Hello community,
here is the log from the commit of package gstreamer-plugins-ugly for
openSUSE:Factory checked in at 2017-02-08 10:52:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gstreamer-plugins-ugly (Old)
and /work/SRC/openSUSE:Factory/.gstreamer-plugins-ugly.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gstreamer-plugins-ugly"
Changes:
--------
---
/work/SRC/openSUSE:Factory/gstreamer-plugins-ugly/gstreamer-plugins-ugly.changes
2017-02-03 17:41:58.268438310 +0100
+++
/work/SRC/openSUSE:Factory/.gstreamer-plugins-ugly.new/gstreamer-plugins-ugly.changes
2017-02-08 10:52:32.414169419 +0100
@@ -1,0 +2,10 @@
+Sat Feb 4 20:21:14 UTC 2017 - [email protected]
+
+- Fix CVE-2017-5847 (boo#1023259):
+ + Add gstreamer-plugins-ugly-CVE-2017-5847.patch: asfdemux: Check
+ that we have enough data available before parsing
+ bool/uint extended content descriptors (bgo#777955).
+ + Only apply when using BUILD_ORIG, as we already remove this
+ part of the code (we build the patched tarball).
+
+-------------------------------------------------------------------
@@ -4 +14 @@
-- Update to version 1.10.3:
+- Update to version 1.10.3 (CVE-2017-5838, boo#1023259):
New:
----
gstreamer-plugins-ugly-CVE-2017-5847.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gstreamer-plugins-ugly.spec ++++++
--- /var/tmp/diff_new_pack.ljqsMU/_old 2017-02-08 10:52:33.202059609 +0100
+++ /var/tmp/diff_new_pack.ljqsMU/_new 2017-02-08 10:52:33.206059051 +0100
@@ -41,6 +41,8 @@
Source99: baselibs.conf
# PATCH-FIX-UPSTREAM gstreamer-revert-bogus-automake-version.patch bgo#
[email protected] -- Upstream needed feature in automake 1.12, so for good
measure they bumped to 1.14 - revert that commit as we have at least 1.13.4...
Patch1: gstreamer-revert-bogus-automake-version.patch
+# PATCH-FIX-UPSTREAM gstreamer-plugins-ugly-CVE-2017-5847.patch boo#1023259
[email protected] -- CVE fix from upstream.
+Patch2: gstreamer-plugins-ugly-CVE-2017-5847.patch
BuildRequires: automake
BuildRequires: gcc-c++
BuildRequires: glib2-devel >= 2.40.0
@@ -140,6 +142,7 @@
%setup -q -n %{_name}-%{version}
%if 0%{?BUILD_ORIG}
%patch0
+%patch2 -p1
%else
# Touching configure.ac with this patch breaks BUILD_ORIG building.
%patch1 -p1 -R
++++++ gstreamer-plugins-ugly-CVE-2017-5847.patch ++++++
>From fe74dabd2c8dc2be54156729986ea38582e8c7ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <[email protected]>
Date: Tue, 31 Jan 2017 13:50:21 +0200
Subject: asfdemux: Check that we have enough data available before parsing
bool/uint extended content descriptors
https://bugzilla.gnome.org/show_bug.cgi?id=777955
diff --git a/gst/asfdemux/gstasfdemux.c b/gst/asfdemux/gstasfdemux.c
index 255a427..b8d48ad 100644
--- a/gst/asfdemux/gstasfdemux.c
+++ b/gst/asfdemux/gstasfdemux.c
@@ -3439,7 +3439,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux *
demux, guint8 * data,
break;
}
case ASF_DEMUX_DATA_TYPE_DWORD:{
- guint uint_val = GST_READ_UINT32_LE (value);
+ guint uint_val;
+
+ if (value_len < 4)
+ break;
+
+ uint_val = GST_READ_UINT32_LE (value);
/* this is the track number */
g_value_init (&tag_value, G_TYPE_UINT);
@@ -3453,7 +3458,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux *
demux, guint8 * data,
}
/* Detect 3D */
case ASF_DEMUX_DATA_TYPE_BOOL:{
- gboolean bool_val = GST_READ_UINT32_LE (value);
+ gboolean bool_val;
+
+ if (value_len < 4)
+ break;
+
+ bool_val = GST_READ_UINT32_LE (value);
if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) {
if (bool_val) {
--
cgit v0.10.2
