Accepting request 707914 from multimedia:libs
OBS-URL: https://build.opensuse.org/request/show/707914 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gstreamer-plugins-base?expand=0&rev=60
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
05ff929185
@ -1,46 +0,0 @@
|
|||||||
From 7095b7c47a84d54e3ea8fec57bac4d7855c4c28c Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
||||||
Date: Fri, 26 Apr 2019 09:44:07 +0300
|
|
||||||
Subject: [PATCH] id3tag: Correctly validate the year from v1 tags before
|
|
||||||
passing to GstDateTime
|
|
||||||
|
|
||||||
By using strtoul(), invalid values will get mapped to MAXULONG and we
|
|
||||||
would have to check errno. They won't get mapped to 0.
|
|
||||||
|
|
||||||
To solve this, use the signed g_ascii_strtoll(). This will map errors to
|
|
||||||
0 or G_MAXINT64 or G_MININT64, and the valid range for GstDateTime is >
|
|
||||||
0 and <= 9999 so we can directly check for this here.
|
|
||||||
|
|
||||||
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/issues/384
|
|
||||||
---
|
|
||||||
gst-libs/gst/tag/gstid3tag.c | 6 +++---
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gst-libs/gst/tag/gstid3tag.c b/gst-libs/gst/tag/gstid3tag.c
|
|
||||||
index 1149d5bce..4a528d7ee 100644
|
|
||||||
--- a/gst-libs/gst/tag/gstid3tag.c
|
|
||||||
+++ b/gst-libs/gst/tag/gstid3tag.c
|
|
||||||
@@ -262,7 +262,7 @@ gst_tag_extract_id3v1_string (GstTagList * list, const gchar * tag,
|
|
||||||
GstTagList *
|
|
||||||
gst_tag_list_new_from_id3v1 (const guint8 * data)
|
|
||||||
{
|
|
||||||
- guint year;
|
|
||||||
+ gint64 year;
|
|
||||||
gchar *ystr;
|
|
||||||
GstTagList *list;
|
|
||||||
|
|
||||||
@@ -275,9 +275,9 @@ gst_tag_list_new_from_id3v1 (const guint8 * data)
|
|
||||||
gst_tag_extract_id3v1_string (list, GST_TAG_ARTIST, (gchar *) & data[33], 30);
|
|
||||||
gst_tag_extract_id3v1_string (list, GST_TAG_ALBUM, (gchar *) & data[63], 30);
|
|
||||||
ystr = g_strndup ((gchar *) & data[93], 4);
|
|
||||||
- year = strtoul (ystr, NULL, 10);
|
|
||||||
+ year = g_ascii_strtoll (ystr, NULL, 10);
|
|
||||||
g_free (ystr);
|
|
||||||
- if (year > 0) {
|
|
||||||
+ if (year > 0 && year <= 9999) {
|
|
||||||
GstDateTime *dt = gst_date_time_new_y (year);
|
|
||||||
|
|
||||||
gst_tag_list_add (list, GST_TAG_MERGE_REPLACE, GST_TAG_DATE_TIME, dt, NULL);
|
|
||||||
--
|
|
||||||
2.16.4
|
|
||||||
|
|
||||||
@ -1,29 +0,0 @@
|
|||||||
From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tobias Ronge <tobiasr@axis.com>
|
|
||||||
Date: Thu, 14 Mar 2019 10:12:27 +0100
|
|
||||||
Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow
|
|
||||||
|
|
||||||
The former code allowed an attacker to create a heap overflow by
|
|
||||||
sending a longer than allowed session id in a response and including a
|
|
||||||
semicolon to change the maximum length. With this change, the parser
|
|
||||||
will never go beyond 512 bytes.
|
|
||||||
---
|
|
||||||
gst-libs/gst/rtsp/gstrtspconnection.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c
|
|
||||||
index a6755bedd..c0429064a 100644
|
|
||||||
--- a/gst-libs/gst/rtsp/gstrtspconnection.c
|
|
||||||
+++ b/gst-libs/gst/rtsp/gstrtspconnection.c
|
|
||||||
@@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message,
|
|
||||||
maxlen = sizeof (conn->session_id) - 1;
|
|
||||||
/* the sessionid can have attributes marked with ;
|
|
||||||
* Make sure we strip them */
|
|
||||||
- for (i = 0; session_id[i] != '\0'; i++) {
|
|
||||||
+ for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
|
|
||||||
if (session_id[i] == ';') {
|
|
||||||
maxlen = i;
|
|
||||||
/* parse timeout */
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:ca6139490e48863e7706d870ff4e8ac9f417b56f3b9e4b3ce490c13b09a77461
|
|
||||||
size 3703232
|
|
||||||
3
gst-plugins-base-1.14.5.tar.xz
Normal file
3
gst-plugins-base-1.14.5.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:7bfa9b329ea7f3c654fa1b2d43650bf2646598a5e3cb21f42c516b7e975d638e
|
||||||
|
size 3717076
|
||||||
@ -1,3 +1,34 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 31 21:36:38 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||||
|
|
||||||
|
- Update to version 1.14.5:
|
||||||
|
+ audioconvert: fix endianness conversion for unpacked formats
|
||||||
|
(e.g. S24_32BE).
