openSUSE Security Update: vlc: version update to 2.1.3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0315-1 Rating: moderate References: #864422 Cross-References: CVE-2013-3565 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: VLC was updated to version 2.1.3 (bnc#864422): + Core: - Fix broken behaviour with SOCKSv5 proxies - Fix integer overflow on error when using vlc_readdir + Access: - Fix DVB-T2 tuning on Linux. - Fix encrypted DVD playback. - Fix v4l2 frequency conversion. + Decoders: - Fix numerous issues (M2TS, VC1 interlaced, Lagarith, FFv1.3, Xvid) by updating codec libraries. - Bring fluidsynth back on Mac OS X - Fix some Opus crashes with some filters - Fix teletext crash on Windows + Demuxers: - Avoid an infinite recursion in MKV tags parsing - Fix an issue with some Vobsub tracks - Fix missing samples at the end of some wav files - Fix divide by 0 on ASF/WMV parsing + Audio output: - Fix audio device selection via command line on Mac OS X - Fix audio crashes on Mac OS X + Video Output: - Fix selection of DirectDraw as the default output for XP - Fix transform off-by-one issue - Fix screensaver disabling on Windows outputs - Fix DirectDraw device enumeration and multi-display output - Fix a potential crash when playing a fullscreen game at the same time as VLC + Stream output: - Fix 24bits audio MTU alignment in RTP - Fix record file names + Qt interface: - Fix minimal size possible on start - Fix a crash with the simple volume widget - Fix a crash in the audio menu building - Fix multimedia keys issues on Windows - Fix opening of DVD and BD folders on Windows + HTTP interface: Fix album art display on Windows. + Updated translations. - Add update-desktop-files BuildRequires and %desktop_database_post/postun calls to respective scriptlets: Fix https://bugs.links2linux.org/browse/PM-108. - Update to version 2.1.2: + Audio output: - Fix digital playback on OS X when more than one audio device is installed. - Fix digital playback (SPDIF/HDMI) on Windows. - Fix stuttering or silent playback when using sound enhancers or external audio devices on OS X. - Improve responsiveness on OS X when playback starts or is being paused. - Improve responsiveness, silent playback intervals and reliability on iOS. + Demuxers: - Fix Vimeo and DailyMotion parsing. - Various WMV playback improvements and fixes. + Decoders: - Fix LPCM 20/24-bit decoding and 16 bits with channel padding. - Fix playback of some HEVC samples. + Video filters: Fix crash on deinterlace selection. + Qt interface: - Fix some streaming profiles when copy existed. - Improve A-B loop control. - Fix album art update when changing media. + Mac OS X interface adjustments. + Win32 installer: Kill running VLC process on uninstall/update. + Updated translations. - More features (by adding BuildRequires): + IDN Support (International Domain Names): libidn-devel + SFTP Access: libssh2-devel + HotKey Support: xcb-util-keysyms-devel + Complete SDL Stack: SDL_image-devel + ProjectM suppor (for openSUSE >= 12.3) - Update to version 2.1.1: + Core: - Fix random and reshuffling behaviour. - Fix recording. - Fix some subtitles track selection. + Decoders: - VP9 support in WebM. - HEVC/H.265 support in MKV, MP4 and raw files. - Fix GPU decoding under Windows (DxVA2) crashes. + Demuxers: - Fix crashes on wav, mlp and mkv and modplug files. - Support Speex in ogg files. - Fix some .mov playlists support. - Support Alac in mkv. - Fix WMV3 and palette in AVI. - Fix FLAC packetizer issues in some files. + Access: - Fix DVB options parsing. - Fix DeckLink HDMI input. - Fix HTTPS connectivity on OS X by loading root certificates from Keychain. + Audio output: - Fixes for DirectSound pass-through. - Fixes for OSS output, notably on BSD. + Interfaces: - Fix HTTP interface infinite loop. - Fix D-Bus volume setting. + Qt: - Reinstore right click subtitle menu to open a subtitle. - Fix saving the hotkeys in preferences. - Fix saving the audio volume on Win32, using DirectSound. - Fix play after drag'n drop. - Fix streaming options edition and scale parameter. + Stream out: - Fix transcoding audio drift issues. - Fix numerous audio encoding issues. + Win32 installer: - Important rewrite to fix numerous bugs, notably about updates. - Simplification of the upgrade mechanism. + Mac OS X interface: - Reintroduce the language selector known from pre-2.1 releases. - Fix fullscreen behaviour and various crashes. - Fix about dialog crash in Japanese. - Fix crashes on proxy lookups. - Fixes on the playlist and information behaviours. - Fixes on the streaming dialogs. - Improves interface resizings. + Updated translations. - Pass --with-default-font=[path] and --with-default-monospace-font=[path] to configure. - Drop fix_font_path.patch: replaced with configure parameters above. - Recommend 'vlc' by vlc-qt: some users might go installing the UI package directly. Having Qt most likely also means the user has X, so we at least recommend the vlc package relying on X. - Force creation of plugins cache in vlc-nox %post, instead of just touching the file, for details see https://trac.videolan.org/vlc/ticket/9807#comment:2 - Update License: A lot has been relicensed to LGPL-2.1. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-178 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libvlc5-2.1.3-10.1 libvlc5-debuginfo-2.1.3-10.1 libvlccore7-2.1.3-10.1 libvlccore7-debuginfo-2.1.3-10.1 vlc-2.1.3-10.1 vlc-debuginfo-2.1.3-10.1 vlc-debugsource-2.1.3-10.1 vlc-devel-2.1.3-10.1 vlc-gnome-2.1.3-10.1 vlc-gnome-debuginfo-2.1.3-10.1 vlc-noX-2.1.3-10.1 vlc-noX-debuginfo-2.1.3-10.1 vlc-qt-2.1.3-10.1 vlc-qt-debuginfo-2.1.3-10.1 - openSUSE 13.1 (noarch): vlc-noX-lang-2.1.3-10.1 References: http://support.novell.com/security/cve/CVE-2013-3565.html https://bugzilla.novell.com/864422