March 2019 - rpmfusion-commits

[ffmpeg/el7] Patch to fix CVE-2019-9718 and CVE-2019-9721

by Leigh Scott

commit bb506dff859ba56b6fb095375ec9f9760d3b27aa Author: Leigh Scott <leigh123linux(a)googlemail.com> Date: Tue Mar 19 16:30:32 2019 +0000 Patch to fix CVE-2019-9718 and CVE-2019-9721 ...lsubtitles-Fixes-denial-of-service-due-to.patch | 65 ++++++++++++++++++++++ ...lsubtitles-Fixes-denial-of-service-due-to.patch | 64 +++++++++++++++++++++ ffmpeg.spec | 13 ++++- 3 files changed, 141 insertions(+), 1 deletion(-) --- diff --git a/0001-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch b/0001-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch new file mode 100644 index 0000000..99c2399 --- /dev/null +++ b/0001-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch @@ -0,0 +1,65 @@ +From 196ddaec4efa01ba7787e74864b6c6cc4d3389ff Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse via RT <security-reports(a)semmle.com> +Date: Wed, 6 Feb 2019 11:29:22 +0000 +Subject: [PATCH 1/2] avcodec/htmlsubtitles: Fixes denial of service due to use + of sscanf in inner loop for tag scaning + +Fixes: [Semmle Security Reports #19438] +Fixes: dos_sscanf1.mkv + +Signed-off-by: Michael Niedermayer <michael(a)niedermayer.cc> +--- + libavcodec/htmlsubtitles.c | 30 +++++++++++++++++++++++++++++- + 1 file changed, 29 insertions(+), 1 deletion(-) + +diff --git a/libavcodec/htmlsubtitles.c b/libavcodec/htmlsubtitles.c +index fb9f900422..c0cfccfb16 100644 +--- a/libavcodec/htmlsubtitles.c ++++ b/libavcodec/htmlsubtitles.c +@@ -74,6 +74,34 @@ struct font_tag { + uint32_t color; + }; + ++/* ++ * Fast code for scanning the rest of a tag. Functionally equivalent to ++ * this sscanf call: ++ * ++ * sscanf(in, "%127[^<>]>%n", buffer, lenp) == 2 ++ */ ++static int scantag(const char* in, char* buffer, int* lenp) { ++ int len; ++ ++ for (len = 0; len < 128; len++) { ++ const char c = *in++; ++ switch (c) { ++ case '\0': ++ return 0; ++ case '<': ++ return 0; ++ case '>': ++ buffer[len] = '\0'; ++ *lenp = len+1; ++ return 1; ++ default: ++ break; ++ } ++ buffer[len] = c; ++ } ++ return 0; ++} ++ + /* + * The general politic of the convert is to mask unsupported tags or formatting + * errors (but still alert the user/subtitles writer with an error/warning) +@@ -155,7 +183,7 @@ int ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in) + + len = 0; + +- if (sscanf(in+tag_close+1, "%127[^<>]>%n", buffer, &len) >= 1 && len > 0) { ++ if (scantag(in+tag_close+1, buffer, &len) && len > 0) { + const int skip = len + tag_close; + const char *tagname = buffer; + while (*tagname == ' ') { +-- +2.21.0 + diff --git a/0002-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch b/0002-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch new file mode 100644 index 0000000..4345ee2 --- /dev/null +++ b/0002-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch @@ -0,0 +1,64 @@ +From 783c8679887eb0a7b1c5f4df8fd92d936e475db9 Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse via RT <security-reports(a)semmle.com> +Date: Wed, 6 Feb 2019 12:56:01 +0000 +Subject: [PATCH 2/2] avcodec/htmlsubtitles: Fixes denial of service due to use + of sscanf in inner loop for handling braces + +Fixes: [Semmle Security Reports #19439] +Fixes: dos_sscanf2.mkv + +Signed-off-by: Michael Niedermayer <michael(a)niedermayer.cc> +--- + libavcodec/htmlsubtitles.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/htmlsubtitles.c b/libavcodec/htmlsubtitles.c +index c0cfccfb16..d9221ba16b 100644 +--- a/libavcodec/htmlsubtitles.c ++++ b/libavcodec/htmlsubtitles.c +@@ -24,6 +24,7 @@ + #include "libavutil/common.h" + #include "libavutil/parseutils.h" + #include "htmlsubtitles.h" ++#include <ctype.h> + + static int html_color_parse(void *log_ctx, const char *str) + { +@@ -44,14 +45,32 @@ static void rstrip_spaces_buf(AVBPrint *buf) + buf->str[--buf->len] = 0; + } + ++/* ++ * Fast code for scanning text enclosed in braces. Functionally ++ * equivalent to this sscanf call: ++ * ++ * sscanf(in, "{\\an%*1u}%n", &len) >= 0 && len > 0 ++ */ ++static int scanbraces(const char* in) { ++ if (strncmp(in, "{\\an", 4) != 0) { ++ return 0; ++ } ++ if (!isdigit(in[4])) { ++ return 0; ++ } ++ if (in[5] != '}') { ++ return 0; ++ } ++ return 1; ++} ++ + /* skip all {\xxx} substrings except for {\an%d} + and all microdvd like styles such as {Y:xxx} */ + static void handle_open_brace(AVBPrint *dst, const char **inp, int *an, int *closing_brace_missing) + { +- int len = 0; + const char *in = *inp; + +- *an += sscanf(in, "{\\an%*1u}%n", &len) >= 0 && len > 0; ++ *an += scanbraces(in); + + if (!*closing_brace_missing) { + if ( (*an != 1 && in[1] == '\\') +-- +2.21.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index 13400a8..d2f3a0f 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -68,7 +68,7 @@ Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 3.4.5 -Release: 2%{?date}%{?date:git}%{?rel}%{?dist} +Release: 3%{?date}%{?date:git}%{?rel}%{?dist} License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -78,6 +78,12 @@ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz %endif #Backport patch for arm neon Patch0: 0001-arm-Fix-SIGBUS-on-ARM-when-compiled-with-binutils-2..patch +# https://nvd.nist.gov/vuln/detail/CVE-2019-9718 +# https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf... +Patch1: 0001-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch +# https://nvd.nist.gov/vuln/detail/CVE-2019-9721 +# https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc... +Patch2: 0002-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-driver-dev-%{_cuda_rpm_version} cuda-misc-headers-%{_cuda_rpm_version} cuda-drivers-devel%{_isa}} %{?_with_libnpp:BuildRequires: cuda-cudart-dev-%{_cuda_rpm_version} cuda-nvcc-%{_cuda_rpm_version} cuda-misc-headers-%{_cuda_rpm_version} cuda-npp-dev-%{_cuda_rpm_version}} @@ -296,6 +302,8 @@ echo "git-snapshot-%{?branch}%{date}-rpmfusion" > VERSION %endif # backport patch for arm neon %patch0 -p1 +%patch1 -p1 -b .CVE-2019-9718 +%patch2 -p1 -b .CVE-2019-9721 # fix -O3 -g in host_cflags sed -i "s|check_host_cflags -O3|check_host_cflags %{optflags}|" configure mkdir -p _doc/examples @@ -402,6 +410,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Tue Mar 19 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 3.4.5-3 +- Patch to fix CVE-2019-9718 and CVE-2019-9721 + * Thu Jan 24 2019 Nicolas Chauvet <kwizart(a)gmail.com> - 3.4.5-2 - Enable libopus but disable encoder - rhbz#5147 - Backport various fixes from newer branches

