Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (important)

An update that fixes one vulnerability, contains one
feature is now available.

Description:

This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base,
gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues:

gstreamer was updated to version 1.16.3 (bsc#1181255):

• delay creation of threadpools
• bin: Fix deep-element-removed log message
• buffer: fix meta sequence number fallback on rpi
• bufferlist: foreach: always remove as parent if buffer is changed
• bus: Make setting/replacing/clearing the sync handler thread-safe
• elementfactory: Fix missing features in case a feature moves to another
  filename
• element: When removing a ghost pad also unset its target
• meta: intern registered impl string
• registry: Use a toolchain-specific registry file on Windows
• systemclock: Invalid internal time calculation causes non-increasing
  clock time on Windows
• value: don’t write to const char *
• value: Fix segfault comparing empty GValueArrays
• Revert floating enforcing
• aggregator: fix iteration direction in skip_buffers
• sparsefile: fix possible crash when seeking
• baseparse: cache fix
• baseparse: fix memory leak when subclass skips whole input buffer
• baseparse: Set the private duration before posting a duration-changed
  message
• basetransform: allow not passthrough if generate_output is implemented
• identity: Fix a minor leak using meta_str
• queue: protect against lost wakeups for iterm_del condition
• queue2: Avoid races when posting buffering messages
• queue2: Fix missing/dropped buffering messages at startup
• identity: Unblock condition variable on FLUSH_START
• check: Use g_thread_yield() instead of g_usleep(1)
• tests: use cpu_family for arch checks
• gst-launch: Follow up to missing s/g_print/gst_print/g
• gst-inspect: Add define guard for g_log_writer_supports_color()
• gst-launch: go back down to GST_STATE_NULL in one step.
• device-monitor: list hidden providers before listing devices
• autotools build fixes for GNU make 4.3

gstreamer-plugins-good was updated to version 1.16.3 (bsc#1181255):

• deinterlace: on-the-fly renegotiation
• flacenc: Pass audio info from set_format() to query_total_samples()
  explicitly
• flacparse: fix broken reordering of flac metadata
• jack: Use jack_free(3) to release ports
• jpegdec: check buffer size before dereferencing
• pulse: fix discovery of newly added devices
• qtdemux fuzzing fixes
• qtdemux: Add 'mp3 ’ fourcc that VLC seems to produce now
• qtdemux: Specify REDIRECT information in error message
• rtpbin: fix shutdown crash in rtpbin
• rtpsession: rename RTCP thread
• rtpvp8pay, rtpvp9pay: fix caps leak in set_caps()
• rtpjpegdepay: outputs framed jpeg
• rtpjitterbuffer: Properly free internal packets queue in finalize()
• rtspsrc: Don’t return TRUE for unhandled query
• rtspsrc: Avoid stack overflow recursing waiting for response
• rtspsrc: Use the correct type for storing the max-rtcp-rtp-time-diff
  property
• rtspsrc: Error out when failling to receive message response
• rtspsrc: Fix for segmentation fault when handling set/get_parameter
  requests
• speex: Fix crash on Windows caused by cross-CRT issue
• speexdec: Crash when stopping the pipeline
• splitmuxsrc: Properly stop the loop if no part reader is present
• use gst_element_class_set_metadata when passing dynamic strings
• v4l2videodec: Increase internal bitstream pool size
• v4l2: fix crash when handling unsupported video format
• videocrop: allow properties to be animated by GstController
• videomixer: Don’t leak peer caps
• vp8enc/vp8enc: set 1 for the default value of VP8E_SET_STATIC_THRESHOLD
• wavenc: Fix writing of the channel mask with >2 channels

gstreamer-plugins-bad was updated to version 1.16.3 (bsc#1181255):

• amcvideodec: fix sync meta copying not taking a reference

• audiobuffersplit: Perform discont tracking on running time

• audiobuffersplit: Specify in the template caps that only interleaved
  audio is supported

• audiobuffersplit: Unset DISCONT flag if not discontinuous

• autoconvert: Fix lock-less exchange or free condition

• autoconvert: fix compiler warnings with g_atomic on recent GLib versions

• avfvideosrc: element requests camera permissions even with
  capture-screen property is true

• codecparsers: h264parser: guard against ref_pic_markings overflow

• dtlsconnection: Avoid segmentation fault when no srtp capabilities are
  negotiated

• dtls/connection: fix EOF handling with openssl 1.1.1e

• fdkaacdec: add support for mpegversion=2

• hls: Check nettle version to ensure AES128 support

• ipcpipeline: Rework compiler checks

• interlace: Increment phase_index before checking if we’re at the end of
  the phase

• lv2: Make it build with -fno-common

• h264parser: Do not allocate too large size of memory for registered user
  data SEI

• ladspa: fix unbounded integer properties

• modplug: avoid division by zero

• msdkdec: Fix GstMsdkContext leak

• msdkenc: fix leaks on windows

• musepackdec: Don’t fail all queries if no sample rate is known yet

• openslessink: Allow openslessink to handle 48kHz streams.

• opencv: allow compilation against 4.2.x

• proxysink: event_function needs to handle the event when it is
  disconnecetd from proxysrc

• vulkan: Drop use of VK_RESULT_BEGIN_RANGE

• wasapi: added missing lock release in case of error in
  gst_wasapi_xxx_reset

• wasapi: Fix possible deadlock while downwards state change

• waylandsink: Clear window when pipeline is stopped

• webrtc: Support non-trickle ICE candidates in the SDP

• webrtc: Unmap all non-binary buffers received via the datachannel

• meson: build with neon 0.31

• Drop upstream fixed patch: gstreamer-h264parser-fix-overflow.patch

• h264parser: guard against ref_pic_markings overflow (bsc#1181255
  CVE-2021-3185)

• Disable the kate/libtiger plugin. Kate streams for karaoke are not used
  anymore, and the source tarball for libtiger is no longer available
  upstream. (jsc#SLE-13843)

gstreamer-plugins-ugly was updated to version 1.16.3 (bsc#1181255):

• x264enc: corrected em_data value in CEA-708 CC SEI message

gstreamer-plugins-base was updated to version 1.16.3 (bsc#1181255):

• audioaggregator: Check all downstream allowed caps structures if they
  support the upstream rate
• audioaggregator: Fix negotiation with downstream if there is no peer yet
• audioencoder: fix segment event leak
• discoverer: Fix caps handling in pad-added signal handler
• discoverer: Start discovering next URI from right thread
• fft: Update our kiss fft version, fixes thread-safety and concurrency
  issues and misc other things
• gl: numerous memory fixes (use-after-free, leaks, missing NULL-ify)
• gl/display/egl: ensure debug category is initialized
• gstglwindow_x11: fix resize
• pbutils: Add latest H.264 level values
• rtpbuffer: fix header extension length validation
• video: Fix NV12_64Z32 number of component
• video-format: RGB16/15 are not 16 bit per component but only 5.333 and 5
• video: fix top/bottom field flags
• videodecoder: don’t copy interlace-mode from reference state
• appsrc/appsink: Make setting/replacing callbacks thread-safe
• compositor: Fix checkerboard filling for BGRx/RGBx and UYVY/YUY2/YVYU
• decodebin3: only force streams-selected seqnum after a select-streams
• glupload: Fix fallback from direct dmabuf to dmabuf upload method
• glvideomixer: perform _get_highest_precision() on the GL thread
• libvisual: use gst_element_class_set_metadata() when passing dynamic
  strings
• oggstream: Workaround for broken PAR in VP8 BOS
• subparse: accept WebVTT timestamps without an hour component
• playbin: Handle error message with redirection indication
• textrender: Fix AYUV output.
• typefind: Consider MPEG-PS PSM to be a PES type
• uridecodebin3: default to non-0 buffer-size and buffer-duration,
  otherwise it could potentially cause big memory allocations over time
• videoaggregator: Don’t configure NULL chroma-site/colorimetry
• videorate/videoscale/audioresample: Ensure that the caps returned from…
• build: Replace bashisms in configure for Wayland and GLES3

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3:

  zypper in -t patch openSUSE-SLE-15.3-2021-1819=1