1 |
commit: 4fa29d9e36377f98e19c9a9eddead073781f18eb |
2 |
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Aug 29 09:58:35 2020 +0000 |
4 |
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Aug 29 09:59:46 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fa29d9e |
7 |
|
8 |
media-libs/gst-rtsp-server: bump to 1.16.2, fix CVE-2020-6095 |
9 |
|
10 |
Includes 3 commits from origin/1.16, including fix for CVE-2020-6095. |
11 |
Tests fail due to new max-ttl work in 1.16, disable for now. |
12 |
1.18 will be meson-based and we'll retry with tests naturally then. |
13 |
|
14 |
Bug: https://bugs.gentoo.org/715100 |
15 |
Package-Manager: Portage-2.3.103, Repoman-2.3.20 |
16 |
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org> |
17 |
|
18 |
media-libs/gst-rtsp-server/Manifest | 1 + |
19 |
.../files/1.16.2-CVE-2020-6095.patch | 39 +++++++++++ |
20 |
.../files/1.16.2-glib-deprecation-fix.patch | 59 +++++++++++++++++ |
21 |
.../gst-rtsp-server/files/1.16.2-leak-fix.patch | 25 ++++++++ |
22 |
.../gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild | 75 ++++++++++++++++++++++ |
23 |
5 files changed, 199 insertions(+) |
24 |
|
25 |
diff --git a/media-libs/gst-rtsp-server/Manifest b/media-libs/gst-rtsp-server/Manifest |
26 |
index 91b7cdd8563..bc2d122ef7c 100644 |
27 |
--- a/media-libs/gst-rtsp-server/Manifest |
28 |
+++ b/media-libs/gst-rtsp-server/Manifest |
29 |
@@ -1 +1,2 @@ |
30 |
DIST gst-rtsp-server-1.14.5.tar.xz 672180 BLAKE2B 3e67f703c190e46580cf7c08a9437d51e9c1e009dd27cf359ecd5aa301ddda6cd70c0d5567e72c6e5f9443318e899a9b55e6883c71c9fc021f77286afd89bbc9 SHA512 dbfb63fb219808d2a32d710bef33d2b3b9906300d4c527c72534a4cb6db0f5ce4f4fadcedf7f6a3a5f46005f4408717d9aafa1a510c4aed18f5d07d6b3646492 |
31 |
+DIST gst-rtsp-server-1.16.2.tar.xz 693368 BLAKE2B 612b59bc3a08167a81790c8d5164efebb8756ce3d3c9c278a0363bd640929b14d2fb1c26454a513dbaa9e093a702e7553950b6210ef57a6e9188a059c81650d3 SHA512 e18d87ae309594ffd7917b1804e595b83d5002518608f0ee03b9e68ab9bdf771ec2f691e50408618a6d1a39495c123e8288b3179e6cdaef65a38ef404544e0eb |
32 |
|
33 |
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch |
34 |
new file mode 100644 |
35 |
index 00000000000..87b2e54973b |
36 |
--- /dev/null |
37 |
+++ b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch |
38 |
@@ -0,0 +1,39 @@ |
39 |
+From ccc8d0c4388056acc801fd855e065eb2b0ca6578 Mon Sep 17 00:00:00 2001 |
40 |
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@×××××××××××.com> |
41 |
+Date: Mon, 23 Mar 2020 16:06:43 +0200 |
42 |
+Subject: [PATCH 3/3] rtsp-auth: Fix NULL pointer dereference when handling an |
43 |
+ invalid basic Authorization header |
44 |
+ |
45 |
+When using the basic authentication scheme, we wouldn't validate that |
46 |
+the authorization field of the credentials is not NULL and pass it on |
47 |
+to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will |
48 |
+dereference the NULL pointer and crash. |
49 |
+A specially crafted (read: invalid) RTSP header can cause this to |
50 |
+happen. |
51 |
+ |
52 |
+As a solution, check for the authorization to be not NULL before |
53 |
+continuing processing it and if it is simply fail authentication. |
54 |
+ |
55 |
+This fixes CVE-2020-6095 and TALOS-2020-1018. |
56 |
+ |
57 |
+Discovered by Peter Wang of Cisco ASIG. |
58 |
+--- |
59 |
+ gst/rtsp-server/rtsp-auth.c | 2 +- |
60 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
61 |
+ |
62 |
+diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c |
63 |
+index f14286f..c15fa18 100644 |
64 |
+--- a/gst/rtsp-server/rtsp-auth.c |
65 |
++++ b/gst/rtsp-server/rtsp-auth.c |
66 |
+@@ -871,7 +871,7 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPContext * ctx) |
67 |
+ |
68 |
