Category Archives: Uncategorized

MKVToolNix v51.0.0 released

Hello everyone,

I’ve just pushed out MKVToolNix v51. As expected the new IETF BCP 47 language tag functionality introduced in v50 had a couple of bugs, which I’ve fixed in v51. Apart from that I’ve also started fuzzying mkvmerge, which turned up several issues that have also been fixed. Fuzzying will continue in the future and I fully expect a lot more bugs to be unearthed by it.

Important news for package managers is that `configure` can now detect and use a system-wide installed copy of the JPCRE2 header library. If it isn’t found, the bundled version will be used (just like in v50).

You can download the source code or one of the binaries. The Windows and macOS binaries as well as the Linux AppImage are available already. The other Linux binaries are stil being built and will be available over the course of the next couple of hours.

Here are the NEWS since the previous release:

New features and enhancements

  • mkvmerge, mkvpropedit, MKVToolNix GUI: IETF BCP 47 language tags: added
    missing support for UN M.49 regions for which there are no corresponding ISO
    3166 alpha codes. This enables language tags such as es-419 = Spanish in
    Latin America and the Caribbean. Implements #2919.
  • MKVToolNix GUI: IETF BCP 47 language tags: the text in the widget displaying
    the current language & the corresponding edit button is now displayed like a
    link (depending on the theme: different color & underlined), making it
    clearer that not just the edit button can be clicked but the text, too.

Bug fixes

  • mkvmerge: AV1 parser: fixed mkvmerge crashing after uncaught exceptions due
    to certain data conditions. Found by fuzzying.
  • mkvmerge: AV1 packetizer: the duration of frames wasn’t set properly. When
    appending AV1 IVF or OBU files this meant that the last frame of the Nth
    file and the first frame of file N+1 had the same timestamp. Fixes #2937.
  • mkvmerge: DTS reader: fixed handling of buffers with an odd length when
    byte-swapped DTS is detected so that mkvmerge doesn’t abort with a failed
    assertion. Found by fuzzying.
  • mkvmerge: h.264/AVC and h.265/HEVC elementary stream readers: mkvmerge will
    no longer claim to recognize data that looks like AVC or HEVC but with
    invalid video width/height values as that lead to failed assertions in
    libEBML later. Found by fuzzying.
  • mkvmerge: h.265/HEVC parser: fixed mkvmerge aborting after uncaught
    exceptions due to certain data constellations found by fuzzying.
  • mkvmerge: IVF reader: fixed mkvmerge crashing with a "division by zero"
    error due to certain data conditions. Found by fuzzying.
  • mkvmerge: fixed mkvmerge aborting with a "division by zero" error due to the
    timestamp scaling factor being 0 after handling certain data constellations
    found by fuzzying.
  • mkvmerge: track statistics: fixed a "division by zero" error when the
    content’s shorter than 1ms. Found by fuzzying.
  • mkvmerge, mkvinfo, mkvextract, mkvpropedit: Matroska access class: fixed an
    invalid memory access under certain data conditions. Found by fuzzying.
  • MKVToolNix GIU: IETF BCP 47/RFC 5646 language tags: the GUI will no longer
    open the language dialog when clicking on a disabled language display
    widget.
  • MKVToolNix GUI: IETF BCP 47 language tags: the "variants" combo-boxes were
    not populated even when the language tag was valid and contained at a
    variant. Fixes #2923.
  • MKVToolNix GUI: IETF BCP 47 language tags: when no language is selected, at
    least one of the other components (extended subtags, region, or variants)
    has something selected and "private use" is not empty, the GUI would claim
    this to be a valid tag, which it isn’t. Fixes #2924.
  • MKVToolNix GUI: multiplexer: when the tracks/chapters/tags selection changes
    from "at least one entry selected" to "no entry selected", the input
    controls will be reset to their default state and not just disabled. Fixes
    #2927.

Build system changes

  • configure now checks for the presence of the a system-wide installed copy
    of the JPCRE2 C++ wrapper library for the PCRE2 library and uses that if
    it’s new enough (at least v10.32.1). If not, the bundled version will be
    used as a fallback. Implements #2929.

Have fun!

Debian/Ubuntu APT repository changes

In the upcoming release of Ubuntu 18.04 APT repositories without signed “Release” files aren’t supported out of the box anymore. I’ve therefore changed my Debian & Ubuntu APT repositories to a new layout that includes proper “Release” files. This also means that you have to update your APT repository definition.

Here’s what such a change would look like:

Before:

deb https://mkvtoolnix.download/ubuntu/artful/ ./
deb-src https://mkvtoolnix.download/ubuntu/artful/ ./

After:

deb https://mkvtoolnix.download/ubuntu/ artful main
deb-src https://mkvtoolnix.download/ubuntu/ artful main

Head over to the downloads page where you can copy & pate the appropriate entries from.

MKVToolNix v18.0.0 released

Welcome to release v18.0.0 of MKVToolNix. This is just a smallish bug fix release which also contains a couple of performance improvements.

There were no changes for package maintainers.

You can download the source code or one of the binaries. The Windows and macOS binaries are available already. The Linux binaries are stil being built and will be available of the course of the next couple of hours.

Here are the NEWS since the previous release:

New features and enhancements

  • build system: when building with clang v3.8.0 or newer, configure will no longer restrict optimization flags to -O1 and use -O3 again (older versions of clang suffered from excessive memory usage with higher optimization levels).
  • build system: when building with mingw 7.2.0 or newer, configure will no longer restrict optimization flags to -O2 and use -O3 again (older versions of mingw suffered from bugs such as segmentation faults with higher optimization levels).
  • build system: stack protection is enabled when building with clang 3.5.0 or newer on all platforms.
  • mkvmerge: AVC & HEVC ES parsers: performance improvements by copying much less memory around.
  • mkvmerge: tags: reintroduced a workaround for non-compliant files with tags that do not contain the mandatory SimpleTag element. This workaround was removed during code refactoring in release v15.0.0.
  • GUI: multiplexer: the "AAC is SBR/HE-AAC/AAC+" checkbox in the "audio properties" section will be disabled if the functionality is not implemented for the selected track’s codec & container.
  • GUI: multiplexer: the "reduce to core" checkbox in the "audio properties" section will be disabled if the functionality is not implemented for the selected track’s codec. See #2134.

Bug fixes

  • mkvmerge: AAC ADTS parser: fixed interpretation of the channel_configuration header element for ADTS files that do not contain a program configuration element: value 7 means 7.1 channels. Fixes #2151.
  • mkvmerge: Matroska identification: the date_local and date_utc attributes will only be output if the identified Matroska file actually contains the "date" header field.
  • mkvmerge: WebVTT: mkvmerge did not recognize timestamp lines if the hours components were absent. Fixes #2139.
  • mkvpropedit, GUI’s header editor: the date header field won’t be added automatically anymore whenever the segment info section is edited and the date element is either deleted or not present in the first place. Fixes #2143.

Have fun :)

MKVToolNix not affected by FossHub breach

Last week FossHub was breached by attackers from the group PeggleCrew. As I’m using FossHub as the primary mean of distributing Windows and MacOS binaries for MKVToolNix, users have asked me whether MKVToolNix or my other servers have been compromised, too.

To the best of my knowledge the answer is: no.

I base this on several facts:

  • Last week the FossHub administrators sent an quick announcement to the developers hosting their software on FossHub on the day the breach was discovered. In it the admins were very open and honest about how they’d been breached, what the attackers had had access to, and what had been modified. While they did have access to the MKVToolNix binaries, those binaries were not modified.
  • Several reports about the incident that have been release since by various media do not list MKVToolNix either.
  • The group’s Twitter account didn’t list MKVToolNix as a modified program.
  • To date I haven’t received a single report by a user about a MKVToolNix binary that was acting suspiciously or that was detected by anti virus tools as dangerous.

Another thing the attackers did have access to was the account database used for the developer section of the site. That database includes the passwords, and they’ve allegedly not been salted. This, however, doesn’t pose a problem for me either:

  • I’m using random, long passwords for such sites. Therefore it’s irrelevant whether or not the passwords have been salted as rainbow attacks (the use of pre-computed tables containing the cleartext passwords and their hashed checksums) aren’t effective against randomly generated passwords.
  • Even more important is that I don’t re-use passwords on other sites. So even if someone was able to determine the cleartext version of my FossHub password, it wouldn’t do them any good as it cannot be used to gain entry to any other service I’m using.

There are two things Windows users can do to verify that the binaries they’ve downloaded from FossHub are clean. The first is to verify its SHA-1 and SHA-512 checksums. I provide both checksums on my own server, and they’re always linked to from the download page: SHA1 checksums for 9.3.1, SHA512 checksums. Checksums for other versions can be queried by replacing the version number 9.3.1 in the URL with the one you’re interested in.

The second thing is to check that the executables (both the installer’s executable as well as the ones for the actual tools) are signed by the right certificate. I’m using a certificate signed by StartSSL (StartCom) (“CN = StartCom Class 2 Object CA, OU = StartCom Certification Authority, O = StartCom Ltd., C = IL”). My current certificate’s serial number is ‎5a:d8:f8:75:9a:c3:46:ae:8b:ec:99:15:eb:b5:5d:04 and its SHA1 fingerprint is 48:13:1B:5D:41:63:12:07:D2:86:20:6C:28:F3:78:C8:06:6F:34:AA, though those two values are subject to change when the certificate will be renewed in 2018.