version 3.4.3:
- avformat/movenc: Check input sample count
- avcodec/mjpegdec: Check for odd progressive RGB
- avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
- avcodec/vp8_parser: Do not leave data/size uninitialized
- avformat/mms: Add missing chunksize check
- avformat/pva: Check for EOF before retrying in read_part_of_packet()
- avformat/rmdec: Do not pass mime type in rm_read_multi() to ff_rm_read_mdpr_codecdata()
- avformat/asfdec_o: Check size_bmp more fully
- avcodec/indeo4: Check for end of bitstream in decode_mb_info()
- avcodec/shorten: Fix undefined addition in shorten_decode_frame()
- avcodec/shorten: Fix undefined integer overflow
- avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
- avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
- avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample
- avcodec/escape124: Fix spelling errors in comment
- avcodec/ra144: Fix integer overflow in ff_eval_refl()
- avcodec/cscd: Check output buffer size for lzo.
- avcodec/escape124: Check buf_size against num_superblocks
- avcodec/h264_parser: Reduce needed history for parsing mb index
- avcodec/magicyuv: Check bits left in flags&1 branch
- avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
- avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
- avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
- avutil/common: Fix undefined behavior in av_clip_uintp2_c()
- fftools/ffmpeg: Fallback to duration if sample rate is unavailable
- avformat/mov: Only set pkt->duration to non negative values
- avcodec/h264_slice: Fix overflow in recovery_frame computation
- avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei
- avcodec/h264_mc_template: Only prefetch motion if the list is used.
- avcodec/xwddec: Use ff_set_dimensions()
- avcodec/wavpack: Fix overflow in adding tail
- avcodec/shorten: Fix multiple integer overflows
- avcodec/shorten: Fix undefined shift in fix_bitshift()
- avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
- avcodec/shorten: Sanity check nmeans
- avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
- avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
- avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
- avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
- avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
- avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
- avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
- avcodec/fic: Avoid some magic numbers related to cursors
- avcodec/g2meet: ask for sample with overflowing RGB
- avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
- oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior
- avcodec/g723_1dec: Clip bits2 in both directions
- avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
- avcodec/mlpdec: Only change noise_type if the related fields are valid
- indeo4: Decode all or nothing of a band header.
- avformat/mov: Only fail for STCO/STSC contradictions if both exist
- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
- avcodec/fic: Check available input space for cursor
- avcodec/g2meet: Check RGB upper limit
- avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
- avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
- avcodec/g2meet: Change order of operations to avoid undefined behavior
- avcodec/flac_parser: Fix infinite loop
- avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
- avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
- avcodec/error_resilience: Fix integer overflow in filter181()
- avcodec/h263dec: Check slice_ret in mspeg4 slice loop
- avcodec/elsdec: Fix memleaks
- avcodec/vc1_block: simplify ac_val computation
- avcodec/ffv1enc: Check that the crc + version combination is supported
- lavf/http.c: Free allocated client URLContext in case of error.
- avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
- avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
- avcodec/dfa: Check dimension against maximum
- avcodec/cinepak: Skip empty frames
- avcodec/cinepak: move some checks prior to frame allocation
- swresample/arm: remove unintentional relocation.
- doc/APIchanges: Fix typos in hashes
- avformat/utils: Check cur_dts in update_initial_timestamps() more
- avcodec/utils: Enforce minimum width also for VP5/6
- avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
- avformat/utils: Fix integer overflow in end time calculation in update_stream_timings()
- avcodec/mjpegdec: Check input buffer size.
- avcodec/h264_slice: Fix integer overflow with last_poc
- avformat/mov: Fix extradata memleak
- lavc/libopusdec: Allow avcodec_open2 to call .close
- avcodec/movtextdec: Check style_start/end
- avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
- libavcodec/rv34: error out earlier on missing references
- swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
- avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
- avcodec/cscd: Error out when LZ* decompression fails
- avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
- avfilter/vf_signature: use av_strlcpy()
- avcodec/utvideodec: Set pro flag based on fourcc
- avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
- avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
- avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry()
- avcodec/get_bits: Make sure the input bitstream with padding can be addressed
- avformat/mov: Check STSC and remove invalid entries
- avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
- avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
- avcodec/wmalosslessdec: Reset num_saved_bits on error path
- avformat/mov: Fix integer overflows related to sample_duration
- avformat/img2dec: fix infinite loop
- avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE
- avformat/oggparseogm: Check lb against psize
- avformat/oggparseogm: Fix undefined shift in ogm_packet()
- avformat/avidec: Fix integer overflow in cum_len check
- avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
- avformat/utils: Fix integer overflow of fps_first/last_dts
