl-missing-library-check.patch
similarity index 100%
rename from package/vlc/0012-opengl-missing-library-check.patch
rename to package/vlc/0010-opengl-missing-library-check.patch
diff --git a/package/vlc/0011-dav1d-fix-compilation-with-upcoming-dav1d.patch b/package/vlc/0011-dav1d-fix-compilation-with-upcoming-dav1d.patch
deleted file mode 100644
index 74b8645379..0000000000
--- a/package/vlc/0011-dav1d-fix-compilation-with-upcoming-dav1d.patch
+++ /dev/null
@@ -1,88 +0,0 @@ 
-From 2202c892c8dc1381b596c53c2ebd3ca680061f95 Mon Sep 17 00:00:00 2001
-From: Steve Lhomme <robux4@ycbcr.xyz>
-Date: Fri, 18 Mar 2022 11:42:49 +0100
-Subject: [PATCH] dav1d: fix compilation with (upcoming) dav1d 1.0
-
-(cherry picked from commit dbf45cea2a8abdfbef897b8a71f3eb782bb1b712) (edited)
-edited:
-- 3.0 has the 128 pixels padding elsewhere
-- 3.0 has an extra parameter for add_integer_with_range()
-- 3.0 was setting i_extra_picture_buffers further down in the code
-- 3.0 uses 16 threads max
-
-Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
-
-Downloaded from upstream commit
-https://code.videolan.org/videolan/vlc/-/commit/2202c892c8dc1381b596c53c2ebd3ca680061f95
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- modules/codec/dav1d.c | 22 +++++++++++++++++++++-
- 1 file changed, 21 insertions(+), 1 deletion(-)
-
-diff --git a/modules/codec/dav1d.c b/modules/codec/dav1d.c
-index 039165f52ec..cfabbc27cb3 100644
---- a/modules/codec/dav1d.c
-+++ b/modules/codec/dav1d.c
-@@ -63,10 +63,16 @@ vlc_module_begin ()
-     set_category(CAT_INPUT)
-     set_subcategory(SUBCAT_INPUT_VCODEC)
- 
-+#if DAV1D_API_VERSION_MAJOR >= 6
-+    add_integer_with_range("dav1d-thread-frames", 0, 0, DAV1D_MAX_THREADS,
-+                THREAD_FRAMES_TEXT, THREAD_FRAMES_LONGTEXT, false)
-+    add_obsolete_string("dav1d-thread-tiles") // unused with dav1d 1.0
-+#else
-     add_integer_with_range("dav1d-thread-frames", 0, 0, DAV1D_MAX_FRAME_THREADS,
-                 THREAD_FRAMES_TEXT, THREAD_FRAMES_LONGTEXT, false)
-     add_integer_with_range("dav1d-thread-tiles", 0, 0, DAV1D_MAX_TILE_THREADS,
-                 THREAD_TILES_TEXT, THREAD_TILES_LONGTEXT, false)
-+#endif
- vlc_module_end ()
- 
- /*****************************************************************************
-@@ -294,6 +300,11 @@ static int OpenDecoder(vlc_object_t *p_this)
-         return VLC_ENOMEM;
- 
-     dav1d_default_settings(&p_sys->s);
-+#if DAV1D_API_VERSION_MAJOR >= 6
-+    p_sys->s.n_threads = var_InheritInteger(p_this, "dav1d-thread-frames");
-+    if (p_sys->s.n_threads == 0)
-+        p_sys->s.n_threads = (i_core_count < 16) ? i_core_count : 16;
-+#else
-     p_sys->s.n_tile_threads = var_InheritInteger(p_this, "dav1d-thread-tiles");
-     if (p_sys->s.n_tile_threads == 0)
-         p_sys->s.n_tile_threads =
-@@ -303,6 +314,7 @@ static int OpenDecoder(vlc_object_t *p_this)
-     p_sys->s.n_frame_threads = var_InheritInteger(p_this, "dav1d-thread-frames");
-     if (p_sys->s.n_frame_threads == 0)
-         p_sys->s.n_frame_threads = (i_core_count < 16) ? i_core_count : 16;
-+#endif
-     p_sys->s.allocator.cookie = dec;
-     p_sys->s.allocator.alloc_picture_callback = NewPicture;
-     p_sys->s.allocator.release_picture_callback = FreePicture;
-@@ -313,12 +325,20 @@ static int OpenDecoder(vlc_object_t *p_this)
-         return VLC_EGENERIC;
-     }
- 
-+#if DAV1D_API_VERSION_MAJOR >= 6
-+    msg_Dbg(p_this, "Using dav1d version %s with %d threads",
-+            dav1d_version(), p_sys->s.n_threads);
-+
-+    dec->i_extra_picture_buffers = (p_sys->s.n_threads - 1);
-+#else
-     msg_Dbg(p_this, "Using dav1d version %s with %d/%d frame/tile threads",
-             dav1d_version(), p_sys->s.n_frame_threads, p_sys->s.n_tile_threads);
- 
-+    dec->i_extra_picture_buffers = (p_sys->s.n_frame_threads - 1);
-+#endif
-+
-     dec->pf_decode = Decode;
-     dec->pf_flush = FlushDecoder;
--    dec->i_extra_picture_buffers = (p_sys->s.n_frame_threads - 1);
- 
-     dec->fmt_out.video.i_width = dec->fmt_in.video.i_width;
-     dec->fmt_out.video.i_height = dec->fmt_in.video.i_height;
--- 
-GitLab
-
diff --git a/package/vlc/vlc.hash b/package/vlc/vlc.hash
index 9060097906..64b6bc5a3b 100644
--- a/package/vlc/vlc.hash
+++ b/package/vlc/vlc.hash
@@ -1,7 +1,7 @@ 
-# From https://get.videolan.org/vlc/3.0.17.4/vlc-3.0.17.4.tar.xz.sha256
-sha256  8c5a62d88a4fb45c1b095cf10befef217dfa87aedcec5184b9e7d590b6dd4133  vlc-3.0.17.4.tar.xz
-# From https://get.videolan.org/vlc/3.0.17.4/vlc-3.0.17.4.tar.xz.sha1
-sha1  ebcd9939103fda141267c5a8f1c603df4533218e  vlc-3.0.17.4.tar.xz
+# From https://get.videolan.org/vlc/3.0.18/vlc-3.0.18.tar.xz.sha256
+sha256  57094439c365d8aa8b9b41fa3080cc0eef2befe6025bb5cef722accc625aedec  vlc-3.0.18.tar.xz
+# From https://get.videolan.org/vlc/3.0.18/vlc-3.0.18.tar.xz.sha1
+sha1  b11ccaa0f5ee15a550564817d60458eb0946f80e *vlc-3.0.18.tar.xz
 # Locally computed
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
index aee3b735a9..c6ae46f469 100644
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-VLC_VERSION = 3.0.17.4
+VLC_VERSION = 3.0.18
 VLC_SITE = https://get.videolan.org/vlc/$(VLC_VERSION)
 VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
 VLC_LICENSE = GPL-2.0+, LGPL-2.1+

[1/1] package/vlc: security bump version to 3.0.18

Commit Message

Comments

Patch