pool/vlc
SHA256
17
0
Fork 2
Code Issues Pull Requests 1 Activity

Update VLC to version 3.0.23 to address CVE-2025-51602 #1

Open
dimstar wants to merge 7 commits from dimstar/vlc:factory into leap-16.0
pull from: dimstar/vlc:factory
merge into: pool:leap-16.0
Conversation 13 Commits 7 Files Changed 12 +190 -445
dimstar commented 2026-01-19 17:02:40 +01:00
First-time contributor
Copy Link

Update VLC to version 3.0.23 to address CVE-2025-51602

Update VLC to version 3.0.23 to address CVE-2025-51602
dimstar added 6 commits 2026-01-19 17:02:40 +01:00
Accepting request 1298149 from multimedia:libs 0da0a64aaa 
OBS-URL: https://build.opensuse.org/request/show/1298149
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vlc?expand=0&rev=155
Accepting request 1300988 from multimedia:libs f3e2b6924c 
Add missing req (forwarded request 1300984 from iznogood)

OBS-URL: https://build.opensuse.org/request/show/1300988
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vlc?expand=0&rev=156
Accepting request 1309761 from multimedia:libs 5a33ecb827 
- Pin to ffmpeg-7; even the master branch does not yet build
  against ffmpeg 8.

- Drop vcdimager-devel BuildRequires: Not needed nor used, vcd
  plugin is still built without it.

OBS-URL: https://build.opensuse.org/request/show/1309761
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vlc?expand=0&rev=157
Accepting request 1309917 from multimedia:libs 65e25898c1 
OBS-URL: https://build.opensuse.org/request/show/1309917
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vlc?expand=0&rev=158
Accepting request 1324814 from multimedia:libs 8367a42d4c 
- Update to version 3.0.22:
  + Core: Assume subpictures are in SDR by default
  + Decoders:
    * Fix Opus channel mapping
    * Fix hardware decoding with VideoToolbox of XVID MPEG-4 video
    * Add dav1d-all-layers option
    * Fix DVD CEA-608 captions parsing
    * Fix ProRes 4:4:4:4
    * Disable decoding using libdca, libmpeg2 and liba52 by default in favor of libavcodec
  + Demuxers:
    * Add support for DMX audio music (MUS) files
    * Handle mkv-use-chapter-codec option
    * Add A_ATRAC/AT1 support in matroska
    * Prevent FLAC seeking logic get stuck
    * Handle pictures in FLAC
    * Fix VOB/AOB LPCM/MLP detection failing occasionally
    * Cut QNap title on first invalid character
    * Fix display of certain JPEG files
    * Fix playback of very short ASF files (duration less than 1s)
    * Multiple fixes in MPEG-TS
    * Fix crashes in multiple demuxers (reported by rub.de, oss-fuzz and others)
  + Input: Fix SFTP seeking for large files on 32-bit OS
  + Interface:
    * Qt: Add option to use dark palette
    * Qt: Add compilation support for newer versions of Qt5
    * Qt: Fix scrolling on volume slider
    * KDE: fix MPRIS state when started from file
  + Service Discovery: UPnP: remove SAT>IP channel list fallback
  + Video Output:
    * Use a better stretch mode in wingdi

OBS-URL: https://build.opensuse.org/request/show/1324814
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vlc?expand=0&rev=159
Accepting request 1324890 from multimedia:libs e36e3cf3f2 
OBS-URL: https://build.opensuse.org/request/show/1324890
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vlc?expand=0&rev=160
autogits_workflow_pr_bot requested review from legaldb 2026-01-19 17:03:10 +01:00
autogits_workflow_pr_bot requested review from maintenance-release-review 2026-01-19 17:03:11 +01:00
autogits_workflow_pr_bot requested review from opensuse-review 2026-01-19 17:03:11 +01:00
opensuse-review commented 2026-01-19 17:03:38 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Submitter is member of this review group, hence they are excluded from being one of the reviewers here

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state. Submitter is member of this review group, hence they are excluded from being one of the reviewers here
dimstar changed title from factory to Update VLC to version 3.0.23 to address CVE-2025-51602 2026-01-19 17:06:29 +01:00
maintenance-release-review commented 2026-01-19 17:10:50 +01:00
First-time contributor
Copy Link

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @maintenance-release-review: approve.
To request changes on behalf of the group, create the following comment: @maintenance-release-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@maintenance-release-review: approve`. To request changes on behalf of the group, create the following comment: `@maintenance-release-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
legaldb commented 2026-01-19 17:14:52 +01:00
Member
Copy Link

Legal review in progress.