- avformat/oggdec: Fix metadata memleak on multiple headers
- libavformat/oggparsevorbis: Fix memleak on multiple headers
- avformat/mov: Fix integer overflow in mov_get_stsc_samples()
- avcodec/truemotion2rt: Check input buffer size
- avcodec/g2meet: Check tile dimensions with av_image_check_size2()
- avcodec/exr: fix invalid shift in unpack_14()
- avcodec/bintext: sanity check dimensions
- avcodec/utvideodec: Check subsample factors
- avcodec/smc: Check input packet size
- avcodec/cavsdec: Check alpha/beta offset
- avcodec/diracdec: Fix integer overflow in mv computation
- avcodec/h264_parse: Clear invalid chroma weights in ff_h264_pred_weight_table()
- avcodec/aacdec_templat: Fix integer overflow in apply_ltp()
- avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
- avcodec/diracdec: Use int64 in global mv to prevent overflow
- avcodec/dxtory: Remove code that corrupts dimensions
- avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
- avcodec/hevcdec: Check luma/chroma_log2_weight_denom
- avcodec/jpeg2000dec: Use av_image_check_size2()
- avcodec/vp8: Check for bitstream end before vp7_fade_frame()
- avcodec/exr: Check remaining bits in last get code loop
- avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()
- avdevice/decklink_dec: Fix ;;
- avcodec/h264_cabac: Tighten allowed coeff_abs range
- avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()
- avdevice/iec61883: free the private context at the end
- avdevice/iec61883: return reference counted packets
- configure: add nvcc to CMDLINE_SET
- avcodec/mpeg4_unpack_bframes: make sure the packet is writable when data needs to be changed
- avcodec/mp3_header_decompress: don't free the user provided packet on error
- avcodec/extract_extradata: zero initalize the padding bytes in all allocated buffers
- avformat/hvcc: zero initialize the nal buffers past the last written byte
- swresample/rematrix: fix update of channel matrix if input or output layout is undefined
- avformat/matroskadec: ignore CodecPrivate if the stream is VP9
Version 25.0.0 "Prog Noir" 2018-07-12
New features and enhancements
* mkvmerge: SRT/ASS/SSA text subtitles: for files for which no encoding has
been specified, mkvmerge will try UTF-8 first before falling back to the
system's default encoding.
* mkvmerge: SRT/ASS/SSA/WebVTT text subtitles: a warning is now emitted if
invalid 8-bit characters are encountered outside valid multi-byte UTF-8
sequences.
* mkvmerge: Matroska & MPEG transport stream readers: the encoding of text
subtitles read from Matroska files can now be changed with the
`--sub-charset` parameter.
* Linux: starting with release 25 an AppImage will be provided which should
run on any Linux distribution released around the time of CentOS 7/Ubuntu
14.04 or later.
* macOS: translations: updated the `build.sh` script to build `libiconv` and a
complete `gettext`. Together with an additional fix to how translation files
are located, MKVToolNix can now use all interface languages on macOS,
too.
Bug fixes
* mkvmerge: AVC/h.264: fixed file identification failing for certain
elementary streams due to internal buffers not being cleared properly.
* mkvmerge: HEVC/h.265: fixed file identification failing for certain
elementary streams due to internal buffers not being cleared properly.
* mkvmerge: MLP code: fixed various issues preventing MLP from being parsed
correctly.
* mkvmerge: TrueHD/MLP packetizer; dialog volume normalization removal isn't
attempted if the track is an MLP track as the operation is only supported
for TrueHD, not MLP.
* mkvmerge: MPEG TS reader: when reading MPLS mkvmerge will now compare the
MPLS's start and end timestamps against the transport stream's PTS instead
of its DTS. Otherwise the first key frame of a video track might be dropped
if it isn't the first in presentation order.
* mkvmerge: JSON identification: mkvmerge will ensure that all strings passed
to the JSON output modules are valid UTF-8 encoded strings by replacing
invalid bytes with placeholder characters. This avoids the JSON library
throwing an exception and mkvmerge aborting on such data.
* mkvmerge: audio packetizers: mkvmerge will now keep discard padding values
if they're present for packets read from Matroska files.
* mkvmerge: Ogg Opus reader: packet timestamps aren't calculated by summing up
the duration of all packets starting with timestamp 0 anymore. Instead the
algorithm is based on the Ogg page's granule position and which packet
number is currently timestamped (special handling for the first and last
packets in the stream).
* This fixes the first timestamp if the first Ogg packet's granule position
is larger than the number of samples in the first packet (= if the first
sample's timestamp is bigger than 0). mkvmerge will keep those offsets now
and inserts "discard padding" only where it's actually needed.
* It also improves handling of invalid files where the first Ogg packet's
granule position is smaller than the number of samples in the first packet
(= the first sample's timestamp is smaller than 0). mkvmerge will now
shift all timestamps up to 0 in such a case instead of inserting "discard
padding" elements all over the place.
* mkvmerge will no longer insert "discard padding" elements if the
difference between a) the calculated number of samples in the packet
according to the granule position and b) the actual number of samples as
calculated from the bitstream is one sample or less and if the packet
isn't the last one in the stream. This circumvents certain rounding
errors.
* The timestamp of the first packet after a gap in the middle of the stream
is now calculated based on the Ogg page the packet belongs to, and not
based on the timestamps before the gap.
* mkvmerge: complete rewrite of the progress handling. It's now based upon the
total size of all source files and the current position within them instead
of the number of frames/blocks to be processed. This simplifies calculation
when appending files and fixes rare cases of when progress report was
obvious wrong (e.g. stuck at 0% right until the end).
* MKVToolNix GUI: header editor: non-mandatory elements couldn't be removed
anymore due to a regression while fixing 2320. They can now be removed
again.
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb18-24.html
Adobe Security Bulletin
Security updates available for Flash Player | APSB18-24
Summary
Adobe has released security updates for Adobe Flash Player for Windows,
macOS, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 30.0.0.113 and earlier versions.
Successful exploitation could lead to arbitrary code execution in the
context of the current user.
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
Centred around improving behavior with VLC 3.0
which introduced new API allowing correct roles being set on
PulseAudio streams and as a result notification volume control is now
actually working as expected. This also means automatic corking of
music streams on voice calls can work correctly.
4.10.1
Fixes cmake-level compatibility issues with Qt 5.11 for libphonon and
the backends.
4.10.0
Centred around improving behavior with VLC 3.0
which introduced new API allowing correct roles being set on
PulseAudio streams and as a result notification volume control is now
actually working as expected. This also means automatic corking of
music streams on voice calls can work correctly.
version 4.0.1:
- avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
- avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
- avutil/common: Fix undefined behavior in av_clip_uintp2_c()
- fftools/ffmpeg: Fallback to duration if sample rate is unavailable
- avformat/mov: Only set pkt->duration to non negative values
- avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a previous instance
- avformat/movenc: fix recognization of cover image streams
- avformat/movenc: properly handle cover image codecs
- avcodec/h264_slice: Fix overflow in recovery_frame computation
- avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei
- avcodec/h264_mc_template: Only prefetch motion if the list is used.
- avcodec/xwddec: Use ff_set_dimensions()
- avcodec/wavpack: Fix overflow in adding tail
- avcodec/shorten: Fix multiple integer overflows
- avcodec/shorten: Fix undefined shift in fix_bitshift()
- avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
- avcodec/shorten: Sanity check nmeans
- avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
- avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
- avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
- avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
- avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
- avcodec/h263dec: Reinitialize idct context if it has not been setup for the active profile
- avcodec/idctdsp: Clear idct/idct_add for studio profile
- avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
- avformat/bintext: Reduce detection for random .bin files as it more likely is not a multimedia related file
- avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
- avcodec/fic: Avoid some magic numbers related to cursors
- avcodec/mpeg4video: Detect reference studio streams as studio streams
- avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sample
- avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio profile
- avcodec/g2meet: ask for sample with overflowing RGB
- avcodec/idctdsp: Transmit studio_profile to init instead of using AVCodecContext profile
- avcodec/ac3dec: Check that the number of channels with dependant streams is valid
- avcodec/ac3dec: Fix null pointer dereference in ac3_decode_frame()
- avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
- oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior
- avcodec/g723_1dec: Clip bits2 in both directions
- avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
- avcodec/mlpdec: Only change noise_type if the related fields are valid
- indeo4: Decode all or nothing of a band header.
- avcodec/ac3dec: Use frame_size if superframe_size is 0
- avformat/mov: Only fail for STCO/STSC contradictions if both exist
- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
- avcodec/fic: Check available input space for cursor
- avcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profile
- avcodec/g2meet: Check RGB upper limit
- avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
- avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
- avcodec/g2meet: Change order of operations to avoid undefined behavior
- avcodec/flac_parser: Fix infinite loop
- avcodec/mpeg4videodec: Split decode_studio_vol_header() out of decode_studiovisualobject()
- avcodec/mpeg4videodec: Move decode_studiovisualobject() parsing in the branch for visual object parsing
- avcodec/mpeg4video_parser: Avoid litteral 0x1B6, use named constant instead
- avcodec/mpeg4video_parser: Fix incorrect spliting of MPEG-4 studio frames
- avformat/m4vdec: Use the same constant names as libavcodec
- avformat/m4vdec: Fix detection of raw MPEG-4 ES Studio
- avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
- avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
- avcodec/error_resilience: Fix integer overflow in filter181()
- avcodec/h263dec: Check slice_ret in mspeg4 slice loop
- avcodec/elsdec: Fix memleaks
- avcodec/vc1_block: simplify ac_val computation
- avcodec/ffv1enc: Check that the crc + version combination is supported
- configure: The eac3_core bitstream filter needs the ac3 parser.
