diff options
| -rw-r--r-- | groups/251.native_packages_lib.group | 6 | ||||
| -rw-r--r-- | patches/libmad-0.15.1b_pre.local.patch | 88 | ||||
| -rw-r--r-- | patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch | 197 |
3 files changed, 290 insertions, 1 deletions
diff --git a/groups/251.native_packages_lib.group b/groups/251.native_packages_lib.group index 83a6aa04..bc78c617 100644 --- a/groups/251.native_packages_lib.group +++ b/groups/251.native_packages_lib.group @@ -5,7 +5,7 @@ GROUP_TARGET="native_packages"; NATIVE_PACKAGES_PACKAGES="$(rtl_lconcat "${NATIVE_PACKAGES_PACKAGES}" " glib jansson lame libarchive libassuan libatomic_ops libdmtx libedit libeditline libelf libestr libevent libfastjson libfetch libffi libfirm libflac libgcrypt libgpg_error libidn2 libite -libjpeg_turbo libksba libmspack libmp3splt libnettle libogg libpcap libpipeline libpng libpsl +libjpeg_turbo libksba libmad libmspack libmp3splt libnettle libogg libpcap libpipeline libpng libpsl libreadline libredwg libressl libsasl2 libshine libsndfile libsolv libssh libstrophe libtasn1 libtelnet libtheora libtirpc libudns libunistring libuv libvorbis libxml2 libxslt libz libzip lzo sdl1 sdl1_net sdl1_image sdl1_ttf sdl2 sdl2_image sdl2_ttf wolfssl")"; @@ -113,6 +113,10 @@ libxslt libz libzip lzo sdl1 sdl1_net sdl1_image sdl1_ttf sdl2 sdl2_image sdl2_t : ${PKG_LIBKSBA_VERSION:=1.5.0}; : ${PKG_LIBKSBA_URL:=https://www.gnupg.org/ftp/gcrypt/libksba/libksba-${PKG_LIBKSBA_VERSION}.tar.bz2}; : ${PKG_LIBKSBA_CONFIGURE_ARGS_EXTRA:=--with-libgpg-error-prefix=${PREFIX_NATIVE}}; +: ${PKG_LIBMAD_SHA256SUM:=bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690}; +: ${PKG_LIBMAD_VERSION:=0.15.1b}; +: ${PKG_LIBMAD_URL:=https://sources.voidlinux.org/libmad-${PKG_LIBMAD_VERSION}/libmad-${PKG_LIBMAD_VERSION}.tar.gz}; +: ${PKG_LIBMAD_CONFIGURE_ARGS_EXTRA:="--enable-fpm=64bit --enable-accuracy"}; : ${PKG_LIBMSPACK_SHA256SUM:=bac862dee6e0fc10d92c70212441d9f8ad9b0222edc9a708c3ead4adb1b24a8e}; : ${PKG_LIBMSPACK_VERSION:=0.10.1alpha}; : ${PKG_LIBMSPACK_URL:=https://www.cabextract.org.uk/libmspack/libmspack-${PKG_LIBMSPACK_VERSION}.tar.gz}; diff --git a/patches/libmad-0.15.1b_pre.local.patch b/patches/libmad-0.15.1b_pre.local.patch new file mode 100644 index 00000000..12ce2f71 --- /dev/null +++ b/patches/libmad-0.15.1b_pre.local.patch @@ -0,0 +1,88 @@ +diff -ru libmad-0.15.1b.orig/configure libmad-0.15.1b/configure +--- libmad-0.15.1b.orig/configure 2004-02-05 10:34:07.000000000 +0100 ++++ libmad-0.15.1b/configure 2021-03-26 16:20:59.999840447 +0100 +@@ -19064,7 +19064,7 @@ + shift + ;; + -O2) +- optimize="-O" ++ optimize="-O2" + shift + ;; + -fomit-frame-pointer) +@@ -19081,74 +19081,6 @@ + esac + done + +-if test "$GCC" = yes +-then +- if test -z "$arch" +- then +- case "$host" in +- i386-*) ;; +- i?86-*) arch="-march=i486" ;; +- arm*-empeg-*) arch="-march=armv4 -mtune=strongarm1100" ;; +- armv4*-*) arch="-march=armv4 -mtune=strongarm" ;; +- powerpc-*) ;; +- mips*-agenda-*) arch="-mcpu=vr4100" ;; +- mips*-luxsonor-*) arch="-mips1 -mcpu=r3000 -Wa,-m4010" ;; +- esac +- fi +- +- case "$optimize" in +- -O|"-O "*) +- optimize="-O" +- optimize="$optimize -fforce-mem" +- optimize="$optimize -fforce-addr" +- : #x optimize="$optimize -finline-functions" +- : #- optimize="$optimize -fstrength-reduce" +- optimize="$optimize -fthread-jumps" +- optimize="$optimize -fcse-follow-jumps" +- optimize="$optimize -fcse-skip-blocks" +- : #x optimize="$optimize -frerun-cse-after-loop" +- : #x optimize="$optimize -frerun-loop-opt" +- : #x optimize="$optimize -fgcse" +- optimize="$optimize -fexpensive-optimizations" +- optimize="$optimize -fregmove" +- : #* optimize="$optimize -fdelayed-branch" +- : #x optimize="$optimize -fschedule-insns" +- optimize="$optimize -fschedule-insns2" +- : #? optimize="$optimize -ffunction-sections" +- : #? optimize="$optimize -fcaller-saves" +- : #> optimize="$optimize -funroll-loops" +- : #> optimize="$optimize -funroll-all-loops" +- : #x optimize="$optimize -fmove-all-movables" +- : #x optimize="$optimize -freduce-all-givs" +- : #? optimize="$optimize -fstrict-aliasing" +- : #* optimize="$optimize -fstructure-noalias" +- +- case "$host" in +- arm*-*) +- optimize="$optimize -fstrength-reduce" +- ;; +- mips*-*) +- optimize="$optimize -fstrength-reduce" +- optimize="$optimize -finline-functions" +- ;; +- i?86-*) +- optimize="$optimize -fstrength-reduce" +- ;; +- powerpc-apple-*) +- # this triggers an internal compiler error with gcc2 +- : #optimize="$optimize -fstrength-reduce" +- +- # this is really only beneficial with gcc3 +- : #optimize="$optimize -finline-functions" +- ;; +- *) +- # this sometimes provokes bugs in gcc 2.95.2 +- : #optimize="$optimize -fstrength-reduce" +- ;; +- esac +- ;; +- esac +-fi + + case "$host" in + mips*-agenda-*) +Only in libmad-0.15.1b.orig/: libmad-0.15.1b diff --git a/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch b/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch new file mode 100644 index 00000000..9cc8913e --- /dev/null +++ b/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch @@ -0,0 +1,197 @@ +; You can calculate where the next frame will start depending on things +; like the bitrate. See mad_header_decode(). It seems that when decoding +; the frame you can go past that boundary. This attempts to catch those cases, +; but might not catch all of them. +; For more info see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133 +Index: libmad-0.15.1b/layer12.c +=================================================================== +--- a/layer12.c 2008-12-23 21:38:07.000000000 +0100 ++++ b/layer12.c 2008-12-23 21:38:12.000000000 +0100 +@@ -134,6 +134,12 @@ + for (sb = 0; sb < bound; ++sb) { + for (ch = 0; ch < nch; ++ch) { + nb = mad_bit_read(&stream->ptr, 4); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + + if (nb == 15) { + stream->error = MAD_ERROR_BADBITALLOC; +@@ -146,6 +152,12 @@ + + for (sb = bound; sb < 32; ++sb) { + nb = mad_bit_read(&stream->ptr, 4); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + + if (nb == 15) { + stream->error = MAD_ERROR_BADBITALLOC; +@@ -162,6 +174,12 @@ + for (ch = 0; ch < nch; ++ch) { + if (allocation[ch][sb]) { + scalefactor[ch][sb] = mad_bit_read(&stream->ptr, 6); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + + # if defined(OPT_STRICT) + /* +@@ -187,6 +205,12 @@ + frame->sbsample[ch][s][sb] = nb ? + mad_f_mul(I_sample(&stream->ptr, nb), + sf_table[scalefactor[ch][sb]]) : 0; ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + } + } + +@@ -195,6 +219,12 @@ + mad_fixed_t sample; + + sample = I_sample(&stream->ptr, nb); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + + for (ch = 0; ch < nch; ++ch) { + frame->sbsample[ch][s][sb] = +@@ -403,7 +433,15 @@ + nbal = bitalloc_table[offsets[sb]].nbal; + + for (ch = 0; ch < nch; ++ch) ++ { + allocation[ch][sb] = mad_bit_read(&stream->ptr, nbal); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } ++ } + } + + for (sb = bound; sb < sblimit; ++sb) { +@@ -411,6 +449,13 @@ + + allocation[0][sb] = + allocation[1][sb] = mad_bit_read(&stream->ptr, nbal); ++ ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + } + + /* decode scalefactor selection info */ +@@ -419,6 +464,12 @@ + for (ch = 0; ch < nch; ++ch) { + if (allocation[ch][sb]) + scfsi[ch][sb] = mad_bit_read(&stream->ptr, 2); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + } + } + +@@ -442,6 +493,12 @@ + for (ch = 0; ch < nch; ++ch) { + if (allocation[ch][sb]) { + scalefactor[ch][sb][0] = mad_bit_read(&stream->ptr, 6); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + + switch (scfsi[ch][sb]) { + case 2: +@@ -452,11 +509,23 @@ + + case 0: + scalefactor[ch][sb][1] = mad_bit_read(&stream->ptr, 6); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + /* fall through */ + + case 1: + case 3: + scalefactor[ch][sb][2] = mad_bit_read(&stream->ptr, 6); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + } + + if (scfsi[ch][sb] & 1) +@@ -488,6 +557,12 @@ + index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1]; + + II_samples(&stream->ptr, &qc_table[index], samples); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + + for (s = 0; s < 3; ++s) { + frame->sbsample[ch][3 * gr + s][sb] = +@@ -506,6 +581,12 @@ + index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1]; + + II_samples(&stream->ptr, &qc_table[index], samples); ++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + + for (ch = 0; ch < nch; ++ch) { + for (s = 0; s < 3; ++s) { +Index: libmad-0.15.1b/layer3.c +=================================================================== +--- a/layer3.c 2008-12-23 21:38:07.000000000 +0100 ++++ b/layer3.c 2008-12-23 21:38:12.000000000 +0100 +@@ -2608,6 +2608,12 @@ + next_md_begin = 0; + + md_len = si.main_data_begin + frame_space - next_md_begin; ++ if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN) ++ { ++ stream->error = MAD_ERROR_LOSTSYNC; ++ stream->sync = 0; ++ return -1; ++ } + + frame_used = 0; + |