Day: October 18, 2012

Finally, VLC 2.0.4

October 18, 2012 / alienbob / 23 Comments

The fifth release in the “TwoFlower” series of the VLC media player is ready. Version 2.0.4 is said to be “a major update that fixes a lot of regressions, issues and security issues in this branch. It introduces Opus support, improves Youtube, Vimeo streams and Blu-Ray dics support. It also fixes many issues in playback, notably on Ogg and MKV playback and audio device selections and a hundred of other bugs.” – quoting the VideoLAN news page.

You can find some additional information on the release notes page. There I saw the new “ogg opus” support mentioned for the first time. OggOpus is a low-latency audio codec optimized for both voice and general-purpose audio. This was new to me so it did not get added to this set of Slackware VLC packages. I promise I will see if I can include it in my next set of packages. The new release also has fixed the playback of Youtube videos. Google changes its Youtube access protocol regularly, probably in an attempt to frustrate non-official ways of watching their videos. Luckily the Youtube video support is implemented as a Lua script so even for the older VLC 2.0.3 package, I was able to fix it without much effort a few weeks ago by downloading an updated youtube.lua file from the source code repository.

Again, it took quite a while to get a new version of VLC stamped and the sources released to the public. Judging from the discussions on IRC, the developer team seem to have a fundamental internal disagreement about how to set goals for a release. It is obvious (if you read between the lines of the release notes) that the focus of the development effort between 2.0.3 and 2.0.4 has been on the Windows and Mac platforms with additional focus on the new Android platform (did you try the Android app yet? I like it). This does not mean that there is nothing new to report for the Linux users. The number of general improvements is equally impressive. There is also talk of “security fixes” but so far I was not able to find a CVE reference.

I have been making preparations for the compilation of new VLC packages a while ago. Remember that I have to create 8 VLC packages when VideoLAN developers release a new version of their player (two Slackware releases, two architectures per release, and then restricted/unrestricted versions of each) so I use tarballs of pre-compiled “contribs” binaries to speed up the process. The contribs (which is how VideoLAN calls them) are actually the set of supporting libraries which provide the real functionality in VLC – playback, encoding, hardware support, etc. I compiled a set of these contribs two weeks ago for Slackware 14, and more than a month ago for Slackware 13.37. Several of those internal supporting libraries were updated with regard to my previous vlc-2.0.3 packages: Shout, aacenc, amrwbenc, amr, lua, upnp, v4l, x264; and for Slackware 14.0 I added two more: ffmpeg and live555.

A further update to the vlc.SlackBuild (only relevant should you attempt to rebuild VLC from source) is the fact that it no longer needs to compile and use an internal Mozilla SDK. Slackware’s own seamonkey package in 14.0 (and the version of seamonkey for Slackware 13.37 which you can install from its/patches/packages directory) is now capable of compiling the Mozilla-compatible webbrowser plugin package “npapi-vlc”. Not having to compile the Mozilla SDK speeds up the total build time a lot.

One remark about npapi-vlc: I still use the 2.0.0 release tarball since that is the most recent one that you can download. However, a version 2.0.2 was tagged in the source repository a few months ago. It’s just that the developer did not create an official tarball for that, and therefore I stick to the older version.

The release notes speak of improved BluRay support in this release. Note that the BluRay support in VLC (at least in my package) works only for unencrypted disks… and I do not think these exist actually. But extracted unencrypted BluRay files on your hard drive should playback just fine. Playback of encrypted BluRay DVD’s requires that you also install my libaacs package: http://slackware.com/~alien/slackbuilds/libaacs or http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/libaacs/) and find yourself a set of AACS decryption keys (see these comments for some hints on that).

Time to download the new VLC packages:

http://slackware.com/~alien/slackbuilds/vlc/ (only containing the versions that do not violate US patents). Mirrored at http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/vlc/ .
http://taper.alienbase.nl/mirrors/people/alien/restricted_slackbuilds/vlc/ (alternative repository containing packages capable of AAC/MP3 encoding).

Rsync acccess is offered by the mirror server: rsync://taper.alienbase.nl/mirrors/people/alien/restricted_slackbuilds/vlc/ .

My usual warning about patents: versions that can not only DEcode but also ENcode mp3 and aac audio can be found in my alternative repository where I keep the packages containing code that might violate stupid US software patents.

