Re: ffmpeg 3.2.10 update

2018-01-27 Thread Moritz Mühlenhoff 
On Fri, Jan 26, 2018 at 05:13:54PM +, James Cowgill wrote:
> Hi,
> 
> I've pushed ffmpeg 3.2.10 here:
> https://salsa.debian.org/multimedia-team/ffmpeg/tree/debian/stretch
> 
> Since I've not been doing these updates before, what is the correct
> procedure. Do I just upload it to security-master, or should I contact
> the security team first?

For ffmpeg (since it's following the 3.2.x series) uploading to
security-master is fine (unless some update happens to provide
changes in debian/ beyond the changelog, then please send us a
debdiff).

Cheers,
Moritz



___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#871931: libvpx: CVE-2017-0641

2017-08-12 Thread Moritz Mühlenhoff 
On Sat, Aug 12, 2017 at 09:37:12PM +0200, Salvatore Bonaccorso wrote:
> Hi
> 
> On Sat, Aug 12, 2017 at 01:52:43PM -0400, Ondrej Novy wrote:
> > Hi,
> > 
> > we are already using:
> > 
> > --size-limit=16384x16384
> 
> Yupp, I know that, I added that comment to the tracker. It's not clear
> to me if we need to limit it quite further. The android approach is to
> limit it to 4k frames. Mabe inded we shoult mark it as fixed for that
> version where the size-limit was added (which should be 1.4.0-4. But
> the size-limit to 16384x16384  was back in 2015 added to
> mitigate/workaround CVE-2015-1258. So I suspect we will need to limit
> it further.

I think our build is perfectly fine in stretch. It's probably a bigger
issue for libvpx as used by smart phones, but for a desktop build
I don't think we shoudl modify the current defaults in stable (it might
break existing setups even).

I think we can mark this as unimportant and for buster follow upstream
defaults.

> cc'ing Moritz, who added libvpx to our DSA needed list on that
> purpose.

That was only for oldstable, sorry for the confusion.

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#806666: Should advene be removed?

2016-01-29 Thread Moritz Mühlenhoff 
reassign 80 ftp.debian.org
retitle 80 RM: advene: depends on gstreamer 0.10
thanks

On Sun, Dec 20, 2015 at 12:35:34PM +0100, Moritz Mühlenhoff wrote:
> On Mon, Nov 30, 2015 at 02:42:07PM +0100, Olivier Aubert wrote:
> > I am the upstream maintainer of Advene. The project is not abandoned,
> > but the port to gtk3 + gstreamer 1.0 is not simply trivial, and needs
> > more time than I can invest right now. It is still in my todo list, but
> > it will not be ready for the next Debian release.
> > 
> > It is indeed already removed from testing (see #785818).
> 
> Ok, if it won't be fixed before the stretch release, then let's remove it
> from unstable for now (it can be re-introduced once fixed upstream).
> 
> We're also aiming for removal of the reverse dependencies from
> unstable at this point.

Reassignng to ftp.debian.org. advene can be reintroduced when it has
been ported to gstreamer 1.0

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#810251: guayadeque: Should this package be removed?

2016-01-27 Thread Moritz Mühlenhoff 
reassign 810251 ftp.debian.org
retitle 810251 RM: guayadeque - depends on gstreamer 0.10m dead upstream
thanks

On Thu, Jan 07, 2016 at 05:48:35PM +0100, Moritz Muehlenhoff wrote:
> Source: guayadeque
> Severity: serious
> 
> Should guayadeque be removed? It depends on gstreamer 0.10, which
> is scheduled for removal and seems dead upstream.

No objections in three weeks, reassigning to ftp.debian.org

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#785867: fixed in morituri 0.2.3-2

2016-01-07 Thread Moritz Mühlenhoff 
On Sun, Nov 29, 2015 at 06:04:42PM +, Jonas Smedegaard wrote:
> Format: 1.8
> Date: Sun, 29 Nov 2015 18:04:59 +0100
> Source: morituri
> Binary: morituri
> Architecture: source all
> Version: 0.2.3-2
> Distribution: experimental
> Urgency: medium
> Maintainer: Debian Multimedia Maintainers 
> 
> Changed-By: Jonas Smedegaard 
> Description:
>  morituri   - CD ripper aiming for maximum quality
> Closes: 774667 785867
> Changes:
>  morituri (0.2.3-2) experimental; urgency=medium

Could you upload that to unstable now?

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#806666: Should advene be removed?

2015-12-20 Thread Moritz Mühlenhoff 
On Mon, Nov 30, 2015 at 02:42:07PM +0100, Olivier Aubert wrote:
> I am the upstream maintainer of Advene. The project is not abandoned,
> but the port to gtk3 + gstreamer 1.0 is not simply trivial, and needs
> more time than I can invest right now. It is still in my todo list, but
> it will not be ready for the next Debian release.
> 
> It is indeed already removed from testing (see #785818).

Ok, if it won't be fixed before the stretch release, then let's remove it
from unstable for now (it can be re-introduced once fixed upstream).

We're also aiming for removal of the reverse dependencies from
unstable at this point.

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#795718: Don't include libav in stretch

2015-08-19 Thread Moritz Mühlenhoff 
On Tue, Aug 18, 2015 at 08:08:01PM +0200, Andreas Cadhalpun wrote:
 Hi Moritz,
 
 On 16.08.2015 14:27, Moritz Muehlenhoff wrote:
  It was decided to switch to ffmpeg for stretch and it's now in
  testing.
  