- configure: fix arm inline asm checks
- lavf/libssh: translate a read of 0 to EOF
- ffprobe: fix SEGV when new streams are added
- avformat/mpegts: fix incorrect indentation
- avformat/mpegts: initialize section_buf to fix valgrind test failure
- avformat/mpegts: reindent after last change
- avformat/mpegts: parse sections with multiple tables
- avformat/mpegts: clean up whitespace
- avformat/mpegts: use MAX_SECTION_SIZE instead of hardcoded value
- avformat/mpegts: skip non-PMT tids earlier
- avcodec/mediacodecdec: add workaround for buggy amlogic mpeg2 decoder
- avcodec/mediacodecdec: wait on first frame after input buffers are full
- avcodec/mediacodecdec: restructure mediacodec_receive_frame
- avcodec/mediacodec_wrapper: add helper to fetch SDK_INT
- avcodec/mediacodecdec: refactor pts handling
- avcodec/mediacodecdec: use AV_TIME_BASE_Q
- avcodec/mediacodecdec: clarify delay_flush specific code
- avcodec/videotoolbox: fix decoding of some HEVC videos
- avcodec/hevc: remove videotoolbox hack
- avcodec/videotoolbox: split h264/hevc callbacks
- avcodec/videotoolbox: cleanups
- avcodec/videotoolbox: fix kVTCouldNotFindVideoDecoderErr trying to decode HEVC on iOS
- avcodec/videotoolbox: improve logging of decoder errors
- avcodec/xwddec: fix palette alpha
- avformat/webm_chunk: always use a static buffer for get_chunk_filename
- configure: fix configure check for lilv-0
- avcodec/nvdec_hevc: fix scaling lists
- avcodec/hevcdec: make ff_hevc_frame_nb_refs take a const pointer
- lavf/bluray: translate a read of 0 to EOF
- lavf/dashenc: don't call flush_init_segment before avformat_write_header
- avdevice/decklink_dec: unref packets on avpacket_queue_put error
- avcodec/hnm4video: fix palette alpha
- avcodec/anm: fix palette alpha
- avformat/qtpalette: parse color table according to the QuickTime file format specs
- ffplay: Fix realloc_texture when input texture is NULL.
- hwcontext_vaapi: Fix compilation with libva versions < 1.4.0
- lavf/qsv: clone the frame which may be managed by framework
- lavf: make overlay_qsv work based on framesync
- avformat/segafilm - revert keyframe detection
- avformat/utils: refactor upstream_stream_timings
- avformat/utils: ignore outlier durations on subtitle/data streams as well
This package shares a PKG_OPTIONS variable with the other ffmpeg
packages, so a user who requests the x264 option for them will end
up with a broken package for ffmpeg010.
This package shares a PKG_OPTIONS variable with the other ffmpeg
packages, so a user who requests the x264 option for them will end
up with a broken package for ffmpeg1.
Version 24.0.0 "Beyond The Pale":
New features and enhancements
* mkvmerge: MP4 reader: improved the detection of edit lists consisting of two
identical entries, each spanning the file's duration as given in the movie
header atom. The second entry is ignored in such cases.
* mkvmerge: JSON identification: the "display unit" video track property is
now reported as `display_unit`. The JSON schema has been bumped to v11 for
this change.
* mkvmerge, mkvextract: AVC/h.264: empty NALUs will now be removed.
* mkvextract: VobSub extraction: empty SPU packets will now be dropped during
extraction as other tools such as MP4Box cannot handle them
correctly.
Bug fixes
* mkvmerge: E-AC-3 parser: fixed determining the number of channels for
streams that contain an AC-3 core with dependent E-AC-3 frames.
* mkvmerge: Matroska reader: fixed mkvmerge buffering the whole file if a
video track is multiplexed that consists of only one or a few frames.
* mkvmerge: the "display unit" video track property will now be kept if it is
set in the source file.
* MKVToolNix GUI: multiplexer: when scanning playlists, all playlists were
offered for selection regardless of the value of the "minimum playlist
duration" setting.
* MKVToolNix GUI: multiplexer: deriving track languages from file names: the
regular sub-expressions for ISO 639-1 codes could match on empty strings,
too, causing matches in wrong places and hence no language being recognized
in certain situations.
* MKVToolNix GUI: header editor: fixed a crash when saving the file fails
(e.g. because it isn't writable).
* MKVToolNix GUI: header editor: the editor was wrongfully claiming that
mandatory elements with default values cannot be removed in the "status"
text.
* MKVToolNix GUI: preferences: on macOS & Linux the setting "enable copying
tracks by their type" wasn't restored on program start.
Other changes
* Niels Lohmann's JSON library: the bundled version has been updated from
v1.1.0 (git revision 54d3cab) to v3.1.1 (git revision g183390c1).
* pugixml library: the bundled version has been updated from v1.8 to v1.9
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
Adobe Security Bulletin
Security updates available for Flash Player | APSB18-19
Summary
Adobe has released security updates for Adobe Flash Player for Windows,
macOS, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 29.0.0.171 and earlier versions.
Successful exploitation could lead to arbitrary code execution in the
context of the current user.
Adobe is aware of a report that an exploit for CVE-2018-5002 exists
in the wild, and is being used in limited, targeted attacks against
Windows users. These attacks leverage Office documents with embedded
malicious Flash Player content distributed via email.
pkgsrc changes:
* remove a fix for glib2 pulled from upstream
* remove a gobject-introspection patch for netbsd-6 (seems fixed in upstream)
Upstream changes (from NEWS):
== Ruby-GNOME2 3.2.7: 2018-06-07
This is a packaging bug fix release of 3.2.6.
=== Changes
==== All
* Improvements
* Added support for using unreleased version with Bundler.
[Patch by cedlemo]
* Fixes
* Fixed a packaging bug that dependencies are missing.
== Ruby-GNOME2 3.2.6: 2018-06-06
This is a bug fix release of 3.2.5.
=== Changes
==== Document
* Improvements
* Updated project URL.
[GitHub#1174][Patch by okkez]
==== All
* Improvements
* Added support for using unreleased version with Bundler.
