vlc: security bump to version 2.1.6

* Fix heap overflow in decomp stream filter
* Fix buffer overflow in updater
* Fix potential buffer overflow in schroedinger encoder
* Fix null-pointer dereference in DMO decoder
* Fix buffer overflow in parsing of string boxes in mp4 demuxer
* Fix SRTP integer overflow
* Fix potential crash in zip access
* Fix read overflow in Ogg demuxer

And also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/vlc/vlc.hash b/package/vlc/vlc.hash
new file mode 100644 (file)
index 0000000..718a0e6
--- /dev/null
+++ b/package/vlc/vlc.hash
@@ -0,0 +1,2 @@
+# From http://get.videolan.org/vlc/2.1.6/vlc-2.1.6.tar.xz.sha256
+sha256 1b76cf4b96e18cf224d21b91343f7e579790c5d3e499c8a230f53da695687c04        vlc-2.1.6.tar.xz

diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
index 9d99de636fbd23c8246ec40f0a2300e05f63b3af..56006b5b460cfe5174497b41047493409edcc420 100644 (file)
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-VLC_VERSION = 2.1.5
+VLC_VERSION = 2.1.6
 VLC_SITE = http://get.videolan.org/vlc/$(VLC_VERSION)
 VLC_SOURCE = vlc-$(VLC_VERSION).tar.xz
 VLC_LICENSE = GPLv2+ LGPLv2.1+