openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0001-ENGR00312515-get-caps-from-src-pad-when-query-caps.patch Normal file
View File

@@ -0,0 +1,42 @@
From 63fe5a7b4ef70e2c490bad3b0838329935a8d77c Mon Sep 17 00:00:00 2001
From: zhouming <b42586@freescale.com>
Date: Wed, 14 May 2014 10:16:20 +0800
Subject: [PATCH] ENGR00312515: get caps from src pad when query caps
https://bugzilla.gnome.org/show_bug.cgi?id=728312
Upstream-Status: Pending
Signed-off-by: zhouming <b42586@freescale.com>
---
gst-libs/gst/tag/gsttagdemux.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
mode change 100644 => 100755 gst-libs/gst/tag/gsttagdemux.c
diff --git a/gst-libs/gst/tag/gsttagdemux.c b/gst-libs/gst/tag/gsttagdemux.c
old mode 100644
new mode 100755
index 173da37..2b7f34c
--- a/gst-libs/gst/tag/gsttagdemux.c
+++ b/gst-libs/gst/tag/gsttagdemux.c
@@ -1796,6 +1796,19 @@ gst_tag_demux_pad_query (GstPad * pad, GstObject * parent, GstQuery * query)
}
break;
}
+ case GST_QUERY_CAPS:
+ {
+
+ /* We can hijack caps query if we typefind already */
+ if (demux->priv->src_caps) {
+ gst_query_set_caps_result (query, demux->priv->src_caps);
+ res = TRUE;
+ } else {
+ res = gst_pad_query_default (pad, parent, query);
+ }
+ break;
+ }
+
default:
res = gst_pad_query_default (pad, parent, query);
break;

227
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0002-ssaparse-enhance-SSA-text-lines-parsing.patch Normal file
View File

@@ -0,0 +1,227 @@
From 7bf9525528c8f4a47413d7f82214d76f95f0c5f6 Mon Sep 17 00:00:00 2001
From: Mingke Wang <mingke.wang@freescale.com>
Date: Thu, 19 Mar 2015 14:17:10 +0800
Subject: [PATCH] ssaparse: enhance SSA text lines parsing.
some parser will pass in the original ssa text line which starts with "Dialog:"
and there's are maybe multiple Dialog lines in one input buffer.
Upstream-Status: Submitted [https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/178]
Signed-off-by: Mingke Wang <mingke.wang@freescale.com>
---
gst/subparse/gstssaparse.c | 150 +++++++++++++++++++++++++++++++++----
1 file changed, 134 insertions(+), 16 deletions(-)
mode change 100644 => 100755 gst/subparse/gstssaparse.c
diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c
old mode 100644
new mode 100755
index d6fdb9c..5ebe678
--- a/gst/subparse/gstssaparse.c
+++ b/gst/subparse/gstssaparse.c
@@ -270,6 +270,7 @@ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
* gst_ssa_parse_push_line:
* @parse: caller element
* @txt: text to push
+ * @size: text size need to be parse
* @start: timestamp for the buffer
* @duration: duration for the buffer
*
@@ -279,27 +280,133 @@ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
* Returns: result of the push of the created buffer
*/
static GstFlowReturn
-gst_ssa_parse_push_line (GstSsaParse * parse, gchar * txt,
+gst_ssa_parse_push_line (GstSsaParse * parse, gchar * txt, gint size,
GstClockTime start, GstClockTime duration)
{
GstFlowReturn ret;
GstBuffer *buf;
- gchar *t, *escaped;
+ gchar *t, *text, *p, *escaped, *p_start, *p_end;
gint num, i, len;
+ GstClockTime start_time = G_MAXUINT64, end_time = 0;
- num = atoi (txt);
- GST_LOG_OBJECT (parse, "Parsing line #%d at %" GST_TIME_FORMAT,
- num, GST_TIME_ARGS (start));
-
- /* skip all non-text fields before the actual text */
+ p = text = g_malloc(size + 1);
+ *p = '\0';
t = txt;
- for (i = 0; i < 8; ++i) {
- t = strchr (t, ',');
+
+ /* there are may have multiple dialogue lines at a time */
+ while (*t) {
+ /* ignore leading white space characters */
+ while (isspace(*t))
+ t++;
+
+ /* ignore Format: and Style: lines */
+ if (strncmp(t, "Format:", 7) == 0 || strncmp(t, "Style:", 6) == 0) {
+ while (*t != '\0' && *t != '\n') {
+ t++;
+ }
+ }
+
+ if (*t == '\0')
+ break;
+
+ /* continue with next line */
+ if (*t == '\n') {
+ t++;
+ continue;
+ }
+
+ if(strncmp(t, "Dialogue:", 9) != 0) {
+ /* not started with "Dialogue:", it must be a line trimmed by demuxer */
+ num = atoi (t);
+ GST_LOG_OBJECT (parse, "Parsing line #%d at %" GST_TIME_FORMAT,
+ num, GST_TIME_ARGS (start));
+
+ /* skip all non-text fields before the actual text */
+ for (i = 0; i < 8; ++i) {
+ t = strchr (t, ',');
+ if (t == NULL)
+ break;
+ ++t;
+ }
+ } else {
+ /* started with "Dialogue:", update timestamp and duration */
+ /* time format are like Dialog:Mark,0:00:01.02,0:00:03.04,xx,xxx,... */
+ guint hour, min, sec, msec, len;
+ GstClockTime tmp;
+ gchar t_str[12] = {0};
+
+ /* find the first ',' */
+ p_start = strchr (t, ',');
+ if (p_start)
+ p_end = strchr (++p_start, ',');
+
+ if (p_start && p_end) {
+ /* copy text between first ',' and second ',' */
+ strncpy(t_str, p_start, p_end - p_start);
+ if (sscanf (t_str, "%u:%u:%u.%u", &hour, &min, &sec, &msec) == 4) {
+ tmp = ((hour*3600) + (min*60) + sec) * GST_SECOND + msec*GST_MSECOND;
+ GST_DEBUG_OBJECT (parse, "Get start time:%02d:%02d:%02d:%03d\n",
+ hour, min, sec, msec);
+ if (start_time > tmp)
+ start_time = tmp;
+ } else {
+ GST_WARNING_OBJECT (parse,
+ "failed to parse ssa start timestamp string :%s", t_str);
+ }
+
+ p_start = p_end;
+ p_end = strchr (++p_start, ',');
+ if (p_end) {
+ /* copy text between second ',' and third ',' */
+ strncpy(t_str, p_start, p_end - p_start);
+ if (sscanf (t_str, "%u:%u:%u.%u", &hour, &min, &sec, &msec) == 4) {
+ tmp = ((hour*3600) + (min*60) + sec)*GST_SECOND + msec*GST_MSECOND;
+ GST_DEBUG_OBJECT(parse, "Get end time:%02d:%02d:%02d:%03d\n",
+ hour, min, sec, msec);
+ if (end_time < tmp)
+ end_time = tmp;
+ } else {
+ GST_WARNING_OBJECT (parse,
+ "failed to parse ssa end timestamp string :%s", t_str);
+ }
+ }
+ }
+
+ /* now skip all non-text fields before the actual text */
+ for (i = 0; i <= 8; ++i) {
+ t = strchr (t, ',');
+ if (t == NULL)
+ break;
+ ++t;
+ }
+ }
+
+ /* line end before expected number of ',', not a Dialogue line */
if (t == NULL)
- return GST_FLOW_ERROR;
- ++t;
+ break;
+
+ /* if not the first line, and the last character of previous line is '\0',
+ * then replace it with '\N' */
+ if (p != text && *p == '\0') {
+ *p++ = '\\';
+ *p++ = 'N';
+ }
+
+ /* copy all actual text of this line */
+ while ((*t != '\0') && (*t != '\n'))
+ *p++ = *t++;
+
+ /* add a terminator at the end */
+ *p = '\0';
+ }
+
+ /* not valid text found in this buffer return OK to let caller unref buffer */
+ if (strlen(text) <= 0) {
+ GST_WARNING_OBJECT (parse, "Not valid text found in this buffer\n");
+ return GST_FLOW_ERROR;
}
+ t = text;
GST_LOG_OBJECT (parse, "Text : %s", t);
if (gst_ssa_parse_remove_override_codes (parse, t)) {
@@ -317,13 +424,22 @@ gst_ssa_parse_push_line (GstSsaParse * parse, gchar * txt,
gst_buffer_fill (buf, 0, escaped, len + 1);
gst_buffer_set_size (buf, len);
g_free (escaped);
+ g_free(t);
+
+ if (start_time != G_MAXUINT64)
+ GST_BUFFER_TIMESTAMP (buf) = start_time;
+ else
+ GST_BUFFER_TIMESTAMP (buf) = start;
- GST_BUFFER_TIMESTAMP (buf) = start;
- GST_BUFFER_DURATION (buf) = duration;
+ if (end_time > start_time)
+ GST_BUFFER_DURATION (buf) = end_time - start_time;
+ else
+ GST_BUFFER_DURATION (buf) = duration;
GST_LOG_OBJECT (parse, "Pushing buffer with timestamp %" GST_TIME_FORMAT
- " and duration %" GST_TIME_FORMAT, GST_TIME_ARGS (start),
- GST_TIME_ARGS (duration));
+ " and duration %" GST_TIME_FORMAT,
+ GST_TIME_ARGS (GST_BUFFER_TIMESTAMP (buf)),
+ GST_TIME_ARGS (GST_BUFFER_DURATION (buf)));
ret = gst_pad_push (parse->srcpad, buf);
@@ -343,6 +459,7 @@ gst_ssa_parse_chain (GstPad * sinkpad, GstObject * parent, GstBuffer * buf)
GstClockTime ts;
gchar *txt;
GstMapInfo map;
+ gint size;
if (G_UNLIKELY (!parse->framed))
goto not_framed;
@@ -360,13 +477,14 @@ gst_ssa_parse_chain (GstPad * sinkpad, GstObject * parent, GstBuffer * buf)
/* make double-sure it's 0-terminated and all */
gst_buffer_map (buf, &map, GST_MAP_READ);
txt = g_strndup ((gchar *) map.data, map.size);
+ size = map.size;
gst_buffer_unmap (buf, &map);
if (txt == NULL)
goto empty_text;
ts = GST_BUFFER_TIMESTAMP (buf);
- ret = gst_ssa_parse_push_line (parse, txt, ts, GST_BUFFER_DURATION (buf));
+ ret = gst_ssa_parse_push_line (parse, txt, size, ts, GST_BUFFER_DURATION (buf));
if (ret != GST_FLOW_OK && GST_CLOCK_TIME_IS_VALID (ts)) {
GstSegment segment;

30
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0003-viv-fb-Make-sure-config.h-is-included.patch Normal file
View File

@@ -0,0 +1,30 @@
From 2b07840122bc2e83bd23dad59aa80d9479f2e1e4 Mon Sep 17 00:00:00 2001
From: Carlos Rafael Giani <crg7475@mailbox.org>
Date: Tue, 21 May 2019 14:01:11 +0200
Subject: [PATCH] viv-fb: Make sure config.h is included
This prevents build errors due to missing GST_API_* symbols
Upstream-Status: Pending
Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org>
---
gst-libs/gst/gl/gl-prelude.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/gst-libs/gst/gl/gl-prelude.h b/gst-libs/gst/gl/gl-prelude.h
index 85fca5a..946c729 100644
--- a/gst-libs/gst/gl/gl-prelude.h
+++ b/gst-libs/gst/gl/gl-prelude.h
@@ -22,6 +22,10 @@
#ifndef __GST_GL_PRELUDE_H__
#define __GST_GL_PRELUDE_H__
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <gst/gst.h>
#ifdef BUILDING_GST_GL

35
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch Normal file
View File

@@ -0,0 +1,35 @@
From 3eee4954d70accf94262299994eb21107a65dea8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 21:35:07 +0300
Subject: [PATCH] vorbisdec: Set at most 64 channels to NONE position
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-115
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035>
CVE: CVE-2024-47538
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3eee4954d70accf94262299994eb21107a65dea8]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
ext/vorbis/gstvorbisdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/vorbis/gstvorbisdec.c b/ext/vorbis/gstvorbisdec.c
index 6a410ed858..1fc4fa883e 100644
--- a/ext/vorbis/gstvorbisdec.c
+++ b/ext/vorbis/gstvorbisdec.c
@@ -204,7 +204,7 @@ vorbis_handle_identification_packet (GstVorbisDec * vd)
}
default:{
GstAudioChannelPosition position[64];
- gint i, max_pos = MAX (vd->vi.channels, 64);
+ gint i, max_pos = MIN (vd->vi.channels, 64);
GST_ELEMENT_WARNING (vd, STREAM, DECODE,
(NULL), ("Using NONE channel layout for more than 8 channels"));
--
2.30.2

41
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch Normal file
View File

@@ -0,0 +1,41 @@
From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 1 Oct 2024 13:22:50 +0300
Subject: [PATCH] opusdec: Set at most 64 channels to NONE position
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-116
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>
CVE: CVE-2024-47607
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
ext/opus/gstopusdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ext/opus/gstopusdec.c b/ext/opus/gstopusdec.c
index 99289fa7d2..d3f461d9a8 100644
--- a/ext/opus/gstopusdec.c
+++ b/ext/opus/gstopusdec.c
@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * dec, GstBuffer * buf)
posn = gst_opus_channel_positions[dec->n_channels - 1];
break;
default:{
- gint i;
+ guint i, max_pos = MIN (dec->n_channels, 64);
GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
(NULL), ("Using NONE channel layout for more than 8 channels"));
- for (i = 0; i < dec->n_channels; i++)
+ for (i = 0; i < max_pos; i++)
pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
posn = pos;
--
2.30.2

80
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch Normal file
View File

@@ -0,0 +1,80 @@
From 006047a23a4e4c146e40e5dab765bc6318a94744 Mon Sep 17 00:00:00 2001
From: Mathieu Duponchelle <mathieu@centricular.com>
Date: Wed, 2 Oct 2024 15:16:30 +0200
Subject: [PATCH 1/2] vorbis_parse: check writes to
GstOggStream.vorbis_mode_sizes
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-117 Fixes gstreamer#3875
Also perform out-of-bounds check for accesses to op->packet
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
CVE: CVE-2024-47615
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/006047a23a4e4c146e40e5dab765bc6318a94744]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
ext/ogg/vorbis_parse.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/ext/ogg/vorbis_parse.c b/ext/ogg/vorbis_parse.c
index 65ef463808..757c7cd82b 100644
--- a/ext/ogg/vorbis_parse.c
+++ b/ext/ogg/vorbis_parse.c
@@ -165,6 +165,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
if (offset == 0) {
offset = 8;
current_pos -= 1;
+
+ /* have we underrun? */
+ if (current_pos < op->packet)
+ return -1;
}
}
@@ -178,6 +182,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
if (offset == 7)
current_pos -= 1;
+ /* have we underrun? */
+ if (current_pos < op->packet + 5)
+ return -1;
+
if (((current_pos[-5] & ~((1 << (offset + 1)) - 1)) != 0)
||
current_pos[-4] != 0
@@ -199,9 +207,18 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
/* Give ourselves a chance to recover if we went back too far by using
* the size check. */
for (ii = 0; ii < 2; ii++) {
+
if (offset > 4) {
+ /* have we underrun? */
+ if (current_pos < op->packet)
+ return -1;
+
size_check = (current_pos[0] >> (offset - 5)) & 0x3F;
} else {
+ /* have we underrun? */
+ if (current_pos < op->packet + 1)
+ return -1;
+
/* mask part of byte from current_pos */
size_check = (current_pos[0] & ((1 << (offset + 1)) - 1));
/* shift to appropriate position */
@@ -233,6 +250,10 @@ gst_parse_vorbis_setup_packet (GstOggStream * pad, ogg_packet * op)
mode_size_ptr = pad->vorbis_mode_sizes;
+ if (size > G_N_ELEMENTS (pad->vorbis_mode_sizes)) {
+ return -1;
+ }
+
for (i = 0; i < size; i++) {
offset = (offset + 1) % 8;
if (offset == 0)
--
2.30.2

168
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch Normal file
View File

@@ -0,0 +1,168 @@
From e633ec642825466b91fc12da6629c307906fa206 Mon Sep 17 00:00:00 2001
From: Mathieu Duponchelle <mathieu@centricular.com>
Date: Wed, 2 Oct 2024 16:52:51 +0200
Subject: [PATCH 2/2] oggstream: review and fix per-format min_packet_size
This addresses all manually detected invalid reads in setup functions.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
CVE: CVE-2024-47615
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e633ec642825466b91fc12da6629c307906fa206]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
ext/ogg/gstoggstream.c | 40 ++++++++++++----------------------------
1 file changed, 12 insertions(+), 28 deletions(-)
diff --git a/ext/ogg/gstoggstream.c b/ext/ogg/gstoggstream.c
index a8883304a5..ab6be238dc 100644
--- a/ext/ogg/gstoggstream.c
+++ b/ext/ogg/gstoggstream.c
@@ -665,11 +665,6 @@ setup_vp8_mapper (GstOggStream * pad, ogg_packet * packet)
{
gint width, height, par_n, par_d, fps_n, fps_d;
- if (packet->bytes < 26) {
- GST_DEBUG ("Failed to parse VP8 BOS page");
- return FALSE;
- }
-
width = GST_READ_UINT16_BE (packet->packet + 8);
height = GST_READ_UINT16_BE (packet->packet + 10);
par_n = GST_READ_UINT24_BE (packet->packet + 12);
@@ -1221,11 +1216,6 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
gint64 prestime_n, prestime_d;
gint64 basetime_n, basetime_d;
- if (packet->bytes < 44) {
- GST_DEBUG ("Not enough data for fishead header");
- return FALSE;
- }
-
data = packet->packet;
data += 8; /* header */
@@ -1256,8 +1246,8 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
pad->prestime = -1;
/* Ogg Skeleton 3.3+ streams provide additional information in the header */
- if (packet->bytes >= SKELETON_FISHEAD_3_3_MIN_SIZE && pad->skeleton_major == 3
- && pad->skeleton_minor > 0) {
+ if (packet->bytes - 44 >= SKELETON_FISHEAD_3_3_MIN_SIZE
+ && pad->skeleton_major == 3 && pad->skeleton_minor > 0) {
gint64 firstsampletime_n, firstsampletime_d;
gint64 lastsampletime_n, lastsampletime_d;
gint64 firstsampletime, lastsampletime;
@@ -1296,7 +1286,7 @@ setup_fishead_mapper (GstOggStream * pad, ogg_packet * packet)
GST_INFO ("skeleton fishead parsed total: %" GST_TIME_FORMAT,
GST_TIME_ARGS (pad->total_time));
- } else if (packet->bytes >= SKELETON_FISHEAD_4_0_MIN_SIZE
+ } else if (packet->bytes - 44 >= SKELETON_FISHEAD_4_0_MIN_SIZE
&& pad->skeleton_major == 4) {
guint64 segment_length, content_offset;
@@ -1980,9 +1970,6 @@ setup_kate_mapper (GstOggStream * pad, ogg_packet * packet)
guint8 *data = packet->packet;
const char *category;
- if (packet->bytes < 64)
- return FALSE;
-
pad->granulerate_n = GST_READ_UINT32_LE (data + 24);
pad->granulerate_d = GST_READ_UINT32_LE (data + 28);
pad->granuleshift = GST_READ_UINT8 (data + 15);
@@ -2111,9 +2098,6 @@ setup_opus_mapper (GstOggStream * pad, ogg_packet * packet)
{
GstBuffer *buffer;
- if (packet->bytes < 19)
- return FALSE;
-
pad->granulerate_n = 48000;
pad->granulerate_d = 1;
pad->granuleshift = 0;
@@ -2394,7 +2378,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "\001vorbis", 7, 22,
+ "\001vorbis", 7, 29,
"audio/x-vorbis",
setup_vorbis_mapper,
NULL,
@@ -2426,7 +2410,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "PCM ", 8, 0,
+ "PCM ", 8, 28,
"audio/x-raw",
setup_pcm_mapper,
NULL,
@@ -2442,7 +2426,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "CMML\0\0\0\0", 8, 0,
+ "CMML\0\0\0\0", 8, 29,
"text/x-cmml",
setup_cmml_mapper,
NULL,
@@ -2458,7 +2442,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "Annodex", 7, 0,
+ "Annodex", 7, 44,
"application/x-annodex",
setup_fishead_mapper,
NULL,
@@ -2537,7 +2521,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "CELT ", 8, 0,
+ "CELT ", 8, 60,
"audio/x-celt",
setup_celt_mapper,
NULL,
@@ -2553,7 +2537,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "\200kate\0\0\0", 8, 0,
+ "\200kate\0\0\0", 8, 64,
"text/x-kate",
setup_kate_mapper,
NULL,
@@ -2585,7 +2569,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "OVP80\1\1", 7, 4,
+ "OVP80\1\1", 7, 26,
"video/x-vp8",
setup_vp8_mapper,
setup_vp8_mapper_from_caps,
@@ -2601,7 +2585,7 @@ const GstOggMap mappers[] = {
update_stats_vp8
},
{
- "OpusHead", 8, 0,
+ "OpusHead", 8, 19,
"audio/x-opus",
setup_opus_mapper,
NULL,
@@ -2649,7 +2633,7 @@ const GstOggMap mappers[] = {
NULL
},
{
- "\001text\0\0\0", 9, 9,
+ "\001text\0\0\0", 9, 25,
"application/x-ogm-text",
setup_ogmtext_mapper,
NULL,
--
2.30.2

38
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch Normal file
View File

@@ -0,0 +1,38 @@
From 15bb318416e1bf6b6b557006a37d1da86c3a76a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 21:40:44 +0300
Subject: [PATCH 1/2] ssaparse: Search for closing brace after opening brace
Otherwise removing anything between the braces leads to out of bound writes if
there is a closing brace before the first opening brace.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-228
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
CVE: CVE-2024-47541
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/15bb318416e1bf6b6b557006a37d1da86c3a76a8]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
gst/subparse/gstssaparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c
index 42fbb42b99..37b892e928 100644
--- a/gst/subparse/gstssaparse.c
+++ b/gst/subparse/gstssaparse.c
@@ -238,7 +238,7 @@ gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
gboolean removed_any = FALSE;
while ((t = strchr (txt, '{'))) {
- end = strchr (txt, '}');
+ end = strchr (t, '}');
if (end == NULL) {
GST_WARNING_OBJECT (parse, "Missing { for style override code");
return removed_any;
--
2.30.2

99
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch Normal file
View File

@@ -0,0 +1,99 @@
From 403b10eba06679319aa2e35d310236234782102f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 18:36:19 +0300
Subject: [PATCH 2/2] ssaparse: Don't use strstr() on strings that are
potentially not NULL-terminated
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
CVE: CVE-2024-47541
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/403b10eba06679319aa2e35d310236234782102f]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
gst/subparse/gstssaparse.c | 36 +++++++++++++++++++++++++++++++++++-
meson.build | 1 +
2 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/gst/subparse/gstssaparse.c b/gst/subparse/gstssaparse.c
index 37b892e928..c162a542f5 100644
--- a/gst/subparse/gstssaparse.c
+++ b/gst/subparse/gstssaparse.c
@@ -146,6 +146,35 @@ gst_ssa_parse_sink_event (GstPad * pad, GstObject * parent, GstEvent * event)
return res;
}
+#ifndef HAVE_MEMMEM
+// memmem() is a GNU extension so if it's not available we'll need
+// our own implementation here. Thanks C.
+static void *
+my_memmem (const void *haystack, size_t haystacklen, const void *needle,
+ size_t needlelen)
+{
+ const guint8 *cur, *end;
+
+ if (needlelen > haystacklen)
+ return NULL;
+ if (needlelen == 0)
+ return (void *) haystack;
+
+
+ cur = haystack;
+ end = cur + haystacklen - needlelen;
+
+ for (; cur <= end; cur++) {
+ if (memcmp (cur, needle, needlelen) == 0)
+ return (void *) cur;
+ }
+
+ return NULL;
+}
+#else
+#define my_memmem memmem
+#endif
+
static gboolean
gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
{
@@ -154,6 +183,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
const GValue *val;
GstStructure *s;
const guchar bom_utf8[] = { 0xEF, 0xBB, 0xBF };
+ const guint8 header[] = "[Script Info]";
const gchar *end;
GstBuffer *priv;
GstMapInfo map;
@@ -193,7 +223,7 @@ gst_ssa_parse_setcaps (GstPad * sinkpad, GstCaps * caps)
left -= 3;
}
- if (!strstr (ptr, "[Script Info]"))
+ if (!my_memmem (ptr, left, header, sizeof (header) - 1))
goto invalid_init;
if (!g_utf8_validate (ptr, left, &end)) {
@@ -231,6 +261,10 @@ invalid_init:
}
}
+#ifdef my_memmem
+#undef my_memmem
+#endif
+
static gboolean
gst_ssa_parse_remove_override_codes (GstSsaParse * parse, gchar * txt)
{
diff --git a/meson.build b/meson.build
index d1033bef4a..65d0944114 100644
--- a/meson.build
+++ b/meson.build
@@ -199,6 +199,7 @@ check_functions = [
['HAVE_LRINTF', 'lrintf', '#include<math.h>'],
['HAVE_MMAP', 'mmap', '#include<sys/mman.h>'],
['HAVE_LOG2', 'log2', '#include<math.h>'],
+ ['HAVE_MEMMEM', 'memmem', '#include<string.h>'],
]
libm = cc.find_library('m', required : false)
--
2.30.2

