News - GStreamer 1.18.5 stable bug fix release The GStreamer team is pleased to announce another bug fix release in the stable 1.18 release series of your favourite cross-platform multimedia framework! This release only contains bugfixes and important security fixes, and it should be safe to update from 1.18.x. Highlighted bugfixes: basesink: fix reverse frame stepping downloadbuffer/sparsefile: several fixes for win32 systemclock: Update monotonic reference time when re-scheduling, fixes high CPU usage with gnome-music when pausing playback audioaggregator: fix glitches when resyncing on discont compositor: Fix NV12 blend operation rtspconnection: Add IPv6 support for tunneled mode avidemux: fix playback of some H.264-in-AVI streams jpegdec: Fix crash when interlaced field height is not DCT block size aligned qmlglsink: Keep old buffers around a bit longer if they were bound by QML qml: qtitem: don't potentially leak a large number of buffers rtpjpegpay: fix image corruption when compiled with MSVC on Windows rtspsrc: seeking improvements rtpjitterbuffer: Avoid generation of invalid timestamps rtspsrc: Fix behaviour of select-streams, new-manager, request-rtcp-key and before-send signals with GLib >= 2.62 multiudpsink: Fix broken SO_SNDBUF get/set on Windows openh264enc: fix broken sps/pps header generation and some minor leaks mpeg2enc: fix interlace-mode detection and unbound memory usage if encoder can't keep up mfvideosrc: Fix for negative MF stride and for negotiation when interlace-mode is specified tsdemux: fix seek-with-stop regression and decoding errors after seeking with dvdlpcmdec rtsp-server: seek handling improvements gst-libav: fix build (and other issues) with ffmpeg 4.4 cerbero: spandsp: Fix build error with Visual Studio 2019 win32 packages: Fix hang in GLib when `G_SLICE` environment variable is set various stability, performance and reliability improvements memory leak fixes build fixes
Security Advisories fixed in 1.18.5: GStreamer-SA-2021-0005 2021-03-15 16:00 Stack overflow in gst_ffmpeg_channel_layout_to_gst() Details GStreamer-SA-2021-0004 2021-03-15 16:00 Out-of-bounds read in realmedia demuxing Details GStreamer-SA-2021-0003 (CVE-2021-3498) 2021-03-15 16:00 Heap corruption in matroska demuxing Details GStreamer-SA-2021-0002 (CVE-2021-3497) 2021-03-15 16:00 Use-after-free in matroska demuxing Details GStreamer-SA-2021-0001 (CVE-2021-3522) 2021-03-15 16:00 Out-of-bounds read in ID3v2 tag parsing Details GStreamer-SA-2019-0001 (CVE-2019-9928) 2019-04-22 00:30 Buffer overflow in RTSP parsing Details GStreamer-SA-2016-0002 (CVE-2016-9634) (CVE-2016-9635) (CVE-2016-9636) (CVE-2016-9807) 2016-11-23 03:00 Multiple Issues in FLC/FLI/FLX Decoder Details GStreamer-SA-2016-0001 (CVE-2016-9445) (CVE-2016-9446) 2016-11-17 16:00 Multiple Issues in VMNC decoder Details
(In reply to Joakim Tjernlund from comment #1) > Security Advisories fixed in 1.18.5: > Where possible, please file this sort of thing as a security bug to ensure we give it attention over there. No need now though.
(In reply to Sam James from comment #2) > (In reply to Joakim Tjernlund from comment #1) > > Security Advisories fixed in 1.18.5: > > > > Where possible, please file this sort of thing as a security bug to ensure > we give it attention over there. No need now though. Ah, no, I think you may have misread the page. They're fixed in earlier versions in 1.18.x, although the description in the release notes does indeed mention security issues.
(In reply to Sam James from comment #3) > (In reply to Sam James from comment #2) > > (In reply to Joakim Tjernlund from comment #1) > > > Security Advisories fixed in 1.18.5: > > > > > > > Where possible, please file this sort of thing as a security bug to ensure > > we give it attention over there. No need now though. > > Ah, no, I think you may have misread the page. They're fixed in earlier > versions in 1.18.x, although the description in the release notes does > indeed mention security issues. So it seems, The listed CVEs was already fixed in earlier gstreamer. I cannot find a CVE list for 1.18.5, maybe it is still hidden.
Does not seem to be any security issues w.r.t gstreamer? Maybe rename back to "gstreamer-1.18.5 version bump" ?
Version 1.19.3 has been released. Can we please bump gstreamer and friends (and specifically gst-python to gain compatibility with python 3.10).
(In reply to Andrew Ammerlaan from comment #6) > Version 1.19.3 has been released. Can we please bump gstreamer and friends > (and specifically gst-python to gain compatibility with python 3.10). I think odd versions are development versions.
(In reply to Sam James from comment #7) > (In reply to Andrew Ammerlaan from comment #6) > > Version 1.19.3 has been released. Can we please bump gstreamer and friends > > (and specifically gst-python to gain compatibility with python 3.10). > > I think odd versions are development versions. AFAIK that's for odd version branches but not odd bugfixes.
(In reply to Haelwenn (lanodan) Monnier from comment #8) > (In reply to Sam James from comment #7) > > (In reply to Andrew Ammerlaan from comment #6) > > > Version 1.19.3 has been released. Can we please bump gstreamer and friends > > > (and specifically gst-python to gain compatibility with python 3.10). > > > > I think odd versions are development versions. > > AFAIK that's for odd version branches but not odd bugfixes. yes, but 1.19.x would be development
Minor bumps of gstreamer appears to be a lot of work. I guess this this down to the many ebuilds needing bumps? With that in mind I always wondered why Gentoo keeps all these gst ebuilds around? Bumping gstreamer seems to be mostly done in one go so reducing gstreamer to a handful of pkgs with USE flags mapping to the various ebuilds seems a lot easier to maintain. Sure, it will lead to a few extra rebuilds for people when fixing the odd bug but a tradeoff worth making to simply maintenance. I guess I am missing something here why this cannot be done?
The many packages have very little affect on the bumping speed, albeit it might scare away people who would help more. Bumping them all after looking through the changes from the main package is a matter of running a script (really hand-coded series of bash commands that I haven't even bothered to put in a script yet) that does it all for me. My main computer doesn't get upgrades unless I've looked through them, and I haven't had the time to get to 1.18 from 1.16 on here. So I haven't been able to do the bump so far on my end. I got a secondary system finally onto a SSD and up to date on gstreamer a few days ago, and I'm working on setting up a VM system where I wouldn't care about this. I'll run through the bump "scripts" soon™ on one of those systems.
(In reply to Mart Raudsepp from comment #11) > The many packages have very little affect on the bumping speed, albeit it > might scare away people who would help more. Bumping them all after looking > through the changes from the main package is a matter of running a script > (really hand-coded series of bash commands that I haven't even bothered to > put in a script yet) that does it all for me. > > My main computer doesn't get upgrades unless I've looked through them, and I > haven't had the time to get to 1.18 from 1.16 on here. So I haven't been > able to do the bump so far on my end. I got a secondary system finally onto > a SSD and up to date on gstreamer a few days ago, and I'm working on setting > up a VM system where I wouldn't care about this. I'll run through the bump > "scripts" soon™ on one of those systems. Clearly there is more to this than above as no other maintainer has stepped up for a long time. I hope you get your VM up soon.
@Mart Raudsepp: Is there anything I can help you out with regarding to gstreamer bumps? I do have an interest in keeping gstreamer up to date, see also https://bugs.gentoo.org/810814, since I use it in Nheko and the webrtc support still sees a lot of development. There is also the upcoming 1.20, which moves most plugins into a monorepo. I would like to help out with that transition, when it comes to it, but I don't have that much experience with Gentoo packaging or development. Anyway, if it isn't a bother, feel free to hit me up to help out with stuff. I was running 1.18 for a while, when it was still masked before and I have a few systems I can break.
https://gstreamer.freedesktop.org/releases/1.20/ GStreamer 1.20.0 was released on 3 February 2022.
(In reply to jospezial from comment #14) > https://gstreamer.freedesktop.org/releases/1.20/ > GStreamer 1.20.0 was released on 3 February 2022. https://github.com/gentoo/gentoo/pull/24183
(In reply to Nicolas Werner from comment #13) > @Mart Raudsepp: Is there anything I can help you out with regarding to > gstreamer bumps? I do have an interest in keeping gstreamer up to date, see > also https://bugs.gentoo.org/810814, since I use it in Nheko and the webrtc > support still sees a lot of development. There is also the upcoming 1.20, > which moves most plugins into a monorepo. I would like to help out with that > transition, when it comes to it, but I don't have that much experience with > Gentoo packaging or development. Anyway, if it isn't a bother, feel free to > hit me up to help out with stuff. I was running 1.18 for a while, when it > was still masked before and I have a few systems I can break. gstreamer-1.20.0 bump is now merged (masked) - you can probably help testing it
So I unmasked 1.20 and recompiled Nheko against it without any issues. Video calls still work fine (I updated my gst-plugins-qt5 ebuild for 1.20 to do that) and it actually fixes one vaapi crash I had with 1.18.4 when playing videos. I also played all the video formats I had locally on my system using gst-play without issues. I only have the following gstreamer plugins installed though: media-libs/gst-plugins-bad media-libs/gst-plugins-base media-libs/gst-plugins-good media-libs/gst-plugins-ugly media-plugins/gst-plugins-a52dec media-plugins/gst-plugins-bluez media-plugins/gst-plugins-cdparanoia media-plugins/gst-plugins-dtls media-plugins/gst-plugins-dts media-plugins/gst-plugins-dvdread media-plugins/gst-plugins-faad media-plugins/gst-plugins-flac media-plugins/gst-plugins-jack media-plugins/gst-plugins-libav media-plugins/gst-plugins-libnice media-plugins/gst-plugins-meta media-plugins/gst-plugins-mpeg2dec media-plugins/gst-plugins-mpg123 media-plugins/gst-plugins-opus media-plugins/gst-plugins-pulse media-plugins/gst-plugins-qt5 media-plugins/gst-plugins-resindvd media-plugins/gst-plugins-sctp media-plugins/gst-plugins-soup media-plugins/gst-plugins-srtp media-plugins/gst-plugins-vaapi media-plugins/gst-plugins-vpx media-plugins/gst-plugins-webrtc media-plugins/gst-plugins-x264 media-plugins/gst-plugins-ximagesrc So from my perspective 1.20 doesn't seem to introduce any new issues on my system, but maybe I'll find some in the next few days :3
(In reply to Igor V. Kovalenko from comment #16) > (In reply to Nicolas Werner from comment #13) > > @Mart Raudsepp: Is there anything I can help you out with regarding to > > gstreamer bumps? I do have an interest in keeping gstreamer up to date, see > > also https://bugs.gentoo.org/810814, since I use it in Nheko and the webrtc > > support still sees a lot of development. There is also the upcoming 1.20, > > which moves most plugins into a monorepo. I would like to help out with that > > transition, when it comes to it, but I don't have that much experience with > > Gentoo packaging or development. Anyway, if it isn't a bother, feel free to > > hit me up to help out with stuff. I was running 1.18 for a while, when it > > was still masked before and I have a few systems I can break. > > gstreamer-1.20.0 bump is now merged (masked) - you can probably help testing > it Been a week now, maybe remove the masking?
(In reply to Joakim Tjernlund from comment #18) > > Been a week now, maybe remove the masking? no, I need to merge https://github.com/gentoo/gentoo/pull/24591 first
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cab889b2a27d4b1382abbe13c9624fb9bfad0a4b commit cab889b2a27d4b1382abbe13c9624fb9bfad0a4b Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-17 00:32:42 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-17 00:32:42 +0000 profiles: unmask gst 1.20 Closes: https://bugs.gentoo.org/813108 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 84 --------------------------------------------------- 1 file changed, 84 deletions(-)
https://gstreamer.freedesktop.org/releases/1.20/#1.20.3
(In reply to jospezial from comment #21) > https://gstreamer.freedesktop.org/releases/1.20/#1.20.3 You know by now to not comment on closed bugs. Anyway, we're aware, and were discussing it yesterday in #gentoo-desktop. It was released yesterday/day before.
(In reply to Sam James from comment #22) > (In reply to jospezial from comment #21) > > https://gstreamer.freedesktop.org/releases/1.20/#1.20.3 > > You know by now to not comment on closed bugs. Anyway, we're aware, and were > discussing it yesterday in #gentoo-desktop. It was released yesterday/day > before. Hi Sam. I appreciate your work for Gentoo. But could you please stop to teach me how to use the bug tracker? Thank you in advance. Don't try so hard.
(In reply to jospezial from comment #23) > (In reply to Sam James from comment #22) > > (In reply to jospezial from comment #21) > > > https://gstreamer.freedesktop.org/releases/1.20/#1.20.3 > > > > You know by now to not comment on closed bugs. Anyway, we're aware, and were > > discussing it yesterday in #gentoo-desktop. It was released yesterday/day > > before. > > Hi Sam. > I appreciate your work for Gentoo. > But could you please stop to teach me how to use the bug tracker? > Thank you in advance. Don't try so hard. This reply really rubs me the wrong way. Please do as Sam says and don't comment on closed bugs like this. It's bad etiquette to request version bumps (1) so quickly, (2) by just pasting a link, and (3) in an already-resolved bug.
> > > You know by now to not comment on closed bugs. Anyway, we're aware, and were > > > discussing it yesterday in #gentoo-desktop. It was released yesterday/day > > > before. > > > > Hi Sam. > > I appreciate your work for Gentoo. > > But could you please stop to teach me how to use the bug tracker? > > Thank you in advance. Don't try so hard. > > This reply really rubs me the wrong way. > > Please do as Sam says and don't comment on closed bugs like this. It's bad > etiquette to request version bumps (1) so quickly, (2) by just pasting a > link, and (3) in an already-resolved bug. Sorry Matt if I annoyed you too. Posting the link without additional text was only to inform people fast who worked on the older bumps. This bug is named media-libs/gstreamer-1.20.x: version bump. I did not know that the gstreamer topic was discussed before on IRC. Did I request something? I don't know by myself. What is so bad on commenting on resolved bugs? Should I have opened a new bug for the info or would that have been a too fast bump request also? Lets calm down. There are bigger annoyances in the world.
