Import from AlmaLinux stable repository
This commit is contained in:
parent
ffb60ca296
commit
5b04e00c79
@ -1 +0,0 @@
|
|||||||
e906442fd99376ce2384a634637ede9fd8515fc3 SOURCES/gst-plugins-base-1.16.1.tar.xz
|
|
||||||
@ -0,0 +1,36 @@
|
|||||||
|
From 5e8fa4cb835a938aba72f2b7ccd3e784e5886df8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||||||
|
Date: Tue, 13 Jun 2023 12:53:13 +0300
|
||||||
|
Subject: [PATCH 1/2] subparse: Look for the closing `>` of a tag after the
|
||||||
|
opening `<`
|
||||||
|
|
||||||
|
Previously when fixing up subrip markip, we were looking from the start
|
||||||
|
of the remaining buffer instead. Due to how skipping over closing tags
|
||||||
|
works, the remaining buffer will still contain the closing `>` of the
|
||||||
|
previous tag so if a unexpected closing tag is found after another
|
||||||
|
closing tag, we would potentially do an out of bounds memmove().
|
||||||
|
|
||||||
|
Fixes ZDI-CAN-20968
|
||||||
|
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2662
|
||||||
|
|
||||||
|
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895>
|
||||||
|
---
|
||||||
|
gst/subparse/gstsubparse.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
|
||||||
|
index 425415874..e8d3ecaef 100644
|
||||||
|
--- a/gst/subparse/gstsubparse.c
|
||||||
|
+++ b/gst/subparse/gstsubparse.c
|
||||||
|
@@ -814,7 +814,7 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (*next_tag == '<' && *(next_tag + 1) == '/') {
|
||||||
|
- end_tag = strchr (cur, '>');
|
||||||
|
+ end_tag = strchr (next_tag, '>');
|
||||||
|
if (end_tag) {
|
||||||
|
const gchar *last = NULL;
|
||||||
|
if (num_open_tags > 0)
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
||||||
@ -0,0 +1,33 @@
|
|||||||
|
From 889e0b00c2b3b4ecb8ab8116d6192ee7f3b37909 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||||||
|
Date: Tue, 13 Jun 2023 12:58:26 +0300
|
||||||
|
Subject: [PATCH 2/2] subparse: Skip after the end of a valid closing tag
|
||||||
|
instead of only skipping `<`
|
||||||
|
|
||||||
|
This is a small optimization and avoids restarting the next parsing
|
||||||
|
iteration on already accepted data.
|
||||||
|
|
||||||
|
On its own it would also fix ZDI-CAN-20968 (see previous commit) but the
|
||||||
|
previous commit independently is also a valid fix for it.
|
||||||
|
|
||||||
|
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895>
|
||||||
|
---
|
||||||
|
gst/subparse/gstsubparse.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
|
||||||
|
index e8d3ecaef..9336419e1 100644
|
||||||
|
--- a/gst/subparse/gstsubparse.c
|
||||||
|
+++ b/gst/subparse/gstsubparse.c
|
||||||
|
@@ -827,6 +827,8 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
|
||||||
|
} else {
|
||||||
|
--num_open_tags;
|
||||||
|
g_ptr_array_remove_index (open_tags, num_open_tags);
|
||||||
|
+ cur = end_tag + 1;
|
||||||
|
+ continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
||||||
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Name: gstreamer1-plugins-base
|
Name: gstreamer1-plugins-base
|
||||||
Version: 1.16.1
|
Version: 1.16.1
|
||||||
Release: 2%{?gitcommit:.git%{shortcommit}}%{?dist}
|
Release: 3%{?gitcommit:.git%{shortcommit}}%{?dist}
|
||||||
Summary: GStreamer streaming media framework base plugins
|
Summary: GStreamer streaming media framework base plugins
|
||||||
|
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
@ -20,6 +20,8 @@ Source0: http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugin
|
|||||||
%endif
|
%endif
|
||||||
Patch0: 0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
|
Patch0: 0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
|
||||||
Patch1: 0002-video-disable-ORC_RESTRICT.patch
|
Patch1: 0002-video-disable-ORC_RESTRICT.patch
|
||||||
|
Patch2: 0001-subparse-Look-for-the-closing-of-a-tag-after-the-ope.patch
|
||||||
|
Patch3: 0002-subparse-Skip-after-the-end-of-a-valid-closing-tag-i.patch
|
||||||
|
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: gstreamer1-devel >= %{version}
|
BuildRequires: gstreamer1-devel >= %{version}
|
||||||
@ -116,6 +118,8 @@ for the GStreamer Base Plugins library.
|
|||||||
%setup -q -n gst-plugins-base-%{version}
|
%setup -q -n gst-plugins-base-%{version}
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# die rpath (method of modifying libtool fails here)
|
# die rpath (method of modifying libtool fails here)
|
||||||
@ -483,6 +487,10 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 17 2024 Wim Taymans <wtaymans@redhat.com> - 1.16.1-3
|
||||||
|
- CVE-2023-37328 gstreamer1-plugins-base: heap overwrite in subtitle parsing
|
||||||
|
- Resolves: RHEL-19472
|
||||||
|
|
||||||
* Wed Dec 9 2020 Wim Taymans <wtaymans@redhat.com> - 1.16.1-2
|
* Wed Dec 9 2020 Wim Taymans <wtaymans@redhat.com> - 1.16.1-2
|
||||||
- Fix man file names for Flatpak builds
|
- Fix man file names for Flatpak builds
|
||||||
- Resolves: rhbz#1895935
|
- Resolves: rhbz#1895935
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user