[Patch by cedlemo]
* Windows: Upgraded bundled library versions.
==== Ruby/GLib2
* Improvements
* (({GLib::Object.define_signal})): Added.
(({GLib::Object.signal_new})) is deprecated.
* (({GLib::Object.signal_new})): Changed to accept (({Symbol})) as
flags.
* (({GLib::Signal})): Migrated to (({TypedData})).
* (({GLib::Enum})): Migrated to (({TypedData})).
* (({GLib::Flags})): Migrated to (({TypedData})).
* (({GLib::Boxed})): Migrated to (({TypedData})).
* (({GLib::Param})): Migrated to (({TypedData})).
* (({rbgobj_signal_new()})): Added.
(({rbgobj_signal_wrap()})) is deprecated.
* Dropped GLib < 2.28 support.
* (({GLib::Variant.new})): Changed to accept (({String})) as
variant type.
* (({rbg_variant_type_from_ruby()})): Added.
* (({rbg_gc_guard()})): Added.
* (({rbg_gc_unguard()})): Added.
* Fixes
* Fixed a bug that signal created by (({GLib::Object.signal_new}))
may be GC-ed.
[GitHub#1166][Reported by Izumi Tsutsui]
==== Ruby/GObjectIntrospection
* Improvements
* (({GObjectIntrospection::Struct})): Migrated to (({TypedData})).
* Improved better function detection.
* Added heuristic callback data detection.
* Added support for getting flags field value.
* (({RBGICallbackData})): Hidden details.
* (({rb_gi_callback_data_get_metadata()})): Added.
* (({rb_gi_callback_data_get_rb_callback()})): Added.
* Added (({to_integer})) to (({to_i})) mapping.
[GitHub#1191][Patch by yosuke shiro]
==== Ruby/CairoGObject
* Improvements
* Added (({gtype})) class methods.
==== Ruby/GIO2
* Improvements
* (({Gio::MenuItem#set_attribute_value})): Improved argument conversion.
Callers don't need to create (({GLib::Variant})).
* (({Gio::Settings.new})): Added support for keyword (({Hash})).
[GitHub#1187][Patch by cedlemo]
==== Ruby/Pango
* Improvements
* (({Pango::Attribute})): Migrated to (({GLib::Boxed})).
* (({Pango::Rectangle#dup})): Added.
* (({rbpango_attribute_from_ruby()})): Added.
* Fixes
* Fixed a bug that wrong (({Pango::Attribute})) conversion.
[GitHub#1188][Reported by kojix2]
==== Ruby/GdkPixbuf2
* Improvements
* (({GdkPixbuf::Pixbuf#subpixbuf})): Added.
(({GdkPixbuf::Pixbuf#new_subpixbuf})) is deprecated.
* (({GdkPixbuf::Pixbuf#new})): Improved the default
(({row_stride})) value.
==== Ruby/GDK3
* Improvements
* (({Gdk::Cursor.new})): Added multiple calls with the same value.
[GitHub#1195][Reported by kojix2]
==== Ruby/GTK3
* Improvements
* Removed needless custom callback handlers.
* Dropped GTK+ 3.10 support.
* (({Gtk::Application.new})): Changed to all arguments are omittable.
* (({Gtk::TextBuffer#insert})): Changed to raise an exception for
unknown tag.
* Fixes
* Fixed a bug that (({Gtk::Version.or_later?})) requires the 3rd
argument.
* Fixed demo.
* [GitHub#1175][GitHub#1176][GitHub#1177][GitHub#1178][GitHub#1183]
[GitHub#1184][GitHub#1185]
[Reported by kojix2]
* [GitHub#1181][GitHub#1186][GitHub#1197][GitHub#1210]
[Patch by kojix2]
==== Ruby/Poppler
* Improvements
* (({Cairo::Context#show_poppler_page})): Added for consistency.
==== Ruby/RSVG2
* Improvements
* (({Cairo::Context#show_rsvg_handle})): Added for consistency.
==== Ruby/GStreamer
* Improvements
* (({Gst::Element.[]})): Added as a shortcut of
(({Gst::ElementFactory.make})).
* (({Gst::Bus#poll})): Made all arguments omittable.
=== Thanks
* Izumi Tsutsui
* okkez
* kojix2
* cedlemo
* yosuke shiro
mode only, now. Set the target to generic-gnu for powerpc based ports on NetBSD
to allow libvpx to build and run, though without any targetted optimization.
Resolves build issue on NetBSD/macppc which failed at configure stage otherwise.
TenFourFox has patches to add support for Altivec acceleration, which could be
used to add support back again locally.
https://github.com/classilla/tenfourfox/tree/master/media/libvpx
* specify --disable-sse4 to avoid non-PIE asm ops in libmpcodecs/vf_ass.c
that cause text relocations on NetBSD/i386
* explicitly pull pkgsrc/multimedia/libass to avoid internal libass
(which seems usually enabled by configure's autodetect)
* specify -fpic in configure for NetBSD/i386 to enable __PIC__ blocks
in some sources
* while here, use -mtune rather than -mcpu for not only gcc4 but
also 5.x and later
Bump PKGREVISIONs. Ok'ed by wiz@ in PR pkg/53319.
