releases: add 1.22.9 release

author: Tim-Philipp Müller <tim@centricular.com> 2024-01-24 17:04:09 +0000
committer: Tim-Philipp Müller <tim@centricular.com> 2024-01-24 23:25:38 +0000
commit: 0ef8af50793d98043ceb4bff6ad817852c9d3a43 (patch)
tree: fd502f72318416812f80e80628a053cd63366f87
parent: d2233109e6c1f7d480c6a118c458155da53817c5 (diff)
7 files changed, 232 insertions, 4 deletions
diff --git a/src/htdocs/entities.gst b/src/htdocs/entities.gst
index 6ca7cd95..d5b42ed4 100644
--- a/src/htdocs/entities.gst
+++ b/src/htdocs/entities.gst
@@ -1,5 +1,5 @@
 <!ENTITY gst-branch-stable "1.22">
-<!ENTITY gst-version-stable "1.22.8">
+<!ENTITY gst-version-stable "1.22.9">
 <!ENTITY gst-version-devel "git main">
 
 <!ENTITY orc-version-stable "0.4.35">
diff --git a/src/htdocs/news/news.xml b/src/htdocs/news/news.xml
index d32770b7..ef3c6a38 100644
--- a/src/htdocs/news/news.xml
+++ b/src/htdocs/news/news.xml
@@ -14319,4 +14319,63 @@ Direct tarball download: <a href="&site;/src/orc/orc-0.4.35.tar.xz">orc-0.4.35</
         </content>
   </item>
 
+  <item>
+      <date>2024-01-24 23:00</date>
+        <title>GStreamer 1.22.9 stable bug fix release</title>
+        <content>
+<p>
+The GStreamer team is pleased to announce another bug fix release
+in the stable 1.22 release series of your favourite cross-platform
+multimedia framework!
+</p>
+
+<p>
+This release only contains bugfixes and security fixes and it should be safe
+to update from 1.22.x.
+</p>
+
+<p>
+  <b>Highlighted bugfixes:</b>
+  <ul>
+    <li>More <a href="&site;/security/">Security fixes</a> for the AV1 codec parser</li>
+    <li>va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2</li>
+    <li>v4l2src: Consider framerate during caps selection</li>
+    <li>v4l2codec: decoder fixes</li>
+    <li>rtspsrc: multicast fixes</li>
+    <li>camerabin viewfinder fixes</li>
+    <li>various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements</li>
+</ul>
+</p>
+
+<p>
+See the <a href="&site;/releases/1.22/#1.22.9">GStreamer 1.22.9 release notes</a>
+for more details.
+</p>
+
+<p>
+Binaries for Android, iOS, Mac OS X and Windows will be available shortly.
+</p>
+
+<p>
+Release tarballs can be downloaded directly here:
+<ul>
+<a href="&site;/src/gstreamer/gstreamer-1.22.9.tar.xz">gstreamer</a>,
+<a href="&site;/src/gst-plugins-base/gst-plugins-base-1.22.9.tar.xz">gst-plugins-base</a>,
+<a href="&site;/src/gst-plugins-good/gst-plugins-good-1.22.9.tar.xz">gst-plugins-good</a>,
+<a href="&site;/src/gst-plugins-ugly/gst-plugins-ugly-1.22.9.tar.xz">gst-plugins-ugly</a>,
+<a href="&site;/src/gst-plugins-bad/gst-plugins-bad-1.22.9.tar.xz">gst-plugins-bad</a>,
+<a href="&site;/src/gst-libav/gst-libav-1.22.9.tar.xz">gst-libav</a>,
+<a href="&site;/src/gst-rtsp-server/gst-rtsp-server-1.22.9.tar.xz">gst-rtsp-server</a>,
+<a href="&site;/src/gst-python/gst-python-1.22.9.tar.xz">gst-python</a>,
+<a href="&site;/src/gst-editing-services/gst-editing-services-1.22.9.tar.xz">gst-editing-services</a>,
+<a href="&site;/src/gst-devtools/gst-devtools-1.22.9.tar.xz">gst-devtools</a>,
+<a href="&site;/src/gstreamer-vaapi/gstreamer-vaapi-1.22.9.tar.xz">gstreamer-vaapi</a>,
+<a href="&site;/src/gstreamer-sharp/gstreamer-sharp-1.22.9.tar.xz">gstreamer-sharp</a>,
+<a href="&site;/src/gst-omx/gst-omx-1.22.9.tar.xz">gst-omx</a>, or
+<a href="&site;/src/gstreamer-docs/gstreamer-docs-1.22.9.tar.xz">gstreamer-docs</a>.
+</ul>
+</p>
+        </content>
+  </item>
+
 </news>
diff --git a/src/htdocs/releases/1.22/release-notes-1.22.md b/src/htdocs/releases/1.22/release-notes-1.22.md
index fce16454..424e0e2a 100644
--- a/src/htdocs/releases/1.22/release-notes-1.22.md
+++ b/src/htdocs/releases/1.22/release-notes-1.22.md
@@ -2187,6 +2187,127 @@ suggestions or helped testing. Thank you all!
 - [List of Merge Requests applied in 1.22.8](https://gitlab.freedesktop.org/groups/gstreamer/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.22.8)
 - [List of Issues fixed in 1.22.8](https://gitlab.freedesktop.org/groups/gstreamer/-/issues?scope=all&utf8=%E2%9C%93&state=closed&milestone_title=1.22.8)
 
+<a id="1.22.9"></a>
+
+### 1.22.9
+
+The ninth 1.22 bug-fix release (1.22.9) was released on 24 January 2024.
+
+This release only contains bugfixes and security fixes and it *should* be safe
+to update from 1.22.x.
+
+#### Highlighted bugfixes in 1.22.9
+
+ - More [Security fixes](https://gstreamer.freedesktop.org/security/) for the AV1 video codec parser
+ - va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2
+ - v4l2src: Consider framerate during caps selection
+ - v4l2codec: decoder fixes
+ - rtspsrc: multicast fixes
+ - camerabin viewfinder fixes
+ - various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements
+
+#### gstreamer
+
+ - [aggregator: fix use-after-free in queries processing](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5958)
+ - [multiqueue: Ignore queue fullness for most events](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5954)
+
+#### gst-plugins-base
+
+ - [audiobasesink: Don't wait on gap events](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5953)
+ - [audioconvert: change gst_audio_convert_get_unit_size() log levels](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5832)
+ - [glcolorconvert: Correct transform_caps direction](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5947)
+ - [gloverlay: Apply updated overlay coordinates correctly](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5909)
+ - [videorate: keep pool if max_buffers is unlimited](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5957)
+
+#### gst-plugins-good
+
+ - [rtpsession: Only warn once if configured latency needs to be known but isn't yet](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5874)
+ - [rtphdrext-clientaudiolevel: Fix level value being written by the extension](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5894)
+ - [rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5967)
+ - [v4l2object: clear old fds when initializing poll during opening v4l2 device](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5840)
+ - [v4l2src: Consider framerate during caps selection](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5956)
+ - [vpxdec: Use appropriate domain and code for decoding errors](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5918)
+
+#### gst-plugins-bad
+
+ - [av1parser: Fix potential stack overflow during tile list parsing](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5971)
+ - [camerabin: Correctly relink viewfinderbin_queue](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5842)
+ - [GstPlay: Fix error details parsing](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5831)
+ - [h264decoder: Handle malformed avc/avc3 packets](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5934)
+ - [h264decoder: h265decoder: Align with wraparound fix](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5850)
+ - [vp8decoder: vp9decoder: av1decoder: mpeg2decoder: Fix multiplication wraparound](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5850)
+ - [vah264enc/vah264dec issues after recent upgrade to 1.22.8 from 1.22.7](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3195)
+ - [va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5778)
+ - [vp9parse: Fix critical warning during caps negotiation](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5976)
+
+#### gst-plugins-ugly
+
+ - No changes
+
+### gst-plugins-rs
+
+ - No changes
+
+#### gst-libav
+
+ - No changes
+
+#### gst-rtsp-server
+
+ - No changes
+
+#### gstreamer-vaapi
+
+ - No changes
+
+#### gstreamer-sharp
+
+ - No changes
+
+#### gst-omx
+
+ - No changes
+
+#### gst-python
+
+ - No changes
+
+#### gst-editing-services
+
+ - No changes
+
+#### gst-validate + gst-integration-testsuites
+
+ - No changes
+
+### gst-examples
+
+ - No changes
+
+#### Development build environment
+
+ - No changes
+
+#### Cerbero build tool and packaging changes in 1.22.9
+
+ - No changes
+
+#### Contributors to 1.22.9
+
+Alexander Slobodeniuk, Chao Guo, Damian Hobson-Garcia, Dan Searles,
+Guillaume Desmottes, Jan Schmidt, Marek Vasut, Mengkejiergeli Ba,
+Michael Tretter, Philippe Normand, Robert Mader, Sanchayan Maity,
+Sebastian Dröge, Seungha Yang, Tim-Philipp Müller,
+Víctor Manuel Jáquez Leal, Xavier Claessens,
+
+... and many others who have contributed bug reports, translations, sent
+suggestions or helped testing. Thank you all!
+
+#### List of merge requests and issues fixed in 1.22.9
+
+- [List of Merge Requests applied in 1.22.9](https://gitlab.freedesktop.org/groups/gstreamer/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.22.9)
+- [List of Issues fixed in 1.22.9](https://gitlab.freedesktop.org/groups/gstreamer/-/issues?scope=all&utf8=%E2%9C%93&state=closed&milestone_title=1.22.9)
+
 ## Schedule for 1.24
 
 Our next major feature release will be 1.24, and 1.23 will be the unstable
@@ -2194,7 +2315,7 @@ development version leading up to the stable 1.24 release. The development
 of 1.23/1.24 will happen in the git `main` branch of the GStreamer mono
 repository.
 
-The plan for the 1.24 development cycle is yet to be confirmed.
+The target for an initial 1.24 release is February 2024.
 
 1.24 will be backwards-compatible to the stable 1.22, 1.20, 1.18, 1.16, 1.14, 1.12, 1.10, 1.8, 1.6, 1.4, 1.2 and 1.0 release series.
 
diff --git a/src/htdocs/releases/releases.md b/src/htdocs/releases/releases.md
index d64769e0..d45c284f 100644
--- a/src/htdocs/releases/releases.md
+++ b/src/htdocs/releases/releases.md
@@ -1,9 +1,9 @@
 # GStreamer Releases
 
-- **Latest stable release:** [1.22.8][latest-stable]
+- **Latest stable release:** [1.22.9][latest-stable]
 - **Latest development release:** [git `main`][latest-devel]
 
-[latest-stable]: https://gstreamer.freedesktop.org/releases/1.22/#1.22.8
+[latest-stable]: https://gstreamer.freedesktop.org/releases/1.22/#1.22.9
 [latest-devel]: https://gitlab.freedesktop.org/gstreamer/gstreamer/
 
 ### Current stable release
diff --git a/src/htdocs/security/Makefile.am b/src/htdocs/security/Makefile.am
index 71c6cbba..0640aa38 100644
--- a/src/htdocs/security/Makefile.am
+++ b/src/htdocs/security/Makefile.am
@@ -24,6 +24,7 @@ ALERTS = \
 	sa-2023-0009.xml \
 	sa-2023-0010.xml \
 	sa-2023-0011.xml \
+	sa-2024-0001.xml \
 	$(NULL)
 
 security_pages = $(patsubst %.xml,%.html,$(ALERTS))
diff --git a/src/htdocs/security/alerts.xml b/src/htdocs/security/alerts.xml
index c7c32cf0..171851d8 100644
--- a/src/htdocs/security/alerts.xml
+++ b/src/htdocs/security/alerts.xml
@@ -6,6 +6,7 @@
 ]>
 <wrapper xmlns:xi="http://www.w3.org/2001/XInclude">
     <alerts>
+    <xi:include href="sa-2024-0001.xml" parse="xml" />
     <xi:include href="sa-2023-0011.xml" parse="xml" />
     <xi:include href="sa-2023-0010.xml" parse="xml" />
     <xi:include href="sa-2023-0009.xml" parse="xml" />
diff --git a/src/htdocs/security/sa-2024-0001.xml b/src/htdocs/security/sa-2024-0001.xml
new file mode 100644
index 00000000..1793b97c
--- /dev/null
+++ b/src/htdocs/security/sa-2024-0001.xml
@@ -0,0 +1,46 @@
+<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?>
+<!DOCTYPE xsl:stylesheet
+[
+  <!ENTITY % site-entities SYSTEM "../entities.site">
+  %site-entities;
+]>
+<advisory>
+<id>2024-0001</id>
+<alternate-name>ZDI-CAN-22873</alternate-name>
+<alternate-name>CVE-2024-0444</alternate-name>
+<date>2024-01-24 20:00</date>
+<summary>AV1 codec parser potential buffer overflow during tile list parsing</summary>
+<affected-versions>GStreamer gst-plugins-bad &lt; 1.22.9</affected-versions>
+
+<details>Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9</details>
+<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact>
+<mitigation></mitigation>
+<workarounds></workarounds>
+<solution></solution>
+<solution>The gst-plugins-bad 1.22.9 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution>
+<references>
+    <reference>
+        <title>The GStreamer project</title>
+        <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content>
+    </reference>
+
+    <reference>
+    <title>CVE Database Entries</title>
+    <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0444">CVE-2024-0444</a>  </content>
+    </reference>
+
+    <reference>
+        <title>GStreamer 1.22.9 release</title>
+        <content>
+          <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.9">Release Notes</a>
+          <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.9.tar.xz">GStreamer Plugins Bad 1.22.9</a>
+        </content>
+    </reference>
+    <reference>
+        <title>Patches</title>
+        <content>
+          <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970.patch">Patch</a>
+        </content>
+    </reference>
+</references>
+</advisory>
author	Tim-Philipp Müller <tim@centricular.com>	2024-01-24 17:04:09 +0000
committer	Tim-Philipp Müller <tim@centricular.com>	2024-01-24 23:25:38 +0000
commit	0ef8af50793d98043ceb4bff6ad817852c9d3a43 (patch)
tree	fd502f72318416812f80e80628a053cd63366f87
parent	d2233109e6c1f7d480c6a118c458155da53817c5 (diff)