An update that fixes 12 vulnerabilities is now available.
Description:
This update for vlc fixes the following issues:
vlc was updated to version 3.0.9.2:
Changes from version 3.0.9.1:
- Misc: Fix VLSub returning 401 for earch request.
Changes from version 3.0.9:
- Core: Work around busy looping when playing an invalid item through VLM.
- Access:
- Multiple dvdread and dvdnav crashs fixes
- Fixed DVD glitches on clip change
- Fixed dvdread commands/data sequence inversion in some cases causing
unwanted glitches
- Better handling of authored as corrupted DVD
- Added libsmb2 support for SMB2/3 shares
- Demux:
- Fix TTML entities not passed to decoder
- Fixed some WebVTT styling tags being not applied
- Misc raw H264/HEVC frame rate fixes
- Fix adaptive regression on TS format change (mostly HLS)
- Fixed MP4 regression with twos/sowt PCM audio
- Fixed some MP4 raw quicktime and ms-PCM audio
- Fixed MP4 interlacing handling
- Multiple adaptive stack (DASH/HLS/Smooth) fixes
- Enabled Live seeking for HLS
- Fixed seeking in some cases for HLS
- Improved Live playback for Smooth and DASH
- Fixed adaptive unwanted end of stream in some cases
- Faster adaptive start and new buffering control options
- Packetizers:
- Fixes H264/HEVC incomplete draining in some cases
- packetizer_helper: Fix potential trailing junk on last packet
- Added missing drain in packetizers that was causing missing last frame
or audio
- Improved check to prevent fLAC synchronization drops
- Decoder:
- avcodec: revector video decoder to fix incomplete drain
- spudec: implemented palette updates, fixing missing subtitles
on some DVD
- Fixed WebVTT CSS styling not being applied on Windows/macOS
- Fixed Hebrew teletext pages support in zvbi
- Fixed Dav1d aborting decoding on corrupted picture
- Extract and display of all CEA708 subtitles
- Update libfaad to 2.9.1
- Add DXVA support for VP9 Profile 2 (10 bits)
- Mediacodec aspect ratio with Amazon devices
- Audio output:
- Added support for iOS audiounit audio above 48KHz
- Added support for amem audio up to 384KHz
- Video output:
- Fix for opengl glitches in some drivers
- Fix GMA950 opengl support on macOS
- YUV to RGB StretchRect fixes with NVIDIA drivers
- Use libpacebo new tone mapping desaturation algorithm
- Text renderer:
- Fix crashes on macOS with SSA/ASS subtitles containing emoji
- Fixed unwanted growing background in Freetype rendering and Y padding
- Mux: Fixed some YUV mappings
- Service Discovery: Update libmicrodns to 0.1.2.
- Misc:
- Update YouTube, SoundCloud and Vocaroo scripts: this restores playback
of YouTube URLs.
- Add missing .wpl & .zpl file associations on Windows
- Improved chromecast audio quality
Update to version 3.0.8 ‘vetinari’:
- Fix stuttering for low framerate videos
- Improve adaptive streaming
- Improve audio output for external audio devices on macOS/iOS
- Fix hardware acceleration with Direct3D11 for some AMD drivers
- Fix WebVTT subtitles rendering
- Vetinari is a major release changing a lot in the media engine of VLC.
It is one of the largest release we’ve ever done. Notably, it:
- activates hardware decoding on all platforms, of H.264 & H.265, 8 &
10bits, allowing 4K60 or even 8K decoding with little CPU consumption,
- merges all the code from the mobile ports into the same codebase with
common numbering and releases,
- supports 360 video and 3D audio, and prepares for VR content,
- supports direct HDR and HDR tone-mapping,
- updates the audio passthrough for HD Audio codecs,
- allows browsing of local network drives like SMB, FTP, SFTP, NFS…
- stores the passwords securely,
- brings a new subtitle rendering engine, supporting ComplexTextLayout
and font fallback to support multiple languages and fonts,
- supports ChromeCast with the new renderer framework,
- adds support for numerous new formats and codecs, including WebVTT,
AV1, TTML, HQX, 708, Cineform, and many more,
- improves Bluray support with Java menus, aka BD-J,
- updates the macOS interface with major cleaning and improvements,
- support HiDPI UI on Windows, with the switch to Qt5,
- prepares the experimental support for Wayland on Linux, and switches
to OpenGL by default on Linux.
- Security fixes included:
- Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
- Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
- Fix a read buffer overflow in the FAAD decoder
- Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
CVE-2019-14438)
- Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
- Fix a use after free in the MKV demuxer (CVE-2019-14777,
CVE-2019-14778)
- Fix a use after free in the ASF demuxer (CVE-2019-14533)
- Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
- Fix a null dereference in the dvdnav demuxer
- Fix a null dereference in the ASF demuxer (CVE-2019-14534)
- Fix a null dereference in the AVI demuxer
- Fix a division by zero in the CAF demuxer (CVE-2019-14498)
- Fix a division by zero in the ASF demuxer (CVE-2019-14535)
-
Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet
available.
-
Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around
some image loading libraries (libpng, libjpeg, …) which are either
wrapped by vlc itself (libpng_plugin.so) or via libavcodec
(libavcodec_plugin.so).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: