!15 [sync] PR-13: fix CVE-2021-3522

From: @openeuler-sync-bot Reviewed-by: @dwl301 Signed-off-by: @dwl301
2022-03-18 06:48:59 +00:00 · 2022-03-18 06:48:59 +00:00 · c0db44c066
commit c0db44c066
parent af02e598b6 26abb206ad
2 changed files with 41 additions and 1 deletions
--- a/backport-CVE-2021-3522.patch
+++ b/backport-CVE-2021-3522.patch
@ -0,0 +1,34 @@
+From 8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com>
+Date: Wed, 3 Mar 2021 01:08:25 +0000
+Subject: [PATCH] tag: id3v2: fix frame size check and potential invalid reads
+
+Check the right variable when checking if there's
+enough data left to read the frame size.
+
+Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/1066>
+
+Conflict:NA
+Reference:https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4
+
+---
+ gst-libs/gst/tag/id3v2frames.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c
+index 8e9f78254..f39659bf7 100644
+--- a/gst-libs/gst/tag/id3v2frames.c
+++ b/gst-libs/gst/tag/id3v2frames.c
+@@ -109,7 +109,7 @@ id3v2_parse_frame (ID3TagsWorking * work)
+ 
+   if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION |
+           ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) {
+-    if (work->hdr.frame_data_size <= 4)
+    if (frame_data_size <= 4)
+       return FALSE;
+     if (ID3V2_VER_MAJOR (work->hdr.version) == 3) {
+       work->parse_size = GST_READ_UINT32_BE (frame_data);
+-- 
+GitLab
--- a/gstreamer1-plugins-base.spec
+++ b/gstreamer1-plugins-base.spec
@ -3,7 +3,7 @@

 Name:            gstreamer1-plugins-base
 Version:         1.16.2
-Release:         1
+Release:         2
 Summary:         GStreamer streaming media framework base plugins
 License:         LGPLv2+
 URL:             http://gstreamer.freedesktop.org/
@ -12,6 +12,8 @@ Source0:         http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugi
 Patch0:         0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
 Patch1:         Adapt-to-backwards-incompatible-change-in-GUN.patch

+Patch6000:      backport-CVE-2021-3522.patch
+
 BuildRequires:  gcc-c++ gstreamer1-devel >= %{version} gobject-introspection-devel >= 1.31.1 iso-codes-devel alsa-lib-devel
 BuildRequires:  cdparanoia-devel libogg-devel >= 1.0 libtheora-devel >= 1.1 libvisual-devel libvorbis-devel >= 1.0 libXv-devel
 BuildRequires:  orc-devel >= 0.4.18 pango-devel pkgconfig opus-devel gtk-doc >= 1.3 libxslt gdb
@ -49,6 +51,7 @@ This package provides manual for developpers.
 %setup -q -n gst-plugins-base-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch6000 -p1

 %build
 NOCONFIGURE=1 \
@ -270,6 +273,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';'
 %{_mandir}/man1/gst-device-monitor-*.gz

 %changelog
+* Fri Mar 18 2022 dongyuzhen <dongyuzhen@h-partners.com> - 1.16.2-2
+- fix CVE-2021-3522
+
 * Tue Aug 18 2020 zhanzhimin <zhanzhimin@huawei.com> - 1.16.2-1
 - update to 1.16.2