Compare commits
2 Commits
59a8e73f02
...
9c13aaac7a
Author | SHA1 | Date |
---|---|---|
Wim Taymans | 9c13aaac7a | |
Wim Taymans | 5fe49a7162 |
|
@ -73,3 +73,4 @@
|
|||
/gst-plugins-base-1.18.1.tar.xz
|
||||
/gst-plugins-base-1.18.2.tar.xz
|
||||
/gst-plugins-base-1.18.4.tar.xz
|
||||
/gst-plugins-base-1.22.1.tar.xz
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
489d54fcc3c8ee63cd03614e2f0e1ebfd5815539 gst-plugins-base-1.22.1.tar.xz
|
|
@ -0,0 +1,36 @@
|
|||
From f7f24aed62178dc1deb581a512029dcb20727137 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||||
Date: Tue, 13 Jun 2023 12:53:13 +0300
|
||||
Subject: [PATCH 1/2] subparse: Look for the closing `>` of a tag after the
|
||||
opening `<`
|
||||
|
||||
Previously when fixing up subrip markip, we were looking from the start
|
||||
of the remaining buffer instead. Due to how skipping over closing tags
|
||||
works, the remaining buffer will still contain the closing `>` of the
|
||||
previous tag so if a unexpected closing tag is found after another
|
||||
closing tag, we would potentially do an out of bounds memmove().
|
||||
|
||||
Fixes ZDI-CAN-20968
|
||||
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2662
|
||||
|
||||
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895>
|
||||
---
|
||||
subprojects/gst-plugins-base/gst/subparse/gstsubparse.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
|
||||
index 7aa922cdd8..d0960a971a 100644
|
||||
--- a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
|
||||
+++ b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
|
||||
@@ -779,7 +779,7 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
|
||||
}
|
||||
|
||||
if (*next_tag == '<' && *(next_tag + 1) == '/') {
|
||||
- end_tag = strchr (cur, '>');
|
||||
+ end_tag = strchr (next_tag, '>');
|
||||
if (end_tag) {
|
||||
const gchar *last = NULL;
|
||||
if (num_open_tags > 0)
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
From 997e8b0a485a22a9e44d503d7a1c6aa1970061e0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||||
Date: Tue, 13 Jun 2023 12:58:26 +0300
|
||||
Subject: [PATCH 2/2] subparse: Skip after the end of a valid closing tag
|
||||
instead of only skipping `<`
|
||||
|
||||
This is a small optimization and avoids restarting the next parsing
|
||||
iteration on already accepted data.
|
||||
|
||||
On its own it would also fix ZDI-CAN-20968 (see previous commit) but the
|
||||
previous commit independently is also a valid fix for it.
|
||||
|
||||
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895>
|
||||
---
|
||||
subprojects/gst-plugins-base/gst/subparse/gstsubparse.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
|
||||
index d0960a971a..b33ddbb2a7 100644
|
||||
--- a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
|
||||
+++ b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
|
||||
@@ -794,6 +794,8 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
|
||||
} else {
|
||||
--num_open_tags;
|
||||
g_ptr_array_remove_index (open_tags, num_open_tags);
|
||||
+ cur = end_tag + 1;
|
||||
+ continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -5,8 +5,8 @@
|
|||
#global shortcommit %(c=%{gitcommit}; echo ${c:0:5})
|
||||
|
||||
Name: gstreamer1-plugins-base
|
||||
Version: 1.18.4
|
||||
Release: 5%{?gitcommit:.git%{shortcommit}}%{?dist}
|
||||
Version: 1.22.1
|
||||
Release: 2%{?gitcommit:.git%{shortcommit}}%{?dist}
|
||||
Summary: GStreamer streaming media framework base plugins
|
||||
|
||||
License: LGPLv2+
|
||||
|
@ -21,6 +21,8 @@ Source0: http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugin
|
|||
Patch0: 0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
|
||||
|
||||
Patch1: xdg-compile.patch
|
||||
Patch2: 0001-subparse-Look-for-the-closing-of-a-tag-after-the-ope.patch
|
||||
Patch3: 0002-subparse-Skip-after-the-end-of-a-valid-closing-tag-i.patch
|
||||
|
||||
BuildRequires: meson >= 0.48.0
|
||||
BuildRequires: gcc
|
||||
|
@ -48,6 +50,8 @@ BuildRequires: mesa-libGL-devel
|
|||
BuildRequires: mesa-libGLES-devel
|
||||
BuildRequires: mesa-libGLU-devel
|
||||
BuildRequires: mesa-libEGL-devel
|
||||
BuildRequires: mesa-libgbm-devel
|
||||
BuildRequires: libgudev-devel
|
||||
BuildRequires: wayland-devel
|
||||
BuildRequires: egl-wayland-devel
|
||||
BuildRequires: graphene-devel
|
||||
|
@ -117,13 +121,15 @@ for the GStreamer Base Plugins library.
|
|||
%setup -q -n gst-plugins-base-%{version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p3
|
||||
%patch3 -p3
|
||||
|
||||
%build
|
||||
%meson \
|
||||
-D package-name='Fedora GStreamer-plugins-base package' \
|
||||
-D package-origin='http://download.fedoraproject.org' \
|
||||
-D gl_winsys=wayland,x11,gbm \
|
||||
-D doc=disabled \
|
||||
-D gtk_doc=disabled \
|
||||
-D orc=enabled \
|
||||
-D tremor=disabled \
|
||||
-D tests=disabled \
|
||||
|
@ -198,7 +204,6 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/libgstaudio-1.0.so.*
|
|||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstapp.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstencoding.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstrawparse.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstvideoscale.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstplayback.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/libgstriff-1.0.so.*
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstxvimagesink.so
|
||||
|
@ -207,7 +212,7 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgsttypefin
|
|||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstaudioresample.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstlibvisual.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstaudioconvert.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstvideoconvert.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstvideoconvertscale.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstvideorate.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstaudiotestsrc.so
|
||||
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstadder.so
|
||||
|
@ -221,7 +226,7 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
|
|||
|
||||
%files -f gst-plugins-base-%{majorminor}.lang
|
||||
%license COPYING
|
||||
%doc AUTHORS README REQUIREMENTS
|
||||
%doc AUTHORS NEWS README.md README.static-linking RELEASE REQUIREMENTS
|
||||
%{_datadir}/appdata/*.appdata.xml
|
||||
%{_libdir}/libgstallocators-%{majorminor}.so.*
|
||||
%{_libdir}/libgstaudio-%{majorminor}.so.*
|
||||
|
@ -269,9 +274,8 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
|
|||
%{_libdir}/gstreamer-%{majorminor}/libgstsubparse.so
|
||||
%{_libdir}/gstreamer-%{majorminor}/libgsttcp.so
|
||||
%{_libdir}/gstreamer-%{majorminor}/libgsttypefindfunctions.so
|
||||
%{_libdir}/gstreamer-%{majorminor}/libgstvideoconvert.so
|
||||
%{_libdir}/gstreamer-%{majorminor}/libgstvideoconvertscale.so
|
||||
%{_libdir}/gstreamer-%{majorminor}/libgstvideorate.so
|
||||
%{_libdir}/gstreamer-%{majorminor}/libgstvideoscale.so
|
||||
%{_libdir}/gstreamer-%{majorminor}/libgstvideotestsrc.so
|
||||
%{_libdir}/gstreamer-%{majorminor}/libgstvolume.so
|
||||
|
||||
|
@ -409,6 +413,7 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
|
|||
%{_includedir}/gstreamer-%{majorminor}/gst/video/colorbalancechannel.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/gstvideoaffinetransformationmeta.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/gstvideoaggregator.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/gstvideocodecalphameta.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/gstvideodecoder.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/gstvideoencoder.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/gstvideofilter.h
|
||||
|
@ -433,6 +438,7 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
|
|||
%{_includedir}/gstreamer-%{majorminor}/gst/video/video-info.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/video-multiview.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/video-resampler.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/video-sei.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/video-scaler.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/video-tile.h
|
||||
%{_includedir}/gstreamer-%{majorminor}/gst/video/video.h
|
||||
|
@ -481,6 +487,14 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jan 17 2024 Wim Taymans <wtaymans@redhat.com> - 1.22.1-2
|
||||
- CVE-2023-37328: heap overwrite in subtitle parsing
|
||||
- Resolves: RHEL-19475
|
||||
|
||||
* Wed Apr 12 2021 Wim Taymans <wtaymans@redhat.com> - 1.22.1-1
|
||||
- Update to 1.22.1
|
||||
- Resolves: rhbz#2144557
|
||||
|
||||
* Fri Jan 14 2022 Wim Taymans <wtaymans@redhat.com> - 1.18.4-5
|
||||
- Handle both compressed and uncompressed man pages
|
||||
- Fix build with small patch
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (gst-plugins-base-1.18.4.tar.xz) = c750d68404462807ff03f441e232c4d98752a9bceeec3038fb37a105942f25499bde0660ca688b6f3204c58eb6a2e3f33671e979018c8bd829e7591455961a6a
|
||||
SHA512 (gst-plugins-base-1.22.1.tar.xz) = a844d2237bbbe62692ab447acd347bd095e8f4e2b7eeac9e16da927a509e32b76c0efc86914a7cd517d953d26dd08f63c231debbdf78425f9bb2231e73d7f6cc
|
||||
|
|
Loading…
Reference in New Issue