From 68c34089fbf5794d3867f53a8dd88b40c589af07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98rjan=20Malde?= <red@foxi.me>
Date: Fri, 26 Mar 2021 16:27:45 +0100
Subject: groups/251.native_packages_lib.group: adds libmad v0.15.1b
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucio Andrés Illanes Albornoz <lucio@lucioillanes.de>
---
 patches/libmad-0.15.1b_pre.local.patch             |  88 +++++++++
 ...CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch | 197 +++++++++++++++++++++
 2 files changed, 285 insertions(+)
 create mode 100644 patches/libmad-0.15.1b_pre.local.patch
 create mode 100644 patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch

(limited to 'patches')

diff --git a/patches/libmad-0.15.1b_pre.local.patch b/patches/libmad-0.15.1b_pre.local.patch
new file mode 100644
index 00000000..12ce2f71
--- /dev/null
+++ b/patches/libmad-0.15.1b_pre.local.patch
@@ -0,0 +1,88 @@
+diff -ru libmad-0.15.1b.orig/configure libmad-0.15.1b/configure
+--- libmad-0.15.1b.orig/configure	2004-02-05 10:34:07.000000000 +0100
++++ libmad-0.15.1b/configure	2021-03-26 16:20:59.999840447 +0100
+@@ -19064,7 +19064,7 @@
+ 	    shift
+ 	    ;;
+ 	-O2)
+-	    optimize="-O"
++	    optimize="-O2"
+ 	    shift
+ 	    ;;
+ 	-fomit-frame-pointer)
+@@ -19081,74 +19081,6 @@
+     esac
+ done
+ 
+-if test "$GCC" = yes
+-then
+-    if test -z "$arch"
+-    then
+-	case "$host" in
+-	    i386-*)           ;;
+-	    i?86-*)           arch="-march=i486" ;;
+-	    arm*-empeg-*)     arch="-march=armv4 -mtune=strongarm1100" ;;
+-	    armv4*-*)         arch="-march=armv4 -mtune=strongarm" ;;
+-	    powerpc-*)        ;;
+-	    mips*-agenda-*)   arch="-mcpu=vr4100" ;;
+-	    mips*-luxsonor-*) arch="-mips1 -mcpu=r3000 -Wa,-m4010" ;;
+-	esac
+-    fi
+-
+-    case "$optimize" in
+-	-O|"-O "*)
+-	    optimize="-O"
+-	    optimize="$optimize -fforce-mem"
+-	    optimize="$optimize -fforce-addr"
+-	    : #x optimize="$optimize -finline-functions"
+-	    : #- optimize="$optimize -fstrength-reduce"
+-	    optimize="$optimize -fthread-jumps"
+-	    optimize="$optimize -fcse-follow-jumps"
+-	    optimize="$optimize -fcse-skip-blocks"
+-	    : #x optimize="$optimize -frerun-cse-after-loop"
+-	    : #x optimize="$optimize -frerun-loop-opt"
+-	    : #x optimize="$optimize -fgcse"
+-	    optimize="$optimize -fexpensive-optimizations"
+-	    optimize="$optimize -fregmove"
+-	    : #* optimize="$optimize -fdelayed-branch"
+-	    : #x optimize="$optimize -fschedule-insns"
+-	    optimize="$optimize -fschedule-insns2"
+-	    : #? optimize="$optimize -ffunction-sections"
+-	    : #? optimize="$optimize -fcaller-saves"
+-	    : #> optimize="$optimize -funroll-loops"
+-	    : #> optimize="$optimize -funroll-all-loops"
+-	    : #x optimize="$optimize -fmove-all-movables"
+-	    : #x optimize="$optimize -freduce-all-givs"
+-	    : #? optimize="$optimize -fstrict-aliasing"
+-	    : #* optimize="$optimize -fstructure-noalias"
+-
+-	    case "$host" in
+-		arm*-*)
+-		    optimize="$optimize -fstrength-reduce"
+-		    ;;
+-		mips*-*)
+-		    optimize="$optimize -fstrength-reduce"
+-		    optimize="$optimize -finline-functions"
+-		    ;;
+-		i?86-*)
+-		    optimize="$optimize -fstrength-reduce"
+-		    ;;
+-		powerpc-apple-*)
+-		    # this triggers an internal compiler error with gcc2
+-		    : #optimize="$optimize -fstrength-reduce"
+-
+-		    # this is really only beneficial with gcc3
+-		    : #optimize="$optimize -finline-functions"
+-		    ;;
+-		*)
+-		    # this sometimes provokes bugs in gcc 2.95.2
+-		    : #optimize="$optimize -fstrength-reduce"
+-		    ;;
+-	    esac
+-	    ;;
+-    esac
+-fi
+ 
+ case "$host" in
+     mips*-agenda-*)
+Only in libmad-0.15.1b.orig/: libmad-0.15.1b
diff --git a/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch b/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch
new file mode 100644
index 00000000..9cc8913e
--- /dev/null
+++ b/patches/libmad/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch
@@ -0,0 +1,197 @@
+; You can calculate where the next frame will start depending on things
+; like the bitrate. See mad_header_decode().  It seems that when decoding
+; the frame you can go past that boundary.  This attempts to catch those cases,
+; but might not catch all of them.
+; For more info see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133
+Index: libmad-0.15.1b/layer12.c
+===================================================================
+--- a/layer12.c	2008-12-23 21:38:07.000000000 +0100
++++ b/layer12.c	2008-12-23 21:38:12.000000000 +0100
+@@ -134,6 +134,12 @@
+   for (sb = 0; sb < bound; ++sb) {
+     for (ch = 0; ch < nch; ++ch) {
+       nb = mad_bit_read(&stream->ptr, 4);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+       if (nb == 15) {
+ 	stream->error = MAD_ERROR_BADBITALLOC;
+@@ -146,6 +152,12 @@
+ 
+   for (sb = bound; sb < 32; ++sb) {
+     nb = mad_bit_read(&stream->ptr, 4);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+     if (nb == 15) {
+       stream->error = MAD_ERROR_BADBITALLOC;
+@@ -162,6 +174,12 @@
+     for (ch = 0; ch < nch; ++ch) {
+       if (allocation[ch][sb]) {
+ 	scalefactor[ch][sb] = mad_bit_read(&stream->ptr, 6);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+ # if defined(OPT_STRICT)
+ 	/*
+@@ -187,6 +205,12 @@
+ 	frame->sbsample[ch][s][sb] = nb ?
+ 	  mad_f_mul(I_sample(&stream->ptr, nb),
+ 		    sf_table[scalefactor[ch][sb]]) : 0;
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+       }
+     }
+ 
+@@ -195,6 +219,12 @@
+ 	mad_fixed_t sample;
+ 
+ 	sample = I_sample(&stream->ptr, nb);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+ 	for (ch = 0; ch < nch; ++ch) {
+ 	  frame->sbsample[ch][s][sb] =
+@@ -403,7 +433,15 @@
+     nbal = bitalloc_table[offsets[sb]].nbal;
+ 
+     for (ch = 0; ch < nch; ++ch)
++    {
+       allocation[ch][sb] = mad_bit_read(&stream->ptr, nbal);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
++    }
+   }
+ 
+   for (sb = bound; sb < sblimit; ++sb) {
+@@ -411,6 +449,13 @@
+ 
+     allocation[0][sb] =
+     allocation[1][sb] = mad_bit_read(&stream->ptr, nbal);
++
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+   }
+ 
+   /* decode scalefactor selection info */
+@@ -419,6 +464,12 @@
+     for (ch = 0; ch < nch; ++ch) {
+       if (allocation[ch][sb])
+ 	scfsi[ch][sb] = mad_bit_read(&stream->ptr, 2);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+     }
+   }
+ 
+@@ -442,6 +493,12 @@
+     for (ch = 0; ch < nch; ++ch) {
+       if (allocation[ch][sb]) {
+ 	scalefactor[ch][sb][0] = mad_bit_read(&stream->ptr, 6);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+ 	switch (scfsi[ch][sb]) {
+ 	case 2:
+@@ -452,11 +509,23 @@
+ 
+ 	case 0:
+ 	  scalefactor[ch][sb][1] = mad_bit_read(&stream->ptr, 6);
++		if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++		{
++			stream->error = MAD_ERROR_LOSTSYNC;
++			stream->sync = 0;
++			return -1;
++		}
+ 	  /* fall through */
+ 
+ 	case 1:
+ 	case 3:
+ 	  scalefactor[ch][sb][2] = mad_bit_read(&stream->ptr, 6);
++		if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++		{
++			stream->error = MAD_ERROR_LOSTSYNC;
++			stream->sync = 0;
++			return -1;
++		}
+ 	}
+ 
+ 	if (scfsi[ch][sb] & 1)
+@@ -488,6 +557,12 @@
+ 	  index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
+ 
+ 	  II_samples(&stream->ptr, &qc_table[index], samples);
++		if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++		{
++			stream->error = MAD_ERROR_LOSTSYNC;
++			stream->sync = 0;
++			return -1;
++		}
+ 
+ 	  for (s = 0; s < 3; ++s) {
+ 	    frame->sbsample[ch][3 * gr + s][sb] =
+@@ -506,6 +581,12 @@
+ 	index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
+ 
+ 	II_samples(&stream->ptr, &qc_table[index], samples);
++	if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame)
++	{
++		stream->error = MAD_ERROR_LOSTSYNC;
++		stream->sync = 0;
++		return -1;
++	}
+ 
+ 	for (ch = 0; ch < nch; ++ch) {
+ 	  for (s = 0; s < 3; ++s) {
+Index: libmad-0.15.1b/layer3.c
+===================================================================
+--- a/layer3.c	2008-12-23 21:38:07.000000000 +0100
++++ b/layer3.c	2008-12-23 21:38:12.000000000 +0100
+@@ -2608,6 +2608,12 @@
+     next_md_begin = 0;
+ 
+   md_len = si.main_data_begin + frame_space - next_md_begin;
++  if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN)
++  {
++	stream->error = MAD_ERROR_LOSTSYNC;
++	stream->sync = 0;
++	return -1;
++  }
+ 
+   frame_used = 0;
+ 
-- 
cgit v1.2.3