[videolan-announce] VLC media player 1.0.6 source

Rémi Denis-Courmont rem at videolan.org
Fri Apr 23 09:23:40 CEST 2010

	Dear subscribers,

The VLC development team is proud to introduce a new version of its
'Goldeneye' branch. This release bridges the gap between version 1.0.5
and the upcoming 1.1.0 VLC release. It fixes several vulnerabilities
which were uncovered during the development of VLC 1.1.0. It also
introduces a number of additional stability and other fixes.

Binaries for Windows and Mac OS are not yet on the pipe.
The full change list is below.

Best regards,

Summary changes:

 * Fix crash on FTP URI with no file path

 * Fix overflows in A/52, DTS, MPEG Audio and subtitles support

 * Update LUA script for Youtube pages
 * Fix crashes in AVI, ASF and Matroska files
 * Fix crashes on malformatted ZIP archives
 * Fix crashes and leaks in the FFmpeg/avformat plugin
 * Fix crash on invalid XSPF playlist

X11 port:
 * Partial Xlib threading fixes
   More complete fixes are available in VLC 1.1.0. Please update!

 * Fix crash (use after free) in Qt4 bookmarks
 * Fix a few crashes in Qt4 playlist

 * Simplified Chinese, Estonian, French, Japanese, Korean, Spanish, Swedish
   and Walloon translations updated
 * Sinhala translation started

Removed modules:
 * RTMP input and output are removed due to security problems. Please
   to VLC 1.1.0 which provides an FFmpeg-based RTMP input if needed.

Detailed changes:

Christophe Mutricy (2):
      RTMP: Don't trust the length given by the stream
      Avoid integer overflow                          

David González (3):
      l10n: Spanish update
      l10n: Spanish update
      l10n: nsis spanish update

Dean Lee (2):
      l10n: Chinese update
      l10n: Chinese update

Erwan Tulou (1):
      demux(avi): fix crash occuring when trying to open some avi files

Felix Paul Kühne (6):
      contribs: use package 23 for the 1.0.5 release on OS X
      contribs: updated binary package with proper libass   
      contribs: updated contrib package for Mac OS X including the recent
libdvdcss and ffmpeg 
      Updated Swedish translation by Daniel Nylander                       
      French l10n: fixed typo                                              
      contribs: updated to latest binary package for OS X                  

Francois Cartegnie (1):
      Fix segfault in preparser

Fumio Nakayama (2):
      l10n: Japanese update
      l10n: Japanese translation for .desktop

Gaëtan Rousseaux (1):
      l10n: Walloon update

H.Shalitha Vikum (1):
      l10n: Initial Sinhala translation

Ilkka Ollakka (2):
      x264.c: handle dts/pts from libx264 on X264_BUILD >= 83 onward
      x264.c: compile fix                                           

Jakob Leben (2):
      Qt: fix deleting playlist items by key press
      Playlist: fix faulty duration sorting due to integer overflow

Jean-Baptiste Kempf (2):
      On the road again to 1.0.6
      Fix typo copy-pasting     

Laurent Aimar (17):
      Fixed invalid accesses in decoder with corrupted subtitles streams.
      Fixed memleak if no data are read or poke (zip).                   
      Cosmetics (zip).                                                   
      Fixed read(NULL, size) in zipstream.                               
      Fixed segfault with corrupted zip file.                            
      Simplified and fixed mmst/u pausing (close #2673).                 
      Fixed an assert with still frame in dvdnav.                        
      Fixed a few memleaks in AVI demuxer.                               
      Fixed segfault with corrupted AVI ODML  index.                     
      Fixed signed integer overflow when loading AVI ODML index.         
      Fixed division by 0 with invalid files in avformat wrapper.        
      Fixed invalid read in ASF_ReadObject_Index (asf).                  
      Fixed segfault when seeking in ASF with broken index.              
      Fixed segfault with corrupted mkv files with compressed data.      
      Fixed segfault with incomplete mkv files.                          
      Prevent a potential integer overflow (mkv).                        

Mihkel (1):
      l10n: Estonian update

Pierre Ynard (2):
      rtp sout: fix DCCP socket leak
      lua: update the youtube script to the new version of their website   

(cherry picked from 
commit eda3dd800526984cd54024f72a0c69a3446eb333)                 

Ricardo Pérez López (1):
      .desktop Spanish translation

Rémi Denis-Courmont (37):
      XSPF export: XML-encode the location
      fr: improve translation of "dump"   
      RTP out: fix race condition in SDP generation from RTSP DESCRIBE
      Missing initializer     (cherry picked from commit
      UIs: call XInitThreads if using X11                                  
      ParseExecute: robustify and cleanup                                  
      Distribute and install the CUE parser                                
      FTP: handle ftp://HOST correctly                                     
      Typo, use after free (fixes: #3372)                                  
      XSPF: fix NULL dereference on empty <location>                       
      MSN: fix assertion (fixes #2930)                                     
      Qt4: bookmarks: don't give an anonymous temporary object to qtu      
      dvdnav: fix race between still image timeout and other interaction   
      Fixed potential memleaks in avformat wrapper.                        
      On the way to 1.0.6                                                  
      Pulse: uses Xlib, needs XInitThreads()                               
      Call XInitThreads in non-1.1 Xlib-dependent plugins                  
      RTMP: totally broken, disabled for the time being                    
      Disable A52, DTS and MPEG Audio dummy decoder plugins                
      News for 1.0.6                                                       
      Fixed potential segfault with corrupted streams (audio codecs).      
      Avoid warnings                                                       
      Happy new year *cough* *cough*                                       
      Win32: handle WSAEINTR correctly, should fix #3101                   
      Revert "Avoid warnings"                                              
      Restore liba52 and libdca functionality
      Fix A/52 decoding when liba52 is not present
      Mostly restore libmad functionality
      Update NEWS
      vlc_readdir: thread-safety fix
      skins: use readdir_r() instead of readdir()     (cherry picked from
      Bump libvlccore revision
      NAME_MAX requires <limits.h>     (cherry picked from commit 
      build the static VLC binary with $(make core)     (cherry picked from
      live555: fix use-after-free in TCP rollover on MS-RTSP     (cherry
from commit 
      Sync PO files

Rémi Duraffort (8):
      Typo.     (cherry picked from commit
      growl: fix pontential use after free (var_delcallbacl called to
 (cherry picked from 
commit 0c33ffc1b394a41b099dbc7e949ba705d8d44e54)
      Growl: cosmetics.     (cherry picked from commit
      Growl: fix bad memset.     (cherry picked from commit
      Grow: fix crash when the password is NULL.     (cherry picked from

      growl: fix a buffer overflow.     (cherry picked from commit 
      Growl: fix a second buffer overflow.     (cherry picked from commit 
      Growl: cosmetics.     (cherry picked from commit

airplanez (2):
      l10n: Korean update
      l10n: Korean update

Éric Lassauge (1):
      l10n: French update

Rémi Denis-Courmont
Rémi Denis-Courmont

More information about the videolan-announce mailing list