Update Info


Security update for vlc

Type: security
Severity: moderate
Issued: 2020-04-29
This update for vlc fixes the following issues:

vlc was updated to version

+ Misc: Properly bump the version in configure.ac.

Changes from version

+ Misc: Fix VLSub returning 401 for earch request.

Changes from version 3.0.9:

+ Core: Work around busy looping when playing an invalid item
  through VLM.
+ Access:
  * Multiple dvdread and dvdnav crashs fixes
  * Fixed DVD glitches on clip change
  * Fixed dvdread commands/data sequence inversion in some cases causing
    unwanted glitches
  * Better handling of authored as corrupted DVD
  * Added libsmb2 support for SMB2/3 shares
+ Demux:
  * Fix TTML entities not passed to decoder
  * Fixed some WebVTT styling tags being not applied
  * Misc raw H264/HEVC frame rate fixes
  * Fix adaptive regression on TS format change (mostly HLS)
  * Fixed MP4 regression with twos/sowt PCM audio
  * Fixed some MP4 raw quicktime and ms-PCM audio
  * Fixed MP4 interlacing handling
  * Multiple adaptive stack (DASH/HLS/Smooth) fixes
  * Enabled Live seeking for HLS
  * Fixed seeking in some cases for HLS
  * Improved Live playback for Smooth and DASH
  * Fixed adaptive unwanted end of stream in some cases
  * Faster adaptive start and new buffering control options
+ Packetizers:
  * Fixes H264/HEVC incomplete draining in some cases
  * packetizer_helper: Fix potential trailing junk on last packet
  * Added missing drain in packetizers that was causing missing
    last frame or audio
  * Improved check to prevent fLAC synchronization drops
+ Decoder:
  * avcodec: revector video decoder to fix incomplete drain
  * spudec: implemented palette updates, fixing missing subtitles
    on some DVD
  * Fixed WebVTT CSS styling not being applied on Windows/macOS
  * Fixed Hebrew teletext pages support in zvbi
  * Fixed Dav1d aborting decoding on corrupted picture
  * Extract and display of all CEA708 subtitles
  * Update libfaad to 2.9.1
  * Add DXVA support for VP9 Profile 2 (10 bits)
  * Mediacodec aspect ratio with Amazon devices
+ Audio output:
  * Added support for iOS audiounit audio above 48KHz
  * Added support for amem audio up to 384KHz
+ Video output:
  * Fix for opengl glitches in some drivers
  * Fix GMA950 opengl support on macOS
  * YUV to RGB StretchRect fixes with NVIDIA drivers
  * Use libpacebo new tone mapping desaturation algorithm
+ Text renderer:
  * Fix crashes on macOS with SSA/ASS subtitles containing emoji
  * Fixed unwanted growing background in Freetype rendering and Y padding
+ Mux: Fixed some YUV mappings
+ Service Discovery: Update libmicrodns to 0.1.2.
+ Misc:
  * Update YouTube, SoundCloud and Vocaroo scripts: this restores
    playback of YouTube URLs.
  * Add missing .wpl & .zpl file associations on Windows
  * Improved chromecast audio quality

Update to version 3.0.8 'vetinari':

+ Fix stuttering for low framerate videos
+ Improve adaptive streaming
+ Improve audio output for external audio devices on macOS/iOS
+ Fix hardware acceleration with Direct3D11 for some AMD drivers
+ Fix WebVTT subtitles rendering
+ Vetinari is a major release changing a lot in the media engine of VLC.
  It is one of the largest release we've ever done.
  Notably, it:
   - activates hardware decoding on all platforms, of H.264 & H.265, 8 & 10bits,
     allowing 4K60 or even 8K decoding with little CPU consumption,
   - merges all the code from the mobile ports into the same codebase with
     common numbering and releases,
   - supports 360 video and 3D audio, and prepares for VR content,
   - supports direct HDR and HDR tone-mapping,
   - updates the audio passthrough for HD Audio codecs,
   - allows browsing of local network drives like SMB, FTP, SFTP, NFS...
   - stores the passwords securely,
   - brings a new subtitle rendering engine, supporting ComplexTextLayout
     and font fallback to support multiple languages and fonts,
   - supports ChromeCast with the new renderer framework,
   - adds support for numerous new formats and codecs, including WebVTT,
     AV1, TTML, HQX, 708, Cineform, and many more,
   - improves Bluray support with Java menus, aka BD-J,
   - updates the macOS interface with major cleaning and improvements,
   - support HiDPI UI on Windows, with the switch to Qt5,
   - prepares the experimental support for Wayland on Linux, and
     switches to OpenGL by default on Linux.
+ Security fixes included:
  * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
  * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
  * Fix a read buffer overflow in the FAAD decoder
  * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
  * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
  * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
  * Fix a use after free in the ASF demuxer (CVE-2019-14533)
  * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
  * Fix a null dereference in the dvdnav demuxer
  * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
  * Fix a null dereference in the AVI demuxer
  * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
  * Fix a division by zero in the ASF demuxer (CVE-2019-14535)
- Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available.

- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some
  image loading libraries (libpng, libjpeg, ...) which are either wrapped
  by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so).

This update was imported from the openSUSE:Leap:15.1:Update update project.



  • vlc-