SLFO-pool/gstreamer-plugins-base
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: SLFO-pool:main
Branches Tags
SLFO-pool:main SLFO-pool:1.1
..
compare: SLFO-pool:1.1
Branches Tags
SLFO-pool:main SLFO-pool:1.1

1 Commits
main ... 1.1

Author SHA256 Message Date
Adrian Schröter
e62b3cad28 Sync from SUSE:SLFO:1.1 gstreamer-plugins-base revision 836a82ecf229e99420f87104bc1df575 2025-03-20 11:46:38 +01:00
15 changed files with 581 additions and 304 deletions
Expand all files Collapse all files

24
CVE-2024-47538.patch Normal file
View File

@@ -0,0 +1,24 @@
From 5093691ef2ef5c7a6e03a20bce39db143b9cdc43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 21:35:07 +0300
Subject: [PATCH] vorbisdec: Set at most 64 channels to NONE position
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-115
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035>
---
diff -urp gst-plugins-base-1.24.7.orig/ext/vorbis/gstvorbisdec.c gst-plugins-base-1.24.7/ext/vorbis/gstvorbisdec.c
--- gst-plugins-base-1.24.7.orig/ext/vorbis/gstvorbisdec.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/ext/vorbis/gstvorbisdec.c 2024-12-16 03:10:04.797186356 -0500
@@ -204,7 +204,7 @@ vorbis_handle_identification_packet (Gst
}
default:{
GstAudioChannelPosition position[64];
- gint i, max_pos = MAX (vd->vi.channels, 64);
+ gint i, max_pos = MIN (vd->vi.channels, 64);
GST_ELEMENT_WARNING (vd, STREAM, DECODE,
(NULL), ("Using NONE channel layout for more than 8 channels"));

102
CVE-2024-47541.patch Normal file
View File

@@ -0,0 +1,102 @@
From 15bb318416e1bf6b6b557006a37d1da86c3a76a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 21:40:44 +0300
Subject: [PATCH 1/2] ssaparse: Search for closing brace after opening brace
Otherwise removing anything between the braces leads to out of bound writes if
there is a closing brace before the first opening brace.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-228
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
---
diff -urp gst-plugins-base-1.24.7.orig/gst/subparse/gstssaparse.c gst-plugins-base-1.24.7/gst/subparse/gstssaparse.c
--- gst-plugins-base-1.24.7.orig/gst/subparse/gstssaparse.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/gst/subparse/gstssaparse.c 2024-12-16 03:17:56.183667636 -0500
@@ -146,6 +146,35 @@ gst_ssa_parse_sink_event (GstPad * pad,
return res;
}
+#ifndef HAVE_MEMMEM
+// memmem() is a GNU extension so if it's not available we'll need
+// our own implementation here. Thanks C.
+static void *
+my_memmem (const void *haystack, size_t haystacklen, const void *needle,
+ size_t needlelen)
+{
+ const guint8 *cur, *end;
+
+ if (needlelen > haystacklen)
+ return NULL;
+ if (needlelen == 0)
+ return (void *) haystack;
+
+
+ cur = haystack;
+ end = cur + haystacklen - needlelen;
+
+ for (; cur <= end; cur++) {
+ if (memcmp (cur, needle, needlelen) == 0)
+ return (void *) cur;
+ }
+
+ return NULL;
+}
+#else
+#define my_memmem memmem
+#endif
+
static gboolean
gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
{
@@ -154,6 +183,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad,
const GValue *val;
GstStructure *s;
const guchar bom_utf8[] = { 0xEF, 0xBB, 0xBF };
+ const guint8 header[] = "[Script Info]";
const gchar *end;
GstBuffer *priv;
GstMapInfo map;
@@ -193,7 +223,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad,
left -= 3;
}
- if (!strstr (ptr, "[Script Info]"))
+ if (!my_memmem (ptr, left, header, sizeof (header) - 1))
goto invalid_init;
if (!g_utf8_validate (ptr, left, &end)) {
@@ -231,6 +261,10 @@ invalid_init:
}
}
+#ifdef my_memmem
+#undef my_memmem
+#endif
+
static gboolean
gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
{
@@ -238,7 +272,7 @@ gst_ssa_parse_remove_override_codes (Gst
gboolean removed_any = FALSE;
while ((t = strchr (txt, '{'))) {
- end = strchr (txt, '}');
+ end = strchr (t, '}');
if (end == NULL) {
GST_WARNING_OBJECT (parse, "Missing { for style override code");
return removed_any;
diff -urp gst-plugins-base-1.24.7.orig/meson.build gst-plugins-base-1.24.7/meson.build
--- gst-plugins-base-1.24.7.orig/meson.build 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/meson.build 2024-12-16 03:17:56.183667636 -0500
@@ -197,6 +197,7 @@ check_functions = [
['HAVE_LRINTF', 'lrintf', '#include<math.h>'],
['HAVE_MMAP', 'mmap', '#include<sys/mman.h>'],
['HAVE_LOG2', 'log2', '#include<math.h>'],
+ ['HAVE_MEMMEM', 'memmem', '#include<string.h>'],
]
libm = cc.find_library('m', required : false)