5 years, 8 months

1
0
0 / 0

[ffmpeg/f28: 24/24] Merge branch 'master' into f28

by Leigh Scott

commit 0eecfcc810641bedff75248ea729798969aa911e Merge: eecf27c 5b6887b Author: Leigh Scott <leigh123linux(a)googlemail.com> Date: Tue Mar 19 16:25:18 2019 +0000 Merge branch 'master' into f28 ...aomenc-remove-AVOption-related-to-frame-p.patch | 34 ------- ffmpeg.spec | 106 +++++++++++++++------ sources | 2 +- 3 files changed, 78 insertions(+), 64 deletions(-) ---

5 years, 8 months

1
0
0 / 0

[ffmpeg/f28] (24 commits) ...Merge branch 'master' into f28

by Leigh Scott

Summary of changes: f7884da... Update to 4.1 release (*) d8aab00... Add support for rpi (*) a6372d1... Enable vmaf (*) a460f3d... Add changelog (*) dbb31f9... Add ExclusiveArch for rpi (*) bfebb19... Correct project case, either rpmfusion or RPM Fusion (*) 8ce6dfb... Fixes for cuda enabled repo (*) dda25d7... Update changelog (*) efbf2d7... Apply path conditionally (*) 27844eb... Rebuild for new x265 (*) b39936e... drop obsolete comment (*) 7d10e2b... Rework build dependencies for cuda (*) b2016c1... Fixup rpi br (*) b1a2e6b... Add omx/omx_rpi support (*) e747115... Add omx/omx_rpi support (*) 5dbf755... Drop opencv by default (*) 0772860... Update changelog (*) d30cc00... Update RHEL case (*) 7f173da... Enable libssh support by default (rfbz#5135) (*) 73c7691... Update to 4.1.1 release (*) e6ba26a... Rebuild for new x265 (*) 3037a6b... - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass (*) 5b6887b... Mass rebuild for x264 (*) 0eecfcc... Merge branch 'master' into f28 (*) This commit already existed in another branch; no separate mail sent

