import CS git gstreamer1-plugins-good-1.16.1-6.el8_10

2026-04-07 04:43:00 -04:00 · 2026-04-07 04:43:00 -04:00 · 543c2d4711
commit 543c2d4711
parent ce588a5bf1
2 changed files with 117 additions and 1 deletions
--- a/SOURCES/0001-rtpqdm2depay-error-out-if-anyone-tries-to-use-this-e.patch
+++ b/SOURCES/0001-rtpqdm2depay-error-out-if-anyone-tries-to-use-this-e.patch
@ -0,0 +1,110 @@
+From 63f66492d43c29d8ea70a59567028b21c9c140bb Mon Sep 17 00:00:00 2001
+From: Wim Taymans <wtaymans@redhat.com>
+Date: Tue, 31 Mar 2026 13:17:15 +0200
+Subject: [PATCH] rtpqdm2depay: error out if anyone tries to use this element
+
+Forbid use of this element and comment out all processing code.
+
+There is no plausible reason this code should ever be executed in 2026
+seeing that this was a streaming format produced by Darwin Streaming Server
+ca 2009 which hasn't been in active use for well over a decade.
+
+We simply error out for now as defensive measure and will remove the
+element entirely in the next release cycle.
+
+The processing functions are hairy and rather tedious to fix without
+at least some sample stream at hand.
+
+If anyone actually does have a legitimate need for this element and
+can provide a sample streams, we will happily implement a depayloader
+in Rust.
+
+Fixes ZDI-CAN-28850, ZDI-CAN-28851, ZDI-CAN-28851, ZDI-CAN-28850, GST-SA-2026-0008.
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4903
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4890
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/10886>
+---
+ .../gst-plugins-good/gst/rtp/gstrtpqdmdepay.c | 25 ++++++++++++++++++-
+ 1 file changed, 24 insertions(+), 1 deletion(-)
+---
+ gst/rtp/gstrtpqdmdepay.c | 25 ++++++++++++++++++++++++-
+ 1 file changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/gst/rtp/gstrtpqdmdepay.c b/gst/rtp/gstrtpqdmdepay.c
+index 898663aa7..5dbcc548f 100644
+--- a/gst/rtp/gstrtpqdmdepay.c
+++ b/gst/rtp/gstrtpqdmdepay.c
+@@ -50,11 +50,13 @@ GST_STATIC_PAD_TEMPLATE ("sink",
+ G_DEFINE_TYPE (GstRtpQDM2Depay, gst_rtp_qdm2_depay,
+     GST_TYPE_RTP_BASE_DEPAYLOAD);
+ 
+#if 0
+ static const guint8 headheader[20] = {
+   0x0, 0x0, 0x0, 0xc, 0x66, 0x72, 0x6d, 0x61,
+   0x51, 0x44, 0x4d, 0x32, 0x0, 0x0, 0x0, 0x24,
+   0x51, 0x44, 0x43, 0x41
+ };
+#endif
+ 
+ static void gst_rtp_qdm2_depay_finalize (GObject * object);
+ 
+@@ -131,6 +133,7 @@ gst_rtp_qdm2_depay_setcaps (GstRTPBaseDepayload * filter, GstCaps * caps)
+   return TRUE;
+ }
+ 
+#if 0
+ static void
+ flush_data (GstRtpQDM2Depay * depay)
+ {
+@@ -223,10 +226,26 @@ add_packet (GstRtpQDM2Depay * depay, guint32 pid, guint32 len, guint8 * data)
+   memcpy (packet->data + packet->offs, data, len);
+   packet->offs += len;
+ }
+#endif
+ 
+ static GstBuffer *
+ gst_rtp_qdm2_depay_process (GstRTPBaseDepayload * depayload, GstRTPBuffer * rtp)
+ {
+  /* There is no plausible reason this code should ever be executed in 2026
+   * seeing that this was a streaming format produced by Darwin Streaming Server
+   * ca 2009 which hasn't been in active use for well over a decade.
+   *
+   * We simply return here as defensive measure.
+   *
+   * We post an error message in the state change function, so this processing
+   * function should never be reached, we just ifdef the code out for clarity.
+   *
+   * If anyone actually does have a legitimate need for this and can provide
+   * sample streams, we will happily implement a depayloader in Rust.
+   */
+  return NULL;
+
+#if 0
+   GstRtpQDM2Depay *rtpqdm2depay;
+   GstBuffer *outbuf = NULL;
+   guint16 seq;
+@@ -371,6 +390,7 @@ bad_packet:
+         (NULL), ("Packet was too short"));
+     return NULL;
+   }
+#endif
+ }
+ 
+ static GstStateChangeReturn
+@@ -384,7 +404,10 @@ gst_rtp_qdm2_depay_change_state (GstElement * element,
+ 
+   switch (transition) {
+     case GST_STATE_CHANGE_NULL_TO_READY:
+-      break;
+      GST_ELEMENT_ERROR (rtpqdm2depay, STREAM, DECODE,
+          ("This element should not be used."),
+          ("Please report an issue if you encounter this message."));
+      return GST_STATE_CHANGE_FAILURE;
+     case GST_STATE_CHANGE_READY_TO_PAUSED:
+       gst_adapter_clear (rtpqdm2depay->adapter);
+       break;
+-- 
+2.53.0
+
--- a/SPECS/gstreamer1-plugins-good.spec
+++ b/SPECS/gstreamer1-plugins-good.spec
@ -15,7 +15,7 @@

 Name:           gstreamer1-plugins-good
 Version:        1.16.1
-Release:        5%{?gitcommit:.git%{shortcommit}}%{?dist}
+Release:        6%{?gitcommit:.git%{shortcommit}}%{?dist}
 Summary:        GStreamer plugins with good code and licensing

 License:        LGPLv2+
@ -38,6 +38,7 @@ Patch5:		0006-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch
 Patch6:		0007-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch
 Patch7:		0008-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch
 Patch8:		0009-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch
+Patch9:         0001-rtpqdm2depay-error-out-if-anyone-tries-to-use-this-e.patch

 BuildRequires:  gcc
 BuildRequires:  gcc-c++
@ -180,6 +181,7 @@ to be installed.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1

 %build
 %configure --disable-silent-rules --disable-fatal-warnings \
@ -364,6 +366,10 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'


 %changelog
+* Tue Mar 31 2026 Wim Taymans <wtaymans@redhat.com> - 1.16.1-6
+- Add patch for CVE-2026-3083 and CVE-2026-3085
+  Resolves: RHEL-156183, RHEL-156153
+
 * Mon Dec 16 2024 Wim Taymans <wtaymans@redhat.com> - 1.16.1-5
 - CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606,
  CVE-2024-47613