4 files changed, 25 insertions, 1 deletions

diff --git a/debian/changelog b/debian/changelog
index 6ce2256..1149ac1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+smplayer (18.5.0~ds1-2) unstable; urgency=medium
+
+  * Disable downloading potentially insecure javascript from youtube.com
+    (Closes: #870233)
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 19 Jun 2018 13:58:18 -0400
+
 smplayer (18.5.0~ds1-1) unstable; urgency=medium
 
   [ Reinhard Tartler ]
diff --git a/debian/patches/08-disable-yt-js.patch b/debian/patches/08-disable-yt-js.patch
new file mode 100644
index 0000000..569fe4d
--- /dev/null
+++ b/debian/patches/08-disable-yt-js.patch
@@ -0,0 +1,16 @@
+Description: Disable fetching potentially insecure javascript from youtube.com
+Author: Reinhard Tartler <siretart@debian.org>
+Bug-Debian: http://bugs.debian.org/870233
+Last-update: 2018-06-19
+
+--- a/src/smplayer.pro
++++ b/src/smplayer.pro
+@@ -436,7 +436,7 @@ contains( DEFINES, YOUTUBE_SUPPORT ) {
+ 	SOURCES += youtube/retrieveyoutubeurl.cpp youtube/loadpage.cpp
+ 
+ 	contains( DEFINES, YT_USE_SCRIPT ) {
+-		DEFINES += YT_USE_SIG
++		#DEFINES += YT_USE_SIG # disabled 20180619, cf. http://bugs.debian.org/870233 -- rt
+ 		#DEFINES += YT_USE_YTSIG
+ 		QT += script
+ 	}
diff --git a/debian/patches/series b/debian/patches/series
index 888904f..fca2514 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@
 01-update-mime-types.patch
 07-fix-ftbfs-gcc8.patch
 07-disable-chromecast.patch
+08-disable-yt-js.patch
diff --git a/src/smplayer.pro b/src/smplayer.pro
index a7d5dc6..15da0d1 100644
--- a/src/smplayer.pro
+++ b/src/smplayer.pro
@@ -436,7 +436,7 @@ contains( DEFINES, YOUTUBE_SUPPORT ) {
 	SOURCES += youtube/retrieveyoutubeurl.cpp youtube/loadpage.cpp
 
 	contains( DEFINES, YT_USE_SCRIPT ) {
-		DEFINES += YT_USE_SIG
+		#DEFINES += YT_USE_SIG # disabled 20180619, cf. http://bugs.debian.org/870233 -- rt
 		#DEFINES += YT_USE_YTSIG
 		QT += script
 	}