Fixes the following security issues:
- CVE-2019-6256: A Denial of Service issue was discovered in the LIVE555
Streaming Media libraries as used in Live555 Media Server 0.93. It can
cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when
RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in
a GET request and a POST request within the same TCP session. This occurs
because of a call to an incorrect virtual function pointer in the
readSocket function in GroupsockHelper.cpp.
- CVE-2019-7314: liblivemedia in Live555 before 2019.02.03 mishandles the
termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up,
which could lead to a Use-After-Free error that causes the RTSP server to
crash (Segmentation fault) or possibly have unspecified other impact.
- CVE-2019-9215: n Live555 before 2019.02.27, malformed headers lead to
invalid memory access in the parseAuthorizationHeader function.
The normal live555 web site is temporarily unavailable, so use an
alternative _SITE / drop upstream hash.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-# From http://live555.com/liveMedia/public/live555-latest-md5.txt
-md5 3383dea853735b7a73eda6ddb52b6372 live.2018.10.17.tar.gz
# Locally generated
-sha256 7c68d9c95b39acd309a2b6a4fc14c3837544a9be3f64062ed38d1ad6f68dc9e8 live.2018.10.17.tar.gz
+sha256 0bd0c26d980425d9a419d835193e292a08a968f175da1902da4b495f126d5abd live.2019.03.06.tar.gz
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
#
################################################################################
-LIVE555_VERSION = 2018.10.17
+LIVE555_VERSION = 2019.03.06
LIVE555_SOURCE = live.$(LIVE555_VERSION).tar.gz
-LIVE555_SITE = http://www.live555.com/liveMedia/public
+LIVE555_SITE = http://www.live555.com
LIVE555_LICENSE = LGPL-2.1+
LIVE555_LICENSE_FILES = COPYING
LIVE555_INSTALL_STAGING = YES
projects / buildroot.git / commitdiff