* explicitly specify --disable-asm on NetBSD/i386
* explicitly enable pic even for NetBSD/i386 as other architecture
Bump PKGREVISION. Ok'ed by wiz@ in PR pkg/53319.
1.14.1
Noteworthy bugfixes in 1.14.1
- GstPad: Fix race condition causing the same probe to be called
multiple times
- Fix occasional deadlocks on windows when outputting debug logging
- Fix debug levels being applied in the wrong order
- GIR annotation fixes for bindings
- audiomixer, audioaggregator: fix some negotiation issues
- gst-play-1.0: fix leaving stdin in non-blocking mode after exit
- flvmux: wait for caps on all input pads before writing header even
if source is live
- flvmux: don't wake up the muxer unless there is data, fixes busy
looping if there's no input data
- flvmux: fix major leak of input buffers
- rtspsrc, rtsp-server: revert to RTSP RFC handling of
sendonly/recvonly attributes
- rtpvrawpay: fix payloading with very large mtu sizes where
everything fits into a single RTP packet
- v4l2: Fix hard-coded enabled v4l2 probe on Linux/ARM
- v4l2: Disable DMABuf for emulated formats when using libv4l2
- v4l2: Always set colorimetry in S_FMT
- asfdemux: Set stream-format field for H264 streams and handle H.264
in bytestream format
- x265enc: Fix tagging of keyframes on output buffers
- ladspa: Fix critical during plugin load on Windows
- decklink: Fix COM initialisation on Windows
- h264parse: fix re-use across pipeline stop/restart
- mpegtsmux: fix force-keyframe event handling and PCR/PMT changes
that would confuse some players with generated HLS streams
- adaptivedemux: Support period change in live playlist
- rfbsrc: Fix support for applevncserver and support NULL pool in
decide_allocation
- jpegparse: Fix APP1 marker segment parsing
- h265parse: Make caps writable before modifying them, fixes criticals
- fakevideosink: request an extra buffer if enable-last-sample is
enabled
- wasapisrc: Don't provide a clock based on WASAPI's clock
- wasapi: Only use audioclient3 when low-latency, as it might
otherwise glitch with slow CPUs or VMs
- wasapi: Don't derive device period from latency time, should make it
more robust against glitches
- audiolatency: Fix wave detection in buffers and avoid bogus pts
values while starting
- msdk: fix plugin load on implementations with only HW support
- msdk: dec: set framerate to the driver only if provided, not in 0/1
case
- msdk: Don't set extended coding options for JPEG encode
- rtponviftimestamp: fix state change function init/reset causing
races/crashes on shutdown
- decklink: fix initialization failure in windows binary
- ladspa: Fix critical warnings during plugin load on Windows and fix
dependencies in meson build
- gl: fix cross-compilation error with viv-fb
- qmlglsink: make work with eglfs_kms
- rtspclientsink: Don't deadlock in preroll on early close
- rtspclientsink: Fix client ports for the RTCP backchannel
- rtsp-server: Fix session timeout when streaming data to client over
TCP
- vaapiencode: h264: find best profile in those available, fixing
negotiation errors
- vaapi: remove custom GstGL context handling, use GstGL instead.
Fixes GL Context sharing with WebkitGtk on wayland
- gst-editing-services: various fixes
- gst-python: bump pygobject req to 3.8; fix
GstPad.set_query_function(); dist autogen.sh and configure.ac in
tarball
- g-i: pick up GstVideo-1.0.gir from local build directory in GstGL
build
- g-i: update constant values for bindings
- avoid duplicate symbols in plugins across modules in static builds
- ... and many, many more!
Version 2.8
New features
1. :option:--asm avx512 used to enable AVX-512 in x265. Default disabled.
For 4K main10 high-quality encoding, we are seeing good gains; for other resolutions and presets, we don't recommend using this setting for now.
2. :option:--dynamic-refine dynamically switches between different inter refine levels. Default disabled.
It is recommended to use :option:--refine-intra 4' with dynamic refinement for a better trade-off between encode efficiency and performance than using static refinement.
3. :option:--single-sei
Encode SEI messages in a single NAL unit instead of multiple NAL units. Default disabled.
4. :option:--max-ausize-factor controls the maximum AU size defined in HEVC specification.
It represents the percentage of maximum AU size used. Default is 1.
5. VMAF (Video Multi-Method Assessment Fusion)
Added VMAF support for objective quality measurement of a video sequence.
Enable cmake option ENABLE_LIBVMAF to report per frame and aggregate VMAF score. The frame level VMAF score does not include temporal scores.
This is supported only on linux for now.
Encoder enhancements
1. Introduced refine-intra level 4 to improve quality.
2. Support for HLG-graded content and pic_struct in SEI message.
Bug Fixes
1. Fix 32 bit build error (using CMAKE GUI) in Linux.
2. Fix 32 bit build error for asm primitives.
3. Fix build error on mac OS.
4. Fix VBV Lookahead in analysis load to achieve target bitrate.
This fixes compilation problems with preprocessor pasting, but also
renames the library, thus requiring an ABI bump.
