=== release 1.10.2 === 2016-11-29 Sebastian Dröge * configure.ac: releasing 1.10.2 2016-11-29 14:09:44 +0200 Sebastian Dröge * po/el.po: * po/hr.po: po: Update translations 2016-11-28 13:51:41 +0200 Sebastian Dröge * gst/avi/gstavidemux.c: avidemux: Ensure that tags are valid UTF-8 before adding them to the taglist https://bugzilla.gnome.org/show_bug.cgi?id=775219 2016-11-28 12:22:49 +0200 Sebastian Dröge * gst/multipart/multipartdemux.c: multipartdemux: Post an error message on the bus if we got EOS without having added any pads 2016-11-28 12:00:09 +0200 Sebastian Dröge * ext/soup/gstsouphttpsrc.c: souphttpsrc: Handle non-UTF8 headers and error reasons more gracefully Especially don't put them into GstStructures in one way or another, just ignore them or error out cleanly depending on the importance of their content. 2016-11-28 09:30:25 +0200 Sebastian Dröge * gst/rtp/gstrtpvrawpay.c: vrawpay: Error out cleanly if mapping the video frame fails Instead of later dereferencing NULL and crashing. 2016-07-28 18:51:24 +0200 Philipp Zabel * sys/v4l2/gstv4l2bufferpool.c: gstv4l2bufferpool: lock flush_stop against regular qbuf These can be called from different threads and both manipulate the pool->buffers array. Lock them properly and let flush_stop move the array contents into a temporary array on the stack to avoid having to call release_buffer under the object lock. https://bugzilla.gnome.org/show_bug.cgi?id=775015 2016-11-24 14:25:22 +0100 Philipp Zabel * sys/v4l2/gstv4l2bufferpool.c: gstv4l2bufferpool: remove critical error message when process is called on an inactive pool If the pool is inactive, it is guaranteed to also be flushing, so the following check will return GST_FLOW_FLUSHING anyway. This can happen if a v4l2src is blocking on DQBUF in create and is sent an EOS event on another thread. In that case the pool is set to flushing/inactive without locking, the v4l2src is unblocked, and may call pool_process with a valid buffer on the already inactive pool. https://bugzilla.gnome.org/show_bug.cgi?id=775014 2016-11-24 14:41:52 +0100 Philipp Zabel * sys/v4l2/gstv4l2src.c: v4l2src: release buffer if create fails gst_base_src_get_range does not expect a buffer to be returned in the error case, so we are leaking a reference here if create fails. https://bugzilla.gnome.org/show_bug.cgi?id=775014 2016-11-20 13:08:27 +0200 Sebastian Dröge * gst/isomp4/qtdemux.c: qtdemux: Ensure that raw audio and video have properly aligned buffers That is, aligned to the basic type for audio and to 32 bytes for video. Fixes crashes if the raw buffers are passed to SIMD processing functions. https://bugzilla.gnome.org/show_bug.cgi?id=774428 2016-11-20 13:14:08 +0200 Sebastian Dröge * gst/avi/gstavidemux.c: * gst/avi/gstavidemux.h: avidemux: Ensure that raw video have properly aligned buffers That is, aligned to to 32 bytes for video. Fixes crashes if the raw buffers are passed to SIMD processing functions. https://bugzilla.gnome.org/show_bug.cgi?id=774428 2016-10-26 12:46:28 +0530 Jagadish * ext/gdk_pixbuf/gstgdkpixbufoverlay.c: gdkpixbufoverlay: Fixing x and y offset computation While computing the x and y offsets, it's the video resolution and resized overlay resolution to be used instead of actual overlay image resoltuion. Due to this, the overlay image used to get wrongly overlayed in undesired location https://bugzilla.gnome.org/show_bug.cgi?id=757292 2016-11-22 20:33:29 +0200 Sebastian Dröge * ext/vpx/gstvpxdec.c: vpxdec: libvpx's release buffer is sometimes called with fb->priv==NULL Don't assert on this but just ignore these cases. 2016-11-22 20:24:59 +0200 Sebastian Dröge * gst/matroska/matroska-demux.c: matroskademux: Fix cluster searching if we search multiple times in one chunk After finding a cluster id in the byte reader, we skip ahead the reader position by one further byte to be able to continue searching from there inside the same chunk if the cluster candidate was a false positive. We have to accomodate for that additional byte when resuming the search, otherwise all following pulls are off-by-one for every resume and we run into an assertion. 2016-11-22 20:01:20 +0200 Sebastian Dröge * gst/matroska/matroska-ids.c: matroska: Add size checks to the parsing of FLAC headers 2016-11-23 07:09:06 +1100 Matthew Waters * gst/flx/flx_color.c: * gst/flx/flx_fmt.h: * gst/flx/gstflxdec.c: * gst/flx/gstflxdec.h: flxdec: rewrite logic based on GstByteReader/Writer Solves overreading/writing the given arrays and will error out if the streams asks to do that. Also does more error checking that the stream is valid and won't overrun any allocated arrays. Also mitigate integer overflow errors calculating allocation sizes. https://bugzilla.gnome.org/show_bug.cgi?id=774859 2016-11-23 11:20:49 +0200 Sebastian Dröge * gst/flx/gstflxdec.c: flxdec: Don't unref() parent in the chain function We don't own the reference here, it is owned by the caller and given to us for the scope of this function. Leftover mistake from 0.10 porting. https://bugzilla.gnome.org/show_bug.cgi?id=774897 2016-11-22 23:46:00 +1100 Matthew Waters * gst/flx/gstflxdec.c: flxdec: fix some warnings comparing unsigned < 0 bf43f44fcfada5ec4a3ce60cb374340486fe9fac was comparing an unsigned expression to be < 0 which was always false. gstflxdec.c: In function ‘flx_decode_brun’: gstflxdec.c:322:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if ((glong) row - count < 0) { ^ gstflxdec.c:332:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if ((glong) row - count < 0) { ^ https://bugzilla.gnome.org/show_bug.cgi?id=774834 2016-11-22 19:05:00 +1100 Matthew Waters * gst/flx/gstflxdec.c: flxdec: add some write bounds checking Without checking the bounds of the frame we are writing into, we can write off the end of the destination buffer. https://scarybeastsecurity.blogspot.dk/2016/11/0day-exploit-advancing-exploitation.html https://bugzilla.gnome.org/show_bug.cgi?id=774834 2016-11-20 14:53:18 +0000 Tim-Philipp Müller * meson.build: meson: update version