From: Reinhard Tartler Date: Sat, 13 Apr 2019 20:46:54 +0000 (-0400) Subject: Merge branch 'master' into experimental X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1~1^2~41 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1331dfa0d9f542f60718d06fea9e0b45cf6c2ba7;p=gpac.git Merge branch 'master' into experimental --- 1331dfa0d9f542f60718d06fea9e0b45cf6c2ba7 diff --cc debian/changelog index 6d7f0ce,a8497b9..c97104b --- a/debian/changelog +++ b/debian/changelog @@@ -1,26 -1,13 +1,36 @@@ +gpac (0.7.1+dfsg1-2) experimental; urgency=medium + + * Upload to experimental and mark the previous upload as + UNRELEASED. It was deemed unappropriate for this stage of the + Debian Release cycle. + + -- Reinhard Tartler Sun, 07 Apr 2019 12:19:28 -0400 + +gpac (0.7.1+dfsg1-1) UNRELEASED; urgency=medium + + [ Balint Reczey ] + * Remove myself from Uploaders + + [ Reinhard Tartler ] + * Update exclude lists + * New upstream version 0.7.1+dfsg1 (Closes: #817194) + * Add bugfix for CVE-2018-7752 (Closes: #892526) + * Add patch for CVE-2018-20760, CVE-2018-20762, CVE-2018-20763 + (CVE-2018-20761 does not need addressing) (Closes: #921969) + * add patch for CVE-2018-13005, CVE-2018-13006 (Closes: #902782) + + -- Reinhard Tartler Fri, 15 Feb 2019 06:43:22 -0500 + + gpac (0.5.2-426-gc5ad4e4+dfsg5-5) unstable; urgency=medium + + [ Moritz Muehlenhoff ] + * Bug fix: "CVE-2019-11222: Buffer-overflow in gf_bin128_parse", thanks + to Salvatore Bonaccorso (Closes: #926961). + * Bug fix: "CVE-2019-11221: buffer-overflow issue in gf_import_message() + in media_import.c", thanks to Salvatore Bonaccorso (Closes: #926963). + + -- Reinhard Tartler Sat, 13 Apr 2019 16:41:15 -0400 + gpac (0.5.2-426-gc5ad4e4+dfsg5-4.1) unstable; urgency=medium * CVE-2018-7752 (Closes: #892526) diff --cc debian/patches/CVE-2019-11221.patch index 0000000,3ad8347..7523631 mode 000000,100644..100644 --- a/debian/patches/CVE-2019-11221.patch +++ b/debian/patches/CVE-2019-11221.patch @@@ -1,0 -1,180 +1,180 @@@ + From f4616202e5578e65746cf7e7ceeba63bee1b094b Mon Sep 17 00:00:00 2001 + From: Aurelien David + Date: Thu, 11 Apr 2019 14:18:58 +0200 + Subject: [PATCH] fix a bunch of vsprintf -> vsnprintf + + closes #1203 + --- + applications/mp4client/main.c | 2 +- + applications/osmo4_sym/osmo4_view.cpp | 2 +- + src/media_tools/media_export.c | 2 +- + src/media_tools/media_import.c | 2 +- + src/scene_manager/loader_bt.c | 4 ++-- + src/scene_manager/loader_isom.c | 2 +- + src/scene_manager/loader_qt.c | 2 +- + src/scene_manager/loader_svg.c | 8 ++++---- + src/scene_manager/loader_xmt.c | 14 +++++++------- + src/scene_manager/swf_parse.c | 6 +++--- + src/scene_manager/swf_svg.c | 2 +- + src/scenegraph/xbl_process.c | 2 +- + src/utils/alloc.c | 2 +- + src/utils/xml_parser.c | 24 +++++++++++++----------- + 15 files changed, 49 insertions(+), 47 deletions(-) + + --- a/applications/mp4client/main.c + +++ b/applications/mp4client/main.c -@@ -1023,7 +1023,7 @@ static void on_gpac_log(void *cbk, u32 l ++@@ -1038,7 +1038,7 @@ static void on_gpac_log(void *cbk, GF_LO + + if (rti_logs && (lm & GF_LOG_RTI)) { + char szMsg[2048]; + - vsprintf(szMsg, fmt, list); + + vsnprintf(szMsg, 2048, fmt, list); + UpdateRTInfo(szMsg + 6 /*"[RTI] "*/); + } else { + if (log_time_start) { + --- a/src/media_tools/media_export.c + +++ b/src/media_tools/media_export.c + @@ -57,7 +57,7 @@ static GF_Err gf_export_message(GF_Media + va_list args; + char szMsg[1024]; + va_start(args, format); + - vsprintf(szMsg, format, args); + + vsnprintf(szMsg, 1024, format, args); + va_end(args); + GF_LOG((u32) (e ? GF_LOG_ERROR : GF_LOG_WARNING), GF_LOG_AUTHOR, ("%s\n", szMsg) ); + } + --- a/src/media_tools/media_import.c + +++ b/src/media_tools/media_import.c -@@ -50,7 +50,7 @@ GF_Err gf_import_message(GF_MediaImporte ++@@ -52,7 +52,7 @@ GF_Err gf_import_message(GF_MediaImporte + va_list args; + char szMsg[1024]; + va_start(args, format); + - vsprintf(szMsg, format, args); + + vsnprintf(szMsg, 1024, format, args); + va_end(args); + GF_LOG((u32) (e ? GF_LOG_WARNING : GF_LOG_INFO), GF_LOG_AUTHOR, ("%s\n", szMsg) ); + } + --- a/src/scene_manager/loader_bt.c + +++ b/src/scene_manager/loader_bt.c + @@ -121,7 +121,7 @@ static GF_Err gf_bt_report(GF_BTParser * + char szMsg[2048]; + va_list args; + va_start(args, format); + - vsprintf(szMsg, format, args); + + vsnprintf(szMsg, 2048, format, args); + va_end(args); + GF_LOG((u32) (e ? GF_LOG_ERROR : GF_LOG_WARNING), GF_LOG_PARSER, ("[BT/WRL Parsing] %s (line %d)\n", szMsg, parser->line)); + } + --- a/src/scene_manager/loader_isom.c + +++ b/src/scene_manager/loader_isom.c + @@ -144,7 +144,7 @@ static void mp4_report(GF_SceneLoader *l + char szMsg[1024]; + va_list args; + va_start(args, format); + - vsprintf(szMsg, format, args); + + vsnprintf(szMsg, 1024, format, args); + va_end(args); + GF_LOG((u32) (e ? GF_LOG_ERROR : GF_LOG_WARNING), GF_LOG_PARSER, ("[MP4 Loading] %s\n", szMsg) ); + } + --- a/src/scene_manager/loader_qt.c + +++ b/src/scene_manager/loader_qt.c + @@ -40,7 +40,7 @@ static GF_Err gf_qt_report(GF_SceneLoade + char szMsg[1024]; + va_list args; + va_start(args, format); + - vsprintf(szMsg, format, args); + + vsnprintf(szMsg, 1024, format, args); + va_end(args); + GF_LOG((u32) (e ? GF_LOG_ERROR : GF_LOG_WARNING), GF_LOG_PARSER, ("[QT Parsing] %s\n", szMsg) ); + } + --- a/src/scene_manager/loader_svg.c + +++ b/src/scene_manager/loader_svg.c + @@ -134,7 +134,7 @@ static GF_Err svg_report(GF_SVG_Parser * + char szMsg[2048]; + va_list args; + va_start(args, format); + - vsprintf(szMsg, format, args); + + vsnprintf(szMsg, 2048, format, args); + va_end(args); + GF_LOG((u32) (e ? GF_LOG_ERROR : GF_LOG_WARNING), GF_LOG_PARSER, ("[SVG Parsing] line %d - %s\n", gf_xml_sax_get_line(parser->sax_parser), szMsg)); + } + --- a/src/scene_manager/loader_xmt.c + +++ b/src/scene_manager/loader_xmt.c + @@ -144,7 +144,7 @@ static GF_Err xmt_report(GF_XMTParser *p + char szMsg[2048]; + va_list args; + va_start(args, format); + - vsprintf(szMsg, format, args); + + vsnprintf(szMsg, 2048, format, args); + va_end(args); + GF_LOG((u32) (e ? GF_LOG_ERROR : GF_LOG_WARNING), GF_LOG_PARSER, ("[XMT Parsing] %s (line %d)\n", szMsg, gf_xml_sax_get_line(parser->sax_parser)) ); + } + --- a/src/scene_manager/swf_parse.c + +++ b/src/scene_manager/swf_parse.c -@@ -2410,7 +2410,7 @@ void swf_report(SWFReader *read, GF_Err ++@@ -2428,7 +2428,7 @@ void swf_report(SWFReader *read, GF_Err + char szMsg[2048]; + va_list args; + va_start(args, format); + - vsprintf(szMsg, format, args); + + vsnprintf(szMsg, 2048, format, args); + va_end(args); + GF_LOG((u32) (e ? GF_LOG_ERROR : GF_LOG_WARNING), GF_LOG_PARSER, ("[SWF Parsing] %s (frame %d)\n", szMsg, read->current_frame+1) ); + } + --- a/src/scene_manager/swf_svg.c + +++ b/src/scene_manager/swf_svg.c + @@ -51,7 +51,7 @@ static void swf_svg_print(SWFReader *rea + + /* print the line */ + va_start(args, format); + - vsprintf(line, format, args); + + vsnprintf(line, 2000, format, args); + va_end(args); + /* add the line to the buffer */ + line_length = (u32)strlen(line); + --- a/src/scenegraph/xbl_process.c + +++ b/src/scenegraph/xbl_process.c + @@ -61,7 +61,7 @@ static GF_Err xbl_parse_report(GF_XBL_Pa + char szMsg[2048]; + va_list args; + va_start(args, format); + - vsprintf(szMsg, format, args); + + vsnprintf(szMsg, 2048, format, args); + va_end(args); + GF_LOG((u32) (e ? GF_LOG_ERROR : GF_LOG_WARNING), GF_LOG_PARSER, ("[XBL Parsing] line %d - %s\n", gf_xml_sax_get_line(parser->sax_parser), szMsg)); + } + --- a/src/utils/alloc.c + +++ b/src/utils/alloc.c -@@ -658,7 +658,7 @@ static void gf_memory_log(unsigned int l ++@@ -815,7 +815,7 @@ static void gf_memory_log(unsigned int l + char msg[1024]; + assert(strlen(fmt) < 200); + va_start(vl, fmt); + - vsprintf(msg, fmt, vl); + + vsnprintf(msg, 1024, fmt, vl); + GF_LOG(level, GF_LOG_MEMORY, (msg)); + va_end(vl); + } + --- a/src/utils/xml_parser.c + +++ b/src/utils/xml_parser.c -@@ -218,14 +218,16 @@ static void format_sax_error(GF_SAXParse ++@@ -220,14 +220,16 @@ static void format_sax_error(GF_SAXParse + char szM[20]; + + va_start(args, fmt); + - vsprintf(parser->err_msg, fmt, args); + + vsnprintf(parser->err_msg, ARRAY_LENGTH(parser->err_msg), fmt, args); + va_end(args); + + - sprintf(szM, " - Line %d: ", parser->line + 1); + - strcat(parser->err_msg, szM); + - len = (u32) strlen(parser->err_msg); + - strncpy(parser->err_msg + len, parser->buffer+ (linepos ? linepos : parser->current_pos), 10); + - parser->err_msg[len + 10] = 0; + + if (strlen(parser->err_msg)+30 < ARRAY_LENGTH(parser->err_msg)) { + + snprintf(szM, 20, " - Line %d: ", parser->line + 1); + + strcat(parser->err_msg, szM); + + len = (u32) strlen(parser->err_msg); + + strncpy(parser->err_msg + len, parser->buffer+ (linepos ? linepos : parser->current_pos), 10); + + parser->err_msg[len + 10] = 0; + + } + parser->sax_state = SAX_STATE_SYNTAX_ERROR; + } + diff --cc debian/patches/CVE-2019-11222.patch index 0000000,3d1698b..b5b06ad mode 000000,100644..100644 --- a/debian/patches/CVE-2019-11222.patch +++ b/debian/patches/CVE-2019-11222.patch @@@ -1,0 -1,25 +1,25 @@@ + From f36525c5beafb78959c3a07d6622c9028de348da Mon Sep 17 00:00:00 2001 + From: Aurelien David + Date: Thu, 11 Apr 2019 14:54:53 +0200 + Subject: [PATCH] fix buffer overrun in gf_bin128_parse + + closes #1204 + closes #1205 + --- + src/utils/os_divers.c | 5 +++++ + 1 file changed, 5 insertions(+) + + --- a/src/utils/os_divers.c + +++ b/src/utils/os_divers.c -@@ -1958,6 +1958,11 @@ GF_Err gf_bin128_parse(char *string, bin ++@@ -1969,6 +1969,11 @@ GF_Err gf_bin128_parse(char *string, bin + sscanf(szV, "%x", &v); + value[i] = v; + i++; + + if (i > 15) { + + // force error check below + + i++; + + break; + + } + } + } + if (i != 16) { diff --cc debian/patches/series index 6953cb6,8cb3a0a..abc9baf --- a/debian/patches/series +++ b/debian/patches/series @@@ -1,13 -1,15 +1,15 @@@ -mp4box-manpage-fix.patch gcc-optflags.patch -libav10.patch -export_gf_isom_set_pixel_aspect_ratio.patch +#libav10.patch +#export_gf_isom_set_pixel_aspect_ratio.patch dont-err-build-on-uknown-system.patch -skip-swf-test.patch -ffmpeg_2.9.patch +#skip-swf-test.patch +#ffmpeg_2.9.patch ffmpeg_4.patch +fix_makefile_install.patch CVE-2018-7752.patch -CVE-2018-13005_CVE-2018-13006.patch -CVE-2018-20760.patch -CVE-2018-20761_CVE-2018-20762.patch +CVE-2018-20762.patch CVE-2018-20763.patch +CVE-2018-20760.patch +CVE-2018-13005.patch + CVE-2019-11221.patch + CVE-2019-11222.patch