Commit 630d0cc2 authored by Leonardo Arena's avatar Leonardo Arena

main/gst-plugins-bad1: upgrade to 1.8.3 - partially fixes #7216

CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843
Not fixed: CVE-2017-5848
parent a3941a00
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gst-plugins-bad1
pkgver=1.8.1
pkgrel=3
pkgver=1.8.3
pkgrel=0
pkgdesc="GStreamer bad plugins"
url="http://gstreamer.freedesktop.org/"
arch="all"
......@@ -36,17 +36,24 @@ makedepends="
xvidcore-dev
"
source="http://gstreamer.freedesktop.org//src/gst-plugins-bad/gst-plugins-bad-$pkgver.tar.xz"
source="http://gstreamer.freedesktop.org//src/gst-plugins-bad/gst-plugins-bad-$pkgver.tar.xz
CVE-2016-9809.patch
CVE-2016-9812.patch
CVE-2016-9813.patch
CVE-2017-5843.patch
"
ldpath="/usr/lib/gstreamer-1.0"
builddir="$srcdir"/gst-plugins-bad-$pkgver
_builddir="$srcdir"/gst-plugins-bad-$pkgver
prepare() {
cd "$_builddir"
}
# secfixes:
# 1.8.3-r0:
# - CVE-2016-9809
# - CVE-2016-9812
# - CVE-2016-9813
# - CVE-2016-5843
build() {
cd "$_builddir"
cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
......@@ -63,10 +70,22 @@ build() {
}
package() {
cd "$_builddir"
cd "$builddir"
make DESTDIR="$pkgdir" install || return 1
}
md5sums="e508da2a8a5c3d12264fe3415be2f451 gst-plugins-bad-1.8.1.tar.xz"
sha256sums="0bbd58f363734fc0c4a620b2d6fb01d427fdafdbda7b90b4e15d03b751ca40f5 gst-plugins-bad-1.8.1.tar.xz"
sha512sums="76de48ed8a09a0e5fffa37aae96d86f90baff90f8d5a442586df98619e20f046968a8650b4383ac2f989388b460af005c4dd79b1eefcd08b6434aa0643a1bb4e gst-plugins-bad-1.8.1.tar.xz"
md5sums="955281a43e98c5464563fa049e0a0911 gst-plugins-bad-1.8.3.tar.xz
5f4b84f9a2330af2d8000bd3321e23c0 CVE-2016-9809.patch
e7a67a284fa955e033bc16b5abe05545 CVE-2016-9812.patch
b55721930b6dea57eec01667c7cd5b40 CVE-2016-9813.patch
57da34fff25bf69e5c67574ba9f33fdb CVE-2017-5843.patch"
sha256sums="7899fcb18e6a1af2888b19c90213af018a57d741c6e72ec56b133bc73ec8509b gst-plugins-bad-1.8.3.tar.xz
6a4dde1e73941afdae48dd8b8e02819f79d42a4bec5b1d16cfaa1ebc33805bf2 CVE-2016-9809.patch
a386ab126055b2a6084aea26b20275b09494e65fc53849f193b448481f480ba5 CVE-2016-9812.patch
f19bfe16d517130e133a7d88b7c8e78366a69956ed8f25cf906c931c76f839af CVE-2016-9813.patch
2c12d1aa0227149dc46d5ea994e619637d1e316e63a85bd89cad92833c4e7ee5 CVE-2017-5843.patch"
sha512sums="3676903fea7a5b078187c3b295208bc24b567ba4e965035db603cf8106e34ca619668253ff4320b192c4e3d1698572e6591bf7fb7253bd2399e7986711bb85c4 gst-plugins-bad-1.8.3.tar.xz
cc9bb9143207a67e4bd21f687fadb054dee8286f9b173fb05744f09ed7d2e1c4325822451df612b5d0cbe3d7a4673b7907b2d7f7defc758988cf6f8d2e19d866 CVE-2016-9809.patch
0d6b90ad8c2a33d7d73e9357783c76c9b7056c7c51d33bb0b9e7aa4861991050d4f4af8ccd11d07904c0b436c388b352a071ee2cf31e4a0dcde2d47ac0a36dc3 CVE-2016-9812.patch
9f949eac20aea2b87ee179185e09f78362c3419cb827a5e2994f0aa7e8a7f0d0e286e97d76923ffff877ce862db704ec80c6b862e7991ab921431024ce3292ac CVE-2016-9813.patch
d42d0f87925406c714409d0bf5f3a1b68ff90a6097e64004008022d9840e2ec615476e5c1821585c1be15891d39ce2f932664777265c56ccb778b9a968a71deb CVE-2017-5843.patch"
From 1dbfef93d6aca245f1793f9b5348a9dbcd02be97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Wed, 23 Nov 2016 10:51:17 +0200
Subject: h264parse: Ensure codec_data has the required size when reading
number of SPS
https://bugzilla.gnome.org/show_bug.cgi?id=774896
diff --git a/gst/videoparsers/gsth264parse.c b/gst/videoparsers/gsth264parse.c
index be2f462..e4dcbc3 100644
--- a/gst/videoparsers/gsth264parse.c
+++ b/gst/videoparsers/gsth264parse.c
@@ -2583,6 +2583,10 @@ gst_h264_parse_set_caps (GstBaseParse * parse, GstCaps * caps)
off = nalu.offset + nalu.size;
}
+ if (off >= size) {
+ gst_buffer_unmap (codec_data, &map);
+ goto avcc_too_small;
+ }
num_pps = data[off];
off++;
--
cgit v0.10.2
From d58f668ece8795bddb3316832e1848c7b7cf38ac Mon Sep 17 00:00:00 2001
From: Edward Hervey <edward@centricular.com>
Date: Sat, 26 Nov 2016 10:44:43 +0100
Subject: [PATCH] mpegtssection: Add more section size checks
The smallest section ever needs to be at least 3 bytes (i.e. just the short
header).
