diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/gstreamer.scm | 11 | ||||
-rw-r--r-- | gnu/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch | 119 |
3 files changed, 5 insertions, 126 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 13aae666e0..59ac1f11fb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1217,7 +1217,6 @@ dist_patch_DATA = \ %D%/packages/patches/grub-setup-root.patch \ %D%/packages/patches/gspell-dash-test.patch \ %D%/packages/patches/gst-libav-64channels-stack-corruption.patch \ - %D%/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ %D%/packages/patches/guile-2.2-skip-oom-test.patch \ %D%/packages/patches/guile-2.2-skip-so-test.patch \ diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm index 3b6fe05f78..efa5b2c5c9 100644 --- a/gnu/packages/gstreamer.scm +++ b/gnu/packages/gstreamer.scm @@ -890,19 +890,19 @@ par compared to the rest.") (define-public gst-plugins-ugly (package (name "gst-plugins-ugly") - (version "1.18.4") + (version "1.19.2") (source (origin (method url-fetch) (uri (string-append "https://gstreamer.freedesktop.org/src/" name "/" name "-" version ".tar.xz")) - (patches (search-patches "gst-plugins-ugly-fix-out-of-bound-reads.patch")) (sha256 - (base32 "0g6i4db1883q3j0l2gdv46fcqwiiaw63n6mhvsfcms1i1p7g1391")))) + (base32 "1pwz68qg40018ai655fdrjn5clmn0gp2b7dik0jzwx0fzbwzr87j")))) (build-system meson-build-system) (arguments - `(#:glib-or-gtk? #t ; To wrap binaries and/or compile schemas + `(#:meson ,meson-0.55 + #:glib-or-gtk? #t ; To wrap binaries and/or compile schemas #:phases (modify-phases %standard-phases ,@%common-gstreamer-phases @@ -916,8 +916,7 @@ par compared to the rest.") ;; Tests look for $XDG_RUNTIME_DIR. (setenv "XDG_RUNTIME_DIR" (getcwd)) ;; For missing '/etc/machine-id'. - (setenv "DBUS_FATAL_WARNINGS" "0") - #t))))) + (setenv "DBUS_FATAL_WARNINGS" "0")))))) (native-inputs `(("gettext" ,gettext-minimal) ("glib:bin" ,glib "bin") diff --git a/gnu/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch b/gnu/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch deleted file mode 100644 index 3c6a96f45d..0000000000 --- a/gnu/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch +++ /dev/null @@ -1,119 +0,0 @@ -Fix out of bounds reads when parsing audio and video packets: - -https://security-tracker.debian.org/tracker/TEMP-0000000-4DAA44 -https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37 - -Patch copied from upstream source repository: - -https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f -From 3aba7d1e625554b2407bc77b3d09b4928b937d5f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> -Date: Wed, 3 Mar 2021 11:05:14 +0200 -Subject: [PATCH] rmdemux: Make sure we have enough data available when parsing - audio/video packets - -Otherwise there will be out-of-bounds reads and potential crashes. - -Thanks to Natalie Silvanovich for reporting. - -Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37 - -Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/merge_requests/74> ---- - gst/realmedia/rmdemux.c | 35 +++++++++++++++++++++++++++++++++++ - 1 file changed, 35 insertions(+) - -diff --git a/gst/realmedia/rmdemux.c b/gst/realmedia/rmdemux.c -index 6cc659a1..68b0736b 100644 ---- a/gst/realmedia/rmdemux.c -+++ b/gst/realmedia/rmdemux.c -@@ -2223,6 +2223,9 @@ gst_rmdemux_parse_video_packet (GstRMDemux * rmdemux, GstRMDemuxStream * stream, - - gst_buffer_map (in, &map, GST_MAP_READ); - -+ if (map.size < offset) -+ goto not_enough_data; -+ - data = map.data + offset; - size = map.size - offset; - -@@ -2289,6 +2292,9 @@ gst_rmdemux_parse_video_packet (GstRMDemux * rmdemux, GstRMDemuxStream * stream, - } - GST_DEBUG_OBJECT (rmdemux, "fragment size %d", fragment_size); - -+ if (map.size < (data - map.data) + fragment_size) -+ goto not_enough_data; -+ - /* get the fragment */ - fragment = - gst_buffer_copy_region (in, GST_BUFFER_COPY_ALL, data - map.data, -@@ -2437,6 +2443,9 @@ gst_rmdemux_parse_audio_packet (GstRMDemux * rmdemux, GstRMDemuxStream * stream, - GstFlowReturn ret; - GstBuffer *buffer; - -+ if (gst_buffer_get_size (in) < offset) -+ goto not_enough_data; -+ - buffer = gst_buffer_copy_region (in, GST_BUFFER_COPY_MEMORY, offset, -1); - - if (rmdemux->first_ts != -1 && timestamp > rmdemux->first_ts) -@@ -2467,9 +2476,19 @@ gst_rmdemux_parse_audio_packet (GstRMDemux * rmdemux, GstRMDemuxStream * stream, - ret = gst_pad_push (stream->pad, buffer); - } - -+done: - gst_buffer_unref (in); - - return ret; -+ -+ /* ERRORS */ -+not_enough_data: -+ { -+ GST_ELEMENT_WARNING (rmdemux, STREAM, DECODE, ("Skipping bad packet."), -+ (NULL)); -+ ret = GST_FLOW_OK; -+ goto done; -+ } - } - - static GstFlowReturn -@@ -2490,6 +2509,9 @@ gst_rmdemux_parse_packet (GstRMDemux * rmdemux, GstBuffer * in, guint16 version) - data = map.data; - size = map.size; - -+ if (size < 4 + 6 + 1 + 2) -+ goto not_enough_data; -+ - /* stream number */ - id = RMDEMUX_GUINT16_GET (data); - -@@ -2525,6 +2547,9 @@ gst_rmdemux_parse_packet (GstRMDemux * rmdemux, GstBuffer * in, guint16 version) - - /* version 1 has an extra byte */ - if (version == 1) { -+ if (size < 1) -+ goto not_enough_data; -+ - data += 1; - size -= 1; - } -@@ -2596,6 +2621,16 @@ unknown_stream: - gst_buffer_unref (in); - return GST_FLOW_OK; - } -+ -+ /* ERRORS */ -+not_enough_data: -+ { -+ GST_ELEMENT_WARNING (rmdemux, STREAM, DECODE, ("Skipping bad packet."), -+ (NULL)); -+ gst_buffer_unmap (in, &map); -+ gst_buffer_unref (in); -+ return GST_FLOW_OK; -+ } - } - - gboolean --- -2.31.1 - |