Re: ffmpeg 3.2.10 update
On Fri, Jan 26, 2018 at 05:13:54PM +, James Cowgill wrote: > Hi, > > I've pushed ffmpeg 3.2.10 here: > https://salsa.debian.org/multimedia-team/ffmpeg/tree/debian/stretch > > Since I've not been doing these updates before, what is the correct > procedure. Do I just upload it to security-master, or should I contact > the security team first? For ffmpeg (since it's following the 3.2.x series) uploading to security-master is fine (unless some update happens to provide changes in debian/ beyond the changelog, then please send us a debdiff). Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#871931: libvpx: CVE-2017-0641
On Sat, Aug 12, 2017 at 09:37:12PM +0200, Salvatore Bonaccorso wrote: > Hi > > On Sat, Aug 12, 2017 at 01:52:43PM -0400, Ondrej Novy wrote: > > Hi, > > > > we are already using: > > > > --size-limit=16384x16384 > > Yupp, I know that, I added that comment to the tracker. It's not clear > to me if we need to limit it quite further. The android approach is to > limit it to 4k frames. Mabe inded we shoult mark it as fixed for that > version where the size-limit was added (which should be 1.4.0-4. But > the size-limit to 16384x16384 was back in 2015 added to > mitigate/workaround CVE-2015-1258. So I suspect we will need to limit > it further. I think our build is perfectly fine in stretch. It's probably a bigger issue for libvpx as used by smart phones, but for a desktop build I don't think we shoudl modify the current defaults in stable (it might break existing setups even). I think we can mark this as unimportant and for buster follow upstream defaults. > cc'ing Moritz, who added libvpx to our DSA needed list on that > purpose. That was only for oldstable, sorry for the confusion. Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#806666: Should advene be removed?
reassign 80 ftp.debian.org retitle 80 RM: advene: depends on gstreamer 0.10 thanks On Sun, Dec 20, 2015 at 12:35:34PM +0100, Moritz Mühlenhoff wrote: > On Mon, Nov 30, 2015 at 02:42:07PM +0100, Olivier Aubert wrote: > > I am the upstream maintainer of Advene. The project is not abandoned, > > but the port to gtk3 + gstreamer 1.0 is not simply trivial, and needs > > more time than I can invest right now. It is still in my todo list, but > > it will not be ready for the next Debian release. > > > > It is indeed already removed from testing (see #785818). > > Ok, if it won't be fixed before the stretch release, then let's remove it > from unstable for now (it can be re-introduced once fixed upstream). > > We're also aiming for removal of the reverse dependencies from > unstable at this point. Reassignng to ftp.debian.org. advene can be reintroduced when it has been ported to gstreamer 1.0 Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#810251: guayadeque: Should this package be removed?
reassign 810251 ftp.debian.org retitle 810251 RM: guayadeque - depends on gstreamer 0.10m dead upstream thanks On Thu, Jan 07, 2016 at 05:48:35PM +0100, Moritz Muehlenhoff wrote: > Source: guayadeque > Severity: serious > > Should guayadeque be removed? It depends on gstreamer 0.10, which > is scheduled for removal and seems dead upstream. No objections in three weeks, reassigning to ftp.debian.org Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#785867: fixed in morituri 0.2.3-2
On Sun, Nov 29, 2015 at 06:04:42PM +, Jonas Smedegaard wrote: > Format: 1.8 > Date: Sun, 29 Nov 2015 18:04:59 +0100 > Source: morituri > Binary: morituri > Architecture: source all > Version: 0.2.3-2 > Distribution: experimental > Urgency: medium > Maintainer: Debian Multimedia Maintainers >> Changed-By: Jonas Smedegaard > Description: > morituri - CD ripper aiming for maximum quality > Closes: 774667 785867 > Changes: > morituri (0.2.3-2) experimental; urgency=medium Could you upload that to unstable now? Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#806666: Should advene be removed?
On Mon, Nov 30, 2015 at 02:42:07PM +0100, Olivier Aubert wrote: > I am the upstream maintainer of Advene. The project is not abandoned, > but the port to gtk3 + gstreamer 1.0 is not simply trivial, and needs > more time than I can invest right now. It is still in my todo list, but > it will not be ready for the next Debian release. > > It is indeed already removed from testing (see #785818). Ok, if it won't be fixed before the stretch release, then let's remove it from unstable for now (it can be re-introduced once fixed upstream). We're also aiming for removal of the reverse dependencies from unstable at this point. Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#795718: Don't include libav in stretch
On Tue, Aug 18, 2015 at 08:08:01PM +0200, Andreas Cadhalpun wrote: Hi Moritz, On 16.08.2015 14:27, Moritz Muehlenhoff wrote: It was decided to switch to ffmpeg for stretch and it's now in testing. Please remove libav from testing (or rather from unstable unless someone wants to continue to maintain it in unstable/experimental only) It has been planned to remove the libav source package from unstable, once the transition to ffmpeg is fully finished. Unfortunately this transition is currently blocked by two packages: * freerdp needs a new upstream version, but the maintainers are unresponsive. (#788557) * vtk6 still has old binaries using Libav in testing, because the uncoordinated vtk6.1 - vtk6.2 transition broke some of its reverese dependencies. (#793621) Ok, thanks. Let's wait until these are sorted out. Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#775866: vlc: multiple vulnerabilities
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote: * The potential invalid writes in modules/services_discovery/sap.c and modules/access/ftp.c were not fixed as I did not provide a trigger. Note, that the code looks very similar to the confirmed bug in rtp_packetize_xiph_config, and so I leave it to you to decide whether you want to patch this. These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact upstream for the status of an upstream fix? Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#732159: Should this package be removed?
