| 1 |
commit: 4fa29d9e36377f98e19c9a9eddead073781f18eb |
| 2 |
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat Aug 29 09:58:35 2020 +0000 |
| 4 |
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Aug 29 09:59:46 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fa29d9e |
| 7 |
|
| 8 |
media-libs/gst-rtsp-server: bump to 1.16.2, fix CVE-2020-6095 |
| 9 |
|
| 10 |
Includes 3 commits from origin/1.16, including fix for CVE-2020-6095. |
| 11 |
Tests fail due to new max-ttl work in 1.16, disable for now. |
| 12 |
1.18 will be meson-based and we'll retry with tests naturally then. |
| 13 |
|
| 14 |
Bug: https://bugs.gentoo.org/715100 |
| 15 |
Package-Manager: Portage-2.3.103, Repoman-2.3.20 |
| 16 |
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org> |
| 17 |
|
| 18 |
media-libs/gst-rtsp-server/Manifest | 1 + |
| 19 |
.../files/1.16.2-CVE-2020-6095.patch | 39 +++++++++++ |
| 20 |
.../files/1.16.2-glib-deprecation-fix.patch | 59 +++++++++++++++++ |
| 21 |
.../gst-rtsp-server/files/1.16.2-leak-fix.patch | 25 ++++++++ |
| 22 |
.../gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild | 75 ++++++++++++++++++++++ |
| 23 |
5 files changed, 199 insertions(+) |
| 24 |
|
| 25 |
diff --git a/media-libs/gst-rtsp-server/Manifest b/media-libs/gst-rtsp-server/Manifest |
| 26 |
index 91b7cdd8563..bc2d122ef7c 100644 |
| 27 |
--- a/media-libs/gst-rtsp-server/Manifest |
| 28 |
+++ b/media-libs/gst-rtsp-server/Manifest |
| 29 |
@@ -1 +1,2 @@ |
| 30 |
DIST gst-rtsp-server-1.14.5.tar.xz 672180 BLAKE2B 3e67f703c190e46580cf7c08a9437d51e9c1e009dd27cf359ecd5aa301ddda6cd70c0d5567e72c6e5f9443318e899a9b55e6883c71c9fc021f77286afd89bbc9 SHA512 dbfb63fb219808d2a32d710bef33d2b3b9906300d4c527c72534a4cb6db0f5ce4f4fadcedf7f6a3a5f46005f4408717d9aafa1a510c4aed18f5d07d6b3646492 |
| 31 |
+DIST gst-rtsp-server-1.16.2.tar.xz 693368 BLAKE2B 612b59bc3a08167a81790c8d5164efebb8756ce3d3c9c278a0363bd640929b14d2fb1c26454a513dbaa9e093a702e7553950b6210ef57a6e9188a059c81650d3 SHA512 e18d87ae309594ffd7917b1804e595b83d5002518608f0ee03b9e68ab9bdf771ec2f691e50408618a6d1a39495c123e8288b3179e6cdaef65a38ef404544e0eb |
| 32 |
|
| 33 |
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch |
| 34 |
new file mode 100644 |
| 35 |
index 00000000000..87b2e54973b |
| 36 |
--- /dev/null |
| 37 |
+++ b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch |
| 38 |
@@ -0,0 +1,39 @@ |
| 39 |
+From ccc8d0c4388056acc801fd855e065eb2b0ca6578 Mon Sep 17 00:00:00 2001 |
| 40 |
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@×××××××××××.com> |
| 41 |
+Date: Mon, 23 Mar 2020 16:06:43 +0200 |
| 42 |
+Subject: [PATCH 3/3] rtsp-auth: Fix NULL pointer dereference when handling an |
| 43 |
+ invalid basic Authorization header |
| 44 |
+ |
| 45 |
+When using the basic authentication scheme, we wouldn't validate that |
| 46 |
+the authorization field of the credentials is not NULL and pass it on |
| 47 |
+to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will |
| 48 |
+dereference the NULL pointer and crash. |
| 49 |
+A specially crafted (read: invalid) RTSP header can cause this to |
| 50 |
+happen. |
| 51 |
+ |
| 52 |
+As a solution, check for the authorization to be not NULL before |
| 53 |
+continuing processing it and if it is simply fail authentication. |
| 54 |
+ |
| 55 |
+This fixes CVE-2020-6095 and TALOS-2020-1018. |
| 56 |
+ |
| 57 |
+Discovered by Peter Wang of Cisco ASIG. |
| 58 |
+--- |
| 59 |
+ gst/rtsp-server/rtsp-auth.c | 2 +- |
| 60 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
| 61 |
+ |
| 62 |
+diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c |
| 63 |
+index f14286f..c15fa18 100644 |
| 64 |
+--- a/gst/rtsp-server/rtsp-auth.c |
| 65 |
++++ b/gst/rtsp-server/rtsp-auth.c |
| 66 |
+@@ -871,7 +871,7 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPContext * ctx) |
| 67 |
+ |
| 68 |
+ GST_DEBUG_OBJECT (auth, "check Basic auth"); |
| 69 |
+ g_mutex_lock (&priv->lock); |
| 70 |
+- if ((token = |
| 71 |
++ if ((*credential)->authorization && (token = |
| 72 |
+ g_hash_table_lookup (priv->basic, |
| 73 |
+ (*credential)->authorization))) { |
| 74 |
+ GST_DEBUG_OBJECT (auth, "setting token %p", token); |
| 75 |
+-- |
| 76 |
+2.20.1 |
| 77 |
+ |
| 78 |
|
| 79 |
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch |
| 80 |
new file mode 100644 |
| 81 |
index 00000000000..679c5c5207c |
| 82 |
--- /dev/null |
| 83 |
+++ b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch |
| 84 |
@@ -0,0 +1,59 @@ |
| 85 |
+From df227481504574ecc6028400d17870913a16a047 Mon Sep 17 00:00:00 2001 |
| 86 |
+From: Jordan Petridis <jordan@×××××××××××.com> |
| 87 |
+Date: Thu, 23 Jan 2020 16:41:26 +0200 |
| 88 |
+Subject: [PATCH 2/3] rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as |
| 89 |
+ it's been deprecated |
| 90 |
+ |
| 91 |
+from glib |
| 92 |
+``` |
| 93 |
+Deprecated: 2.58: Use %G_ADD_PRIVATE and the generated |
| 94 |
+ `your_type_get_instance_private()` function instead |
| 95 |
+``` |
| 96 |
+--- |
| 97 |
+ gst/rtsp-server/rtsp-latency-bin.c | 9 +++------ |
| 98 |
+ 1 file changed, 3 insertions(+), 6 deletions(-) |
| 99 |
+ |
| 100 |
+diff --git a/gst/rtsp-server/rtsp-latency-bin.c b/gst/rtsp-server/rtsp-latency-bin.c |
| 101 |
+index cf7cdf1..c297ab6 100644 |
| 102 |
+--- a/gst/rtsp-server/rtsp-latency-bin.c |
| 103 |
++++ b/gst/rtsp-server/rtsp-latency-bin.c |
| 104 |
+@@ -23,9 +23,6 @@ |
| 105 |
+ #include <gst/gst.h> |
| 106 |
+ #include "rtsp-latency-bin.h" |
| 107 |
+ |
| 108 |
+-#define GST_RTSP_LATENCY_BIN_GET_PRIVATE(obj) \ |
| 109 |
+- (G_TYPE_INSTANCE_GET_PRIVATE ((obj), GST_RTSP_LATENCY_BIN_TYPE, GstRTSPLatencyBinPrivate)) |
| 110 |
+- |
| 111 |
+ struct _GstRTSPLatencyBinPrivate |
| 112 |
+ { |
| 113 |
+ GstPad *sinkpad; |
| 114 |
+@@ -106,7 +103,7 @@ gst_rtsp_latency_bin_get_property (GObject * object, guint propid, |
| 115 |
+ { |
| 116 |
+ GstRTSPLatencyBin *latency_bin = GST_RTSP_LATENCY_BIN (object); |
| 117 |
+ GstRTSPLatencyBinPrivate *priv = |
| 118 |
+- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin); |
| 119 |
++ gst_rtsp_latency_bin_get_instance_private (latency_bin); |
| 120 |
+ |
| 121 |
+ switch (propid) { |
| 122 |
+ case PROP_ELEMENT: |
| 123 |
+@@ -140,7 +137,7 @@ gst_rtsp_latency_bin_add_element (GstRTSPLatencyBin * latency_bin, |
| 124 |
+ GstElement * element) |
| 125 |
+ { |
| 126 |
+ GstRTSPLatencyBinPrivate *priv = |
| 127 |
+- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin); |
| 128 |
++ gst_rtsp_latency_bin_get_instance_private (latency_bin); |
| 129 |
+ GstPad *pad; |
| 130 |
+ GstPadTemplate *templ; |
| 131 |
+ |
| 132 |
+@@ -250,7 +247,7 @@ static gboolean |
| 133 |
+ gst_rtsp_latency_bin_recalculate_latency (GstRTSPLatencyBin * latency_bin) |
| 134 |
+ { |
| 135 |
+ GstRTSPLatencyBinPrivate *priv = |
| 136 |
+- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin); |
| 137 |
++ gst_rtsp_latency_bin_get_instance_private (latency_bin); |
| 138 |
+ GstEvent *latency; |
| 139 |
+ GstQuery *query; |
| 140 |
+ GstClockTime min_latency; |
| 141 |
+-- |
| 142 |
+2.20.1 |
| 143 |
+ |
| 144 |
|
| 145 |
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch |
| 146 |
new file mode 100644 |
| 147 |
index 00000000000..2707c3ebdc0 |
| 148 |
--- /dev/null |
| 149 |
+++ b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch |
| 150 |
@@ -0,0 +1,25 @@ |
| 151 |
+From 9dfdcb71e84e53e25388a6e0b485a70c45ea0dec Mon Sep 17 00:00:00 2001 |
| 152 |
+From: Nicola Murino <nicola.murino@×××××.com> |
| 153 |
+Date: Thu, 12 Dec 2019 17:56:18 +0100 |
| 154 |
+Subject: [PATCH 1/3] rtsp-auth: fix default token leak |
| 155 |
+ |
| 156 |
+--- |
| 157 |
+ gst/rtsp-server/rtsp-auth.c | 2 ++ |
| 158 |
+ 1 file changed, 2 insertions(+) |
| 159 |
+ |
| 160 |
+diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c |
| 161 |
+index f676b80..f14286f 100644 |
| 162 |
+--- a/gst/rtsp-server/rtsp-auth.c |
| 163 |
++++ b/gst/rtsp-server/rtsp-auth.c |
| 164 |
+@@ -214,6 +214,8 @@ gst_rtsp_auth_finalize (GObject * obj) |
| 165 |
+ g_hash_table_unref (priv->basic); |
| 166 |
+ g_hash_table_unref (priv->digest); |
| 167 |
+ g_hash_table_unref (priv->nonces); |
| 168 |
++ if (priv->default_token) |
| 169 |
++ gst_rtsp_token_unref (priv->default_token); |
| 170 |
+ g_mutex_clear (&priv->lock); |
| 171 |
+ g_free (priv->realm); |
| 172 |
+ |
| 173 |
+-- |
| 174 |
+2.20.1 |
| 175 |
+ |
| 176 |
|
| 177 |
diff --git a/media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild b/media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild |
| 178 |
new file mode 100644 |
| 179 |
index 00000000000..b353ef4e8f7 |
| 180 |
--- /dev/null |
| 181 |
+++ b/media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild |
| 182 |
@@ -0,0 +1,75 @@ |
| 183 |
