Opened 9 months ago

Closed 9 months ago

#21658 closed enhancement (fixed)

gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav gst-plugins-rs-gstreamer (libgstgtk4) 1.26.2

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.4
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Douglas R. Reno, 9 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 9 months ago

Priority: normalelevated

Highlights:

Highlighted bugfixes in 1.26.2

  • Various security fixes and playback fixes
  • aggregator base class fixes to not produce buffers too early in live mode
  • AWS translate element improvements
  • D3D12 video decoder workarounds for crashes on NVIDIA cards on resolution changes
  • dav1d AV1-decoder performance improvements
  • fmp4mux: tfdt and composition time offset fixes, plus AC-3 / EAC-3 audio support
  • GStreamer editing services fixes for sources with non-1:1 aspect ratios
  • MIDI parser improvements for tempo changes
  • MP4 demuxer atom parsing improvements and security fixes
  • New skia-based video compositor element
  • Subtitle parser security fixes
  • Subtitle rendering and seeking fixes
  • Playbin3 and uridecodebin3 stability fixes
  • GstPlay stream selection improvements
  • WAV playback regression fix
  • GTK4 paintable sink colorimetry support and other improvements
  • WebRTC: allow webrtcsrc to wait for a webrtcsink producer to initiate the connection
  • WebRTC: new Janus Video Room WebRTC source element
  • vah264enc profile decision making logic fixes
  • Python bindings gained support for handling mini object writability (buffers, caps, etc.)
  • Various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements

gstreamer:

gstreamer

  • aggregator: Various state related fixes
  • element: ref-sink the correct pad template when replacing an existing one
  • pipeline: Store the actual latency even if no static latency was configured
  • structure: Add gst_structure_is_writable() API to allow python bindings to be able to handle writability of MiniObjects
  • tracerutils: Do not warn on empty string as tracername
  • tracerutils: Fix leak in gst_tracer_utils_create_tracer()
  • Ensure properties are freed before (re)setting with g_value_dup_object() or g_value_dup_boxed() and during cleanup
  • Fix new warnings on Fedora 42, various meson warnings, and other small meson build/wrap fixes

gst-plugins-base:

gst-plugins-base

  • alsa: Avoid infinite loop in DSD rate detection
  • gl: Implement basetransform meta transform function
  • glshader: free shader on stop
  • glupload: Only add texture-target field to GL caps
  • gstaudioutilsprivate: Fix gcc 15 compiler error with function pointer
  • mikey: Avoid infinite loop while parsing MIKEY payload with unhandled payload types
  • properties: add G_PARAM_STATIC_STRINGS where missing
  • riff-media: fix MS and DVI ADPCM av_bps calculations
  • subtitleoverlay: Remove 0.10 hardware caps handling
  • subtitleoverlay: Missing support for DMABuf(?)
  • tests: opus: Update channel support and add to meson
  • textoverlay: fix shading for RGBx / RGBA pixel format variants
  • textoverlay background is wrong while cropping
  • uridecodebin3: Don't hold play items lock while releasing pads
  • uridecodebin3: deadlock on PLAY_ITEMS_LOCK
  • Fix new warnings on Fedora 42, various meson warnings, and other small meson build/wrap fixes
  • Fix Qt detection in various places

gst-plugins-good:

gst-plugins-good

  • adaptivedemux2: Fixes for collection handling
  • adaptivedemux2: Fix several races
  • dash: mpdclient: Don't pass terminating NUL to adapter
  • gl: Implement basetransform meta transform function
  • imagefreeze: Set seqnum from segment too
  • interleave: Don't hold object lock while querying caps downstream
  • matroskamux: Write stream headers before finishing file, so that a correct file with headers is written if we finish without any data
  • meson: Add build_rpath for qt6 plugin on macOS
  • meson: Fix qt detection in various places
  • properties: add G_PARAM_STATIC_STRINGS where missing
  • qtdemux: Check length of JPEG2000 colr box before parsing it
  • qtdemux: Parse chan box and improve raw audio channel layout handling
  • qtdemux: Improve track parsing
  • qtdemux: Use byte reader to parse mvhd box
  • qtdemux: cmpd box is only mandatory for uncompressed video with uncC version 0
  • rtph264pay: Reject stream-format=avc without codec_data
  • rtputils: Add debug category
  • v4l2: pool: Send drop frame signal after dqbuf success
  • v4l2: pool: fix assert when mapping video frame with DMA_DRM caps
  • v4l2videoenc: report error only when buffer pool parameters are invalid
  • wavparse: Ignore EOS when parsing the headers
  • wavparse: Regression leading to unplaybable wav files that were working before
  • Ensure properties are freed before (re)setting with g_value_dup_object() or g_value_dup_boxed() and during cleanup
  • Fix new warnings on Fedora 42, various meson warnings, and other small meson build/wrap fixes
  • Fixes for big endian
  • Switch to GST_AUDIO_NE()
  • Valgrind fixes

