Your message dated Thu, 14 Dec 2017 09:49:49 +0000
with message-id <[email protected]>
and subject line Bug#880718: fixed in nginx 1.13.7-1
has caused the Debian Bug report #880718,
regarding libnginx-mod-rtmp: MPEG-dash manifest files structure makes them
unexploitable
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
880718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880718
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libnginx-mod-rtmp
Version: 1.13.3-1~bpo9+1
Severity: normal
Dear Maintainer,
I am using libnginx-mod-rtmp for my own need of streaming without relying on
proprietary platforms but it appears that the implementation of MPEG-dash leads
to malformatted manifest files.
As far as I noticed, Debian is using the master tree from
https://github.com/arut/nginx-rtmp-module as it was after 13/02/2017 but before
10/07/2017.
Using this actual version of the module leads to malformatted manifest and
maybe other errors.
As a quick & dirty workaround I rebuild the package using the dev tree of
https://github.com/sergey-dryabzhinsky/nginx-rtmp-module/tree/dev which seems
to contain interesting patchset like
https://github.com/sergey-dryabzhinsky/nginx-rtmp-module/commit/7db5ef0ea56a113c7579a408cf2c13ab9a7ffa22.patch
but sadly the devlopment of this fork seems to be stalled.
Nevertheless I was able to play the streaming with MPEG-dash capabilities
For your reference here is the useable manifest files (tested with flwoplayer
and VLC nightlies 3.0.0) I get with the fork:
<?xml version="1.0"?>
<MPD
type="dynamic"
xmlns="urn:mpeg:dash:schema:mpd:2011"
availabilityStartTime="2017-11-04T12:06:27Z"
publishTime="2017-11-04T12:06:27Z"
minimumUpdatePeriod="PT8.333S"
minBufferTime="PT5.000S"
timeShiftBufferDepth="P0Y00M00DT0H00M24.999S"
suggestedPresentationDelay="PT17.666S"
profiles="urn:hbbtv:dash:profile:isoff-live:2012,urn:mpeg:dash:profile:isoff-live:2011"
xmlns:xsi="http://www.w3.org/2011/XMLSchema-instance";
xsi:schemaLocation="urn:mpeg:DASH:schema:MPD:2011 DASH-MPD.xsd">
<Period start="PT0S" id="dash">
<AdaptationSet
id="1"
startWithSAP="1"
segmentAlignment="true"
maxWidth="1280"
maxHeight="720"
maxFrameRate="30"
par="16:9">
<Representation
id="ff1_stream_H264"
mimeType="video/mp4"
codecs="avc1.4d401f"
width="1280"
height="720"
frameRate="30"
sar="1:1"
bandwidth="2500000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="$Time$.m4v"
initialization="init.m4v">
<SegmentTimeline>
<S t="0" d="8333"/>
<S t="8333" d="8333"/>
<S t="16666" d="8333"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
<AdaptationSet
id="2"
startWithSAP="1"
segmentAlignment="true">
<AudioChannelConfiguration
schemeIdUri="urn:mpeg:dash:23003:3:audio_channel_configuration:2011"
value="1"/>
<Representation
id="ff1_stream_AAC"
mimeType="audio/mp4"
codecs="mp4a.40.2"
audioSamplingRate="44100"
bandwidth="160000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="$Time$.m4a"
initialization="init.m4a">
<SegmentTimeline>
<S t="0" d="8333"/>
<S t="8333" d="8333"/>
<S t="16666" d="8333"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
</Period>
</MPD>
and with the module provided with Debian package:
<?xml version="1.0"?>
<MPD
type="dynamic"
xmlns="urn:mpeg:dash:schema:mpd:2011"
availabilityStartTime="2017-11-04T13:08:10+01:00"
availabilityEndTime="2017-11-04T13:08:18+01:00"
minimumUpdatePeriod="PT5S"
minBufferTime="PT5S"
timeShiftBufferDepth="PT0H0M0.00S"
suggestedPresentationDelay="PT10S"
profiles="urn:hbbtv:dash:profile:isoff-live:2012,urn:mpeg:dash:profile:isoff-live:2011"
xmlns:xsi="http://www.w3.org/2011/XMLSchema-instance";
xsi:schemaLocation="urn:mpeg:DASH:schema:MPD:2011 DASH-MPD.xsd">
<Period start="PT0S" id="dash">
<AdaptationSet
id="1"
segmentAlignment="true"
maxWidth="1280"
maxHeight="720"
maxFrameRate="30">
<Representation
id="ff1_stream_H264"
mimeType="video/mp4"
codecs="avc1.4d401f"
width="1280"
height="720"
frameRate="30"
sar="1:1"
startWithSAP="1"
bandwidth="2500000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="$Time$.m4v"
initialization="init.m4v">
<SegmentTimeline>
<S t="0" d="8333"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
<AdaptationSet
id="2"
segmentAlignment="true">
<AudioChannelConfiguration
schemeIdUri="urn:mpeg:dash:23003:3:audio_channel_configuration:2011"
value="1"/>
<Representation
id="ff1_stream_AAC"
mimeType="audio/mp4"
codecs="mp4a.40.2"
audioSamplingRate="44100"
startWithSAP="1"
bandwidth="160000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="$Time$.m4a"
initialization="init.m4a">
<SegmentTimeline>
<S t="0" d="8333"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
</Period>
</MPD>
You will notice some differences in the structure.
I tried to incorporate some patches from the fork into the tree used by Debian
but it seems more work is needed which I am not able to do because I do not
have the required level in C.
I read the discussion of bug #843777 and despite being a very useful module, I
understand the point of needing a reliable upstream contact for package
maintenance.
Let me know if you need further testing from my side.
Regards,
Cyril
-- System Information:
Debian Release: 9.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (200, 'testing')
Architecture: arm64 (aarch64)
Kernel: Linux 4.9.58-mainline-rev1 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libnginx-mod-rtmp depends on:
ii libc6 2.24-11+deb9u1
ii nginx-common 1.13.3-1~bpo9+1
libnginx-mod-rtmp recommends no packages.
libnginx-mod-rtmp suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: nginx
Source-Version: 1.13.7-1
We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christos Trochalakis <[email protected]> (supplier of updated nginx
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 14 Dec 2017 11:04:36 +0200
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-full nginx-light nginx-extras
libnginx-mod-http-geoip libnginx-mod-http-image-filter
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
libnginx-mod-http-perl libnginx-mod-http-auth-pam libnginx-mod-http-lua
libnginx-mod-http-ndk libnginx-mod-nchan libnginx-mod-http-echo
libnginx-mod-http-upstream-fair libnginx-mod-http-headers-more-filter
libnginx-mod-http-cache-purge libnginx-mod-http-fancyindex
libnginx-mod-http-uploadprogress libnginx-mod-http-subs-filter
libnginx-mod-http-dav-ext libnginx-mod-rtmp
Architecture: source
Version: 1.13.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Nginx Maintainers
<[email protected]>
Changed-By: Christos Trochalakis <[email protected]>
Description:
libnginx-mod-http-auth-pam - PAM authentication module for Nginx
libnginx-mod-http-cache-purge - Purge content from Nginx caches
libnginx-mod-http-dav-ext - WebDAV missing commands support for Nginx
libnginx-mod-http-echo - Bring echo and more shell style goodies to Nginx
libnginx-mod-http-fancyindex - Fancy indexes module for the Nginx
libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
libnginx-mod-http-headers-more-filter - Set and clear input and output headers
for Nginx
libnginx-mod-http-image-filter - HTTP image filter module for Nginx
libnginx-mod-http-lua - Lua module for Nginx
libnginx-mod-http-ndk - Nginx Development Kit module
libnginx-mod-http-perl - Perl module for Nginx
libnginx-mod-http-subs-filter - Substitution filter module for Nginx
libnginx-mod-http-uploadprogress - Upload progress system for Nginx
libnginx-mod-http-upstream-fair - Nginx Upstream Fair Proxy Load Balancer
libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
libnginx-mod-mail - Mail module for Nginx
libnginx-mod-nchan - Fast, flexible pub/sub server for Nginx
libnginx-mod-rtmp - RTMP support for Nginx
libnginx-mod-stream - Stream module for Nginx
nginx - small, powerful, scalable web/proxy server
nginx-common - small, powerful, scalable web/proxy server - common files
nginx-doc - small, powerful, scalable web/proxy server - documentation
nginx-extras - nginx web/proxy server (extended version)
nginx-full - nginx web/proxy server (standard version)
nginx-light - nginx web/proxy server (basic version)
Closes: 869499 878611 880718
Changes:
nginx (1.13.7-1) unstable; urgency=medium
.