53
CVE-2024-47542.patch Normal file
View File

@@ -0,0 +1,53 @@
From 537161868f36048571f400648ac7909f26c73d53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Thu, 26 Sep 2024 13:43:06 +0300
Subject: [PATCH] id3v2: Don't try parsing extended header if not enough data
is available
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-235
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033>
---
diff -urp gst-plugins-base-1.24.7.orig/gst-libs/gst/tag/id3v2.c gst-plugins-base-1.24.7/gst-libs/gst/tag/id3v2.c
--- gst-plugins-base-1.24.7.orig/gst-libs/gst/tag/id3v2.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/gst-libs/gst/tag/id3v2.c 2024-12-16 04:22:19.232866397 -0500
@@ -29,7 +29,7 @@
#define HANDLE_INVALID_SYNCSAFE
-static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size);
+static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work);
#ifndef GST_DISABLE_GST_DEBUG
@@ -258,7 +258,7 @@ gst_tag_list_from_id3v2_tag (GstBuffer *
GST_MEMDUMP ("ID3v2 tag (un-unsyced)", uu_data, work.hdr.frame_data_size);
}
- id3v2_frames_to_tag_list (&work, work.hdr.frame_data_size);
+ id3v2_frames_to_tag_list (&work);
g_free (uu_data);
@@ -440,12 +440,17 @@ id3v2_add_id3v2_frame_blob_to_taglist (I
}
static gboolean
-id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size)
+id3v2_frames_to_tag_list (ID3TagsWorking * work)
{
guint frame_hdr_size;
/* Extended header if present */
if (work->hdr.flags & ID3V2_HDR_FLAG_EXTHDR) {
+ if (work->hdr.frame_data_size < 4) {
+ GST_DEBUG ("Tag has no extended header data. Broken tag");
+ return FALSE;
+ }
+
work->hdr.ext_hdr_size = id3v2_read_synch_uint (work->hdr.frame_data, 4);
/* In id3v2.4.x the header size is the size of the *whole*

27
CVE-2024-47600.patch Normal file
View File

@@ -0,0 +1,27 @@
From aa07d94c10d71fac389dbbb264a59c1f6117eead Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 18:19:30 +0300
Subject: [PATCH] discoverer: Don't print channel layout for more than 64
channels
64+ channels are always unpositioned / unknown layout.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-248
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034>
---
diff -urp gst-plugins-base-1.24.7.orig/tools/gst-discoverer.c gst-plugins-base-1.24.7/tools/gst-discoverer.c
--- gst-plugins-base-1.24.7.orig/tools/gst-discoverer.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/tools/gst-discoverer.c 2024-12-16 03:13:55.952129075 -0500
@@ -222,7 +222,7 @@ format_channel_mask (GstDiscovererAudioI
channel_mask = gst_discoverer_audio_info_get_channel_mask (ainfo);
- if (channel_mask != 0) {
+ if (channel_mask != 0 && channels <= 64) {
gst_audio_channel_positions_from_mask (channels, channel_mask, position);
for (i = 0; i < channels; i++) {

33
CVE-2024-47607.patch Normal file
View File

@@ -0,0 +1,33 @@
From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 1 Oct 2024 13:22:50 +0300
Subject: [PATCH] opusdec: Set at most 64 channels to NONE position
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-116
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>
---
subprojects/gst-plugins-base/ext/opus/gstopusdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff -urp gst-plugins-base-1.24.0.orig/ext/opus/gstopusdec.c gst-plugins-base-1.24.0/ext/opus/gstopusdec.c
--- gst-plugins-base-1.24.0.orig/ext/opus/gstopusdec.c 2024-03-04 17:51:42.000000000 -0600
+++ gst-plugins-base-1.24.0/ext/opus/gstopusdec.c 2025-01-07 11:32:23.385069871 -0600
@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec *
posn = gst_opus_channel_positions[dec->n_channels - 1];
break;
default:{
- gint i;
+ guint i, max_pos = MIN (dec->n_channels, 64);
GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
(NULL), ("Using NONE channel layout for more than 8 channels"));
- for (i = 0; i < dec->n_channels; i++)
+ for (i = 0; i < max_pos; i++)
pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
posn = pos;

