import CS gstreamer1-plugins-base-1.22.12-4.el9

.gitignore

@@ -1 +1 @@
-SOURCES/gst-plugins-base-1.22.1.tar.xz
+SOURCES/gst-plugins-base-1.22.12.tar.xz

.gstreamer1-plugins-base.metadata

@@ -1 +1 @@
-489d54fcc3c8ee63cd03614e2f0e1ebfd5815539 SOURCES/gst-plugins-base-1.22.1.tar.xz
+e5c16230351e77f59073c2dcca7bfa2d39cbef60 SOURCES/gst-plugins-base-1.22.12.tar.xz

SOURCES/0001-missing-plugins-Remove-the-mpegaudioversion-field.patch

@@ -1,21 +1,22 @@
-From 06ca82cad9898f5df40011fe0614ee1dfd89f1ae Mon Sep 17 00:00:00 2001
+From 55b9602e9728e5c0cdfa7e907b5a24a75fe23283 Mon Sep 17 00:00:00 2001
-From: Bastien Nocera <hadess@hadess.net>
+From: Wim Taymans <wtaymans@redhat.com>
-Date: Fri, 3 Aug 2012 17:50:24 +0100
+Date: Fri, 13 Dec 2024 15:22:07 +0100
-Subject: [PATCH 1/2] missing-plugins: Remove the mpegaudioversion field
+Subject: [PATCH 01/10] Subject: [PATCH 1/2] missing-plugins: Remove the
+ mpegaudioversion field
 
 From missing plugins requests as it's a duplicate of mpegversion
 and its presence would break codec discovery when using RPM.
 
 https://bugzilla.redhat.com/show_bug.cgi?id=680809
 ---
- gst-libs/gst/pbutils/missing-plugins.c | 3 +++
+ .../gst-plugins-base/gst-libs/gst/pbutils/missing-plugins.c    | 3 +++
  1 file changed, 3 insertions(+)
 
-diff --git a/gst-libs/gst/pbutils/missing-plugins.c b/gst-libs/gst/pbutils/missing-plugins.c
+diff --git a/subprojects/gst-plugins-base/gst-libs/gst/pbutils/missing-plugins.c b/subprojects/gst-plugins-base/gst-libs/gst/pbutils/missing-plugins.c
-index a08803b18..cdce4bf05 100644
+index 69330b933b..c4fd3e6737 100644
---- a/gst-libs/gst/pbutils/missing-plugins.c
+--- a/subprojects/gst-plugins-base/gst-libs/gst/pbutils/missing-plugins.c
-+++ b/gst-libs/gst/pbutils/missing-plugins.c
++++ b/subprojects/gst-plugins-base/gst-libs/gst/pbutils/missing-plugins.c
-@@ -151,6 +151,9 @@ copy_and_clean_caps (const GstCaps * caps)
+@@ -191,6 +191,9 @@ copy_and_clean_caps (const GstCaps * caps)
    gst_structure_remove_field (s, "play-speed");
    gst_structure_remove_field (s, "play-scale");
    gst_structure_remove_field (s, "dynamic_range");
@@ -26,5 +27,5 @@ index a08803b18..cdce4bf05 100644
    return ret;
  }
 -- 
-2.14.3
+2.47.0
 

SOURCES/0001-subparse-Look-for-the-closing-of-a-tag-after-the-ope.patch

@@ -1,36 +0,0 @@
-From f7f24aed62178dc1deb581a512029dcb20727137 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Tue, 13 Jun 2023 12:53:13 +0300
-Subject: [PATCH 1/2] subparse: Look for the closing `>` of a tag after the
- opening `<`
-
-Previously when fixing up subrip markip, we were looking from the start
-of the remaining buffer instead. Due to how skipping over closing tags
-works, the remaining buffer will still contain the closing `>` of the
-previous tag so if a unexpected closing tag is found after another
-closing tag, we would potentially do an out of bounds memmove().
-
-Fixes ZDI-CAN-20968
-Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2662
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895>
----
- subprojects/gst-plugins-base/gst/subparse/gstsubparse.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
-index 7aa922cdd8..d0960a971a 100644
---- a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
-+++ b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
-@@ -779,7 +779,7 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
-     }
- 
-     if (*next_tag == '<' && *(next_tag + 1) == '/') {
--      end_tag = strchr (cur, '>');
-+      end_tag = strchr (next_tag, '>');
-       if (end_tag) {
-         const gchar *last = NULL;
-         if (num_open_tags > 0)
--- 
-2.43.0
-

SOURCES/0002-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch

@@ -0,0 +1,60 @@
+From cdeab27c352d2d90db8c9eb3004eba8969208fa9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Thu, 26 Sep 2024 13:43:06 +0300
+Subject: [PATCH 02/10] id3v2: Don't try parsing extended header if not enough
+ data is available
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-235
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8095>
+---
+ subprojects/gst-plugins-base/gst-libs/gst/tag/id3v2.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/subprojects/gst-plugins-base/gst-libs/gst/tag/id3v2.c b/subprojects/gst-plugins-base/gst-libs/gst/tag/id3v2.c
+index c295ac89ef..f2b38ca595 100644
+--- a/subprojects/gst-plugins-base/gst-libs/gst/tag/id3v2.c
++++ b/subprojects/gst-plugins-base/gst-libs/gst/tag/id3v2.c
+@@ -29,7 +29,7 @@
+ 
+ #define HANDLE_INVALID_SYNCSAFE
+ 
+-static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size);
++static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work);
+ 
+ #ifndef GST_DISABLE_GST_DEBUG
+ 
+@@ -258,7 +258,7 @@ gst_tag_list_from_id3v2_tag (GstBuffer * buffer)
+     GST_MEMDUMP ("ID3v2 tag (un-unsyced)", uu_data, work.hdr.frame_data_size);
+   }
+ 
+-  id3v2_frames_to_tag_list (&work, work.hdr.frame_data_size);
++  id3v2_frames_to_tag_list (&work);
+ 
+   g_free (uu_data);
+ 
+@@ -440,12 +440,17 @@ id3v2_add_id3v2_frame_blob_to_taglist (ID3TagsWorking * work,
+ }
+ 
+ static gboolean
+-id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size)
++id3v2_frames_to_tag_list (ID3TagsWorking * work)
+ {
+   guint frame_hdr_size;
+ 
+   /* Extended header if present */
+   if (work->hdr.flags & ID3V2_HDR_FLAG_EXTHDR) {
++    if (work->hdr.frame_data_size < 4) {
++      GST_DEBUG ("Tag has no extended header data. Broken tag");
++      return FALSE;
++    }
++
+     work->hdr.ext_hdr_size = id3v2_read_synch_uint (work->hdr.frame_data, 4);
+ 
+     /* In id3v2.4.x the header size is the size of the *whole*
+-- 
+2.47.0
+

SOURCES/0002-subparse-Skip-after-the-end-of-a-valid-closing-tag-i.patch

@@ -1,33 +0,0 @@
-From 997e8b0a485a22a9e44d503d7a1c6aa1970061e0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Tue, 13 Jun 2023 12:58:26 +0300
-Subject: [PATCH 2/2] subparse: Skip after the end of a valid closing tag
- instead of only skipping `<`
-
-This is a small optimization and avoids restarting the next parsing
-iteration on already accepted data.
-
-On its own it would also fix ZDI-CAN-20968 (see previous commit) but the
-previous commit independently is also a valid fix for it.
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895>
----
- subprojects/gst-plugins-base/gst/subparse/gstsubparse.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
-index d0960a971a..b33ddbb2a7 100644
---- a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
-+++ b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
-@@ -794,6 +794,8 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
-         } else {
-           --num_open_tags;
-           g_ptr_array_remove_index (open_tags, num_open_tags);
-+          cur = end_tag + 1;
-+          continue;
-         }
-       }
-     }
--- 
-2.43.0
-

SOURCES/0003-opusdec-Set-at-most-64-channels-to-NONE-position.patch

@@ -0,0 +1,37 @@
+From 5e45367c3abc0b5b6e391bc7ec959bb486d636b8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 1 Oct 2024 13:22:50 +0300
+Subject: [PATCH 03/10] opusdec: Set at most 64 channels to NONE position
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-116
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8096>
+---
+ subprojects/gst-plugins-base/ext/opus/gstopusdec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/subprojects/gst-plugins-base/ext/opus/gstopusdec.c b/subprojects/gst-plugins-base/ext/opus/gstopusdec.c
+index 60f8879dc5..03d061ad00 100644
+--- a/subprojects/gst-plugins-base/ext/opus/gstopusdec.c
++++ b/subprojects/gst-plugins-base/ext/opus/gstopusdec.c
+@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * dec, GstBuffer * buf)
+         posn = gst_opus_channel_positions[dec->n_channels - 1];
+         break;
+       default:{
+-        gint i;
++        guint i, max_pos = MIN (dec->n_channels, 64);
+ 
+         GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
+             (NULL), ("Using NONE channel layout for more than 8 channels"));
+ 
+-        for (i = 0; i < dec->n_channels; i++)
++        for (i = 0; i < max_pos; i++)
+           pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
+ 
+         posn = pos;
+-- 
+2.47.0
+

SOURCES/0004-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch

@@ -0,0 +1,76 @@
+From 6b757bd74b49cbcdabea2a87449038314ce926f9 Mon Sep 17 00:00:00 2001
+From: Mathieu Duponchelle <mathieu@centricular.com>
+Date: Wed, 2 Oct 2024 15:16:30 +0200
+Subject: [PATCH 04/10] vorbis_parse: check writes to
+ GstOggStream.vorbis_mode_sizes
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-117 Fixes gstreamer#3875
+
+Also perform out-of-bounds check for accesses to op->packet
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8097>
+---
+ .../gst-plugins-base/ext/ogg/vorbis_parse.c   | 21 +++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/subprojects/gst-plugins-base/ext/ogg/vorbis_parse.c b/subprojects/gst-plugins-base/ext/ogg/vorbis_parse.c
+index 65ef463808..757c7cd82b 100644
+--- a/subprojects/gst-plugins-base/ext/ogg/vorbis_parse.c
++++ b/subprojects/gst-plugins-base/ext/ogg/vorbis_parse.c
+@@ -165,6 +165,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+     if (offset == 0) {
+       offset = 8;
+       current_pos -= 1;
++
++      /* have we underrun? */
++      if (current_pos < op->packet)
++        return -1;
+     }
+   }
+ 
+@@ -178,6 +182,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+     if (offset == 7)
+       current_pos -= 1;
+ 
++    /* have we underrun? */
++    if (current_pos < op->packet + 5)
++      return -1;
++
+     if (((current_pos[-5] & ~((1 << (offset + 1)) - 1)) != 0)
+         ||
+         current_pos[-4] != 0
+@@ -199,9 +207,18 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+   /* Give ourselves a chance to recover if we went back too far by using
+    * the size check. */
+   for (ii = 0; ii < 2; ii++) {
++
+     if (offset > 4) {
++      /* have we underrun? */
++      if (current_pos < op->packet)
++        return -1;
++
+       size_check = (current_pos[0] >> (offset - 5)) & 0x3F;
+     } else {
++      /* have we underrun? */
++      if (current_pos < op->packet + 1)
++        return -1;
++
+       /* mask part of byte from current_pos */
+       size_check = (current_pos[0] & ((1 << (offset + 1)) - 1));
+       /* shift to appropriate position */
+@@ -233,6 +250,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
+ 
+   mode_size_ptr = pad->vorbis_mode_sizes;
+ 
++  if (size > G_N_ELEMENTS (pad->vorbis_mode_sizes)) {
++    return -1;
++  }
++
+   for (i = 0; i < size; i++) {
+     offset = (offset + 1) % 8;
+     if (offset == 0)
+-- 
+2.47.0
+

