From 10d1a21b62b7a76c183664d79d5dd37a98a19925 Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Fri, 14 Jun 2024 18:16:41 +0200 Subject: [PATCH] Update to 1.22.12 --- .gitignore | 7 + ...integer-overflow-in-available-data-c.patch | 55 ----- gstreamer1-plugins-good.spec | 205 +++++++++++++++--- sources | 2 +- 4 files changed, 181 insertions(+), 88 deletions(-) delete mode 100644 0001-flacparse-Avoid-integer-overflow-in-available-data-c.patch diff --git a/.gitignore b/.gitignore index dcbe11a..14773f1 100644 --- a/.gitignore +++ b/.gitignore @@ -74,3 +74,10 @@ /gst-plugins-good-1.18.2.tar.xz /gst-plugins-good-1.18.4.tar.xz /gst-plugins-good-1.22.1.tar.xz +/gst-plugins-good-1.22.2.tar.xz +/gst-plugins-good-1.22.3.tar.xz +/gst-plugins-good-1.22.5.tar.xz +/gst-plugins-good-1.22.7.tar.xz +/gst-plugins-good-1.22.8.tar.xz +/gst-plugins-good-1.22.9.tar.xz +/gst-plugins-good-1.22.12.tar.xz diff --git a/0001-flacparse-Avoid-integer-overflow-in-available-data-c.patch b/0001-flacparse-Avoid-integer-overflow-in-available-data-c.patch deleted file mode 100644 index b20f286..0000000 --- a/0001-flacparse-Avoid-integer-overflow-in-available-data-c.patch +++ /dev/null @@ -1,55 +0,0 @@ -From cf36c771ea7f4e42603c2b5880432bc8c7d3dff1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= -Date: Tue, 13 Jun 2023 13:20:16 +0300 -Subject: [PATCH] flacparse: Avoid integer overflow in available data check for - image tags - -If the image length as stored in the file is some bogus integer then -adding it to the current byte readers position can overflow and wrongly -have the check for enough available data succeed. - -This then later can cause NULL pointer dereferences or out of bounds -reads/writes when actually reading the image data. - -Fixes ZDI-CAN-20775 -Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2661 - -Part-of: ---- - .../gst-plugins-good/gst/audioparsers/gstflacparse.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c b/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c -index a53b7ebc77..8ee450c65a 100644 ---- a/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c -+++ b/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c -@@ -1111,6 +1111,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer) - GstMapInfo map; - guint32 img_len = 0, img_type = 0; - guint32 img_mimetype_len = 0, img_description_len = 0; -+ const guint8 *img_data; - - gst_buffer_map (buffer, &map, GST_MAP_READ); - gst_byte_reader_init (&reader, map.data, map.size); -@@ -1137,7 +1138,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer) - if (!gst_byte_reader_get_uint32_be (&reader, &img_len)) - goto error; - -- if (gst_byte_reader_get_pos (&reader) + img_len > map.size) -+ if (!gst_byte_reader_get_data (&reader, img_len, &img_data)) - goto error; - - GST_INFO_OBJECT (flacparse, "Got image of %d bytes", img_len); -@@ -1146,8 +1147,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer) - if (flacparse->tags == NULL) - flacparse->tags = gst_tag_list_new_empty (); - -- gst_tag_list_add_id3_image (flacparse->tags, -- map.data + gst_byte_reader_get_pos (&reader), img_len, img_type); -+ gst_tag_list_add_id3_image (flacparse->tags, img_data, img_len, img_type); - } - - gst_buffer_unmap (buffer, &map); --- -2.43.0 - diff --git a/gstreamer1-plugins-good.spec b/gstreamer1-plugins-good.spec index 4992866..b7daf8a 100644 --- a/gstreamer1-plugins-good.spec +++ b/gstreamer1-plugins-good.spec @@ -9,18 +9,29 @@ %bcond_with nasm %endif -%bcond_without qt +# RHEL 10 will provide Qt 6 and drop Qt 5 +%if 0%{?rhel} >= 10 +%bcond_with qt5 +%else +%bcond_without qt5 +%endif + +%if 0%{?rhel} && 0%{?rhel} < 10 +%bcond_with qt6 +%else +%bcond_without qt6 +%endif #global gitrel 140 #global gitcommit 9865730cfa5b3a8b2560d082e7e56b350042d3d2 #global shortcommit %(c=%{gitcommit}; echo ${c:0:5}) Name: gstreamer1-plugins-good -Version: 1.22.1 -Release: 2%{?gitcommit:.git%{shortcommit}}%{?dist} +Version: 1.22.12 +Release: 1%{?dist} Summary: GStreamer plugins with good code and licensing -License: LGPLv2+ +License: CC0-1.0 AND GPL-2.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND xlock AND MIT AND BSD-3-Clause AND CC-BY-3.0 URL: http://gstreamer.freedesktop.org/ %if 0%{?gitrel} @@ -37,8 +48,6 @@ Source0: http://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugin # See http://www.freedesktop.org/software/appstream/docs/ for more details. Source1: gstreamer-good.appdata.xml -Patch0: 0001-flacparse-Avoid-integer-overflow-in-available-data-c.patch - BuildRequires: meson >= 0.48.0 BuildRequires: gcc BuildRequires: gcc-c++ @@ -72,6 +81,7 @@ BuildRequires: mesa-libEGL-devel BuildRequires: lame-devel BuildRequires: mpg123-devel BuildRequires: twolame-devel +#BuildRequires: qt6-qtshadertools %if %{with nasm} BuildRequires: nasm %endif @@ -79,7 +89,7 @@ BuildRequires: libgudev-devel # extras %if %{with extras} -BuildRequires: jack-audio-connection-kit-devel +BuildRequires: pipewire-jack-audio-connection-kit-devel %ifnarch s390 s390x BuildRequires: libavc1394-devel BuildRequires: libdv-devel @@ -88,6 +98,10 @@ BuildRequires: libraw1394-devel %endif %endif +# The soup elements dynamically load either version of libsoup at runtime, +# defaulting to libsoup3 if libsoup2 is not already loaded in the process +Recommends: libsoup3%{?_isa} + # Obsoletes/Provides moved from plugins-bad-free Obsoletes: gstreamer1-plugin-mpg123 < 1.13.1 Provides: gstreamer1-plugin-mpg123 = %{version}-%{release} @@ -121,7 +135,7 @@ good quality and under the LGPL license. This package (%{name}-gtk) contains the gtksink output plugin. -%if %{with qt} +%if %{with qt5} %package qt Summary: GStreamer "good" plugins qt qml plugin Requires: %{name}%{?_isa} = %{version}-%{release} @@ -131,6 +145,8 @@ BuildRequires: pkgconfig(Qt5Qml) BuildRequires: pkgconfig(Qt5Quick) BuildRequires: pkgconfig(Qt5X11Extras) BuildRequires: pkgconfig(Qt5WaylandClient) +BuildRequires: qt5-qtbase-private-devel +BuildRequires: qt5-linguist Supplements: (gstreamer1-plugins-good and qt5-qtdeclarative) @@ -144,6 +160,31 @@ good quality and under the LGPL license. This package (%{name}-qt) contains the qtsink output plugin. %endif +%if %{with qt6} +%package qt6 +Summary: GStreamer "good" plugins qt6 qml plugin +Requires: %{name}%{?_isa} = %{version}-%{release} + +BuildRequires: pkgconfig(Qt6Gui) +BuildRequires: pkgconfig(Qt6Qml) +BuildRequires: pkgconfig(Qt6Quick) +BuildRequires: pkgconfig(Qt6WaylandClient) +BuildRequires: pkgconfig(Qt6Linguist) +BuildRequires: qt6-qtbase-private-devel +BuildRequires: qt6-linguist + +Supplements: (gstreamer1-plugins-good and qt6-qtdeclarative) + +%description qt6 +GStreamer is a streaming media framework, based on graphs of elements which +operate on media data. + +GStreamer Good Plugins is a collection of well-supported plugins of +good quality and under the LGPL license. + +This package (%{name}-qt6) contains the qml6sink output plugin. +%endif + %if %{with extras} %package extras Summary: Extra GStreamer plugins with good code and licensing @@ -165,7 +206,6 @@ to be installed. %prep %setup -q -n gst-plugins-good-%{version} -%patch0 -p3 %build %meson \ @@ -186,10 +226,12 @@ to be installed. -D dv=%{?with_extras:enabled}%{!?with_extras:disabled} \ -D dv1394=%{?with_extras:enabled}%{!?with_extras:disabled} \ %endif -%if 0%{?_module_build} && "%{_module_name}" == "flatpak-runtime" +%if 0%{?flatpak_runtime} -D v4l2-gudev=disabled \ %endif - -D qt6=disabled + -D qt-egl=disabled \ + -D qt5=%{?with_qt5:enabled}%{!?with_qt5:disabled} \ + -D qt6=%{?with_qt6:enabled}%{!?with_qt6:disabled} %meson_build @@ -292,8 +334,15 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';' # Plugins with external dependencies %{_libdir}/gstreamer-%{majorminor}/libgstgtk.so +%if %{with qt5} %files qt %{_libdir}/gstreamer-%{majorminor}/libgstqmlgl.so +%endif + +%if %{with qt6} +%files qt6 +%{_libdir}/gstreamer-%{majorminor}/libgstqml6.so +%endif %if %{with extras} %files extras @@ -307,34 +356,126 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';' %changelog -* Wed Jan 17 2024 Wim Taymans - 1.22.1-2 -- CVE-2023-37327: integer overflow leading to heap overwrite in FLAC - image tag handling -- Resolves: RHEL-19471 +* Tue Apr 30 2024 Gwyn Ciesla - 1.22.12-1 +- 1.22.12 -* Thu Apr 13 2023 Wim Taymans - 1.22.1-1 +* Fri Apr 26 2024 Gwyn Ciesla - 1.22.11-2 +- Qt6 re-rebuild + +* Thu Apr 18 2024 Gwyn Ciesla - 1.22.11-1 +- 1.22.11 + +* Thu Apr 18 2024 Jan Grulich - 1.22.9-1 +- Revert back to 1.22.9 (accidentally merged Rawhide to f40) + +* Thu Apr 04 2024 Jan Grulich - 1.24.0-2 +- Rebuild (qt6) + +* Tue Mar 05 2024 Wim Taymans - 1.24.0-1 +- Update to 1.24.0 + +* Fri Feb 16 2024 Jan Grulich - 1.22.9-3 +- Rebuild (qt6) + +* Tue Feb 13 2024 Pete Walter - 1.22.9-2 +- Rebuild for libvpx 1.14.x + +* Thu Jan 25 2024 Gwyn Ciesla - 1.22.9-1 +- 1.22.9 + +* Wed Jan 24 2024 Fedora Release Engineering - 1.22.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jan 20 2024 Fedora Release Engineering - 1.22.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Dec 18 2023 Gwyn Ciesla - 1.22.8-1 +- 1.22.8 + +* Wed Nov 29 2023 Jan Grulich - 1.22.7-2 +- Rebuild (qt6) + +* Tue Nov 14 2023 Gwyn Ciesla - 1.22.7-1 +- 1.22.7 + +* Fri Oct 13 2023 Jan Grulich - 1.22.5-3 +- Rebuild (qt6) + +* Thu Oct 05 2023 Jan Grulich - 1.22.5-2 +- Rebuild (qt6) + +* Fri Jul 21 2023 Wim Taymans - 1.22.5-1 +- Update to 1.22.5 +- Disable qt-egl and add some BuildRequires to make things compile. + +* Thu Jul 20 2023 Fedora Release Engineering - 1.22.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sun Jun 18 2023 Yaakov Selkowitz - 1.22.3-2 +- Enable Qt6 plugin, disable Qt5 plugin for RHEL 10 + +* Thu May 25 2023 Wim Taymans - 1.22.3-1 +- Update to 1.22.3 + +* Thu Apr 13 2023 Wim Taymans - 1.22.2-1 +- Update to 1.22.2 + +* Mon Mar 13 2023 Wim Taymans - 1.22.1-1 - Update to 1.22.1 -* Fri Nov 11 2022 Wim Taymans - 1.18.4-6 -- Fixes for CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, - CVE-2022-1924, CVE-2022-1925, CVE-2022-2122 - Resolves: rhbz#2131034, rhbz#2131039, rhbz#2131045, rhbz#2131049, - rhbz#2131054, rhbz#2131060, rhbz#2131064 +* Wed Feb 15 2023 Tom Callaway - 1.22.0-2 +- rebuild for new libvpx -* Mon Aug 09 2021 Mohan Boddu - 1.18.4-5 -- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Related: rhbz#1991688 +* Tue Jan 24 2023 Wim Taymans - 1.22.0-1 +- Update to 1.22.0 -* Tue Jun 22 2021 Mohan Boddu - 1.18.4-4 -- Rebuilt for RHEL 9 BETA for openssl 3.0 - Related: rhbz#1971065 +* Fri Jan 20 2023 Wim Taymans - 1.21.90-1 +- Update to 1.21.90 -* Fri May 14 2021 Wim Taymans - 1.18.4-3 +* Thu Jan 19 2023 Fedora Release Engineering - 1.20.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jan 11 2023 Wim Taymans - 1.20.5-1 +- Update to 1.20.5 + +* Thu Oct 13 2022 Wim Taymans - 1.20.4-1 +- Update to 1.20.4 + +* Tue Sep 13 2022 Michel Alexandre Salim - 1.20.3-3 +- Rebuilt for flac 1.4.0 + +* Thu Jul 21 2022 Fedora Release Engineering - 1.20.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon Jul 18 2022 Wim Taymans - 1.20.3-1 +- Update to 1.20.3 + +* Fri Feb 4 2022 Wim Taymans - 1.20.0-1 +- Update to 1.20.0 + +* Thu Jan 27 2022 Tom Callaway - 1.19.3-4 +- rebuild for libvpx + +* Wed Jan 26 2022 Wim Taymans - 1.19.3-3 +- Fix build + +* Thu Jan 20 2022 Fedora Release Engineering - 1.19.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Nov 11 2021 Wim Taymans - 1.19.3-1 +- Update to 1.19.3 + +* Thu Sep 23 2021 Wim Taymans - 1.19.2-1 +- Update to 1.19.2 + +* Thu Jul 22 2021 Fedora Release Engineering - 1.19.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu Jun 03 2021 Wim Taymans - 1.19.1-1 +- Update to 1.19.1 + +* Fri May 14 2021 Wim Taymans - 1.18.4-2 - Move libdv and friends to extras -- Resolves: rhbz#1960634 - -* Fri Apr 16 2021 Mohan Boddu - 1.18.4-2 -- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Mar 16 2021 Wim Taymans - 1.18.4-1 - Update to 1.18.4 diff --git a/sources b/sources index 28978b1..0c9b610 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (gst-plugins-good-1.22.1.tar.xz) = 41dfb896c4de3d2dd8e2e69c7120f0143b05c6ce4b0e72111ef9994955d104f55e61ffbff0ec5141a0f606e89fb694562f76af86a2497415256bc7bd4c9c701a +SHA512 (gst-plugins-good-1.22.12.tar.xz) = 06edbec1981681eef13852f21814666ccd9b664892795109d605015e0fe351d9cc3159af3e0ff92aa0d6bf085af8a749333d128544a2ce8b545067b95b7e09c0