5 years, 8 months

1
0
0 / 0

[ffmpeg/f29] Patch to fix CVE-2019-9718 and CVE-2019-9721

by Leigh Scott

commit ef0722abaf01a9d9feb509269e182939c2aff589 Author: Leigh Scott <leigh123linux(a)googlemail.com> Date: Tue Mar 19 16:22:35 2019 +0000 Patch to fix CVE-2019-9718 and CVE-2019-9721 ...lsubtitles-Fixes-denial-of-service-due-to.patch | 65 ++++++++++++++++++++++ ...lsubtitles-Fixes-denial-of-service-due-to.patch | 64 +++++++++++++++++++++ ffmpeg.spec | 13 ++++- 3 files changed, 141 insertions(+), 1 deletion(-) --- diff --git a/0001-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch b/0001-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch new file mode 100644 index 0000000..472703c --- /dev/null +++ b/0001-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch @@ -0,0 +1,65 @@ +From a9896ec11780ce78ec4cfe8f5ff534b6e0d06737 Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse via RT <security-reports(a)semmle.com> +Date: Wed, 6 Feb 2019 11:29:22 +0000 +Subject: [PATCH 1/2] avcodec/htmlsubtitles: Fixes denial of service due to use + of sscanf in inner loop for tag scaning + +Fixes: [Semmle Security Reports #19438] +Fixes: dos_sscanf1.mkv + +Signed-off-by: Michael Niedermayer <michael(a)niedermayer.cc> +--- + libavcodec/htmlsubtitles.c | 30 +++++++++++++++++++++++++++++- + 1 file changed, 29 insertions(+), 1 deletion(-) + +diff --git a/libavcodec/htmlsubtitles.c b/libavcodec/htmlsubtitles.c +index fb9f900422..c0cfccfb16 100644 +--- a/libavcodec/htmlsubtitles.c ++++ b/libavcodec/htmlsubtitles.c +@@ -74,6 +74,34 @@ struct font_tag { + uint32_t color; + }; + ++/* ++ * Fast code for scanning the rest of a tag. Functionally equivalent to ++ * this sscanf call: ++ * ++ * sscanf(in, "%127[^<>]>%n", buffer, lenp) == 2 ++ */ ++static int scantag(const char* in, char* buffer, int* lenp) { ++ int len; ++ ++ for (len = 0; len < 128; len++) { ++ const char c = *in++; ++ switch (c) { ++ case '\0': ++ return 0; ++ case '<': ++ return 0; ++ case '>': ++ buffer[len] = '\0'; ++ *lenp = len+1; ++ return 1; ++ default: ++ break; ++ } ++ buffer[len] = c; ++ } ++ return 0; ++} ++ + /* + * The general politic of the convert is to mask unsupported tags or formatting + * errors (but still alert the user/subtitles writer with an error/warning) +@@ -155,7 +183,7 @@ int ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst, const char *in) + + len = 0; + +- if (sscanf(in+tag_close+1, "%127[^<>]>%n", buffer, &len) >= 1 && len > 0) { ++ if (scantag(in+tag_close+1, buffer, &len) && len > 0) { + const int skip = len + tag_close; + const char *tagname = buffer; + while (*tagname == ' ') { +-- +2.21.0 + diff --git a/0002-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch b/0002-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch new file mode 100644 index 0000000..7790b19 --- /dev/null +++ b/0002-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch @@ -0,0 +1,64 @@ +From 8074a9457936ccd989a61799530f0c1fb463a486 Mon Sep 17 00:00:00 2001 +From: Kevin Backhouse via RT <security-reports(a)semmle.com> +Date: Wed, 6 Feb 2019 12:56:01 +0000 +Subject: [PATCH 2/2] avcodec/htmlsubtitles: Fixes denial of service due to use + of sscanf in inner loop for handling braces + +Fixes: [Semmle Security Reports #19439] +Fixes: dos_sscanf2.mkv + +Signed-off-by: Michael Niedermayer <michael(a)niedermayer.cc> +--- + libavcodec/htmlsubtitles.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/htmlsubtitles.c b/libavcodec/htmlsubtitles.c +index c0cfccfb16..d9221ba16b 100644 +--- a/libavcodec/htmlsubtitles.c ++++ b/libavcodec/htmlsubtitles.c +@@ -24,6 +24,7 @@ + #include "libavutil/common.h" + #include "libavutil/parseutils.h" + #include "htmlsubtitles.h" ++#include <ctype.h> + + static int html_color_parse(void *log_ctx, const char *str) + { +@@ -44,14 +45,32 @@ static void rstrip_spaces_buf(AVBPrint *buf) + buf->str[--buf->len] = 0; + } + ++/* ++ * Fast code for scanning text enclosed in braces. Functionally ++ * equivalent to this sscanf call: ++ * ++ * sscanf(in, "{\\an%*1u}%n", &len) >= 0 && len > 0 ++ */ ++static int scanbraces(const char* in) { ++ if (strncmp(in, "{\\an", 4) != 0) { ++ return 0; ++ } ++ if (!isdigit(in[4])) { ++ return 0; ++ } ++ if (in[5] != '}') { ++ return 0; ++ } ++ return 1; ++} ++ + /* skip all {\xxx} substrings except for {\an%d} + and all microdvd like styles such as {Y:xxx} */ + static void handle_open_brace(AVBPrint *dst, const char **inp, int *an, int *closing_brace_missing) + { +- int len = 0; + const char *in = *inp; + +- *an += sscanf(in, "{\\an%*1u}%n", &len) >= 0 && len > 0; ++ *an += scanbraces(in); + + if (!*closing_brace_missing) { + if ( (*an != 1 && in[1] == '\\') +-- +2.21.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index f883962..f226dc3 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -89,7 +89,7 @@ ExclusiveArch: armv7hnl Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 4.0.3 -Release: 3%{?date}%{?date:git}%{?rel}%{?dist} +Release: 4%{?date}%{?date:git}%{?rel}%{?dist} License: %{ffmpeg_license} URL: http://ffmpeg.org/ %if 0%{?date} @@ -102,6 +102,12 @@ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz Patch0: avcodec-libaomenc-remove-AVOption-related-to-frame-p.patch # Backport from master to allow vmaf 1.3.9 Patch1: 87cc7e8d4ef8fa643d8d4822525b9c95cc9e7307.patch +# https://nvd.nist.gov/vuln/detail/CVE-2019-9718 +# https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf... +Patch2: 0001-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch +# https://nvd.nist.gov/vuln/detail/CVE-2019-9721 +# https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc... +Patch3: 0002-avcodec-htmlsubtitles-Fixes-denial-of-service-due-to.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} @@ -328,6 +334,8 @@ echo "git-snapshot-%{?branch}%{date}-rpmfusion" > VERSION %endif %patch0 -p1 -b .aom_build_fix %patch1 -p1 -b .vmaf_build +%patch2 -p1 -b .CVE-2019-9718 +%patch3 -p1 -b .CVE-2019-9721 # fix -O3 -g in host_cflags sed -i "s|check_host_cflags -O3|check_host_cflags %{optflags}|" configure mkdir -p _doc/examples @@ -434,6 +442,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Tue Mar 19 2019 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.3-4 +- Patch to fix CVE-2019-9718 and CVE-2019-9721 + * Fri Jan 25 2019 Dominik Mierzejewski <rpm(a)greysector.net> - 4.0.3-3 - Enable libssh support by default (rfbz#5135)