SOURCES/0005-oggstream-review-and-fix-per-format-min_packet_size.patch

@@ -0,0 +1,164 @@
+From ad43518d16302a97e74e4746730fac960718bd28 Mon Sep 17 00:00:00 2001
+From: Mathieu Duponchelle <mathieu@centricular.com>
+Date: Wed, 2 Oct 2024 16:52:51 +0200
+Subject: [PATCH 05/10] oggstream: review and fix per-format min_packet_size
+
+This addresses all manually detected invalid reads in setup functions.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8097>
+---
+ .../gst-plugins-base/ext/ogg/gstoggstream.c   | 40 ++++++-------------
+ 1 file changed, 12 insertions(+), 28 deletions(-)
+
+diff --git a/subprojects/gst-plugins-base/ext/ogg/gstoggstream.c b/subprojects/gst-plugins-base/ext/ogg/gstoggstream.c
+index a8883304a5..ab6be238dc 100644
+--- a/subprojects/gst-plugins-base/ext/ogg/gstoggstream.c
++++ b/subprojects/gst-plugins-base/ext/ogg/gstoggstream.c
+@@ -665,11 +665,6 @@ setup_vp8_mapper (GstOggStream * pad, ogg_packet * packet)
+ {
+   gint width, height, par_n, par_d, fps_n, fps_d;
+ 
+-  if (packet->bytes < 26) {
+-    GST_DEBUG ("Failed to parse VP8 BOS page");
+-    return FALSE;
+-  }
+-
+   width = GST_READ_UINT16_BE (packet->packet + 8);
+   height = GST_READ_UINT16_BE (packet->packet + 10);
+   par_n = GST_READ_UINT24_BE (packet->packet + 12);
+@@ -1221,11 +1216,6 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
+   gint64 prestime_n, prestime_d;
+   gint64 basetime_n, basetime_d;
+ 
+-  if (packet->bytes < 44) {
+-    GST_DEBUG ("Not enough data for fishead header");
+-    return FALSE;
+-  }
+-
+   data = packet->packet;
+ 
+   data += 8;                    /* header */
+@@ -1256,8 +1246,8 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
+     pad->prestime = -1;
+ 
+   /* Ogg Skeleton 3.3+ streams provide additional information in the header */
+-  if (packet->bytes >= SKELETON_FISHEAD_3_3_MIN_SIZE && pad->skeleton_major == 3
+-      && pad->skeleton_minor > 0) {
++  if (packet->bytes - 44 >= SKELETON_FISHEAD_3_3_MIN_SIZE
++      && pad->skeleton_major == 3 && pad->skeleton_minor > 0) {
+     gint64 firstsampletime_n, firstsampletime_d;
+     gint64 lastsampletime_n, lastsampletime_d;
+     gint64 firstsampletime, lastsampletime;
+@@ -1296,7 +1286,7 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
+ 
+     GST_INFO ("skeleton fishead parsed total: %" GST_TIME_FORMAT,
+         GST_TIME_ARGS (pad->total_time));
+-  } else if (packet->bytes >= SKELETON_FISHEAD_4_0_MIN_SIZE
++  } else if (packet->bytes - 44 >= SKELETON_FISHEAD_4_0_MIN_SIZE
+       && pad->skeleton_major == 4) {
+     guint64 segment_length, content_offset;
+ 
+@@ -1980,9 +1970,6 @@ setup_kate_mapper (GstOggStream * pad, ogg_packet * packet)
+   guint8 *data = packet->packet;
+   const char *category;
+ 
+-  if (packet->bytes < 64)
+-    return FALSE;
+-
+   pad->granulerate_n = GST_READ_UINT32_LE (data + 24);
+   pad->granulerate_d = GST_READ_UINT32_LE (data + 28);
+   pad->granuleshift = GST_READ_UINT8 (data + 15);
+@@ -2111,9 +2098,6 @@ setup_opus_mapper (GstOggStream * pad, ogg_packet * packet)
+ {
+   GstBuffer *buffer;
+ 
+-  if (packet->bytes < 19)
+-    return FALSE;
+-
+   pad->granulerate_n = 48000;
+   pad->granulerate_d = 1;
+   pad->granuleshift = 0;
+@@ -2394,7 +2378,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "\001vorbis", 7, 22,
++    "\001vorbis", 7, 29,
+     "audio/x-vorbis",
+     setup_vorbis_mapper,
+     NULL,
+@@ -2426,7 +2410,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "PCM     ", 8, 0,
++    "PCM     ", 8, 28,
+     "audio/x-raw",
+     setup_pcm_mapper,
+     NULL,
+@@ -2442,7 +2426,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "CMML\0\0\0\0", 8, 0,
++    "CMML\0\0\0\0", 8, 29,
+     "text/x-cmml",
+     setup_cmml_mapper,
+     NULL,
+@@ -2458,7 +2442,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "Annodex", 7, 0,
++    "Annodex", 7, 44,
+     "application/x-annodex",
+     setup_fishead_mapper,
+     NULL,
+@@ -2537,7 +2521,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "CELT    ", 8, 0,
++    "CELT    ", 8, 60,
+     "audio/x-celt",
+     setup_celt_mapper,
+     NULL,
+@@ -2553,7 +2537,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "\200kate\0\0\0", 8, 0,
++    "\200kate\0\0\0", 8, 64,
+     "text/x-kate",
+     setup_kate_mapper,
+     NULL,
+@@ -2585,7 +2569,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "OVP80\1\1", 7, 4,
++    "OVP80\1\1", 7, 26,
+     "video/x-vp8",
+     setup_vp8_mapper,
+     setup_vp8_mapper_from_caps,
+@@ -2601,7 +2585,7 @@ const GstOggMap mappers[] = {
+     update_stats_vp8
+   },
+   {
+-    "OpusHead", 8, 0,
++    "OpusHead", 8, 19,
+     "audio/x-opus",
+     setup_opus_mapper,
+     NULL,
+@@ -2649,7 +2633,7 @@ const GstOggMap mappers[] = {
+     NULL
+   },
+   {
+-    "\001text\0\0\0", 9, 9,
++    "\001text\0\0\0", 9, 25,
+     "application/x-ogm-text",
+     setup_ogmtext_mapper,
+     NULL,
+-- 
+2.47.0
+

SOURCES/0006-discoverer-Don-t-print-channel-layout-for-more-than-.patch

@@ -0,0 +1,34 @@
+From e660aefc79c6bd8e2ced88ce04f56be67c5b4650 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 18:19:30 +0300
+Subject: [PATCH 06/10] discoverer: Don't print channel layout for more than 64
+ channels
+
+64+ channels are always unpositioned / unknown layout.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-248
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8098>
+---
+ subprojects/gst-plugins-base/tools/gst-discoverer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/subprojects/gst-plugins-base/tools/gst-discoverer.c b/subprojects/gst-plugins-base/tools/gst-discoverer.c
+index b042be535d..6028fc71c9 100644
+--- a/subprojects/gst-plugins-base/tools/gst-discoverer.c
++++ b/subprojects/gst-plugins-base/tools/gst-discoverer.c
+@@ -222,7 +222,7 @@ format_channel_mask (GstDiscovererAudioInfo * ainfo)
+ 
+   channel_mask = gst_discoverer_audio_info_get_channel_mask (ainfo);
+ 
+-  if (channel_mask != 0) {
++  if (channel_mask != 0 && channels <= 64) {
+     gst_audio_channel_positions_from_mask (channels, channel_mask, position);
+ 
+     for (i = 0; i < channels; i++) {
+-- 
+2.47.0
+

SOURCES/0007-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch

@@ -0,0 +1,31 @@
+From dafd5895149f29528342ddecd7ef210dd5597421 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 21:35:07 +0300
+Subject: [PATCH 07/10] vorbisdec: Set at most 64 channels to NONE position
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-115
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8101>
+---
+ subprojects/gst-plugins-base/ext/vorbis/gstvorbisdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/subprojects/gst-plugins-base/ext/vorbis/gstvorbisdec.c b/subprojects/gst-plugins-base/ext/vorbis/gstvorbisdec.c
+index 6a410ed858..1fc4fa883e 100644
+--- a/subprojects/gst-plugins-base/ext/vorbis/gstvorbisdec.c
++++ b/subprojects/gst-plugins-base/ext/vorbis/gstvorbisdec.c
+@@ -204,7 +204,7 @@ vorbis_handle_identification_packet (GstVorbisDec * vd)
+     }
+     default:{
+       GstAudioChannelPosition position[64];
+-      gint i, max_pos = MAX (vd->vi.channels, 64);
++      gint i, max_pos = MIN (vd->vi.channels, 64);
+ 
+       GST_ELEMENT_WARNING (vd, STREAM, DECODE,
+           (NULL), ("Using NONE channel layout for more than 8 channels"));
+-- 
+2.47.0
+

SOURCES/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch

@@ -0,0 +1,34 @@
+From 6c650a7655dbc4b3237b17440eb52fb0f5a193cc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 21:40:44 +0300
+Subject: [PATCH 08/10] ssaparse: Search for closing brace after opening brace
+
+Otherwise removing anything between the braces leads to out of bound writes if
+there is a closing brace before the first opening brace.
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-228
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8099>
+---
+ subprojects/gst-plugins-base/gst/subparse/gstssaparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/subprojects/gst-plugins-base/gst/subparse/gstssaparse.c b/subprojects/gst-plugins-base/gst/subparse/gstssaparse.c
+index d6fdb9c9fc..8ed0134102 100644
+--- a/subprojects/gst-plugins-base/gst/subparse/gstssaparse.c
++++ b/subprojects/gst-plugins-base/gst/subparse/gstssaparse.c
+@@ -238,7 +238,7 @@ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
+   gboolean removed_any = FALSE;
+ 
+   while ((t = strchr (txt, '{'))) {
+-    end = strchr (txt, '}');
++    end = strchr (t, '}');
+     if (end == NULL) {
+       GST_WARNING_OBJECT (parse, "Missing { for style override code");
+       return removed_any;
+-- 
+2.47.0
+

SOURCES/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch

@@ -0,0 +1,95 @@
+From e724bd66a099d0d866edfab6c5418c2826854d79 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Mon, 30 Sep 2024 18:36:19 +0300
+Subject: [PATCH 09/10] ssaparse: Don't use strstr() on strings that are
+ potentially not NULL-terminated
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8099>
+---
+ .../gst/subparse/gstssaparse.c                | 36 ++++++++++++++++++-
+ subprojects/gst-plugins-base/meson.build      |  1 +
+ 2 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/subprojects/gst-plugins-base/gst/subparse/gstssaparse.c b/subprojects/gst-plugins-base/gst/subparse/gstssaparse.c
+index 8ed0134102..2d8daf77e1 100644
+--- a/subprojects/gst-plugins-base/gst/subparse/gstssaparse.c
++++ b/subprojects/gst-plugins-base/gst/subparse/gstssaparse.c
+@@ -146,6 +146,35 @@ gst_ssa_parse_sink_event (GstPad * pad, GstObject * parent, GstEvent * event)
+   return res;
+ }
+ 
++#ifndef HAVE_MEMMEM
++// memmem() is a GNU extension so if it's not available we'll need
++// our own implementation here. Thanks C.
++static void *
++my_memmem (const void *haystack, size_t haystacklen, const void *needle,
++    size_t needlelen)
++{
++  const guint8 *cur, *end;
++
++  if (needlelen > haystacklen)
++    return NULL;
++  if (needlelen == 0)
++    return (void *) haystack;
++
++
++  cur = haystack;
++  end = cur + haystacklen - needlelen;
++
++  for (; cur <= end; cur++) {
++    if (memcmp (cur, needle, needlelen) == 0)
++      return (void *) cur;
++  }
++
++  return NULL;
++}
++#else
++#define my_memmem memmem
++#endif
++
+ static gboolean
+ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
+ {
+@@ -154,6 +183,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
+   const GValue *val;
+   GstStructure *s;
+   const guchar bom_utf8[] = { 0xEF, 0xBB, 0xBF };
++  const guint8 header[] = "[Script Info]";
+   const gchar *end;
+   GstBuffer *priv;
+   GstMapInfo map;
+@@ -193,7 +223,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
+     left -= 3;
+   }
+ 
+-  if (!strstr (ptr, "[Script Info]"))
++  if (!my_memmem (ptr, left, header, sizeof (header) - 1))
+     goto invalid_init;
+ 
+   if (!g_utf8_validate (ptr, left, &end)) {
+@@ -231,6 +261,10 @@ invalid_init:
+   }
+ }
+ 
++#ifdef my_memmem
++#undef my_memmem
++#endif
++
+ static gboolean
+ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
+ {
+diff --git a/subprojects/gst-plugins-base/meson.build b/subprojects/gst-plugins-base/meson.build
+index 194de8c231..486833bd9f 100644
+--- a/subprojects/gst-plugins-base/meson.build
++++ b/subprojects/gst-plugins-base/meson.build
+@@ -199,6 +199,7 @@ check_functions = [
+   ['HAVE_LRINTF', 'lrintf', '#include<math.h>'],
+   ['HAVE_MMAP', 'mmap', '#include<sys/mman.h>'],
+   ['HAVE_LOG2', 'log2', '#include<math.h>'],
++  ['HAVE_MEMMEM', 'memmem', '#include<string.h>'],
+ ]
+ 
+ libm = cc.find_library('m', required : false)
+-- 
+2.47.0
+

SOURCES/0010-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch

@@ -0,0 +1,35 @@
+From 570cba0db38693cc5576304b0f0fafaaddbdf750 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 9 Oct 2024 11:23:47 -0400
+Subject: [PATCH 10/10] subparse: Check for NULL return of strchr() when
+ parsing LRC subtitles
+
+Thanks to Antonio Morales for finding and reporting the issue.
+
+Fixes GHSL-2024-263
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8100>
+---
+ subprojects/gst-plugins-base/gst/subparse/gstsubparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
+index 1867dee69c..4ea4ec64a9 100644
+--- a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
++++ b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
+@@ -1068,6 +1068,11 @@ parse_lrc (ParserState * state, const gchar * line)
+     return NULL;
+ 
+   start = strchr (line, ']');
++  // sscanf() does not check for the trailing ] but only up to the last
++  // placeholder, so there might be no ] at the end.
++  if (!start)
++    return NULL;
++
+   if (start - line == 9)
+     milli = 10;
+   else
+-- 
+2.47.0
+

SPECS/gstreamer1-plugins-base.spec

@@ -1,3 +1,6 @@
+%bcond cdparanoia %{undefined rhel}
+%bcond libvisual %{undefined rhel}
+
 %global         majorminor      1.0
 
 #global gitrel     140
@@ -5,11 +8,11 @@
 #global shortcommit %(c=%{gitcommit}; echo ${c:0:5})
 
 Name:           gstreamer1-plugins-base
-Version:        1.22.1
+Version:        1.22.12
-Release:        2%{?gitcommit:.git%{shortcommit}}%{?dist}
+Release:        4%{?dist}
 Summary:        GStreamer streaming media framework base plugins
 
-License:        LGPLv2+
+License:        LGPL-2.1-or-later
 URL:            http://gstreamer.freedesktop.org/
 %if 0%{?gitrel}
 # git clone git://anongit.freedesktop.org/gstreamer/gst-plugins-base
@@ -18,11 +21,18 @@ Source0:        gst-plugins-base-%{version}.tar.xz
 %else
 Source0:        http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-%{version}.tar.xz
 %endif
-Patch0:         0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
+Patch000:       0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
+Patch001:       xdg-compile.patch
+Patch002:	0002-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch
+Patch003:	0003-opusdec-Set-at-most-64-channels-to-NONE-position.patch
+Patch004:	0004-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch
+Patch005:	0005-oggstream-review-and-fix-per-format-min_packet_size.patch
+Patch006:	0006-discoverer-Don-t-print-channel-layout-for-more-than-.patch
+Patch007:	0007-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch
+Patch008:	0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch
+Patch009:	0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch
+Patch010:	0010-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch
 
-Patch1:	        xdg-compile.patch
-Patch2:		0001-subparse-Look-for-the-closing-of-a-tag-after-the-ope.patch
-Patch3:		0002-subparse-Skip-after-the-end-of-a-valid-closing-tag-i.patch
 
 BuildRequires:  meson >= 0.48.0
 BuildRequires:  gcc
@@ -32,9 +42,14 @@ BuildRequires:  gobject-introspection-devel >= 1.31.1
 BuildRequires:  iso-codes-devel
 
 BuildRequires:  alsa-lib-devel
+%if %{with cdparanoia}
+BuildRequires:  cdparanoia-devel
+%endif
 BuildRequires:  libogg-devel >= 1.0
 BuildRequires:  libtheora-devel >= 1.1
+%if %{with libvisual}
 BuildRequires:  libvisual-devel
+%endif
 BuildRequires:  libvorbis-devel >= 1.0
 BuildRequires:  libXv-devel
 BuildRequires:  orc-devel >= 0.4.18
@@ -119,22 +134,30 @@ for the GStreamer Base Plugins library.
 
 %prep
 %setup -q -n gst-plugins-base-%{version}
-%patch0 -p1
+%patch -P 0 -p3
-%patch1 -p1
+%patch -P 1 -p1
-%patch2 -p3
+%patch -P 2 -p3
-%patch3 -p3
+%patch -P 3 -p3
+%patch -P 4 -p3
+%patch -P 5 -p3
+%patch -P 6 -p3
+%patch -P 7 -p3
+%patch -P 8 -p3
+%patch -P 9 -p3
+%patch -P 10 -p3
 
 %build
 %meson \
   -D package-name='Fedora GStreamer-plugins-base package' \
   -D package-origin='http://download.fedoraproject.org' \
   -D gl_winsys=wayland,x11,gbm \
+  %{!?with_cdparanoia:-D cdparanoia=disabled} \
+  %{!?with_libvisual:-D libvisual=disabled} \
   -D doc=disabled \
   -D orc=enabled \
   -D tremor=disabled \
   -D tests=disabled \
-  -D examples=disabled \
+  -D examples=disabled
-  -D cdparanoia=disabled
 %meson_build
 
 %install
@@ -205,12 +228,17 @@ chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstapp.so
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstencoding.so
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstrawparse.so
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstplayback.so
+%if %{with cdparanoia}
+chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstcdparanoia.so
+%endif
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/libgstriff-1.0.so.*
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstxvimagesink.so
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgsttheora.so
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgsttypefindfunctions.so
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstaudioresample.so
+%if %{with libvisual}
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstlibvisual.so
+%endif
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstaudioconvert.so
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstvideoconvertscale.so
 chrpath --delete $RPM_BUILD_ROOT%{_libdir}/gstreamer-%{majorminor}/libgstvideorate.so
@@ -281,8 +309,13 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
 
 # base plugins with dependencies
 %{_libdir}/gstreamer-%{majorminor}/libgstalsa.so
+%if %{with cdparanoia}
+%{_libdir}/gstreamer-%{majorminor}/libgstcdparanoia.so
+%endif
 %{_libdir}/gstreamer-%{majorminor}/libgstopengl.so
+%if %{with libvisual}
 %{_libdir}/gstreamer-%{majorminor}/libgstlibvisual.so
+%endif
 %{_libdir}/gstreamer-%{majorminor}/libgstogg.so
 %{_libdir}/gstreamer-%{majorminor}/libgstopus.so
 %{_libdir}/gstreamer-%{majorminor}/libgstpango.so
@@ -487,29 +520,104 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
 %endif
 
 %changelog
-* Wed Jan 17 2024 Wim Taymans <wtaymans@redhat.com> - 1.22.1-2
+* Fri Dec 13 2024 Wim Taymans <wtaymans@redhat.com> - 1.22.12-4
-- CVE-2023-37328: heap overwrite in subtitle parsing
+- Bump version
-- Resolves: RHEL-19475
+- Apply patches for CVE-2024-47538, CVE-2024-47541, CVE-2024-47542,
+  CVE-2024-47600, CVE-2024-47607, CVE-2024-47615, CVE-2024-47835
+  Resolves: RHEL-70983, RHEL-71035, RHEL-70932, RHEL-71037
+  Resolves: RHEL-71019, RHEL-70995, RHEL-71163
 
-* Wed Apr 12 2021 Wim Taymans <wtaymans@redhat.com> - 1.22.1-1
+* Sat Nov 09 2024 Wim Taymans <wtaymans@redhat.com> - 1.22.12-3
+- Rebuild
+- Resolves: RHEL-38511, RHEL-41157
+
+* Fri Nov 08 2024 Wim Taymans <wtaymans@redhat.com> - 1.22.12-2
+- Rebuild
+- Resolves: RHEL-38511, RHEL-41157
+
+* Fri Jun 14 2024 Wim Taymans <wtaymans@redhat.com> - 1.22.12-1
+- Update to 1.22.12
+
+* Thu May 02 2024 Wim Taymans <wtaymans@redhat.com> - 1.22.9-2
+- Disable libvisual in RHEL builds
+
+* Thu Jan 25 2024 Gwyn Ciesla <gwync@protonmail.com> - 1.22.9-1
+- 1.22.9
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Dec 18 2023 Gwyn Ciesla <gwync@protonmail.com> - 1.22.8-1
+- 1.22.8
+
+* Tue Nov 14 2023 Gwyn Ciesla <gwync@protonmail.com> - 1.22.7-1
+- 1.22.7
+
+* Fri Jul 21 2023 Wim Taymans <wtaymans@redhat.com> - 1.22.5-1
+- Update to 1.22.5
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jun 08 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 1.22.3-2
+- Disable cdparanoia in RHEL builds
+
+* Thu May 25 2023 Wim Taymans <wtaymans@redhat.com> - 1.22.3-1
+- Update to 1.22.3
+
+* Thu Apr 13 2023 Wim Taymans <wtaymans@redhat.com> - 1.22.2-1
+- Update to 1.22.2
+
+* Mon Mar 13 2023 Wim Taymans <wtaymans@redhat.com> - 1.22.1-1
 - Update to 1.22.1
-- Resolves: rhbz#2144557
 
-* Fri Jan 14 2022 Wim Taymans <wtaymans@redhat.com> - 1.18.4-5
+* Tue Jan 24 2023 Wim Taymans <wtaymans@redhat.com> - 1.22.0-1
-- Handle both compressed and uncompressed man pages
+- Update to 1.22.0
-- Fix build with small patch
-- Resolves: rhbz#2005247
 
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.18.4-4
+* Fri Jan 20 2023 Wim Taymans <wtaymans@redhat.com> - 1.21.90-1
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Update to 1.21.90
-  Related: rhbz#1991688
 
-* Thu Jul 15 2021 Jiri Kucera <jkucera@redhat.com> - 1.18.4-3
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.5-2
-- Remove cdparanoia dependency on el9 and later
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-- Resolves: rhbz#1973678
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.18.4-2
+* Wed Jan 11 2023 Wim Taymans <wtaymans@redhat.com> - 1.20.5-1
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Update to 1.20.5
+
+* Thu Oct 13 2022 Wim Taymans <wtaymans@redhat.com> - 1.20.4-1
+- Update to 1.20.4
+
+* Tue Sep 27 2022 Erico Nunes <ernunes@redhat.com> - 1.20.3-3
+- Enable gbm winsys
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jul 18 2022 Wim Taymans <wtaymans@redhat.com> - 1.20.3-1
+- Update to 1.20.3
+
+* Fri Feb 4 2022 Wim Taymans <wtaymans@redhat.com> - 1.20.0-1
+- Update to 1.20.0
+
+* Wed Jan 26 2022 Wim Taymans <wtaymans@redhat.com> - 1.19.3-3
+- Fix build, gtk_doc does not exist anymore.
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.19.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Nov 11 2021 Wim Taymans <wtaymans@redhat.com> - 1.19.3-1
+- Update to 1.19.3
+
+* Thu Sep 23 2021 Wim Taymans <wtaymans@redhat.com> - 1.19.2-1
+- Update to 1.19.2
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.19.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 03 2021 Wim Taymans <wtaymans@redhat.com> - 1.19.1-1
+- Update to 1.19.1
 
 * Tue Mar 16 2021 Wim Taymans <wtaymans@redhat.com> - 1.18.4-1
 - Update to 1.18.4