diff --git a/0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch b/0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch deleted file mode 100644 index a9a7a29..0000000 --- a/0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 7095b7c47a84d54e3ea8fec57bac4d7855c4c28c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= -Date: Fri, 26 Apr 2019 09:44:07 +0300 -Subject: [PATCH] id3tag: Correctly validate the year from v1 tags before - passing to GstDateTime - -By using strtoul(), invalid values will get mapped to MAXULONG and we -would have to check errno. They won't get mapped to 0. - -To solve this, use the signed g_ascii_strtoll(). This will map errors to -0 or G_MAXINT64 or G_MININT64, and the valid range for GstDateTime is > -0 and <= 9999 so we can directly check for this here. - -Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/issues/384 ---- - gst-libs/gst/tag/gstid3tag.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/gst-libs/gst/tag/gstid3tag.c b/gst-libs/gst/tag/gstid3tag.c -index 1149d5bce..4a528d7ee 100644 ---- a/gst-libs/gst/tag/gstid3tag.c -+++ b/gst-libs/gst/tag/gstid3tag.c -@@ -262,7 +262,7 @@ gst_tag_extract_id3v1_string (GstTagList * list, const gchar * tag, - GstTagList * - gst_tag_list_new_from_id3v1 (const guint8 * data) - { -- guint year; -+ gint64 year; - gchar *ystr; - GstTagList *list; - -@@ -275,9 +275,9 @@ gst_tag_list_new_from_id3v1 (const guint8 * data) - gst_tag_extract_id3v1_string (list, GST_TAG_ARTIST, (gchar *) & data[33], 30); - gst_tag_extract_id3v1_string (list, GST_TAG_ALBUM, (gchar *) & data[63], 30); - ystr = g_strndup ((gchar *) & data[93], 4); -- year = strtoul (ystr, NULL, 10); -+ year = g_ascii_strtoll (ystr, NULL, 10); - g_free (ystr); -- if (year > 0) { -+ if (year > 0 && year <= 9999) { - GstDateTime *dt = gst_date_time_new_y (year); - - gst_tag_list_add (list, GST_TAG_MERGE_REPLACE, GST_TAG_DATE_TIME, dt, NULL); --- -2.16.4 - diff --git a/CVE-2019-9928.patch b/CVE-2019-9928.patch deleted file mode 100644 index 8152c83..0000000 --- a/CVE-2019-9928.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001 -From: Tobias Ronge -Date: Thu, 14 Mar 2019 10:12:27 +0100 -Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow - -The former code allowed an attacker to create a heap overflow by -sending a longer than allowed session id in a response and including a -semicolon to change the maximum length. With this change, the parser -will never go beyond 512 bytes. ---- - gst-libs/gst/rtsp/gstrtspconnection.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c -index a6755bedd..c0429064a 100644 ---- a/gst-libs/gst/rtsp/gstrtspconnection.c -+++ b/gst-libs/gst/rtsp/gstrtspconnection.c -@@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message, - maxlen = sizeof (conn->session_id) - 1; - /* the sessionid can have attributes marked with ; - * Make sure we strip them */ -- for (i = 0; session_id[i] != '\0'; i++) { -+ for (i = 0; i < maxlen && session_id[i] != '\0'; i++) { - if (session_id[i] == ';') { - maxlen = i; - /* parse timeout */ --- -2.20.1 - diff --git a/gst-plugins-base-1.14.4.tar.xz b/gst-plugins-base-1.14.4.tar.xz deleted file mode 100644 index be44233..0000000 --- a/gst-plugins-base-1.14.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ca6139490e48863e7706d870ff4e8ac9f417b56f3b9e4b3ce490c13b09a77461 -size 3703232 diff --git a/gst-plugins-base-1.14.5.tar.xz b/gst-plugins-base-1.14.5.tar.xz new file mode 100644 index 0000000..2b802c1 --- /dev/null +++ b/gst-plugins-base-1.14.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7bfa9b329ea7f3c654fa1b2d43650bf2646598a5e3cb21f42c516b7e975d638e +size 3717076 diff --git a/gstreamer-plugins-base.changes b/gstreamer-plugins-base.changes index 39fb6bc..3f2604b 100644 --- a/gstreamer-plugins-base.changes +++ b/gstreamer-plugins-base.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Fri May 31 21:36:38 UTC 2019 - Bjørn Lie + +- Update to version 1.14.5: + + audioconvert: fix endianness conversion for unpacked formats + (e.g. S24_32BE). + + audioringbuffer: Fix wrong memcpy address when reordering + channels. + + decodebin2: Make sure to remove pad probes when freeing + GstDecodeGroup. + + glviewconvert: fix output when a transformation matrix is used. + + glupload: + - Prevent segfault when updating caps. + - dmabuf: be explicit about gl formats used. + + gl/egl: Determine correct format on dmabuf import. + + id3tag: validate the year from v1 tags before passing to + GstDateTime. + + rtpbasepayload: Fix sequence numbers when using buffer lists. + + rtspconnection: + - Fix security issue, potential heap overflow (CVE-2019-9928). + - Fix GError set over the top of a previous GError. + - Do not duplicate authentication headers. + + subparse: don’t assert when failing to parse subrip timestamp. + + video: various convert sample frame fixes. + + video-converter: fix conversion from I420_10LE/BE, I420_12LE/BE, + A420_10LE/BE to BGRA/RGBA which created corrupted output. + + video-format: Fix GBRA_10/12 alpha channel pixel strides. +- Drop upstream fixed patches: + + CVE-2019-9928.patch + + 0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch + ------------------------------------------------------------------- Thu May 16 21:48:14 UTC 2019 - mgorse@suse.com diff --git a/gstreamer-plugins-base.spec b/gstreamer-plugins-base.spec index 6922618..e58e7f3 100644 --- a/gstreamer-plugins-base.spec +++ b/gstreamer-plugins-base.spec @@ -20,7 +20,7 @@ %define gst_branch 1.0 %define gstreamer_plugins_base_req %(xzgrep --text "^GST[_A-Z]*_REQ" %{SOURCE0} | sort -u | sed 's/GST_REQ=/gstreamer >= /') Name: gstreamer-plugins-base -Version: 1.14.4 +Version: 1.14.5 Release: 0 Summary: GStreamer Streaming-Media Framework Plug-Ins License: LGPL-2.1-or-later AND GPL-2.0-or-later @@ -29,9 +29,6 @@ URL: https://gstreamer.freedesktop.org/ Source0: https://gstreamer.freedesktop.org/src/gst-plugins-base/%{_name}-%{version}.tar.xz Source1: gstreamer-plugins-base.appdata.xml Source2: baselibs.conf -Patch0: 0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch -# PATCh-FIX-UPSTREAM CVE-2019-9928.patch boo#1133375 mgorse@suse.com -- fix a heap overflow in the rtsp connection parser. -Patch1: CVE-2019-9928.patch BuildRequires: Mesa-libGLESv3-devel BuildRequires: cdparanoia-devel