Bug#863347: unblock: vlc/2.2.6-1~deb9u1

2017-05-26 Thread Adrian Bunk 
On Thu, May 25, 2017 at 11:51:58PM +0200, Ivo De Decker wrote:
> Hi,
> 
> On Thu, May 25, 2017 at 08:37:00PM +, Niels Thykier wrote:
> > > The upstream changes are attached as vlc-2.2.6.diff (updates to the 
> > > translations
> > > have been stripped). The changes in debian (vlc-debian.stretch.diff) 
> > > includes
> > > the usual bump of the versions in *.maintscripts and in Breaks + 
> > > Repalces. The
> > > Breaks + Replaces from libvlc-bin have been removed as they are not 
> > > necessary.
> 
> > To be honest, it is a bit problematic that we have to bump the version
> > of breaks/replaces + conffile handling for every upload.
> 
> This actually defeats the purpose of having the version in there. If people
> have lines for both jessie(-security) and stretch in their sources.list, vlc
> might go back and forth between the versions in jessie and stretch, depending
> on the timing of the uploads. This will result in problems.
> 
> The only way to properly fix this, is to make sure the version of vlc in
> jessie(-security) is always lower than the first version of vlc in stretch
> (going forward). You can achieve this by bumping the epoch for vlc in stretch
> (but not in jessie), and changing the breaks, replaces etc accordingly.

There is another and much easier fix:
Remove the version.

It is supposed to work, and if it didn't break with sid -> sid
upgrades for this upload (where the previous version in sid was
lower than the version passed to rm_conffile) it is already confirmed
that it also works in practice.

> Cheers,
> 
> Ivo

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#863347: unblock: vlc/2.2.6-1~deb9u1

2017-05-25 Thread Ivo De Decker 
Hi,

On Thu, May 25, 2017 at 08:37:00PM +, Niels Thykier wrote:
> > The upstream changes are attached as vlc-2.2.6.diff (updates to the 
> > translations
> > have been stripped). The changes in debian (vlc-debian.stretch.diff) 
> > includes
> > the usual bump of the versions in *.maintscripts and in Breaks + Repalces. 
> > The
> > Breaks + Replaces from libvlc-bin have been removed as they are not 
> > necessary.

> To be honest, it is a bit problematic that we have to bump the version
> of breaks/replaces + conffile handling for every upload.

This actually defeats the purpose of having the version in there. If people
have lines for both jessie(-security) and stretch in their sources.list, vlc
might go back and forth between the versions in jessie and stretch, depending
on the timing of the uploads. This will result in problems.

The only way to properly fix this, is to make sure the version of vlc in
jessie(-security) is always lower than the first version of vlc in stretch
(going forward). You can achieve this by bumping the epoch for vlc in stretch
(but not in jessie), and changing the breaks, replaces etc accordingly.

Cheers,

Ivo

Bug#863347: unblock: vlc/2.2.6-1~deb9u1

2017-05-25 Thread Sebastian Ramacher 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vlc version 2.2.6-1~deb9u1. It is the latest stable bug
fix release including a fix for CVE-2017-8312.

The upstream changes are attached as vlc-2.2.6.diff (updates to the translations
have been stripped). The changes in debian (vlc-debian.stretch.diff) includes
the usual bump of the versions in *.maintscripts and in Breaks + Repalces. The
Breaks + Replaces from libvlc-bin have been removed as they are not necessary.

unblock vlc/2.2.6-1~deb9u1

Cheers
-- 
Sebastian Ramacher
diff --git a/NEWS b/NEWS
index 4c34a5d8..88321824 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,15 @@
+Changes between 2.2.5.1 and 2.2.6:
+--
+
+Video output:
+ * Fix systematic green line on nvidia
+ * Fix direct3d SPU texture offsets handling
+
+Demuxer:
+ * Fix heap buffer overflows
+
 Changes between 2.2.5 and 2.2.5.1:
-
+--
 
 Security hardening for DLL hijacking environments
 
diff --git a/configure b/configure
index 57cbc4d5..c0ce4fb4 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for vlc 2.2.5.1.
+# Generated by GNU Autoconf 2.69 for vlc 2.2.6.
 #
 # Copyright 1999-2017 VLC authors and VideoLAN
 #
@@ -589,8 +589,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='vlc'
 PACKAGE_TARNAME='vlc'
-PACKAGE_VERSION='2.2.5.1'
-PACKAGE_STRING='vlc 2.2.5.1'
+PACKAGE_VERSION='2.2.6'
+PACKAGE_STRING='vlc 2.2.6'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -2532,7 +2532,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures vlc 2.2.5.1 to adapt to many kinds of systems.
+\`configure' configures vlc 2.2.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -2607,7 +2607,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
- short | recursive ) echo "Configuration of vlc 2.2.5.1:";;
+ short | recursive ) echo "Configuration of vlc 2.2.6:";;
esac
   cat <<\_ACEOF
 
@@ -3263,7 +3263,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-vlc configure 2.2.5.1
+vlc configure 2.2.6
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3976,7 +3976,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by vlc $as_me 2.2.5.1, which was
+It was created by vlc $as_me 2.2.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4327,8 +4327,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 VERSION_MAJOR=2
 VERSION_MINOR=2
-VERSION_REVISION=5
-VERSION_EXTRA=1
+VERSION_REVISION=6
+VERSION_EXTRA=0
 VERSION_DEV=
 
 PKGDIR="vlc"
@@ -4931,7 +4931,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='vlc'
- VERSION='2.2.5.1'
+ VERSION='2.2.6'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -53803,7 +53803,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by vlc $as_me 2.2.5.1, which was
+This file was extended by vlc $as_me 2.2.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES= $CONFIG_FILES
@@ -53869,7 +53869,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/&/g'`"
 ac_cs_version="\\
-vlc config.status 2.2.5.1
+vlc config.status 2.2.6
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index d3f8685d..235edf57 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,11 +2,11 @@ dnl Autoconf settings for vlc
 
 AC_COPYRIGHT([Copyright 1999-2017 VLC authors and VideoLAN])
 
-AC_INIT(vlc, 2.2.5.1)
+AC_INIT(vlc, 2.2.6)
 VERSION_MAJOR=2
 VERSION_MINOR=2
-VERSION_REVISION=5
-VERSION_EXTRA=1
+VERSION_REVISION=6
+VERSION_EXTRA=0
 VERSION_DEV=
 
 PKGDIR="vlc"
diff --git a/modules/demux/subtitle.c b/modules/demux/subtitle.c
index 1614e860..9f0b953e 100644
--- a/modules/demux/subtitle.c
+++ b/modules/demux/subtitle.c
@@ -2,7 +2,7 @@
  * subtitle.c: Demux for subtitle text files.
  *
  * Copyright (C) 1999-2007 VLC authors and VideoLAN
- * $Id: 3e790fd307ff08f92fd3b754863f7a91f34fd85f $
+ * $Id: c4402edfb9b9c02121b7037c4ae907a9eb914439 $
  *
  * Authors: Laurent Aimar 
  *  Derk-Jan Hartman 
@@ -1667,7 +1667,7 @@ static int ParseJSS( demux_t