[ Christos Trochalakis ]
* New upstream version 1.13.7
* Bump Standards-Version, no changes needed
* debian/watch: switch to HTTPS for the upstream check
.
[ Mpampis Kostas ]
* Automate modules watch & upgrade process (Closes: #869499)
.
[ Christos Trochalakis ]
* Bits & pieces for ngxmod
* http-headers-more-filter: Upgrade to 0.33
* http-echo: Upgrade to 0.61
* http-lua: Upgrade to 0.10.11
* http-dav-ext: Upgrade to 0.1.0 (Closes: #878611)
* http-fancyindex: Upgrade to 0.4.2
* rtmp: Upgrade to 1.2.1 (Closes: #880718)
Checksums-Sha1:
37e1c38a0993efd61057fbd9e1b7e511b024f5dd 4239 nginx_1.13.7-1.dsc
9f774bfade490bc603ae79f5cabeb83e017a3c2d 990836 nginx_1.13.7.orig.tar.gz
bc7398c05b54b6960e24c21ee2314674ad77cfed 917104 nginx_1.13.7-1.debian.tar.xz
33e5f8df877d5bfa1869d58aeb00b2105777d800 22446 nginx_1.13.7-1_amd64.buildinfo
Checksums-Sha256:
293d03df67778bdb14518abf18e1b706eddc19ad674ae4ebadc0b53437cc6b74 4239
nginx_1.13.7-1.dsc
beb732bc7da80948c43fd0bf94940a21a21b1c1ddfba0bd99a4b88e026220f5c 990836
nginx_1.13.7.orig.tar.gz
23ed24ffd682a52feb3a9ac9f08466466f371bb711effb90b826ee85902efc9d 917104
nginx_1.13.7-1.debian.tar.xz
771488d0a74579b99b65436425b40a9b9a336891bddc6ea1db7a21d68b344882 22446
nginx_1.13.7-1_amd64.buildinfo
Files:
152f8110b3fc27aef3e9f339deb821c3 4239 httpd optional nginx_1.13.7-1.dsc
5fcd056b40cb5c47b053fb14a2a89e7d 990836 httpd optional nginx_1.13.7.orig.tar.gz
a2efb964e2dc292e9becd6f90e18c57a 917104 httpd optional
nginx_1.13.7-1.debian.tar.xz
f1fb122cecc048f4643a5e81fb786fe1 22446 httpd optional
nginx_1.13.7-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEf2SPbCEjyY+zKcgrETYmAKdH7NkFAloyQ4EACgkQETYmAKdH
7Nluyg/+Psojwz8TXRfPEpVxHvwl7nH01l+/DGty/AQeBAQGPQXXHj3qu5QT+XEK
qd3x9j5sBnHKvASC1uZDWKsE6YEQtqGHqlBk3/SuusV/MK8WMCxjKzhD+5tQGl1a
QPdyl2nHfLjY0yQgCYvbAdPb81CV8cNXWpnKcIAtilujTfYOP7huWKrbMxSKGUZe
ERLq4XMjSBfQZ62QwB6RbgZjZEOwy7B20QwJSj+XftIF0X/j/U7RYJI2u+ykz12D
6Z8FyWpu8AObZjieitr9d5cymfHGDQ0eHjv01APaD5gjfVStodHAYI0eLLUmzUTI
QuL0VqN4E4rGoiZLjOob3qLUjgh1R2pPEgKTW7yQzu6B5RQnoTa1/rliCSi6AjwJ
NwWHG7ZNORDQYUzmPsMRCfHsenHIAFFJAMpffk/E/F80nqnfqmL1CJlpI9cmtRQM
W9FnEh4maggTvEXOUxmxzJRoh096Ew+7xxXt0b7Ddb2WAi9o26zUlk4WMMBDcC4/
zLZqz6M15F6dxwWl4f5H2VdN78Sv5VLSYgrsdanIW1nU+AC1Cui+P5PzXITdV8z/
YLakZlBnn/Cykqzg4/xb+EIWaEPcDNcwLkCfucSTx8LMvUPmpsrKD7uqMn6R/xdt
HNopZIp20t7tDjBxDLOtO56cb0TikstDIcbBoBZ87LE3GFWEL8s=
=TlcX
-----END PGP SIGNATURE-----
--- End Message ---