+ GST_DEBUG_OBJECT (auth, "check Basic auth"); |
69 |
+ g_mutex_lock (&priv->lock); |
70 |
+- if ((token = |
71 |
++ if ((*credential)->authorization && (token = |
72 |
+ g_hash_table_lookup (priv->basic, |
73 |
+ (*credential)->authorization))) { |
74 |
+ GST_DEBUG_OBJECT (auth, "setting token %p", token); |
75 |
+-- |
76 |
+2.20.1 |
77 |
+ |
78 |
|
79 |
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch |
80 |
new file mode 100644 |
81 |
index 00000000000..679c5c5207c |
82 |
--- /dev/null |
83 |
+++ b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch |
84 |
@@ -0,0 +1,59 @@ |
85 |
+From df227481504574ecc6028400d17870913a16a047 Mon Sep 17 00:00:00 2001 |
86 |
+From: Jordan Petridis <jordan@×××××××××××.com> |
87 |
+Date: Thu, 23 Jan 2020 16:41:26 +0200 |
88 |
+Subject: [PATCH 2/3] rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as |
89 |
+ it's been deprecated |
90 |
+ |
91 |
+from glib |
92 |
+``` |
93 |
+Deprecated: 2.58: Use %G_ADD_PRIVATE and the generated |
94 |
+ `your_type_get_instance_private()` function instead |
95 |
+``` |
96 |
+--- |
97 |
+ gst/rtsp-server/rtsp-latency-bin.c | 9 +++------ |
98 |
+ 1 file changed, 3 insertions(+), 6 deletions(-) |
99 |
+ |
100 |
+diff --git a/gst/rtsp-server/rtsp-latency-bin.c b/gst/rtsp-server/rtsp-latency-bin.c |
101 |
+index cf7cdf1..c297ab6 100644 |
102 |
+--- a/gst/rtsp-server/rtsp-latency-bin.c |
103 |
++++ b/gst/rtsp-server/rtsp-latency-bin.c |
104 |
+@@ -23,9 +23,6 @@ |
105 |
+ #include <gst/gst.h> |
106 |
+ #include "rtsp-latency-bin.h" |
107 |
+ |
108 |
+-#define GST_RTSP_LATENCY_BIN_GET_PRIVATE(obj) \ |
109 |
+- (G_TYPE_INSTANCE_GET_PRIVATE ((obj), GST_RTSP_LATENCY_BIN_TYPE, GstRTSPLatencyBinPrivate)) |
110 |
+- |
111 |
+ struct _GstRTSPLatencyBinPrivate |
112 |
+ { |
113 |
+ GstPad *sinkpad; |
114 |
+@@ -106,7 +103,7 @@ gst_rtsp_latency_bin_get_property (GObject * object, guint propid, |
115 |
+ { |
116 |
+ GstRTSPLatencyBin *latency_bin = GST_RTSP_LATENCY_BIN (object); |
117 |
+ GstRTSPLatencyBinPrivate *priv = |
118 |
+- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin); |
119 |
++ gst_rtsp_latency_bin_get_instance_private (latency_bin); |
120 |
+ |
121 |
+ switch (propid) { |
122 |
+ case PROP_ELEMENT: |
123 |
+@@ -140,7 +137,7 @@ gst_rtsp_latency_bin_add_element (GstRTSPLatencyBin * latency_bin, |
124 |
+ GstElement * element) |
125 |
+ { |
126 |
+ GstRTSPLatencyBinPrivate *priv = |
127 |
+- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin); |
128 |
++ gst_rtsp_latency_bin_get_instance_private (latency_bin); |
129 |
+ GstPad *pad; |
130 |
+ GstPadTemplate *templ; |
131 |
+ |
132 |
+@@ -250,7 +247,7 @@ static gboolean |
133 |
+ gst_rtsp_latency_bin_recalculate_latency (GstRTSPLatencyBin * latency_bin) |
134 |
+ { |
135 |
+ GstRTSPLatencyBinPrivate *priv = |
136 |
+- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin); |
137 |
++ gst_rtsp_latency_bin_get_instance_private (latency_bin); |
138 |
+ GstEvent *latency; |
139 |
+ GstQuery *query; |
140 |
+ GstClockTime min_latency; |
141 |
+-- |
142 |
+2.20.1 |
143 |
+ |
144 |
|
145 |
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch |
146 |
new file mode 100644 |
147 |
index 00000000000..2707c3ebdc0 |
148 |
--- /dev/null |
149 |
+++ b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch |
150 |
@@ -0,0 +1,25 @@ |
151 |
+From 9dfdcb71e84e53e25388a6e0b485a70c45ea0dec Mon Sep 17 00:00:00 2001 |
152 |
+From: Nicola Murino <nicola.murino@×××××.com> |
153 |
+Date: Thu, 12 Dec 2019 17:56:18 +0100 |
154 |
+Subject: [PATCH 1/3] rtsp-auth: fix default token leak |
155 |
+ |
156 |
+--- |
157 |
+ gst/rtsp-server/rtsp-auth.c | 2 ++ |
158 |
+ 1 file changed, 2 insertions(+) |
159 |
+ |
160 |
+diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c |
161 |
+index f676b80..f14286f 100644 |
162 |
+--- a/gst/rtsp-server/rtsp-auth.c |
163 |
++++ b/gst/rtsp-server/rtsp-auth.c |
164 |
+@@ -214,6 +214,8 @@ gst_rtsp_auth_finalize (GObject * obj) |
165 |
+ g_hash_table_unref (priv->basic); |
166 |
+ g_hash_table_unref (priv->digest); |
167 |
+ g_hash_table_unref (priv->nonces); |
168 |
++ if (priv->default_token) |
169 |
++ gst_rtsp_token_unref (priv->default_token); |
170 |
+ g_mutex_clear (&priv->lock); |
171 |
+ g_free (priv->realm); |
172 |
+ |
173 |
+-- |
174 |
+2.20.1 |
175 |
+ |
176 |
|
177 |
diff --git a/media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild b/media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild |
178 |
new file mode 100644 |
179 |
index 00000000000..b353ef4e8f7 |
180 |
--- /dev/null |
181 |
+++ b/media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild |
182 |
@@ -0,0 +1,75 @@ |
183 |
+# Copyright 1999-2020 Gentoo Authors |
184 |
+# Distributed under the terms of the GNU General Public License v2 |
185 |
+ |
186 |
+EAPI=6 |
187 |
+ |
188 |
+inherit gstreamer |
189 |
+ |
190 |
+DESCRIPTION="A GStreamer based RTSP server" |
191 |
+HOMEPAGE="https://gstreamer.freedesktop.org/modules/gst-rtsp-server.html" |
192 |
+ |
193 |
+LICENSE="LGPL-2+" |
194 |
+KEYWORDS="~amd64 ~x86" |
195 |
+IUSE="examples +introspection static-libs" |
196 |
+ |
197 |
+# gst-plugins-base for many used elements and API |
198 |
+# gst-plugins-good for rtprtxsend and rtpbin elements, maybe more |
199 |
+# gst-plugins-srtp for srtpenc and srtpdec elements |
200 |
+RDEPEND=" |
201 |
+ >=dev-libs/glib-2.40.0:2[${MULTILIB_USEDEP}] |
202 |
+ >=media-libs/gstreamer-${PV}:${SLOT}[introspection?,${MULTILIB_USEDEP}] |
203 |
+ >=media-libs/gst-plugins-base-${PV}:${SLOT}[introspection?,${MULTILIB_USEDEP}] |
204 |
+ >=media-libs/gst-plugins-good-${PV}:${SLOT}[${MULTILIB_USEDEP}] |
205 |
+ >=media-plugins/gst-plugins-srtp-${PV}:${SLOT}[${MULTILIB_USEDEP}] |
206 |
+ introspection? ( >=dev-libs/gobject-introspection-1.31.1:= ) |
207 |
+" |
208 |
+DEPEND="${RDEPEND} |
209 |
+ >=dev-util/gtk-doc-am-1.12 |
210 |
+" |
211 |
+ |
212 |
+# Due to gstreamer src_configure |
213 |
+QA_CONFIGURE_OPTIONS="--enable-nls" |
214 |
+ |
215 |
+PATCHES=( |
216 |
+ "${FILESDIR}"/${PV}-leak-fix.patch |
217 |
+ "${FILESDIR}"/${PV}-glib-deprecation-fix.patch |
218 |
+ "${FILESDIR}"/${PV}-CVE-2020-6095.patch |
219 |
+) |
220 |
+ |
221 |
+multilib_src_configure() { |
222 |
+ # debug: only adds -g to CFLAGS |
223 |
+ # docbook: nothing behind that switch |
224 |
+ # libcgroup is automagic and only used in examples |
225 |
+ gstreamer_multilib_src_configure \ |
226 |
+ --disable-debug \ |
227 |
+ --disable-valgrind \ |
228 |
+ --disable-examples \ |
229 |
+ --disable-docbook \ |
230 |
+ --disable-gtk-doc \ |
231 |
+ $(multilib_native_use_enable introspection) \ |
232 |
+ $(use_enable static-libs static) \ |
233 |
+ --disable-tests \ |
234 |
+ LIBCGROUP_LIBS= \ |
235 |
+ LIBCGROUP_FLAGS= |
236 |
+ |
237 |
+ # work-around gtk-doc out-of-source brokedness |
238 |
+ if multilib_is_native_abi ; then |
239 |
+ ln -s "${S}"/docs/libs/${d}/html docs/libs/${d}/html || die |
240 |
+ fi |
241 |
+} |
242 |
+ |
243 |
+multilib_src_install() { |
244 |
+ emake install DESTDIR="${D}" |
245 |
+ # Handle broken upstream modifications to defaults of gtk-doc |
246 |
+ emake install -C docs/libs DESTDIR="${D}" |
247 |
+} |
248 |
+ |
249 |
+multilib_src_install_all() { |
250 |
+ einstalldocs |
251 |
+ find "${ED}" -name '*.la' -delete || die |
252 |
+ |
253 |
+ if use examples ; then |
254 |
+ insinto /usr/share/doc/${PF}/examples |
255 |
+ doins "${S}"/examples/*.c |
256 |
+ fi |
257 |
+} |