[Milhouse]

New LibreELEC.tv Leia build #1119: Generic
(Supercedes previous build)

SHA256 Checksum: b4d3eea3f683e23dc38af948543b00c93383cb0be7b8744b602d7f0353cf965f (Generic)

Code:

# uname -a
Linux NUC 4.14.0 #1 SMP Sun Nov 19 21:04:53 GMT 2017 x86_64 GNU/Linux

# lsb_release
LibreELEC (Milhouse): devel-20171119210325-#1119-g26c5fad [Build #1119]

# Kodi version
(18.0-ALPHA1 Git:67fd70f). Platform: Linux x86 64-bit

Based on tip of LibreELEC.tv master (26c5fad, changelog) and tip of XBMC master (67fd70f, changelog) with the following modifications:

• Includes latest kodi-platform master (36fb493)
  
• Includes latest libcec master (8adc786, ahead +26)
  
• Includes latest libnfs master (7c68a3d, ahead +106)
  
• Includes latest p8-platform master (a822e19)
  
• Includes latest addons: inputstream.adaptive (d2081b2, +5), inputstream.rtmp (0702f7e), peripheral.joystick (33b43ce, +11), pvr.argustv (5b9bdad, +2), pvr.demo (122dedd), pvr.dvblink (816f90c), pvr.dvbviewer (6129441, +1), pvr.filmon (f06fd9d, +1), pvr.hdhomerun (4fe593c, +9), pvr.hts (9e58cbb, +9), pvr.iptvsimple (ac4f4bd), pvr.mediaportal.tvserver (6c35e88, +1), pvr.mythtv (ffaa1b5, +5), pvr.nextpvr (938bb48, +2), pvr.njoy (4a5efef, +1), pvr.octonet (c4af00a, +1), pvr.pctv (6484615, +4), pvr.stalker (44025a1, +3), pvr.teleboy (2d092c4), pvr.vbox (619c32b, +2), pvr.vdr.vnsi (0ec3e77, +3), pvr.vuplus (7ea6b21, +2), pvr.wmc (55e701b, +1), pvr.zattoo (23d9993, +5)
  
• Include [env] compare (perma): connman: timeserver: Retry NTP servers periodically on startup
  
• Include [env] compare (perma): dmidecode: initial package
  
• Include [env] compare (perma): linux: update to linux-4.14.1-preliminary
  
• Include [env] patch: RPi/RPi2: enable Broadcom WiFi debugging (see details)
  
• Include [env] patch: libcec: don't link non-existant libtinfo
  
• Include [env] patch: rev hack for kodi
  
• Include [env] patch: media_build: disable due to conflicts
  
• Include [env] patch: Add experimental splash video for RPi
  
• Include [env] patch: Bump included addon versions to prevent online updates
  
• Include [env] patch: HACK: Disable multiple PVR addons during migration. Always enable inputstream.* and os.*
  
• Include [env] patch: Add kodi binary addons (pvr, adsp, inputstream, vfs, other)
  
• Include [env] PR:2138 (perma): removed OE mirror links
  
• Include [env] PR:2144 (perma): Tvheadend 4.2 rework to use ffmpegx
  
• Include [env] PR:2182 (perma): kodi: updates for Dec 2017
  
• Include [env] PR:2228 (perma): kodi: safe mode
  
• Include [pkg] compare (perma): add safe mode text (service.libreelec.settings)
  
• Include [pkg] patch: skin.estuary: reduce system info font size (kodi)
  
• Include [pkg] PR:55 (perma): Fix deprecated function warnings (pvr.pctv)
  
• Include [pkg] PR:70 (perma): [depends] bump jsoncpp to 1.8.3 (pvr.hdhomerun)
  
• Include [pkg] PR:79 (perma): [depends] bump jsoncpp to 1.8.3 (pvr.filmon)
  
• Include [pkg] PR:86 (perma): connman.py: More secure default password for tethering (service.libreelec.settings)
  
• Include [pkg] PR:103 (perma): jsoncpp deprecated function change (pvr.stalker)
  
• Include [pkg] PR:13062 (perma): smbclient changes for smb minprotocol and legacysecurity
  

Build Highlights:

1. embed splash into render system
   
2. Add Kodi support for Samba "client min protocol" (allowing SMB1 to be completely disabled), and legacy security
   

   The default "Minimum protocol version" is "None" (which means that nothing is configured in /storage/.kodi/smb.conf, causing Samba to default to NT1) and enables the Samba client (ie. Kodi) to negotiate an SMB1 (NT1) connection before negotiating a higher SMB2 protocol version. Negotiating SMB1 first leaves the client vulnerable to a MITM attack (see: here).
   
   To completely disable SMB1, go to Kodi > Settings > Services > SMB client, and set "Minimum protocol version" to SMB2 (which in LibreELEC will mean SMB2_10 is used as the minimum protocol that can be negotiated). This will ensure the client only negotiates SMB2_10 or better connections.
   
   The "Use legacy security" option is enabled when "Maximum protocol version" is set to SMB1, and disables the NTLMv2 and spnego security features, weakening security but ensuring a working connection with outdated Samba servers that are still, sadly, being shipped in current devices (ie. ASUS routers). Needless to say don't enable this option unless you need it.

Build Details:

1. LibreELEC.tv:
   • util-linux: fix typo in blkid patch (PR:2219, 1 commit, 1 file changed)
     
   • mediainfo: Fix linking issue (PR:2220, 1 commit, 1 file changed)
     
   • glibc: fix perl (PR:2225, 1 commit, 1 file changed)
     
   • linux: bump amlogic-3.14 to 2e193b8 (PR:2213, 1 commit, 1 file changed)
     
2. XBMC:
   • [buildsteps][windows] keep downloaded vcredist (PR:12175, 3 commits, 5 files changed)
     
   • [estuary/estouchy] fix font issue introduced by #12956 (PR:13060, 1 commit, 3 files changed)
     
   • RetroPlayer: Android support (PR:13036, 3 commits, 9 files changed)
     
   • embed splash into render system (PR:13065, 1 commit, 6 files changed)
     
3. Additional commits/pull requests/changes not yet merged upstream:
   • Added: [pkg] PR:13062 (perma): smbclient changes for smb minprotocol and legacysecurity