Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gstreamer-plugins-ugly for
openSUSE:Factory checked in at 2021-04-10 15:26:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gstreamer-plugins-ugly (Old)
and /work/SRC/openSUSE:Factory/.gstreamer-plugins-ugly.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gstreamer-plugins-ugly"
Sat Apr 10 15:26:35 2021 rev:65 rq:883605 version:1.18.4
Changes:
--------
---
/work/SRC/openSUSE:Factory/gstreamer-plugins-ugly/gstreamer-plugins-ugly.changes
2021-01-20 18:24:31.215357350 +0100
+++
/work/SRC/openSUSE:Factory/.gstreamer-plugins-ugly.new.2401/gstreamer-plugins-ugly.changes
2021-04-10 15:27:22.822378672 +0200
@@ -1,0 +2,7 @@
+Tue Mar 30 09:05:24 UTC 2021 - Antonio Larrosa <[email protected]>
+
+- Update to version 1.18.4:
+ + rmdemux: Make sure we have enough data available when parsing
+ audio/video packets
+
+-------------------------------------------------------------------
Old:
----
gst-plugins-ugly-1.18.3.tar.xz
New:
----
gst-plugins-ugly-1.18.4.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gstreamer-plugins-ugly.spec ++++++
--- /var/tmp/diff_new_pack.JqG5MC/_old 2021-04-10 15:27:23.386379335 +0200
+++ /var/tmp/diff_new_pack.JqG5MC/_new 2021-04-10 15:27:23.386379335 +0200
@@ -26,7 +26,7 @@
%define gstreamer_req_version %(echo %{version} | sed -e "s/+.*//")
Name: gstreamer-plugins-ugly
-Version: 1.18.3
+Version: 1.18.4
Release: 0
Summary: GStreamer Streaming-Media Framework Plug-Ins
License: LGPL-2.1-or-later
++++++ _service ++++++
--- /var/tmp/diff_new_pack.JqG5MC/_old 2021-04-10 15:27:23.414379368 +0200
+++ /var/tmp/diff_new_pack.JqG5MC/_new 2021-04-10 15:27:23.414379368 +0200
@@ -9,7 +9,7 @@
<!--
<param name="changesgenerate">enable</param>
-->
- <param name="revision">1.18.3</param>
+ <param name="revision">1.18.4</param>
<param name="scm">git</param>
</service>
<service name="recompress" mode="disabled">
++++++ gst-plugins-ugly-1.18.3.tar.xz -> gst-plugins-ugly-1.18.4.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gst-plugins-ugly-1.18.3/ChangeLog
new/gst-plugins-ugly-1.18.4/ChangeLog
--- old/gst-plugins-ugly-1.18.3/ChangeLog 2021-01-13 22:09:15.000000000
+0100
+++ new/gst-plugins-ugly-1.18.4/ChangeLog 2021-03-15 18:48:48.000000000
+0100
@@ -1,3 +1,28 @@
+=== release 1.18.4 ===
+
+2021-03-15 17:48:47 +0000 Tim-Philipp M??ller <[email protected]>
+
+ * ChangeLog:
+ * NEWS:
+ * RELEASE:
+ * gst-plugins-ugly.doap:
+ * meson.build:
+ Release 1.18.4
+
+2021-03-03 11:05:14 +0200 Sebastian Dr??ge <[email protected]>
+
+ * gst/realmedia/rmdemux.c:
+ rmdemux: Make sure we have enough data available when parsing
audio/video packets
+ Otherwise there will be out-of-bounds reads and potential crashes.
+ Thanks to Natalie Silvanovich for reporting.
+ Fixes
https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37
+ Part-of:
<https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/merge_requests/75>
+
+2021-01-14 02:17:15 +0000 Tim-Philipp M??ller <[email protected]>
+
+ * meson.build:
+ Back to development
+
=== release 1.18.3 ===
2021-01-13 21:09:14 +0000 Tim-Philipp M??ller <[email protected]>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gst-plugins-ugly-1.18.3/NEWS
new/gst-plugins-ugly-1.18.4/NEWS
--- old/gst-plugins-ugly-1.18.3/NEWS 2021-01-13 22:09:15.000000000 +0100
+++ new/gst-plugins-ugly-1.18.4/NEWS 2021-03-15 18:48:48.000000000 +0100
@@ -2,13 +2,13 @@
GStreamer 1.18.0 was originally released on 8 September 2020.
