Hello community,
here is the log from the commit of package gstreamer-plugins-bad for
openSUSE:Factory checked in at 2017-02-08 10:52:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gstreamer-plugins-bad (Old)
and /work/SRC/openSUSE:Factory/.gstreamer-plugins-bad.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gstreamer-plugins-bad"
Changes:
--------
---
/work/SRC/openSUSE:Factory/gstreamer-plugins-bad/gstreamer-plugins-bad.changes
2017-02-03 17:41:47.961897115 +0100
+++
/work/SRC/openSUSE:Factory/.gstreamer-plugins-bad.new/gstreamer-plugins-bad.changes
2017-02-08 10:52:06.481783662 +0100
@@ -1,0 +2,14 @@
+Sat Feb 4 20:33:04 UTC 2017 - [email protected]
+
+- Fix CVE-2017-5847 (boo#1023259):
+ + Add gstreamer-plugins-bad-CVE-2017-5848.patch: psdemux: Rewrite
+ PSM parsing using GstByteReader. Avoid possible buffer
+ overflows and ignore invalid PSM packets better by using
+ GstByteReader (bgo#777957).
+
+-------------------------------------------------------------------
+Thu Feb 2 12:07:47 UTC 2017 - [email protected]
+
+- Add gstreamer-plugins-bad Requires in devel subpackage.
+
+-------------------------------------------------------------------
@@ -4 +18 @@
-- Update to version 1.10.3:
+- Update to version 1.10.3 (CVE-2017-5838):
@@ -13 +27 @@
-- Wrap wayland support properly to fix builderrors in non-TW
+- Wrap wayland support properly to fix builderrors in non-TW.
New:
----
gstreamer-plugins-bad-CVE-2017-5848.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gstreamer-plugins-bad.spec ++++++
--- /var/tmp/diff_new_pack.ExRylh/_old 2017-02-08 10:52:08.213542305 +0100
+++ /var/tmp/diff_new_pack.ExRylh/_new 2017-02-08 10:52:08.221541190 +0100
@@ -47,6 +47,8 @@
Source99: baselibs.conf
# PATCH-FIX-UPSTREAM gstreamer-revert-bogus-automake-version.patch bgo#
[email protected] --
Patch1: gstreamer-revert-bogus-automake-version.patch
+# PATCH-FIX-UPSTREAM gstreamer-plugins-bad-CVE-2017-5848.patch CVE-2017-5848
[email protected] -- Fix boo#1023259
+Patch2: gstreamer-plugins-bad-CVE-2017-5848.patch
# Not ported yet
#BuildRequires: SDL-devel
BuildRequires: fdupes
@@ -407,6 +409,7 @@
%package devel
Summary: GStreamer Streaming-Media Framework Plug-Ins
Group: Development/Libraries/C and C++
+Requires: %{name} = %{version}
Requires: gstreamer-devel
Requires: libgstadaptivedemux-1_0-0 = %{version}
Requires: libgstbadbase-1_0-0 = %{version}
@@ -445,6 +448,7 @@
%prep
%setup -q -n %{_name}-%{version}
%patch1 -p1 -R
+%patch2 -p1
%build
NOCONFIGURE=1 ./autogen.sh
++++++ gstreamer-plugins-bad-CVE-2017-5848.patch ++++++
++++ 947 lines (skipped)
