import CS gstreamer1-plugins-good-1.22.1-2.el9

2024-03-28 10:33:06 +00:00 · 2024-03-28 10:33:06 +00:00 · cda299f27f
commit cda299f27f
parent 86da02eb4d
2 changed files with 64 additions and 1 deletions
--- a/SOURCES/0001-flacparse-Avoid-integer-overflow-in-available-data-c.patch
+++ b/SOURCES/0001-flacparse-Avoid-integer-overflow-in-available-data-c.patch
@ -0,0 +1,55 @@
 From cf36c771ea7f4e42603c2b5880432bc8c7d3dff1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
 Date: Tue, 13 Jun 2023 13:20:16 +0300
 Subject: [PATCH] flacparse: Avoid integer overflow in available data check for
 image tags
 If the image length as stored in the file is some bogus integer then
 adding it to the current byte readers position can overflow and wrongly
 have the check for enough available data succeed.
 This then later can cause NULL pointer dereferences or out of bounds
 reads/writes when actually reading the image data.
 Fixes ZDI-CAN-20775
 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2661
 Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894>
 ---
 .../gst-plugins-good/gst/audioparsers/gstflacparse.c        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c b/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c
 index a53b7ebc77..8ee450c65a 100644
 --- a/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c
 +++ b/subprojects/gst-plugins-good/gst/audioparsers/gstflacparse.c
@@ -1111,6 +1111,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer)
   GstMapInfo map;
   guint32 img_len = 0, img_type = 0;
   guint32 img_mimetype_len = 0, img_description_len = 0;
 +  const guint8 *img_data;
   gst_buffer_map (buffer, &map, GST_MAP_READ);
   gst_byte_reader_init (&reader, map.data, map.size);
@@ -1137,7 +1138,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer)
   if (!gst_byte_reader_get_uint32_be (&reader, &img_len))
     goto error;
 -  if (gst_byte_reader_get_pos (&reader) + img_len > map.size)
 +  if (!gst_byte_reader_get_data (&reader, img_len, &img_data))
     goto error;
   GST_INFO_OBJECT (flacparse, "Got image of %d bytes", img_len);
@@ -1146,8 +1147,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer)
     if (flacparse->tags == NULL)
       flacparse->tags = gst_tag_list_new_empty ();
 -    gst_tag_list_add_id3_image (flacparse->tags,
 -        map.data + gst_byte_reader_get_pos (&reader), img_len, img_type);
 +    gst_tag_list_add_id3_image (flacparse->tags, img_data, img_len, img_type);
   }
   gst_buffer_unmap (buffer, &map);
 -- 
 2.43.0
--- a/SPECS/gstreamer1-plugins-good.spec
+++ b/SPECS/gstreamer1-plugins-good.spec
@ -17,7 +17,7 @@
 Name:           gstreamer1-plugins-good
 Version:        1.22.1
-Release:        1%{?gitcommit:.git%{shortcommit}}%{?dist}
+Release:        2%{?gitcommit:.git%{shortcommit}}%{?dist}
 Summary:        GStreamer plugins with good code and licensing
 License:        LGPLv2+
@ -37,6 +37,8 @@ Source0:        http://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugin
 # See http://www.freedesktop.org/software/appstream/docs/ for more details.
 Source1:        gstreamer-good.appdata.xml
 Patch0:		0001-flacparse-Avoid-integer-overflow-in-available-data-c.patch
 BuildRequires:  meson >= 0.48.0
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
@ -163,6 +165,7 @@ to be installed.
 %prep
 %setup -q -n gst-plugins-good-%{version}
 %patch0 -p3
 %build
 %meson \
@ -304,6 +307,11 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';'
 %changelog
 * Wed Jan 17 2024 Wim Taymans <wtaymans@redhat.com> - 1.22.1-2
 - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC
  image tag handling
 - Resolves: RHEL-19471
 * Thu Apr 13 2023 Wim Taymans <wtaymans@redhat.com> - 1.22.1-1
 - Update to 1.22.1