On Sat, Dec 14, 2013 at 05:07:36PM -0500, Reinhard Tartler wrote: On Sat, Dec 14, 2013 at 4:28 PM, Moritz Muehlenhoff j...@debian.org wrote: Package: mplayer Severity: serious Should this package be removed? If so, please reassign to ftp.debian.org - Last upload nearly two years ago - FTBFS for a long time - Incompatible with current libav - Alternatives exist (mplayer2, mpv) I tend to agree, however please keep in mind that this also removes mencoder, for which no drop-in alternatives exist atm: Currently, two packages depend on mencoder, toonloop and photofilmstrip: Shall we go ahead with the removal now? toonloop has been removed from testing half a year ago and the last maintainer upload was two years ago and photofilmstrip is already removed from jessie since half a year. popcon is marginal for both. We can ask FTP masters to remove mplayer forcefully despite the remaining reverse deps. Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#711578: removing svgalib from the archive
On Thu, Oct 03, 2013 at 02:26:28PM +0200, Ansgar Burchardt wrote: severity 711578 serious severity 714025 serious tag 666490 - moreinfo thanks Hi, there are only two rdeps remaining that still depend on svgalib. Both had enough time to get updated and a patch available for some time. One of them (mplayer) FTBFS for months anyway (#708140). fpc just got fixed, so mplayer is the only remainder. Debian Multimedia maintainers, what about removing mplayer also from sid? There's mplayer2 and mpv as replacements and mplayer has already been dropped from jessie since a few months. Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Removal of mplayer from sid?
Hi, mplayer is already dropped from testing and now there's mpv in the archive with a leaner design (e.g. using libavformat instead of custom demuxers). Shall we go ahead with the removal from sid as well? Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#688847: libav: multiple CVEs in ffmpeg/libav
On Mon, Oct 15, 2012 at 05:38:37AM -0400, Reinhard Tartler wrote: None of these are merged into 0.5.x, has the code diverged so much? I arrived only today from my two week trip and will work on backports for 0.7-0.5 this week. Sorry for the delay. Merry christmas Reinhard, did you have a chance to work on this in the mean time? Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Re: Accepted x264 2:0.116.2037+gitf8ebd4a-1 (source amd64)
Format: 1.8 Date: Mon, 25 Jul 2011 19:37:52 -0400 Source: x264 Binary: x264 libx264-116 libx264-dev Architecture: source amd64 Version: 2:0.116.2037+gitf8ebd4a-1 Distribution: unstable Urgency: low Maintainer: Debian Multimedia Maintainers pkg-multimedia-maintainers@lists.alioth.debian.org Changed-By: Andres Mejia ame...@debian.org Description: libx264-116 - x264 video coding library libx264-dev - development files for libx264 x264 - video encoder for the H.264/MPEG-4 AVC standard Awesome! Thanks for Debian Multimedia Maintainers' persistence in getting this in the archive! Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#575600: ffmpeg: Please add ffmpeg-mt for multithreading support
On Sat, Mar 27, 2010 at 05:26:21PM +0100, Reinhard Tartler wrote: tags 575600 wontfix stop On Sa, Mar 27, 2010 at 16:07:28 (CET), Henri wrote: Subject: Please add ffmpeg-mt for multithreading support Package: ffmpeg Version: 4:0.5.1-3 Severity: wishlist ffmpeg-mt enabled mutithreaded decoding for ffmpeg. This is necesary for watch e.g. h264 movies with huge bitrates (+1kbit/s). ffmpeg-mt is currently located here: http://gitorious.org/ffmpeg/ffmpeg-mt Description on http://gitorious.org/ffmpeg/ffmpeg-mt: Experimental multithreaded decoding branch of FFmpeg, based on a project for Google SoC 2008. See mt-work/todo.txt for remaining tasks. Please consider adding it to the official repositories. thank you for you report. unfortunately, ffmpeg-mt is not really supported by ffmpeg upstream, and known to cause various regressions depending on the exact date of the snapshot. For these reason, I consider ffmpeg-mt unreasonable to package. ffmpeg-mt has been merged into ffmpeg mainline. I suppose the same will happen for libav (or has happened already?), so this should no longer be wontfix? Cheers, Moritz ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers