gentoo resync : 02.09.2020

3 files changed, 123 insertions, 0 deletions

diff --git a/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch
new file mode 100644
index 000000000000..87b2e54973b4
--- /dev/null
+++ b/media-libs/gst-rtsp-server/files/1.16.2-CVE-2020-6095.patch
@@ -0,0 +1,39 @@
+From ccc8d0c4388056acc801fd855e065eb2b0ca6578 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 23 Mar 2020 16:06:43 +0200
+Subject: [PATCH 3/3] rtsp-auth: Fix NULL pointer dereference when handling an
+ invalid basic Authorization header
+
+When using the basic authentication scheme, we wouldn't validate that
+the authorization field of the credentials is not NULL and pass it on
+to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
+dereference the NULL pointer and crash.
+A specially crafted (read: invalid) RTSP header can cause this to
+happen.
+
+As a solution, check for the authorization to be not NULL before
+continuing processing it and if it is simply fail authentication.
+
+This fixes CVE-2020-6095 and TALOS-2020-1018.
+
+Discovered by Peter Wang of Cisco ASIG.
+---
+ gst/rtsp-server/rtsp-auth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c
+index f14286f..c15fa18 100644
+--- a/gst/rtsp-server/rtsp-auth.c
++++ b/gst/rtsp-server/rtsp-auth.c
+@@ -871,7 +871,7 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPContext * ctx)
+ 
+       GST_DEBUG_OBJECT (auth, "check Basic auth");
+       g_mutex_lock (&priv->lock);
+-      if ((token =
++      if ((*credential)->authorization && (token =
+               g_hash_table_lookup (priv->basic,
+                   (*credential)->authorization))) {
+         GST_DEBUG_OBJECT (auth, "setting token %p", token);
+-- 
+2.20.1
+
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch
new file mode 100644
index 000000000000..679c5c5207cf
--- /dev/null
+++ b/media-libs/gst-rtsp-server/files/1.16.2-glib-deprecation-fix.patch
@@ -0,0 +1,59 @@
+From df227481504574ecc6028400d17870913a16a047 Mon Sep 17 00:00:00 2001
+From: Jordan Petridis <jordan@centricular.com>
+Date: Thu, 23 Jan 2020 16:41:26 +0200
+Subject: [PATCH 2/3] rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as
+ it's been deprecated
+
+from glib
+```
+Deprecated: 2.58: Use %G_ADD_PRIVATE and the generated
+  `your_type_get_instance_private()` function instead
+```
+---
+ gst/rtsp-server/rtsp-latency-bin.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/gst/rtsp-server/rtsp-latency-bin.c b/gst/rtsp-server/rtsp-latency-bin.c
+index cf7cdf1..c297ab6 100644
+--- a/gst/rtsp-server/rtsp-latency-bin.c
++++ b/gst/rtsp-server/rtsp-latency-bin.c
+@@ -23,9 +23,6 @@
+ #include <gst/gst.h>
+ #include "rtsp-latency-bin.h"
+ 
+-#define GST_RTSP_LATENCY_BIN_GET_PRIVATE(obj)  \
+-     (G_TYPE_INSTANCE_GET_PRIVATE ((obj), GST_RTSP_LATENCY_BIN_TYPE, GstRTSPLatencyBinPrivate))
+-
+ struct _GstRTSPLatencyBinPrivate
+ {
+   GstPad *sinkpad;
+@@ -106,7 +103,7 @@ gst_rtsp_latency_bin_get_property (GObject * object, guint propid,
+ {
+   GstRTSPLatencyBin *latency_bin = GST_RTSP_LATENCY_BIN (object);
+   GstRTSPLatencyBinPrivate *priv =
+-      GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin);
++      gst_rtsp_latency_bin_get_instance_private (latency_bin);
+ 
+   switch (propid) {
+     case PROP_ELEMENT:
+@@ -140,7 +137,7 @@ gst_rtsp_latency_bin_add_element (GstRTSPLatencyBin * latency_bin,
+     GstElement * element)
+ {
+   GstRTSPLatencyBinPrivate *priv =
+-      GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin);
++      gst_rtsp_latency_bin_get_instance_private (latency_bin);
+   GstPad *pad;
+   GstPadTemplate *templ;
+ 
+@@ -250,7 +247,7 @@ static gboolean
+ gst_rtsp_latency_bin_recalculate_latency (GstRTSPLatencyBin * latency_bin)
+ {
+   GstRTSPLatencyBinPrivate *priv =
+-      GST_RTSP_LATENCY_BIN_GET_PRIVATE (latency_bin);
++      gst_rtsp_latency_bin_get_instance_private (latency_bin);
+   GstEvent *latency;
+   GstQuery *query;
+   GstClockTime min_latency;
+-- 
+2.20.1
+
diff --git a/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch
new file mode 100644
index 000000000000..2707c3ebdc05
--- /dev/null
+++ b/media-libs/gst-rtsp-server/files/1.16.2-leak-fix.patch
@@ -0,0 +1,25 @@
+From 9dfdcb71e84e53e25388a6e0b485a70c45ea0dec Mon Sep 17 00:00:00 2001
+From: Nicola Murino <nicola.murino@gmail.com>
+Date: Thu, 12 Dec 2019 17:56:18 +0100
+Subject: [PATCH 1/3] rtsp-auth: fix default token leak
+
+---
+ gst/rtsp-server/rtsp-auth.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/gst/rtsp-server/rtsp-auth.c b/gst/rtsp-server/rtsp-auth.c
+index f676b80..f14286f 100644
+--- a/gst/rtsp-server/rtsp-auth.c
++++ b/gst/rtsp-server/rtsp-auth.c
+@@ -214,6 +214,8 @@ gst_rtsp_auth_finalize (GObject * obj)
+   g_hash_table_unref (priv->basic);
+   g_hash_table_unref (priv->digest);
+   g_hash_table_unref (priv->nonces);
++  if (priv->default_token)
++    gst_rtsp_token_unref (priv->default_token);
+   g_mutex_clear (&priv->lock);
+   g_free (priv->realm);
+ 
+-- 
+2.20.1
+