| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Skip-failing-tests.patch | Skip failing tests The rtpvp8 test is new for 1.20 but fails. The rtpstorage test isn't new but started failing with 1.20 https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1220 https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1221 |
Jeremy Bicha <jeremy.bicha@canonical.com> | no | 2022-05-16 | ||
| GST-2023-0001.patch | no | |||||
| qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch | qtdemux: Avoid integer overflow when parsing Theora extension Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-166 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2d7a11f5e6be5c323b2fed8158bc9df37752e495 | 2024-09-26 | |
| jpegdec-Directly-error-out-on-negotiation-failures.patch | jpegdec: Directly error out on negotiation failures Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-247 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3862 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8b1c866e93749fd42d1908ec77a4f339343acbb2 | 2024-09-30 | |
| gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch | gdkpixbufdec: Check if initializing the video info actually succeeded Otherwise a 0-byte buffer would be allocated, which gives NULL memory when mapped. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-118 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3876 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5106dc94fb9b2d8bd0db547e2c325244b7c1f32c | 2024-10-02 | |
| wavparse-Check-for-short-reads-when-parsing-headers-.patch | wavparse: Check for short reads when parsing headers in pull mode And also return the actual flow return to the caller instead of always returning GST_FLOW_ERROR. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-258, GHSL-2024-260 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c627f3a28bc792580f9a9ebcbb309b2256e4a895 | 2024-10-04 | |
| wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch | wavparse: Make sure enough data for the tag list tag is available before parsing Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-258 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f5fa594695e5a9b347e88719b487d9779f80926a | 2024-10-04 | |
| wavparse-Fix-parsing-of-acid-chunk.patch | wavparse: Fix parsing of acid chunk Simply casting the bytes to a struct can lead to crashes because of unaligned reads, and is also missing the endianness swapping that is necessary on big endian architectures. |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8911020ae3da65b224dd1c87de3437a532e9efa4 | 2024-10-04 | |
| wavparse-Check-that-at-least-4-bytes-are-available-b.patch | wavparse: Check that at least 4 bytes are available before parsing cue chunks | =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8f04506d7e68a653c8d7c5e2fb0a19ef93c6ea35 | 2024-10-04 | |
| wavparse-Check-that-at-least-32-bytes-are-available-.patch | wavparse: Check that at least 32 bytes are available before parsing smpl chunks Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-259 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3887 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3d2a5841d777dd95afdea30ad134f96c876f84ab | 2024-10-04 | |
| wavparse-Fix-clipping-of-size-to-the-file-size.patch | wavparse: Fix clipping of size to the file size The size does not include the 8 bytes tag and length, so an additional 8 bytes must be removed here. 8 bytes are always available at this point because otherwise the parsing of the tag and length right above would've failed. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-260 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/34cfd6b82c3ae6772b9b43b3f6243f85cea35c38 | 2024-10-04 | |
| wavparse-Check-size-before-reading-ds64-chunk.patch | wavparse: Check size before reading ds64 chunk Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-261 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3889 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ba8476d3448eeaf016345ae0697b8447c0f62636 | 2024-10-04 | |
| avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch | avisubtitle: Fix size checks and avoid overflows when checking sizes Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-262 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3890 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/98c2175d255bd2459d7645ac6aee50be5cb57fe3 | 2024-10-04 | |
| matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch | matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-197 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3863 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a16851ebf34a9f9be4285b2c0d75fe7844354efe | 2024-09-30 | |
| matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch | matroskademux: Fix off-by-one when parsing multi-channel WavPack | =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/816a970a042c96669da25b7a046f0ab8311a78d9 | 2024-09-30 | |
| matroskademux-Check-for-big-enough-WavPack-codec-pri.patch | matroskademux: Check for big enough WavPack codec private data before accessing it Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-250 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3866 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/eec4043430d30956ad4aea02a7b67a5758d99f11 | 2024-09-30 | |
| matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch | matroskademux: Don't take data out of an empty adapter when processing WavPack frames Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-249 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2dcb071d4995032ed9242bb863189939b211f5cc | 2024-09-30 | |
| matroskademux-Skip-over-laces-directly-when-postproc.patch | matroskademux: Skip over laces directly when postprocessing the frame fails Otherwise NULL buffers might be handled afterwards. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-249 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e5ffa9c9778454457665c1ee1c5bcc17ed3537ac | 2024-09-30 | |
| matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch | matroskademux: Skip over zero-sized Xiph stream headers Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-251 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3867 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/09803e225de515c8881fd13ed464c23771a4d1a6 | 2024-09-30 | |
| matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch | matroskademux: Put a copy of the codec data into the A_MS/ACM caps The original codec data buffer is owned by matroskademux and does not necessarily live as long as the caps. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-280 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3894 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2c9abe111bd9122967784ef2b55c9017dc2682b8 | 2024-10-09 | |
| qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch | qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4 This can lead to out of bounds writes and NULL pointer dereferences. Fixes GHSL-2024-094, GHSL-2024-237, GHSL-2024-241 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3839 |
Antonio Morales <antonio-morales@github.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c3a2af94c652513ac1b1858295688ac88c5cc737 | 2024-09-26 | |
| qtdemux-Fix-debug-output-during-trun-parsing.patch | qtdemux: Fix debug output during trun parsing Various integers are unsigned so print them as such. Also print the actual allocation size if allocation fails, not only parts of it. |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/812f175c580a2e702581859fd481c8f51d633508 | 2024-09-26 | |
| qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch | qtdemux: Don't iterate over all trun entries if none of the flags are set Nothing would be printed anyway. |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/eb7f9331c2294bc28a549b79c9f931c3e6c6bc44 | 2024-09-26 | |
| qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch | qtdemux: Check sizes of stsc/stco/stts before trying to merge entries Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-246 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3854 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1def2965d8da8cc74ab0036d7f8d59e81e676cad | 2024-09-27 | |
| qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch | qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data An odd number of bytes would lead to out of bound reads and writes, and doesn't make any sense as CEA608 comes in byte pairs. Strip off any leftover bytes and assume everything before that is valid. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-195 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3841 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/314945426c7105ad90f44a188037bc43bb3b0300 | 2024-09-26 | |
| qtdemux-Make-sure-enough-data-is-available-before-re.patch | qtdemux: Make sure enough data is available before reading wave header node Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-236 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3843 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8ef08a7a41da987aa630082df355ea651aa09132 | 2024-09-26 | |
| qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch | qtdemux: Fix length checks and offsets in stsd entry parsing Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-242 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3845 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fe9d5d37234aca04fef7248184177168905a7a69 | 2024-09-27 | |
| qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch | qtdemux: Fix error handling when parsing cenc sample groups fails Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-238, GHSL-2024-239, GHSL-2024-240 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3846 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8e884e4e31649a9fc19095d6501a1143b074aba8 | 2024-09-27 | |
| qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch | qtdemux: Make sure there are enough offsets to read when parsing samples While this specific case is also caught when initializing co_chunk, the error is ignored in various places and calling into the function would lead to out of bounds reads if the error message doesn't cause the pipeline to be shut down fast enough. To avoid this, no matter what, make sure enough offsets are available when parsing them. While this is potentially slower, the same is already done in the non-chunks_are_samples case. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-245 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7f8f280555201f51898727919831259e68271868 | 2024-09-27 | |
| qtdemux-Actually-handle-errors-returns-from-various-.patch | qtdemux: Actually handle errors returns from various functions instead of ignoring them Ignoring them might cause the element to continue as if all is fine despite the internal state being inconsistent. This can lead to all kinds of follow-up issues, including memory safety issues. Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-245 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/83056792a8bd179d7e4ba4b3d234ab75205e47d2 | 2024-09-27 | |
| qtdemux-Check-for-invalid-atom-length-when-extractin.patch | qtdemux: Check for invalid atom length when extracting Closed Caption data Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-243 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3849 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f31dbbc1bcc00096ab863ee6aaecad493c71c333 | 2024-09-26 | |
| qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch | qtdemux: Add size check for parsing SMI / SEQH atom Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-244 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3853 |
=?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> | no | https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8603e78a07a307139fd45ee11e7623de01494bf3 | 2024-09-27 |