Bug 12613 - Update request for xbmc, to 12.3 (mga3+mga4)
Summary: Update request for xbmc, to 12.3 (mga3+mga4)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32...
Keywords: Security, validated_update
Depends on:
Blocks: 11149
  Show dependency treegraph
 
Reported: 2014-02-05 17:30 CET by Anssi Hannula
Modified: 2014-02-16 14:45 CET (History)
6 users (show)

See Also:
Source RPM: xbmc
CVE: CVE-2013-1438
Status comment:


Attachments

Description Anssi Hannula 2014-02-05 17:30:33 CET
Advisory:
============
XBMC 12.3 contains fixes to various issues, including:
- several PVR related bugs
- memory leaks
- audio channel mapping
- possible crash on progress dialog
and more. This is a bugfix-only release.

Additionally, this update fixes a compatibility issue on Mageia 4 affecting AC-3 transcoding for S/PDIF, which prevented, for example, multichannel playback of AAC 5.1 files over S/PDIF.

The PVR addons have also been updated.

References:
http://xbmc.org/xbmc-12-3-frodo-fixes/
============

XBMC 12.3 packages are in mga3+mga4 core/updates_testing.

Source packages:
xbmc-12.3-1.mga3
xbmc-12.3-1.mga4

Binary packages:
xbmc-12.3-1.mga3
xbmc-eventclient-j2me-12.3-1.mga3
xbmc-eventclient-ps3-12.3-1.mga3
xbmc-eventclients-common-12.3-1.mga3
xbmc-eventclients-devel-12.3-1.mga3
xbmc-eventclient-wiiremote-12.3-1.mga3
xbmc-eventclient-xbmc-send-12.3-1.mga3
xbmc-12.3-1.mga4
xbmc-eventclient-j2me-12.3-1.mga4
xbmc-eventclient-ps3-12.3-1.mga4
xbmc-eventclients-common-12.3-1.mga4
xbmc-eventclients-devel-12.3-1.mga4
xbmc-eventclient-wiiremote-12.3-1.mga4
xbmc-eventclient-xbmc-send-12.3-1.mga4
Manuel Hiebel 2014-02-05 22:37:18 CET

Whiteboard: (none) => MGA3TOO

Comment 1 Manuel Hiebel 2014-02-08 23:26:39 CET
I don't have S/PDIF, but eerything is working

Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok

Comment 2 Anssi Hannula 2014-02-09 19:17:44 CET
I've updated the packages and advisory with a fix for CVE-2013-1438 (bug #11149):

Advisory:
============
Due to flaws in the embedded copy of libDCR, a fork of dcraw.c, in the embedded copy of CxImage, opening a specially crafted photo file could trigger a division by zero, an infinite loop, or a null pointer dereference, resulting in a denial of service (CVE-2013-1438).

This update fixes those flaws.

XBMC is also updated to a newer bugfix-only release, version 12.3. It contains fixes to various issues, including:
- several PVR related bugs
- memory leaks
- audio channel mapping
- possible crash on progress dialog
and more.

Additionally, this update fixes a compatibility issue on Mageia 4 affecting AC-3 transcoding, which prevented, for example, multichannel playback of AAC 5.1 files over S/PDIF or stereo-only HDMI devices.

The PVR addons have also been updated.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438
https://bugs.mageia.org/show_bug.cgi?id=11149
http://xbmc.org/xbmc-12-3-frodo-fixes/
============

XBMC 12.3 packages are in mga3+mga4 core/updates_testing.

Source packages:
xbmc-12.3-1.1.mga3
xbmc-12.3-1.1.mga4

Binary packages:
xbmc-12.3-1.1.mga3
xbmc-eventclient-j2me-12.3-1.1.mga3
xbmc-eventclient-ps3-12.3-1.1.mga3
xbmc-eventclients-common-12.3-1.1.mga3
xbmc-eventclients-devel-12.3-1.1.mga3
xbmc-eventclient-wiiremote-12.3-1.1.mga3
xbmc-eventclient-xbmc-send-12.3-1.1.mga3
xbmc-12.3-1.1.mga4
xbmc-eventclient-j2me-12.3-1.1.mga4
xbmc-eventclient-ps3-12.3-1.1.mga4
xbmc-eventclients-common-12.3-1.1.mga4
xbmc-eventclients-devel-12.3-1.1.mga4
xbmc-eventclient-wiiremote-12.3-1.1.mga4
xbmc-eventclient-xbmc-send-12.3-1.1.mga4

