libmad: fix three CVE from 2017
* add patch for CVE-2017-8372 and CVE-2017-8373 * add patch for CVE-2017-8374 * add patch for x86_64 platforms * fetch existing patches from remote sources
This commit is contained in:
c0bw3b
Robert Helgesson
parent
73b88e17dd
commit
92edb06109
4 changed files with 43 additions and 280 deletions
|
|
@ -1,73 +0,0 @@
|
|||
Taken from openwrt:
|
||||
https://dev.openwrt.org/browser/packages/libs/libmad/patches/001-mips_removal_h_constraint.patch?rev=18548
|
||||
|
||||
diff -ur libmad-0.15.1b-orig/fixed.h libmad-0.15.1b/fixed.h
|
||||
--- libmad-0.15.1b-orig/fixed.h 2004-02-17 12:32:03.000000000 +1030
|
||||
+++ libmad-0.15.1b/fixed.h 2009-08-05 10:46:30.000000000 +0930
|
||||
@@ -299,6 +299,23 @@
|
||||
|
||||
# elif defined(FPM_MIPS)
|
||||
|
||||
+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
|
||||
+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
|
||||
+#define __GNUC_PREREQ(maj, min) \
|
||||
+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
|
||||
+#else
|
||||
+#define __GNUC_PREREQ(maj, min) 0
|
||||
+#endif
|
||||
+
|
||||
+#if __GNUC_PREREQ(4,4)
|
||||
+ typedef unsigned int u64_di_t __attribute__ ((mode (DI)));
|
||||
+# define MAD_F_MLX(hi, lo, x, y) \
|
||||
+ do { \
|
||||
+ u64_di_t __ll = (u64_di_t) (x) * (y); \
|
||||
+ hi = __ll >> 32; \
|
||||
+ lo = __ll; \
|
||||
+ } while (0)
|
||||
+#else
|
||||
/*
|
||||
* This MIPS version is fast and accurate; the disposition of the least
|
||||
* significant bit depends on OPT_ACCURACY via mad_f_scale64().
|
||||
@@ -328,6 +345,7 @@
|
||||
: "%r" ((x) >> 12), "r" ((y) >> 16))
|
||||
# define MAD_F_MLZ(hi, lo) ((mad_fixed_t) (lo))
|
||||
# endif
|
||||
+#endif /* __GNU_PREREQ(4,4) */
|
||||
|
||||
# if defined(OPT_SPEED)
|
||||
# define mad_f_scale64(hi, lo) \
|
||||
diff -ur libmad-0.15.1b-orig/mad.h libmad-0.15.1b/mad.h
|
||||
--- libmad-0.15.1b-orig/mad.h 2004-02-17 13:25:44.000000000 +1030
|
||||
+++ libmad-0.15.1b/mad.h 2009-08-05 10:42:40.000000000 +0930
|
||||
@@ -344,6 +344,23 @@
|
||||
|
||||
# elif defined(FPM_MIPS)
|
||||
|
||||
+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
|
||||
+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
|
||||
+#define __GNUC_PREREQ(maj, min) \
|
||||
+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
|
||||
+#else
|
||||
+#define __GNUC_PREREQ(maj, min) 0
|
||||
+#endif
|
||||
+
|
||||
+#if __GNUC_PREREQ(4,4)
|
||||
+ typedef unsigned int u64_di_t __attribute__ ((mode (DI)));
|
||||
+# define MAD_F_MLX(hi, lo, x, y) \
|
||||
+ do { \
|
||||
+ u64_di_t __ll = (u64_di_t) (x) * (y); \
|
||||
+ hi = __ll >> 32; \
|
||||
+ lo = __ll; \
|
||||
+ } while (0)
|
||||
+#else
|
||||
/*
|
||||
* This MIPS version is fast and accurate; the disposition of the least
|
||||
* significant bit depends on OPT_ACCURACY via mad_f_scale64().
|
||||
@@ -373,6 +390,7 @@
|
||||
: "%r" ((x) >> 12), "r" ((y) >> 16))
|
||||
# define MAD_F_MLZ(hi, lo) ((mad_fixed_t) (lo))
|
||||
# endif
|
||||
+#endif /* __GNU_PREREQ(4,4) */
|
||||
|
||||
# if defined(OPT_SPEED)
|
||||
# define mad_f_scale64(hi, lo) \
|
||||
|
|
@ -1,27 +1,57 @@
|
|||
{stdenv, fetchurl, autoconf}:
|
||||
{ stdenv, fetchurl, fetchpatch, autoconf }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "libmad-0.15.1b";
|
||||
|
||||
pname = "libmad";
|
||||
version = "0.15.1b";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/mad/${name}.tar.gz";
|
||||
sha256 = "bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690";
|
||||
url = "mirror://sourceforge/mad/${pname}-${version}.tar.gz";
|
||||
sha256 = "14460zhacxhswnzb36qfpd1f2wbk10qvksvm6wyq5hpvdgnw7ymv";
|
||||
};
|
||||
|
||||
patches = [ ./001-mips_removal_h_constraint.patch ./pkgconfig.patch ]
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
url = "https://github.com/openwrt/packages/raw/openwrt-19.07/libs/libmad/patches/001-mips_removal_h_constraint.patch";
|
||||
sha256 = "0layswr6qg6axf4vyz6xrv73jwga34mkma3ifk9w9vrk41454hr5";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://github.com/KaOSx/main/raw/1270b8080f37fb6cca562829a521991800b0a497/libmad/libmad.patch";
|
||||
sha256 = "0rysq0sn3dfdz6pa6bfqkmk4ymc4rzk5ym7p16dyk37sldg1pbzs";
|
||||
})
|
||||
(fetchpatch {
|
||||
url = "https://github.com/KaOSx/main/raw/1270b8080f37fb6cca562829a521991800b0a497/libmad/amd64-64bit.diff";
|
||||
sha256 = "0mx56dmkbvw3zxnqd2hjng48q0d7q7473pns4n0ksdam29b0c5ar";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2017-8372-CVE-2017-8373.patch";
|
||||
url = "https://github.com/openwrt/packages/raw/openwrt-19.07/libs/libmad/patches/102-CVE-2017-8373-CVE-2017-8372-md-size.patch";
|
||||
sha256 = "0p6mkpn66h1ds8jvww28q4vlr58jwm58m9vb7pkvvyvy764agqnk";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2017-8374.patch";
|
||||
url = "https://github.com/openwrt/packages/raw/openwrt-19.07/libs/libmad/patches/101-CVE-2017-8374-length-check.patch";
|
||||
sha256 = "1j1ssxwmx9nfahzl62frbzck93xrjc2v3w30c12vmk29iflf1890";
|
||||
})
|
||||
]
|
||||
# optimize.diff is taken from https://projects.archlinux.org/svntogit/packages.git/tree/trunk/optimize.diff?h=packages/libmad
|
||||
# It is included here in order to fix a build failure in Clang
|
||||
# But it may be useful to fix other, currently unknown problems as well
|
||||
++ stdenv.lib.optional stdenv.cc.isClang [ ./optimize.diff ];
|
||||
++ stdenv.lib.optionals stdenv.cc.isClang [
|
||||
(fetchpatch {
|
||||
url = "https://github.com/KaOSx/main/raw/1270b8080f37fb6cca562829a521991800b0a497/libmad/optimize.diff";
|
||||
sha256 = "0ciyaj1acg08g8hpzqx6whayq206fvf4whksz2pjgxlv207lqgjh";
|
||||
})
|
||||
];
|
||||
|
||||
# The -fforce-mem flag has been removed in GCC 4.3.
|
||||
postPatch = ''
|
||||
substituteInPlace configure.ac --replace "-fforce-mem" ""
|
||||
substituteInPlace configure.ac --replace "arch=\"-march=i486\"" ""
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ autoconf ];
|
||||
|
||||
# The -fforce-mem flag has been removed in GCC 4.3.
|
||||
preConfigure = ''
|
||||
autoconf
|
||||
substituteInPlace configure --replace "-fforce-mem" ""
|
||||
substituteInPlace configure --replace "arch=\"-march=i486\"" ""
|
||||
'';
|
||||
preConfigure = "autoconf";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://sourceforge.net/projects/mad/;
|
||||
|
|
|
|||
|
|
@ -1,77 +0,0 @@
|
|||
Index: libmad-0.15.1b/configure.ac
|
||||
===================================================================
|
||||
--- libmad-0.15.1b.orig/configure.ac 2008-03-07 20:31:23.000000000 +0000
|
||||
+++ libmad-0.15.1b/configure.ac 2008-03-07 20:34:26.000000000 +0000
|
||||
@@ -124,71 +124,7 @@
|
||||
|
||||
if test "$GCC" = yes
|
||||
then
|
||||
- if test -z "$arch"
|
||||
- then
|
||||
- case "$host" in
|
||||
- i386-*) ;;
|
||||
- i?86-*) arch="-march=i486" ;;
|
||||
- arm*-empeg-*) arch="-march=armv4 -mtune=strongarm1100" ;;
|
||||
- armv4*-*) arch="-march=armv4 -mtune=strongarm" ;;
|
||||
- powerpc-*) ;;
|
||||
- mips*-agenda-*) arch="-mcpu=vr4100" ;;
|
||||
- mips*-luxsonor-*) arch="-mips1 -mcpu=r3000 -Wa,-m4010" ;;
|
||||
- esac
|
||||
- fi
|
||||
-
|
||||
- case "$optimize" in
|
||||
- -O|"-O "*)
|
||||
- optimize="-O"
|
||||
- optimize="$optimize -fforce-mem"
|
||||
- optimize="$optimize -fforce-addr"
|
||||
- : #x optimize="$optimize -finline-functions"
|
||||
- : #- optimize="$optimize -fstrength-reduce"
|
||||
- optimize="$optimize -fthread-jumps"
|
||||
- optimize="$optimize -fcse-follow-jumps"
|
||||
- optimize="$optimize -fcse-skip-blocks"
|
||||
- : #x optimize="$optimize -frerun-cse-after-loop"
|
||||
- : #x optimize="$optimize -frerun-loop-opt"
|
||||
- : #x optimize="$optimize -fgcse"
|
||||
- optimize="$optimize -fexpensive-optimizations"
|
||||
- optimize="$optimize -fregmove"
|
||||
- : #* optimize="$optimize -fdelayed-branch"
|
||||
- : #x optimize="$optimize -fschedule-insns"
|
||||
- optimize="$optimize -fschedule-insns2"
|
||||
- : #? optimize="$optimize -ffunction-sections"
|
||||
- : #? optimize="$optimize -fcaller-saves"
|
||||
- : #> optimize="$optimize -funroll-loops"
|
||||
- : #> optimize="$optimize -funroll-all-loops"
|
||||
- : #x optimize="$optimize -fmove-all-movables"
|
||||
- : #x optimize="$optimize -freduce-all-givs"
|
||||
- : #? optimize="$optimize -fstrict-aliasing"
|
||||
- : #* optimize="$optimize -fstructure-noalias"
|
||||
-
|
||||
- case "$host" in
|
||||
- arm*-*)
|
||||
- optimize="$optimize -fstrength-reduce"
|
||||
- ;;
|
||||
