subject:"commit gstreamer\-rtsp\-server for openSUSE\:Leap\:15.2"

commit gstreamer-rtsp-server for openSUSE:Leap:15.2

2020-04-17 Thread root

Hello community,

here is the log from the commit of package gstreamer-rtsp-server for 
openSUSE:Leap:15.2 checked in at 2020-04-17 13:37:35

Comparing /work/SRC/openSUSE:Leap:15.2/gstreamer-rtsp-server (Old)
 and  /work/SRC/openSUSE:Leap:15.2/.gstreamer-rtsp-server.new.2738 (New)


Package is "gstreamer-rtsp-server"

Fri Apr 17 13:37:35 2020 rev:38 rq:794223 version:1.16.2

Changes:

--- 
/work/SRC/openSUSE:Leap:15.2/gstreamer-rtsp-server/gstreamer-rtsp-server.changes
2020-02-09 15:03:09.642767992 +0100
+++ 
/work/SRC/openSUSE:Leap:15.2/.gstreamer-rtsp-server.new.2738/gstreamer-rtsp-server.changes
  2020-04-17 13:37:37.252223378 +0200
@@ -1,0 +2,15 @@
+Sun Apr 12 18:40:20 UTC 2020 - Bjørn Lie 
+
+- Fix boo#1168026, CVE-2020-6095 and TALOS-2020-1018:
+  + Add gst-rtsp-Fix-NULL-pointer.patch: rtsp-auth: Fix NULL
+pointer dereference when handling an invalid basic
+Authorization header.
+- Add upstream bug fix patches:
+  + Add gst-rtsp-fix-token-leak.patch: rtsp-auth: Fix default token
+leak.
+  + Add gst-rtsp-replace-G_TYPE_INSTANCE_GET_PRIVATE.patch:
+rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as it's
+been deprecated.
+
+
+---

New:

  gst-rtsp-Fix-NULL-pointer.patch
  gst-rtsp-fix-token-leak.patch
  gst-rtsp-replace-G_TYPE_INSTANCE_GET_PRIVATE.patch



Other differences:
--
++ gstreamer-rtsp-server.spec ++
--- /var/tmp/diff_new_pack.Z4ZyKQ/_old  2020-04-17 13:37:37.696223712 +0200
+++ /var/tmp/diff_new_pack.Z4ZyKQ/_new  2020-04-17 13:37:37.700223716 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package gstreamer-rtsp-server
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,10 +23,17 @@
 Summary:GStreamer-based RTSP server library
 License:LGPL-2.0-or-later
 Group:  Productivity/Multimedia/Other
-URL:http://gstreamer.freedesktop.org/
-Source0:
https://gstreamer.freedesktop.org/src/gst-rtsp-server/%{_name}-%{version}.tar.xz
+URL:https://gstreamer.freedesktop.org
+Source0:%{url}/src/gst-rtsp-server/%{_name}-%{version}.tar.xz
 Source99:   gstreamer-rtsp-server-rpmlintrc
 
+# PATCH-FIX-UPSTREAM gst-rtsp-fix-token-leak.patch
+Patch0: gst-rtsp-fix-token-leak.patch
+# PATCH-FIX-UPSTREAM gst-rtsp-Fix-NULL-pointer.patch
+Patch1: gst-rtsp-Fix-NULL-pointer.patch
+# PATCH-FIX-UPSTREAM
+Patch2: gst-rtsp-replace-G_TYPE_INSTANCE_GET_PRIVATE.patch
+
 BuildRequires:  meson >= 0.47
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(glib-2.0) >= 2.40.0

++ gst-rtsp-Fix-NULL-pointer.patch ++
>From 44ccca3086dd81081d72ca0b21d0ecdde962fb1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= 
Date: Mon, 23 Mar 2020 16:06:43 +0200
Subject: [PATCH] rtsp-auth: Fix NULL pointer dereference when handling an
 invalid basic Authorization header

When using the basic authentication scheme, we wouldn't validate that
the authorization field of the credentials is not NULL and pass it on
to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
dereference the NULL pointer and crash.
A specially crafted (read: invalid) RTSP header can cause this to
happen.

As a solution, check for the authorization to be not NULL before
continuing processing it and if it is simply fail authentication.

This fixes CVE-2020-6095 and TALOS-2020-1018.

Discovered by Peter Wang of Cisco ASIG.
---
 gst/rtsp-server/rtsp-auth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c
index ad0be07..b6286e1 100644
--- a/gst/rtsp-server/rtsp-auth.c
+++ b/gst/rtsp-server/rtsp-auth.c
@@ -871,7 +871,7 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPContext * 
ctx)
 
   GST_DEBUG_OBJECT (auth, "check Basic auth");
   g_mutex_lock (>lock);
-  if ((token =
+  if ((*credential)->authorization && (token =
   g_hash_table_lookup (priv->basic,
   (*credential)->authorization))) {
 GST_DEBUG_OBJECT (auth, "setting token %p", token);
-- 
2.24.1

++ gst-rtsp-fix-token-leak.patch ++
>From 9dfdcb71e84e53e25388a6e0b485a70c45ea0dec Mon Sep 17 00:00:00 2001
From: Nicola Murino 
Date: Thu, 12 Dec 2019 17:56:18 +0100
Subject: [PATCH] rtsp-auth: fix default token leak

---
 gst/rtsp-server/rtsp-auth.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c
index f676b80..f14286f 100644
--- a/gst/rtsp-server/rtsp-auth.c
+++ b/gst/rtsp-server/rtsp-auth.c

commit gstreamer-rtsp-server for openSUSE:Leap:15.2

2020-02-09 Thread root

Hello community,

here is the log from the commit of package gstreamer-rtsp-server for 
openSUSE:Leap:15.2 checked in at 2020-02-09 15:03:07

Comparing /work/SRC/openSUSE:Leap:15.2/gstreamer-rtsp-server (Old)
 and  /work/SRC/openSUSE:Leap:15.2/.gstreamer-rtsp-server.new.26092 (New)


Package is "gstreamer-rtsp-server"

Sun Feb  9 15:03:07 2020 rev:37 rq:772486 version:1.16.2

Changes:

--- 
/work/SRC/openSUSE:Leap:15.2/gstreamer-rtsp-server/gstreamer-rtsp-server.changes
2020-01-15 15:09:15.854033629 +0100
+++ 
/work/SRC/openSUSE:Leap:15.2/.gstreamer-rtsp-server.new.26092/gstreamer-rtsp-server.changes
 2020-02-09 15:03:09.642767992 +0100
@@ -1,0 +2,253 @@
+Wed Dec  4 13:21:03 UTC 2019 - Bjørn Lie 
+
+- Update to version 1.16.2:
+  + rtsp-media: Use lock in gst_rtsp_media_is_receive_only
+  + rtsp-client:
+- RTP Info when completed_sender
+- Fix location uri-format by getting uri directly from context
+  instead
+
+---
+Tue Sep 24 15:01:29 UTC 2019 - Bjørn Lie 
+
+- Update to version 1.16.1:
+  + See main gstreamer package for changelog.
+
+---
+Tue Jun 25 11:47:07 UTC 2019 - Bjørn Lie 
+
+- Update to version 1.16.0:
+  + Highlights:
+- GStreamer WebRTC stack gained support for data channels for
+  peer-to-peer communication based on SCTP, BUNDLE support,
+  as well as support for multiple TURN servers.
+- AV1 video codec support for Matroska and QuickTime/MP4
+  containers and more configuration options and supported
+  input formats for the AOMedia AV1 encoder
+- Support for Closed Captions and other Ancillary Data in video
+   -  Support for planar (non-interleaved) raw audio
+- GstVideoAggregator, compositor and OpenGL mixer elements are
+  now in -base
+- New alternate fields interlace mode where each buffer carries
+  a single field
+- WebM and Matroska ContentEncryption support in the Matroska
+  demuxer
+- new WebKit WPE-based web browser source element
+- Video4Linux: HEVC encoding and decoding, JPEG encoding, and
+  improved dmabuf import/export
+- Hardware-accelerated Nvidia video decoder gained support for
+  VP8/VP9 decoding, whilst the encoder gained support for
+  H.265/HEVC encoding.
+- Many improvements to the Intel Media SDK based
+  hardware-accelerated video decoder and encoder plugin
+  (msdk): dmabuf import/export for zero-copy integration with
+  other components; VP9 decoding; 10-bit HEVC encoding; video
+  post-processing (vpp) support including deinterlacing; and
+  the video decoder now handles dynamic resolution changes.
+- The ASS/SSA subtitle overlay renderer can now handle multiple
+  subtitles that overlap in time and will show them on screen
+  simultaneously
+- The Meson build is now feature-complete (*) and it is now the
+  recommended build system on all platforms. The Autotools
+  build is scheduled to be removed in the next cycle.
+- The GStreamer Rust bindings and Rust plugins module are now
+  officially part of upstream GStreamer.
+- The GStreamer Editing Services gained a gesdemux element
+  that allows directly playing back serialized edit list with
+  playbin or (uri)decodebin
+- Many performance improvements.
+- Updated options passed to meson following upstream changes.
+
+---
+Fri May 31 22:28:53 UTC 2019 - Bjørn Lie 
+
+- Update to version 1.14.5:
+  + rtsp-client: Fix crash in close handler and remove timeout
+GSource on cleanup.
+  + rtsp-media:
+- Handle set state when preparing.
+- Fix race condition in finish_unprepare.
+  + rtsp-stream:
+- Use cached address when allocating sockets.
+- Use seqnum-offset for rtpinfo.
+- Add source elements to the pipeline before activation for
+  stream-status create message.
+
+---
+Wed Oct  3 16:01:19 UTC 2018 - bjorn@gmail.com
+
+- Update to version 1.14.4:
+  + Bugfix release, please see .changes in gstreamer main package.
+
+---
+Wed Sep 26 20:33:14 UTC 2018 - bjorn@gmail.com
+
+- Update to version 1.14.3:
+  + Bugfix release, please see .changes in gstreamer main package.
+
+---
+Tue Jul 24 08:25:37 UTC 2018 - bjorn@gmail.com
+
+- Update to version 1.14.2:
+  + rtsp-media:
+- unref clock (if set) when finalizing.
+- add gst_rtsp_media_*_set_clock to docs.
+  + media-factory:
+- unref old clock when setting new clock.
+- unref clock in finalize.
+  + rtsp-onvif-media:
+

commit gstreamer-rtsp-server for openSUSE:Leap:15.2

commit gstreamer-rtsp-server for openSUSE:Leap:15.2

2 matches

Site Navigation

Mail list logo

Footer information