Legal review [in progress](https://legaldb.suse.de/reviews/details/498605).
report.md
2.7 KiB
rfrohl commented 2026-01-20 16:55:33 +01:00
First-time contributor
Copy Link

@dimstar The build fails because of unpackaged files, see for example
https://build.opensuse.org/package/live_build_log/openSUSE:Backports:SLE-16.0:PullRequest:339/vlc/standard/x86_64

@dimstar The build fails because of unpackaged files, see for example https://build.opensuse.org/package/live_build_log/openSUSE:Backports:SLE-16.0:PullRequest:339/vlc/standard/x86_64
oertel commented 2026-01-20 18:40:06 +01:00
First-time contributor
Copy Link

@opensuse-review : decline

package fails to build

@opensuse-review : decline package fails to build
opensuse-review requested changes 2026-01-20 18:49:49 +01:00
Dismissed
opensuse-review left a comment
Member
Copy Link

oertel requested changes on behalf of opensuse-review. See #1 (comment)

oertel requested changes on behalf of opensuse-review. See https://src.opensuse.org/pool/vlc/pulls/1#issuecomment-82310
dimstar added 1 commit 2026-01-23 09:36:54 +01:00
Accepting request 1328439 from multimedia:libs d235eba065 
- Explicitly pass --disable-postproc to configure to not have a
  difference between ffmpeg-7 and ffmpeg-8 builds.
- Change compression type of tarball to tar.xz: 3rd-party OBS
  instances build VLC also for older distros, which might not
  understand zstd compression.

OBS-URL: https://build.opensuse.org/request/show/1328439
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vlc?expand=0&rev=161
autogits_workflow_pr_bot requested review from opensuse-review 2026-01-23 09:37:33 +01:00
opensuse-review commented 2026-01-23 09:40:20 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Submitter is member of this review group, hence they are excluded from being one of the reviewers here

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state. Submitter is member of this review group, hence they are excluded from being one of the reviewers here
maintenance-release-review commented 2026-01-23 09:44:49 +01:00
First-time contributor
Copy Link

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @maintenance-release-review: approve.
To request changes on behalf of the group, create the following comment: @maintenance-release-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@maintenance-release-review: approve`. To request changes on behalf of the group, create the following comment: `@maintenance-release-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
legaldb commented 2026-01-23 09:54:03 +01:00
Member
Copy Link

Legal review in progress.

Legal review [in progress](https://legaldb.suse.de/reviews/details/500599).
report.md
2.7 KiB
legaldb commented 2026-01-23 10:24:19 +01:00
Member
Copy Link

Legal reviewed by dec16180 as acceptable_by_lawyer:

Reviewed ok
Legal reviewed by *dec16180* as [acceptable_by_lawyer](https://legaldb.suse.de/reviews/details/500599): ``` Reviewed ok ```
report.md
2.7 KiB
legaldb approved these changes 2026-01-23 10:24:19 +01:00
mstrigl commented 2026-01-23 10:46:19 +01:00
First-time contributor
Copy Link

@opensuse-review : approve

LGTM

@opensuse-review : approve LGTM
mstrigl commented 2026-01-23 10:46:19 +01:00
First-time contributor
Copy Link

merge ok

merge ok
opensuse-review approved these changes 2026-01-23 10:50:51 +01:00
opensuse-review left a comment
Member
Copy Link

mstrigl approved a review on behalf of opensuse-review

mstrigl approved a review on behalf of opensuse-review
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u factory:dimstar-factory
git checkout dimstar-factory
Sign in to join this conversation.
Reviewers
No Reviewers
maintenance-release-review
legaldb
opensuse-review
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
7 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/vlc#1
Delete Branch "dimstar/vlc:factory"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?