summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--groups/251.native_packages_lib.group6
-rw-r--r--patches/libmad-0.15.1b_pre.local.patch88
-rw-r--r--patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch197
3 files changed, 290 insertions, 1 deletions
diff --git a/groups/251.native_packages_lib.group b/groups/251.native_packages_lib.group
index 83a6aa04..bc78c617 100644
--- a/groups/251.native_packages_lib.group
+++ b/groups/251.native_packages_lib.group
@@ -5,7 +5,7 @@ GROUP_TARGET="native_packages";
NATIVE_PACKAGES_PACKAGES="$(rtl_lconcat "${NATIVE_PACKAGES_PACKAGES}" "
glib jansson lame libarchive libassuan libatomic_ops libdmtx libedit libeditline libelf libestr
libevent libfastjson libfetch libffi libfirm libflac libgcrypt libgpg_error libidn2 libite
-libjpeg_turbo libksba libmspack libmp3splt libnettle libogg libpcap libpipeline libpng libpsl
+libjpeg_turbo libksba libmad libmspack libmp3splt libnettle libogg libpcap libpipeline libpng libpsl
libreadline libredwg libressl libsasl2 libshine libsndfile libsolv libssh libstrophe libtasn1
libtelnet libtheora libtirpc libudns libunistring libuv libvorbis libxml2
libxslt libz libzip lzo sdl1 sdl1_net sdl1_image sdl1_ttf sdl2 sdl2_image sdl2_ttf wolfssl")";
@@ -113,6 +113,10 @@ libxslt libz libzip lzo sdl1 sdl1_net sdl1_image sdl1_ttf sdl2 sdl2_image sdl2_t
: ${PKG_LIBKSBA_VERSION:=1.5.0};
: ${PKG_LIBKSBA_URL:=https://www.gnupg.org/ftp/gcrypt/libksba/libksba-${PKG_LIBKSBA_VERSION}.tar.bz2};
: ${PKG_LIBKSBA_CONFIGURE_ARGS_EXTRA:=--with-libgpg-error-prefix=${PREFIX_NATIVE}};
+: ${PKG_LIBMAD_SHA256SUM:=bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690};
+: ${PKG_LIBMAD_VERSION:=0.15.1b};
+: ${PKG_LIBMAD_URL:=https://sources.voidlinux.org/libmad-${PKG_LIBMAD_VERSION}/libmad-${PKG_LIBMAD_VERSION}.tar.gz};
+: ${PKG_LIBMAD_CONFIGURE_ARGS_EXTRA:="--enable-fpm=64bit --enable-accuracy"};
: ${PKG_LIBMSPACK_SHA256SUM:=bac862dee6e0fc10d92c70212441d9f8ad9b0222edc9a708c3ead4adb1b24a8e};
: ${PKG_LIBMSPACK_VERSION:=0.10.1alpha};
: ${PKG_LIBMSPACK_URL:=https://www.cabextract.org.uk/libmspack/libmspack-${PKG_LIBMSPACK_VERSION}.tar.gz};
diff --git a/patches/libmad-0.15.1b_pre.local.patch b/patches/libmad-0.15.1b_pre.local.patch
new file mode 100644
index 00000000..12ce2f71
--- /dev/null
+++ b/patches/libmad-0.15.1b_pre.local.patch
@@ -0,0 +1,88 @@
+diff -ru libmad-0.15.1b.orig/configure libmad-0.15.1b/configure
+--- libmad-0.15.1b.orig/configure 2004-02-05 10:34:07.000000000 +0100
++++ libmad-0.15.1b/configure 2021-03-26 16:20:59.999840447 +0100
+@@ -19064,7 +19064,7 @@
+ shift
+ ;;
+ -O2)
+- optimize="-O"
++ optimize="-O2"
+ shift
+ ;;
+ -fomit-frame-pointer)
+@@ -19081,74 +19081,6 @@
+ esac
+ done
+
+-if test "$GCC" = yes
+-then
+- if test -z "$arch"
+- then
+- case "$host" in
+- i386-*) ;;
+- i?86-*) arch="-march=i486" ;;
+- arm*-empeg-*) arch="-march=armv4 -mtune=strongarm1100" ;;
+- armv4*-*) arch="-march=armv4 -mtune=strongarm" ;;
+- powerpc-*) ;;
+- mips*-agenda-*) arch="-mcpu=vr4100" ;;
+- mips*-luxsonor-*) arch="-mips1 -mcpu=r3000 -Wa,-m4010" ;;
+- esac
+- fi
+-
+- case "$optimize" in
+- -O|"-O "*)
+- optimize="-O"
+- optimize="$optimize -fforce-mem"
+- optimize="$optimize -fforce-addr"
+- : #x optimize="$optimize -finline-functions"
+- : #- optimize="$optimize -fstrength-reduce"
+- optimize="$optimize -fthread-jumps"
+- optimize="$optimize -fcse-follow-jumps"
+- optimize="$optimize -fcse-skip-blocks"
+- : #x optimize="$optimize -frerun-cse-after-loop"
+- : #x optimize="$optimize -frerun-loop-opt"
+- : #x optimize="$optimize -fgcse"
+- optimize="$optimize -fexpensive-optimizations"
+- optimize="$optimize -fregmove"
+- : #* optimize="$optimize -fdelayed-branch"
+- : #x optimize="$optimize -fschedule-insns"
+- optimize="$optimize -fschedule-insns2"
+- : #? optimize="$optimize -ffunction-sections"
+- : #? optimize="$optimize -fcaller-saves"
+- : #> optimize="$optimize -funroll-loops"
+- : #> optimize="$optimize -funroll-all-loops"
+- : #x optimize="$optimize -fmove-all-movables"
+- : #x optimize="$optimize -freduce-all-givs"
+- : #? optimize="$optimize -fstrict-aliasing"
+- : #* optimize="$optimize -fstructure-noalias"
+-
+- case "$host" in
+- arm*-*)
+- optimize="$optimize -fstrength-reduce"
+- ;;
+- mips*-*)
+- optimize="$optimize -fstrength-reduce"
+- optimize="$optimize -finline-functions"
+- ;;
+- i?86-*)
+- optimize="$optimize -fstrength-reduce"
+- ;;
+- powerpc-apple-*)
+- # this triggers an internal compiler error with gcc2
+- : #optimize="$optimize -fstrength-reduce"
+-
+- # this is really only beneficial with gcc3
+- : #optimize="$optimize -finline-functions"
+- ;;
+- *)
+- # this sometimes provokes bugs in gcc 2.95.2
+- : #optimize="$optimize -fstrength-reduce"
+- ;;
+- esac
+- ;;
+- esac
+-fi
+
+ case "$host" in
+ mips*-agenda-*)
+Only in libmad-0.15.1b.orig/: libmad-0.15.1b
diff --git a/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch b/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch
new file mode 100644
index 00000000..9cc8913e
--- /dev/null
+++ b/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch
@@ -0,0 +1,197 @@
+; You can calculate where the next frame will start depending on things
+; like the bitrate. See mad_header_decode(). It seems that when decoding
+; the frame you can go past that boundary. This attempts to catch those cases,
+; but might not catch all of them.
