d-two/operating-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Buildroot to 2019.02.3 (#415)

Browse Source 
* Update Buildroot to 2019-02.3

* Fix enter script

* Update ova_defconfig

* Fix network manager

* Remove runc patches

* Use same docker version

* Fix build

* Fix vmtools

* Fix depens

* Fix handling with tempfiles

* Fix permission handling

* Fix cp

* Cleanup

* Fix mounts
This commit is contained in:
Pascal Vizeli
2019-06-27 11:58:50 +02:00
committed by GitHub
parent bb201fb842
commit 41d3f59002
2416 changed files with 36288 additions and 21885 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
buildroot/package/gstreamer1/gst1-plugins-base/0001-gstrtspconnection-Security-loophole-making-heap-over.patch Normal file
View File

@@ -0,0 +1,31 @@
From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001
From: Tobias Ronge <tobiasr@axis.com>
Date: Thu, 14 Mar 2019 10:12:27 +0100
Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow
The former code allowed an attacker to create a heap overflow by
sending a longer than allowed session id in a response and including a
semicolon to change the maximum length. With this change, the parser
will never go beyond 512 bytes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
gst-libs/gst/rtsp/gstrtspconnection.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c b/gst-libs/gst/rtsp/gstrtspconnection.c
index a6755bedd..c0429064a 100644
--- a/gst-libs/gst/rtsp/gstrtspconnection.c
+++ b/gst-libs/gst/rtsp/gstrtspconnection.c
@@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * message,
maxlen = sizeof (conn->session_id) - 1;
/* the sessionid can have attributes marked with ;
* Make sure we strip them */
- for (i = 0; session_id[i] != '\0'; i++) {
+ for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
if (session_id[i] == ';') {
maxlen = i;
/* parse timeout */
--
2.11.0

1
buildroot/package/gstreamer1/gst1-plugins-base/gst1-plugins-base.mk
View File

@@ -11,7 +11,6 @@ GST1_PLUGINS_BASE_INSTALL_STAGING = YES
GST1_PLUGINS_BASE_LICENSE_FILES = COPYING.LIB
GST1_PLUGINS_BASE_LICENSE = LGPL-2.0+, LGPL-2.1+
# gio_unix_2_0 is only used for tests
GST1_PLUGINS_BASE_CONF_OPTS = \
--disable-examples \
--disable-valgrind \