Bug#923494: Please Recommend and dlopen libsdl2 rather than depending on it
On Tue, Mar 12, 2019 at 07:10:09PM -0400, Reinhard Tartler wrote: > On Tue, Mar 12, 2019 at 1:49 PM Josh Triplett wrote: > > > On Tue, Mar 12, 2019 at 08:25:55AM -0400, Reinhard Tartler wrote: > > >Depends: libavcodec58 (= 7:4.1.1-2), > > > libavdevice58 (= 7:4.1.1-2), libavfilter7 (= 7:4.1.1-2), libavformat58 (= > > > 7:4.1.1-2), libavresample4 (= 7:4.1.1-2), libavutil56 (= 7:4.1.1-2), > > libc6 > > > (>= 2.14), libpostproc55 (= 7:4.1.1-2), libswresample3 (= 7:4.1.1-2), > > > libswscale5 (= 7:4.1.1-2) > > > Suggests: ffmpeg-doc > > > > You might want to add a Suggests on ffplay, as well. > > > > Good idea, done. > > The changes are in the 'master' branch of our packaging repository now. > Unfortunately, we missed the Debian freeze. Not sure if this is worth > asking for a freeze exception. > > What do you guys think? Speaking for myself only, all the systems on which this might end up installed run sid. And the previous Debian stable had this dependency, so this isn't a regression. I'd suggest not asking for a freeze exception.
Bug#923494: Please Recommend and dlopen libsdl2 rather than depending on it
On Tue, Mar 12, 2019 at 1:49 PM Josh Triplett wrote: > On Tue, Mar 12, 2019 at 08:25:55AM -0400, Reinhard Tartler wrote: > >Depends: libavcodec58 (= 7:4.1.1-2), > > libavdevice58 (= 7:4.1.1-2), libavfilter7 (= 7:4.1.1-2), libavformat58 (= > > 7:4.1.1-2), libavresample4 (= 7:4.1.1-2), libavutil56 (= 7:4.1.1-2), > libc6 > > (>= 2.14), libpostproc55 (= 7:4.1.1-2), libswresample3 (= 7:4.1.1-2), > > libswscale5 (= 7:4.1.1-2) > > Suggests: ffmpeg-doc > > You might want to add a Suggests on ffplay, as well. > Good idea, done. The changes are in the 'master' branch of our packaging repository now. Unfortunately, we missed the Debian freeze. Not sure if this is worth asking for a freeze exception. What do you guys think? -- regards, Reinhard
gpac: CVE-2018-20760 CVE-2018-20761 CVE-2018-20762 CVE-2018-20763
On Sun, Feb 10, 2019 at 07:48:12PM +0100, Moritz Muehlenhoff wrote: > Source: gpac > Severity: grave > Tags: security There's a 0.7.1 in NEW, but that won't be in time for buster, could you please upload a targeted fix for the open issues for 0.5? https://security-tracker.debian.org/tracker/source-package/gpac has links to all the fixes. (I've prepared a stable-proposed-update for gpac, but getting it fixed first in sid is a requirement for spu). Cheers, Moritz
Bug#923494: Please Recommend and dlopen libsdl2 rather than depending on it
On Tue, Mar 12, 2019 at 08:31:51PM +0100, Carl Eugen Hoyos wrote: > 2019-03-12 18:48 GMT+01:00, Josh Triplett : > > On Tue, Mar 12, 2019 at 08:25:55AM -0400, Reinhard Tartler wrote: > > >> I think this should address the issue. Any objections to this approach? > > > > This would work perfectly for me, and I would then avoid installing > > ffplay on my servers. > > I was expecting that the ffmpeg package would still pull a large > number of dependencies including X11 with this change but if > there is an improvement for you, all the better! As long as libavdevice no longer depends on libsdl2 either, that'll suffice. libavdevice still depends on a handful of X libraries, but I don't mind having a few of those installed on my server, and I already had some of them for things like `ssh -X`. libsdl2 substantially increased the dependencies. Thank you!
Bug#923494: Please Recommend and dlopen libsdl2 rather than depending on it
2019-03-12 18:48 GMT+01:00, Josh Triplett : > On Tue, Mar 12, 2019 at 08:25:55AM -0400, Reinhard Tartler wrote: >> I think this should address the issue. Any objections to this approach? > > This would work perfectly for me, and I would then avoid installing > ffplay on my servers. I was expecting that the ffmpeg package would still pull a large number of dependencies including X11 with this change but if there is an improvement for you, all the better!
Bug#923494: Please Recommend and dlopen libsdl2 rather than depending on it
On Tue, Mar 12, 2019 at 08:25:55AM -0400, Reinhard Tartler wrote: >Depends: libavcodec58 (= 7:4.1.1-2), > libavdevice58 (= 7:4.1.1-2), libavfilter7 (= 7:4.1.1-2), libavformat58 (= > 7:4.1.1-2), libavresample4 (= 7:4.1.1-2), libavutil56 (= 7:4.1.1-2), libc6 > (>= 2.14), libpostproc55 (= 7:4.1.1-2), libswresample3 (= 7:4.1.1-2), > libswscale5 (= 7:4.1.1-2) > Suggests: ffmpeg-doc You might want to add a Suggests on ffplay, as well.
Bug#923494: Please Recommend and dlopen libsdl2 rather than depending on it
On Tue, Mar 12, 2019 at 08:25:55AM -0400, Reinhard Tartler wrote: > On Sun, Mar 10, 2019 at 9:36 PM Carl Eugen Hoyos wrote: > > > > What might work is disabling the avdevice outdev AND > > > moving 'ffplay' to its own binary package. > > > > Before suggesting this, I would prefer the OP to test. I > > still do not entirely believe that this fixes his issue. > > > > > There is a good chance that the OP did not get this message, because > debbugs does not automatically subscribe the original submitter. One has to > exlicitly use the nn-submit...@bugs.debian.org alias or include his > email address explicitly. I did get the original mail suggesting the additional config options, and not the above mails. I hadn't yet had time to try rebuilding ffmpeg from source. > I've went ahead and implemented the change (passing in > --disable-outdev=sdl2 as you suggested, and moving ffplay into its own > binary package) > > With this patch, the ffmpeg binary package has a depends line like this: > > > > > > > Package: ffmpeg > > Version: 7:4.1.1-2 > >Architecture: amd64 > >Maintainer: > Debian Multimedia Maintainers > > Installed-Size: 1808 > >Depends: libavcodec58 (= 7:4.1.1-2), > libavdevice58 (= 7:4.1.1-2), libavfilter7 (= 7:4.1.1-2), libavformat58 (= > 7:4.1.1-2), libavresample4 (= 7:4.1.1-2), libavutil56 (= 7:4.1.1-2), libc6 > (>= 2.14), libpostproc55 (= 7:4.1.1-2), libswresample3 (= 7:4.1.1-2), > libswscale5 (= 7:4.1.1-2) > Suggests: ffmpeg-doc > >Breaks: libav-tools (<< 6:12~~), qt-faststart (<< > 7:2.7.1-3~), winff (<< 1.5.5-5~) >Replaces: libav-tools (<< > 6:12~~), qt-faststart (<< 7:2.7.1-3~) > > Section: > video > > > > > > > Note that there is a dependency on libavdevice58, but not on SDL. > > > > > > The 'ffplay' binary package has a depends line that looks like this: > > > > > > > Package: ffplay > Source: ffmpeg > Version: 7:4.1.1-2 > Architecture: amd64 > Maintainer: Debian Multimedia Maintainers < > debian-multimedia@lists.debian.org> > Installed-Size: 226 > >Depends: libavcodec58 (= 7:4.1.1-2), libavdevice58 (= > 7:4.1.1-2), libavfilter7 (= 7:4.1.1-2), libavformat58 (= 7:4.1.1-2), > libavresample4 (= 7:4.1.1-2), libavutil56 (= 7:4.1.1-2), libc6 (>= 2.14), > libpostproc55 (= 7:4.1.1-2), libsdl2-2.0-0 (>= 2.0.9), libswresample3 (= > 7:4.1.1-2), libswscale5 (= 7:4.1.1-2), ffmpeg > Suggests: ffmpeg-doc > > Breaks: ffmpeg (<< 7:4.1.1-2~), libav-tools (<< > 6:12~~), qt-faststart (<< 7:2.7.1-3~), winff (<< 1.5.5-5~) > Replaces: ffmpeg (<< > 7:4.1.1-2~), libav-tools (<< 6:12~~), qt-faststart (<< 7:2.7.1-3~) > > Section: > video > > > > > > > Note that this includes both libavdevice58 as well as libsdl2-2. > > > > > > > I think this should address the issue. Any objections to this approach? This would work perfectly for me, and I would then avoid installing ffplay on my servers.