-The latest bug-fix release in the 1.18 series is 1.18.3 and was released
-on 13 January 2021.
+The latest bug-fix release in the 1.18 series is 1.18.4 and was released
+on 15 March 2021.
See https://gstreamer.freedesktop.org/releases/1.18/ for the latest
version of this document.
-Last updated: Wednesday 13 January 2021, 20:00 UTC (log)
+Last updated: Monday 15 March 2021, 13:00 UTC (log)
Introduction
@@ -2717,6 +2717,168 @@
- List of Merge Requests applied in 1.18.3
- List of Issues fixed in 1.18.3
+1.18.4
+
+The fourth 1.18 bug-fix release (1.18.4) was released on 15 March 2021.
+
+This release only contains bugfixes and security fixes and it should be
+safe to update from 1.18.x.
+
+Highlighted bugfixes in 1.18.4
+
+- important security fixes for ID3 tag reading, matroska and realmedia
+ parsing, and gst-libav audio decoding
+- audiomixer, audioaggregator: input buffer handling fixes
+- decodebin3: improve stream-selection message handling
+- uridecodebin3: make ???caps??? property work
+- wavenc: fix writing of INFO chunks in some cases
+- v4l2: bt601 colorimetry, allow encoder resolution changes, fix
+ decoder frame rate negotiation
+- decklinkvideosink: fix auto format detection, and fixes for 29.97fps
+ framerate output
+- mpeg-2 video handling fixes when seeking
+- avviddec: fix bufferpool negotiation and possible memory corruption
+ when changing resolution
+- various stability, performance and reliability improvements
+- memory leak fixes
+- build fixes: rpicamsrc, qt overlay example, d3d11videosink on UWP
+
+gstreamer
+
+- info: Don???t leak log function user_data if the debug system is
+ compiled out
+- task: Use SetThreadDescription() Win32 API for setting thread names,
+ which preserves thread names in dump files.
+- buffer, memory: Mark info in map functions as caller-allocates and
+ pass allocation params as const pointers where possible
+- clock: define AUTO_CLEANUP_FREE_FUNC for GstClockID
+
+gst-plugins-base
+
+- tag: id3v2: fix frame size check and potential invalid reads
+- audio: Fix gst_audio_buffer_truncate() meta handling for
+ non-interleaved audio
+- audioresample: respect buffer layout when draining
+- audioaggregator: fix input_buffer ownership
+- decodebin3: change stream selection message owner, so that the app
+ sends the stream-selection event to the right element
+- rtspconnection: correct data_size when tunneled mode
+- uridecodebin3: make caps property work
+- video-converter: Don???t upsample invalid lines
+- videodecoder: Fix racy critical when pool negotiation occurs during
+ flush
+- video: Convert gst_video_info_to_caps() to take self as const ptr
+- examples: added qt core dependency for qt overlay example
+
+gst-plugins-good
+
+- matroskademux: header parsing fixes
+- rpicamsrc: depend on posix threads and vchiq_arm to fix build on
+ raspios again
+- wavenc: Fixed INFO chunk corruption, caused by odd sized data not
+ being padded
+- wavpackdec: Add floating point format support to fix distortions in
+ some cases
+- v4l2: recognize V4L2 bt601 colorimetry again
+- v4l2videoenc: support resolution change stream encode
+- v4l2h265codec: fix HEVC profile string issue
+- v4l2object: Need keep same transfer as input caps
+- v4l2videodec: Fix vp8 and vp9 streams can???t play on board with
+ vendor bsp
+- v4l2videodec: fix src side frame rate negotiation
+
+gst-plugins-bad
+
+- avwait: Don???t post messages with the mutex locked
+- d3d11h264dec: Reconfigure decoder object on DPB size change and keep
+ track of actually configured DPB size
+- dashsink: fix double unref of sinkpad caps
+- decklinkvideosink: Use correct numerator for 29.97fps
+- decklinkvideosink: fix auto format detection
+- decklinksrc: Use a more accurate capture time
+- d3d11videosink: Fix build error on UWP
+- interlace: negotiation and buffer leak fixes
+- mpegvideoparse: do not clip, so decoder receives data from keyframe
+ even if it???s before the segment start
+- mpegtsparse: Fix switched DTS/PTS when set-timestamps=false
+- nvh264sldec: Reopen decoder object if larger DPB size is required
+- sdpsrc: fix double free if sdp is provided as string via the
+ property
+- vulkan: Fix elements long name.