217
CVE-2024-47615.patch Normal file
View File

@@ -0,0 +1,217 @@
From 006047a23a4e4c146e40e5dab765bc6318a94744 Mon Sep 17 00:00:00 2001
From: Mathieu Duponchelle <mathieu@centricular.com>
Date: Wed, 2 Oct 2024 15:16:30 +0200
Subject: [PATCH 1/2] vorbis_parse: check writes to
GstOggStream.vorbis_mode_sizes
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-117 Fixes gstreamer#3875
Also perform out-of-bounds check for accesses to op->packet
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
---
diff -urp gst-plugins-base-1.24.7.orig/ext/ogg/gstoggstream.c gst-plugins-base-1.24.7/ext/ogg/gstoggstream.c
--- gst-plugins-base-1.24.7.orig/ext/ogg/gstoggstream.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/ext/ogg/gstoggstream.c 2024-12-16 03:16:09.786276098 -0500
@@ -665,11 +665,6 @@ setup_vp8_mapper (GstOggStream * pad, og
{
gint width, height, par_n, par_d, fps_n, fps_d;
- if (packet->bytes < 26) {
- GST_DEBUG ("Failed to parse VP8 BOS page");
- return FALSE;
- }
-
width = GST_READ_UINT16_BE (packet->packet + 8);
height = GST_READ_UINT16_BE (packet->packet + 10);
par_n = GST_READ_UINT24_BE (packet->packet + 12);
@@ -1221,11 +1216,6 @@ setup_fishead_mapper (GstOggStream * pad
gint64 prestime_n, prestime_d;
gint64 basetime_n, basetime_d;
- if (packet->bytes < 44) {
- GST_DEBUG ("Not enough data for fishead header");
- return FALSE;
- }
-
data = packet->packet;
data += 8; /* header */
@@ -1256,8 +1246,8 @@ setup_fishead_mapper (GstOggStream * pad
pad->prestime = -1;
/* Ogg Skeleton 3.3+ streams provide additional information in the header */
- if (packet->bytes >= SKELETON_FISHEAD_3_3_MIN_SIZE && pad->skeleton_major == 3
- && pad->skeleton_minor > 0) {
+ if (packet->bytes - 44 >= SKELETON_FISHEAD_3_3_MIN_SIZE
+ && pad->skeleton_major == 3 && pad->skeleton_minor > 0) {
gint64 firstsampletime_n, firstsampletime_d;
gint64 lastsampletime_n, lastsampletime_d;
gint64 firstsampletime, lastsampletime;
@@ -1296,7 +1286,7 @@ setup_fishead_mapper (GstOggStream * pad
GST_INFO ("skeleton fishead parsed total: %" GST_TIME_FORMAT,
GST_TIME_ARGS (pad->total_time));
- } else if (packet->bytes >= SKELETON_FISHEAD_4_0_MIN_SIZE
+ } else if (packet->bytes - 44 >= SKELETON_FISHEAD_4_0_MIN_SIZE
&& pad->skeleton_major == 4) {
guint64 segment_length, content_offset;
@@ -1980,9 +1970,6 @@ setup_kate_mapper (GstOggStream * pad, o
guint8 *data = packet->packet;
const char *category;
- if (packet->bytes < 64)
- return FALSE;
-
pad->granulerate_n = GST_READ_UINT32_LE (data + 24);
pad->granulerate_d = GST_READ_UINT32_LE (data + 28);
pad->granuleshift = GST_READ_UINT8 (data + 15);
@@ -2111,9 +2098,6 @@ setup_opus_mapper (GstOggStream * pad, o
{
GstBuffer *buffer;
- if (packet->bytes < 19)
- return FALSE;
-
pad->granulerate_n = 48000;
pad->granulerate_d = 1;
pad->granuleshift = 0;
@@ -2394,7 +2378,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "\001vorbis", 7, 22,
+ "\001vorbis", 7, 29,
"audio/x-vorbis",
setup_vorbis_mapper,
NULL,
@@ -2426,7 +2410,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "PCM ", 8, 0,
+ "PCM ", 8, 28,
"audio/x-raw",
setup_pcm_mapper,
NULL,
@@ -2442,7 +2426,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "CMML\0\0\0\0", 8, 0,
+ "CMML\0\0\0\0", 8, 29,
"text/x-cmml",
setup_cmml_mapper,
NULL,
@@ -2458,7 +2442,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "Annodex", 7, 0,
+ "Annodex", 7, 44,
"application/x-annodex",
setup_fishead_mapper,
NULL,
@@ -2537,7 +2521,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "CELT ", 8, 0,
+ "CELT ", 8, 60,
"audio/x-celt",
setup_celt_mapper,
NULL,
@@ -2553,7 +2537,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "\200kate\0\0\0", 8, 0,
+ "\200kate\0\0\0", 8, 64,
"text/x-kate",
setup_kate_mapper,
NULL,
@@ -2585,7 +2569,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "OVP80\1\1", 7, 4,
+ "OVP80\1\1", 7, 26,
"video/x-vp8",
setup_vp8_mapper,
setup_vp8_mapper_from_caps,
@@ -2601,7 +2585,7 @@ const GstOggMap mappers[] = {
update_stats_vp8
},
{
- "OpusHead", 8, 0,
+ "OpusHead", 8, 19,
"audio/x-opus",
setup_opus_mapper,
NULL,
@@ -2649,7 +2633,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "\001text\0\0\0", 9, 9,
+ "\001text\0\0\0", 9, 25,
"application/x-ogm-text",
setup_ogmtext_mapper,
NULL,
diff -urp gst-plugins-base-1.24.7.orig/ext/ogg/vorbis_parse.c gst-plugins-base-1.24.7/ext/ogg/vorbis_parse.c
--- gst-plugins-base-1.24.7.orig/ext/ogg/vorbis_parse.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/ext/ogg/vorbis_parse.c 2024-12-16 03:16:09.782942747 -0500
@@ -165,6 +165,10 @@ gst_parse_vorbis_setup_packet (GstOggStr
if (offset == 0) {
offset = 8;
current_pos -= 1;
+
+ /* have we underrun? */
+ if (current_pos < op->packet)
+ return -1;
}
}
@@ -178,6 +182,10 @@ gst_parse_vorbis_setup_packet (GstOggStr
if (offset == 7)
current_pos -= 1;
+ /* have we underrun? */
+ if (current_pos < op->packet + 5)
+ return -1;
+
if (((current_pos[-5] & ~((1 << (offset + 1)) - 1)) != 0)
||
current_pos[-4] != 0
@@ -199,9 +207,18 @@ gst_parse_vorbis_setup_packet (GstOggStr
/* Give ourselves a chance to recover if we went back too far by using
* the size check. */
for (ii = 0; ii < 2; ii++) {
+
if (offset > 4) {
+ /* have we underrun? */
+ if (current_pos < op->packet)
+ return -1;
+
size_check = (current_pos[0] >> (offset - 5)) & 0x3F;
} else {
+ /* have we underrun? */
+ if (current_pos < op->packet + 1)
+ return -1;
+
/* mask part of byte from current_pos */
size_check = (current_pos[0] & ((1 << (offset + 1)) - 1));
/* shift to appropriate position */
@@ -233,6 +250,10 @@ gst_parse_vorbis_setup_packet (GstOggStr
mode_size_ptr = pad->vorbis_mode_sizes;
+ if (size > G_N_ELEMENTS (pad->vorbis_mode_sizes)) {
+ return -1;
+ }
+
for (i = 0; i < size; i++) {
offset = (offset + 1) % 8;
if (offset == 0)

