From fbd6f3b4e6f29371acdac9d4192b3ca87c8ba0a5 Mon Sep 17 00:00:00 2001
From: technology208 <technology@208suo.com>
Date: Thu, 14 Mar 2024 19:00:12 +0800
Subject: [PATCH] fix CVE-2023-37328

(cherry picked from commit 56b0783492b9f36169a516ce1e6713311261e6d7)
---
 CVE-2023-37328.patch         | 25 +++++++++++++++++++++++++
 gstreamer1-plugins-base.spec |  7 ++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2023-37328.patch

diff --git a/CVE-2023-37328.patch b/CVE-2023-37328.patch
new file mode 100644
index 0000000..56778e6
--- /dev/null
+++ b/CVE-2023-37328.patch
@@ -0,0 +1,25 @@
+From 18b887d30a81deadd600017265cb61f5d0e1bea0 Mon Sep 17 00:00:00 2001
+From: technology208 <technology@208suo.com>
+Date: Thu, 14 Mar 2024 15:54:38 +0800
+Subject: [PATCH] Create Patch
+
+---
+ gst/subparse/gstsubparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
+index 4254158..e8d3eca 100644
+--- a/gst/subparse/gstsubparse.c
++++ b/gst/subparse/gstsubparse.c
+@@ -814,7 +814,7 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
+     }
+ 
+     if (*next_tag == '<' && *(next_tag + 1) == '/') {
+-      end_tag = strchr (cur, '>');
++      end_tag = strchr (next_tag, '>');
+       if (end_tag) {
+         const gchar *last = NULL;
+         if (num_open_tags > 0)
+-- 
+2.33.0
+
diff --git a/gstreamer1-plugins-base.spec b/gstreamer1-plugins-base.spec
index 6a35dda..a8727d2 100644
--- a/gstreamer1-plugins-base.spec
+++ b/gstreamer1-plugins-base.spec
@@ -3,7 +3,7 @@
 
 Name:            gstreamer1-plugins-base
 Version:         1.18.4
-Release:         5
+Release:         6
 Summary:         GStreamer streaming media framework base plugins
 License:         LGPLv2+
 URL:             http://gstreamer.freedesktop.org/
@@ -13,6 +13,7 @@ Patch0:         0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
 Patch1000:      gst-plugins-base-1.18.4-sw.patch
 
 Patch6000:	backport-xclaesse-fix-meson-0-58.patch
+Patch6001:         CVE-2023-37328.patch
 
 BuildRequires:  gcc-c++ gstreamer1-devel >= %{version} gobject-introspection-devel >= 1.31.1 iso-codes-devel alsa-lib-devel
 BuildRequires:  cdparanoia-devel libogg-devel >= 1.0 libtheora-devel >= 1.1 libvisual-devel libvorbis-devel >= 1.0 libXv-devel
@@ -53,6 +54,7 @@ This package provides manual for developpers.
 %patch0 -p1
 %patch1000 -p1
 %patch6000 -p1
+%patch6001 -p1
 
 %build
 %meson -D doc=disabled -D gtk_doc=disabled -D orc=enabled \
@@ -268,6 +270,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -fv {} ';'
 %{_mandir}/man1/gst-device-monitor-*.gz
 
 %changelog
+* Fri Mar 15 2024 technology208 <technology@208suo.com> - 1.18.4-6
+- fix CVE-2023-37328
+
 * Sun Feb 04 2024 yangchenguang <yangchenguang@kylinsec.com.cn> - 1.18.4-5
 - Add build sw_64 support
 
-- 
Gitee