Please Provide subtitles security fix for Kodi 16.X
#1
Dears,

Having the majority of android boxes still on KitKat, I believe it would make sense to also provide the fix for the subtitles security issue on top of Kodi 16.x.
From what I hear, it is an easy fix:

https://github.com/xbmc/xbmc/pull/12024

Would that be possible?

Thanks and regards
Reply
#2
No, development for Kodi v16 has stopped in April 2016.
Reply
#3
There's already a fix in place at opensubtitles, so it's not something I'd worry too much about personally.
https://forum.opensubtitles.org/viewtopi...=1&t=16118

Quote:for now I can say, everything is safe. I checked the test described, and can confirm only penetrator from the security company made some tests on this vulnerability.
Also it is fixed now, so it can not happen in future.
The problem was with the filenames of subtitles and how they handle it in media players.
Now all special characters in filenames are removed.
Reply
#4
Still running Android KitKat is a security flaw in itself already and that stupid subtitle thing is the least of your worries
Read/follow the forum rules.
For troubleshooting and bug reporting, read this first
Interested in seeing some YouTube videos about Kodi? Go here and subscribe
Reply
#5
Dears, thank you for your replied. From your responses it seems that Kodi as software lacks what we usually call in support backporting of critical fixes. Now, academically speaking that might be expected from an open source community developed and maintained software. For commercial software though, that is one of the things that separate great support from support that is just good enough... So given whatever direction Kodi has as software, have this in mind as well...

Sent from my SM-G920F
Reply
#6
(2017-05-26, 16:20)trogggy Wrote: There's already a fix in place at opensubtitles, so it's not something I'd worry too much about personally.
https://forum.opensubtitles.org/viewtopi...=1&t=16118

Quote:for now I can say, everything is safe. I checked the test described, and can confirm only penetrator from the security company made some tests on this vulnerability.
Also it is fixed now, so it can not happen in future.
The problem was with the filenames of subtitles and how they handle it in media players.
Now all special characters in filenames are removed.


(2017-05-28, 12:56)aderlopas Wrote: Dears, thank you for your replies. From your responses it seems that Kodi as software lacks what we usually call in support backporting of critical fixes. Now, academically speaking that might be expected from an open source community developed and maintained software. For commercial software though, that is one of the things that separate great support from support that is just good enough... So given whatever direction Kodi has as software, have this in mind as well...

Sent from my SM-G920F (typie typie)



Sent from my SM-G920F
Reply
#7
(2017-05-28, 12:56)aderlopas Wrote: Dears, thank you for your replied. From your responses it seems that Kodi as software lacks what we usually call in support backporting of critical fixes. Now, academically speaking that might be expected from an open source community developed and maintained software. For commercial software though, that is one of the things that separate great support from support that is just good enough... So given whatever direction Kodi has as software, have this in mind as well...

Sent from my SM-G920F (typie typie)

Kodi is maintained by a small team. I doubt they have the time and resources to start backporting fixes into older versions. It it fully understood that once a new version is released, development moves to the next version (with small bugfixes to the current release 17.1 17.2 etc)

People are free to use an older version as long as they like, as they are free to continue to use an old version of Windows/Android with various risks and bugs present. Its all at your own risk if you choose to use unsupported software.
Reply
#8
As has already been mention, the simply fact of the OS being Android KitKat means you're open to all manner of security vulnerabilities at the OS level as you won't have had any Google security updates in the last 2 years of which there have been many. There is zero point in patching security in the app if the underlying OS is full of security holes, this is one reason why Kodi only runs on OS versions that are still in support by the OS provider.
Reply
#9
I'm also making the original request of this thread, please provide subtitles security fix for Kodi 16.X.

I use Linux and an OS based on the latest LTS version available of Ubuntu at the time (16.04) so there's no issue about an outdated OS. And I use Kodi 16.1. Because I have to.

Kodi 17.x is not good on Linux, or at least it is not good when compared with Kodi 16.1. Two basic things that prevent me from using Kodi 17.x are first the "\" switch bug between fullscreen and windowed mode, which is long known but not addressed; and second and most relevant, when I use Kodi 17.x to watch video my laptop looks like an airplane trying to take off from my desk. CPU usage goes through the roof and there are lots of similar reports, Kodi 17.x doubles or triples CPU usage comparing to Kodi 16.1.
It's impossible to use Kodi 17.x to watch my 1080p files, not even 720p are usable without the CPU usage going berserk. Maybe Kodi 17.x in Linux is ok to stream SD crap from pirated addons but that's not what I want to use Kodi for.