Bug#924260: Csound: regression in diskgrain stretch->buster when file sr != orchestra sr
On Sun, Mar 10, 2019, 14:18 Sam Hartman wrote: > package: csound > severity: important > justification: Stretch regression with no work around without code > changes > version: 1:6.12.2~dfsg-3 > tags: patch, fixed-upstream, upstream > > Hi. In https://github.com/csound/csound/issues/1119 > I reported an issue. > > In stretch, if you want to deal with a file that doesn't match the > orchestra sample rate in diskgrain, you have to do all the work in your > orchestra. > Between stretch and buster upstream tried to improve it but got a couple > of things wrong: > > * Most seriously, they handle the initial file seek according to the > orchestra sr not the file sr. So there will be a jump of > uncontrollable length when the first file buffer is exausted. > > * They scale the pitch but not the pointer read rate, so the orchestra > still has to know about the gap. > > This is fixed in f23c45efcef upstream. > I confirmed that code change works against the upstream code base and > the Debian code base. > Thanks for such a thorough bug report. I think this is self-contained enough to warrant a stable upload. One thing that needs checking is if the move of find_file.h has any impact. I would suggest not applying that part just to be safe. Another thing to check would be if syncgrain and syncloop need a similar change, as noted by Victor. > > I'd like to try and get an unblock to get this into buster. I want your > support obviously before trying to do that. I'm happy to do everything > (prepare a package; upload; file an unblock), simply write the unblock > justification, sit back and let you deal, or accept that you don't think > this is worth trying to get an unblock for. > My justification for the unblock is that it's a well-constrained change, > something that is possible in stretch is entirely impossible in the > current buster code, and there is an easy fix. > Please go ahead. The change looks small enough. I'm currently away so I'm going to be of limited assistance, but please feel free to go ahead. Help is always appreciated. Saludos, Felipe Sateler
Bug#923494: Please Recommend and dlopen libsdl2 rather than depending on it
2019-03-12 13:25 GMT+01:00, Reinhard Tartler : > In a headless installation that is used for transcoding and streaming, > such dependencies, like on X11, wayland, etc. may not be desirable. Funny that you mention X11 and wayland: Both are still dependencies of FFmpeg after your patch, no?
Bug#923494: Please Recommend and dlopen libsdl2 rather than depending on it
Please show the dependencies of (at least) libavutil and libavcodec with your approach and maybe compare them to what sdl needs: While the list may become smaller I wonder if it this would really solve the described issue.
Processed: Bug #923494 in ffmpeg marked as pending
Processing control commands: > tag -1 pending Bug #923494 [ffmpeg] Please Recommend and dlopen libsdl2 rather than depending on it Added tag(s) pending. -- 923494: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923494 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#923494: Please Recommend and dlopen libsdl2 rather than depending on it
On Sun, Mar 10, 2019 at 9:36 PM Carl Eugen Hoyos wrote: > > What might work is disabling the avdevice outdev AND > > moving 'ffplay' to its own binary package. > > Before suggesting this, I would prefer the OP to test. I > still do not entirely believe that this fixes his issue. > > There is a good chance that the OP did not get this message, because debbugs does not automatically subscribe the original submitter. One has to exlicitly use the nn-submit...@bugs.debian.org alias or include his email address explicitly. I've went ahead and implemented the change (passing in --disable-outdev=sdl2 as you suggested, and moving ffplay into its own binary package) With this patch, the ffmpeg binary package has a depends line like this: Package: ffmpeg Version: 7:4.1.1-2 Architecture: amd64 Maintainer: Debian Multimedia Maintainers Installed-Size: 1808 Depends: libavcodec58 (= 7:4.1.1-2), libavdevice58 (= 7:4.1.1-2), libavfilter7 (= 7:4.1.1-2), libavformat58 (= 7:4.1.1-2), libavresample4 (= 7:4.1.1-2), libavutil56 (= 7:4.1.1-2), libc6 (>= 2.14), libpostproc55 (= 7:4.1.1-2), libswresample3 (= 7:4.1.1-2), libswscale5 (= 7:4.1.1-2) Suggests: ffmpeg-doc Breaks: libav-tools (<< 6:12~~), qt-faststart (<< 7:2.7.1-3~), winff (<< 1.5.5-5~) Replaces: libav-tools (<< 6:12~~), qt-faststart (<< 7:2.7.1-3~) Section: video Note that there is a dependency on libavdevice58, but not on SDL. The 'ffplay' binary package has a depends line that looks like this: Package: ffplay Source: ffmpeg Version: 7:4.1.1-2 Architecture: amd64 Maintainer: Debian Multimedia Maintainers < debian-multimedia@lists.debian.org> Installed-Size: 226 Depends: libavcodec58 (= 7:4.1.1-2), libavdevice58 (= 7:4.1.1-2), libavfilter7 (= 7:4.1.1-2), libavformat58 (= 7:4.1.1-2), libavresample4 (= 7:4.1.1-2), libavutil56 (= 7:4.1.1-2), libc6 (>= 2.14), libpostproc55 (= 7:4.1.1-2), libsdl2-2.0-0 (>= 2.0.9), libswresample3 (= 7:4.1.1-2), libswscale5 (= 7:4.1.1-2), ffmpeg Suggests: ffmpeg-doc Breaks: ffmpeg (<< 7:4.1.1-2~), libav-tools (<< 6:12~~), qt-faststart (<< 7:2.7.1-3~), winff (<< 1.5.5-5~) Replaces: ffmpeg (<< 7:4.1.1-2~), libav-tools (<< 6:12~~), qt-faststart (<< 7:2.7.1-3~) Section: video Note that this includes both libavdevice58 as well as libsdl2-2. I think this should address the issue. Any objections to this approach? -- regards, Reinhard