5 years, 8 months

1
0
0 / 0

[lpf-flash-plugin/f28] Update to 32.0.0.156

by Sérgio M. Basto

Summary of changes: dbd7ad4... Update to 32.0.0.156 (*) (*) This commit already existed in another branch; no separate mail sent

5 years, 8 months

1
0
0 / 0

[lpf-flash-plugin/f29] Update to 32.0.0.156

by Sérgio M. Basto

Summary of changes: dbd7ad4... Update to 32.0.0.156 (*) (*) This commit already existed in another branch; no separate mail sent

5 years, 8 months

1
0
0 / 0

[lpf-flash-plugin] Update to 32.0.0.156

by Sérgio M. Basto

commit dbd7ad406fbf2745cddda389baa820c718f76062 Author: Sérgio M. Basto <sergio(a)serjux.com> Date: Tue Mar 19 06:35:04 2019 +0000 Update to 32.0.0.156 flash-plugin.spec.in | 5 ++++- lpf-flash-plugin.spec | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) --- diff --git a/flash-plugin.spec.in b/flash-plugin.spec.in index 9052457..ff2a2b8 100644 --- a/flash-plugin.spec.in +++ b/flash-plugin.spec.in @@ -2,7 +2,7 @@ %global __strip /bin/true Name: flash-plugin -Version: 32.0.0.142 +Version: 32.0.0.156 Release: 1%{?dist} Epoch: 1 Summary: Adobe Flash Player @@ -63,6 +63,9 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/flash-player-properti %{_datadir}/icons/hicolor/*/apps/flash-player-properties.png %changelog +* Tue Mar 19 2019 Sérgio Basto <sergio(a)serjux.com> - 1:32.0.0.156-1 +- Update to 32.0.0.156 + * Sat Feb 16 2019 Sérgio Basto <sergio(a)serjux.com> - 1:32.0.0.142-1 - Update to 32.0.0.142 diff --git a/lpf-flash-plugin.spec b/lpf-flash-plugin.spec index 492fd07..ef90f0c 100644 --- a/lpf-flash-plugin.spec +++ b/lpf-flash-plugin.spec @@ -5,7 +5,7 @@ %define target_pkg %(t=%{name}; echo ${t#lpf-}) Name: lpf-flash-plugin -Version: 32.0.0.142 +Version: 32.0.0.156 Release: 1%{?dist} Epoch: 1 Summary: Adobe Flash Player package bootstrap @@ -67,6 +67,9 @@ fi %changelog +* Tue Mar 19 2019 Sérgio Basto <sergio(a)serjux.com> - 1:32.0.0.156-1 +- Update to 32.0.0.156 + * Sat Feb 16 2019 Sérgio Basto <sergio(a)serjux.com> - 1:32.0.0.142-1 - Update to 32.0.0.142

5 years, 8 months

1
0
0 / 0

[telegram-desktop] Updated to version 1.6.0.

by Vitaly Zaitsev

Summary of changes: 62cb460... Updated to version 1.6.0. (*) (*) This commit already existed in another branch; no separate mail sent

5 years, 8 months

1
0
0 / 0

[telegram-desktop/f29] (3 commits) ...Updated to version 1.6.0.

by Vitaly Zaitsev

Summary of changes: 8622020... - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass (*) eea6fe1... Minor SPEC fixes. (*) 62cb460... Updated to version 1.6.0. (*) (*) This commit already existed in another branch; no separate mail sent

5 years, 8 months

1
0
0 / 0

[telegram-desktop/f28: 4/4] Merge branch 'master' into f28

by Vitaly Zaitsev

commit ddaad2e55de0f43e1933f75cb2a79d0bb8d1501b Merge: e6c83d3 62cb460 Author: Vitaly Zaitsev <vitaly(a)easycoding.org> Date: Mon Mar 18 14:10:44 2019 +0100 Merge branch 'master' into f28 .gitignore | 2 ++ sources | 4 ++-- telegram-desktop-build-fixes.patch | 14 ++++++------- telegram-desktop-system-fonts.patch | 4 ++-- telegram-desktop-unbundle-minizip.patch | 6 +++--- telegram-desktop.spec | 37 +++++++++++++++++++++++---------- 6 files changed, 42 insertions(+), 25 deletions(-) ---

5 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

rpmfusion-commits March 2019