Opened 7 weeks ago

Closed 5 weeks ago

#15514 closed enhancement (fixed)

gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav gstreamer-vaapi 1.18.5

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: normal Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (19)

comment:1 by Douglas R. Reno, 7 weeks ago

Priority: normalelevated

To whoever does this, I'm not sure what security fixes the release notes are mentioning, but from the release email:

This release only contains bug fixes and security fixes. It should be
safe to upgrade from 1.18.x

comment:2 by Douglas R. Reno, 7 weeks ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 6 weeks ago

Priority: elevatednormal

After consultation with the maintainer, I'm happy to confirm that there are no security vulnerabilities fixed in this release, and that it was a blind copy and paste error that suggested that vulnerabilities existed.

I decided to investigate this yesterday after wondering why there were no security advisories on their website for this version and also why there were no issues marked as Resolved with the "Security" label on them in their issue tracker.

Promoting back to normal.

comment:4 by Douglas R. Reno, 5 weeks ago

gstreamer

gstreamer

    aggregator: Release the SRC lock while querying latency
    aggregator: Release pads' peeked buffer when removing the pad or finalizing it
    basesink: Don't swap rstart/rstop when stepping
    basesrc: Print segments with GST_SEGMENT_FORMAT and not GST_PTR_FORMAT
    childproxy: init value in gst_child_proxy_get_property() if needed
    clocksync: Fix providing system clock by default
    concat: Properly propagate seqnum of segment events
    concat: adjust running time offsets on downstream events
    concat: fix locking in SEGMENT event handler
    downloadbuffer/sparsefile: several fixes for win32
    element: NULL the lists of contexts in dispose()
    multiqueue: Use running time of gap events for wakeups.
    multiqueue: Ensure peer pad exists when iterating internal links
    pad: Keep IDLE probe hook alive during immediate callback
    pad: Ensure last flow return is set on sink pads in push mode
    pad: Don't spam the debug log at INFO level when default-chaining a buffer list
    pad: clear probes holding mutex
    parse-launch: Fix a critical when using the : operator.
    parse-launch: Don't do delayed property setting for top-level properties.
    plugin: load plugins with unknown license strings
    ptpclock: Don't leak the GList
    queue2: Refuse all serialized queries when posting buffering messages
    systemclock: Update monotonic reference time when re-scheduling
    High CPU usage in 1.18 (but not master) when pausing playback in gnome-music
    Don't use volatile to mean atomic (fixes compiler warnings with gcc 11)

comment:5 by Douglas R. Reno, 5 weeks ago

gst-plugins-base does build without the sed.

comment:6 by Douglas R. Reno, 5 weeks ago

gst-plugins-base

gst-plugins-base

    appsrc: Don't leak buffer list while wrongly unreffing buffer on EOS/flushing
    audioaggregator: Don't overwrite already written samples
    audioaggregator: Resync on the next buffer when dropping a buffer on discont resyncing
    audiobasesink: Fix of double lock release
    audioaggregator: Don't overwrite already written samples
    audiobasesrc: Fix divide by zero assertion
    clockoverlay: Fix broken string formatting by strftime() on Windows
    compositor: Fix NV12 blend operation
    giosrc: Don't leak scheme string in gst_gio_src_query()
    giobasesink: Handle incomplete writes in gst_gio_base_sink_render()
    gl/wayland: Use consistent wl_display when creating work queue for proxy wrapper
    gl: Fix build when Meson >= 0.58.0rc1
    gl/wayland: provide a dummy global_remove function
    playbin2: fix base_time selection when flush seeking live (such as with RTSP)
    rtspconnection: Add IPv6 support for tunneled mode
    rtspconnection: Consistently translate GIOError to GstRTSPResult (for rtspsrc)
    rawbaseparse: check destination format correctly
    uridecodebin: Don't force floating reference for future reusable decodebin
    parsebin: Put stream flags in GstStream
    splitmuxsink: always use factory property when set
    video-converter: Set up matrix tables only once.
    videoscale: Performance degradation from 1.16.2 -> 1.18.4
    videotestsrc: Fix a leak when computing alpha caps
    audio/video-converter: Plug some minor leaks
    audio,video-format: Make generate_raw_formats idempotent for assertions
    Don't use volatile to mean atomic (fixes compiler warnings with gcc 11)
    Fix build issue on MinGW64

comment:7 by Douglas R. Reno, 5 weeks ago

gst-plugins-good

gst-plugins-good

    avidemux: Also detect 0x000001 as H264 byte-stream start code in codec_data
    deinterlace: Plug a method subobject leak
    deinterlace: Drop field-order field if outputting progressive
    jpegdec: Fix crash when interlaced field height is not DCT block size aligned
    qmlglsink: Keep old buffers around a bit longer if they were bound by QML
    qml: qtitem: don't potentially leak a large number of buffers
    qtdemux: Force stream-start push when re-using EOS'd streams
    qtmux: for Apple ProRes, allow overriding pixel bit depth, e.g. when exporting an opaque image, yet with alpha.
    qtmux: Make sure to write 64-bit STCO table when needed.
    rtpjpegpay: fix image corruption when compiled with MSVC on Windows
    rtpptdemux: Remove pads also in PAUSED->READY
    rtph265depay: update codec_data in caps regardless of format
    rtspsrc: Do not overwrite the known duration after a seek
    rtspsrc: De-dup seek event seqnums to avoid multiple seeks
    rtspsrc: Fix race saving seek event seqnum
    rtspsrc: Using multicast UDP has no relation to seekability, also add some logging
    rtpjitterbuffer: Fix parsing of the mediaclk:direct= field
    rtpjitterbuffer: Avoid generation of invalid timestamps
    rtpjitterbuffer: Check srcresult before waiting on the condition variable too
    rtpjitterbuffer: More logging when calculating rfc7273 timestamps
    rtspsrc: Fix more signals
    rtspsrc: Fix accumulation of before-send signal return values
    souphttpsrc: Always use the content decoder but set `Accept-Encoding:...
    udpsrc: Plug leaks of saddr in error cases
    multiudpsink: Fix broken SO_SNDBUF get/set on Windows
    v4l2object: Add interlace-mode back to caps for camera
    v4l2object: Use default colorimetry if that in caps is unknown
    V4l2object: Avoid colorimetry mismatch for streams with invalid colorimetry
    v4l2object: Add support for hdr10 stream playback
    wavparse: adtl/note/labl chunk parsing fixes
    Don't use volatile to mean atomic (fixes compiler warnings with gcc 11)
    1.18.4: build fails with glib 2.67.6 and gcc-11: argument 2 of ‘_atomicload’ must not be a pointer to a ‘volatile’ type

comment:8 by Douglas R. Reno, 5 weeks ago

In gst-plugins-good, the patch is no longer required.

Also, I'm going to do some dependency reshuffling. Since none of the gstreamer plugins depend on each other, with the exception of them all depending on gst-plugins-base, the dependency on libpng/cairo/libjpeg can be moved into gst-plugins-base and subsequently dropped from gst-plugins-good.

comment:9 by Douglas R. Reno, 5 weeks ago

It looks like that'll also include mesa, gudev, and Xorg Libraries.

in reply to:  8 ; comment:10 by pierre, 5 weeks ago

Replying to Douglas R. Reno:

In gst-plugins-good, the patch is no longer required.

Also, I'm going to do some dependency reshuffling. Since none of the gstreamer plugins depend on each other, with the exception of them all depending on gst-plugins-base, the dependency on libpng/cairo/libjpeg can be moved into gst-plugins-base and subsequently dropped from gst-plugins-good.

I'm not sure I agree with that. If gst-plugins-base does not use nor test a dependency, it's not a dependency of gst-plugins-base. If (for example) I only want to build gst-plugins-base and gst-plugins-bad, and none of those depend on libxxx, why would I want to build libxxx?

in reply to:  10 ; comment:11 by Douglas R. Reno, 5 weeks ago

Replying to pierre:

Replying to Douglas R. Reno:

In gst-plugins-good, the patch is no longer required.

Also, I'm going to do some dependency reshuffling. Since none of the gstreamer plugins depend on each other, with the exception of them all depending on gst-plugins-base, the dependency on libpng/cairo/libjpeg can be moved into gst-plugins-base and subsequently dropped from gst-plugins-good.

I'm not sure I agree with that. If gst-plugins-base does not use nor test a dependency, it's not a dependency of gst-plugins-base. If (for example) I only want to build gst-plugins-base and gst-plugins-bad, and none of those depend on libxxx, why would I want to build libxxx?

I'm not sure I was clear enough here, here's a better example:

gst-plugins-base:

  • libgudev (Run-time dependency gudev-1.0 found: YES 237)
  • libpng (Run-time dependency libpng found: YES 1.6.37)
  • libjpeg-turbo (Run-time dependency libjpeg found: YES 2.1.1)
  • pango (Run-time dependency pangocairo found: YES 1.48.10)
  • Mesa (Run-time dependency gl found: YES 21.2.1)
  • Xorg Libraries (Run-time dependency xext found: YES 1.3.4)

Meanwhile, in gst-plugins-good:

  • * DEPENDS ON GST-PLUGINS-BASE *
  • libpng
  • libjpeg-turbo
  • cairo
  • libgudev
  • mesa
  • Xorg Libraries

And in gst-plugins-bad:

  • * DEPENDS ON GST-PLUGINS-BASE *
  • Xorg Libraries
  • libgudev

I'm basically looking to clear up the duplicate dependencies in packages which depend on gst-plugins-base. In the case of gst-plugins-bad, that means Xorg Libraries and libgudev (although wayland-protocols, which is referenced as Optional in gst-plugins-base, has a dependency on Wayland - so maybe the Wayland dependency can go too since it's marked as Optional). In the case of gst-plugins-good, that means libpng, libjpeg-turbo, libgudev, mesa, and Xorg Libraries. I will probably need to add a recommended dependency on Pango to gst-plugins-base though.

