2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
new file mode 100644
index 0000000000..7a27af1291
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
@@ -0,0 +1,41 @@
+From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 1 Oct 2024 13:22:50 +0300
+Subject: [PATCH] opusdec: Set at most 64 channels to NONE position
+Thanks to Antonio Morales for finding and reporting the issue.
+Fixes GHSL-2024-116
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>
+CVE: CVE-2024-47607
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/opus/gstopusdec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/ext/opus/gstopusdec.c b/ext/opus/gstopusdec.c
+index 99289fa7d2..d3f461d9a8 100644
+--- a/ext/opus/gstopusdec.c
+++ b/ext/opus/gstopusdec.c
+@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * dec, GstBuffer * buf)
+         posn = gst_opus_channel_positions[dec->n_channels - 1];
+         break;
+       default:{
+-        gint i;
+        guint i, max_pos = MIN (dec->n_channels, 64);
+ 
+         GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
+             (NULL), ("Using NONE channel layout for more than 8 channels"));
+ 
+-        for (i = 0; i < dec->n_channels; i++)
+        for (i = 0; i < max_pos; i++)
+           pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
+ 
+         posn = pos;
+-- 
+2.30.2
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
index fbdd599eb9..ffae227154 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -11,6 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
           file://0003-viv-fb-Make-sure-config.h-is-included.patch \
           file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
           file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \
+           file://0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch \
           "
 SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch new file mode 100644 index 0000000000..7a27af1291 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
@@ -0,0 +1,41 @@
		1	From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001
		2	From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
		3	Date: Tue, 1 Oct 2024 13:22:50 +0300
		4	Subject: [PATCH] opusdec: Set at most 64 channels to NONE position
		5
		6	Thanks to Antonio Morales for finding and reporting the issue.
		7
		8	Fixes GHSL-2024-116
		9	Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871
		10
		11	Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>
		12
		13	CVE: CVE-2024-47607
		14	Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59]
		15	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		16	---
		17	ext/opus/gstopusdec.c \| 4 ++--
		18	1 file changed, 2 insertions(+), 2 deletions(-)
		19
		20	diff --git a/ext/opus/gstopusdec.c b/ext/opus/gstopusdec.c
		21	index 99289fa7d2..d3f461d9a8 100644
		22	--- a/ext/opus/gstopusdec.c
		23	+++ b/ext/opus/gstopusdec.c
		24	@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * dec, GstBuffer * buf)
		25	posn = gst_opus_channel_positions[dec->n_channels - 1];
		26	break;
		27	default:{
		28	- gint i;
		29	+ guint i, max_pos = MIN (dec->n_channels, 64);
		30
		31	GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
		32	(NULL), ("Using NONE channel layout for more than 8 channels"));
		33
		34	- for (i = 0; i < dec->n_channels; i++)
		35	+ for (i = 0; i < max_pos; i++)
		36	pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
		37
		38	posn = pos;
		39	--
		40	2.30.2
		41


diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index fbdd599eb9..ffae227154 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
@@ -11,6 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
11	file://0003-viv-fb-Make-sure-config.h-is-included.patch \	11	file://0003-viv-fb-Make-sure-config.h-is-included.patch \
12	file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \	12	file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
13	file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \	13	file://0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch \
		14	file://0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch \
14	"	15	"
15	SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"	16	SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"
16		17