28
CVE-2024-47835.patch Normal file
View File

@@ -0,0 +1,28 @@
From 4c40f73b7002967e824ef34a5435282f4a0ea363 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Wed, 9 Oct 2024 11:23:47 -0400
Subject: [PATCH] subparse: Check for NULL return of strchr() when parsing LRC
subtitles
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-263
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039>
---
diff -urp gst-plugins-base-1.24.7.orig/gst/subparse/gstsubparse.c gst-plugins-base-1.24.7/gst/subparse/gstsubparse.c
--- gst-plugins-base-1.24.7.orig/gst/subparse/gstsubparse.c 2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-base-1.24.7/gst/subparse/gstsubparse.c 2024-12-16 03:11:46.924564800 -0500
@@ -1066,6 +1066,11 @@ parse_lrc (ParserState * state, const gc
return NULL;
start = strchr (line, ']');
+ // sscanf() does not check for the trailing ] but only up to the last
+ // placeholder, so there might be no ] at the end.
+ if (!start)
+ return NULL;
+
if (start - line == 9)
milli = 10;
else

21
_service
View File

@@ -1,21 +0,0 @@
<?xml version="1.0"?>
<services>
<service name="obs_scm" mode="manual">
<param name="scm">git</param>
<param name="url">https://gitlab.freedesktop.org/gstreamer/gstreamer.git</param>
<param name="subdir">subprojects/gst-plugins-base</param>
<param name="filename">gst-plugins-base</param>
<param name="revision">1.26.2</param>
<param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param>
<param name="versionrewrite-pattern">v?(.*)\+0</param>
<param name="versionrewrite-replacement">\1</param>
<!-- <param name="changesgenerate">enable</param> -->
</service>
<service name="tar" mode="buildtime"/>
<service name="recompress" mode="buildtime">
<param name="file">*.tar</param>
<param name="compression">zst</param>
</service>
<service name="set_version" mode="manual" />
</services>

8
add_wayland_dep_to_tests.patch
View File

@@ -1,8 +1,8 @@
Index: gst-plugins-base-1.24.8/tests/check/meson.build
Index: gst-plugins-base-1.24.5/tests/check/meson.build
===================================================================
--- gst-plugins-base-1.24.8.orig/tests/check/meson.build
+++ gst-plugins-base-1.24.8/tests/check/meson.build
@@ -133,7 +133,7 @@ if build_gstgl
--- gst-plugins-base-1.24.5.orig/tests/check/meson.build
+++ gst-plugins-base-1.24.5/tests/check/meson.build
@@ -138,7 +138,7 @@ if build_gstgl
test_defines += ['-DTEST_GST_GL_ABI_CHECK']
endif

BIN
gst-plugins-base-1.24.7.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
gst-plugins-base-1.26.2.obscpio (Stored with Git LFS)
View File

Binary file not shown.

67
gst-plugins-base-decodebin3-collection-identity-check.patch Normal file
View File

@@ -0,0 +1,67 @@
From 378e78f285a3f14c0c53473948090464fa48147b Mon Sep 17 00:00:00 2001
From: Edward Hervey <edward@centricular.com>
Date: Wed, 21 Aug 2024 16:29:03 +0200
Subject: [PATCH] decodebin3: Fix collection identity check
Collections can be auto-generated from upstream and yet have exactly the same
streams in it.
Therefore do a more in-depth check for equality.
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3742
---
.../gst/playback/gstdecodebin3.c | 26 ++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/gst/playback/gstdecodebin3.c b/gst/playback/gstdecodebin3.c
index 56ef496468ac..78b79c776ba6 100644
--- a/gst/playback/gstdecodebin3.c
+++ b/gst/playback/gstdecodebin3.c
@@ -2609,6 +2609,29 @@ db_collection_new (GstStreamCollection * collection)
return db_collection;
}
+static gboolean
+collections_are_identical (GstStreamCollection * collection,
+ GstStreamCollection * previous)
+{
+ guint i;
+
+ if (collection == previous)
+ return TRUE;
+
+ if (gst_stream_collection_get_size (collection) !=
+ gst_stream_collection_get_size (previous))
+ return FALSE;
+
+ for (i = 0; i < gst_stream_collection_get_size (previous); i++) {
+ GstStream *stream = gst_stream_collection_get_stream (previous, i);
+ const gchar *sid = gst_stream_get_stream_id (stream);
+ if (!stream_in_collection (collection, (gchar *) sid))
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
/** handle_stream_collection_locked:
* @dbin:
* @collection: (transfer none): The new collection for @input. Can be %NULL.
@@ -2683,12 +2706,13 @@ handle_stream_collection_locked (GstDecodebin3 * dbin,
if (dbin->input_collection) {
GstStreamCollection *previous = dbin->input_collection->collection;
- if (collection == previous) {
+ if (collections_are_identical (collection, previous)) {
GST_DEBUG_OBJECT (dbin, "Collection didn't change");
gst_object_unref (collection);
SELECTION_UNLOCK (dbin);
return NULL;
}
+
/* Check if this collection is an update of the previous one */
if (gst_stream_collection_get_size (collection) >
gst_stream_collection_get_size (previous)) {
--
GitLab

4
gst-plugins-base.obsinfo
View File

@@ -1,4 +0,0 @@
name: gst-plugins-base
version: 1.26.2
mtime: 1748559403
commit: 100c21e1faf68efe7f3830b6e9f856760697ab48

276
gstreamer-plugins-base.changes
View File

@@ -1,272 +1,14 @@
-------------------------------------------------------------------
Sun Jun 1 07:06:23 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
Tue Jan 7 17:56:01 UTC 2025 - Michael Gorse <mgorse@suse.com>
- Update to version 1.26.2:
+ alsa: Avoid infinite loop in DSD rate detection
+ gl: Implement basetransform meta transform function
+ glshader: free shader on stop
+ glupload: Only add texture-target field to GL caps
+ gstaudioutilsprivate: Fix gcc 15 compiler error with function
pointer
+ mikey: Avoid infinite loop while parsing MIKEY payload with
unhandled payload types
+ properties: add G_PARAM_STATIC_STRINGS where missing
+ riff-media: fix MS and DVI ADPCM av_bps calculations
+ subtitleoverlay: Remove 0.10 hardware caps handling
+ subtitleoverlay: Missing support for DMABuf(?)
+ tests: opus: Update channel support and add to meson
+ textoverlay: fix shading for RGBx / RGBA pixel format variants
+ textoverlay background is wrong while cropping
+ uridecodebin3: Don't hold play items lock while releasing pads
+ uridecodebin3: deadlock on PLAY_ITEMS_LOCK
+ Fix new warnings on Fedora 42, various meson warnings, and
other small meson build/wrap fixes
+ Fix Qt detection in various places
-------------------------------------------------------------------
Fri May 23 13:08:41 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
- Drop obsolete update-desktop-files BuildRequires.
-------------------------------------------------------------------
Wed Apr 30 10:17:08 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.26.1:
+ Ensure properties are freed before (re)setting with
g_value_dup_string() and during cleanup
+ alsadeviceprovider: Fix leak of Alsa longname
+ audioaggregator: fix error added in !8416 when chaining up
+ audiobasesink: Fix custom slaving driftsamples calculation and
add custom audio clock slaving callback example
+ decodebin3:
- Don't avoid parsebin even if we have a matching decoder
- Doesn't plug parsebin for AAC from tsdemux
+ gl: eglimage: warn the reason of export failure
+ glcolorconvert:
- Fix YUVA<->RGBA conversions
- Regression when rendering alpha vp9
+ gldownload: Unref glcontext after usage
+ meson.build: test for and link against libatomic if it exists
+ oggdemux: Don't push new packets if there is a pending seek
+ urisourcebin:
- Make parsebin activation more reliable
- Deadlock between parsebin and typefind
+ videoencoder: Use the correct segment and buffer timestamp in
the chain function
+ videotimecode: Fix conversion of timecode to datetime with
drop-frame timecodes and handle 119.88 fps correctly in all
places
-------------------------------------------------------------------
Wed Mar 12 06:55:24 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
- Update to version 1.26.0:
+ Highlights
- H.266 Versatile Video Coding (VVC) codec support
- Low Complexity Enhancement Video Coding (LCEVC) support
- Closed captions: H.264/H.265 extractor/inserter,
cea708overlay, cea708mux, tttocea708 and more
- New hlscmafsink, hlssink3, and hlsmultivariantsink; HLS/DASH
client and dashsink improvements
- New AWS and Speechmatics transcription, translation and TTS
services elements, plus translationbin
- Splitmux lazy loading and dynamic fragment addition support
- Matroska: H.266 video and rotation tag support, defined
latency muxing
- MPEG-TS: support for H.266, JPEG XS, AV1, VP9 codecs and
SMPTE ST-2038 and ID3 meta; mpegtslivesrc
- ISO MP4: support for H.266, Hap, Lagarith lossless codecs;
raw video support; rotation tags
- SMPTE 2038 ancillary data streams support
- JPEG XS image codec support
- Analytics: New TensorMeta; N-to-N relationships; Mtd to carry
segmentation masks
- ONVIF metadata extractor and conversion to/from relation
metas
- New originalbuffer element that can restore buffers again
after transformation steps for analytics
- Improved Python bindings for analytics API
- Lots of Vulkan integration and Vulkan Video decoder/encoder
improvements
- OpenGL integration improvements, esp. in glcolorconvert,
gldownload, glupload
- Qt5/Qt6 QML GL sinks now support direct DMABuf import from
hardware decoders
- CUDA: New compositor, Jetson NVMM memory support,
stream-ordered allocator
- NVCODEC AV1 video encoder element, and nvdsdewarp
- New Direct3D12 integration support library
- New d3d12swapchainsink and d3d12deinterlace elements and
D3D12 sink/source for zero-copy IPC
- Decklink HDR support (PQ + HLG) and frame scheduling
enhancements
- AJA capture source clock handling and signal loss recovery
improvements
- RTP and RTSP: New rtpbin sync modes, client-side MIKEY
support in rtspsrc
- New Rust rtpbin2, rtprecv, rtpsend, and many new Rust RTP
payloaders and depayloaders
- webrtcbin support for basic rollbacks and other improvements
- webrtcsink: support for more encoders, SDP munging, and a
built-in web/signalling server
- webrtcsrc/sink: support for uncompressed audio/video and NTP
& PTP clock signalling and synchronization
- rtmp2: server authentication improvements incl. Limelight
CDN (llnw) authentication
- New Microsoft WebView2 based web browser source element
- The GTK3 plugin has gained support for OpenGL/WGL on Windows
- Many GTK4 paintable sink improvements
- GstPlay: id-based stream selection and message API
improvements
- Real-time pipeline visualization in a browser using a new
dots tracer and viewer
- New tracers for tracking memory usage, pad push timings, and
buffer flow as pcap files
- VA hardware-acclerated H.266/VVC decoder, VP8 and JPEG
encoders, VP9/VP8 alpha decodebins
- Video4Linux2 elements support DMA_DRM caps negotiation now
- V4L2 stateless decoders implement inter-frame resolution
changes for AV1 and VP9
- Editing services: support for reverse playback and audio
channel reordering
- New QUIC-based elements for working with raw QUIC streams,
RTP-over-QUIC (RoQ) and WebTransport
- Apple AAC audio encoder and multi-channel support for the
Apple audio decoders
- cerbero: Python bindings and introspection support; improved
Windows installer based on WiX5
- Lots of new plugins, features, performance improvements and
bug fixes
+ Some other changes include:
- New AV1 caps utility functions for AV1 Codec Configuration
Record codec_data handling
- The GstEncodingProfile (de)serialization functions are now
public
- GstEncodingProfile gained a way to specify a factory-name
when specifying caps. In some cases you want to ensure that
a specific element factory is used while requiring some
specific caps, but this was not possible so far. You can now
do e.g. qtmux:video/x-prores,variant=standard|factory-name=avenc_prores_ks
to ensure that the avenc_prores_ks factory is used to produce
the variant of prores video stream.
+ For more detailed information on this update, please see
https://gstreamer.freedesktop.org/releases/1.26/
-------------------------------------------------------------------
Sun Feb 2 18:26:53 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.24.12:
+ oggdemux: fixes seeking in some cases by not overwriting a
valid duration with CLOCK_TIME_NONE
+ video-overlay-composition: Declare the video/size/orientation
tags for the meta & implement scale transformation
+ Various fixes found from adding extra warning flags
-------------------------------------------------------------------
Tue Jan 7 21:40:25 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.24.11:
+ appsrc: Decrease log level for item drop
+ gl: raise WARNING instead of ERROR when no connector is
connected
+ decodebin3: Free main input even if it is not part of the list
of inputs
+ urisourcebin:
- Avoid deadlock on shutdown
- Only rewrite stream-start event once
- Reference counting leak
+ urisourcebin/(uri)decodebin3: Fix stream change scenarios
+ playbin3: leak detected with A/V playback and window closed
+ videodecoder:
- Gracefully handle missing data without prior input segment
- Set decode only flag by decode only buffer
video: fix AV12 format lacking the
GST_VIDEO_FORMAT_FLAG_ALPHA flag
+ Fix SSA/ASS subtitles with embedded fonts
-------------------------------------------------------------------
Mon Dec 9 11:53:41 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.24.10:
+ appsink: fix timeout logic for gst_app_sink_try_pull_sample().
+ appsrc: Fix use-after-free when making buffer / buffer-lists
writable.
+ audiostreamalign: Don't report disconts for every buffer if
alignment-threshold is too small.
+ decodebin3: Unify collection switching checks.
+ discoverer:
- Don't print channel layout for more than 64 channels
(boo#1234453 CVE-2024-47600).
- Make sure the missing elements details array is
NULL-terminated in a thread-safe way.
- Fix segfault in race condition adding a new uri.
+ id3v2: Don't try parsing extended header if not enough data is
available (boo#1234460 CVE-2024-47542).
+ glupload: dmabuf: Fix emulated tiled import.
+ gl:
- cocoa: fix rendering artifacts in retina displays.
- meson: Don't use libdrm_dep in cc.has_header().
+ oggstream: fix invalid ogg_packet->packet accesses, address
invalid writes CVE (boo#1234456 CVE-2024-47615).
+ opusdec: Set at most 64 channels to NONE position (boo#1234455
CVE-2024-47607).
+ playbin: Fix caps leak in get_n_common_capsfeatures().
+ playbin3: ERROR when setting new HLS URI with instant-uri=true.
+ sdp: Add debug categories for message and mikey modules.
+ ssaparse: Search for closing brace after opening brace.
+ splitmuxsrc: Convert part reader to a bin with a non-async bus.
+ subparse: Check for NULL return of strchr() when parsing LRC
subtitles (boo#1234450 CVE-2024-47835).
+ streamsynchronizer: Only send GAP events out of source pads.
+ urisourcebin: Also use event probe for HLS use-cases.
+ video-converter: Set TIME segment format on appsrc.
+ vorbisdec: Set at most 64 channels to NONE position
(boo#1234415 CVE-2024-47538).
+ Translation for gst-plugins-base 1.24.0 not sync-ed with
Translation Project.
+ Updated translations.
-------------------------------------------------------------------
Tue Nov 5 09:39:07 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.24.9:
+ allocators: drmdumb: Fix bpp value for P010
+ audioconvert: fix dynamic handling of mix matrix, accept custom
upstream event for setting one
+ decodebin3:
- Make update/posting of collection messages atomic
- Send selected stream message as long as not all the tracks
can't select decoders
+ encodebasebin: Miscellaneous fixes
+ exiftag: Check the result of gst_date_time_new_local_time(),
fixes criticals with malformed EXIF tags
+ glcontext: egl: Unrestrict the support base DRM formats
+ gldownload: use gst_gl_sync_meta_wait_cpu()
+ gl: Fix configure error when libdrm is a subproject
+ playback: Fix a variety of decodebin3/parsebin/urisourcebin
races
+ playbin3: prevent crashing trying to play a corrupted mp4 file
(WARNING : HIGH PITCHED CORRUPTED SOUND)
+ Revert "meson: Fix invalid include flag in uninstalled gl pc
file"
+ urisourcebin:
- Allow more cases for posting stream-collection
- Ensure all stream-start are handled
+ urisourcebin/parsebin: Improve collection creation and handling
-------------------------------------------------------------------
Mon Sep 23 13:08:20 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.24.8:
+ decodebin3: Fix collection identity check
+ encodebin: Fix pad removal
+ glimagesink: Fix cannot resize viewport when video size changed
in caps
+ video: Don't overshoot QoS earliest time by a factor of 2
+ meson: gst-play: link to libm
- Drop gst-plugins-base-decodebin3-collection-identity-check.patch:
Fixed upstream.
- Rebase add_wayland_dep_to_tests.patch with quilt.
- Add various CVE fixes:
+ CVE-2024-47538.patch (boo#1234415 CVE-2024-47538)
+ CVE-2024-47835.patch (boo#1234450 CVe-2024-47835)
+ CVE-2024-47600.patch (boo#1234453 CVE-2024-47600)
+ CVE-2024-47615.patch (boo#1234456 CVE-2024-47615)
+ CVE-2024-47541.patch (boo#1234459 CVE-2024-47541)
+ CVE-2024-47542.patch (boo#1234460 CVE-2024-47542)
+ CVE-2024-47607.patch (boo#1234455 CVE-2024-47607)
-------------------------------------------------------------------
Fri Aug 23 07:15:20 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>

