From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1B4351388BF for ; Sat, 9 Jan 2016 15:04:20 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 02944E0848; Sat, 9 Jan 2016 15:04:19 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 811A2E0848 for ; Sat, 9 Jan 2016 15:04:17 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 361B6340924 for ; Sat, 9 Jan 2016 15:04:16 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D0FDF75D for ; Sat, 9 Jan 2016 15:04:12 +0000 (UTC) From: "Pacho Ramos" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Pacho Ramos" Message-ID: <1452351766.155ea40f261d270c90ba23e728b44605956d9459.pacho@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/gst-plugins-bad/files/, media-libs/gst-plugins-bad/ X-VCS-Repository: repo/gentoo X-VCS-Files: media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch media-libs/gst-plugins-bad/gst-plugins-bad-0.10.23-r3.ebuild X-VCS-Directories: media-libs/gst-plugins-bad/files/ media-libs/gst-plugins-bad/ X-VCS-Committer: pacho X-VCS-Committer-Name: Pacho Ramos X-VCS-Revision: 155ea40f261d270c90ba23e728b44605956d9459 X-VCS-Branch: master Date: Sat, 9 Jan 2016 15:04:12 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 5398572e-1f24-43ee-8792-8785fd0d6276 X-Archives-Hash: 0005024a34004f1e12c24c78c47d92d5 commit: 155ea40f261d270c90ba23e728b44605956d9459 Author: Pacho Ramos gentoo org> AuthorDate: Sat Jan 9 15:02:46 2016 +0000 Commit: Pacho Ramos gentoo org> CommitDate: Sat Jan 9 15:02:46 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=155ea40f media-libs/gst-plugins-bad: Fix CVE-2015-0797, bug #553742 Package-Manager: portage-2.2.26 .../gst-plugins-bad-0.10.23-CVE-2015-0797.patch | 30 ++++++++++++ .../gst-plugins-bad-0.10.23-r3.ebuild | 55 ++++++++++++++++++++++ 2 files changed, 85 insertions(+) diff --git a/media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch b/media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch new file mode 100644 index 0000000..b1e323b --- /dev/null +++ b/media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch @@ -0,0 +1,30 @@ +From: Ralph Giles +Subject: Fix buffer overflow in mp4 parsing + +--- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c ++++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c +@@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse * + + GST_DEBUG_OBJECT (h264parse, "nal length %d", size); + ++ if (size > G_MAXUINT32 - nl) { ++ GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL), ++ ("overflow in nal size")); ++ return NULL; ++ } + buf = gst_buffer_new_and_alloc (size + nl + 4); + if (format == GST_H264_PARSE_FORMAT_AVC) { + GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl)); +@@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse + GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size); + return; + } ++ if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) { ++ GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)", ++ nalu->size); ++ return; ++ } + + /* we have a peek as well */ + nal_type = nalu->type; + diff --git a/media-libs/gst-plugins-bad/gst-plugins-bad-0.10.23-r3.ebuild b/media-libs/gst-plugins-bad/gst-plugins-bad-0.10.23-r3.ebuild new file mode 100644 index 0000000..fc030dd --- /dev/null +++ b/media-libs/gst-plugins-bad/gst-plugins-bad-0.10.23-r3.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +GST_ORG_MODULE="gst-plugins-bad" +inherit eutils flag-o-matic gstreamer + +DESCRIPTION="Less plugins for GStreamer" +HOMEPAGE="http://gstreamer.freedesktop.org/" +SRC_URI+=" https://dev.gentoo.org/~tetromino/distfiles/${PN}/${P}-h264-patches.tar.xz" + +LICENSE="LGPL-2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" +IUSE="+orc" + +RDEPEND=" + >=dev-libs/glib-2.34.3:2[${MULTILIB_USEDEP}] + >=media-libs/gst-plugins-base-0.10.36:${SLOT}[${MULTILIB_USEDEP}] + >=media-libs/gstreamer-0.10.36:${SLOT}[${MULTILIB_USEDEP}] + orc? ( >=dev-lang/orc-0.4.17[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND}" +RDEPEND="${RDEPEND} + !