continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
Fixes#98769.
Important changes from https://gstreamer.freedesktop.org/releases/1.18/:
* `gst-validate` was renamed to `gst-devtools` upstream:
> * the `gst-validate` tarball has been superseded by
> the `gst-devtools` tarball for consistency with the git module name.
* `gst-python` is now Python 3 only:
> * Python 2.x is no longer supported
Changes needed:
* core: dbghelp disabled as it's not needed
* core: Fixed script not being executable and skipped by patchShebangs
* base: gtk_doc disabled because of wayland symbol error
* ges: Patch removed that was merged upstream:
https://bugzilla.gnome.org/show_bug.cgi?id=794856#c16
gst-plugins-bad:
From the Arch Linux advisory:
- CVE-2017-5843 (arbitrary code execution): A double-free issue has
been found in gstreamer before 1.10.3, in
gst_mxf_demux_update_essence_tracks.
- CVE-2017-5848 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/
gst-plugins-base:
From the Arch Linux advisory:
- CVE-2017-5837 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
- CVE-2017-5839 (denial of service): An endless recursion issue
leading to stack overflow has been found in gstreamer before 1.10.3,
in gst_riff_create_audio_caps.
- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
been found in gstreamer before 1.10.3, in
html_context_handle_element.
- CVE-2017-5844 (denial of service): A floating point exception issue
has been found in gstreamer before 1.10.3, in
gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/
gst-plugins-good:
From the Arch Linux advisory:
- CVE-2016-10198 (denial of service): An invalid memory read flaw has
been found in gstreamer before 1.10.3, in
gst_aac_parse_sink_setcaps.
- CVE-2016-10199 (denial of service): An out of bounds read has been
found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.
- CVE-2017-5840 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in qtdemux_parse_samples.
- CVE-2017-5841 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
- CVE-2017-5845 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/
gst-plugins-ugly:
From the Arch Linux advisory:
- CVE-2017-5846 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_stream_props.
- CVE-2017-5847 (denial of service): An out-of-bounds read has been
found in gstreamer before 1.10.3, in
gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/
gstreamer:
From the Arch Linux advisory:
An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
(And while at it, gst-vaapi 0.6.0 -> 0.6.1.)
* gst-editing-services grew additional build time dependencies, flex and
perl.
* gst-libav switched from libav to ffmpeg as "libav" provider, see
http://gstreamer.freedesktop.org/releases/1.6/.
Without using ffmpeg, one may hit issues such as this (which I
initially did):
(gst-plugin-scanner:19751): GStreamer-WARNING **: Failed to load plugin '/nix/store/0wgpq2yx9wrkp2mh4rn1c7zbiq2bqa2l-gst-libav-1.6.1/lib/gstreamer-1.0/libgstlibav.so':
/nix/store/0wgpq2yx9wrkp2mh4rn1c7zbiq2bqa2l-gst-libav-1.6.1/lib/gstreamer-1.0/libgstlibav.so: undefined symbol: av_frame_get_sample_rate