List of changes:
o Fix compilation error with -Werror=format-nonliteral
o Rename plugin to avoid dash in the name
gvc-applet: don’t try to increase refcount of a NULL object
gvc-combo-box: fix signal arguments
applet: restore icon for “Sound Preferences” menu item
avoid deprecated gdk_screen_get_height
applet: use GdkSeat with GTK+ >= 3.20
applet: make keyboard work in popup
gtk 3.22: avoid deprecated gdk_screen_get_monitor… functions:
refresh tray icon on icon theme change
mixer-dialog: remove style class .frame from a scrolledwindow
volume-control-dialog: avoid deprecated GtkAlignment
applet: show volume in popup even when muted
applet: improve volume increments
enable deprecation warnings by default
Translations update
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb18-16.html
Adobe Security Bulletin
Security updates available for Flash Player | APSB18-16
Summary
Adobe has released security updates for Adobe Flash Player for Windows,
Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 29.0.0.140 and earlier versions.
Successful exploitation could lead to arbitrary code execution in the
context of the current user.
Version 23.0.0 "The Bride Said No":
New features and enhancements
* mkvmerge: input: format detection uses file-extension to improve performance
and to give preference when several formats match.
* mkvmerge: AV1: added support for reading AV1 video from Open Bitstream Unit
files.
* mkvmerge: AV1: adjusted the code for the AV1 bitstream format changes made
up to 2018-05-02.
* mkvmerge: MP4 reader: if a track has an edit list with two identical
entries, each spanning the file's duration as given in the movie header
atom, then the second entry will now be ignored. Improves the handling of
files with bogus data.
* MKVToolNix GUI: multiplexer: added options to only enable tracks of certain
types by default.
* MKVToolNix GUI: multiplexer: added an option to enable dialog normalization
gain removal by default for all audio tracks for which the operation is
supported.
* MKVToolNix GUI: multiplexer: when deriving track languages from the file
names is active and the file name contains the usual season/episode pattern
(e.g. "S02E14"), then only the part after the season/episode pattern will be
used for detecting the language.
* MKVToolNix GUI: multiplexer: the regular expression used for deriving track
languages from the file names can now be customized in the preferences.
* MKVToolNix GUI: multiplexer: the user can now customize the list of track
languages the GUI recognizes in file names. This list defaults to a handful
of common languages instead of the full list of supported languages.
Upstream changes (from NEWS):
== Ruby-GNOME2 3.2.5: 2018-05-02
This is a bug fix release of 3.2.4.
=== Changes
==== Document
* Fixes
* Fixed typos.
[GitHub#1158][Patch by kojix2]
[GitHub#1160][Patch by kojix2]
==== Ruby/GLib2
* Fixes
* Fixed a GC related crash bug.
[GitHub#1162][Reported by Izumi Tsutsui]
==== Ruby/GObjectIntrospection
* Improvements
* Disabled NULL check for GObject Introspection < 1.42. Because
GObject Introspection < 1.42 doesn't support "(nullable)"
annotation yet.
==== Ruby/GdkPixbuf2
* Improvements
* (({GdkPixbuf::Pixbuf#composite})): Suppressed wrong warning.
[GitHub#1156][Reported by Chaistrin]
[GitHub#1157][Patch by cedlemo]
* Fixes
* Added a missing white space into message.
[GitHub#1155][Reported by Robert A. Heiler]
* (({GdkPixbuf::Pixbuf#composite})): Fixed a bug that width and
height are ignored.
[Patch by cedlemo]
==== Ruby/GTK3
* Improvements
* (({Gtk::TextBuffer#initialize})): Accepted "property-name" form.
[GitHub#1161][Reported by kojix2]
==== Ruby/Poppler
* Improvements
* Added a workaround for poppler-glib 0.63 bug.
[GitHub#1159][Reported by HIGUCHI Daisuke]
=== Thanks
* Robert A. Heiler
* Chaistrin
* cedlemo
* kojix2
* Izumi Tsutsui
* HIGUCHI Daisuke
0.28.2
This release contains an additional fix for CVE-2018-6360.
Fixes and Minor Enhancements
ytdl_hook: whitelist subtitle URLs as well (#5456)
0.28.1
This release fixes CVE-2018-6360.
Fixes and Minor Enhancements
ytdl_hook: whitelist protocols from urls retrieved from youtube-dl (#5456)
0.28.0
This release needs recent FFmpeg (newer than 3.4) due to major refactoring.
Required library versions:
libavutil >= 56.6.100
libavcodec >= 58.7.100
libavformat >= 58.0.102
libswscale >= 5.0.101
libavfilter >= 7.0.101
libswresample >= 3.0.100
The LGPL 2.1+ relicensing process is now mostly complete. The remaining GPL-only
code (see Copyright file) can be disabled at build time by using --enable-lgpl.
