Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package live555 for openSUSE:Factory checked in at 2026-06-01 17:58:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/live555 (Old) and /work/SRC/openSUSE:Factory/.live555.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "live555" Mon Jun 1 17:58:50 2026 rev:45 rq:1356216 version:2026.05.28 Changes: -------- --- /work/SRC/openSUSE:Factory/live555/live555.changes 2026-05-28 17:24:36.761940954 +0200 +++ /work/SRC/openSUSE:Factory/.live555.new.1937/live555.changes 2026-06-01 17:58:59.885861705 +0200 @@ -1,0 +2,7 @@ +Thu May 28 20:17:54 UTC 2026 - Dirk Müller <[email protected]> + +- update to 2026.05.28: + * fix use-after-free memory corruption introduced in fix + for CVE-2026-41470 + +------------------------------------------------------------------- Old: ---- live.2026.04.22.tar.gz New: ---- live.2026.05.28.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ live555.spec ++++++ --- /var/tmp/diff_new_pack.17shbg/_old 2026-06-01 17:59:01.057910312 +0200 +++ /var/tmp/diff_new_pack.17shbg/_new 2026-06-01 17:59:01.057910312 +0200 @@ -20,7 +20,7 @@ %define lmdmaj 118 Name: live555 -Version: 2026.04.22 +Version: 2026.05.28 Release: 0 Summary: LIVE555 Streaming Media License: LGPL-2.1-only ++++++ live.2026.04.22.tar.gz -> live.2026.05.28.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/live/BasicUsageEnvironment/include/BasicUsageEnvironment_version.hh new/live/BasicUsageEnvironment/include/BasicUsageEnvironment_version.hh --- old/live/BasicUsageEnvironment/include/BasicUsageEnvironment_version.hh 2026-04-22 22:34:43.000000000 +0200 +++ new/live/BasicUsageEnvironment/include/BasicUsageEnvironment_version.hh 2026-05-28 14:43:06.000000000 +0200 @@ -19,8 +19,8 @@ #ifndef _BASICUSAGEENVIRONMENT_VERSION_HH #define _BASICUSAGEENVIRONMENT_VERSION_HH -#define BASICUSAGEENVIRONMENT_LIBRARY_VERSION_STRING "2026.04.22" -#define BASICUSAGEENVIRONMENT_LIBRARY_VERSION_INT 1776816000 +#define BASICUSAGEENVIRONMENT_LIBRARY_VERSION_STRING "2026.05.28" +#define BASICUSAGEENVIRONMENT_LIBRARY_VERSION_INT 1779926400 extern char const* const BasicUsageEnvironmentLibraryVersionStr; extern int const BasicUsageEnvironmentLibraryVersionInt; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/live/UsageEnvironment/include/UsageEnvironment_version.hh new/live/UsageEnvironment/include/UsageEnvironment_version.hh --- old/live/UsageEnvironment/include/UsageEnvironment_version.hh 2026-04-22 22:34:43.000000000 +0200 +++ new/live/UsageEnvironment/include/UsageEnvironment_version.hh 2026-05-28 14:43:06.000000000 +0200 @@ -19,8 +19,8 @@ #ifndef _USAGEENVIRONMENT_VERSION_HH #define _USAGEENVIRONMENT_VERSION_HH -#define USAGEENVIRONMENT_LIBRARY_VERSION_STRING "2026.04.22" -#define USAGEENVIRONMENT_LIBRARY_VERSION_INT 1776816000 +#define USAGEENVIRONMENT_LIBRARY_VERSION_STRING "2026.05.28" +#define USAGEENVIRONMENT_LIBRARY_VERSION_INT 1779926400 extern char const* const UsageEnvironmentLibraryVersionStr; extern int const UsageEnvironmentLibraryVersionInt; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/live/config.linux-with-shared-libraries new/live/config.linux-with-shared-libraries --- old/live/config.linux-with-shared-libraries 2026-04-22 22:35:05.000000000 +0200 +++ new/live/config.linux-with-shared-libraries 2026-05-28 14:43:18.000000000 +0200 @@ -4,7 +4,7 @@ # One or more interfaces were added, but no existing interfaces were changed or removed => CURRENT += 1; REVISION = 0; AGE += 1 libliveMedia_VERSION_CURRENT=118 -libliveMedia_VERSION_REVISION=0 +libliveMedia_VERSION_REVISION=1 libliveMedia_VERSION_AGE=0 libliveMedia_LIB_SUFFIX=so.$(shell expr $(libliveMedia_VERSION_CURRENT) - $(libliveMedia_VERSION_AGE)).$(libliveMedia_VERSION_AGE).$(libliveMedia_VERSION_REVISION) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/live/groupsock/include/groupsock_version.hh new/live/groupsock/include/groupsock_version.hh --- old/live/groupsock/include/groupsock_version.hh 2026-04-22 22:34:43.000000000 +0200 +++ new/live/groupsock/include/groupsock_version.hh 2026-05-28 14:43:06.000000000 +0200 @@ -19,8 +19,8 @@ #ifndef _GROUPSOCK_VERSION_HH #define _GROUPSOCK_VERSION_HH -#define GROUPSOCK_LIBRARY_VERSION_STRING "2026.04.22" -#define GROUPSOCK_LIBRARY_VERSION_INT 1776816000 +#define GROUPSOCK_LIBRARY_VERSION_STRING "2026.05.28" +#define GROUPSOCK_LIBRARY_VERSION_INT 1779926400 extern char const* const groupsockLibraryVersionStr; extern int const groupsockLibraryVersionInt; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/live/liveMedia/RTSPServer.cpp new/live/liveMedia/RTSPServer.cpp --- old/live/liveMedia/RTSPServer.cpp 2026-04-22 22:34:43.000000000 +0200 +++ new/live/liveMedia/RTSPServer.cpp 2026-05-28 14:43:06.000000000 +0200 @@ -2026,7 +2026,7 @@ ::handleCmd_SET_PARAMETER(RTSPServer::RTSPClientConnection* ourClientConnection, ServerMediaSubsession* /*subsession*/, char const* fullRequestStr) { // If we're authenticating, then any attempt to change state should be checked: - if (!fOurClientConnection->authenticationOK("SET_PARAMETER", "", fullRequestStr)) return; + if (!ourClientConnection->authenticationOK("SET_PARAMETER", "", fullRequestStr)) return; // By default, we implement "SET_PARAMETER" just as a 'keep alive', and send back an empty response. // (If you want to handle "SET_PARAMETER" properly, you can do so by defining a subclass of "RTSPServer" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/live/liveMedia/authenticationOK new/live/liveMedia/authenticationOK --- old/live/liveMedia/authenticationOK 1970-01-01 01:00:00.000000000 +0100 +++ new/live/liveMedia/authenticationOK 2026-05-28 14:43:06.000000000 +0200 @@ -0,0 +1,33 @@ +RTSPServer.cpp: fOurClientConnection->handleCmd_notFound(); +RTSPServer.cpp: fOurClientConnection->handleCmd_bad(); +RTSPServer.cpp: fOurClientConnection->handleCmd_bad(); +RTSPServer.cpp: fOurClientConnection->handleCmd_notFound(); +RTSPServer.cpp: fOurClientConnection->handleCmd_bad(); +RTSPServer.cpp: (streamingMode != RTP_TCP && fOurClientConnection->fClientOutputSocket != fOurClientConnection->fClientInputSocket)) { +RTSPServer.cpp: fStreamStates[trackNum].tcpSocketNum = fOurClientConnection->fClientOutputSocket; +RTSPServer.cpp: getsockname(fOurClientConnection->fClientInputSocket, (struct sockaddr*)&sourceAddr, &namelen); +RTSPServer.cpp: subsession->getStreamParameters(fOurSessionId, fOurClientConnection->fClientAddr, +RTSPServer.cpp: &fOurClientConnection->fTLS, +RTSPServer.cpp: snprintf((char*)fOurClientConnection->fResponseBuffer, sizeof fOurClientConnection->fResponseBuffer, +RTSPServer.cpp: fOurClientConnection->fCurrentCSeq, +RTSPServer.cpp: fOurClientConnection->handleCmd_unsupportedTransport(); +RTSPServer.cpp: snprintf((char*)fOurClientConnection->fResponseBuffer, sizeof fOurClientConnection->fResponseBuffer, +RTSPServer.cpp: fOurClientConnection->fCurrentCSeq, +RTSPServer.cpp: snprintf((char*)fOurClientConnection->fResponseBuffer, sizeof fOurClientConnection->fResponseBuffer, +RTSPServer.cpp: fOurClientConnection->fCurrentCSeq, +RTSPServer.cpp: fOurClientConnection->handleCmd_unsupportedTransport(); +RTSPServer.cpp: snprintf((char*)fOurClientConnection->fResponseBuffer, sizeof fOurClientConnection->fResponseBuffer, +RTSPServer.cpp: fOurClientConnection->fCurrentCSeq, +RTSPServer.cpp: snprintf((char*)fOurClientConnection->fResponseBuffer, sizeof fOurClientConnection->fResponseBuffer, +RTSPServer.cpp: fOurClientConnection->fCurrentCSeq, +RTSPServer.cpp: ourClientConnection->handleCmd_notSupported(); +RTSPServer.cpp: ourClientConnection->handleCmd_notFound(); +RTSPServer.cpp: ourClientConnection->handleCmd_notFound(); +RTSPServer.cpp: ourClientConnection->handleCmd_notFound(); +RTSPServer.cpp: if (!ourClientConnection->authenticationOK("TEARDOWN", "", fullRequestStr)) return; +RTSPServer.cpp: = fOurRTSPServer.rtspURL(fOurServerMediaSession, ourClientConnection->fClientInputSocket); +RTSPServer.cpp: if (!ourClientConnection->authenticationOK("PLAY", rtspURL, fullRequestStr)) return; +RTSPServer.cpp: snprintf((char*)ourClientConnection->fResponseBuffer, sizeof ourClientConnection->fResponseBuffer, +RTSPServer.cpp: ourClientConnection->fCurrentCSeq, +RTSPServer.cpp: if (!ourClientConnection->authenticationOK("PAUSE", "", fullRequestStr)) return; +RTSPServer.cpp: if (!fOurClientConnection->authenticationOK("SET_PARAMETER", "", fullRequestStr)) return; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/live/liveMedia/include/liveMedia_version.hh new/live/liveMedia/include/liveMedia_version.hh --- old/live/liveMedia/include/liveMedia_version.hh 2026-04-22 22:34:43.000000000 +0200 +++ new/live/liveMedia/include/liveMedia_version.hh 2026-05-28 14:43:06.000000000 +0200 @@ -19,8 +19,8 @@ #ifndef _LIVEMEDIA_VERSION_HH #define _LIVEMEDIA_VERSION_HH -#define LIVEMEDIA_LIBRARY_VERSION_STRING "2026.04.22" -#define LIVEMEDIA_LIBRARY_VERSION_INT 1776816000 +#define LIVEMEDIA_LIBRARY_VERSION_STRING "2026.05.28" +#define LIVEMEDIA_LIBRARY_VERSION_INT 1779926400 extern char const* const liveMediaLibraryVersionStr; extern int const liveMediaLibraryVersionInt;
