Bug 492474

Summary: regression in xine-lib 1.1.16.2
Product: [Fedora] Fedora Reporter: Vincent Danen <vdanen>
Component: xine-libAssignee: Aurelien Bompard <gauret>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 10CC: gauret, kevin, rdieter
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugs.launchpad.net/ubuntu/+source/xine-lib/+bug/322834
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-27 17:55:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
testcase none

Description Vincent Danen 2009-03-26 21:42:13 UTC 
Created attachment 336912 [details]
testcase

An Ubuntu update for xine-lib was recently released due to a regression in the fix for CVE-2009-0698 where it would prevent certain files from playing properly.  We currently have xine-lib 1.1.16.2 in Fedora (9, 10, rawhide) which has this CVE fixed upstream.

The test.mpg file (attached) does not play with our gxine player, but it does play fine with mplayer.  The linked URL is to Ubuntu's bug report on this, and the advisory URL is: http://www.ubuntu.com/usn/USN-746-1

A source archive that is listed in the advisory is: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.15-0ubuntu3.2.diff.gz
Comment 1 Rex Dieter 2009-03-26 22:04:14 UTC 
fyi, fedora's xine-lib doesn't include support for encumbered formats, like mpeg... but I'll take a look.  

Hrm, upstream report claims fixed in 1.1.16.2,
http://bugs.xine-project.org/show_bug.cgi?id=204

Guess I'll have to try the sample (along with xine-lib-extras-freeworld)
Comment 2 Vincent Danen 2009-03-26 23:16:02 UTC 
Hmmm...  I maybe have some extra bits installed, but when I ran gxine on the test.mpeg, it opened, and nothing in the output indicated an unrecognized or unknown file type.  I did install mplayer from rpmfusion just to verify that mplayer worked with it (as noted in the Ubuntu advisory), so other non-free bits came in as a result, but that was after trying with gxine.

This could be a false alarm, I'm not sure, but it came across my radar so I figured I'd bring it up.
Comment 3 Rex Dieter 2009-03-27 17:55:13 UTC 
Using xine and kaffine, with xine-lib-extras-freeworld installed, test.mpg plays fine here.