Hello community,
here is the log from the commit of package gstreamer-rtsp-server for
openSUSE:Leap:15.2 checked in at 2020-04-17 13:37:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/gstreamer-rtsp-server (Old)
and /work/SRC/openSUSE:Leap:15.2/.gstreamer-rtsp-server.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gstreamer-rtsp-server"
Fri Apr 17 13:37:35 2020 rev:38 rq:794223 version:1.16.2
Changes:
--------
---
/work/SRC/openSUSE:Leap:15.2/gstreamer-rtsp-server/gstreamer-rtsp-server.changes
2020-02-09 15:03:09.642767992 +0100
+++
/work/SRC/openSUSE:Leap:15.2/.gstreamer-rtsp-server.new.2738/gstreamer-rtsp-server.changes
2020-04-17 13:37:37.252223378 +0200
@@ -1,0 +2,15 @@
+Sun Apr 12 18:40:20 UTC 2020 - Bjørn Lie <bjorn....@gmail.com>
+
+- Fix boo#1168026, CVE-2020-6095 and TALOS-2020-1018:
+ + Add gst-rtsp-Fix-NULL-pointer.patch: rtsp-auth: Fix NULL
+ pointer dereference when handling an invalid basic
+ Authorization header.
+- Add upstream bug fix patches:
+ + Add gst-rtsp-fix-token-leak.patch: rtsp-auth: Fix default token
+ leak.
+ + Add gst-rtsp-replace-G_TYPE_INSTANCE_GET_PRIVATE.patch:
+ rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as it's
+ been deprecated.
+
+
+-------------------------------------------------------------------
New:
----
gst-rtsp-Fix-NULL-pointer.patch
gst-rtsp-fix-token-leak.patch
gst-rtsp-replace-G_TYPE_INSTANCE_GET_PRIVATE.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gstreamer-rtsp-server.spec ++++++
--- /var/tmp/diff_new_pack.Z4ZyKQ/_old 2020-04-17 13:37:37.696223712 +0200
+++ /var/tmp/diff_new_pack.Z4ZyKQ/_new 2020-04-17 13:37:37.700223716 +0200
@@ -1,7 +1,7 @@
#
# spec file for package gstreamer-rtsp-server
#
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,10 +23,17 @@
Summary: GStreamer-based RTSP server library
License: LGPL-2.0-or-later
Group: Productivity/Multimedia/Other
-URL: http://gstreamer.freedesktop.org/
-Source0:
https://gstreamer.freedesktop.org/src/gst-rtsp-server/%{_name}-%{version}.tar.xz
+URL: https://gstreamer.freedesktop.org
+Source0: %{url}/src/gst-rtsp-server/%{_name}-%{version}.tar.xz
Source99: gstreamer-rtsp-server-rpmlintrc
+# PATCH-FIX-UPSTREAM gst-rtsp-fix-token-leak.patch
+Patch0: gst-rtsp-fix-token-leak.patch
+# PATCH-FIX-UPSTREAM gst-rtsp-Fix-NULL-pointer.patch
+Patch1: gst-rtsp-Fix-NULL-pointer.patch
+# PATCH-FIX-UPSTREAM
+Patch2: gst-rtsp-replace-G_TYPE_INSTANCE_GET_PRIVATE.patch
+
BuildRequires: meson >= 0.47
BuildRequires: pkgconfig
BuildRequires: pkgconfig(glib-2.0) >= 2.40.0
++++++ gst-rtsp-Fix-NULL-pointer.patch ++++++
>From 44ccca3086dd81081d72ca0b21d0ecdde962fb1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebast...@centricular.com>
Date: Mon, 23 Mar 2020 16:06:43 +0200
Subject: [PATCH] rtsp-auth: Fix NULL pointer dereference when handling an
invalid basic Authorization header
When using the basic authentication scheme, we wouldn't validate that
the authorization field of the credentials is not NULL and pass it on
to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
dereference the NULL pointer and crash.
A specially crafted (read: invalid) RTSP header can cause this to
happen.
As a solution, check for the authorization to be not NULL before
continuing processing it and if it is simply fail authentication.
This fixes CVE-2020-6095 and TALOS-2020-1018.
