Closed Bug 470936 Opened 16 years ago Closed 11 years ago

please blocklist vlc < 0.9.9

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
2013-10-01

People

(Reporter: timeless, Assigned: jorgev)

Details

(Whiteboard: mozilla.com)

Attachments

(1 file)

Konsep Tournamen.cdr
1.77 MB, patch
Details | Diff | Splinter Review 
j-b indicates that older versions were very crashy and with 0.9.8a they've finally gotten some (perhaps most) of the crashes out.

i've done a quick scan of crash stats, and he's right. the biggest crashers by far are all gone.

we should blocklist the older version
Well, let me summarize:
- In 0.8.6 and before, the plugin could easily crash on Windows, especially when two instances of the plugin were in the same page (hitting reload could crash it easily too)
- In 0.9.x and over, most of the previous issues are fixed because the core is cleaner.

- In the releases 0.9.2 to 0.9.6 on Windows, some part of the plugin are not working, like HTTP streaming or subtitles because of the manifest issues on Windows.

Therefore, I would advise to blacklist all versions up to 0.8.6, because they can crash and if you want, blacklist versions up to 0.9.6 on windows, because they are not really functionnal.

Anyway, the question is: do you blacklist crashing or also non working correctly versions?
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
jb - would like to continue discussion here.  To answer your question, the policy is here - https://wiki.mozilla.org/Blocklisting
jb - is there something being done about OOM comments from bug 471443?  Keep in mind that for users that's still an important thing to address.
Well, yes, one developer closed the bug as wontfix, but I am talking to another developer that might have time to work on it. I'll reopen our bug for that purpose.

About this bug, it still stands, and you should really blocklist older versions of VLC that will crash the browser more than 50% of the time when multiple plugins are loaded.
OK - thanks jb.  Will get that taken care of.
Assignee: nobody → morgamic
Status: REOPENED → ASSIGNED
Is there any reason to do an inconsistent block as suggested of up to 0.9.6 on Windows and 0.9 for everyone else? Why not just block up to 0.9.8a for everyone and include that latest security fix?
http://www.videolan.org/developers/vlc/NEWS
(sorry, typo; meant block <0.9.8a OR block <=0.9.6 for everyone)
Yes, there is a clear reason:
- VLC 0.9.2 to 0.9.6 (included) on Windows tried to use shared libraries instead of statically linking each library in each module.
Unfortunately, the mozilla plugin (And ActiveX) then couldn't find those dlls because they weren't in the PATH and we couldn't change path (needed to be compatible with Windows < XP/SP2.
Therefore the webplugins where half-working/half-nonworking (http access couldn't find libgcrypt.dll), which is kind of useless versions.

That is why VLC webplugin on Windows for version between 0.9.0 and 0.9.6 are useless on Windows.

However, you can block all versions until the 0.9.9 (excluded) and we won't care. We don't support anything but the latest version (we are a very small team). And VLC 1.0.0 is on the go, and should be out this month.
Summary: please blocklist vlc <= 0.9.6 (windows) and <= 0.9 (other) → please blocklist vlc < 0.9.9
Michael: Could you please pull the trigger on this one too?
Yes, I will stop failing and get this taken care of.
Can someone provide the filename and/or plugin description for this?  Looks like we want to block 0.9.8 and lower -- correct?
This is the current version :

VLC Multimedia Plug-in

    File: C:\Program Files\SeaMonkey\plugins\npvlc.dll
    Version: 1.0.3.0
    Version 1.0.3, copyright 1996-2009 The VideoLAN Team
    http://www.videolan.org/
Now that soft blocking (block with option to override) is an option, soft blocking here may be a good idea.
Ok... still need which version range to block.  Can't do it until someone answers that.
Going to blocklist anything below 0.9.9 -- that seems to be the consensus.
Whiteboard: mozilla.com
(also, it's the title of the freakin' bug)
Assignee: morgamic → nobody
(In reply to comment #16)
> Going to blocklist anything below 0.9.9 -- that seems to be the consensus.

did this ever happened ?
This is a mass change. Every comment has "assigned-to-new" in it.

I didn't look through the bugs, so I'm sorry if I change a bug which shouldn't be changed. But I guess these bugs are just bugs that were once assigned and people forgot to change the Status back when unassigning.
Status: ASSIGNED → NEW
VLC must be blocked for vlc <= 1.0.5 those days. version prior to 1.0.5 are old and unsafe.

And in a few weeks, vlc < 2.0.0 should be blocked too.
Hey Guys, seems this got lost somehow - per comment #16 from morgamic it seems we were planning to blocklist this old version but it got never realized, can we get this on the blocklist ?
Which versions would you suggest we block?
Flags: needinfo?(cbook)
(In reply to Carsten Book [:Tomcat] from comment #21)
> Hey Guys, seems this got lost somehow - per comment #16 from morgamic it
> seems we were planning to blocklist this old version but it got never
> realized, can we get this on the blocklist ?

hm good question per comment #20 i would say:

"VLC must be blocked for vlc <= 1.0.5 those days. version prior to 1.0.5 are old and unsafe."

JB, do you have any recommendations re: 2.0.0 since you guys developing this product :)
Flags: needinfo?(cbook) → needinfo?(jb+mozilla)
Sure.

Anything below (<) 2.0.3 should be blacklisted and forbidden to run.

Anything under (<) 2.0.6 should advised against.

In one week, anything under (<) 2.1.0 should be advised against.
Flags: needinfo?(jb+mozilla)
I'll add a CTP block for 2.0.6 and lower, since we no longer do hardblocks or softblocks. And since all plugins except Flash will be CTP fairly soon (https://blog.mozilla.org/futurereleases/2013/09/24/plugin-activation-in-firefox/), I think that should be enough for this bug.
Assignee: nobody → jorge
Target Milestone: --- → 2013-10-01
Make that "2.0.5 and lower", since I think that's what comment #24 means. I also need to run this past the release drivers group first.
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/p456
Status: NEW → RESOLVED
Closed: 16 years ago11 years ago
Resolution: --- → FIXED
(In reply to Jorge Villalobos [:jorgev] from comment #27)
> Blocked: https://addons.mozilla.org/en-US/firefox/blocked/p456

This block broke the Veetle TV Player plugin functionality due to having a .dll file of the same name: npvlc.dll

It has a different md5 hash according to http://www.shouldiblockit.com/npvlc.dll-a1b2b09240361031d1d794d57fc7359c.aspx
That's unfortunate. However, I think the benefit outweighs the annoyance in this case, and all plugins will be in the same state (click-to-play) fairly soon. Also, I can't think of a way to not block Veetle without rolling back the VLC block.
Looks like it's easier to just set extensions.blocklist.enabled to false and update all the blocked/outdated extensions in the mean time.
(In reply to Carsten Book [:Tomcat] from comment #21)
> Hey Guys, seems this got lost somehow - per comment #16 from morgamic it
> seems we were planning to blocklist this old version but it got never
> realized, can we get this on the blocklist ?

  

  



    
    

    
  
good

  

  


Flags: needinfo?(bckrisna)

    
  
Flags: needinfo?(bckrisna)
Product: addons.mozilla.org → Toolkit

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: