packages/gstreamer1-plugins-base
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!15 [sync] PR-13: fix CVE-2021-3522

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @dwl301 
Signed-off-by: @dwl301
This commit is contained in:
openeuler-ci-bot 2022-03-18 06:48:59 +00:00 committed by Gitee
commit c0db44c066
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-CVE-2021-3522.patch Normal file
View File

@ -0,0 +1,34 @@
From 8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com>
Date: Wed, 3 Mar 2021 01:08:25 +0000
Subject: [PATCH] tag: id3v2: fix frame size check and potential invalid reads
Check the right variable when checking if there's
enough data left to read the frame size.
Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/1066>
Conflict:NA
Reference:https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4
---
gst-libs/gst/tag/id3v2frames.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c
index 8e9f78254..f39659bf7 100644
--- a/gst-libs/gst/tag/id3v2frames.c
+++ b/gst-libs/gst/tag/id3v2frames.c
@@ -109,7 +109,7 @@ id3v2_parse_frame (ID3TagsWorking * work)
if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION |
ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) {
- if (work->hdr.frame_data_size <= 4)
+ if (frame_data_size <= 4)
return FALSE;
if (ID3V2_VER_MAJOR (work->hdr.version) == 3) {
work->parse_size = GST_READ_UINT32_BE (frame_data);
--
GitLab

8
gstreamer1-plugins-base.spec
View File

@ -3,7 +3,7 @@
Name: gstreamer1-plugins-base Name: gstreamer1-plugins-base
Version: 1.16.2 Version: 1.16.2
Release: 1 Release: 2
Summary: GStreamer streaming media framework base plugins Summary: GStreamer streaming media framework base plugins
License: LGPLv2+ License: LGPLv2+
URL: http://gstreamer.freedesktop.org/ URL: http://gstreamer.freedesktop.org/
@ -12,6 +12,8 @@ Source0: http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugi
Patch0: 0001-missing-plugins-Remove-the-mpegaudioversion-field.patch Patch0: 0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
Patch1: Adapt-to-backwards-incompatible-change-in-GUN.patch Patch1: Adapt-to-backwards-incompatible-change-in-GUN.patch
Patch6000: backport-CVE-2021-3522.patch
BuildRequires: gcc-c++ gstreamer1-devel >= %{version} gobject-introspection-devel >= 1.31.1 iso-codes-devel alsa-lib-devel BuildRequires: gcc-c++ gstreamer1-devel >= %{version} gobject-introspection-devel >= 1.31.1 iso-codes-devel alsa-lib-devel
BuildRequires: cdparanoia-devel libogg-devel >= 1.0 libtheora-devel >= 1.1 libvisual-devel libvorbis-devel >= 1.0 libXv-devel BuildRequires: cdparanoia-devel libogg-devel >= 1.0 libtheora-devel >= 1.1 libvisual-devel libvorbis-devel >= 1.0 libXv-devel
BuildRequires: orc-devel >= 0.4.18 pango-devel pkgconfig opus-devel gtk-doc >= 1.3 libxslt gdb BuildRequires: orc-devel >= 0.4.18 pango-devel pkgconfig opus-devel gtk-doc >= 1.3 libxslt gdb
@ -49,6 +51,7 @@ This package provides manual for developpers.
%setup -q -n gst-plugins-base-%{version} %setup -q -n gst-plugins-base-%{version}
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch6000 -p1
%build %build
NOCONFIGURE=1 \ NOCONFIGURE=1 \
@ -270,6 +273,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';'
%{_mandir}/man1/gst-device-monitor-*.gz %{_mandir}/man1/gst-device-monitor-*.gz
%changelog %changelog
* Fri Mar 18 2022 dongyuzhen <dongyuzhen@h-partners.com> - 1.16.2-2
- fix CVE-2021-3522
* Tue Aug 18 2020 zhanzhimin <zhanzhimin@huawei.com> - 1.16.2-1 * Tue Aug 18 2020 zhanzhimin <zhanzhimin@huawei.com> - 1.16.2-1
- update to 1.16.2 - update to 1.16.2