Closed
Bug 470936
Opened 16 years ago
Closed 11 years ago
please blocklist vlc < 0.9.9
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
RESOLVED
FIXED
2013-10-01
People
(Reporter: timeless, Assigned: jorgev)
Details
(Whiteboard: mozilla.com)
Attachments
(1 file)
1.77 MB,
patch
|
Details | Diff | Splinter Review |
j-b indicates that older versions were very crashy and with 0.9.8a they've finally gotten some (perhaps most) of the crashes out. i've done a quick scan of crash stats, and he's right. the biggest crashers by far are all gone. we should blocklist the older version
Comment 1•16 years ago
|
||
Well, let me summarize: - In 0.8.6 and before, the plugin could easily crash on Windows, especially when two instances of the plugin were in the same page (hitting reload could crash it easily too) - In 0.9.x and over, most of the previous issues are fixed because the core is cleaner. - In the releases 0.9.2 to 0.9.6 on Windows, some part of the plugin are not working, like HTTP streaming or subtitles because of the manifest issues on Windows. Therefore, I would advise to blacklist all versions up to 0.8.6, because they can crash and if you want, blacklist versions up to 0.9.6 on windows, because they are not really functionnal. Anyway, the question is: do you blacklist crashing or also non working correctly versions?
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Updated•16 years ago
|
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment 3•16 years ago
|
||
jb - would like to continue discussion here. To answer your question, the policy is here - https://wiki.mozilla.org/Blocklisting
Comment 4•16 years ago
|
||
jb - is there something being done about OOM comments from bug 471443? Keep in mind that for users that's still an important thing to address.
Comment 5•16 years ago
|
||
Well, yes, one developer closed the bug as wontfix, but I am talking to another developer that might have time to work on it. I'll reopen our bug for that purpose. About this bug, it still stands, and you should really blocklist older versions of VLC that will crash the browser more than 50% of the time when multiple plugins are loaded.
Comment 6•16 years ago
|
||
OK - thanks jb. Will get that taken care of.
Assignee: nobody → morgamic
Status: REOPENED → ASSIGNED
Comment 7•16 years ago
|
||
Is there any reason to do an inconsistent block as suggested of up to 0.9.6 on Windows and 0.9 for everyone else? Why not just block up to 0.9.8a for everyone and include that latest security fix? http://www.videolan.org/developers/vlc/NEWS
Comment 9•16 years ago
|
||
Yes, there is a clear reason: - VLC 0.9.2 to 0.9.6 (included) on Windows tried to use shared libraries instead of statically linking each library in each module. Unfortunately, the mozilla plugin (And ActiveX) then couldn't find those dlls because they weren't in the PATH and we couldn't change path (needed to be compatible with Windows < XP/SP2. Therefore the webplugins where half-working/half-nonworking (http access couldn't find libgcrypt.dll), which is kind of useless versions. That is why VLC webplugin on Windows for version between 0.9.0 and 0.9.6 are useless on Windows. However, you can block all versions until the 0.9.9 (excluded) and we won't care. We don't support anything but the latest version (we are a very small team). And VLC 1.0.0 is on the go, and should be out this month.
Summary: please blocklist vlc <= 0.9.6 (windows) and <= 0.9 (other) → please blocklist vlc < 0.9.9
Comment 12•15 years ago
|
||
Can someone provide the filename and/or plugin description for this? Looks like we want to block 0.9.8 and lower -- correct?
Comment 13•15 years ago
|
||
This is the current version : VLC Multimedia Plug-in File: C:\Program Files\SeaMonkey\plugins\npvlc.dll Version: 1.0.3.0 Version 1.0.3, copyright 1996-2009 The VideoLAN Team http://www.videolan.org/
Comment 14•15 years ago
|
||
Now that soft blocking (block with option to override) is an option, soft blocking here may be a good idea.
Comment 15•15 years ago
|
||
Ok... still need which version range to block. Can't do it until someone answers that.
Comment 16•15 years ago
|
||
Going to blocklist anything below 0.9.9 -- that seems to be the consensus.
Whiteboard: mozilla.com
Updated•15 years ago
|
Assignee: morgamic → nobody
Comment 18•15 years ago
|
||
(In reply to comment #16) > Going to blocklist anything below 0.9.9 -- that seems to be the consensus. did this ever happened ?
Comment 19•15 years ago
|
||
This is a mass change. Every comment has "assigned-to-new" in it. I didn't look through the bugs, so I'm sorry if I change a bug which shouldn't be changed. But I guess these bugs are just bugs that were once assigned and people forgot to change the Status back when unassigning.
Status: ASSIGNED → NEW
Comment 20•13 years ago
|
||
VLC must be blocked for vlc <= 1.0.5 those days. version prior to 1.0.5 are old and unsafe. And in a few weeks, vlc < 2.0.0 should be blocked too.
Comment 21•13 years ago
|
||
Hey Guys, seems this got lost somehow - per comment #16 from morgamic it seems we were planning to blocklist this old version but it got never realized, can we get this on the blocklist ?
Assignee | ||
Updated•11 years ago
|
Flags: needinfo?(cbook)
Comment 23•11 years ago
|
||
(In reply to Carsten Book [:Tomcat] from comment #21) > Hey Guys, seems this got lost somehow - per comment #16 from morgamic it > seems we were planning to blocklist this old version but it got never > realized, can we get this on the blocklist ? hm good question per comment #20 i would say: "VLC must be blocked for vlc <= 1.0.5 those days. version prior to 1.0.5 are old and unsafe." JB, do you have any recommendations re: 2.0.0 since you guys developing this product :)
Flags: needinfo?(cbook) → needinfo?(jb+mozilla)
Comment 24•11 years ago
|
||
Sure. Anything below (<) 2.0.3 should be blacklisted and forbidden to run. Anything under (<) 2.0.6 should advised against. In one week, anything under (<) 2.1.0 should be advised against.
Flags: needinfo?(jb+mozilla)
Assignee | ||
Comment 25•11 years ago
|
||
I'll add a CTP block for 2.0.6 and lower, since we no longer do hardblocks or softblocks. And since all plugins except Flash will be CTP fairly soon (https://blog.mozilla.org/futurereleases/2013/09/24/plugin-activation-in-firefox/), I think that should be enough for this bug.
Assignee: nobody → jorge
Target Milestone: --- → 2013-10-01
Assignee | ||
Comment 26•11 years ago
|
||
Make that "2.0.5 and lower", since I think that's what comment #24 means. I also need to run this past the release drivers group first.
Assignee | ||
Comment 27•11 years ago
|
||
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/p456
Status: NEW → RESOLVED
Closed: 16 years ago → 11 years ago
Resolution: --- → FIXED
Comment 28•11 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #27) > Blocked: https://addons.mozilla.org/en-US/firefox/blocked/p456 This block broke the Veetle TV Player plugin functionality due to having a .dll file of the same name: npvlc.dll It has a different md5 hash according to http://www.shouldiblockit.com/npvlc.dll-a1b2b09240361031d1d794d57fc7359c.aspx
Assignee | ||
Comment 29•11 years ago
|
||
That's unfortunate. However, I think the benefit outweighs the annoyance in this case, and all plugins will be in the same state (click-to-play) fairly soon. Also, I can't think of a way to not block Veetle without rolling back the VLC block.
Comment 30•11 years ago
|
||
Looks like it's easier to just set extensions.blocklist.enabled to false and update all the blocked/outdated extensions in the mean time.
Comment 31•11 years ago
|
||
(In reply to Carsten Book [:Tomcat] from comment #21) > Hey Guys, seems this got lost somehow - per comment #16 from morgamic it > seems we were planning to blocklist this old version but it got never > realized, can we get this on the blocklist ?
Comment 32•10 years ago
|
||
deleteme |
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•