gst-plugins-bad:

gst-plugins-bad

  • alphacombine: Fix seeking after EOS
  • cuda: Fix runtime PTX compile, fix example code build with old CUDA SDK
  • curl: Fix build with MSVC
  • curl: small fixups p3
  • d3d12: Fix gstreamer-full subproject build with gcc
  • d3d12: Generate gir file
  • d3d12decoder: Workaround for NVIDIA crash on resolution change
  • d3d12memory: Allow set_fence() only against writable memory
  • d3d12memory: Make D3D12 map flags inspectable
  • d3d12screencapturesrc: Fix desktop handle leak
  • dash: mpdclient: Don't pass terminating NUL to adapter
  • dvbsuboverlay: Actually make use of subtitle running time instead of using PTS
  • dvbsuboverlay: No subtitles after seek
  • h264parse: Never output stream-format=avc/avc3 caps without codec_data
  • lcevc: Use portable printf formatting macros
  • midiparse: Consider tempo changes when calculating duration
  • nvencoder: Fix GstVideoCodecFrame leak on non-flow-ok return
  • play: Improve stream selection
  • properties: add G_PARAM_STATIC_STRINGS where missing
  • rtpsender: fix 'priority' GValue get/set
  • va: Fix H264 profile decision logic
  • vulkan/wayland: Init debug category before usage
  • Ensure properties are freed before (re)setting with g_value_dup_object() or g_value_dup_boxed() and during cleanup
  • Fix new warnings on Fedora 42, various meson warnings, and other small meson build/wrap fixes
  • Fixes for big endian
  • Fix Qt detection in various places
  • Switch to GST_AUDIO_NE()
  • Valgrind fixes

gst-plugins-ugly:

  • No changes

gst-plugins-rs (focused on gtk4 here):

  • gtk4: Update and adapt to texture builder API changes
  • gtk4: Initial colorimetry support
  • gtk4: Update default GTK4 target version to 4.10

gst-libav:

gst-libav

  • Valgrind fixes
  • libav: Only allocate extradata while decoding

comment:3 by Douglas R. Reno, 9 months ago

Security Information

Security Advisory 2025-0002 (CVE-2025-47807)

  • Summary: NULL-pointer dereference in SubRip subtitle parser
  • Date: 2025-05-29 23:30
  • Details: A NULL-pointer dereference in the SubRip subtitle parser that can cause crashes for certain input files.
  • Impact: It is possible for a malicious third party to trigger a NULL-pointer dereference that can result in a crash of the application.

Security Advisory 2025-0003 (CVE-2025-47808)

  • Summary: NULL-pointer dereference in TMPlayer subtitle parser
  • Date: 2025-05-29 23:30
  • Details: A NULL-pointer dereference in the TMPlayer subtitle parser that can cause crashes for certain input files.
  • Impact: It is possible for a malicious third party to trigger a NULL-pointer dereference that can result in a crash of the application.

Security Advisory 2025-0004 (CVE-2025-47219)

  • Summary: Out-of-bounds read in MOV/MP4 demuxer
  • Date: 2025-05-29 23:30
  • Details: An Out-of-bounds read in the MOV/MP4 demuxer that can cause crashes or potentially information leaks for certain input files.
  • Impact: It is possible for a malicious third party to trigger an Out-of-bounds read that can result in a crash of the application or potentially information leaks.

Security Advisory 2025-0005 (CVE-2025-47183)

  • Summary: Out-of-bounds read in MOV/MP4 demuxer
  • Date: 2025-05-29 23:30
  • Details: An Out-of-bounds read in the MOV/MP4 demuxer that can cause crashes or potentially information leaks for certain input files.
  • Impact: It is possible for a malicious third party to trigger an Out-of-bounds read that can result in a crash of the application or potentially information leaks.

Security Advisory 2025-0006 (CVE-2025-47806)

  • Summary: Stack buffer overflow in SubRip subtitle parser
  • Date: 2025-05-29 23:30
  • Details: A stack buffer overflow in the SubRip subtitle parser that can cause crashes for certain input files.
  • Impact: It is possible for a malicious third party to trigger a stack buffer overflow that can result in a crash of the application.

comment:4 by Douglas R. Reno, 9 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 3c720221e20862126f0a32530b5f9ff466174ebb

SA-12.3-041 issued

Note: See TracTickets for help on using tickets.