  Please remove libav from testing (or rather from unstable unless
  someone wants to continue to maintain it in unstable/experimental
  only)
 
 It has been planned to remove the libav source package from unstable,
 once the transition to ffmpeg is fully finished.
 Unfortunately this transition is currently blocked by two packages:
  * freerdp needs a new upstream version, but the maintainers are
unresponsive. (#788557)
  * vtk6 still has old binaries using Libav in testing, because
the uncoordinated vtk6.1 - vtk6.2 transition broke some
of its reverese dependencies. (#793621)

Ok, thanks. Let's wait until these are sorted out.

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#775866: vlc: multiple vulnerabilities

2015-01-26 Thread Moritz Mühlenhoff 
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote:
 * The potential invalid writes in modules/services_discovery/sap.c and
   modules/access/ftp.c were not fixed as I did not provide a
   trigger. Note, that the code looks very similar to the confirmed bug
   in rtp_packetize_xiph_config, and so I leave it to you to decide
   whether you want to patch this.

These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact
upstream for the status of an upstream fix?

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#732159: Should this package be removed?

2014-02-16 Thread Moritz Mühlenhoff 
On Sat, Dec 14, 2013 at 05:07:36PM -0500, Reinhard Tartler wrote:
 On Sat, Dec 14, 2013 at 4:28 PM, Moritz Muehlenhoff j...@debian.org wrote:
  Package: mplayer
  Severity: serious
 
  Should this package be removed? If so, please reassign to ftp.debian.org
 
  - Last upload nearly two years ago
  - FTBFS for a long time
  - Incompatible with current libav
  - Alternatives exist (mplayer2, mpv)
 
 I tend to agree, however please keep in mind that this also removes
 mencoder, for which no drop-in alternatives exist atm: Currently, two
 packages depend on mencoder, toonloop and photofilmstrip:

Shall we go ahead with the removal now?

toonloop has been removed from testing half a year ago and the last
maintainer upload was two years ago and photofilmstrip is already
removed from jessie since half a year. popcon is marginal for both.

We can ask FTP masters to remove mplayer forcefully despite the
remaining reverse deps.

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#711578: removing svgalib from the archive

2013-10-07 Thread Moritz Mühlenhoff 
On Thu, Oct 03, 2013 at 02:26:28PM +0200, Ansgar Burchardt wrote:
 severity 711578 serious
 severity 714025 serious
 tag 666490 - moreinfo
 thanks
 
 Hi,
 
 there are only two rdeps remaining that still depend on svgalib. Both
 had enough time to get updated and a patch available for some time.
 One of them (mplayer) FTBFS for months anyway (#708140).

fpc just got fixed, so mplayer is the only remainder.

Debian Multimedia maintainers, what about removing mplayer also from sid? 
There's mplayer2 and mpv as replacements and mplayer has already been dropped
from jessie since a few months.

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Removal of mplayer from sid?

2013-09-09 Thread Moritz Mühlenhoff 
Hi,
mplayer is already dropped from testing and now there's mpv
in the archive with a leaner design (e.g. using libavformat
instead of custom demuxers).

Shall we go ahead with the removal from sid as well?

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#688847: libav: multiple CVEs in ffmpeg/libav

2012-12-25 Thread Moritz Mühlenhoff 
On Mon, Oct 15, 2012 at 05:38:37AM -0400, Reinhard Tartler wrote:
  None of these are merged into 0.5.x, has the code diverged so much?
 
 I arrived only today from my two week trip and will work on backports
 for 0.7-0.5 this week. Sorry for the delay.

Merry christmas Reinhard,

did you have a chance to work on this in the mean time?

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Re: Accepted x264 2:0.116.2037+gitf8ebd4a-1 (source amd64)

2011-07-26 Thread Moritz Mühlenhoff 

 Format: 1.8
 Date: Mon, 25 Jul 2011 19:37:52 -0400
 Source: x264
 Binary: x264 libx264-116 libx264-dev
 Architecture: source amd64
 Version: 2:0.116.2037+gitf8ebd4a-1
 Distribution: unstable
 Urgency: low
 Maintainer: Debian Multimedia Maintainers 
 pkg-multimedia-maintainers@lists.alioth.debian.org
 Changed-By: Andres Mejia ame...@debian.org
 Description: 
  libx264-116 - x264 video coding library
  libx264-dev - development files for libx264
  x264   - video encoder for the H.264/MPEG-4 AVC standard

Awesome! Thanks for Debian Multimedia Maintainers' persistence in 
getting this in the archive!

Cheers,
Moritz

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#575600: ffmpeg: Please add ffmpeg-mt for multithreading support

2011-04-23 Thread Moritz Mühlenhoff 
On Sat, Mar 27, 2010 at 05:26:21PM +0100, Reinhard Tartler wrote:
 tags 575600 wontfix
 stop
 
 On Sa, Mar 27, 2010 at 16:07:28 (CET), Henri wrote:
 
  Subject: Please add ffmpeg-mt for multithreading support
  Package: ffmpeg
  Version: 4:0.5.1-3
  Severity: wishlist
 
  ffmpeg-mt enabled mutithreaded decoding for ffmpeg. This is necesary for
  watch e.g. h264 movies with huge bitrates (+1kbit/s).
  ffmpeg-mt is currently located here: http://gitorious.org/ffmpeg/ffmpeg-mt
 
  Description on http://gitorious.org/ffmpeg/ffmpeg-mt:
  Experimental multithreaded decoding branch of FFmpeg, based on a project
  for Google SoC 2008. See mt-work/todo.txt for remaining tasks.
 
  Please consider adding it to the official repositories.
 
 thank you for you report.
 
 unfortunately, ffmpeg-mt is not really supported by ffmpeg upstream, and
 known to cause various regressions depending on the exact date of the
 snapshot. For these reason, I consider ffmpeg-mt unreasonable to
 package.

ffmpeg-mt has been merged into ffmpeg mainline. I suppose the same will
happen for libav (or has happened already?), so this should no longer
be wontfix?

Cheers,
Moritz



___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers