summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMart Raudsepp <leio@gentoo.org>2020-08-29 12:58:35 +0300
committerMart Raudsepp <leio@gentoo.org>2020-08-29 12:59:46 +0300
commit4fa29d9e36377f98e19c9a9eddead073781f18eb (patch)
tree39d08c3a6c8c5f9051b840f1c26e3d62647b559f /media-libs/gst-rtsp-server
parentapp-office/texstudio: Drop old (diff)
downloadgentoo-4fa29d9e36377f98e19c9a9eddead073781f18eb.tar.gz
gentoo-4fa29d9e36377f98e19c9a9eddead073781f18eb.tar.bz2
gentoo-4fa29d9e36377f98e19c9a9eddead073781f18eb.zip
media-libs/gst-rtsp-server: bump to 1.16.2, fix CVE-2020-6095
Includes 3 commits from origin/1.16, including fix for CVE-2020-6095. Tests fail due to new max-ttl work in 1.16, disable for now. 1.18 will be meson-based and we'll retry with tests naturally then. Bug: https://bugs.gentoo.org/715100 Package-Manager: Portage-2.3.103, Repoman-2.3.20 Signed-off-by: Mart Raudsepp <leio@gentoo.org>
Diffstat (limited to 'media-libs/gst-rtsp-server')
-rw-r--r--media-libs/gst-rtsp-server/Manifest1
-rw-r--r--media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch39
-rw-r--r--media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch59
-rw-r--r--media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch25
-rw-r--r--media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild75
5 files changed, 199 insertions, 0 deletions
diff --git a/media-libs/gst-rtsp-server/Manifest b/media-libs/gst-rtsp-server/Manifest
index 91b7cdd85634..bc2d122ef7c6 100644
--- a/media-libs/gst-rtsp-server/Manifest
+++ b/media-libs/gst-rtsp-server/Manifest
@@ -1 +1,2 @@
DIST gst-rtsp-server-1.14.5.tar.xz 672180 BLAKE2B 3e67f703c190e46580cf7c08a9437d51e9c1e009dd27cf359ecd5aa301ddda6cd70c0d5567e72c6e5f9443318e899a9b55e6883c71c9fc021f77286afd89bbc9 SHA512 dbfb63fb219808d2a32d710bef33d2b3b9906300d4c527c72534a4cb6db0f5ce4f4fadcedf7f6a3a5f46005f4408717d9aafa1a510c4aed18f5d07d6b3646492
+DIST gst-rtsp-server-1.16.2.tar.xz 693368 BLAKE2B 612b59bc3a08167a81790c8d5164efebb8756ce3d3c9c278a0363bd640929b14d2fb1c26454a513dbaa9e093a702e7553950b6210ef57a6e9188a059c81650d3 SHA512 e18d87ae309594ffd7917b1804e595b83d5002518608f0ee03b9e68ab9bdf771ec2f691e50408618a6d1a39495c123e8288b3179e6cdaef65a38ef404544e0eb
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch
new file mode 100644
index 000000000000..87b2e54973b4
--- /dev/null
+++ b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch
@@ -0,0 +1,39 @@
+From ccc8d0c4388056acc801fd855e065eb2b0ca6578 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 23 Mar 2020 16:06:43 +0200
+Subject: [PATCH 3/3] rtsp-auth: Fix NULL pointer dereference when handling an
+ invalid basic Authorization header
+
+When using the basic authentication scheme, we wouldn't validate that
+the authorization field of the credentials is not NULL and pass it on
+to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
+dereference the NULL pointer and crash.
+A specially crafted (read: invalid) RTSP header can cause this to
+happen.
+
+As a solution, check for the authorization to be not NULL before
+continuing processing it and if it is simply fail authentication.
+
+This fixes CVE-2020-6095 and TALOS-2020-1018.
+
+Discovered by Peter Wang of Cisco ASIG.
+---
+ gst/rtsp-server/rtsp-auth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c
+index f14286f..c15fa18 100644
+--- a/gst/rtsp-server/rtsp-auth.c
++++ b/gst/rtsp-server/rtsp-auth.c
+@@ -871,7 +871,7 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPContext * ctx)
+
+ GST_DEBUG_OBJECT (auth, "check Basic auth");
+ g_mutex_lock (&priv->lock);
+- if ((token =
++ if ((*credential)->authorization && (token =
+ g_hash_table_lookup (priv->basic,
+ (*credential)->authorization))) {
+ GST_DEBUG_OBJECT (auth, "setting token %p", token);
+--
+2.20.1
+
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch
new file mode 100644
index 000000000000..679c5c5207cf
--- /dev/null
+++ b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch
@@ -0,0 +1,59 @@
+From df227481504574ecc6028400d17870913a16a047 Mon Sep 17 00:00:00 2001
+From: Jordan Petridis <jordan@centricular.com>
+Date: Thu, 23 Jan 2020 16:41:26 +0200
+Subject: [PATCH 2/3] rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as
+ it's been deprecated
+
+from glib
+```
+Deprecated: 2.58: Use %G_ADD_PRIVATE and the generated
+ `your_type_get_instance_private()` function instead
+```
+---
+ gst/rtsp-server/rtsp-latency-bin.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/gst/rtsp-server/rtsp-latency-bin.c b/gst/rtsp-server/rtsp-latency-bin.c
+index cf7cdf1..c297ab6 100644
+--- a/gst/rtsp-server/rtsp-latency-bin.c
++++ b/gst/rtsp-server/rtsp-latency-bin.c
