diff options
| author |   Mart Raudsepp <leio@gentoo.org> | 2017-02-10 06:48:19 +0200 |
|---|---|---|
| committer | Mart Raudsepp <leio@gentoo.org> | 2017-02-11 16:51:43 +0200 |
| commit | 1e24c34b3de4bd222c22e4610664f7225acf3467 (patch) | |
| tree | e0b9f35b63e83d87f5cef6815a3135a402f2229a /media-libs/gst-plugins-ugly | |
| parent | media-plugins/gst-plugins-ximagesrc: bump to 1.10.3 (diff) | |
| download | gentoo-1e24c34b3de4bd222c22e4610664f7225acf3467.tar.gz gentoo-1e24c34b3de4bd222c22e4610664f7225acf3467.tar.bz2 gentoo-1e24c34b3de4bd222c22e4610664f7225acf3467.zip | |
media-libs/gst-plugins-ugly: bump to 1.10.3, add patch for CVE-2017-5847
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Diffstat (limited to 'media-libs/gst-plugins-ugly')
| -rw-r--r-- | media-libs/gst-plugins-ugly/Manifest | 1 | ||||
| -rw-r--r-- | media-libs/gst-plugins-ugly/files/1.10.3-CVE-2017-5847.patch | 46 | ||||
| -rw-r--r-- | media-libs/gst-plugins-ugly/gst-plugins-ugly-1.10.3.ebuild | 42 |
3 files changed, 89 insertions, 0 deletions
diff --git a/media-libs/gst-plugins-ugly/Manifest b/media-libs/gst-plugins-ugly/Manifest index c732e1bb7821..37732e342aa9 100644 --- a/media-libs/gst-plugins-ugly/Manifest +++ b/media-libs/gst-plugins-ugly/Manifest @@ -1,2 +1,3 @@ DIST gst-plugins-ugly-0.10.19.tar.xz 882452 SHA256 4934f65ff892637e7efaf1cfe635779189dde429d0706f40c86a3aac476ea873 SHA512 16d030998142f698f8ab7dbe55c0c6c8db05ade6b3c007a3aacb5491592e8c60e0a9d62f1a840eab4d57825b1beb9017e3f68f5a90288435216586d67040deda WHIRLPOOL f72f224c5f486982370e9d264ad7c658324783b42e995eef759faf270a18d8f12261d90ac6e70af38579921b0970f7aba50c6d091edcd6dc3dda272bcbef755f +DIST gst-plugins-ugly-1.10.3.tar.xz 907352 SHA256 c91597d03abff9df435ad4892eae44df1ee14159c7cc7317ac9d2766ff446bd2 SHA512 56272eda1af3017d9b53a3a049c5446e97dbea0e45567b4d1626c6a210dba90d216c01707e2d49130da00d483dcbace642bfb88ebaa1a822ecd5475394b5d116 WHIRLPOOL b4786f5b45f1430448c3755149202e9e4ee88d8dd5a7de3fff009d7fde14db054d9f8b60c44208ed757d19ce5a849ea93cb7b355d226e34703ae8b0d78f0d837 DIST gst-plugins-ugly-1.8.3.tar.xz 883200 SHA256 6fa2599fdd072d31fbaf50c34af406e2be944a010b1f4eab67a5fe32a0310693 SHA512 b4297cbcb553997fbad47a39ad75f655e725629468c71b5af4b30d40309aa0924bd2bf790686db766f6eaacaf69850d1cebf88106dd2b3c24b65a511e54eb484 WHIRLPOOL 6203d6787a112f6cf75910f54bcea04e26057939c1e8b347af97c3b85c2d63d11dbe65285bb23e10007a27e5719493ce4b1c02739955f12f76f83b12ed38c574 diff --git a/media-libs/gst-plugins-ugly/files/1.10.3-CVE-2017-5847.patch b/media-libs/gst-plugins-ugly/files/1.10.3-CVE-2017-5847.patch new file mode 100644 index 000000000000..078b8c087198 --- /dev/null +++ b/media-libs/gst-plugins-ugly/files/1.10.3-CVE-2017-5847.patch @@ -0,0 +1,46 @@ +From fe74dabd2c8dc2be54156729986ea38582e8c7ae Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> +Date: Tue, 31 Jan 2017 13:50:21 +0200 +Subject: [PATCH] asfdemux: Check that we have enough data available before + parsing bool/uint extended content descriptors + +https://bugzilla.gnome.org/show_bug.cgi?id=777955 +--- + gst/asfdemux/gstasfdemux.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/gst/asfdemux/gstasfdemux.c b/gst/asfdemux/gstasfdemux.c +index 255a427..b8d48ad 100644 +--- a/gst/asfdemux/gstasfdemux.c ++++ b/gst/asfdemux/gstasfdemux.c +@@ -3439,7 +3439,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data, + break; + } + case ASF_DEMUX_DATA_TYPE_DWORD:{ +- guint uint_val = GST_READ_UINT32_LE (value); ++ guint uint_val; ++ ++ if (value_len < 4) ++ break; ++ ++ uint_val = GST_READ_UINT32_LE (value); + + /* this is the track number */ + g_value_init (&tag_value, G_TYPE_UINT); +@@ -3453,7 +3458,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data, + } + /* Detect 3D */ + case ASF_DEMUX_DATA_TYPE_BOOL:{ +- gboolean bool_val = GST_READ_UINT32_LE (value); ++ gboolean bool_val; ++ ++ if (value_len < 4) ++ break; ++ ++ bool_val = GST_READ_UINT32_LE (value); + + if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) { + if (bool_val) { +-- +2.10.1 + diff --git a/media-libs/gst-plugins-ugly/gst-plugins-ugly-1.10.3.ebuild b/media-libs/gst-plugins-ugly/gst-plugins-ugly-1.10.3.ebuild new file mode 100644 index 000000000000..f176bb4645d9 --- /dev/null +++ b/media-libs/gst-plugins-ugly/gst-plugins-ugly-1.10.3.ebuild @@ -0,0 +1,42 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 +GST_ORG_MODULE="gst-plugins-ugly" + +inherit eutils gstreamer + +DESCRIPTION="Basepack of plugins for gstreamer" +HOMEPAGE="https://gstreamer.freedesktop.org/" + +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd" +IUSE="+orc" + +RDEPEND=" + >=dev-libs/glib-2.40.0:2[${MULTILIB_USEDEP}] + >=media-libs/gstreamer-${PV}:${SLOT}[${MULTILIB_USEDEP}] + >=media-libs/gst-plugins-base-${PV}:${SLOT}[${MULTILIB_USEDEP}] + orc? ( >=dev-lang/orc-0.4.17[${MULTILIB_USEDEP}] ) +" +DEPEND="${RDEPEND} + >=dev-util/gtk-doc-am-1.12 +" + +PATCHES=( "${FILESDIR}"/${PV}-CVE-2017-5847.patch ) + +multilib_src_configure() { + gstreamer_multilib_src_configure + + if multilib_is_native_abi; then + ln -s "${S}"/docs/plugins/html docs/plugins/html || die + fi + +} + +multilib_src_install_all() { + DOCS="AUTHORS ChangeLog NEWS README RELEASE" + einstalldocs + prune_libtool_files --modules +} |