Hello community, here is the log from the commit of package srt for openSUSE:Factory checked in at 2019-09-04 09:03:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/srt (Old) and /work/SRC/openSUSE:Factory/.srt.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "srt" Wed Sep 4 09:03:19 2019 rev:8 rq:727274 version:1.3.4 Changes: -------- --- /work/SRC/openSUSE:Factory/srt/srt.changes 2019-08-24 18:39:04.861799592 +0200 +++ /work/SRC/openSUSE:Factory/.srt.new.7948/srt.changes 2019-09-04 09:03:21.751038063 +0200 @@ -1,0 +2,13 @@ +Fri Aug 30 12:47:57 UTC 2019 - Alexandros Toptsoglou <[email protected]> + +- Backported commit 47e5890 and 64875fa to fix CVE-2019-15784 + (boo#1148844) and avoid a potential array overflow. + * Added CVE-2019-15784.patch + +------------------------------------------------------------------- +Thu Aug 29 16:02:56 UTC 2019 - Alexandros Toptsoglou <[email protected]> + +- Update to version 1.3.4: + + Various bugfixes and feature enhancments. + +------------------------------------------------------------------- Old: ---- srt-1.3.3.tar.gz New: ---- CVE-2019-15784.patch srt-1.3.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ srt.spec ++++++ --- /var/tmp/diff_new_pack.frSq3P/_old 2019-09-04 09:03:22.731037927 +0200 +++ /var/tmp/diff_new_pack.frSq3P/_new 2019-09-04 09:03:22.735037926 +0200 @@ -19,7 +19,7 @@ %define sover 1 Name: srt -Version: 1.3.3 +Version: 1.3.4 Release: 0 Summary: Secure Reliable Transport (SRT) License: MPL-2.0 @@ -27,6 +27,7 @@ URL: https://www.srtalliance.org Source0: https://github.com/Haivision/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source99: baselibs.conf +Patch0: CVE-2019-15784.patch BuildRequires: cmake BuildRequires: fdupes ++++++ CVE-2019-15784.patch ++++++ Index: srt-1.3.4/srtcore/queue.cpp =================================================================== --- srt-1.3.4.orig/srtcore/queue.cpp +++ srt-1.3.4/srtcore/queue.cpp @@ -256,7 +256,7 @@ void CUnitQueue::makeUnitGood(CUnit * un CSndUList::CSndUList(): m_pHeap(NULL), - m_iArrayLength(4096), + m_iArrayLength(512), m_iLastEntry(-1), m_ListLock(), m_pWindowLock(NULL), @@ -273,32 +273,6 @@ CSndUList::~CSndUList() pthread_mutex_destroy(&m_ListLock); } -void CSndUList::insert(int64_t ts, const CUDT* u) -{ - CGuard listguard(m_ListLock); - - // increase the heap array size if necessary - if (m_iLastEntry == m_iArrayLength - 1) - { - CSNode** temp = NULL; - - try - { - temp = new CSNode*[m_iArrayLength * 2]; - } - catch(...) - { - return; - } - - memcpy(temp, m_pHeap, sizeof(CSNode*) * m_iArrayLength); - m_iArrayLength *= 2; - delete [] m_pHeap; - m_pHeap = temp; - } - - insert_(ts, u); -} void CSndUList::update(const CUDT* u, EReschedule reschedule) { @@ -319,6 +293,8 @@ void CSndUList::update(const CUDT* u, ER } remove_(u); + insert_norealloc_(1, u); + return; } insert_(1, u); @@ -366,7 +342,7 @@ int CSndUList::pop(sockaddr*& addr, CPac // insert a new entry, ts is the next processing time if (ts > 0) - insert_(ts, u); + insert_norealloc_(ts, u); return 1; } @@ -388,14 +364,47 @@ uint64_t CSndUList::getNextProcTime() return m_pHeap[0]->m_llTimeStamp_tk; } + +void CSndUList::realloc_() +{ + CSNode** temp = NULL; + + try + { + temp = new CSNode *[2 * m_iArrayLength]; + } + catch (...) + { + throw CUDTException(MJ_SYSTEMRES, MN_MEMORY, 0); + } + + memcpy(temp, m_pHeap, sizeof(CSNode*) * m_iArrayLength); + m_iArrayLength *= 2; + delete[] m_pHeap; + m_pHeap = temp; +} + + void CSndUList::insert_(int64_t ts, const CUDT* u) { + // increase the heap array size if necessary + if (m_iLastEntry == m_iArrayLength - 1) + realloc_(); + + insert_norealloc_(ts, u); +} + + +void CSndUList::insert_norealloc_(int64_t ts, const CUDT* u) +{ CSNode* n = u->m_pSNode; // do not insert repeated node if (n->m_iHeapLoc >= 0) return; + SRT_ASSERT(m_iLastEntry < m_iArrayLength); + m_iLastEntry ++; m_pHeap[m_iLastEntry] = n; n->m_llTimeStamp_tk = ts; @@ -405,16 +414,12 @@ void CSndUList::insert_(int64_t ts, cons while (p != 0) { p = (q - 1) >> 1; - if (m_pHeap[p]->m_llTimeStamp_tk > m_pHeap[q]->m_llTimeStamp_tk) - { - CSNode* t = m_pHeap[p]; - m_pHeap[p] = m_pHeap[q]; - m_pHeap[q] = t; - t->m_iHeapLoc = q; - q = p; - } - else - break; + if (m_pHeap[p]->m_llTimeStamp_tk <= m_pHeap[q]->m_llTimeStamp_tk) + break; + + swap(m_pHeap[p], m_pHeap[q]); + m_pHeap[q]->m_iHeapLoc = q; + q = p; } n->m_iHeapLoc = q; @@ -452,10 +457,8 @@ void CSndUList::remove_(const CUDT* u) if (m_pHeap[q]->m_llTimeStamp_tk > m_pHeap[p]->m_llTimeStamp_tk) { - CSNode* t = m_pHeap[p]; - m_pHeap[p] = m_pHeap[q]; - m_pHeap[p]->m_iHeapLoc = p; - m_pHeap[q] = t; + swap(m_pHeap[p], m_pHeap[q]); + m_pHeap[p]->m_iHeapLoc = p; m_pHeap[q]->m_iHeapLoc = q; q = p; Index: srt-1.3.4/srtcore/queue.h =================================================================== --- srt-1.3.4.orig/srtcore/queue.h +++ srt-1.3.4/srtcore/queue.h @@ -166,12 +166,6 @@ public: static EReschedule rescheduleIf(bool cond) { return cond ? DO_RESCHEDULE : DONT_RESCHEDULE; } - /// Insert a new UDT instance into the list. - /// @param [in] ts time stamp: next processing time - /// @param [in] u pointer to the UDT instance - - void insert(int64_t ts, const CUDT* u); - /// Update the timestamp of the UDT instance on the list. /// @param [in] u pointer to the UDT instance /// @param [in] resechedule if the timestampe shoudl be rescheduled @@ -196,7 +190,26 @@ public: uint64_t getNextProcTime(); private: + + /// Doubles the size of the list. + /// + void realloc_(); + + /// Insert a new UDT instance into the list with realloc if required. + /// + /// @param [in] ts time stamp: next processing time + /// @param [in] u pointer to the UDT instance void insert_(int64_t ts, const CUDT* u); + + /// Insert a new UDT instance into the list without realloc. + /// Should be called if there is a gauranteed space for the element. + /// + /// @param [in] ts time stamp: next processing time + /// @param [in] u pointer to the UDT instance + + void insert_norealloc_(int64_t ts, const CUDT* u); + + void remove_(const CUDT* u); private: ++++++ srt-1.3.3.tar.gz -> srt-1.3.4.tar.gz ++++++ ++++ 4445 lines of diff (skipped)