+; For more info see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133
+Index: libmad-0.15.1b/layer12.c
+===================================================================
+--- a/layer12.c 2008-12-23 21:38:07.000000000 +0100
++++ b/layer12.c 2008-12-23 21:38:12.000000000 +0100
+@@ -134,6 +134,12 @@
+ for (sb = 0; sb < bound; ++sb) {
+ for (ch = 0; ch < nch; ++ch) {
+ nb = mad_bit_read(&stream->ptr, 4);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+
+ if (nb == 15) {
+ stream->error = MAD_ERROR_BADBITALLOC;
+@@ -146,6 +152,12 @@
+
+ for (sb = bound; sb < 32; ++sb) {
+ nb = mad_bit_read(&stream->ptr, 4);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+
+ if (nb == 15) {
+ stream->error = MAD_ERROR_BADBITALLOC;
+@@ -162,6 +174,12 @@
+ for (ch = 0; ch < nch; ++ch) {
+ if (allocation[ch][sb]) {
+ scalefactor[ch][sb] = mad_bit_read(&stream->ptr, 6);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+
+ # if defined(OPT_STRICT)
+ /*
+@@ -187,6 +205,12 @@
+ frame->sbsample[ch][s][sb] = nb ?
+ mad_f_mul(I_sample(&stream->ptr, nb),
+ sf_table[scalefactor[ch][sb]]) : 0;
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ }
+ }
+
+@@ -195,6 +219,12 @@
+ mad_fixed_t sample;
+
+ sample = I_sample(&stream->ptr, nb);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+
+ for (ch = 0; ch < nch; ++ch) {
+ frame->sbsample[ch][s][sb] =
+@@ -403,7 +433,15 @@
+ nbal = bitalloc_table[offsets[sb]].nbal;
+
+ for (ch = 0; ch < nch; ++ch)
++ {
+ allocation[ch][sb] = mad_bit_read(&stream->ptr, nbal);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
++ }
+ }
+
+ for (sb = bound; sb < sblimit; ++sb) {
+@@ -411,6 +449,13 @@
+
+ allocation[0][sb] =
+ allocation[1][sb] = mad_bit_read(&stream->ptr, nbal);
++
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ }
+
+ /* decode scalefactor selection info */
+@@ -419,6 +464,12 @@
+ for (ch = 0; ch < nch; ++ch) {
+ if (allocation[ch][sb])
+ scfsi[ch][sb] = mad_bit_read(&stream->ptr, 2);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ }
+ }
+
+@@ -442,6 +493,12 @@
+ for (ch = 0; ch < nch; ++ch) {
+ if (allocation[ch][sb]) {
+ scalefactor[ch][sb][0] = mad_bit_read(&stream->ptr, 6);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+
+ switch (scfsi[ch][sb]) {
+ case 2:
+@@ -452,11 +509,23 @@
+
+ case 0:
+ scalefactor[ch][sb][1] = mad_bit_read(&stream->ptr, 6);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ /* fall through */
+
+ case 1:
+ case 3:
+ scalefactor[ch][sb][2] = mad_bit_read(&stream->ptr, 6);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+ }
+
+ if (scfsi[ch][sb] & 1)
+@@ -488,6 +557,12 @@
+ index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
+
+ II_samples(&stream->ptr, &qc_table[index], samples);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+
+ for (s = 0; s < 3; ++s) {
+ frame->sbsample[ch][3 * gr + s][sb] =
+@@ -506,6 +581,12 @@
+ index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
+
+ II_samples(&stream->ptr, &qc_table[index], samples);
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+
+ for (ch = 0; ch < nch; ++ch) {
+ for (s = 0; s < 3; ++s) {
+Index: libmad-0.15.1b/layer3.c
+===================================================================
+--- a/layer3.c 2008-12-23 21:38:07.000000000 +0100
++++ b/layer3.c 2008-12-23 21:38:12.000000000 +0100
+@@ -2608,6 +2608,12 @@
+ next_md_begin = 0;
+
+ md_len = si.main_data_begin + frame_space - next_md_begin;
++ if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN)
++ {
++ stream->error = MAD_ERROR_LOSTSYNC;
++ stream->sync = 0;
++ return -1;
++ }
+
+ frame_used = 0;
+