diff --git a/backport-CVE-2021-3522.patch b/backport-CVE-2021-3522.patch new file mode 100644 index 0000000000000000000000000000000000000000..2eab54cdbfbfc6f739c015b9a2816fadced2cc90 --- /dev/null +++ b/backport-CVE-2021-3522.patch @@ -0,0 +1,34 @@ +From 8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= +Date: Wed, 3 Mar 2021 01:08:25 +0000 +Subject: [PATCH] tag: id3v2: fix frame size check and potential invalid reads + +Check the right variable when checking if there's +enough data left to read the frame size. + +Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 + +Part-of: + +Conflict:NA +Reference:https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 + +--- + gst-libs/gst/tag/id3v2frames.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c +index 8e9f78254..f39659bf7 100644 +--- a/gst-libs/gst/tag/id3v2frames.c ++++ b/gst-libs/gst/tag/id3v2frames.c +@@ -109,7 +109,7 @@ id3v2_parse_frame (ID3TagsWorking * work) + + if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION | + ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) { +- if (work->hdr.frame_data_size <= 4) ++ if (frame_data_size <= 4) + return FALSE; + if (ID3V2_VER_MAJOR (work->hdr.version) == 3) { + work->parse_size = GST_READ_UINT32_BE (frame_data); +-- +GitLab diff --git a/gstreamer1-plugins-base.spec b/gstreamer1-plugins-base.spec index 7938f37ba231431231f785b8f502eae8fed4e71d..80d3c5abe8ec28dc3edf6a6f077d2783a726a18a 100644 --- a/gstreamer1-plugins-base.spec +++ b/gstreamer1-plugins-base.spec @@ -3,7 +3,7 @@ Name: gstreamer1-plugins-base Version: 1.16.2 -Release: 1 +Release: 2 Summary: GStreamer streaming media framework base plugins License: LGPLv2+ URL: http://gstreamer.freedesktop.org/ @@ -12,6 +12,8 @@ Source0: http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugi Patch0: 0001-missing-plugins-Remove-the-mpegaudioversion-field.patch Patch1: Adapt-to-backwards-incompatible-change-in-GUN.patch +Patch6000: backport-CVE-2021-3522.patch + BuildRequires: gcc-c++ gstreamer1-devel >= %{version} gobject-introspection-devel >= 1.31.1 iso-codes-devel alsa-lib-devel BuildRequires: cdparanoia-devel libogg-devel >= 1.0 libtheora-devel >= 1.1 libvisual-devel libvorbis-devel >= 1.0 libXv-devel BuildRequires: orc-devel >= 0.4.18 pango-devel pkgconfig opus-devel gtk-doc >= 1.3 libxslt gdb @@ -49,6 +51,7 @@ This package provides manual for developpers. %setup -q -n gst-plugins-base-%{version} %patch0 -p1 %patch1 -p1 +%patch6000 -p1 %build NOCONFIGURE=1 \ @@ -270,6 +273,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';' %{_mandir}/man1/gst-device-monitor-*.gz %changelog +* Fri Mar 18 2022 dongyuzhen - 1.16.2-2 +- fix CVE-2021-3522 + * Tue Aug 18 2020 zhanzhimin - 1.16.2-1 - update to 1.16.2