Discovered by Peter Wang of Cisco ASIG.
---
gst/rtsp-server/rtsp-auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c
index ad0be07..b6286e1 100644
--- a/gst/rtsp-server/rtsp-auth.c
+++ b/gst/rtsp-server/rtsp-auth.c
@@ -871,7 +871,7 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPContext *
ctx)
GST_DEBUG_OBJECT (auth, "check Basic auth");
g_mutex_lock (&priv->lock);
- if ((token =
+ if ((*credential)->authorization && (token =
g_hash_table_lookup (priv->basic,
(*credential)->authorization))) {
GST_DEBUG_OBJECT (auth, "setting token %p", token);
--
2.24.1
++++++ gst-rtsp-fix-token-leak.patch ++++++
>From 9dfdcb71e84e53e25388a6e0b485a70c45ea0dec Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.mur...@gmail.com>
Date: Thu, 12 Dec 2019 17:56:18 +0100
Subject: [PATCH] rtsp-auth: fix default token leak
---
gst/rtsp-server/rtsp-auth.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c
index f676b80..f14286f 100644
--- a/gst/rtsp-server/rtsp-auth.c
+++ b/gst/rtsp-server/rtsp-auth.c
@@ -214,6 +214,8 @@ gst_rtsp_auth_finalize (GObject * obj)
g_hash_table_unref (priv->basic);
g_hash_table_unref (priv->digest);
g_hash_table_unref (priv->nonces);
+ if (priv->default_token)
+ gst_rtsp_token_unref (priv->default_token);
g_mutex_clear (&priv->lock);
g_free (priv->realm);
--
2.24.1
++++++ gst-rtsp-replace-G_TYPE_INSTANCE_GET_PRIVATE.patch ++++++
>From df227481504574ecc6028400d17870913a16a047 Mon Sep 17 00:00:00 2001
From: Jordan Petridis <jor...@centricular.com>
Date: Thu, 23 Jan 2020 16:41:26 +0200
Subject: [PATCH] rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as it's
been deprecated
from glib
```
Deprecated: 2.58: Use %G_ADD_PRIVATE and the generated
`your_type_get_instance_private()` function instead
```
---
gst/rtsp-server/rtsp-latency-bin.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/gst/rtsp-server/rtsp-latency-bin.c
b/gst/rtsp-server/rtsp-latency-bin.c
index cf7cdf1..c297ab6 100644
--- a/gst/rtsp-server/rtsp-latency-bin.c
+++ b/gst/rtsp-server/rtsp-latency-bin.c
@@ -23,9 +23,6 @@
#include <gst/gst.h>
#include "rtsp-latency-bin.h"
-#define GST_RTSP_LATENCY_BIN_GET_PRIVATE(obj) \
- (G_TYPE_INSTANCE_GET_PRIVATE ((obj), GST_RTSP_LATENCY_BIN_TYPE,
GstRTSPLatencyBinPrivate))
-
struct _GstRTSPLatencyBinPrivate
{
GstPad *sinkpad;
@@ -106,7 +103,7 @@ gst_rtsp_latency_bin_get_property (GObject * object, guint
propid,
{
GstRTSPLatencyBin *latency_bin = GST_RTSP_LATENCY_BIN (object);
GstRTSPLatencyBinPrivate *priv =
- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin);
+ gst_rtsp_latency_bin_get_instance_private (latency_bin);
switch (propid) {
case PROP_ELEMENT:
@@ -140,7 +137,7 @@ gst_rtsp_latency_bin_add_element (GstRTSPLatencyBin *
latency_bin,
GstElement * element)
{
GstRTSPLatencyBinPrivate *priv =
- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin);
+ gst_rtsp_latency_bin_get_instance_private (latency_bin);
GstPad *pad;
GstPadTemplate *templ;
@@ -250,7 +247,7 @@ static gboolean
gst_rtsp_latency_bin_recalculate_latency (GstRTSPLatencyBin * latency_bin)
{
GstRTSPLatencyBinPrivate *priv =
- GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin);
+ gst_rtsp_latency_bin_get_instance_private (latency_bin);
GstEvent *latency;
GstQuery *query;
GstClockTime min_latency;
--
2.24.1
