Hello community, here is the log from the commit of package gstreamer-plugins-bad for openSUSE:Factory checked in at 2017-02-08 10:52:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gstreamer-plugins-bad (Old) and /work/SRC/openSUSE:Factory/.gstreamer-plugins-bad.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gstreamer-plugins-bad" Changes: -------- --- /work/SRC/openSUSE:Factory/gstreamer-plugins-bad/gstreamer-plugins-bad.changes 2017-02-03 17:41:47.961897115 +0100 +++ /work/SRC/openSUSE:Factory/.gstreamer-plugins-bad.new/gstreamer-plugins-bad.changes 2017-02-08 10:52:06.481783662 +0100 @@ -1,0 +2,14 @@ +Sat Feb 4 20:33:04 UTC 2017 - zaitor@opensuse.org + +- Fix CVE-2017-5847 (boo#1023259): + + Add gstreamer-plugins-bad-CVE-2017-5848.patch: psdemux: Rewrite + PSM parsing using GstByteReader. Avoid possible buffer + overflows and ignore invalid PSM packets better by using + GstByteReader (bgo#777957). + +------------------------------------------------------------------- +Thu Feb 2 12:07:47 UTC 2017 - zaitor@opensuse.org + +- Add gstreamer-plugins-bad Requires in devel subpackage. + +------------------------------------------------------------------- @@ -4 +18 @@ -- Update to version 1.10.3: +- Update to version 1.10.3 (CVE-2017-5838): @@ -13 +27 @@ -- Wrap wayland support properly to fix builderrors in non-TW +- Wrap wayland support properly to fix builderrors in non-TW. New: ---- gstreamer-plugins-bad-CVE-2017-5848.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gstreamer-plugins-bad.spec ++++++ --- /var/tmp/diff_new_pack.ExRylh/_old 2017-02-08 10:52:08.213542305 +0100 +++ /var/tmp/diff_new_pack.ExRylh/_new 2017-02-08 10:52:08.221541190 +0100 @@ -47,6 +47,8 @@ Source99: baselibs.conf # PATCH-FIX-UPSTREAM gstreamer-revert-bogus-automake-version.patch bgo# zaitor@opensuse.org -- Patch1: gstreamer-revert-bogus-automake-version.patch +# PATCH-FIX-UPSTREAM gstreamer-plugins-bad-CVE-2017-5848.patch CVE-2017-5848 zaitor@opensuse.org -- Fix boo#1023259 +Patch2: gstreamer-plugins-bad-CVE-2017-5848.patch # Not ported yet #BuildRequires: SDL-devel BuildRequires: fdupes @@ -407,6 +409,7 @@ %package devel Summary: GStreamer Streaming-Media Framework Plug-Ins Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} Requires: gstreamer-devel Requires: libgstadaptivedemux-1_0-0 = %{version} Requires: libgstbadbase-1_0-0 = %{version} @@ -445,6 +448,7 @@ %prep %setup -q -n %{_name}-%{version} %patch1 -p1 -R +%patch2 -p1 %build NOCONFIGURE=1 ./autogen.sh ++++++ gstreamer-plugins-bad-CVE-2017-5848.patch ++++++ ++++ 947 lines (skipped)