64
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch Normal file
View File

@@ -0,0 +1,64 @@
From 537161868f36048571f400648ac7909f26c73d53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Thu, 26 Sep 2024 13:43:06 +0300
Subject: [PATCH] id3v2: Don't try parsing extended header if not enough data
is available
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-235
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033>
CVE: CVE-2024-47542
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/537161868f36048571f400648ac7909f26c73d53]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
gst-libs/gst/tag/id3v2.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/gst-libs/gst/tag/id3v2.c b/gst-libs/gst/tag/id3v2.c
index 7db2cb7e12..70f975d133 100644
--- a/gst-libs/gst/tag/id3v2.c
+++ b/gst-libs/gst/tag/id3v2.c
@@ -29,7 +29,7 @@
#define HANDLE_INVALID_SYNCSAFE
-static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size);
+static gboolean id3v2_frames_to_tag_list (ID3TagsWorking * work);
#ifndef GST_DISABLE_GST_DEBUG
@@ -258,7 +258,7 @@ gst_tag_list_from_id3v2_tag (GstBuffer * buffer)
GST_MEMDUMP ("ID3v2 tag (un-unsyced)", uu_data, work.hdr.frame_data_size);
}
- id3v2_frames_to_tag_list (&work, work.hdr.frame_data_size);
+ id3v2_frames_to_tag_list (&work);
g_free (uu_data);
@@ -440,12 +440,17 @@ id3v2_add_id3v2_frame_blob_to_taglist (ID3TagsWorking * work,
}
static gboolean
-id3v2_frames_to_tag_list (ID3TagsWorking * work, guint size)
+id3v2_frames_to_tag_list (ID3TagsWorking * work)
{
guint frame_hdr_size;
/* Extended header if present */
if (work->hdr.flags & ID3V2_HDR_FLAG_EXTHDR) {
+ if (work->hdr.frame_data_size < 4) {
+ GST_DEBUG ("Tag has no extended header data. Broken tag");
+ return FALSE;
+ }
+
work->hdr.ext_hdr_size = id3v2_read_synch_uint (work->hdr.frame_data, 4);
/* In id3v2.4.x the header size is the size of the *whole*
--
2.30.2

38
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch Normal file
View File

@@ -0,0 +1,38 @@
From aa07d94c10d71fac389dbbb264a59c1f6117eead Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 18:19:30 +0300
Subject: [PATCH] discoverer: Don't print channel layout for more than 64
channels
64+ channels are always unpositioned / unknown layout.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-248
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034>
CVE: CVE-2024-47600
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa07d94c10d71fac389dbbb264a59c1f6117eead]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
tools/gst-discoverer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/gst-discoverer.c b/tools/gst-discoverer.c
index e3f048bed5..4a2a1b4bc4 100644
--- a/tools/gst-discoverer.c
+++ b/tools/gst-discoverer.c
@@ -222,7 +222,7 @@ format_channel_mask (GstDiscovererAudioInfo * ainfo)
channel_mask = gst_discoverer_audio_info_get_channel_mask (ainfo);
- if (channel_mask != 0) {
+ if (channel_mask != 0 && channels <= 64) {
gst_audio_channel_positions_from_mask (channels, channel_mask, position);
for (i = 0; i < channels; i++) {
--
2.30.2

39
sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch Normal file
View File

@@ -0,0 +1,39 @@
From 4c40f73b7002967e824ef34a5435282f4a0ea363 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Wed, 9 Oct 2024 11:23:47 -0400
Subject: [PATCH] subparse: Check for NULL return of strchr() when parsing LRC
subtitles
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-263
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039>
CVE: CVE-2024-47835
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4c40f73b7002967e824ef34a5435282f4a0ea363]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
gst/subparse/gstsubparse.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
index 8d925524a6..7d286ed318 100644
--- a/gst/subparse/gstsubparse.c
+++ b/gst/subparse/gstsubparse.c
@@ -1068,6 +1068,11 @@ parse_lrc (ParserState * state, const gchar * line)
return NULL;
start = strchr (line, ']');
+ // sscanf() does not check for the trailing ] but only up to the last
+ // placeholder, so there might be no ] at the end.
+ if (!start)
+ return NULL;
+
if (start - line == 9)
milli = 10;
else
--
2.30.2