From 68c34089fbf5794d3867f53a8dd88b40c589af07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98rjan=20Malde?= <red@foxi.me>
Date: Fri, 26 Mar 2021 16:27:45 +0100
Subject: groups/251.native_packages_lib.group: adds libmad v0.15.1b
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucio Andrés Illanes Albornoz <lucio@lucioillanes.de>
---
 groups/251.native_packages_lib.group               |   6 +-
 patches/libmad-0.15.1b_pre.local.patch             |  88 +++++++++
 ...CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch | 197 +++++++++++++++++++++
 3 files changed, 290 insertions(+), 1 deletion(-)
 create mode 100644 patches/libmad-0.15.1b_pre.local.patch
 create mode 100644 patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch

diff --git a/groups/251.native_packages_lib.group b/groups/251.native_packages_lib.group
index 83a6aa04..bc78c617 100644
--- a/groups/251.native_packages_lib.group
+++ b/groups/251.native_packages_lib.group
@@ -5,7 +5,7 @@ GROUP_TARGET="native_packages";
 NATIVE_PACKAGES_PACKAGES="$(rtl_lconcat "${NATIVE_PACKAGES_PACKAGES}" "
 glib jansson lame libarchive libassuan libatomic_ops libdmtx libedit libeditline libelf libestr
 libevent libfastjson libfetch libffi libfirm libflac libgcrypt libgpg_error libidn2 libite
-libjpeg_turbo libksba libmspack libmp3splt libnettle libogg libpcap libpipeline libpng libpsl
+libjpeg_turbo libksba libmad libmspack libmp3splt libnettle libogg libpcap libpipeline libpng libpsl
 libreadline libredwg libressl libsasl2 libshine libsndfile libsolv libssh libstrophe libtasn1
 libtelnet libtheora libtirpc libudns libunistring libuv libvorbis libxml2
 libxslt libz libzip lzo sdl1 sdl1_net sdl1_image sdl1_ttf sdl2 sdl2_image sdl2_ttf wolfssl")";
@@ -113,6 +113,10 @@ libxslt libz libzip lzo sdl1 sdl1_net sdl1_image sdl1_ttf sdl2 sdl2_image sdl2_t
 : ${PKG_LIBKSBA_VERSION:=1.5.0};
 : ${PKG_LIBKSBA_URL:=https://www.gnupg.org/ftp/gcrypt/libksba/libksba-${PKG_LIBKSBA_VERSION}.tar.bz2};
 : ${PKG_LIBKSBA_CONFIGURE_ARGS_EXTRA:=--with-libgpg-error-prefix=${PREFIX_NATIVE}};
+: ${PKG_LIBMAD_SHA256SUM:=bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690};
+: ${PKG_LIBMAD_VERSION:=0.15.1b};
+: ${PKG_LIBMAD_URL:=https://sources.voidlinux.org/libmad-${PKG_LIBMAD_VERSION}/libmad-${PKG_LIBMAD_VERSION}.tar.gz};
+: ${PKG_LIBMAD_CONFIGURE_ARGS_EXTRA:="--enable-fpm=64bit --enable-accuracy"};
 : ${PKG_LIBMSPACK_SHA256SUM:=bac862dee6e0fc10d92c70212441d9f8ad9b0222edc9a708c3ead4adb1b24a8e};
 : ${PKG_LIBMSPACK_VERSION:=0.10.1alpha};
 : ${PKG_LIBMSPACK_URL:=https://www.cabextract.org.uk/libmspack/libmspack-${PKG_LIBMSPACK_VERSION}.tar.gz};
diff --git a/patches/libmad-0.15.1b_pre.local.patch b/patches/libmad-0.15.1b_pre.local.patch
new file mode 100644
index 00000000..12ce2f71
--- /dev/null
+++ b/patches/libmad-0.15.1b_pre.local.patch
@@ -0,0 +1,88 @@
+diff -ru libmad-0.15.1b.orig/configure libmad-0.15.1b/configure
+--- libmad-0.15.1b.orig/configure	2004-02-05 10:34:07.000000000 +0100
++++ libmad-0.15.1b/configure	2021-03-26 16:20:59.999840447 +0100
+@@ -19064,7 +19064,7 @@
+ 	    shift
+ 	    ;;
+ 	-O2)
+-	    optimize="-O"
++	    optimize="-O2"
+ 	    shift
+ 	    ;;
+ 	-fomit-frame-pointer)
+@@ -19081,74 +19081,6 @@
+     esac
+ done
+ 
+-if test "$GCC" = yes
+-then
+-    if test -z "$arch"
+-    then
+-	case "$host" in
+-	    i386-*)           ;;
+-	    i?86-*)           arch="-march=i486" ;;
+-	    arm*-empeg-*)     arch="-march=armv4 -mtune=strongarm1100" ;;
+-	    armv4*-*)         arch="-march=armv4 -mtune=strongarm" ;;
+-	    powerpc-*)        ;;
+-	    mips*-agenda-*)   arch="-mcpu=vr4100" ;;
+-	    mips*-luxsonor-*) arch="-mips1 -mcpu=r3000 -Wa,-m4010" ;;
+-	esac
+-    fi
+-
+-    case "$optimize" in
+-	-O|"-O "*)
+-	    optimize="-O"
+-	    optimize="$optimize -fforce-mem"
+-	    optimize="$optimize -fforce-addr"
+-	    : #x optimize="$optimize -finline-functions"
+-	    : #- optimize="$optimize -fstrength-reduce"
+-	    optimize="$optimize -fthread-jumps"
+-	    optimize="$optimize -fcse-follow-jumps"
+-	    optimize="$optimize -fcse-skip-blocks"
+-	    : #x optimize="$optimize -frerun-cse-after-loop"
+-	    : #x optimize="$optimize -frerun-loop-opt"
+-	    : #x optimize="$optimize -fgcse"
+-	    optimize="$optimize -fexpensive-optimizations"
+-	    optimize="$optimize -fregmove"
+-	    : #* optimize="$optimize -fdelayed-branch"
+-	    : #x optimize="$optimize -fschedule-insns"
+-	    optimize="$optimize -fschedule-insns2"
+-	    : #? optimize="$optimize -ffunction-sections"
+-	    : #? optimize="$optimize -fcaller-saves"
+-	    : #> optimize="$optimize -funroll-loops"
+-	    : #> optimize="$optimize -funroll-all-loops"
+-	    : #x optimize="$optimize -fmove-all-movables"
+-	    : #x optimize="$optimize -freduce-all-givs"
+-	    : #? optimize="$optimize -fstrict-aliasing"
+-	    : #* optimize="$optimize -fstructure-noalias"
+-
+-	    case "$host" in
+-		arm*-*)
+-		    optimize="$optimize -fstrength-reduce"
+-		    ;;
+-		mips*-*)
+-		    optimize="$optimize -fstrength-reduce"
+-		    optimize="$optimize -finline-functions"
+-		    ;;
+-		i?86-*)
+-		    optimize="$optimize -fstrength-reduce"
+-		    ;;
+-		powerpc-apple-*)
+-		    # this triggers an internal compiler error with gcc2
+-		    : #optimize="$optimize -fstrength-reduce"
+-
+-		    # this is really only beneficial with gcc3
+-		    : #optimize="$optimize -finline-functions"
+-		    ;;
+-		*)
+-		    # this sometimes provokes bugs in gcc 2.95.2
+-		    : #optimize="$optimize -fstrength-reduce"
+-		    ;;
+-	    esac
+-	    ;;
+-    esac
+-fi
+ 
+ case "$host" in
+     mips*-agenda-*)
+Only in libmad-0.15.1b.orig/: libmad-0.15.1b
diff --git a/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch b/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch
new file mode 100644
index 00000000..9cc8913e
--- /dev/null
+++ b/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch
@@ -0,0 +1,197 @@
+; You can calculate where the next frame will start depending on things
+; like the bitrate. See mad_header_decode().  It seems that when decoding
+; the frame you can go past that boundary.  This attempts to catch those cases,
+; but might not catch all of them.
+; For more info see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133
+Index: libmad-0.15.1b/layer12.c
+===================================================================
+--- a/layer12.c	2008-12-23 21:38:07.000000000 +0100
++++ b/layer12.c	2008-12-23 21:38:12.000000000 +0100
+@@ -134,6 +134,12 @@
+   for (sb = 0; sb < bound; ++sb) {
+     for (ch = 0; ch < nch; ++ch) {
+       nb = mad_bit_read(&stream->ptr, 4);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+       if (nb == 15) {
+ 	stream->error = MAD_ERROR_BADBITALLOC;
+@@ -146,6 +152,12 @@
+ 
+   for (sb = bound; sb < 32; ++sb) {
+     nb = mad_bit_read(&stream->ptr, 4);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+     if (nb == 15) {
+       stream->error = MAD_ERROR_BADBITALLOC;
+@@ -162,6 +174,12 @@
+     for (ch = 0; ch < nch; ++ch) {
+       if (allocation[ch][sb]) {
+ 	scalefactor[ch][sb] = mad_bit_read(&stream->ptr, 6);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+ # if defined(OPT_STRICT)
+ 	/*
+@@ -187,6 +205,12 @@
+ 	frame->sbsample[ch][s][sb] = nb ?
+ 	  mad_f_mul(I_sample(&stream->ptr, nb),
+ 		    sf_table[scalefactor[ch][sb]]) : 0;
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+       }
+     }
+ 
+@@ -195,6 +219,12 @@
+ 	mad_fixed_t sample;
+ 
+ 	sample = I_sample(&stream->ptr, nb);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+ 	for (ch = 0; ch < nch; ++ch) {
+ 	  frame->sbsample[ch][s][sb] =
+@@ -403,7 +433,15 @@
+     nbal = bitalloc_table[offsets[sb]].nbal;
+ 
+     for (ch = 0; ch < nch; ++ch)
++    {
+       allocation[ch][sb] = mad_bit_read(&stream->ptr, nbal);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
++    }
+   }
+ 
+   for (sb = bound; sb < sblimit; ++sb) {
+@@ -411,6 +449,13 @@
+ 
+     allocation[0][sb] =
+     allocation[1][sb] = mad_bit_read(&stream->ptr, nbal);
++
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+   }
+ 
+   /* decode scalefactor selection info */
+@@ -419,6 +464,12 @@
+     for (ch = 0; ch < nch; ++ch) {
+       if (allocation[ch][sb])
+ 	scfsi[ch][sb] = mad_bit_read(&stream->ptr, 2);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+     }
+   }
+ 
+@@ -442,6 +493,12 @@
+     for (ch = 0; ch < nch; ++ch) {
+       if (allocation[ch][sb]) {
+ 	scalefactor[ch][sb][0] = mad_bit_read(&stream->ptr, 6);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+ 	switch (scfsi[ch][sb]) {
+ 	case 2:
+@@ -452,11 +509,23 @@
+ 
+ 	case 0:
+ 	  scalefactor[ch][sb][1] = mad_bit_read(&stream->ptr, 6);
++		if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++		{
++			stream->error = MAD_ERROR_LOSTSYNC;
++			stream->sync = 0;
++			return -1;
++		}
+ 	  /* fall through */
+ 
+ 	case 1:
+ 	case 3:
+ 	  scalefactor[ch][sb][2] = mad_bit_read(&stream->ptr, 6);
++		if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++		{
++			stream->error = MAD_ERROR_LOSTSYNC;
++			stream->sync = 0;
++			return -1;
++		}
+ 	}
+ 
+ 	if (scfsi[ch][sb] & 1)
+@@ -488,6 +557,12 @@
+ 	  index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
+ 
+ 	  II_samples(&stream->ptr, &qc_table[index], samples);
++		if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++		{
++			stream->error = MAD_ERROR_LOSTSYNC;
++			stream->sync = 0;
++			return -1;
++		}
+ 
+ 	  for (s = 0; s < 3; ++s) {
+ 	    frame->sbsample[ch][3 * gr + s][sb] =
+@@ -506,6 +581,12 @@
+ 	index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
+ 
+ 	II_samples(&stream->ptr, &qc_table[index], samples);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+ 	for (ch = 0; ch < nch; ++ch) {
+ 	  for (s = 0; s < 3; ++s) {
+Index: libmad-0.15.1b/layer3.c
+===================================================================
+--- a/layer3.c	2008-12-23 21:38:07.000000000 +0100
++++ b/layer3.c	2008-12-23 21:38:12.000000000 +0100
+@@ -2608,6 +2608,12 @@
+     next_md_begin = 0;
+ 
+   md_len = si.main_data_begin + frame_space - next_md_begin;
++  if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN)
++  {
++	stream->error = MAD_ERROR_LOSTSYNC;
++	stream->sync = 0;
++	return -1;
++  }
+ 
+   frame_used = 0;
+ 
-- 
cgit v1.2.3