+@@ -23,9 +23,6 @@
+ #include <gst/gst.h>
+ #include "rtsp-latency-bin.h"
+
+-#define GST_RTSP_LATENCY_BIN_GET_PRIVATE(obj) \
+- (G_TYPE_INSTANCE_GET_PRIVATE ((obj), GST_RTSP_LATENCY_BIN_TYPE, GstRTSPLatencyBinPrivate))
+-
+ struct _GstRTSPLatencyBinPrivate
+ {
+ GstPad *sinkpad;
+@@ -106,7 +103,7 @@ gst_rtsp_latency_bin_get_property (GObject * object, guint propid,
+ {
+ GstRTSPLatencyBin *latency_bin = GST_RTSP_LATENCY_BIN (object);
+ GstRTSPLatencyBinPrivate *priv =
+- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin);
++ gst_rtsp_latency_bin_get_instance_private (latency_bin);
+
+ switch (propid) {
+ case PROP_ELEMENT:
+@@ -140,7 +137,7 @@ gst_rtsp_latency_bin_add_element (GstRTSPLatencyBin * latency_bin,
+ GstElement * element)
+ {
+ GstRTSPLatencyBinPrivate *priv =
+- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin);
++ gst_rtsp_latency_bin_get_instance_private (latency_bin);
+ GstPad *pad;
+ GstPadTemplate *templ;
+
+@@ -250,7 +247,7 @@ static gboolean
+ gst_rtsp_latency_bin_recalculate_latency (GstRTSPLatencyBin * latency_bin)
+ {
+ GstRTSPLatencyBinPrivate *priv =
+- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin);
++ gst_rtsp_latency_bin_get_instance_private (latency_bin);
+ GstEvent *latency;
+ GstQuery *query;
+ GstClockTime min_latency;
+--
+2.20.1
+
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch
new file mode 100644
index 000000000000..2707c3ebdc05
--- /dev/null
+++ b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch
@@ -0,0 +1,25 @@
+From 9dfdcb71e84e53e25388a6e0b485a70c45ea0dec Mon Sep 17 00:00:00 2001
+From: Nicola Murino <nicola.murino@gmail.com>
+Date: Thu, 12 Dec 2019 17:56:18 +0100
+Subject: [PATCH 1/3] rtsp-auth: fix default token leak
+
+---
+ gst/rtsp-server/rtsp-auth.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c
+index f676b80..f14286f 100644
+--- a/gst/rtsp-server/rtsp-auth.c
++++ b/gst/rtsp-server/rtsp-auth.c
+@@ -214,6 +214,8 @@ gst_rtsp_auth_finalize (GObject * obj)
+ g_hash_table_unref (priv->basic);
+ g_hash_table_unref (priv->digest);
+ g_hash_table_unref (priv->nonces);
++ if (priv->default_token)
++ gst_rtsp_token_unref (priv->default_token);
+ g_mutex_clear (&priv->lock);
+ g_free (priv->realm);
+
+--
+2.20.1
+
diff --git a/media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild b/media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild
new file mode 100644
index 000000000000..b353ef4e8f72
--- /dev/null
+++ b/media-libs/gst-rtsp-server/gst-rtsp-server-1.16.2.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit gstreamer
+
+DESCRIPTION="A GStreamer based RTSP server"
+HOMEPAGE="https://gstreamer.freedesktop.org/modules/gst-rtsp-server.html"
+
+LICENSE="LGPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="examples +introspection static-libs"
+
+# gst-plugins-base for many used elements and API
+# gst-plugins-good for rtprtxsend and rtpbin elements, maybe more
+# gst-plugins-srtp for srtpenc and srtpdec elements
+RDEPEND="
+ >=dev-libs/glib-2.40.0:2[${MULTILIB_USEDEP}]
+ >=media-libs/gstreamer-${PV}:${SLOT}[introspection?,${MULTILIB_USEDEP}]
+ >=media-libs/gst-plugins-base-${PV}:${SLOT}[introspection?,${MULTILIB_USEDEP}]
+ >=media-libs/gst-plugins-good-${PV}:${SLOT}[${MULTILIB_USEDEP}]
+ >=media-plugins/gst-plugins-srtp-${PV}:${SLOT}[${MULTILIB_USEDEP}]
+ introspection? ( >=dev-libs/gobject-introspection-1.31.1:= )
+"
+DEPEND="${RDEPEND}
+ >=dev-util/gtk-doc-am-1.12
+"
+
+# Due to gstreamer src_configure
+QA_CONFIGURE_OPTIONS="--enable-nls"
+
+PATCHES=(
+ "${FILESDIR}"/${PV}-leak-fix.patch
+ "${FILESDIR}"/${PV}-glib-deprecation-fix.patch
+ "${FILESDIR}"/${PV}-CVE-2020-6095.patch
+)
+
+multilib_src_configure() {
+ # debug: only adds -g to CFLAGS
+ # docbook: nothing behind that switch
+ # libcgroup is automagic and only used in examples
+ gstreamer_multilib_src_configure \
+ --disable-debug \
+ --disable-valgrind \
+ --disable-examples \
+ --disable-docbook \
+ --disable-gtk-doc \
+ $(multilib_native_use_enable introspection) \
+ $(use_enable static-libs static) \
+ --disable-tests \
+ LIBCGROUP_LIBS= \
+ LIBCGROUP_FLAGS=
+
+ # work-around gtk-doc out-of-source brokedness
+ if multilib_is_native_abi ; then
+ ln -s "${S}"/docs/libs/${d}/html docs/libs/${d}/html || die
+ fi
+}
+
+multilib_src_install() {
+ emake install DESTDIR="${D}"
+ # Handle broken upstream modifications to defaults of gtk-doc
+ emake install -C docs/libs DESTDIR="${D}"
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ find "${ED}" -name '*.la' -delete || die
+
+ if use examples ; then
+ insinto /usr/share/doc/${PF}/examples
+ doins "${S}"/examples/*.c
+ fi
+}