Non-short headers need to be at least 11 bytes long (3 for the minimum header,
5 for the non-short header, and 4 for the CRC).
https://bugzilla.gnome.org/show_bug.cgi?id=775048
---
gst-libs/gst/mpegts/gstmpegtssection.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/gst-libs/gst/mpegts/gstmpegtssection.c b/gst-libs/gst/mpegts/gstmpegtssection.c
index cb9e3c5..cc5e21b 100644
--- a/gst-libs/gst/mpegts/gstmpegtssection.c
+++ b/gst-libs/gst/mpegts/gstmpegtssection.c
@@ -1179,13 +1179,20 @@ gst_mpegts_section_new (guint16 pid, guint8 * data, gsize data_size)
GstMpegtsSection *res = NULL;
guint8 tmp;
guint8 table_id;
- guint16 section_length;
+ guint16 section_length = 0;
+
+ /* The smallest section ever is 3 bytes */
+ if (G_UNLIKELY (data_size < 3))
+ goto short_packet;
/* Check for length */
section_length = GST_READ_UINT16_BE (data + 1) & 0x0FFF;
if (G_UNLIKELY (data_size < section_length + 3))
goto short_packet;
+ GST_LOG ("data_size:%" G_GSIZE_FORMAT " section_length:%u",
+ data_size, section_length);
+
/* Table id is in first byte */
table_id = *data;
@@ -1200,6 +1207,13 @@ gst_mpegts_section_new (guint16 pid, guint8 * data, gsize data_size)
/* section_length (already parsed) : 12 bit */
res->section_length = section_length + 3;
if (!res->short_section) {
+ /* A long packet needs to be at least 11 bytes long
+ * _ 3 for the bytes above
+ * _ 5 for the bytes below
+ * _ 4 for the CRC */
+ if (G_UNLIKELY (data_size < 11))
+ goto bad_long_packet;
+
/* CRC is after section_length (-4 for the size of the CRC) */
res->crc = GST_READ_UINT32_BE (res->data + res->section_length - 4);
/* Skip to after section_length */
@@ -1229,6 +1243,13 @@ gst_mpegts_section_new (guint16 pid, guint8 * data, gsize data_size)
g_free (data);
return NULL;
}
+bad_long_packet:
+ {
+ GST_WARNING ("PID 0x%04x long section is too short (%" G_GSIZE_FORMAT
+ " bytes, need at least 11)", pid, data_size);
+ gst_mpegts_section_unref (res);
+ return NULL;
+ }
}
/**
From 7b12593cceaa0726d7fc370a7556a8e773ccf318 Mon Sep 17 00:00:00 2001
From: Edward Hervey <edward@centricular.com>
Date: Sat, 26 Nov 2016 10:23:01 +0100
Subject: [PATCH] mpegtssection: Fix PAT parsing
Use the estimated number of programs for parsing. Avoids over-reading.
https://bugzilla.gnome.org/show_bug.cgi?id=775120
---
gst-libs/gst/mpegts/gstmpegtssection.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gst-libs/gst/mpegts/gstmpegtssection.c b/gst-libs/gst/mpegts/gstmpegtssection.c
index dbbaa9e..cb9e3c5 100644
--- a/gst-libs/gst/mpegts/gstmpegtssection.c
+++ b/gst-libs/gst/mpegts/gstmpegtssection.c
@@ -414,7 +414,7 @@ static gpointer
_parse_pat (GstMpegtsSection * section)
{
GPtrArray *pat;
- guint16 i = 0, nb_programs;
+ guint16 i, nb_programs;
GstMpegtsPatProgram *program;
guint8 *data, *end;
@@ -430,7 +430,9 @@ _parse_pat (GstMpegtsSection * section)
g_ptr_array_new_full (nb_programs,
(GDestroyNotify) _mpegts_pat_program_free);
- while (data < end - 4) {
+ GST_LOG ("nb_programs %u", nb_programs);
+
+ for (i = 0; i < nb_programs; i++) {
program = g_slice_new0 (GstMpegtsPatProgram);
program->program_number = GST_READ_UINT16_BE (data);
data += 2;
@@ -439,8 +441,6 @@ _parse_pat (GstMpegtsSection * section)
data += 2;
g_ptr_array_index (pat, i) = program;
-
- i++;
}
pat->len = nb_programs;
From 08723e68df9988a8253ee0785937c3167cf74130 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 20 Jan 2017 07:51:09 +0200
Subject: [PATCH] mxfdemux: Set stream tags to NULL after unreffing
Otherwise we might try to unref them a second time a little bit later.
https://bugzilla.gnome.org/show_bug.cgi?id=777503
---
gst/mxf/mxfdemux.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gst/mxf/mxfdemux.c b/gst/mxf/mxfdemux.c
index a380f6d..54ceec1 100644
--- a/gst/mxf/mxfdemux.c
+++ b/gst/mxf/mxfdemux.c
@@ -835,6 +835,7 @@ gst_mxf_demux_update_essence_tracks (GstMXFDemux * demux)
etrack->mapping_data = NULL;
if (etrack->tags)
gst_tag_list_unref (etrack->tags);
+ etrack->tags = NULL;
goto next;
} else if (!caps) {
GST_WARNING_OBJECT (demux, "Couldn't create updated caps for stream");
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment