During the 1.14 -> 1.15 upgrade, lots of stuff stopped working because
gstreamer changed what features are enabled by default and which ones are
automatically turned on/off via pkgconfig dependency detection.
This resulted in the `gstreamer` ("core" attribute in nixpkgs) package
to have only 15 of its previous 163 build targets enabled, and downstream
packages breaking correspondingly.
To ease maintainability and to ensure users will find the expected features
available (and when not, will see in the nix file why not), we now pass
the `-Dauto_features=enabled` Meson build flag to all gstreamer builds,
which sets all `auto` dependencies to `enabled`, and we explicitly disable
those that we can't build.
This means in particular that `gst-plugins-bad` now has vastly more integrations
(namely all for which nixpkgs has libraries available).
Corebird requires gtksink gstreamer plugin to play videos. [1] The plugin,
however, is only built when GTK is available.
This patch adds gtk3 as an optional dependency to gst_all_1.gst-plugins-bad
package, allowing the build of gtksink.
[1]: https://github.com/baedert/corebird/issues/431
gst-plugins-bad:
From the Arch Linux advisory:
- CVE-2017-5843 (arbitrary code execution): A double-free issue has
been found in gstreamer before 1.10.3, in
gst_mxf_demux_update_essence_tracks.
- CVE-2017-5848 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/
gst-plugins-base:
From the Arch Linux advisory:
- CVE-2017-5837 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
- CVE-2017-5839 (denial of service): An endless recursion issue
leading to stack overflow has been found in gstreamer before 1.10.3,
in gst_riff_create_audio_caps.
- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
been found in gstreamer before 1.10.3, in
html_context_handle_element.
- CVE-2017-5844 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/
gst-plugins-good:
From the Arch Linux advisory:
- CVE-2016-10198 (denial of service): An invalid memory read flaw has
been found in gstreamer before 1.10.3, in
gst_aac_parse_sink_setcaps.
- CVE-2016-10199 (denial of service): An out of bounds read has been
found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.
- CVE-2017-5840 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in qtdemux_parse_samples.
- CVE-2017-5841 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
- CVE-2017-5845 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/
gst-plugins-ugly:
From the Arch Linux advisory:
- CVE-2017-5846 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_stream_props.
- CVE-2017-5847 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/
gstreamer:
From the Arch Linux advisory:
An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
(And while at it, gst-vaapi 0.6.0 -> 0.6.1.)
* gst-editing-services grew additional build time dependencies, flex and
perl.
* gst-libav switched from libav to ffmpeg as "libav" provider, see
http://gstreamer.freedesktop.org/releases/1.6/.
Without using ffmpeg, one may hit issues such as this (which I
initially did):
(gst-plugin-scanner:19751): GStreamer-WARNING **: Failed to load plugin '/nix/store/0wgpq2yx9wrkp2mh4rn1c7zbiq2bqa2l-gst-libav-1.6.1/lib/gstreamer-1.0/libgstlibav.so':
/nix/store/0wgpq2yx9wrkp2mh4rn1c7zbiq2bqa2l-gst-libav-1.6.1/lib/gstreamer-1.0/libgstlibav.so: undefined symbol: av_frame_get_sample_rate