|
||||||
|
+ audioringbuffer: Fix wrong memcpy address when reordering
|
||||||
|
channels.
|
||||||
|
+ decodebin2: Make sure to remove pad probes when freeing
|
||||||
|
GstDecodeGroup.
|
||||||
|
+ glviewconvert: fix output when a transformation matrix is used.
|
||||||
|
+ glupload:
|
||||||
|
- Prevent segfault when updating caps.
|
||||||
|
- dmabuf: be explicit about gl formats used.
|
||||||
|
+ gl/egl: Determine correct format on dmabuf import.
|
||||||
|
+ id3tag: validate the year from v1 tags before passing to
|
||||||
|
GstDateTime.
|
||||||
|
+ rtpbasepayload: Fix sequence numbers when using buffer lists.
|
||||||
|
+ rtspconnection:
|
||||||
|
- Fix security issue, potential heap overflow (CVE-2019-9928).
|
||||||
|
- Fix GError set over the top of a previous GError.
|
||||||
|
- Do not duplicate authentication headers.
|
||||||
|
+ subparse: don’t assert when failing to parse subrip timestamp.
|
||||||
|
+ video: various convert sample frame fixes.
|
||||||
|
+ video-converter: fix conversion from I420_10LE/BE, I420_12LE/BE,
|
||||||
|
A420_10LE/BE to BGRA/RGBA which created corrupted output.
|
||||||
|
+ video-format: Fix GBRA_10/12 alpha channel pixel strides.
|
||||||
|
- Drop upstream fixed patches:
|
||||||
|
+ CVE-2019-9928.patch
|
||||||
|
+ 0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 16 21:48:14 UTC 2019 - mgorse@suse.com
|
Thu May 16 21:48:14 UTC 2019 - mgorse@suse.com
|
||||||
|
|
||||||
|
|||||||
@ -20,7 +20,7 @@
|
|||||||
%define gst_branch 1.0
|
%define gst_branch 1.0
|
||||||
%define gstreamer_plugins_base_req %(xzgrep --text "^GST[_A-Z]*_REQ" %{SOURCE0} | sort -u | sed 's/GST_REQ=/gstreamer >= /')
|
%define gstreamer_plugins_base_req %(xzgrep --text "^GST[_A-Z]*_REQ" %{SOURCE0} | sort -u | sed 's/GST_REQ=/gstreamer >= /')
|
||||||
Name: gstreamer-plugins-base
|
Name: gstreamer-plugins-base
|
||||||
Version: 1.14.4
|
Version: 1.14.5
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: GStreamer Streaming-Media Framework Plug-Ins
|
Summary: GStreamer Streaming-Media Framework Plug-Ins
|
||||||
License: LGPL-2.1-or-later AND GPL-2.0-or-later
|
License: LGPL-2.1-or-later AND GPL-2.0-or-later
|
||||||
@ -29,9 +29,6 @@ URL: https://gstreamer.freedesktop.org/
|
|||||||
Source0: https://gstreamer.freedesktop.org/src/gst-plugins-base/%{_name}-%{version}.tar.xz
|
Source0: https://gstreamer.freedesktop.org/src/gst-plugins-base/%{_name}-%{version}.tar.xz
|
||||||
Source1: gstreamer-plugins-base.appdata.xml
|
Source1: gstreamer-plugins-base.appdata.xml
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Patch0: 0001-id3tag-Correctly-validate-the-year-from-v1-tags-befo.patch
|
|
||||||
# PATCh-FIX-UPSTREAM CVE-2019-9928.patch boo#1133375 mgorse@suse.com -- fix a heap overflow in the rtsp connection parser.
|
|
||||||
Patch1: CVE-2019-9928.patch
|
|
||||||
|
|
||||||
BuildRequires: Mesa-libGLESv3-devel
|
BuildRequires: Mesa-libGLESv3-devel
|
||||||
BuildRequires: cdparanoia-devel
|
BuildRequires: cdparanoia-devel
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user