+# Copyright 1999-2020 Gentoo Authors |
| 184 |
+# Distributed under the terms of the GNU General Public License v2 |
| 185 |
+ |
| 186 |
+EAPI=6 |
| 187 |
+ |
| 188 |
+inherit gstreamer |
| 189 |
+ |
| 190 |
+DESCRIPTION="A GStreamer based RTSP server" |
| 191 |
+HOMEPAGE="https://gstreamer.freedesktop.org/modules/gst-rtsp-server.html" |
| 192 |
+ |
| 193 |
+LICENSE="LGPL-2+" |
| 194 |
+KEYWORDS="~amd64 ~x86" |
| 195 |
+IUSE="examples +introspection static-libs" |
| 196 |
+ |
| 197 |
+# gst-plugins-base for many used elements and API |
| 198 |
+# gst-plugins-good for rtprtxsend and rtpbin elements, maybe more |
| 199 |
+# gst-plugins-srtp for srtpenc and srtpdec elements |
| 200 |
+RDEPEND=" |
| 201 |
+ >=dev-libs/glib-2.40.0:2[${MULTILIB_USEDEP}] |
| 202 |
+ >=media-libs/gstreamer-${PV}:${SLOT}[introspection?,${MULTILIB_USEDEP}] |
| 203 |
+ >=media-libs/gst-plugins-base-${PV}:${SLOT}[introspection?,${MULTILIB_USEDEP}] |
| 204 |
+ >=media-libs/gst-plugins-good-${PV}:${SLOT}[${MULTILIB_USEDEP}] |
| 205 |
+ >=media-plugins/gst-plugins-srtp-${PV}:${SLOT}[${MULTILIB_USEDEP}] |
| 206 |
+ introspection? ( >=dev-libs/gobject-introspection-1.31.1:= ) |
| 207 |
+" |
| 208 |
+DEPEND="${RDEPEND} |
| 209 |
+ >=dev-util/gtk-doc-am-1.12 |
| 210 |
+" |
| 211 |
+ |
| 212 |
+# Due to gstreamer src_configure |
| 213 |
+QA_CONFIGURE_OPTIONS="--enable-nls" |
| 214 |
+ |
| 215 |
+PATCHES=( |
| 216 |
+ "${FILESDIR}"/${PV}-leak-fix.patch |
| 217 |
+ "${FILESDIR}"/${PV}-glib-deprecation-fix.patch |
| 218 |
+ "${FILESDIR}"/${PV}-CVE-2020-6095.patch |
| 219 |
+) |
| 220 |
+ |
| 221 |
+multilib_src_configure() { |
| 222 |
+ # debug: only adds -g to CFLAGS |
| 223 |
+ # docbook: nothing behind that switch |
| 224 |
+ # libcgroup is automagic and only used in examples |
| 225 |
+ gstreamer_multilib_src_configure \ |
| 226 |
+ --disable-debug \ |
| 227 |
+ --disable-valgrind \ |
| 228 |
+ --disable-examples \ |
| 229 |
+ --disable-docbook \ |
| 230 |
+ --disable-gtk-doc \ |
| 231 |
+ $(multilib_native_use_enable introspection) \ |
| 232 |
+ $(use_enable static-libs static) \ |
| 233 |
+ --disable-tests \ |
| 234 |
+ LIBCGROUP_LIBS= \ |
| 235 |
+ LIBCGROUP_FLAGS= |
| 236 |
+ |
| 237 |
+ # work-around gtk-doc out-of-source brokedness |
| 238 |
+ if multilib_is_native_abi ; then |
| 239 |
+ ln -s "${S}"/docs/libs/${d}/html docs/libs/${d}/html || die |
| 240 |
+ fi |
| 241 |
+} |
| 242 |
+ |
| 243 |
+multilib_src_install() { |
| 244 |
+ emake install DESTDIR="${D}" |
| 245 |
+ # Handle broken upstream modifications to defaults of gtk-doc |
| 246 |
+ emake install -C docs/libs DESTDIR="${D}" |
| 247 |
+} |
| 248 |
+ |
| 249 |
+multilib_src_install_all() { |
| 250 |
+ einstalldocs |
| 251 |
+ find "${ED}" -name '*.la' -delete || die |
| 252 |
+ |
| 253 |
+ if use examples ; then |
| 254 |
+ insinto /usr/share/doc/${PF}/examples |
| 255 |
+ doins "${S}"/examples/*.c |
| 256 |
+ fi |
| 257 |
+} |
Archives