[Pkg-nginx-maintainers] Bug#880718: libnginx-mod-rtmp: MPEG-dash manifest files structure makes them unexploitable
Cyril Mertens
mirtouf at mirtouf.fr
Sat Nov 4 12:21:17 UTC 2017
Package: libnginx-mod-rtmp
Version: 1.13.3-1~bpo9+1
Severity: normal
Dear Maintainer,
I am using libnginx-mod-rtmp for my own need of streaming without relying on proprietary platforms but it appears that the implementation of MPEG-dash leads to malformatted manifest files.
As far as I noticed, Debian is using the master tree from https://github.com/arut/nginx-rtmp-module as it was after 13/02/2017 but before 10/07/2017.
Using this actual version of the module leads to malformatted manifest and maybe other errors.
As a quick & dirty workaround I rebuild the package using the dev tree of https://github.com/sergey-dryabzhinsky/nginx-rtmp-module/tree/dev which seems to contain interesting patchset like
https://github.com/sergey-dryabzhinsky/nginx-rtmp-module/commit/7db5ef0ea56a113c7579a408cf2c13ab9a7ffa22.patch
but sadly the devlopment of this fork seems to be stalled.
Nevertheless I was able to play the streaming with MPEG-dash capabilities
For your reference here is the useable manifest files (tested with flwoplayer and VLC nightlies 3.0.0) I get with the fork:
<?xml version="1.0"?>
<MPD
type="dynamic"
xmlns="urn:mpeg:dash:schema:mpd:2011"
availabilityStartTime="2017-11-04T12:06:27Z"
publishTime="2017-11-04T12:06:27Z"
minimumUpdatePeriod="PT8.333S"
minBufferTime="PT5.000S"
timeShiftBufferDepth="P0Y00M00DT0H00M24.999S"
suggestedPresentationDelay="PT17.666S"
profiles="urn:hbbtv:dash:profile:isoff-live:2012,urn:mpeg:dash:profile:isoff-live:2011"
xmlns:xsi="http://www.w3.org/2011/XMLSchema-instance"
xsi:schemaLocation="urn:mpeg:DASH:schema:MPD:2011 DASH-MPD.xsd">
<Period start="PT0S" id="dash">
<AdaptationSet
id="1"
startWithSAP="1"
segmentAlignment="true"
maxWidth="1280"
maxHeight="720"
maxFrameRate="30"
par="16:9">
<Representation
id="ff1_stream_H264"
mimeType="video/mp4"
codecs="avc1.4d401f"
width="1280"
height="720"
frameRate="30"
sar="1:1"
bandwidth="2500000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="$Time$.m4v"
initialization="init.m4v">
<SegmentTimeline>
<S t="0" d="8333"/>
<S t="8333" d="8333"/>
<S t="16666" d="8333"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
<AdaptationSet
id="2"
startWithSAP="1"
segmentAlignment="true">
<AudioChannelConfiguration
schemeIdUri="urn:mpeg:dash:23003:3:audio_channel_configuration:2011"
value="1"/>
<Representation
id="ff1_stream_AAC"
mimeType="audio/mp4"
codecs="mp4a.40.2"
audioSamplingRate="44100"
bandwidth="160000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="$Time$.m4a"
initialization="init.m4a">
<SegmentTimeline>
<S t="0" d="8333"/>
<S t="8333" d="8333"/>
<S t="16666" d="8333"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
</Period>
</MPD>
and with the module provided with Debian package:
<?xml version="1.0"?>
<MPD
type="dynamic"
xmlns="urn:mpeg:dash:schema:mpd:2011"
availabilityStartTime="2017-11-04T13:08:10+01:00"
availabilityEndTime="2017-11-04T13:08:18+01:00"
minimumUpdatePeriod="PT5S"
minBufferTime="PT5S"
timeShiftBufferDepth="PT0H0M0.00S"
suggestedPresentationDelay="PT10S"
profiles="urn:hbbtv:dash:profile:isoff-live:2012,urn:mpeg:dash:profile:isoff-live:2011"
xmlns:xsi="http://www.w3.org/2011/XMLSchema-instance"
xsi:schemaLocation="urn:mpeg:DASH:schema:MPD:2011 DASH-MPD.xsd">
<Period start="PT0S" id="dash">
<AdaptationSet
id="1"
segmentAlignment="true"
maxWidth="1280"
maxHeight="720"
maxFrameRate="30">
<Representation
id="ff1_stream_H264"
mimeType="video/mp4"
codecs="avc1.4d401f"
width="1280"
height="720"
frameRate="30"
sar="1:1"
startWithSAP="1"
bandwidth="2500000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="$Time$.m4v"
initialization="init.m4v">
<SegmentTimeline>
<S t="0" d="8333"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
<AdaptationSet
id="2"
segmentAlignment="true">
<AudioChannelConfiguration
schemeIdUri="urn:mpeg:dash:23003:3:audio_channel_configuration:2011"
value="1"/>
<Representation
id="ff1_stream_AAC"
mimeType="audio/mp4"
codecs="mp4a.40.2"
audioSamplingRate="44100"
startWithSAP="1"
bandwidth="160000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="$Time$.m4a"
initialization="init.m4a">
<SegmentTimeline>
<S t="0" d="8333"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
</Period>
</MPD>
You will notice some differences in the structure.
I tried to incorporate some patches from the fork into the tree used by Debian but it seems more work is needed which I am not able to do because I do not have the required level in C.
I read the discussion of bug #843777 and despite being a very useful module, I understand the point of needing a reliable upstream contact for package maintenance.
Let me know if you need further testing from my side.
Regards,
Cyril
-- System Information:
Debian Release: 9.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (200, 'testing')
Architecture: arm64 (aarch64)
Kernel: Linux 4.9.58-mainline-rev1 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libnginx-mod-rtmp depends on:
ii libc6 2.24-11+deb9u1
ii nginx-common 1.13.3-1~bpo9+1
libnginx-mod-rtmp recommends no packages.
libnginx-mod-rtmp suggests no packages.
-- no debconf information
More information about the Pkg-nginx-maintainers
mailing list