Features
Added
Add DRM_PRIME Format Handling and Display for RockChip MPP decoders
csputils: Add support for Display P3 primaries
demux: support multiple seekable cached ranges, display cache ranges on OSC
demux_playlist: support .url files (#5107)
dvb: Add multiple frontends support (up to 8)
dvb: implement parsing of modulation for VDR-style channels config
hwdec: add mediacodec hardware decoder for IMGFMT_MEDIACODEC frames,
rename mediacodec to mediacodec-copy
lua: integrate stats.lua script (bound to i/I by default)
vd_lavc: add support for nvdec hwaccel
vo_gpu: add android opengl backend
vo_gpu: initial d3d11 support
vo_gpu: vulkan support
Removed
af: remove deprecated audio filters (channels, equalizer, pan, volume;
replacements in lavfi)
vf: remove most GPL video filters (crop, dsize, expand, flip, gradfun, mirror,
noformat, pullup, rotate, scale, stereo3d, yadif; replacements in lavfi)
vf_buffer: remove this filter
video: remove automatic stereo3d filter insertion
vo_gpu: remove hwdec_vaglx interop
vo_opengl: refactor into vo_gpu
vo_wayland: remove
Options and Commands
Added
demux: add option to create CC tracks eagerly (--sub-create-cc-track)
options: add --start=none to reset previously set start time
options: add --vlang switch
Changed
cache: lower default size to 2*10MB
demux: bump the demuxer cache readahead duration to 10 hours
demux: use seekable cache for network by default, bump prefetch limit
msg: make --msg-level affect --log-file too
player/misc.c: allow both --length and --end to control play endpoint
player: match subtitles with language tags with --sub-auto=exact
rename --opengl-hwdec-interop to --gpu-hwdec-interop (now mostly useless)
vd_lavc: prefer nvdec over vdpau with --hwdec=auto (better codec and surface
format support)
vd_lavc: rename --hwdec=rpi to --hwdec=mmal
Removed
options: remove --heartbeat-cmd and --heartbeat-interval
(incidentally fixes#4888)
Fixes and Minor Enhancements
TOOLS/autoload.lua: add ogm, ogg and opus extensions
Use /dev/tty instead of stdin for terminal input (#4190)
audio: add audio softvol processing to AO (replaces previously GPL’d code)
audio: fix channel conversion with NA channels (e.g. with ALSA)
audio: fix missing volume update on init and reinit
csputils: Fix DCI P3 primaries white point
demux: don't allow subtitles to mess up buffered time display
demux: fix .cue files with audio files that contain attached pictures
demux: fix accounting for seekable ranges on track switches (fixes missing
audio when cycling through audio tracks with e.g. EDL, --merge-files, ordered
chapters and youtube-dl pseudo DASH)
demux: fix crash with cue/ordered chapter files (#5027)
demux: speed up cache seeking with a coarse index
demux_lavf: always give libavformat the filename when probing
(helps with mp3 files)
demux_mkv: add V_SNOW tag to mkv_video_tags
dvb: Fix long channel switching: next/prev channel
dvb: fixes for ATSC tuning
lavc_conv: clamp timestamps to positive (#5047)
macOS: fix bundle on macOS High Sierra (10.13) (#4926, #4866)
mp_image: always copy color attributes on hw download (#4804)
mp_image: select an explicit fallback for chroma location (#4804)
msg: bump log level of --log-file to -v -v
msg: reinterpret a bunch of message levels
osc: fix rare stack overflow when changing visibility mode
osdep/io: add android-related bullshit to fix files >2 GiB
player/playloop.c: respect playback start time when using --loop-file
player: allow seeking in cached parts of unseekable streams
player: make track language matching case insensitive (#5272)
player: use start timestamp for ab-looping if --ab-loop-a is absent
player: when loading external file, always add all track types (#5132)
restore-old-bindings.conf: add old macOS/Wayland AXIS bindings
screenshot: create directories from template
scripting: report dlerror() output
sd_ass: accept RFC8081 font media types
sd_ass: accept otc as fallback OpenType collection file extension
stream_libarchive: work around various types of locale braindeath
(https://git.io/vbiFJ)
subprocess-win: don't change the mouse cursor when creating processes
video: add a hack to avoid missing subtitles with vf_sub (#5194)
video: fix alpha handling (#4983)
video: fix memory leaks (roughly 1 KB per decoded frame) with hwdec copy modes
video: fix rotation and deinterlace auto filters
video: properly pass through ICC data
vo: add support for externally driven renderloop and make wayland use it
(partially fixes display-sync under wayland; disables rendering when window
is invisible)
vo_gpu: change --tone-mapping-desaturate algorithm
vo_gpu: enable 3DLUTs in dumb mode
vo_gpu: fix gamma scale
vo_gpu: fix mobius tone mapping compatibility to GLSL 120 (#5069)
vo_gpu: fix video sometimes not being rerendered on equalizer change
vo_gpu: kill off FBOTEX_FUZZY (#1814)
vo_gpu: opengl: fix possible screenshot window crash (#4905)
vo_gpu: opengl: use GLX_MESA_swap_control where available
vo_gpu: reduce the --alpha=blend-tiles checkerboard intensity
vo_gpu: win: remove exclusive-fullscreen detection hack
vo_lavc: remove messy delayed subtitle rendering logic (#4689)
wayland_common: implement output tracking, many cleanups and bugfixes
Windows: skip window snapping if Windows handled it
Windows: add more-POSIXy versions of open() and fstat() (#4711)
ytdl_hook: don't prepend ytdl:// to non-youtube links in playlists (#5003)