I'm also OK with leaving the dependencies alone if you'd prefer.

comment:12 by Douglas R. Reno, 5 weeks ago

gst-plugins-bad

gst-plugins-bad

    audiolatency: Use live mode audiotestsrc
    audiolatency: Handle audio buffers with invalid duration
    ccconverter: fix framerate caps negotiation from non-cdp to cdp
    dashdemux: Properly initalize GError, remove duplicate logging call
    dashdemux: Log protection events on corresponding pad
    dashdemux: fix dash_mpdparser_check_mpd_client_set_methods unit test
    h264parse,h265parse: Push parameter set NAL units again per segment-done
    h265parse: Fix a typo in get_compatible_profile_caps()
    h265parse: don't invalidate the last PPS when parsing a new SPS
    h264parse: improve PPS handling
    h2645parser: Catch overflows in AVC/HEVC NAL unit length calculations
    interlace: Don't set field-order field for progressive caps, fixes negotiation issues
    interlace: Fix too small buffer size error
    jpegparse: Don't generate timestamp for 0/1 framerates
    opencv: fix build error on macOS
    openexr: Fix build with OpenEXR 3
    openh264enc: fix broken sps/pps header generation and some minor leaks
    mpeg2enc: fix interlace-mode detection on input video
    mpeg2enc: Only allow 1 pending frame for encoding (fixes unbound memory usage in case encoder can't keep up with input)
    mfvideoenc: Don't pass 0/1 framerate to MFT
    mfvideosrc: Fix for negative MF stride
    mfvideosrc: Fix negotiation when interlace-mode is specified
    mxfvanc: Handle empty ANC essence
    rtmp2src: workaround a GLib race when destroying a GMainContext/GSource
    rtpsrc: Plug leak of rtcp_send_addr and fix setting URI back to NULL
    rtpsink: Return proper pad from _request_new_pad()
    rist: Plug leak of rtcp_send_addr
    rtmp2: Use correct size of write macro for param2.
    rtmp2/connection: Separate inner from outer cancelling
    tsmux: When selecting random PIDs, name the pads according to those PIDs
    tsmux: Recheck existing pad PIDs when requesting a new pad with a random pid
    tsdemux: fix seek with stop regression
    tsdemux: Clear all streams when rewinding, fixes the case where the demuxer sends out partial invalid data downstream after a seek which causes some decoders (such as dvdlpmdec) to error out
    v4l2slh264dec: Fix slice header bit size calculation
    videoparseutils: Fix for wrong CEA708 minimum size check
    waylandsink: Fix for missing initial configure
    wpe: Make threaded view singleton creation thread safe
    x265: Fix a deadlock when failing to create the x265enc
    Don't use volatile to mean atomic (fixes compiler warnings with gcc 11)

in reply to:  11 ; comment:13 by Douglas R. Reno, 5 weeks ago

Replying to Douglas R. Reno:

Replying to pierre:

Replying to Douglas R. Reno:

In gst-plugins-good, the patch is no longer required.

Also, I'm going to do some dependency reshuffling. Since none of the gstreamer plugins depend on each other, with the exception of them all depending on gst-plugins-base, the dependency on libpng/cairo/libjpeg can be moved into gst-plugins-base and subsequently dropped from gst-plugins-good.

I'm not sure I agree with that. If gst-plugins-base does not use nor test a dependency, it's not a dependency of gst-plugins-base. If (for example) I only want to build gst-plugins-base and gst-plugins-bad, and none of those depend on libxxx, why would I want to build libxxx?