Have fun! Eric

OpenJDK 7 Update 9 with IcedTea 2.3.3 fixes security flaws

October 18, 2012 / alienbob / 11 Comments

Shortly after Oracle released its own Update 9 for Java7, there was a similar update from the IcedTea team. New releases of IcedTea for OpenJDK6 and OpenJDK7 fix several critical security bugs. The version of IcedTea which I use (2.3.3) builds a OpenJDK 7 Update 9 package.

I also wanted to inform you about the relevant blog post from one of the main developers: GNU.Andrew (Andrew John Hughes from Redhat). His blog site was down – and it had been down for weeks – but it is available again. Unfortunately there is no news to be found there yet.

The list with security fixes in the IcedTea 2.3.3 build of OpenJDK is impressive:

  - S6631398, CVE-2012-3216: FilePermission improved path checking
  - S7093490: adjust package access in rmiregistry
  - S7143535, CVE-2012-5068: ScriptEngine corrected permissions
  - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp
  - S7158807: Revise stack management with volatile call sites
  - S7163198, CVE-2012-5076: Tightened package accessibility
  - S7167656, CVE-2012-5077: Multiple Seeders are being created
  - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types
  - S7169887, CVE-2012-5074: Tightened package accessibility
  - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector
  - S7172522, CVE-2012-5072: Improve DomainCombiner checking
  - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC
  - S7189103, CVE-2012-5069: Executors needs to maintain state
  - S7189490: More improvements to DomainCombiner checking
  - S7189567, CVE-2012-5085: java net obselete protocol
  - S7192975, CVE-2012-5071: Issue with JMX reflection
  - S7195194, CVE-2012-5084: Better data validation for Swing
  - S7195549, CVE-2012-5087: Better bean object persistence
  - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved
  - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance
  - S7196190, CVE-2012-5088: Improve method of handling MethodHandles
  - S7198296, CVE-2012-5089: Refactor classloader usage
  - S7158800: Improve storage of symbol tables
  - S7158801: Improve VM CompileOnly option
  - S7158804: Improve config file parsing
  - S7198606, CVE-2012-4416: Improve VM optimization

So I guess it is good to upgrade fast! Get my packages (Slackware 13,37 and newer) for OpenJDK 7u9_b30 here:

http://slackware.com/~alien/slackbuilds/openjdk/ , the primary location (but slow)
http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast mirror

Further packages that are recommended/required:

Optional: If you want a Java browser-plugin you must install icedtea-web (OpenJDK itself does not contain such a plugin).
Required: The rhino package is a dependency of the openjdk/openjre package. It contains the JavaScript engine for OpenJDK.

I will repeat these notes:

You need to install either the JRE or the JDK package. Not both of them! If you are not a Java developer and never compile Java code, then you do not need the openjdk package and it will be sufficient to install the (smaller) openjre package instead.
If you are migrating to OpenJDK after having used Oracle’s Java binaries, make sure that you have removed both “jre” and “jdk” packages. Run a command like “removepkg /var/log/packages/jdk-* ; removepkg /var/log/packages/jre-*” to get rid of both. Then install the openjdk or openjre package. Logout and log back in after this package removal/installation, so that you will get the proper Java environment.
Test your java browser plugin online: http://javatester.org/version.html or http://www.java.com/en/download/testjava.jsp .

Good luck! Eric

October 2012
M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

SlackBuilds.org changes for Sat, 13 Apr 2024 15:04:57 GMT
academic/WolframEngine: Updated for version 14.0.0. academic/fet: Updated for version 6.19.3. academic/plus42: Updated for version 1.1.9. academic/scidavis: Fix building on -current. audio/cardinal: Fix 32bit tarball handling. audio/cardinal: Updated for version 24.04. desktop/i3: Updated for version 4.23. desktop/nwg-hello: Updated for version 0.1.9. development/Catch2: Fix multilib check. development/Catch2: Updated for version 3.5.3. development/THE: Fix DOWNLOAD. development/THE: Updated for […]

Day: October 18, 2012

Finally, VLC 2.0.4

OpenJDK 7 Update 9 with IcedTea 2.3.3 fixes security flaws

About this blog

Sponsoring

Categories

Subscribe to Blog via Email

My Favourites

Online me

Slackware

Calendar

slackbuilds

multilib

Slackware64-current

SBo

Meta

Top Posts & Pages

Recent posts

Recent comments