diff options
author | Tim-Philipp Müller <tim@centricular.com> | 2024-01-24 17:04:09 +0000 |
---|---|---|
committer | Tim-Philipp Müller <tim@centricular.com> | 2024-01-24 23:25:38 +0000 |
commit | 0ef8af50793d98043ceb4bff6ad817852c9d3a43 (patch) | |
tree | fd502f72318416812f80e80628a053cd63366f87 | |
parent | d2233109e6c1f7d480c6a118c458155da53817c5 (diff) |
releases: add 1.22.9 release
-rw-r--r-- | src/htdocs/entities.gst | 2 | ||||
-rw-r--r-- | src/htdocs/news/news.xml | 59 | ||||
-rw-r--r-- | src/htdocs/releases/1.22/release-notes-1.22.md | 123 | ||||
-rw-r--r-- | src/htdocs/releases/releases.md | 4 | ||||
-rw-r--r-- | src/htdocs/security/Makefile.am | 1 | ||||
-rw-r--r-- | src/htdocs/security/alerts.xml | 1 | ||||
-rw-r--r-- | src/htdocs/security/sa-2024-0001.xml | 46 |
7 files changed, 232 insertions, 4 deletions
diff --git a/src/htdocs/entities.gst b/src/htdocs/entities.gst index 6ca7cd95..d5b42ed4 100644 --- a/src/htdocs/entities.gst +++ b/src/htdocs/entities.gst @@ -1,5 +1,5 @@ <!ENTITY gst-branch-stable "1.22"> -<!ENTITY gst-version-stable "1.22.8"> +<!ENTITY gst-version-stable "1.22.9"> <!ENTITY gst-version-devel "git main"> <!ENTITY orc-version-stable "0.4.35"> diff --git a/src/htdocs/news/news.xml b/src/htdocs/news/news.xml index d32770b7..ef3c6a38 100644 --- a/src/htdocs/news/news.xml +++ b/src/htdocs/news/news.xml @@ -14319,4 +14319,63 @@ Direct tarball download: <a href="&site;/src/orc/orc-0.4.35.tar.xz">orc-0.4.35</ </content> </item> + <item> + <date>2024-01-24 23:00</date> + <title>GStreamer 1.22.9 stable bug fix release</title> + <content> +<p> +The GStreamer team is pleased to announce another bug fix release +in the stable 1.22 release series of your favourite cross-platform +multimedia framework! +</p> + +<p> +This release only contains bugfixes and security fixes and it should be safe +to update from 1.22.x. +</p> + +<p> + <b>Highlighted bugfixes:</b> + <ul> + <li>More <a href="&site;/security/">Security fixes</a> for the AV1 codec parser</li> + <li>va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2</li> + <li>v4l2src: Consider framerate during caps selection</li> + <li>v4l2codec: decoder fixes</li> + <li>rtspsrc: multicast fixes</li> + <li>camerabin viewfinder fixes</li> + <li>various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements</li> +</ul> +</p> + +<p> +See the <a href="&site;/releases/1.22/#1.22.9">GStreamer 1.22.9 release notes</a> +for more details. +</p> + +<p> +Binaries for Android, iOS, Mac OS X and Windows will be available shortly. +</p> + +<p> +Release tarballs can be downloaded directly here: +<ul> +<a href="&site;/src/gstreamer/gstreamer-1.22.9.tar.xz">gstreamer</a>, +<a href="&site;/src/gst-plugins-base/gst-plugins-base-1.22.9.tar.xz">gst-plugins-base</a>, +<a href="&site;/src/gst-plugins-good/gst-plugins-good-1.22.9.tar.xz">gst-plugins-good</a>, +<a href="&site;/src/gst-plugins-ugly/gst-plugins-ugly-1.22.9.tar.xz">gst-plugins-ugly</a>, +<a href="&site;/src/gst-plugins-bad/gst-plugins-bad-1.22.9.tar.xz">gst-plugins-bad</a>, +<a href="&site;/src/gst-libav/gst-libav-1.22.9.tar.xz">gst-libav</a>, +<a href="&site;/src/gst-rtsp-server/gst-rtsp-server-1.22.9.tar.xz">gst-rtsp-server</a>, +<a href="&site;/src/gst-python/gst-python-1.22.9.tar.xz">gst-python</a>, +<a href="&site;/src/gst-editing-services/gst-editing-services-1.22.9.tar.xz">gst-editing-services</a>, +<a href="&site;/src/gst-devtools/gst-devtools-1.22.9.tar.xz">gst-devtools</a>, +<a href="&site;/src/gstreamer-vaapi/gstreamer-vaapi-1.22.9.tar.xz">gstreamer-vaapi</a>, +<a href="&site;/src/gstreamer-sharp/gstreamer-sharp-1.22.9.tar.xz">gstreamer-sharp</a>, +<a href="&site;/src/gst-omx/gst-omx-1.22.9.tar.xz">gst-omx</a>, or +<a href="&site;/src/gstreamer-docs/gstreamer-docs-1.22.9.tar.xz">gstreamer-docs</a>. +</ul> +</p> + </content> + </item> + </news> diff --git a/src/htdocs/releases/1.22/release-notes-1.22.md b/src/htdocs/releases/1.22/release-notes-1.22.md index fce16454..424e0e2a 100644 --- a/src/htdocs/releases/1.22/release-notes-1.22.md +++ b/src/htdocs/releases/1.22/release-notes-1.22.md @@ -2187,6 +2187,127 @@ suggestions or helped testing. Thank you all! - [List of Merge Requests applied in 1.22.8](https://gitlab.freedesktop.org/groups/gstreamer/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.22.8) - [List of Issues fixed in 1.22.8](https://gitlab.freedesktop.org/groups/gstreamer/-/issues?scope=all&utf8=%E2%9C%93&state=closed&milestone_title=1.22.8) +<a id="1.22.9"></a> + +### 1.22.9 + +The ninth 1.22 bug-fix release (1.22.9) was released on 24 January 2024. + +This release only contains bugfixes and security fixes and it *should* be safe +to update from 1.22.x. + +#### Highlighted bugfixes in 1.22.9 + + - More [Security fixes](https://gstreamer.freedesktop.org/security/) for the AV1 video codec parser + - va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2 + - v4l2src: Consider framerate during caps selection + - v4l2codec: decoder fixes + - rtspsrc: multicast fixes + - camerabin viewfinder fixes + - various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + +#### gstreamer + + - [aggregator: fix use-after-free in queries processing](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5958) + - [multiqueue: Ignore queue fullness for most events](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5954) + +#### gst-plugins-base + + - [audiobasesink: Don't wait on gap events](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5953) + - [audioconvert: change gst_audio_convert_get_unit_size() log levels](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5832) + - [glcolorconvert: Correct transform_caps direction](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5947) + - [gloverlay: Apply updated overlay coordinates correctly](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5909) + - [videorate: keep pool if max_buffers is unlimited](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5957) + +#### gst-plugins-good + + - [rtpsession: Only warn once if configured latency needs to be known but isn't yet](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5874) + - [rtphdrext-clientaudiolevel: Fix level value being written by the extension](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5894) + - [rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5967) + - [v4l2object: clear old fds when initializing poll during opening v4l2 device](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5840) + - [v4l2src: Consider framerate during caps selection](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5956) + - [vpxdec: Use appropriate domain and code for decoding errors](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5918) + +#### gst-plugins-bad + + - [av1parser: Fix potential stack overflow during tile list parsing](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5971) + - [camerabin: Correctly relink viewfinderbin_queue](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5842) + - [GstPlay: Fix error details parsing](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5831) + - [h264decoder: Handle malformed avc/avc3 packets](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5934) + - [h264decoder: h265decoder: Align with wraparound fix](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5850) + - [vp8decoder: vp9decoder: av1decoder: mpeg2decoder: Fix multiplication wraparound](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5850) + - [vah264enc/vah264dec issues after recent upgrade to 1.22.8 from 1.22.7](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3195) + - [va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5778) + - [vp9parse: Fix critical warning during caps negotiation](https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5976) + +#### gst-plugins-ugly + + - No changes + +### gst-plugins-rs + + - No changes + +#### gst-libav + + - No changes + +#### gst-rtsp-server + + - No changes + +#### gstreamer-vaapi + + - No changes + +#### gstreamer-sharp + + - No changes + +#### gst-omx + + - No changes + +#### gst-python + + - No changes + +#### gst-editing-services + + - No changes + +#### gst-validate + gst-integration-testsuites + + - No changes + +### gst-examples + + - No changes + +#### Development build environment + + - No changes + +#### Cerbero build tool and packaging changes in 1.22.9 + + - No changes + +#### Contributors to 1.22.9 + +Alexander Slobodeniuk, Chao Guo, Damian Hobson-Garcia, Dan Searles, +Guillaume Desmottes, Jan Schmidt, Marek Vasut, Mengkejiergeli Ba, +Michael Tretter, Philippe Normand, Robert Mader, Sanchayan Maity, +Sebastian Dröge, Seungha Yang, Tim-Philipp Müller, +Víctor Manuel Jáquez Leal, Xavier Claessens, + +... and many others who have contributed bug reports, translations, sent +suggestions or helped testing. Thank you all! + +#### List of merge requests and issues fixed in 1.22.9 + +- [List of Merge Requests applied in 1.22.9](https://gitlab.freedesktop.org/groups/gstreamer/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.22.9) +- [List of Issues fixed in 1.22.9](https://gitlab.freedesktop.org/groups/gstreamer/-/issues?scope=all&utf8=%E2%9C%93&state=closed&milestone_title=1.22.9) + ## Schedule for 1.24 Our next major feature release will be 1.24, and 1.23 will be the unstable @@ -2194,7 +2315,7 @@ development version leading up to the stable 1.24 release. The development of 1.23/1.24 will happen in the git `main` branch of the GStreamer mono repository. -The plan for the 1.24 development cycle is yet to be confirmed. +The target for an initial 1.24 release is February 2024. 1.24 will be backwards-compatible to the stable 1.22, 1.20, 1.18, 1.16, 1.14, 1.12, 1.10, 1.8, 1.6, 1.4, 1.2 and 1.0 release series. diff --git a/src/htdocs/releases/releases.md b/src/htdocs/releases/releases.md index d64769e0..d45c284f 100644 --- a/src/htdocs/releases/releases.md +++ b/src/htdocs/releases/releases.md @@ -1,9 +1,9 @@ # GStreamer Releases -- **Latest stable release:** [1.22.8][latest-stable] +- **Latest stable release:** [1.22.9][latest-stable] - **Latest development release:** [git `main`][latest-devel] -[latest-stable]: https://gstreamer.freedesktop.org/releases/1.22/#1.22.8 +[latest-stable]: https://gstreamer.freedesktop.org/releases/1.22/#1.22.9 [latest-devel]: https://gitlab.freedesktop.org/gstreamer/gstreamer/ ### Current stable release diff --git a/src/htdocs/security/Makefile.am b/src/htdocs/security/Makefile.am index 71c6cbba..0640aa38 100644 --- a/src/htdocs/security/Makefile.am +++ b/src/htdocs/security/Makefile.am @@ -24,6 +24,7 @@ ALERTS = \ sa-2023-0009.xml \ sa-2023-0010.xml \ sa-2023-0011.xml \ + sa-2024-0001.xml \ $(NULL) security_pages = $(patsubst %.xml,%.html,$(ALERTS)) diff --git a/src/htdocs/security/alerts.xml b/src/htdocs/security/alerts.xml index c7c32cf0..171851d8 100644 --- a/src/htdocs/security/alerts.xml +++ b/src/htdocs/security/alerts.xml @@ -6,6 +6,7 @@ ]> <wrapper xmlns:xi="http://www.w3.org/2001/XInclude"> <alerts> + <xi:include href="sa-2024-0001.xml" parse="xml" /> <xi:include href="sa-2023-0011.xml" parse="xml" /> <xi:include href="sa-2023-0010.xml" parse="xml" /> <xi:include href="sa-2023-0009.xml" parse="xml" /> diff --git a/src/htdocs/security/sa-2024-0001.xml b/src/htdocs/security/sa-2024-0001.xml new file mode 100644 index 00000000..1793b97c --- /dev/null +++ b/src/htdocs/security/sa-2024-0001.xml @@ -0,0 +1,46 @@ +<?xml-stylesheet href="advisory-detail.xsl" type="text/xsl"?> +<!DOCTYPE xsl:stylesheet +[ + <!ENTITY % site-entities SYSTEM "../entities.site"> + %site-entities; +]> +<advisory> +<id>2024-0001</id> +<alternate-name>ZDI-CAN-22873</alternate-name> +<alternate-name>CVE-2024-0444</alternate-name> +<date>2024-01-24 20:00</date> +<summary>AV1 codec parser potential buffer overflow during tile list parsing</summary> +<affected-versions>GStreamer gst-plugins-bad < 1.22.9</affected-versions> + +<details>Heap-based buffer overflow in the AV1 codec parser when handling certain malformed streams before GStreamer 1.22.9</details> +<impact>It is possible for a malicious third party to trigger a crash in the application, and possibly also effect code execution through heap manipulation.</impact> +<mitigation></mitigation> +<workarounds></workarounds> +<solution></solution> +<solution>The gst-plugins-bad 1.22.9 releases address the issue. People using older branches of GStreamer should apply the patch and recompile.</solution> +<references> + <reference> + <title>The GStreamer project</title> + <content> <a href="https://gstreamer.freedesktop.org">https://gstreamer.freedesktop.org</a></content> + </reference> + + <reference> + <title>CVE Database Entries</title> + <content> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0444">CVE-2024-0444</a> </content> + </reference> + + <reference> + <title>GStreamer 1.22.9 release</title> + <content> + <a href="https://gstreamer.freedesktop.org/releases/1.22/#1.22.9">Release Notes</a> + <a href="https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.22.9.tar.xz">GStreamer Plugins Bad 1.22.9</a> + </content> + </reference> + <reference> + <title>Patches</title> + <content> + <a href="https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970.patch">Patch</a> + </content> + </reference> +</references> +</advisory> |