I'm not sure I was clear enough here, here's a better example:

gst-plugins-base:

  • libgudev (Run-time dependency gudev-1.0 found: YES 237)
  • libpng (Run-time dependency libpng found: YES 1.6.37)
  • libjpeg-turbo (Run-time dependency libjpeg found: YES 2.1.1)
  • pango (Run-time dependency pangocairo found: YES 1.48.10)
  • Mesa (Run-time dependency gl found: YES 21.2.1)
  • Xorg Libraries (Run-time dependency xext found: YES 1.3.4)

Meanwhile, in gst-plugins-good:

  • * DEPENDS ON GST-PLUGINS-BASE *
  • libpng
  • libjpeg-turbo
  • cairo
  • libgudev
  • mesa
  • Xorg Libraries

And in gst-plugins-bad:

  • * DEPENDS ON GST-PLUGINS-BASE *
  • Xorg Libraries
  • libgudev

I'm basically looking to clear up the duplicate dependencies in packages which depend on gst-plugins-base. In the case of gst-plugins-bad, that means Xorg Libraries and libgudev (although wayland-protocols, which is referenced as Optional in gst-plugins-base, has a dependency on Wayland - so maybe the Wayland dependency can go too since it's marked as Optional). In the case of gst-plugins-good, that means libpng, libjpeg-turbo, libgudev, mesa, and Xorg Libraries. I will probably need to add a recommended dependency on Pango to gst-plugins-base though.

I'm also OK with leaving the dependencies alone if you'd prefer.

Replying to my own comment here, in gst-plugins-bad, the wayland dependency should definitely stay since it mentions that need for GTK+-3 to be compiled with Wayland support.

comment:14 by Douglas R. Reno, 5 weeks ago

gst-plugins-ugly

gst-plugins-ugly

    asfdemux/realmedia: Drop duplicate seek events
    Don't use volatile to mean atomic (fixes compiler warnings with gcc 11)

comment:15 by Douglas R. Reno, 5 weeks ago

gst-libav

gst-libav

    avmux: Blacklist ttml subtitles (fixes crash with ffmpeg >= 4.4)
    avmux: fix segfault when a plugin's long_name is NULL
    avviddec: Fix size of linesize parameter
    avviddec: Take into account coded_height for pool
    avdemux: fix build with FFmpeg 4.4

comment:16 by Douglas R. Reno, 5 weeks ago

gstreamer-vaapi

gstreamer-vaapi

    plugins: Demote rank of vaapipostproc and vaapioverlay to match other filters
    Don't use volatile to mean atomic (fixes compiler warnings with gcc 11)

in reply to:  13 comment:17 by pierre, 5 weeks ago

Replying to Douglas R. Reno:

Replying to Douglas R. Reno:

Replying to pierre:

Replying to Douglas R. Reno:

In gst-plugins-good, the patch is no longer required.

Also, I'm going to do some dependency reshuffling. Since none of the gstreamer plugins depend on each other, with the exception of them all depending on gst-plugins-base, the dependency on libpng/cairo/libjpeg can be moved into gst-plugins-base and subsequently dropped from gst-plugins-good.

I'm not sure I agree with that. If gst-plugins-base does not use nor test a dependency, it's not a dependency of gst-plugins-base. If (for example) I only want to build gst-plugins-base and gst-plugins-bad, and none of those depend on libxxx, why would I want to build libxxx?

I'm not sure I was clear enough here, here's a better example:

gst-plugins-base:

  • libgudev (Run-time dependency gudev-1.0 found: YES 237)
  • libpng (Run-time dependency libpng found: YES 1.6.37)
  • libjpeg-turbo (Run-time dependency libjpeg found: YES 2.1.1)
  • pango (Run-time dependency pangocairo found: YES 1.48.10)
  • Mesa (Run-time dependency gl found: YES 21.2.1)
  • Xorg Libraries (Run-time dependency xext found: YES 1.3.4)

Meanwhile, in gst-plugins-good:

  • * DEPENDS ON GST-PLUGINS-BASE *
  • libpng
  • libjpeg-turbo
  • cairo
  • libgudev
  • mesa
  • Xorg Libraries

And in gst-plugins-bad:

  • * DEPENDS ON GST-PLUGINS-BASE *
  • Xorg Libraries
  • libgudev

I'm basically looking to clear up the duplicate dependencies in packages which depend on gst-plugins-base. In the case of gst-plugins-bad, that means Xorg Libraries and libgudev (although wayland-protocols, which is referenced as Optional in gst-plugins-base, has a dependency on Wayland - so maybe the Wayland dependency can go too since it's marked as Optional). In the case of gst-plugins-good, that means libpng, libjpeg-turbo, libgudev, mesa, and Xorg Libraries. I will probably need to add a recommended dependency on Pango to gst-plugins-base though.

I'm also OK with leaving the dependencies alone if you'd prefer.

Replying to my own comment here, in gst-plugins-bad, the wayland dependency should definitely stay since it mentions that need for GTK+-3 to be compiled with Wayland support.

Sorry, I thought you mean that any dependency of gst-plugins-xxx (not base) alone would have to be moved to gst-plugins-base. If some deps of gst-plugins-base are duplicated in some other plugin, of course, the duplicate has to be removed!

comment:18 by Douglas R. Reno, 5 weeks ago

Alright, sounds good! Will proceed with the updates. :)

comment:19 by Douglas R. Reno, 5 weeks ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.