[Buildroot] [PATCH 1/1] package/vlc: security bump version to 3.0.12

[Buildroot] [PATCH 1/1] package/vlc: security bump version to 3.0.12

[Bernd Kuhls]

Removed patch which was applied upstream, removed md5 hash.

Security Bulletin: https://www.videolan.org/security/sb-vlc3012.html
Fixes CVE-2020-26664: https://nvd.nist.gov/vuln/detail/CVE-2020-26664

Added CPE_ID, cpe:2.3:a:videolan:vlc_media_player is a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Avideolan%3Avlc_media_player&status=FINAL

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 ...g-header-when-compiling-with-Qt-5.15.patch | 56 -------------------
 package/vlc/vlc.hash                          | 10 ++--
 package/vlc/vlc.mk                            |  4 +-
 3 files changed, 7 insertions(+), 63 deletions(-)
 delete mode 100644 package/vlc/0011-qt-fix-missing-header-when-compiling-with-Qt-5.15.patch

diff --git a/package/vlc/0011-qt-fix-missing-header-when-compiling-with-Qt-5.15.patch b/package/vlc/0011-qt-fix-missing-header-when-compiling-with-Qt-5.15.patch
deleted file mode 100644
index 1693511937..0000000000
--- a/package/vlc/0011-qt-fix-missing-header-when-compiling-with-Qt-5.15.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From a44d2f3aa6075fb6e63da75f84a257294d21d161 Mon Sep 17 00:00:00 2001
-From: Pierre Lamot <pierre@videolabs.io>
-Date: Wed, 27 May 2020 11:05:53 +0200
-Subject: [PATCH] qt: fix missing header when compiling with Qt 5.15
-
-Upstream bug report: https://trac.videolan.org/vlc/ticket/24882
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
-[backported upstream commit for modules/gui/qt/dialogs/plugins.cpp
- http://git.videolan.org/?p=vlc.git;a=patch;h=0e88143ed2fe8eedfa4d3afdafcd0df901644c1d
- the other two patches were proposed on the upstream bugtracker]
----
- modules/gui/qt/components/playlist/views.cpp | 1 +
- modules/gui/qt/dialogs/plugins.cpp           | 1 +
- modules/gui/qt/util/timetooltip.hpp          | 1 +
- 3 files changed, 3 insertions(+)
-
-diff --git a/modules/gui/qt/components/playlist/views.cpp b/modules/gui/qt/components/playlist/views.cpp
-index ecc6b9918d..d3fd76da1a 100644
---- a/modules/gui/qt/components/playlist/views.cpp
-+++ b/modules/gui/qt/components/playlist/views.cpp
-@@ -35,6 +35,7 @@
- #include <QMetaType>
- #include <QHeaderView>
- #include <QSvgRenderer>
-+#include <QPainterPath>
- 
- #include <assert.h>
- 
-diff --git a/modules/gui/qt/dialogs/plugins.cpp b/modules/gui/qt/dialogs/plugins.cpp
-index 93c92b9fa6..e05ec0594a 100644
---- a/modules/gui/qt/dialogs/plugins.cpp
-+++ b/modules/gui/qt/dialogs/plugins.cpp
-@@ -66,6 +66,7 @@
- #include <QSplitter>
- #include <QToolButton>
- #include <QStackedWidget>
-+#include <QPainterPath>
- 
- //match the image source (width/height)
- #define SCORE_ICON_WIDTH_SCALE 4
-diff --git a/modules/gui/qt/util/timetooltip.hpp b/modules/gui/qt/util/timetooltip.hpp
-index b6d7c646c9..f213eac459 100644
---- a/modules/gui/qt/util/timetooltip.hpp
-+++ b/modules/gui/qt/util/timetooltip.hpp
-@@ -25,6 +25,7 @@
- #include "qt.hpp"
- 
- #include <QWidget>
-+#include <QPainterPath>
- 
- class TimeTooltip : public QWidget
- {
--- 
-2.27.0
-
diff --git a/package/vlc/vlc.hash b/package/vlc/vlc.hash
index 7775e449f4..f404cbf335 100644
--- a/package/vlc/vlc.hash
+++ b/package/vlc/vlc.hash
@@ -1,9 +1,7 @@
-# From https://get.videolan.org/vlc/3.0.11/vlc-3.0.11.tar.xz.sha256
-sha256  3e94a1acf33445e9da15d528aa48657aa26b912eaa2656b403d43860a8834919  vlc-3.0.11.tar.xz
-# From https://get.videolan.org/vlc/3.0.11/vlc-3.0.11.tar.xz.sha1
-sha1  66d377a2f24b6b865d5c56530e10d84b8262b46c  vlc-3.0.11.tar.xz
-# From https://get.videolan.org/vlc/3.0.11/vlc-3.0.11.tar.xz.md5
-md5  7e68f9e2d307eb7cc16e7345cda9e978  vlc-3.0.11.tar.xz
+# From https://get.videolan.org/vlc/3.0.12/vlc-3.0.12.tar.xz.sha256
+sha256  eff458f38a92126094f44f2263c2bf2c7cdef271b48192d0fe7b1726388cf879  vlc-3.0.12.tar.xz
+# From https://get.videolan.org/vlc/3.0.12/vlc-3.0.12.tar.xz.sha1
+sha1  39ef414a07202ec6569acda4c5d91e8576d453bf  vlc-3.0.12.tar.xz
 # Locally computed
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
index 23dcc5d46f..6ee80fd45a 100644
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -4,11 +4,13 @@
 #
 ################################################################################
 
-VLC_VERSION = 3.0.11
+VLC_VERSION = 3.0.12
 VLC_SITE = https://get.videolan.org/vlc/$(VLC_VERSION)
 VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
 VLC_LICENSE = GPL-2.0+, LGPL-2.1+
 VLC_LICENSE_FILES = COPYING COPYING.LIB
+VLC_CPE_ID_VENDOR = videolan
+VLC_CPE_ID_NAME = vlc_media_player
 VLC_DEPENDENCIES = host-pkgconf
 VLC_AUTORECONF = YES
 
-- 
2.29.2

[Buildroot] [PATCH 1/1] package/vlc: security bump version to 3.0.12

[Thomas Petazzoni]

On Wed, 20 Jan 2021 08:39:00 +0100
Bernd Kuhls <bernd.kuhls@t-online.de> wrote:

> Removed patch which was applied upstream, removed md5 hash.
> 
> Security Bulletin: https://www.videolan.org/security/sb-vlc3012.html
> Fixes CVE-2020-26664: https://nvd.nist.gov/vuln/detail/CVE-2020-26664
> 
> Added CPE_ID, cpe:2.3:a:videolan:vlc_media_player is a valid CPE
> identifier for this package:
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Avideolan%3Avlc_media_player&status=FINAL
> 
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
>  ...g-header-when-compiling-with-Qt-5.15.patch | 56 -------------------
>  package/vlc/vlc.hash                          | 10 ++--
>  package/vlc/vlc.mk                            |  4 +-
>  3 files changed, 7 insertions(+), 63 deletions(-)
>  delete mode 100644 package/vlc/0011-qt-fix-missing-header-when-compiling-with-Qt-5.15.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 1/1] package/vlc: security bump version to 3.0.12

[Peter Korsgaard]

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > Removed patch which was applied upstream, removed md5 hash.
 > Security Bulletin: https://www.videolan.org/security/sb-vlc3012.html
 > Fixes CVE-2020-26664: https://nvd.nist.gov/vuln/detail/CVE-2020-26664

 > Added CPE_ID, cpe:2.3:a:videolan:vlc_media_player is a valid CPE
 > identifier for this package:
 > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Avideolan%3Avlc_media_player&status=FINAL

 > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/1] package/vlc: security bump version to 3.0.12

[Thomas Petazzoni]

On Fri, 22 Jan 2021 09:40:19 +0100
Peter Korsgaard <peter@korsgaard.com> wrote:

> >>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:  
> 
>  > Removed patch which was applied upstream, removed md5 hash.
>  > Security Bulletin: https://www.videolan.org/security/sb-vlc3012.html
>  > Fixes CVE-2020-26664: https://nvd.nist.gov/vuln/detail/CVE-2020-26664  
> 
>  > Added CPE_ID, cpe:2.3:a:videolan:vlc_media_player is a valid CPE
>  > identifier for this package:
>  > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Avideolan%3Avlc_media_player&status=FINAL  
> 
>  > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>  
> 
> Committed to 2020.02.x and 2020.11.x, thanks.

Regarding the backport to 2020.02.x/2020.11.x, I almost asked Bernd to
change the patch to split the version bump from the CPE information
addition. Indeed, the CPE information added by this patch doesn't make
much sense in the context of 2020.02.x.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 1/1] package/vlc: security bump version to 3.0.12

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:

 > On Fri, 22 Jan 2021 09:40:19 +0100
 > Peter Korsgaard <peter@korsgaard.com> wrote:

 >> >>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:  
 >> 
 >> > Removed patch which was applied upstream, removed md5 hash.
 >> > Security Bulletin: https://www.videolan.org/security/sb-vlc3012.html
 >> > Fixes CVE-2020-26664: https://nvd.nist.gov/vuln/detail/CVE-2020-26664  
 >> 
 >> > Added CPE_ID, cpe:2.3:a:videolan:vlc_media_player is a valid CPE
 >> > identifier for this package:
 >> > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Avideolan%3Avlc_media_player&status=FINAL
 >> 
 >> > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>  
 >> 
 >> Committed to 2020.02.x and 2020.11.x, thanks.

 > Regarding the backport to 2020.02.x/2020.11.x, I almost asked Bernd to
 > change the patch to split the version bump from the CPE information
 > addition. Indeed, the CPE information added by this patch doesn't make
 > much sense in the context of 2020.02.x.

No, but it also doesn't really hurt and leaving it in makes it less
likely to give merge conflicts in the future, so that is what I did.

-- 
Bye, Peter Korsgaard