import UBI gstreamer1-plugins-base-1.24.11-2.el10_1
This commit is contained in:
AlmaLinux RelEng Bot
parent
3e805fe4fa
commit
e214440725
@ -0,0 +1,44 @@
|
||||
From 9ed23ad51f1da683dcd5a0646b0b9e76e12f41de Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||||
Date: Wed, 11 Feb 2026 19:44:34 +0200
|
||||
Subject: [PATCH] riff: Correctly check that enough RGB palette data is
|
||||
available
|
||||
|
||||
This can otherwise overflow and result in out-of-bounds reads/writes.
|
||||
|
||||
Fixes GST-SA-2026-0004, ZDI-CAN-28854, CVE-2026-2921.
|
||||
|
||||
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4901
|
||||
|
||||
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/10882>
|
||||
---
|
||||
subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c b/subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c
|
||||
index 74f99d6ad1..df4c4f09b0 100644
|
||||
--- a/subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c
|
||||
+++ b/subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c
|
||||
@@ -994,7 +994,7 @@ gst_riff_create_video_caps (guint32 codec_fcc,
|
||||
if (palette) {
|
||||
GstBuffer *copy;
|
||||
guint num_colors;
|
||||
- gsize size;
|
||||
+ gsize expected_size, size;
|
||||
|
||||
if (strf != NULL)
|
||||
num_colors = strf->num_colors;
|
||||
@@ -1003,7 +1003,9 @@ gst_riff_create_video_caps (guint32 codec_fcc,
|
||||
|
||||
size = gst_buffer_get_size (palette);
|
||||
|
||||
- if (size >= (num_colors * 4)) {
|
||||
+ if (!g_size_checked_mul (&expected_size, num_colors, 4)) {
|
||||
+ GST_WARNING ("Palette too large: broken file");
|
||||
+ } else if (size >= expected_size) {
|
||||
guint8 *pdata;
|
||||
|
||||
/* palette is always at least 256*4 bytes */
|
||||
--
|
||||
2.53.0
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
Name: gstreamer1-plugins-base
|
||||
Version: 1.24.11
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: GStreamer streaming media framework base plugins
|
||||
|
||||
License: LGPL-2.1-or-later
|
||||
@ -21,7 +21,8 @@ Source0: gst-plugins-base-%{version}.tar.xz
|
||||
%else
|
||||
Source0: http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-%{version}.tar.xz
|
||||
%endif
|
||||
Patch0: 0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
|
||||
Patch000: 0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
|
||||
Patch001: 0001-riff-Correctly-check-that-enough-RGB-palette-data-is.patch
|
||||
|
||||
BuildRequires: meson >= 0.48.0
|
||||
BuildRequires: gcc
|
||||
@ -123,6 +124,7 @@ for the GStreamer Base Plugins library.
|
||||
%prep
|
||||
%setup -q -n gst-plugins-base-%{version}
|
||||
%patch -P 0 -p1
|
||||
%patch -P 1 -p3
|
||||
|
||||
%build
|
||||
%meson \
|
||||
@ -504,6 +506,10 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Mar 30 2025 Wim Taymans <wtaymans@redhat.com> - 1.24.11-2
|
||||
- Apply patch for CVE-2026-2921
|
||||
Resolves: RHEL-156120
|
||||
|
||||
* Tue Jan 14 2025 Wim Taymans <wtaymans@redhat.com> - 1.24.11-1
|
||||
- Update to 1.24.11
|
||||
Resolves: RHEL-73675
|
||||
|
||||
Loading…
Reference in New Issue
Block a user