+
+gst-plugins-ugly
+
+- rmdemux: Make sure we have enough data available when parsing
+ audio/video packets
+
+gst-libav
+
+- avviddec: take the maximum of the height/coded_height
+- viddec: don???t configure an incorrect buffer pool when receiving a
+ gap event
+- audiodec: fix stack overflow in gst_ffmpeg_channel_layout_to_gst()
+
+gst-rtsp-server
+
+- rtspclientsink: fix deadlock on shutdown if no data has been
+ received yet
+- rtspclientsink: fix leaks in unit tests
+- rtsp-stream: avoid deadlock in send_func
+- rtsp-client: cleanup transports during TEARDOWN
+
+gstreamer-vaapi
+
+- h264 encoder: append encoder exposure to aud
+- postproc: Fix a problem of propose_allocation when passthrough
+- glx: Iterate over FBConfig and select 8 bit color size
+
+gstreamer-sharp
+
+- no changes
+
+gst-omx
+
+- no changes
+
+gst-python
+
+- no changes
+
+gst-editing-services
+
+- group: Use proper group constructor
+
+gst-integration-testsuites
+
+- no changes
+
+gst-build
+
+- no changes
+
+Cerbero build tool and packaging changes in 1.18.4
+
+- macOS: more BigSur fixes
+- glib: Backport patch to set thread names on Windows 10
+
+Contributors to 1.18.4
+
+Alicia Boya Garc??a, Ashley Brighthope, Bing Song, Branko Subasic, Edward
+Hervey, Guillaume Desmottes, Haihua Hu, He Junyan, Hou Qi, Jan Alexander
+Steffens (heftig), Jeongki Kim, Jordan Petridis, Knobe, Kristofer
+Bj??rkstr??m, Marijn Suijten, Matthew Waters, Paul Goulpi??, Philipp Zabel,
+Rafa?? Dzi??giel, Sebastian Dr??ge, Seungha Yang, Staz M, St??phane Cerveau,
+Thibault Saunier, Tim-Philipp M??ller, V??ctor Manuel J??quez Leal, Vivia
+Nikolaidou, Vladimir Menshakov,
+
+??? and many others who have contributed bug reports, translations, sent
+suggestions or helped testing. Thank you all!
+
+List of merge requests and issues fixed in 1.18.4
+
+- List of Merge Requests applied in 1.18.4
+- List of Issues fixed in 1.18.4
+
Schedule for 1.20
Our next major feature release will be 1.20, and 1.19 will be the
@@ -2724,9 +2886,9 @@
development of 1.19/1.20 will happen in the git master branch.
The plan for the 1.20 development cycle is yet to be confirmed, but it
-is now expected that feature freeze will take place some time in
-January/February 2021, with the first 1.20 stable release hopefully
-around February/March 2021.
+is now expected that feature freeze will take place some time in April
+2021, with the first 1.20 stable release hopefully around April/May
+2021.
1.20 will be backwards-compatible to the stable 1.18, 1.16, 1.14, 1.12,
1.10, 1.8, 1.6, 1.4, 1.2 and 1.0 release series.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gst-plugins-ugly-1.18.3/RELEASE
new/gst-plugins-ugly-1.18.4/RELEASE
--- old/gst-plugins-ugly-1.18.3/RELEASE 2021-01-13 22:09:15.000000000 +0100
+++ new/gst-plugins-ugly-1.18.4/RELEASE 2021-03-15 18:48:48.000000000 +0100
@@ -1,4 +1,4 @@
-This is GStreamer gst-plugins-ugly 1.18.3.
+This is GStreamer gst-plugins-ugly 1.18.4.
