From patchwork Thu Jan 21 15:48:22 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Korsgaard <peter@korsgaard.com>
X-Patchwork-Id: 1429932
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=140.211.166.137; helo=fraxinus.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=J7DuSMUc;
	dkim-atps=neutral
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4DM6J96gdDz9sWP
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Fri, 22 Jan 2021 02:48:57 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id EF2B1863DB;
	Thu, 21 Jan 2021 15:48:53 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id QyJeZLnNdj4Y; Thu, 21 Jan 2021 15:48:51 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by fraxinus.osuosl.org (Postfix) with ESMTP id E04E486366;
	Thu, 21 Jan 2021 15:48:49 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by ash.osuosl.org (Postfix) with ESMTP id 4C7141BF9C6
 for <buildroot@lists.busybox.net>; Thu, 21 Jan 2021 15:48:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by silver.osuosl.org (Postfix) with ESMTP id 089A7207A6
 for <buildroot@lists.busybox.net>; Thu, 21 Jan 2021 15:48:45 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZDid1lS1JJMf for <buildroot@lists.busybox.net>;
 Thu, 21 Jan 2021 15:48:43 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com
 [209.85.218.46])
 by silver.osuosl.org (Postfix) with ESMTPS id DF65C2036B
 for <buildroot@buildroot.org>; Thu, 21 Jan 2021 15:48:42 +0000 (UTC)
Received: by mail-ej1-f46.google.com with SMTP id r12so3239634ejb.9
 for <buildroot@buildroot.org>; Thu, 21 Jan 2021 07:48:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=ZUOL/loovwVJ1wRXIkbwxDMruIbyK+LF/9Kqg81A1mc=;
 b=J7DuSMUcFinLRjdQ47khzsR9OCFEIM+YdUHcL85VSM9V95v3JKP1kmWApDpghTbPsm
 77P6lFa4unboHOzN5Z8LnXw7O7NFy75RYC0G5jXbtpLP8Y15RPpiitl2x+OGz1Xz9qRr
 soEy+85r2Ck7Faa6/i8WxD0xPD1+ZruSUDSwwQLGhbQpuoAqI+mtxr9i/tsZssX9XbJA
 qyxIUQzVZ1d2cFczILXV6Hx/ZTMYbV2HKNL7N/Uxq/NwGeYNDV8DLD/4LpAURm8rB622
 Sx3pvarcsUha3p/di99j7u/dGVeOGPo7yLynLyAAO4z1oIjuXIA2sgG779kQvNvjDZ7W
 d2uA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :in-reply-to:references:mime-version:content-transfer-encoding;
 bh=ZUOL/loovwVJ1wRXIkbwxDMruIbyK+LF/9Kqg81A1mc=;
 b=Hag/PbeGFLZdIEW97q28mgeAS0weqN5NPlQo5WJysdsZsdJ6cmH04MHnj9KJwyCIR3
 ZrNMd3nFANBH/ZSqKKwgaVwA63bmbH/ym1D10YwA1OYeuv7xaRHagVPrOZ17sD/UoUZy
 dgaShCSVMURnGQU6sabHtLGQ6WK8RYtGuYUBR8LMDWqqN47rCoR01PFC8oscOwXV3mxH
 /2kACvhxCRSDthkEZsyvtWVIPx/6yjNf0W5hOxaiPPAe/4b5pCNpfnZHKn4SNUCz2rAF
 kZqpOLGQ73j4kdGvfjScjQ4JDO99UxZe4iXwR2mnCFE7lKVc6x/2yy+f/as/7myu1WPd
 xkrQ==
X-Gm-Message-State: AOAM533QnzShF27UzrPPiAQ1fNm0bGrK17KGhXMjmlRisrRzANZC5On5
 Z0xqR0xlqSowDox09WtGkJEDCe7QD7Y=
X-Google-Smtp-Source: 
 ABdhPJwuD0LOapzUI3VTgdn999X5zQ+ItV9dTr3FIydvYYCk2qbjYG4UYO/VQ80BK5N3Jmvc+Iem/A==
X-Received: by 2002:a17:906:c087:: with SMTP id
 f7mr68866ejz.492.1611244121445;
 Thu, 21 Jan 2021 07:48:41 -0800 (PST)
Received: from dell.be.48ers.dk (d51A5BC31.access.telenet.be. [81.165.188.49])
 by smtp.gmail.com with ESMTPSA id
 j4sm1984434edt.18.2021.01.21.07.48.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 21 Jan 2021 07:48:40 -0800 (PST)
Received: from peko by dell.be.48ers.dk with local (Exim 4.92)
 (envelope-from <peko@dell.be.48ers.dk>)
 id 1l2cCN-0002SO-JX; Thu, 21 Jan 2021 16:48:39 +0100
From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Date: Thu, 21 Jan 2021 16:48:22 +0100
Message-Id: <20210121154829.9353-4-peter@korsgaard.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210121154829.9353-1-peter@korsgaard.com>
References: <20210121154829.9353-1-peter@korsgaard.com>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH-2020.02.x 04/11] package/gst1-plugins-bad:
 security bump to version 1.16.3
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Peter Korsgaard <peter@korsgaard.com>, Adam Duskett <aduskett@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Fixes the following security issue:

- CVE-2021-3185: gstreamer: buffer overflow in
  gst_h264_slice_parse_dec_ref_pic_marking

For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2021/01/20/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash | 4 ++--
 package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash b/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash
index 7b59b4dbec..a778a4007c 100644
--- a/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash
+++ b/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.hash
@@ -1,4 +1,4 @@
-# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.16.2.tar.xz.sha256sum
-sha256 f1cb7aa2389569a5343661aae473f0a940a90b872001824bc47fa8072a041e74 gst-plugins-bad-1.16.2.tar.xz
+# From https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-1.16.3.tar.xz.sha256sum
+sha256 84efe57011658f0a53a5d5b20f64ef109f5105dccb0808c21e069e946673514d gst-plugins-bad-1.16.3.tar.xz
 sha256 0b12e4d1cd5db5f8a0c04fc98a1d8c3acc533097b6198d6644420da78d460223 COPYING
 sha256 cf9b86bcf2d298e8cf5b9d8982f9dab296465b002fdfa0347357a0732f961e03 COPYING.LIB
diff --git a/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk b/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk
index ef36e4dc0a..fcb98e433f 100644
--- a/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk
+++ b/package/gstreamer1/gst1-plugins-bad/gst1-plugins-bad.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_PLUGINS_BAD_VERSION = 1.16.2
+GST1_PLUGINS_BAD_VERSION = 1.16.3
 GST1_PLUGINS_BAD_SOURCE = gst-plugins-bad-$(GST1_PLUGINS_BAD_VERSION).tar.xz
 GST1_PLUGINS_BAD_SITE = https://gstreamer.freedesktop.org/src/gst-plugins-bad
 GST1_PLUGINS_BAD_INSTALL_STAGING = YES