Commit Graph

29 Commits

Author SHA1 Message Date
Franz Pletz
5e937b173d
gstreamer: 1.10.3 -> 1.10.4 for multiple CVEs
See https://gstreamer.freedesktop.org/releases/1.10/#1.10.4.

Fixes:

  * CVE-2017-5847
  * CVE-2017-5848

cc #23072
2017-02-26 18:08:42 +01:00
Graham Christensen
afd59811a1
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 08:30:23 -05:00
Graham Christensen
e42f6a11ac
gstreamer: 1.10.1 -> 1.10.2 for multiple CVEs
CVE-2016-9807, CVE-2016-9808, CVE-2016-9809, CVE-2016-9810, CVE-2016-9811, CVE-2016-9812, CVE-2016-9813, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636

https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
2016-12-07 09:10:29 -05:00
Franz Pletz
7a6185d9a1
gstreamer: 1.8.2 -> 1.10.1
Fixes CVE-2016-9445, CVE-2016-9446, CVE-2016-9447.
2016-11-22 15:16:48 +01:00
Bjørn Forsman
b1df5bf89b gstreamer: unbreak finding plugins in $NIX_PROFILES (#20207)
* gstreamer-1.0: make gst-launch find plugins again

gst-launch and friends are in the "dev" output now.

* gstreamer-1.0: lower priority on plugins from $NIX_PROFILES

Suffix the plugin paths from $NIX_PROFILES instead of prefixing them to
$GST_PLUGIN_SYSTEM_PATH. If a program has specifically set up its plugin
path to some custom/specific version, we don't want plugins from
$NIX_PROFILES to mess things up by having higher priority.
2016-11-06 22:50:41 +01:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Vladimír Čunát
9f629280c6 gst-*: maintenance 1.8.1 -> 1.8.2
For now I left *-vaapi out, as the jump would be larger,
simple update isn't enough, and it's unreferenced in nixpkgs.
2016-07-09 19:19:41 +02:00
Bjørn Forsman
d248aef1cf gstreamer: 1.8.0 -> 1.8.1 (bugfixes)
Release notes:
https://gstreamer.freedesktop.org/releases/gstreamer/1.8.1.html

Tested with nox-review; this change does not introduce build breakage.
2016-05-30 21:51:29 +02:00
Thomas Tuegel
198e8d6561 gstreamer: add ttuegel to maintainers 2016-05-09 10:01:58 -05:00
Tuomas Tynkkynen
584d884bd7 gstreamer: Fix multiple outputs split
- Explicitly moving the files breaks them, because the wrappers
  reference the files by absolute path.  Also this automatically
  moves the manpages to $dev as well.
- Need to explicitly set --exec-prefix since the pkgconfig file has
  `toolsdir=${exec_prefix}/bin`, breaking totem:

http://hydra.nixos.org/build/34980617/nixlog/1/raw

````
checking for BACKEND_TEST... yes
checking GStreamer 1.0 inspection tool... no
configure: error:
		Cannot find required GStreamer-1.0 tool 'gst-inspect-1.0'.
		It should be part of gstreamer-1_0-utils. Please install it.

builder for ‘/nix/store/npq2ihlsdniv4j3wbyparq9byjxqdi15-totem-3.18.1.drv’ failed with exit code 1
````

While at it, enable parallel build.
2016-04-27 05:01:03 +03:00
Thomas Tuegel
6a64edfa0e gstreamer-1.0: multiple outputs 2016-04-25 19:04:24 -05:00
Franz Pletz
5c4e00b6b7 gst_all_1: 1.6.1 -> 1.8.0 (#14628) 2016-04-24 19:40:20 +02:00
宋文武
93feb5d115 drop my maintainership (close #13881) 2016-03-13 18:39:01 +01:00
Bjørn Forsman
84bc6d64ba gstreamer: 1.4.x -> 1.6.x (all modules)
(And while at it, gst-vaapi 0.6.0 -> 0.6.1.)

* gst-editing-services grew additional build time dependencies, flex and
  perl.

* gst-libav switched from libav to ffmpeg as "libav" provider, see
  http://gstreamer.freedesktop.org/releases/1.6/.
  Without using ffmpeg, one may hit issues such as this (which I
  initially did):

  (gst-plugin-scanner:19751): GStreamer-WARNING **: Failed to load plugin '/nix/store/0wgpq2yx9wrkp2mh4rn1c7zbiq2bqa2l-gst-libav-1.6.1/lib/gstreamer-1.0/libgstlibav.so':
  /nix/store/0wgpq2yx9wrkp2mh4rn1c7zbiq2bqa2l-gst-libav-1.6.1/lib/gstreamer-1.0/libgstlibav.so: undefined symbol: av_frame_get_sample_rate
2015-12-05 21:52:33 +01:00
Spencer Whitt
f752a8c419 gstreamer 1.x: build on Darwin 2015-04-18 19:02:43 -04:00
Bjørn Forsman
11aa06c574 gstreamer: wrap gst-{launch,inspect,typefind} with GST_PLUGIN_SYSTEM_PATH
So that the tools become useable. The cool thing about wrapping them
like this (looping over $NIX_PROFILES) is that they will work on
non-NixOS systems too, given that $NIX_PROFILES is set correctly.

If you want the old (pure?) behaviour, just run gst-launch etc. with
empty $NIX_PROFILES.
2015-01-20 21:48:09 +01:00
Vladimír Čunát
d89518bd1b gstreamer-1: double maintenance bump
CC maintainer @iyzsong.
2014-12-25 11:55:04 +01:00
Vladimír Čunát
239d6c6ea5 gstreamer-1: maintenance updates of all 2014-10-19 20:11:02 +02:00
Vladimír Čunát
82797f98f2 Merge branch 'staging' into modular-stdenv
Conflicts:
	pkgs/development/interpreters/perl/5.10/setup-hook.sh
	pkgs/development/interpreters/perl/5.8/setup-hook.sh
	pkgs/stdenv/linux/default.nix
2014-09-08 18:24:58 +02:00
Vladimír Čunát
1e389c976c merge 'staging' into modular-stdenv
In 2c62a36b77 the messages in pkgs/stdenv/generic/default.nix
were not merged correctly.

Conflicts:
	pkgs/stdenv/generic/default.nix
2014-09-08 18:16:54 +02:00
Vladimír Čunát
01c0be6ece gstreamer-1: bugfix-only update of all components
1.4.0 -> 1.4.1
2014-08-30 11:24:25 +02:00
Eelco Dolstra
e3f7dbbac8 Cleanup: Use += to append to envHooks 2014-08-09 12:47:05 +02:00
宋文武
37373b05c2 gstreamer: update to 1.4.0 2014-07-22 18:15:39 +08:00
宋文武
b57c9ed9d5 gstreamer: update from 1.2.3 to 1.2.4 2014-05-02 21:31:05 +02:00
Domen Kožar
d912cdf264 gstreamer-1.0: use different function name for env hook than gstreamer-0.10 2014-04-09 23:04:57 +00:00
Domen Kožar
e9f3199973 add gstreamer 1.0 setup-hook and use it where appropriate 2014-02-28 02:03:07 +01:00
Nixpkgs Monitor
cc0bc747e2 gstreamer: update from 1.2.2 to 1.2.3 2014-02-17 10:40:27 +08:00
Song Wenwu
9a3e183080 gstreamer: update to 1.2.2, add myself as maintainer 2014-01-10 20:51:24 +08:00
Song Wenwu
7a74215fac add gstreamer 1.2.1 2014-01-10 20:51:24 +08:00