The GStreamer team is thrilled to announce a new major feature release
of your favourite cross-platform multimedia framework!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gst-plugins-ugly-1.18.3/gst/realmedia/rmdemux.c
new/gst-plugins-ugly-1.18.4/gst/realmedia/rmdemux.c
--- old/gst-plugins-ugly-1.18.3/gst/realmedia/rmdemux.c 2021-01-13
22:09:15.000000000 +0100
+++ new/gst-plugins-ugly-1.18.4/gst/realmedia/rmdemux.c 2021-03-15
18:48:48.000000000 +0100
@@ -2223,6 +2223,9 @@
gst_buffer_map (in, &map, GST_MAP_READ);
+ if (map.size < offset)
+ goto not_enough_data;
+
data = map.data + offset;
size = map.size - offset;
@@ -2289,6 +2292,9 @@
}
GST_DEBUG_OBJECT (rmdemux, "fragment size %d", fragment_size);
+ if (map.size < (data - map.data) + fragment_size)
+ goto not_enough_data;
+
/* get the fragment */
fragment =
gst_buffer_copy_region (in, GST_BUFFER_COPY_ALL, data - map.data,
@@ -2437,6 +2443,9 @@
GstFlowReturn ret;
GstBuffer *buffer;
+ if (gst_buffer_get_size (in) < offset)
+ goto not_enough_data;
+
buffer = gst_buffer_copy_region (in, GST_BUFFER_COPY_MEMORY, offset, -1);
if (rmdemux->first_ts != -1 && timestamp > rmdemux->first_ts)
@@ -2467,9 +2476,19 @@
ret = gst_pad_push (stream->pad, buffer);
}
+done:
gst_buffer_unref (in);
return ret;
+
+ /* ERRORS */
+not_enough_data:
+ {
+ GST_ELEMENT_WARNING (rmdemux, STREAM, DECODE, ("Skipping bad packet."),
+ (NULL));
+ ret = GST_FLOW_OK;
+ goto done;
+ }
}
static GstFlowReturn
@@ -2490,6 +2509,9 @@
data = map.data;
size = map.size;
+ if (size < 4 + 6 + 1 + 2)
+ goto not_enough_data;
+
/* stream number */
id = RMDEMUX_GUINT16_GET (data);
@@ -2525,6 +2547,9 @@
/* version 1 has an extra byte */
if (version == 1) {
+ if (size < 1)
+ goto not_enough_data;
+
data += 1;
size -= 1;
}
@@ -2595,6 +2620,16 @@
gst_buffer_unmap (in, &map);
gst_buffer_unref (in);
return GST_FLOW_OK;
+ }
+
+ /* ERRORS */
+not_enough_data:
+ {
+ GST_ELEMENT_WARNING (rmdemux, STREAM, DECODE, ("Skipping bad packet."),
+ (NULL));
+ gst_buffer_unmap (in, &map);
+ gst_buffer_unref (in);
+ return GST_FLOW_OK;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gst-plugins-ugly-1.18.3/gst-plugins-ugly.doap
new/gst-plugins-ugly-1.18.4/gst-plugins-ugly.doap
--- old/gst-plugins-ugly-1.18.3/gst-plugins-ugly.doap 2021-01-13
22:09:15.000000000 +0100
+++ new/gst-plugins-ugly-1.18.4/gst-plugins-ugly.doap 2021-03-15
18:48:48.000000000 +0100
@@ -35,6 +35,16 @@
<release>
<Version>
+ <revision>1.18.4</revision>
+ <branch>1.18</branch>
+ <name></name>
+ <created>2021-03-15</created>
+ <file-release
rdf:resource="https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-1.18.4.tar.xz";
/>
+ </Version>
+ </release>
+
+ <release>
+ <Version>
<revision>1.18.3</revision>
<branch>1.18</branch>
<name></name>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gst-plugins-ugly-1.18.3/meson.build
new/gst-plugins-ugly-1.18.4/meson.build
--- old/gst-plugins-ugly-1.18.3/meson.build 2021-01-13 22:09:15.000000000
+0100
+++ new/gst-plugins-ugly-1.18.4/meson.build 2021-03-15 18:48:48.000000000
+0100
@@ -1,5 +1,5 @@
project('gst-plugins-ugly', 'c',
- version : '1.18.3',
+ version : '1.18.4',
meson_version : '>= 0.48',
default_options : [ 'warning_level=1',
'buildtype=debugoptimized' ])
