Version in base suite: 1.22.0-3+deb12u2 Base version: gst-plugins-base1.0_1.22.0-3+deb12u2 Target version: gst-plugins-base1.0_1.22.0-3+deb12u3 Base file: /srv/ftp-master.debian.org/ftp/pool/main/g/gst-plugins-base1.0/gst-plugins-base1.0_1.22.0-3+deb12u2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/g/gst-plugins-base1.0/gst-plugins-base1.0_1.22.0-3+deb12u3.dsc changelog | 7 patches/CVE-2024-47538.patch | 21 + patches/CVE-2024-47541.patch | 673 +++++++++++++++++++++++++++++++++++++++++++ patches/CVE-2024-47600.patch | 24 + patches/CVE-2024-47607.patch | 27 + patches/CVE-2024-47615.patch | 224 ++++++++++++++ patches/CVE-2024-47835.patch | 25 + patches/series | 6 8 files changed, 1007 insertions(+) diff -Nru gst-plugins-base1.0-1.22.0/debian/changelog gst-plugins-base1.0-1.22.0/debian/changelog --- gst-plugins-base1.0-1.22.0/debian/changelog 2024-05-25 08:07:46.000000000 +0000 +++ gst-plugins-base1.0-1.22.0/debian/changelog 2024-12-12 14:44:29.000000000 +0000 @@ -1,3 +1,10 @@ +gst-plugins-base1.0 (1.22.0-3+deb12u3) bookworm-security; urgency=medium + + * CVE-2024-47538 CVE-2024-47541 CVE-2024-47600 CVE-2024-47607 + CVE-2024-47615 CVE-2024-47835 + + -- Moritz Mühlenhoff Thu, 12 Dec 2024 19:43:41 +0100 + gst-plugins-base1.0 (1.22.0-3+deb12u2) bookworm-security; urgency=high * Non-maintainer upload by the Security Team. diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47538.patch gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47538.patch --- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47538.patch 1970-01-01 00:00:00.000000000 +0000 +++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47538.patch 2024-12-12 14:30:44.000000000 +0000 @@ -0,0 +1,21 @@ +From 7eb26b198beffecdba4dbb64299f9cb09a9181d6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 21:35:07 +0300 +Subject: [PATCH] vorbisdec: Set at most 64 channels to NONE position + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-115 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869 + +--- gst-plugins-base1.0-1.22.0.orig/ext/vorbis/gstvorbisdec.c ++++ gst-plugins-base1.0-1.22.0/ext/vorbis/gstvorbisdec.c +@@ -204,7 +204,7 @@ vorbis_handle_identification_packet (Gst + } + default:{ + GstAudioChannelPosition position[64]; +- gint i, max_pos = MAX (vd->vi.channels, 64); ++ gint i, max_pos = MIN (vd->vi.channels, 64); + + GST_ELEMENT_WARNING (vd, STREAM, DECODE, + (NULL), ("Using NONE channel layout for more than 8 channels")); diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47541.patch gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47541.patch --- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47541.patch 1970-01-01 00:00:00.000000000 +0000 +++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47541.patch 2024-12-12 14:34:52.000000000 +0000 @@ -0,0 +1,673 @@ +From 7108073b5be73eb2482eb8494745962b8c0571f1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 21:40:44 +0300 +Subject: [PATCH] ssaparse: Search for closing brace after opening brace + +Otherwise removing anything between the braces leads to out of bound writes if +there is a closing brace before the first opening brace. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-228 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870 + +and + +From b66cf81e99ab9f400b6aea79a4b597c5ddac324d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 18:36:19 +0300 +Subject: [PATCH] ssaparse: Don't use strstr() on strings that are potentially + not NULL-terminated + + +--- gst-plugins-base1.0-1.22.0.orig/gst/subparse/gstssaparse.c ++++ gst-plugins-base1.0-1.22.0/gst/subparse/gstssaparse.c +@@ -146,6 +146,35 @@ gst_ssa_parse_sink_event (GstPad * pad, + return res; + } + ++#ifndef HAVE_MEMMEM ++// memmem() is a GNU extension so if it's not available we'll need ++// our own implementation here. Thanks C. ++static void * ++my_memmem (const void *haystack, size_t haystacklen, const void *needle, ++ size_t needlelen) ++{ ++ const guint8 *cur, *end; ++ ++ if (needlelen > haystacklen) ++ return NULL; ++ if (needlelen == 0) ++ return (void *) haystack; ++ ++ ++ cur = haystack; ++ end = cur + haystacklen - needlelen; ++ ++ for (; cur <= end; cur++) { ++ if (memcmp (cur, needle, needlelen) == 0) ++ return (void *) cur; ++ } ++ ++ return NULL; ++} ++#else ++#define my_memmem memmem ++#endif ++ + static gboolean + gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps) + { +@@ -154,6 +183,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, + const GValue *val; + GstStructure *s; + const guchar bom_utf8[] = { 0xEF, 0xBB, 0xBF }; ++ const guint8 header[] = "[Script Info]"; + const gchar *end; + GstBuffer *priv; + GstMapInfo map; +@@ -193,7 +223,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, + left -= 3; + } + +- if (!strstr (ptr, "[Script Info]")) ++ if (!my_memmem (ptr, left, header, sizeof (header) - 1)) + goto invalid_init; + + if (!g_utf8_validate (ptr, left, &end)) { +@@ -231,6 +261,10 @@ invalid_init: + } + } + ++#ifdef my_memmem ++#undef my_memmem ++#endif ++ + static gboolean + gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt) + { +@@ -238,7 +272,7 @@ gst_ssa_parse_remove_override_codes (Gst + gboolean removed_any = FALSE; + + while ((t = strchr (txt, '{'))) { +- end = strchr (txt, '}'); ++ end = strchr (t, '}'); + if (end == NULL) { + GST_WARNING_OBJECT (parse, "Missing { for style override code"); + return removed_any; +--- gst-plugins-base1.0-1.22.0.orig/meson.build ++++ gst-plugins-base1.0-1.22.0/meson.build +@@ -199,6 +199,7 @@ check_functions = [ + ['HAVE_LRINTF', 'lrintf', '#include'], + ['HAVE_MMAP', 'mmap', '#include'], + ['HAVE_LOG2', 'log2', '#include'], ++ ['HAVE_MEMMEM', 'memmem', '#include'], + ] + + libm = cc.find_library('m', required : false) +--- /dev/null ++++ gst-plugins-base1.0-1.22.0/meson.build.orig +@@ -0,0 +1,563 @@ ++project('gst-plugins-base', 'c', ++ version : '1.22.0', ++ meson_version : '>= 0.62', ++ default_options : [ 'warning_level=1', ++ 'buildtype=debugoptimized' ]) ++ ++gst_version = meson.project_version() ++version_arr = gst_version.split('.') ++gst_version_major = version_arr[0].to_int() ++gst_version_minor = version_arr[1].to_int() ++gst_version_micro = version_arr[2].to_int() ++if version_arr.length() == 4 ++ gst_version_nano = version_arr[3].to_int() ++else ++ gst_version_nano = 0 ++endif ++gst_version_is_stable = gst_version_minor.is_even() ++gst_version_is_dev = gst_version_minor % 2 == 1 and gst_version_micro < 90 ++ ++host_system = host_machine.system() ++ ++have_cxx = add_languages('cpp', native: false, required: false) ++ ++if host_system in ['ios', 'darwin'] ++ have_objc = add_languages('objc', native: false) ++else ++ have_objc = false ++endif ++ ++glib_req = '>= 2.62.0' ++orc_req = '>= 0.4.24' ++ ++if gst_version_is_stable ++ gst_req = '>= @0@.@1@.0'.format(gst_version_major, gst_version_minor) ++else ++ gst_req = '>= ' + gst_version ++endif ++ ++api_version = '1.0' ++soversion = 0 ++# maintaining compatibility with the previous libtool versioning ++# current = minor * 100 + micro ++curversion = gst_version_minor * 100 + gst_version_micro ++libversion = '@0@.@1@.0'.format(soversion, curversion) ++osxversion = curversion + 1 ++ ++plugins_install_dir = join_paths(get_option('libdir'), 'gstreamer-1.0') ++static_build = get_option('default_library') == 'static' ++plugins = [] ++gst_libraries = [] ++ ++cc = meson.get_compiler('c') ++ ++if cc.get_id() == 'msvc' ++ msvc_args = [ ++ # Ignore several spurious warnings for things gstreamer does very commonly ++ # If a warning is completely useless and spammy, use '/wdXXXX' to suppress it ++ # If a warning is harmless but hard to fix, use '/woXXXX' so it's shown once ++ # NOTE: Only add warnings here if you are sure they're spurious ++ '/wd4018', # implicit signed/unsigned conversion ++ '/wd4146', # unary minus on unsigned (beware INT_MIN) ++ '/wd4244', # lossy type conversion (e.g. double -> int) ++ '/wd4305', # truncating type conversion (e.g. double -> float) ++ cc.get_supported_arguments(['/utf-8']), # set the input encoding to utf-8 ++ ] ++ ++ if gst_version_is_dev ++ # Enable some warnings on MSVC to match GCC/Clang behaviour ++ msvc_args += cc.get_supported_arguments([ ++ '/we4002', # too many actual parameters for macro 'identifier' ++ '/we4003', # not enough actual parameters for macro 'identifier' ++ '/we4013', # 'function' undefined; assuming extern returning int ++ '/we4020', # 'function' : too many actual parameters ++ '/we4027', # function declared without formal parameter list ++ '/we4029', # declared formal parameter list different from definition ++ '/we4033', # 'function' must return a value ++ '/we4045', # 'array' : array bounds overflow ++ '/we4047', # 'operator' : 'identifier1' differs in levels of indirection from 'identifier2' ++ '/we4053', # one void operand for '?:' ++ '/we4062', # enumerator 'identifier' in switch of enum 'enumeration' is not handled ++ '/we4098', # 'function' : void function returning a value ++ '/we4101', # 'identifier' : unreferenced local variable ++ '/we4189', # 'identifier' : local variable is initialized but not referenced ++ ]) ++ endif ++ add_project_arguments(msvc_args, language: ['c', 'cpp']) ++ # Disable SAFESEH with MSVC for plugins and libs that use external deps that ++ # are built with MinGW ++ noseh_link_args = ['/SAFESEH:NO'] ++else ++ noseh_link_args = [] ++endif ++ ++if cc.has_link_argument('-Wl,-Bsymbolic-functions') ++ add_project_link_arguments('-Wl,-Bsymbolic-functions', language : 'c') ++endif ++ ++# glib doesn't support unloading, which means that unloading and reloading ++# any library that registers static types will fail ++if cc.has_link_argument('-Wl,-z,nodelete') ++ add_project_link_arguments('-Wl,-z,nodelete', language: 'c') ++endif ++ ++core_conf = configuration_data() ++core_conf.set('ENABLE_NLS', 1) ++ ++# Symbol visibility ++if cc.has_argument('-fvisibility=hidden') ++ add_project_arguments('-fvisibility=hidden', language: 'c') ++ if have_objc ++ add_project_arguments('-fvisibility=hidden', language: 'objc') ++ endif ++endif ++ ++# Disable strict aliasing ++if cc.has_argument('-fno-strict-aliasing') ++ add_project_arguments('-fno-strict-aliasing', language: 'c') ++endif ++ ++# Define G_DISABLE_DEPRECATED for development versions ++if gst_version_is_dev ++ message('Disabling deprecated GLib API') ++ add_project_arguments('-DG_DISABLE_DEPRECATED', language: 'c') ++endif ++ ++cast_checks = get_option('gobject-cast-checks') ++if cast_checks.disabled() or (cast_checks.auto() and not gst_version_is_dev) ++ message('Disabling GLib cast checks') ++ add_project_arguments('-DG_DISABLE_CAST_CHECKS', language: 'c') ++endif ++ ++glib_asserts = get_option('glib-asserts') ++if glib_asserts.disabled() or (glib_asserts.auto() and not gst_version_is_dev) ++ message('Disabling GLib asserts') ++ add_project_arguments('-DG_DISABLE_ASSERT', language: 'c') ++endif ++ ++glib_checks = get_option('glib-checks') ++if glib_checks.disabled() or (glib_checks.auto() and not gst_version_is_dev) ++ message('Disabling GLib checks') ++ add_project_arguments('-DG_DISABLE_CHECKS', language: 'c') ++endif ++ ++# These are only needed/used by the ABI tests from core ++host_defines = [ ++ [ 'x86', 'HAVE_CPU_I386' ], ++ [ 'x86_64', 'HAVE_CPU_X86_64' ], ++ [ 'arm', 'HAVE_CPU_ARM' ], ++ [ 'aarch64', 'HAVE_CPU_AARCH64' ], ++ [ 'mips', 'HAVE_CPU_MIPS' ], ++ [ 'powerpc', 'HAVE_CPU_PPC' ], ++ [ 'powerpc64', 'HAVE_CPU_PPC64' ], ++ [ 'alpha', 'HAVE_CPU_ALPHA' ], ++ [ 'sparc', 'HAVE_CPU_SPARC' ], ++ [ 'ia64', 'HAVE_CPU_IA64' ], ++ [ 'hppa', 'HAVE_CPU_HPPA' ], ++ [ 'm68k', 'HAVE_CPU_M68K' ], ++ [ 's390', 'HAVE_CPU_S390' ], ++] ++foreach h : host_defines ++ if h.get(0) == host_machine.cpu_family() ++ core_conf.set(h.get(1), 1) ++ endif ++endforeach ++# FIXME: should really be called HOST_CPU or such ++core_conf.set_quoted('TARGET_CPU', host_machine.cpu()) ++ ++check_headers = [ ++ ['HAVE_DLFCN_H', 'dlfcn.h'], ++ ['HAVE_EMMINTRIN_H', 'emmintrin.h'], ++ ['HAVE_INTTYPES_H', 'inttypes.h'], ++ ['HAVE_MEMORY_H', 'memory.h'], ++ ['HAVE_NETINET_IN_H', 'netinet/in.h'], ++ ['HAVE_NETINET_TCP_H', 'netinet/tcp.h'], ++ ['HAVE_PROCESS_H', 'process.h'], ++ ['HAVE_SMMINTRIN_H', 'smmintrin.h'], ++ ['HAVE_STDINT_H', 'stdint.h'], ++ ['HAVE_STRINGS_H', 'strings.h'], ++ ['HAVE_STRING_H', 'string.h'], ++ ['HAVE_SYS_SOCKET_H', 'sys/socket.h'], ++ ['HAVE_SYS_STAT_H', 'sys/stat.h'], ++ ['HAVE_SYS_TYPES_H', 'sys/types.h'], ++ ['HAVE_SYS_WAIT_H', 'sys/wait.h'], ++ ['HAVE_UNISTD_H', 'unistd.h'], ++ ['HAVE_WINSOCK2_H', 'winsock2.h'], ++ ['HAVE_XMMINTRIN_H', 'xmmintrin.h'], ++ ['HAVE_LINUX_DMA_BUF_H', 'linux/dma-buf.h'], ++] ++foreach h : check_headers ++ if cc.has_header(h.get(1)) ++ core_conf.set(h.get(0), 1) ++ endif ++endforeach ++ ++check_functions = [ ++ ['HAVE_DCGETTEXT', 'dcgettext', '#include'], ++ ['HAVE_GMTIME_R', 'gmtime_r', '#include'], ++ ['HAVE_LOCALTIME_R', 'localtime_r', '#include'], ++ ['HAVE_LRINTF', 'lrintf', '#include'], ++ ['HAVE_MMAP', 'mmap', '#include'], ++ ['HAVE_LOG2', 'log2', '#include'], ++] ++ ++libm = cc.find_library('m', required : false) ++foreach f : check_functions ++ if cc.has_function(f.get(1), prefix : f.get(2), dependencies : libm) ++ core_conf.set(f.get(0), 1) ++ endif ++endforeach ++ ++core_conf.set('SIZEOF_CHAR', cc.sizeof('char')) ++core_conf.set('SIZEOF_INT', cc.sizeof('int')) ++core_conf.set('SIZEOF_LONG', cc.sizeof('long')) ++core_conf.set('SIZEOF_SHORT', cc.sizeof('short')) ++core_conf.set('SIZEOF_VOIDP', cc.sizeof('void*')) ++ ++core_conf.set_quoted('GETTEXT_PACKAGE', 'gst-plugins-base-1.0') ++core_conf.set_quoted('LOCALEDIR', join_paths(get_option('prefix'), get_option('localedir'))) ++core_conf.set_quoted('PACKAGE', 'gst-plugins-base') ++core_conf.set_quoted('VERSION', gst_version) ++core_conf.set_quoted('PACKAGE_VERSION', gst_version) ++core_conf.set_quoted('GST_API_VERSION', api_version) ++core_conf.set_quoted('GST_DATADIR', join_paths(get_option('prefix'), get_option('datadir'))) ++core_conf.set_quoted('GST_LICENSE', 'LGPL') ++ ++install_plugins_helper = get_option('install_plugins_helper') ++if install_plugins_helper == '' ++ install_plugins_helper = join_paths(get_option('prefix'), ++ get_option('libexecdir'), ++ 'gst-install-plugins-helper') ++endif ++core_conf.set_quoted('GST_INSTALL_PLUGINS_HELPER', install_plugins_helper) ++ ++warning_flags = [ ++ '-Wmissing-declarations', ++ '-Wredundant-decls', ++ '-Wundef', ++ '-Wwrite-strings', ++ '-Wformat', ++ '-Wformat-nonliteral', ++ '-Wformat-security', ++ '-Winit-self', ++ '-Wmissing-include-dirs', ++ '-Waddress', ++ '-Wno-multichar', ++ '-Wvla', ++ '-Wpointer-arith', ++] ++ ++warning_c_flags = [ ++ '-Wmissing-prototypes', ++] ++ ++warning_cxx_flags = [ ++ '-Waggregate-return', ++] ++ ++if have_cxx ++ cxx = meson.get_compiler('cpp') ++ foreach extra_arg : warning_cxx_flags ++ if cxx.has_argument (extra_arg) ++ add_project_arguments([extra_arg], language: 'cpp') ++ endif ++ endforeach ++endif ++ ++foreach extra_arg : warning_flags ++ if cc.has_argument (extra_arg) ++ add_project_arguments([extra_arg], language: 'c') ++ endif ++ if have_cxx and cxx.has_argument (extra_arg) ++ add_project_arguments([extra_arg], language: 'cpp') ++ endif ++endforeach ++ ++foreach extra_arg : warning_c_flags ++ if cc.has_argument (extra_arg) ++ add_project_arguments([extra_arg], language: 'c') ++ endif ++endforeach ++ ++# GStreamer package name and origin url ++gst_package_name = get_option('package-name') ++if gst_package_name == '' ++ if gst_version_nano == 0 ++ gst_package_name = 'GStreamer Base Plug-ins source release' ++ elif gst_version_nano == 1 ++ gst_package_name = 'GStreamer Base Plug-ins git' ++ else ++ gst_package_name = 'GStreamer Base Plug-ins prerelease' ++ endif ++endif ++core_conf.set_quoted('GST_PACKAGE_NAME', gst_package_name) ++core_conf.set_quoted('GST_PACKAGE_ORIGIN', get_option('package-origin')) ++ ++# FIXME: These should be configure options ++core_conf.set_quoted('DEFAULT_VIDEOSINK', 'autovideosink') ++core_conf.set_quoted('DEFAULT_AUDIOSINK', 'autoaudiosink') ++ ++# Set whether the audioresampling method should be detected at runtime ++core_conf.set('AUDIORESAMPLE_FORMAT_' + get_option('audioresample_format').to_upper(), true) ++ ++gst_plugins_base_args = ['-DHAVE_CONFIG_H'] ++if get_option('default_library') == 'static' ++ gst_plugins_base_args += ['-DGST_STATIC_COMPILATION'] ++endif ++ ++# X11 checks are for sys/ and tests/ ++x11_dep = dependency('x11', required : get_option('x11')) ++# GIO is used by the GIO plugin, and by the TCP, SDP, and RTSP plugins ++gio_dep = dependency('gio-2.0', version: glib_req) ++giounix_dep = dependency('', required: false) ++if host_system != 'windows' ++ giounix_dep = dependency('gio-unix-2.0') ++endif ++gmodule_dep = dependency('gmodule-no-export-2.0') ++ ++# some of the examples can use gdk-pixbuf and GTK+3 ++gdk_pixbuf_dep = dependency('gdk-pixbuf-2.0', required : get_option('examples')) ++gtk_dep = dependency('gtk+-3.0', version : '>= 3.10', required : get_option('examples')) ++# TODO: https://github.com/mesonbuild/meson/issues/3941 ++if not get_option('x11').disabled() ++ gtk_x11_dep = dependency('gtk+-x11-3.0', version : '>= 3.10', required : get_option('examples')) ++else ++ gtk_x11_dep = dependency('', required : false) ++endif ++# gtk+ quartz backend is only available on macOS ++if host_system == 'darwin' ++ gtk_quartz_dep = dependency('gtk+-quartz-3.0', version : '>= 3.10', required : get_option('examples')) ++else ++ gtk_quartz_dep = dependency('', required : false) ++endif ++ ++core_conf.set('HAVE_X11', x11_dep.found()) ++core_conf.set('HAVE_GIO_UNIX_2_0', giounix_dep.found()) ++ ++if gio_dep.type_name() == 'pkgconfig' ++ core_conf.set_quoted('GIO_MODULE_DIR', ++ gio_dep.get_variable('giomoduledir')) ++ core_conf.set_quoted('GIO_LIBDIR', ++ gio_dep.get_variable('libdir')) ++ core_conf.set_quoted('GIO_PREFIX', ++ gio_dep.get_variable('prefix')) ++else ++ core_conf.set_quoted('GIO_MODULE_DIR', join_paths(get_option('prefix'), ++ get_option('libdir'), 'gio/modules')) ++ core_conf.set_quoted('GIO_LIBDIR', join_paths(get_option('prefix'), ++ get_option('libdir'))) ++ core_conf.set_quoted('GIO_PREFIX', join_paths(get_option('prefix'))) ++endif ++ ++configinc = include_directories('.') ++libsinc = include_directories('gst-libs') ++ ++# To use the subproject make subprojects directory ++# and put gstreamer meson git there (symlinking is fine) ++gst_dep = dependency('gstreamer-1.0', version : gst_req, ++ fallback : ['gstreamer', 'gst_dep']) ++gst_base_dep = dependency('gstreamer-base-1.0', version : gst_req, ++ fallback : ['gstreamer', 'gst_base_dep']) ++gst_net_dep = dependency('gstreamer-net-1.0', version : gst_req, ++ fallback : ['gstreamer', 'gst_net_dep']) ++gst_check_dep = dependency('gstreamer-check-1.0', version : gst_req, ++ required : get_option('tests'), ++ fallback : ['gstreamer', 'gst_check_dep']) ++gst_controller_dep = dependency('gstreamer-controller-1.0', version : gst_req, ++ fallback : ['gstreamer', 'gst_controller_dep']) ++ ++have_orcc = false ++orcc_args = [] ++orc_targets = [] ++# Used by various libraries/elements that use Orc code ++orc_dep = dependency('orc-0.4', version : orc_req, required : get_option('orc'), ++ fallback : ['orc', 'orc_dep']) ++orcc = find_program('orcc', required : get_option('orc')) ++if orc_dep.found() and orcc.found() ++ have_orcc = true ++ orcc_args = [orcc, '--include', 'glib.h'] ++ core_conf.set('HAVE_ORC', 1) ++else ++ message('Orc Compiler not found or disabled, will use backup C code') ++ core_conf.set('DISABLE_ORC', 1) ++endif ++ ++# Used to build SSE* things in audio-resampler ++sse_args = '-msse' ++sse2_args = '-msse2' ++sse41_args = '-msse4.1' ++ ++have_sse = cc.has_argument(sse_args) ++have_sse2 = cc.has_argument(sse2_args) ++have_sse41 = cc.has_argument(sse41_args) ++ ++if host_machine.cpu_family() == 'arm' ++ if cc.compiles(''' ++#include ++int32x4_t testfunc(int16_t *a, int16_t *b) { ++ asm volatile ("vmull.s16 q0, d0, d0" : : : "q0"); ++ return vmull_s16(vld1_s16(a), vld1_s16(b)); ++} ++''', name : 'NEON support') ++ core_conf.set('HAVE_ARM_NEON', true) ++ endif ++endif ++ ++if gst_dep.type_name() == 'internal' ++ gst_proj = subproject('gstreamer') ++ ++ if not gst_proj.get_variable('gst_debug') ++ message('GStreamer debug system is disabled') ++ add_project_arguments('-Wno-unused', language: 'c') ++ else ++ message('GStreamer debug system is enabled') ++ endif ++else ++ # We can't check that in the case of subprojects as we won't ++ # be able to build against an internal dependency (which is not built yet) ++ if not cc.compiles(''' ++#include ++#ifdef GST_DISABLE_GST_DEBUG ++#error "debugging disabled, make compiler fail" ++#endif''' , dependencies: gst_dep) ++ message('GStreamer debug system is disabled') ++ add_project_arguments('-Wno-unused', language: 'c') ++ else ++ message('GStreamer debug system is enabled') ++ endif ++endif ++ ++if cc.has_member('struct tcp_info', '__tcpi_reordering', prefix: '#include ') ++ core_conf.set('HAVE_BSD_TCP_INFO', true) ++endif ++ ++if cc.has_member('struct tcp_info', 'tcpi_reordering', prefix: '#include ') ++ core_conf.set('HAVE_LINUX_TCP_INFO', true) ++endif ++ ++gir = find_program('g-ir-scanner', required : get_option('introspection')) ++gnome = import('gnome') ++build_gir = gir.found() and (not meson.is_cross_build() or get_option('introspection').enabled()) ++gir_init_section = [ '--add-init-section=extern void gst_init(gint*,gchar**);' + \ ++ 'g_setenv("GST_REGISTRY_DISABLE", "yes", TRUE);' + \ ++ 'g_setenv("GST_REGISTRY_1.0", "@0@", TRUE);'.format(meson.current_build_dir() + '/gir_empty_registry.reg') + \ ++ 'g_setenv("GST_PLUGIN_PATH_1_0", "", TRUE);' + \ ++ 'g_setenv("GST_PLUGIN_SYSTEM_PATH_1_0", "", TRUE);' + \ ++ 'gst_init(NULL,NULL);', '--quiet'] ++ ++pkgconfig = import('pkgconfig') ++plugins_pkgconfig_install_dir = join_paths(plugins_install_dir, 'pkgconfig') ++if get_option('default_library') == 'shared' ++ # If we don't build static plugins there is no need to generate pc files ++ plugins_pkgconfig_install_dir = disabler() ++endif ++ ++pkgconfig_variables = [ ++ 'exec_prefix=${prefix}', ++ 'toolsdir=${exec_prefix}/bin', ++ 'pluginsdir=${libdir}/gstreamer-1.0', ++ 'girdir=${datadir}/gir-1.0', ++ 'typelibdir=${libdir}/girepository-1.0', ++ 'pluginscannerdir=${libexecdir}/gstreamer-1.0' ++] ++pkgconfig_subdirs = ['gstreamer-1.0'] ++ ++meson_pkg_config_file_fixup_script = find_program('scripts/meson-pkg-config-file-fixup.py') ++ ++python3 = import('python').find_installation() ++subdir('gst-libs') ++subdir('gst') ++subdir('ext') ++subdir('sys') ++subdir('tools') ++subdir('tests') ++ ++# xgettext is optional (on Windows for instance) ++if find_program('xgettext', required : get_option('nls')).found() ++ subdir('po') ++endif ++subdir('docs') ++subdir('scripts') ++ ++base_libraries = ['allocators', 'app', 'audio', 'fft', 'pbutils', 'riff', 'rtp', 'rtsp', 'sdp', 'tag', 'video'] ++if build_gstgl ++ core_conf.set('HAVE_GL', 1) ++ base_libraries += 'gl' ++endif ++ ++pkgconfig_plugins_base_libs_variables = [ ++ 'libraries=' + ' '.join(base_libraries), ++] ++ ++pkgconfig.generate( ++ libraries : [gst_dep], ++ variables : pkgconfig_variables + pkgconfig_plugins_base_libs_variables, ++ uninstalled_variables : pkgconfig_plugins_base_libs_variables, ++ subdirs : pkgconfig_subdirs, ++ name : 'gstreamer-plugins-base-1.0', ++ description : 'Streaming media framework, base plugins libraries', ++) ++ ++# Desperate times, desperate measures... fix up escaping of our variables ++run_command(meson_pkg_config_file_fixup_script, ++ 'gstreamer-plugins-base-1.0', 'libraries', ++ check: true) ++ ++if have_orcc ++ update_orc_dist_files = find_program('scripts/update-orc-dist-files.py') ++ ++ orc_update_targets = [] ++ foreach t : orc_targets ++ orc_name = t.get('name') ++ orc_file = t.get('orc-source') ++ header = t.get('header') ++ source = t.get('source') ++ # alias_target() only works with build targets, so can't use run_target() here ++ orc_update_targets += [ ++ custom_target('update-orc-@0@'.format(orc_name), ++ input: [header, source], ++ command: [update_orc_dist_files, orc_file, header, source], ++ output: ['@0@-dist.c'.format(orc_name)]) # not entirely true ++ ] ++ endforeach ++ ++ if orc_update_targets.length() > 0 ++ update_orc_dist_target = alias_target('update-orc-dist', orc_update_targets) ++ endif ++endif ++ ++# Set release date ++if gst_version_nano == 0 ++ extract_release_date = find_program('scripts/extract-release-date-from-doap-file.py') ++ run_result = run_command(extract_release_date, gst_version, files('gst-plugins-base.doap'), check: true) ++ release_date = run_result.stdout().strip() ++ core_conf.set_quoted('GST_PACKAGE_RELEASE_DATETIME', release_date) ++ message('Package release date: ' + release_date) ++endif ++ ++if gio_dep.version().version_compare('< 2.67.4') ++ core_conf.set('g_memdup2(ptr,sz)', '(G_LIKELY(((guint64)(sz)) < G_MAXUINT)) ? g_memdup(ptr,sz) : (g_abort(),NULL)') ++endif ++ ++# Use core_conf after all subdirs have set values ++configure_file(output : 'config.h', configuration : core_conf) ++ ++meson.add_dist_script('scripts/gen-changelog.py', meson.project_name(), '1.20.0', meson.project_version()) ++ ++plugin_names = [] ++gst_plugins = [] ++foreach plugin: plugins ++ pkgconfig.generate(plugin, install_dir: plugins_pkgconfig_install_dir) ++ dep = declare_dependency(link_with: plugin, variables: {'full_path': plugin.full_path()}) ++ meson.override_dependency(plugin.name(), dep) ++ gst_plugins += [dep] ++ if plugin.name().startswith('gst') ++ plugin_names += [plugin.name().substring(3)] ++ else ++ plugin_names += [plugin.name()] ++ endif ++endforeach ++ ++summary({ ++ 'Plugins': plugin_names, ++}, list_sep: ', ') diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47600.patch gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47600.patch --- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47600.patch 1970-01-01 00:00:00.000000000 +0000 +++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47600.patch 2024-12-12 14:35:45.000000000 +0000 @@ -0,0 +1,24 @@ +From 5b205225e2c6a19ddcace350fdc18a0edf87bcb5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Mon, 30 Sep 2024 18:19:30 +0300 +Subject: [PATCH] discoverer: Don't print channel layout for more than 64 + channels + +64+ channels are always unpositioned / unknown layout. + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-248 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864 + +--- gst-plugins-base1.0-1.22.0.orig/tools/gst-discoverer.c ++++ gst-plugins-base1.0-1.22.0/tools/gst-discoverer.c +@@ -222,7 +222,7 @@ format_channel_mask (GstDiscovererAudioI + + channel_mask = gst_discoverer_audio_info_get_channel_mask (ainfo); + +- if (channel_mask != 0) { ++ if (channel_mask != 0 && channels <= 64) { + gst_audio_channel_positions_from_mask (channels, channel_mask, position); + + for (i = 0; i < channels; i++) { diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47607.patch gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47607.patch --- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47607.patch 1970-01-01 00:00:00.000000000 +0000 +++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47607.patch 2024-12-12 14:36:40.000000000 +0000 @@ -0,0 +1,27 @@ +From 804eca458fb547942ed70b88c021b996be9228a2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Tue, 1 Oct 2024 13:22:50 +0300 +Subject: [PATCH] opusdec: Set at most 64 channels to NONE position + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-116 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871 + +--- gst-plugins-base1.0-1.22.0.orig/ext/opus/gstopusdec.c ++++ gst-plugins-base1.0-1.22.0/ext/opus/gstopusdec.c +@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * + posn = gst_opus_channel_positions[dec->n_channels - 1]; + break; + default:{ +- gint i; ++ guint i, max_pos = MIN (dec->n_channels, 64); + + GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE, + (NULL), ("Using NONE channel layout for more than 8 channels")); + +- for (i = 0; i < dec->n_channels; i++) ++ for (i = 0; i < max_pos; i++) + pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE; + + posn = pos; diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47615.patch gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47615.patch --- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47615.patch 1970-01-01 00:00:00.000000000 +0000 +++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47615.patch 2024-12-12 14:40:11.000000000 +0000 @@ -0,0 +1,224 @@ +From c94c44ce497d285ebcfe866b9faaae9c66c81132 Mon Sep 17 00:00:00 2001 +From: Mathieu Duponchelle +Date: Wed, 2 Oct 2024 16:52:51 +0200 +Subject: [PATCH] oggstream: review and fix per-format min_packet_size + +This addresses all manually detected invalid reads in setup functions. + +and + + +From 30fa21ac45ef5dad2fef0d98f0e7130c75f0b628 Mon Sep 17 00:00:00 2001 +From: Mathieu Duponchelle +Date: Wed, 2 Oct 2024 15:16:30 +0200 +Subject: [PATCH] vorbis_parse: check writes to GstOggStream.vorbis_mode_sizes + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-117 Fixes gstreamer#3875 + +Also perform out-of-bounds check for accesses to op->packet + + + +--- gst-plugins-base1.0-1.22.0.orig/ext/ogg/gstoggstream.c ++++ gst-plugins-base1.0-1.22.0/ext/ogg/gstoggstream.c +@@ -665,11 +665,6 @@ setup_vp8_mapper (GstOggStream * pad, og + { + gint width, height, par_n, par_d, fps_n, fps_d; + +- if (packet->bytes < 26) { +- GST_DEBUG ("Failed to parse VP8 BOS page"); +- return FALSE; +- } +- + width = GST_READ_UINT16_BE (packet->packet + 8); + height = GST_READ_UINT16_BE (packet->packet + 10); + par_n = GST_READ_UINT24_BE (packet->packet + 12); +@@ -1205,11 +1200,6 @@ setup_fishead_mapper (GstOggStream * pad + gint64 prestime_n, prestime_d; + gint64 basetime_n, basetime_d; + +- if (packet->bytes < 44) { +- GST_DEBUG ("Not enough data for fishead header"); +- return FALSE; +- } +- + data = packet->packet; + + data += 8; /* header */ +@@ -1240,8 +1230,8 @@ setup_fishead_mapper (GstOggStream * pad + pad->prestime = -1; + + /* Ogg Skeleton 3.3+ streams provide additional information in the header */ +- if (packet->bytes >= SKELETON_FISHEAD_3_3_MIN_SIZE && pad->skeleton_major == 3 +- && pad->skeleton_minor > 0) { ++ if (packet->bytes - 44 >= SKELETON_FISHEAD_3_3_MIN_SIZE ++ && pad->skeleton_major == 3 && pad->skeleton_minor > 0) { + gint64 firstsampletime_n, firstsampletime_d; + gint64 lastsampletime_n, lastsampletime_d; + gint64 firstsampletime, lastsampletime; +@@ -1280,7 +1270,7 @@ setup_fishead_mapper (GstOggStream * pad + + GST_INFO ("skeleton fishead parsed total: %" GST_TIME_FORMAT, + GST_TIME_ARGS (pad->total_time)); +- } else if (packet->bytes >= SKELETON_FISHEAD_4_0_MIN_SIZE ++ } else if (packet->bytes - 44 >= SKELETON_FISHEAD_4_0_MIN_SIZE + && pad->skeleton_major == 4) { + guint64 segment_length, content_offset; + +@@ -1964,9 +1954,6 @@ setup_kate_mapper (GstOggStream * pad, o + guint8 *data = packet->packet; + const char *category; + +- if (packet->bytes < 64) +- return FALSE; +- + pad->granulerate_n = GST_READ_UINT32_LE (data + 24); + pad->granulerate_d = GST_READ_UINT32_LE (data + 28); + pad->granuleshift = GST_READ_UINT8 (data + 15); +@@ -2095,9 +2082,6 @@ setup_opus_mapper (GstOggStream * pad, o + { + GstBuffer *buffer; + +- if (packet->bytes < 19) +- return FALSE; +- + pad->granulerate_n = 48000; + pad->granulerate_d = 1; + pad->granuleshift = 0; +@@ -2378,7 +2362,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "\001vorbis", 7, 22, ++ "\001vorbis", 7, 29, + "audio/x-vorbis", + setup_vorbis_mapper, + NULL, +@@ -2410,7 +2394,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "PCM ", 8, 0, ++ "PCM ", 8, 28, + "audio/x-raw", + setup_pcm_mapper, + NULL, +@@ -2426,7 +2410,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "CMML\0\0\0\0", 8, 0, ++ "CMML\0\0\0\0", 8, 29, + "text/x-cmml", + setup_cmml_mapper, + NULL, +@@ -2442,7 +2426,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "Annodex", 7, 0, ++ "Annodex", 7, 44, + "application/x-annodex", + setup_fishead_mapper, + NULL, +@@ -2521,7 +2505,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "CELT ", 8, 0, ++ "CELT ", 8, 60, + "audio/x-celt", + setup_celt_mapper, + NULL, +@@ -2537,7 +2521,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "\200kate\0\0\0", 8, 0, ++ "\200kate\0\0\0", 8, 64, + "text/x-kate", + setup_kate_mapper, + NULL, +@@ -2569,7 +2553,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "OVP80\1\1", 7, 4, ++ "OVP80\1\1", 7, 26, + "video/x-vp8", + setup_vp8_mapper, + setup_vp8_mapper_from_caps, +@@ -2585,7 +2569,7 @@ const GstOggMap mappers[] = { + update_stats_vp8 + }, + { +- "OpusHead", 8, 0, ++ "OpusHead", 8, 19, + "audio/x-opus", + setup_opus_mapper, + NULL, +@@ -2633,7 +2617,7 @@ const GstOggMap mappers[] = { + NULL + }, + { +- "\001text\0\0\0", 9, 9, ++ "\001text\0\0\0", 9, 25, + "application/x-ogm-text", + setup_ogmtext_mapper, + NULL, +--- gst-plugins-base1.0-1.22.0.orig/ext/ogg/vorbis_parse.c ++++ gst-plugins-base1.0-1.22.0/ext/ogg/vorbis_parse.c +@@ -165,6 +165,10 @@ gst_parse_vorbis_setup_packet (GstOggStr + if (offset == 0) { + offset = 8; + current_pos -= 1; ++ ++ /* have we underrun? */ ++ if (current_pos < op->packet) ++ return -1; + } + } + +@@ -178,6 +182,10 @@ gst_parse_vorbis_setup_packet (GstOggStr + if (offset == 7) + current_pos -= 1; + ++ /* have we underrun? */ ++ if (current_pos < op->packet + 5) ++ return -1; ++ + if (((current_pos[-5] & ~((1 << (offset + 1)) - 1)) != 0) + || + current_pos[-4] != 0 +@@ -199,9 +207,18 @@ gst_parse_vorbis_setup_packet (GstOggStr + /* Give ourselves a chance to recover if we went back too far by using + * the size check. */ + for (ii = 0; ii < 2; ii++) { ++ + if (offset > 4) { ++ /* have we underrun? */ ++ if (current_pos < op->packet) ++ return -1; ++ + size_check = (current_pos[0] >> (offset - 5)) & 0x3F; + } else { ++ /* have we underrun? */ ++ if (current_pos < op->packet + 1) ++ return -1; ++ + /* mask part of byte from current_pos */ + size_check = (current_pos[0] & ((1 << (offset + 1)) - 1)); + /* shift to appropriate position */ +@@ -233,6 +250,10 @@ gst_parse_vorbis_setup_packet (GstOggStr + + mode_size_ptr = pad->vorbis_mode_sizes; + ++ if (size > G_N_ELEMENTS (pad->vorbis_mode_sizes)) { ++ return -1; ++ } ++ + for (i = 0; i < size; i++) { + offset = (offset + 1) % 8; + if (offset == 0) diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47835.patch gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47835.patch --- gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47835.patch 1970-01-01 00:00:00.000000000 +0000 +++ gst-plugins-base1.0-1.22.0/debian/patches/CVE-2024-47835.patch 2024-12-12 14:40:58.000000000 +0000 @@ -0,0 +1,25 @@ +From 1a5fdba14a1ccfe473bc4429f22ee5bbaee034eb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Wed, 9 Oct 2024 11:23:47 -0400 +Subject: [PATCH] subparse: Check for NULL return of strchr() when parsing LRC + subtitles + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-263 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892 + +--- gst-plugins-base1.0-1.22.0.orig/gst/subparse/gstsubparse.c ++++ gst-plugins-base1.0-1.22.0/gst/subparse/gstsubparse.c +@@ -1068,6 +1068,11 @@ parse_lrc (ParserState * state, const gc + return NULL; + + start = strchr (line, ']'); ++ // sscanf() does not check for the trailing ] but only up to the last ++ // placeholder, so there might be no ] at the end. ++ if (!start) ++ return NULL; ++ + if (start - line == 9) + milli = 10; + else diff -Nru gst-plugins-base1.0-1.22.0/debian/patches/series gst-plugins-base1.0-1.22.0/debian/patches/series --- gst-plugins-base1.0-1.22.0/debian/patches/series 2024-05-25 08:06:18.000000000 +0000 +++ gst-plugins-base1.0-1.22.0/debian/patches/series 2024-12-12 14:40:44.000000000 +0000 @@ -1,2 +1,8 @@ GST-2023-0001_GST-2023-0002.patch exiftag-Prevent-integer-overflows-and-out-of-bounds-.patch +CVE-2024-47538.patch +CVE-2024-47541.patch +CVE-2024-47600.patch +CVE-2024-47607.patch +CVE-2024-47615.patch +CVE-2024-47835.patch