From afd59811a1f4b2037d77293064a4fee0ac91af6f Mon Sep 17 00:00:00 2001
From: Graham Christensen <graham@grahamc.com>
Date: Wed, 8 Feb 2017 08:27:59 -0500
Subject: gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs

gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
---
 pkgs/development/libraries/gstreamer/bad/default.nix      | 4 ++--
 pkgs/development/libraries/gstreamer/base/default.nix     | 4 ++--
 pkgs/development/libraries/gstreamer/core/default.nix     | 4 ++--
 pkgs/development/libraries/gstreamer/ges/default.nix      | 4 ++--
 pkgs/development/libraries/gstreamer/good/default.nix     | 4 ++--
 pkgs/development/libraries/gstreamer/libav/default.nix    | 4 ++--
 pkgs/development/libraries/gstreamer/python/default.nix   | 4 ++--
 pkgs/development/libraries/gstreamer/ugly/default.nix     | 4 ++--
 pkgs/development/libraries/gstreamer/vaapi/default.nix    | 4 ++--
 pkgs/development/libraries/gstreamer/validate/default.nix | 4 ++--
 10 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/pkgs/development/libraries/gstreamer/bad/default.nix b/pkgs/development/libraries/gstreamer/bad/default.nix
index 7479c153af21..f0e88551169d 100644
--- a/pkgs/development/libraries/gstreamer/bad/default.nix
+++ b/pkgs/development/libraries/gstreamer/bad/default.nix
@@ -14,7 +14,7 @@ let
   inherit (stdenv.lib) optional optionalString;
 in
 stdenv.mkDerivation rec {
-  name = "gst-plugins-bad-1.10.2";
+  name = "gst-plugins-bad-1.10.3";
 
   meta = with stdenv.lib; {
     description = "Gstreamer Bad Plugins";
@@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-plugins-bad/${name}.tar.xz";
-    sha256 = "0fisnnfpp3s8pbm6hjrfi4wjpq2da8c6w3ns9pjcg7590f9wm587";
+    sha256 = "1rwla1p57yzygb68z2xk5l5kvqzj5w3nxq0davkwk139zd8r6294";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/gstreamer/base/default.nix b/pkgs/development/libraries/gstreamer/base/default.nix
index c3e8f3c65a15..ecb431091adf 100644
--- a/pkgs/development/libraries/gstreamer/base/default.nix
+++ b/pkgs/development/libraries/gstreamer/base/default.nix
@@ -4,7 +4,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gst-plugins-base-1.10.2";
+  name = "gst-plugins-base-1.10.3";
 
   meta = {
     description = "Base plugins and helper libraries";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-plugins-base/${name}.tar.xz";
-    sha256 = "086yjwmp4fykcqkj6zqhwrk2z49981kl8x545vz2wvblrc7x9h7v";
+    sha256 = "040pifl4cgsqqz2si4s1y5khj3zwm39w21siagxwp805swbrcag6";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/gstreamer/core/default.nix b/pkgs/development/libraries/gstreamer/core/default.nix
index 8b27fa7ad3b3..72a519ab34fe 100644
--- a/pkgs/development/libraries/gstreamer/core/default.nix
+++ b/pkgs/development/libraries/gstreamer/core/default.nix
@@ -3,7 +3,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gstreamer-1.10.2";
+  name = "gstreamer-1.10.3";
 
   meta = {
     description = "Open source multimedia framework";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gstreamer/${name}.tar.xz";
-    sha256 = "0rcd4ya4k99x6ngm9v78as7ql0rqibkwshc13lb4rjdszs0qw3hm";
+    sha256 = "0gdnxg5igbhnpjhrzp31w1ww95j805byqd6mj3x29wli54dxrfc5";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/gstreamer/ges/default.nix b/pkgs/development/libraries/gstreamer/ges/default.nix
index a45c190b0207..ab3a0c00e03c 100644
--- a/pkgs/development/libraries/gstreamer/ges/default.nix
+++ b/pkgs/development/libraries/gstreamer/ges/default.nix
@@ -3,7 +3,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gstreamer-editing-services-1.10.2";
+  name = "gstreamer-editing-services-1.10.3";
 
   meta = with stdenv.lib; {
     description = "Library for creation of audio/video non-linear editors";
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gstreamer-editing-services/${name}.tar.xz";
-    sha256 = "0hx7bwj8li88qq09slvdxlnfq76hr35nyjvd4ixrz5gmkpmrl5fv";
+    sha256 = "0ax3qbi1m4wcii03ysln3lm8nhw3fr2rd35ndfy4mr4vg2nm5gxw";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/gstreamer/good/default.nix b/pkgs/development/libraries/gstreamer/good/default.nix
index fbf67fb34f54..c0d017fcaead 100644
--- a/pkgs/development/libraries/gstreamer/good/default.nix
+++ b/pkgs/development/libraries/gstreamer/good/default.nix
@@ -10,7 +10,7 @@ let
   inherit (stdenv.lib) optionals optionalString;
 in
 stdenv.mkDerivation rec {
-  name = "gst-plugins-good-1.10.2";
+  name = "gst-plugins-good-1.10.3";
 
   meta = with stdenv.lib; {
     description = "Gstreamer Good Plugins";
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-plugins-good/${name}.tar.xz";
-    sha256 = "04rksbhjj2yz32g523cfabwqn2s3byd94dpbxghxr0p9ridk53qr";
+    sha256 = "0mar8ss8bvpz699ql4kgndvna8qsv7kj372py4435ffl6hzfj1sf";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/gstreamer/libav/default.nix b/pkgs/development/libraries/gstreamer/libav/default.nix
index 447b679898a4..32000bb89a02 100644
--- a/pkgs/development/libraries/gstreamer/libav/default.nix
+++ b/pkgs/development/libraries/gstreamer/libav/default.nix
@@ -9,7 +9,7 @@
 assert withSystemLibav -> libav != null;
 
 stdenv.mkDerivation rec {
-  name = "gst-libav-1.10.2";
+  name = "gst-libav-1.10.3";
 
   meta = {
     homepage = "http://gstreamer.freedesktop.org";
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-libav/${name}.tar.xz";
-    sha256 = "0g778j7w4vpbhwjzyrzpajvr26nxm6vqby84v8g1w1hz44v71pd3";
+    sha256 = "1aajayv63ardkbmcg7pnh2d87r067325a5wzinwihaw6n5jw2sws";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/gstreamer/python/default.nix b/pkgs/development/libraries/gstreamer/python/default.nix
index 880b5d734d41..1fd346f64253 100644
--- a/pkgs/development/libraries/gstreamer/python/default.nix
+++ b/pkgs/development/libraries/gstreamer/python/default.nix
@@ -6,14 +6,14 @@
 let
   inherit (pythonPackages) python pygobject3;
 in stdenv.mkDerivation rec {
-  name = "gst-python-1.10.2";
+  name = "gst-python-1.10.3";
 
   src = fetchurl {
     urls = [
       "${meta.homepage}/src/gst-python/${name}.tar.xz"
       "mirror://gentoo/distfiles/${name}.tar.xz"
       ];
-    sha256 = "1sljnqkxf2ix6yzghrapw5irl0rbp8aa8w2hggk7i6d9js10ls71";
+    sha256 = "1sljnqkxf2ix7yzghrapw5irl0rbp8aa8w2hggk7i6d9js10ls71";
   };
 
   patches = [ ./different-path-with-pygobject.patch ];
diff --git a/pkgs/development/libraries/gstreamer/ugly/default.nix b/pkgs/development/libraries/gstreamer/ugly/default.nix
index 981a05b4f1f7..7220acf2d4d5 100644
--- a/pkgs/development/libraries/gstreamer/ugly/default.nix
+++ b/pkgs/development/libraries/gstreamer/ugly/default.nix
@@ -5,7 +5,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gst-plugins-ugly-1.10.2";
+  name = "gst-plugins-ugly-1.10.3";
 
   meta = with stdenv.lib; {
     description = "Gstreamer Ugly Plugins";
@@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-plugins-ugly/${name}.tar.xz";
-    sha256 = "17gc2zd3v6spmm2d6912sqfcyyv5f2ghdhq31f5kx5mw5r6ds0zk";
+    sha256 = "1lkb8kznc9wxmhbp7k67b50y27nz8jp2x2flb91xzydz7b89f5f9";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/gstreamer/vaapi/default.nix b/pkgs/development/libraries/gstreamer/vaapi/default.nix
index f136df099bf2..ec882a2863ab 100644
--- a/pkgs/development/libraries/gstreamer/vaapi/default.nix
+++ b/pkgs/development/libraries/gstreamer/vaapi/default.nix
@@ -5,11 +5,11 @@
 
 stdenv.mkDerivation rec {
   name = "gst-vaapi-${version}";
-  version = "1.10.2";
+  version = "1.10.3";
 
   src = fetchurl {
     url = "${meta.homepage}/src/gstreamer-vaapi/gstreamer-vaapi-${version}.tar.xz";
-    sha256 = "1abzaj9kczap1xmalgzid1k3gqcn1ghnn76cn2kclc1gbfwd4ccy";
+    sha256 = "07ing6z7n0ylz5vknk3d2lw54a6szd6m8hqc3px6lahmd832ga6f";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/gstreamer/validate/default.nix b/pkgs/development/libraries/gstreamer/validate/default.nix
index a05bbd3e9a2f..6677926eaa99 100644
--- a/pkgs/development/libraries/gstreamer/validate/default.nix
+++ b/pkgs/development/libraries/gstreamer/validate/default.nix
@@ -3,7 +3,7 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "gst-validate-1.10.2";
+  name = "gst-validate-1.10.3";
 
   meta = {
     description = "Integration testing infrastructure for the GStreamer framework";
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/src/gst-validate/${name}.tar.xz";
-    sha256 = "1mwyk3b19aq78mjhmrpc7qqs9flrykrn1j763g5wx546swc489xy";
+    sha256 = "00icav26pj81cxdykf86rp3jw6lb178ydrqhcck43i94jdb4hsxy";
   };
 
   outputs = [ "out" "dev" ];
-- 
cgit 1.4.1