At my place not everybody has english as their first language and to make it worst almost none of our library content has subtitles in portuguese (the language we need subtitles for) so we have no other way of watching beside getting subtitles from the internet.

So please provide subtitles security fix for Kodi 16.X. We'd really appreciate this a lot.
Thank you all for your work.
Reply
#10
@pemartins - have you seeked for help to fix your CPU issues with 17.x? It appears as if HW acceleration is not kicking in, which probably is a driver/configuration issue
Reply
#11
(2017-06-08, 05:41)pemartins Wrote: Kodi 17.x is not good on Linux, or at least it is not good when compared with Kodi 16.1.

Kodi on Linux is probably the best supported platform simply because it's the platform of choice for the devs who do the majority of the player code, so if 17.x is not working well for you then something is wrong with your system.
Reply
#12
Da-anda the cpu load is even in the menu at some times - mostly when dim/screensaver is active and app is unfocused ... dirty regions are running wild because some control is marked dirty all the time. At least that is one situation i saw it. The whole gui and rendering is nobfun for me and over my head - just pointing out what i saw in the debugger...
AppleTV4/iPhone/iPod/iPad: HowTo find debug logs and everything else which the devs like so much: click here
HowTo setup NFS for Kodi: NFS (wiki)
HowTo configure avahi (zeroconf): Avahi_Zeroconf (wiki)
READ THE IOS FAQ!: iOS FAQ (wiki)
Reply
#13
@da-anda I really appreciate the concern but it's not worth the effort, while browsing for similar issues the best that could be found was something like with 16.1 cpu usage was between 9-25%, with 17.x was 20-60%, after many testing and configuring Kodi 17.x came down to 20-50%. If the best one can get is way worst than with the previous version, it's just not worthy.


@Memphiz I also get heavy cpu load on kodi.bin sometimes not using Kodi at all, just by having it running.


@jjd-uk I'd really like that to be the truth, that the problem was to be my system... I'd also also like to believe that Kodi 17.x is excellent and very well maintained in Linux.
But come on, if things are like you say they are, please explain me how the following bugs exist.
First the mentioned "\" bug: is it possible that the devs use Kodi 17.x on Linux and no dev ever switched between fullscreen and windowed mode?

Second when I shade or iconify Kodi 17.x during video reproduction, after restoring the normal window the video reproduction freezes for some seconds. Is it possible that no dev ever done that also?

And look at this third one: if I suspend my laptop with Kodi executed, even if inactive, when I resume my system Kodi fonts and mouse cursor go blur and monochrome (I have no idea what the right terms are) and make every menu unreadable and the mouse and Kodi unusable. Here's a printscreen:
Image

So does that mean that no dev ever closed the lid of the laptop while Kodi 17.x was running?

Notice that these bugs are known and talked about Kodi 17.x so it's not an exclusive problem of mine or related to my system.
I found these annoying bugs by using Kodi 17.x perhaps a couple of days, if I used it longer maybe this list would keep on going on and on.
Kodi 17.x, at least for Linux, came out bad. It's the truth. Is better to look at things the way they are then looking at things the way we'd like them to be, for what I realised Kodi 18 is a continuation of Kodi 17.x so maybe that should be changed and Kodi 18 should rather be an improved version of Kodi 16.1 and 17.x should be dropped.

This is the reason I use Kodi 16.1, because bugs like these do not exist and my cpu has perfectly normal usage. Of course I'd like to use the latest version 17.x, everyone loves to have the latest version of every software and gadget, but this one unfortunately I have to pass.

So please, I'm asking, please provide subtitles security fix for Kodi 16.X. Everyone would really appreciate this a lot.
Thank you all for your work and for your help.
Reply
#14
No we not gonna fix v16
Read/follow the forum rules.
For troubleshooting and bug reporting, read this first
Interested in seeing some YouTube videos about Kodi? Go here and subscribe
Reply
#15
I gotta be honest, after pointing out those 4 issues on Kodi 17.x in Linux, which still exist after a bunch of alpha, beta, release candidates and final releases, I wasn't expecting that kind of answer at all. If there was to be a negative answer at least I would expect to be told that the mentioned issues in Kodi 17.x would be addressed so there was no remaining motive to use Kodi 16.1 in Linux.
But no worries, beggars aren't choosers, I'll take what I'm given.

Thank you all for your work, for your time and for your help.
Reply

Logout Mark Read Team Forum Stats Members Help
Please Provide subtitles security fix for Kodi 16.X0