ffmpeg_5,ffmpeg_5-full: cherry-pick IPFS default gateway removal

ffmpeg 5.1 introduced ipfs:// and ipns:// streaming support as part of
libavformat. This new implementation falls back to fetching from an
untrusted 3rd party internet service in the (likely) case where a user
doesn't have a local IPFS gateway running on their computer. This puts
an unaudited 3rd party provider in a position where they can log and
alter any IPFS content being streamed by the ffmpeg library. No user
consent is collected at any point by the library.

ffmpeg developers are currently discussing [1] how to better implement
this feature. In the meantime, cherry-pick the proposed patch to disable
the default gateway until a better alternative is released.

[1] https://ffmpeg.org/pipermail/ffmpeg-devel/2022-August/299924.html
This commit is contained in:
Pierre Bourdon 2022-08-12 23:55:35 +02:00
parent a253a7da71
commit ece53aed8b
No known key found for this signature in database
GPG key ID: 6FB80DCD84DA0F1C
2 changed files with 43 additions and 0 deletions

View file

@ -9,4 +9,10 @@ callPackage ./generic.nix (rec {
branch = version;
sha256 = "sha256-MrVvsBzpDUUpWK4l6RyVZKv0ntVFPBJ77CPGPlMKqPo=";
darwinFrameworks = [ Cocoa CoreMedia VideoToolbox ];
# Newly introduced IPFS support in ffmpeg 5.1 relies on untrusted third
# party services, leading to consent and privacy issues. See upstream
# discussion for more information:
# https://ffmpeg.org/pipermail/ffmpeg-devel/2022-August/299924.html
patches = [ ./ipfs-remove-default-gateway.patch ];
} // args)

View file

@ -0,0 +1,37 @@
A gateway can see everything, and we should not be shipping a hardcoded
default from a third party company; it's a security risk.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
---
libavformat/ipfsgateway.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/libavformat/ipfsgateway.c b/libavformat/ipfsgateway.c
index 5a5178c563..907b61b017 100644
--- a/libavformat/ipfsgateway.c
+++ b/libavformat/ipfsgateway.c
@@ -240,13 +240,8 @@ static int translate_ipfs_to_http(URLContext *h, const char *uri, int flags, AVD
ret = populate_ipfs_gateway(h);
if (ret < 1) {
- // We fallback on dweb.link (managed by Protocol Labs).
- snprintf(c->gateway_buffer, sizeof(c->gateway_buffer), "https://dweb.link");
-
- av_log(h, AV_LOG_WARNING,
- "IPFS does not appear to be running. "
- "Youre now using the public gateway at dweb.link.\n");
- av_log(h, AV_LOG_INFO,
+ av_log(h, AV_LOG_ERROR,
+ "IPFS does not appear to be running.\n\n"
"Installing IPFS locally is recommended to "
"improve performance and reliability, "
"and not share all your activity with a single IPFS gateway.\n"
@@ -259,6 +254,8 @@ static int translate_ipfs_to_http(URLContext *h, const char *uri, int flags, AVD
"3. Define an $IPFS_PATH environment variable "
"and point it to the IPFS data path "
"- this is typically ~/.ipfs\n");
+ ret = AVERROR(EINVAL);
+ goto err;
}
}