19
gstreamer-plugins-base.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package gstreamer-plugins-base
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,17 +20,25 @@
%define gst_branch 1.0
%define gstreamer_req_version %(echo %{version} | sed -e "s/+.*//")
Name: gstreamer-plugins-base
Version: 1.26.2
Version: 1.24.7
Release: 0
Summary: GStreamer Streaming-Media Framework Plug-Ins
License: GPL-2.0-or-later AND LGPL-2.1-or-later
Group: Productivity/Multimedia/Other
URL: https://gstreamer.freedesktop.org
Source0: %{_name}-%{version}.tar.zst
Source0: %{url}/src/%{_name}/%{_name}-%{version}.tar.xz
Source1: gstreamer-plugins-base.appdata.xml
Source2: baselibs.conf
Patch1: add_wayland_dep_to_tests.patch
Patch2: MR-221-video-anc-add-two-new-CEA-608-caption-formats.patch
Patch3: gst-plugins-base-decodebin3-collection-identity-check.patch
Patch4: CVE-2024-47538.patch
Patch5: CVE-2024-47835.patch
Patch6: CVE-2024-47600.patch
Patch7: CVE-2024-47615.patch
Patch8: CVE-2024-47541.patch
Patch9: CVE-2024-47542.patch
Patch10: CVE-2024-47607.patch
BuildRequires: Mesa-libGLESv3-devel
BuildRequires: cdparanoia-devel
@@ -43,11 +51,12 @@ BuildRequires: libXext-devel
BuildRequires: libXv-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
BuildRequires: meson >= 1.4
BuildRequires: meson >= 1.1
BuildRequires: orc >= 0.4.24
BuildRequires: pkgconfig
BuildRequires: python3-base
BuildRequires: python3-xml
BuildRequires: update-desktop-files
BuildRequires: pkgconfig(alsa) >= 0.9.1
BuildRequires: pkgconfig(egl)
BuildRequires: pkgconfig(freetype2) >= 2.0.9
@@ -659,7 +668,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
%{_libdir}/girepository-1.0/GstVideo-*.typelib
%files devel
%doc AUTHORS README.md RELEASE REQUIREMENTS
%doc AUTHORS NEWS README.md RELEASE REQUIREMENTS
%{_includedir}/gstreamer-%{gst_branch}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc