Change logs for vlc source package in Intrepid

vlc (0.9.4-1ubuntu3.2) intrepid-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via stack-based overflow in
    the Ty demux plugin (LP: #285922)
    - debian/patches/901_CVE-2008-4654.patch: don't overflow mst_buf in
      modules/demux/ty.c
    - CVE-2008-4654
  * SECURITY UPDATE: Arbitrary code execution via integer overflows in
    the Ty demux plugin (LP: #285922)
    - debian/patches/902_CVE-2008-4686.patch: make some variables unsigned
      in modules/demux/ty.c so they don't overflow.
    - CVE-2008-4686
  * SECURITY UPDATE: Arbitrary code execution via stack-based buffer
    overflow via invalid RealText subtitle file.
    - debian/patches/903_CVE-2008-5036.patch: limit sscanf sizes in
      modules/demux/subtitle.c
    - CVE-2008-5036
  * SECURITY UPDATE: Arbitrary code execution via heap-based buffer
    overflow via malformed RealMedia file.
    - debian/patches/904_CVE-2008-5276.patch: replace malloc with calloc in
      modules/demux/real.c
    - CVE-2008-5276
  * SECURITY UPDATE: Denial of service via long input argument.
    - debian/patches/905_CVE-2009-1045.patch: make sure we can't overflow
      psz_dup in src/input/input.c
    - CVE-2009-1045

 -- Marc Deslauriers <email address hidden>   Sun, 28 Jun 2009 12:13:15 -0400

vlc (0.9.4-1ubuntu3.1) intrepid-security; urgency=low

  * SECURITY UPDATE: Fix buffer overflow in CUE image file support
    - Patch from upstream Rémi Denis-Courmont (LP: #294243)
    - CVE-2008-5032

 -- Jamie Strandboge <email address hidden>   Tue, 24 Feb 2009 14:55:44 -0600

vlc (0.9.4-1ubuntu3) intrepid; urgency=low

  * link vlc to unicode enabled curses library. Thanks to Rafaël Carré for
    reporting.(LP: #282644)
  * enable emedded video (LP: #282582)
  * Autodetect screen while using Xinerama to toggle fullscreen (LP: #115419)

 -- Reinhard Tartler <email address hidden>   Mon, 13 Oct 2008 21:47:13 +0200

vlc (0.9.4-1ubuntu2) intrepid; urgency=low

  * add new plugin database meta fields Xb-Npp-Description and Xb-Npp-File
    - update debian/control
  * link plugin binary to /usr/lib/xulrunner-addons/plugins/
    - update debian/mozilla-plugin-vlc.links

 -- Alexander Sack <email address hidden>   Mon, 13 Oct 2008 17:45:51 +0200

vlc (0.9.4-1ubuntu1) intrepid; urgency=low

  * merge from debian/experimental
  * New upstream release fixes LP: #280081, #280378
  * remaining changes:
    - build against libxul-dev instead of iceape-dev
    - build against libdca-dev, libass-dev and libx264-dev
    - adjust Vcs-Bzr Headers in debian/control
    - add Xb-Npp header to vlc package
    - debian/patches/301_DVD_media.diff: Change %U to %f
       in VLC .desktop file, cf LP #275043

vlc (0.9.4-1) experimental; urgency=low

  * New upstream bugfix version
  * rules: Pass the debian version in configure.ac so that the cache
    is invalidated between binary version
  * control: Don't forget commas in builddep list

vlc (0.9.3-1) experimental; urgency=low

  [ Christophe Mutricy ]
  * New upstream release
  * Build-depends on libdca-dev
  * vlc-nox.install
    + Be more general for the memcopy modules.
      Fix a FTBFS on non-intel arch (Closes: #499860).
  * Sort builddep list

  [ Reinhard Tartler ]
  * remove spurious conflicts on libvlc2. LP: #274614

 -- Reinhard Tartler <email address hidden>   Sun, 12 Oct 2008 11:37:03 +0200

vlc (0.9.3-0ubuntu1) intrepid; urgency=low

  [ Reinhard Tartler ]
  * new upstream bugfix only Releases LP: #274721

  Relevant fixes from NEWS file:

    Various bugfixes:
   * Fixed DTS channel order on 5.1 systems
   * Fixed pausing behavior for subtitles and for Audio-CD
   * Multiple subtitles and podcast fixes
   * Various crashes fixed in PS, SSA, mkv, xspf, freetype
   * Fixed update system bugs
   * Other bug fixes (dvd language selection, subtitle colours, HTTP keep-alive...)

  Qt4 interface:
   * Added Faster/Slower icons to the controller panel
   * Fixed lost playlist columns when switching the playlist view
   * Added needed options to Simple preferences (to avoid NVIDIA drivers issues)
   * Fullscreen controller: added time label, remembering of last position
   * Fixed drag'n drop behaviour on the playlist
   * Multiple other fixes (Enter hotkey in preferences, Skins selection...)

  [ Saïvann Carignan ]
  * debian/patches/301_DVD_media.diff: Change %U to %f
    in VLC .desktop file . (LP: #275043)

 -- Reinhard Tartler <email address hidden>   Sat, 27 Sep 2008 09:30:04 +0200

vlc (0.9.2-1ubuntu2) intrepid; urgency=low

  * remove spurious conflicts on libvlc2. LP: #274614
  * fix FTBFS on all archs other than i386/lpia and amd64. Patch from
    pkg-multimedia svn, Closes: #499860

 -- Reinhard Tartler <email address hidden>   Fri, 26 Sep 2008 08:35:29 +0200

vlc (0.9.2-1ubuntu1) intrepid; urgency=low

  * New Upstream Release, exception granted by
      - dktrkranz, norsetto, Hobbsee (via irc). LP: #270404

  Changes done in ubuntu:

  * add libxul-dev to build-depends
  * make sure that vlc is build against libxul in configure. This doesn't
    change anything in the package, but makes it more robust if building
    in an 'unclean' chroot or when modifying the package.
  * debian/control: make Vcs-* fields point to the motumedia branch
  * add libx264-dev and libass-dev to build-depends
    LP: #210354, #199870
  * actually enable libass support by passing --enable-libass to configure
  * enable libdca: add libdca-dev to build depends and --enable-libdca
  * install the x264 plugin.

  Changes already in the pkg-multimedia branch in debian:

  * don't install usr/share/vlc/mozilla in debian/mozilla-plugin-vlc.install
  * new upstream .desktop file now registers flash video mimetype LP: #261567
  * add Xb-Npp-Applications to mozilla-plugin-vlc
  * remove duplicate entries in debian/vlc-nox.install

vlc (0.9.2-1) experimental; urgency=low

  [ Christophe Mutricy ]
  * New upstream release
    + Soname changed
    + Bugs fixed upstream: Closes: #487646,  #298150, #325069, #392292,
      #458004, #470903, #458004, #423121
    + new upstream fixes various crasher bugs reported in ubuntu:
      LP: #189575, #113927, #103741, #111615, #107899, #112076, #198916, 221428,
          #91679, #96978, #123589, #133528, #231621, #259025
    + plays files with '+' in its name, LP: #239431, #217305
    + New packages: libvlccore0, libvlccore-dev, vlc-plugin-pulse
     (Closes: #471069)
    + Build-depends on libswsale-dev, libshout3-dev, libxpm-dev,
      zlib1g-dev, liblua5.1-0-dev, libschroedinger-dev, libtag1-dev,
      libqt4-dev, libqt4-dev-tools and pkg-config. (Closes: #461324)
    + time display no longer incomplete, LP: #193445
    + fixed volume bar behavior, LP: #250041
    + shout support closes LP: #127594, #84098,
    + Install new modules:
      - vlc-nox: alphamask, blendbench, bluescreen, canvas, cc, cdg, chain,
        colorthres, croppadd, dynamicoverlay, erase, faad, gaussianblur, grain,
        inhibit, lua, memcpy*, mmap, osd_parser, puzzle, remoteosd, rtmp,
        schroedinger, sharpen, stats, subusf, t140, telepathy, v4l2, vmem
      - vlc: qt4
      - vlc-plugin-jack: access_jack
    + Distribute the .pc for libvlc and vlc-plugin (Closes: #289507)
    + Remove wx interface and glide plugin as they've been dropped by upstream
      LP: #205325, #88487, #90603, #150380
    + The Python and java bindings are no longer part of the upstream tarballs
      (Closes: #469011)
    + Temporarly disable libdca module until a pkg with the new
      API get in unstable
    + Delete or refresh patches
    + New patches:
        - 052_as-needed taken from bug #347650 to teach libtool about
          -Wl,--as-needed
  * Install the skins DTD and the default skins it's only 113kB
  * Improve watch file
  * Add a vlc-data package for /usr/share  (13 MB)
  * Add a vlc-dbg package (Closes: #491564)
  * Sort vlc.install and vlc-nox.install

  [ Mohammed Adnène Trojette ]
  * Add myself to Uploaders.
  * debian/control:
    + Add proper conflicts/replaces to vlc-data with mozilla-plugin-vlc.
    + Add proper conflicts/replaces to vlc with vlc-nox.

vlc (0.8.6.i-2) experimental; urgency=high

  [ Loic Minier ]
  * Fix changelog entries for 0.8.6.h-2 and 0.8.6.h-3.
  * Bump up Standards-Version to 3.8.0.

  [ Christophe Mutricy ]
  * Security: Fix integer overflow in mms module (CVE-2008-3794)
    (Closes: #496265)(407-mms-overflow.diff taken from upstream)

  [ Sam Hocevar ]
  * debian/patches/300_manpage_syntax.diff: fix vlc-config.1 syntax.

vlc (0.8.6.i-1) experimental; urgency=low

  * New upstream release.
    - Refresh patch 010_iceape and change it to only patch the name of the .pc
      files, keep using FIREFOX_CFLAGS and _LIBS etc. as to allow us to only
      run autoconf, not automake.
    - Drop patch 401-CVE-2008-2430, merged upstream.
    - Update and rename patch 050_bootstrap to 900_autoconf.

vlc (0.8.6.h-3) unstable; urgency=low

  * Minor cleanups.
  * Use DEB_HOST_ARCH instead of DEB_BUILD_ARCH in rules.
  * Use objdump -x instead of ldd to check for links on libX11 as ldd might
    resolve libvlc to the system's version if the system has libvlc installed;
    closes: #495730.

vlc (0.8.6.h-2) unstable; urgency=high

  * Fix integer overflow in TTA (CVE-2008-3732) (405-CVE-2008-3732.diff)
  * Fix crashes in Live555 (406-live555-crash.diff)
  * Switch to libdc1394-22-dev (Closes: #484695)

 -- Reinhard Tartler <email address hidden>   Wed, 17 Sep 2008 21:56:14 +0200

vlc (0.8.6.release.h-1ubuntu1) intrepid; urgency=low

  * Merge from Debian unstable. (LP: #238873, #243450, #245563)
    Remaining changes:
    - Add PulseAudio support.
    - Enable (and build-depend on) x264 support.
    - Add Xb-Npp-.* fields to mozilla-plugin-vlc, for the Firefox plugin
      finder service.
    - Clean up debian/vlc.desktop.
    - Make vlc recommend vlc-plugin-pulse.
    - Install link to plugin in xulrunner 1.9 plugin directory.
    - Build against xul rather then iceape.
    - Rename the upstream tarball to match old Ubuntu convention.
    - Modify Maintainer value to match the DebianMaintainerField
      specification.

 -- William Grant <email address hidden>   Sun, 06 Jul 2008 21:53:26 +1000

vlc (0.8.6.release.e+zdebian-2.3ubuntu1) intrepid; urgency=low

  * Rebase on sid. Changes carried over:
    - Add PulseAudio support.
    - Enable (and build-depend on) x264 support.
    - Add Xb-Npp-.* fields to mozilla-plugin-vlc, for the Firefox plugin
      finder service.
    - Clean up debian/vlc.desktop.
    - Make vlc depend on vlc-plugin-pulse.
    - Install link to plugin in xulrunner 1.9 plugin directory.
  * Build against xul rather then iceape.
    - Build-Depend on libxul-dev rather than iceape-dev.
    - Disable debian/patches/010_iceape.diff.
  * Reduce vlc-plugin-pulse dependency to a recommendation, as everything
    now installs recommends by default.
  * Update PulseAudio patch to include autotools changes, so we don't
    regenerate them during the build.
  * Rename the upstream tarball. This can go away when >0.8.6.* is uploaded.
    The '+zdebian' can be dropped when >0.8.6.e is in Debian.
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- William Grant <email address hidden>   Sun, 22 Jun 2008 19:09:42 +1000

vlc (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3) hardy; urgency=low

  * debian/control: Make vlc-plugin-pulse a dependency of vlc, to enable pulseaudio
    by default. (LP: #208579)
  * debian/patches/demuxer-fix.diff: Patch to fix FTBFS, thanks to Gentoo bug
    214809.

 -- Luke Yelavich <email address hidden>   Sat, 12 Apr 2008 09:23:55 +1000