Keywords: (none) => Security
Component: RPM Packages => Security
CVE: (none) => CVE-2013-1438

David Walser 2014-02-09 20:18:12 CET

Blocks: (none) => 11149

Rémi Verschelde 2014-02-10 15:37:29 CET

CC: (none) => remi
Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO

Comment 3 William Kenney 2014-02-15 00:54:36 CET
In VirtualBox, M4, KDE, 32-bit

Package(s) under test:
xbmc

default install of xbmc

[root@localhost wilcal]# urpmi xbmc
Package xbmc-12.2-6.mga4.i586 is already installed

Plays videos, music and add-ons work

install xbmc from updates_testing

[root@localhost wilcal]# urpmi xbmc
Package xbmc-12.3-1.1.mga4.i586 is already installed

Plays videos, music and add-ons work

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm

CC: (none) => wilcal.int
Whiteboard: MGA3TOO => MGA3TOO MGA4-32-OK

Comment 4 William Kenney 2014-02-15 01:44:17 CET
In VirtualBox, M4, KDE, 64-bit

Package(s) under test:
xbmc

default install of xbmc

[root@localhost wilcal]# urpmi xbmc
Package xbmc-12.2-6.mga4.x86_64 is already installed

Plays videos, music and add-ons work.

install xbmc from updates_testing

[root@localhost wilcal]# urpmi xbmc
Package xbmc-12.3-1.1.mga4.x86_64 is already installed

Plays videos, music and add-ons work.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm

Whiteboard: MGA3TOO MGA4-32-OK => MGA3TOO MGA4-32-OK MGA4-64-OK

Comment 5 Colin Guthrie 2014-02-15 14:13:41 CET
Tested in M3 64.

Similar test to Bill, but on a PXE Booting NFS Root system. All seemed well.

CC: (none) => mageia
Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK => MGA3TOO MGA4-32-OK MGA4-64-OK mga3-64-ok

Samuel Verschelde 2014-02-15 14:17:16 CET

CC: (none) => stormi
Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK mga3-64-ok => MGA3TOO MGA4-32-OK MGA4-64-OK mga3-64-ok has_procedure

Comment 6 William Kenney 2014-02-15 16:56:42 CET
In VirtualBox, M3, KDE, 32-bit

Package(s) under test:
xbmc

default install of xbmc

[root@localhost wilcal]# urpmi xbmc
Package xbmc-12.2-1.1.mga3.i586 is already installed

Plays videos, music and add-ons work.

Attempted install xbmc from updates_testing
I get the following error message:

Sorry, the following package cannot be selected:
- xbmc-12.3-1.1.mga4.i586 (due to unsatisfied libcdio.so.14)


Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm
Comment 7 Anssi Hannula 2014-02-15 22:56:19 CET
(In reply to William Kenney from comment #6)
> In VirtualBox, M3, KDE, 32-bit
[...]
> Attempted install xbmc from updates_testing
> I get the following error message:
> 
> Sorry, the following package cannot be selected:
> - xbmc-12.3-1.1.mga4.i586 (due to unsatisfied libcdio.so.14)

You are trying to install MGA4 package on MGA3, this will not work :)
Comment 8 William Kenney 2014-02-16 01:03:49 CET
In VirtualBox, M3, KDE, 32-bit

Package(s) under test:
xbmc

default install of xbmc

[root@localhost wilcal]# urpmi xbmc
Package xbmc-12.2-1.1.mga3.i586 is already installed

Plays videos, music and add-ons work.

install xbmc from updates_testing

[root@localhost wilcal]# urpmi xbmc
Package xbmc-12.3-1.1.mga3.i586 is already installed

Plays videos, music and add-ons work.


Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm

Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK mga3-64-ok has_procedure => MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK mga3-64-ok has_procedure

Comment 9 William Kenney 2014-02-16 01:04:05 CET
Sorry, got the repo right this time.
I'm happy with this update. Lets push this update.
I get the impression xbmc is quite a bit better
now then the last time I played with it.
Thanks all.
Comment 10 Rémi Verschelde 2014-02-16 11:20:30 CET
Validating update, advisory has been uploaded. Please push to 3 & 4 core/updates.

Keywords: (none) => validated_update
Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK mga3-64-ok has_procedure => MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK mga3-64-ok has_procedure advisory
CC: (none) => sysadmin-bugs

Comment 11 Thomas Backlund 2014-02-16 14:45:19 CET
Update pushed:
http://advisories.mageia.org/MGASA-2014-0071.html

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.