Debian Package Tracker

general

source: kodi (main)
version: 2:17.6+dfsg1-4
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Jonas Smedegaard [DMD] – Balint Reczey [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 16.1+dfsg1-2~bpo8+2
stable: 2:17.1+dfsg1-3
testing: 2:17.6+dfsg1-4
unstable: 2:17.6+dfsg1-4

versioned links

16.1+dfsg1-2~bpo8+2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:17.1+dfsg1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:17.6+dfsg1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2:17.6+dfsg1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

kodi
kodi-addons-dev
kodi-bin
kodi-data
kodi-eventclients-common
kodi-eventclients-dev
kodi-eventclients-kodi-send
kodi-eventclients-ps3
kodi-eventclients-wiiremote
kodi-repository-kodi

action needed

A new upstream version is available: 18.1~rc1 high

A new upstream version 18.1~rc1 is available, you should consider packaging it.

Created: 2018-08-23 Last update: 2019-02-17 04:15

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

Please fix them.

Created: 2015-07-13 Last update: 2019-02-10 18:20

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 3.9.8).

Created: 2017-06-29 Last update: 2018-12-23 17:15

lintian reports 10 warnings high

Lintian reports 10 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-09-22 Last update: 2018-11-19 02:14

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-11-22 Last update: 2019-02-17 04:11

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2018-10-01 Last update: 2019-02-17 03:43

Multiarch hinter reports 5 issue(s) normal

There are issues with the multiarch metadata for this package.

kodi-eventclients-kodi-send could be marked Multi-Arch: foreign
kodi-repository-kodi could be marked Multi-Arch: foreign
xbmc-eventclients-common could be marked Multi-Arch: foreign
xbmc-eventclients-dev could be marked Multi-Arch: foreign
xbmc-eventclients-ps3 could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2019-02-17 02:25

Depends on packages which need a new maintainer normal

The packages that kodi depends on which need a new maintainer are:

cwiid (#810992)
- Build-Depends: libcwiid-dev
- Depends: libcwiid1
libcdio (#881719)
- Build-Depends: libcdio-dev libiso9660-dev
- Depends: libcdio18
giflib (#834410)
- Build-Depends: libgif-dev
- Depends: libgif7

Created: 2017-12-02 Last update: 2019-02-17 02:08

32 new commits since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2:18.0~rc5.2+dfsg1-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 46e1f7ac4367999f2c8c5f846b5ba97cc1358b04
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Feb 11 16:50:22 2019 +0700

    debian/rules: Run tests for each build dir

commit f20b0015c16d764ec8787e2bee0f51093fcb8979
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Feb 11 00:59:13 2019 +0700

    debian/rules: Add Wayland and GBM conditions to override_dh_auto_configure

commit 26f5d495c8d84a7b1149c9ccc211dcbbef45c819
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Feb 11 14:08:20 2019 +0700

    Drop 06-use-external-libraries.patch obsoleted by building internal libdvdnav

commit b3bffb55ebe660c607c004ed034ffc2e437721dd
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Feb 11 00:30:56 2019 +0700

    Let upstream's build system build the embedded libdvdnav and libread libraries

commit f7daaea0495cb31390f9c27d8e6ade98b8f1ca55
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Feb 10 23:38:00 2019 +0700

    debian/rules: Refactor building Debianized artifacts

commit c398cc83b25f0df0113f9d04487a3f81c0c71e1c
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Feb 10 23:26:25 2019 +0700

    debian/rules: Pass -lphtread to linker by default

commit bf051b91bccea8f50361c2dee2199ca1e6c6edba
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Feb 10 23:19:44 2019 +0700

    debian/rules: Extend override_dh_clean

commit 5a2be28ae92aa3b144b9ae01e95f0c1b880a395a
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Feb 10 14:23:12 2019 +0700

    Disable Wayland builds until waylandpp becomes available in the archive

commit 1e04883867ed454ff76bfd0812f95d9937c806be
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Feb 10 13:43:08 2019 +0700

    debian/rules: Rewrite to use cmake and build separate
    
    Thanks: Wolfgang Schupp

commit 3459c63719c5d66ddd883277edd62424d10ca6a2
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Feb 10 12:53:42 2019 +0700

    Ship separate packages for X11, Wayland and GBM

commit c03be390c1b914be37b4e2e040ca70fd0df115b7
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Feb 10 12:28:07 2019 +0700

    Refresh build dependencies based on upstream's packaging

commit d24e4fff65c9fbb197bf2fcbd009ad632a7e38d7
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Feb 10 11:50:40 2019 +0700

    debian/gitlab-ci.yml: Add Salsa CI configuration

commit 8735c7771070f3b1771d9ee172e47a9312516256
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Feb 10 11:32:26 2019 +0700

    debian/control: Tidy up using cme fix

commit b879e326d052bb6836c3850501ca07f4a579ea1f
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 21:13:39 2019 +0700

    debian/copyright_hints: Update hints with new files

commit cd725fe215a16fece37412d545fabc1564865e7a
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 16:36:14 2019 +0700

    Drop upstream's MSVC-specific patches

commit 65abc0ca04489aa11202b1260d490ec839976e10
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 16:33:21 2019 +0700

    Add upstream patches

commit 0228f7b5010e2677dcb78995cb4344d12930746d
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 16:02:58 2019 +0700

    Drop obsolete patches

commit ff53da32b3351034b9b5e0aa96e969f6013646df
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 15:43:06 2019 +0700

    Refresh libdvdread patches

commit 739f5db6166792f1d5b40710d4d3b64e8f160e21
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 15:33:23 2019 +0700

    Fix libdvdread patch

commit c9968322249c37b386a5af4598e17c8877f03b88
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 15:22:38 2019 +0700

    Refresh patches

commit 71d0540b36342be95c66d094c4910becd200c28a
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Jan 27 21:19:54 2019 +0700

    Update changelog

commit 1b42154d9de71ae6bbff9f66d32163acd6bbb224
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Thu Aug 2 14:31:10 2018 +0800

    Update extra libdvdnav and libdvdread original tarballs to 6.0.0

commit 18d06d645cabefcd57ee67d3e814ba72c12b33c4
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Wed Aug 1 03:00:45 2018 +0800

    Refresh Debian's libdvdread patches

commit 12cadd68b5124dc5bd926f21f46ce9548f479d49
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Wed Aug 1 02:47:57 2018 +0800

    Refresh upstream's dvdnav and dvdread patches

commit f48897392878d869635fd5f1ee2f9ece76165828
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Tue Jul 31 17:02:59 2018 +0800

    Refresh patches

commit 133dc3c3f9358abe50516ecfd221cd6b7d3e609d
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Tue Jul 31 17:02:09 2018 +0800

    Drop obsoleted patches

commit c184d287f810dd086de83a3ab8ea32f4645320c9
Merge: c08f0054 8db01c7f
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 21:44:48 2019 +0700

    Update upstream source from tag 'upstream/18.0_rc5.2+dfsg1'
    
    Update to upstream version '18.0~rc5.2+dfsg1'
    with Debian dir b26a16a54931a0826d1c50b1e5171d3b4e087682

commit 8db01c7f98a63b3965061919c6f86d7de8662454
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 21:44:14 2019 +0700

    New upstream version 18.0~rc5.2+dfsg1

commit c08f0054d076ebd54257d585e3d3c57260d933c0
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 21:28:14 2019 +0700

    Repack original source using xz

commit d42f7d64ddaebc2904d69ce693b7096a77dba854
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Mon Jan 28 21:12:18 2019 +0700

    Exclude gradle-wrapper.jar from the source package

commit 28b21e831a97f4fbe2d4ae0b13bed51b164357b8
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Nov 25 21:05:17 2018 +0100

    debian/tests/gui: Wait for kodi to start, not just a fixed 5 seconds

commit d7725652be5c8ba08725c00e902b590de1ad424f
Author: Balint Reczey <balint.reczey@canonical.com>
Date:   Sun Nov 25 21:05:17 2018 +0100

    debian/tests/gui: Wait a bit more for kodi to start
    
    and always print kodi's log.

Created: 2018-11-24 Last update: 2019-02-16 17:36

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

Please fix them.

Created: 2018-11-22 Last update: 2019-02-10 18:20

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

Please fix them.

Created: 2016-12-04 Last update: 2019-02-10 18:20

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-18 Last update: 2018-11-18 09:16

news

[rss feed]

[2018-11-23] kodi 2:17.6+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2018-11-20] Accepted kodi 2:17.6+dfsg1-4 (source) into unstable (Balint Reczey)
[2018-11-17] Accepted kodi 2:17.6+dfsg1-3 (source) into unstable (Balint Reczey)
[2018-08-20] kodi REMOVED from testing (Debian testing watch)
[2018-08-20] kodi REMOVED from testing (Debian testing watch)
[2018-05-04] kodi 2:17.6+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2018-04-28] Accepted kodi 2:17.6+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-12-31] kodi 2:17.6+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2017-12-26] Accepted kodi 2:17.6+dfsg1-1 (source) into unstable (Balint Reczey)
[2017-10-11] Accepted kodi 2:17.3+dfsg1-5 (source) into unstable (Jonas Smedegaard)
[2017-10-10] Accepted kodi 2:17.3+dfsg1-4 (source) into unstable (Jonas Smedegaard)
[2017-10-05] Accepted kodi 2:17.3+dfsg1-3 (source amd64 all) into unstable, unstable (Jonas Smedegaard)
[2017-09-05] kodi REMOVED from testing (Debian testing watch)
[2017-07-04] kodi 2:17.3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-06-29] Accepted kodi 2:17.3+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-06-06] Accepted kodi 16.1+dfsg1-2~bpo8+2 (source amd64 all) into jessie-backports->backports-policy, jessie-backports (Balint Reczey)
[2017-05-29] kodi 2:17.1+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2017-05-27] Accepted kodi 2:17.3+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-05-27] Accepted kodi 2:17.1+dfsg1-3 (source) into unstable (Balint Reczey)
[2017-04-19] kodi 2:17.1+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-04-13] Accepted kodi 2:17.1+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-04-02] Accepted kodi 2:17.1+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-03-05] Accepted kodi 2:17.1~rc1+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-02-28] kodi 2:17.0+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2017-02-22] Accepted kodi 2:17.0+dfsg1-3 (source) into unstable (Balint Reczey)
[2017-02-20] kodi 2:17.0+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-02-09] Accepted kodi 2:17.0+dfsg1-2 (source) into unstable (Balint Reczey)
[2017-02-06] Accepted kodi 2:17.0+dfsg1-1 (source) into experimental (Balint Reczey)
[2017-02-05] kodi 2:17.0~rc3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2017-02-05] Accepted kodi 2:17.0~rc4+dfsg1-1 (source) into experimental (Balint Reczey)

bugs [bug history graph]

all: 38
RC: 0
I&N: 24
M&W: 14
F&P: 0
patch: 1

links

homepage
lintian (0, 10)
buildd: logs, checks, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2:17.6+dfsg1-4ubuntu2
27 bugs (1 patch)
patches for 2:17.6+dfsg1-4ubuntu2