- mips*-*)
|
||||
- optimize="$optimize -fstrength-reduce"
|
||||
- optimize="$optimize -finline-functions"
|
||||
- ;;
|
||||
- i?86-*)
|
||||
- optimize="$optimize -fstrength-reduce"
|
||||
- ;;
|
||||
- powerpc-apple-*)
|
||||
- # this triggers an internal compiler error with gcc2
|
||||
- : #optimize="$optimize -fstrength-reduce"
|
||||
-
|
||||
- # this is really only beneficial with gcc3
|
||||
- : #optimize="$optimize -finline-functions"
|
||||
- ;;
|
||||
- *)
|
||||
- # this sometimes provokes bugs in gcc 2.95.2
|
||||
- : #optimize="$optimize -fstrength-reduce"
|
||||
- ;;
|
||||
- esac
|
||||
- ;;
|
||||
- esac
|
||||
+ optimize="-O2"
|
||||
fi
|
||||
|
||||
case "$host" in
|
||||
|
|
@ -1,117 +0,0 @@
|
|||
diff -ruN libmad-0.15.1b.orig/Makefile.am libmad-0.15.1b/Makefile.am
|
||||
--- libmad-0.15.1b.orig/Makefile.am 2004-02-17 02:02:03.000000000 +0000
|
||||
+++ libmad-0.15.1b/Makefile.am 2005-08-25 12:08:04.000000000 +0000
|
||||
@@ -33,9 +33,12 @@
|
||||
minimad_INCLUDES =
|
||||
minimad_LDADD = libmad.la
|
||||
|
||||
-EXTRA_DIST = mad.h.sed \
|
||||
+EXTRA_DIST = mad.h.sed mad.pc.in \
|
||||
CHANGES COPYRIGHT CREDITS README TODO VERSION
|
||||
|
||||
+pkgconfigdir = $(libdir)/pkgconfig
|
||||
+pkgconfig_DATA= mad.pc
|
||||
+
|
||||
exported_headers = version.h fixed.h bit.h timer.h stream.h frame.h \
|
||||
synth.h decoder.h
|
||||
|
||||
diff -ruN libmad-0.15.1b.orig/Makefile.in libmad-0.15.1b/Makefile.in
|
||||
--- libmad-0.15.1b.orig/Makefile.in 2004-02-17 02:33:23.000000000 +0000
|
||||
+++ libmad-0.15.1b/Makefile.in 2005-08-25 12:09:34.000000000 +0000
|
||||
@@ -14,6 +14,8 @@
|
||||
|
||||
@SET_MAKE@
|
||||
|
||||
+pkgconfigdir = $(libdir)/pkgconfig
|
||||
+pkgconfig_DATA = mad.pc
|
||||
|
||||
SOURCES = $(libmad_la_SOURCES) $(EXTRA_libmad_la_SOURCES) $(minimad_SOURCES)
|
||||
|
||||
@@ -43,7 +45,7 @@
|
||||
$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
|
||||
$(srcdir)/config.h.in $(srcdir)/libmad.list.in \
|
||||
$(top_srcdir)/configure COPYING INSTALL TODO config.guess \
|
||||
- config.sub depcomp install-sh ltmain.sh missing mkinstalldirs
|
||||
+ config.sub depcomp install-sh ltmain.sh missing mkinstalldirs mad.pc.in
|
||||
subdir = .
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
|
||||
@@ -53,7 +55,7 @@
|
||||
configure.lineno configure.status.lineno
|
||||
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
|
||||
CONFIG_HEADER = config.h
|
||||
-CONFIG_CLEAN_FILES = libmad.list
|
||||
+CONFIG_CLEAN_FILES = libmad.list mad.pc
|
||||
am__installdirs = $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
|
||||
libLTLIBRARIES_INSTALL = $(INSTALL)
|
||||
LTLIBRARIES = $(lib_LTLIBRARIES)
|
||||
@@ -218,7 +220,7 @@
|
||||
minimad_SOURCES = minimad.c
|
||||
minimad_INCLUDES =
|
||||
minimad_LDADD = libmad.la
|
||||
-EXTRA_DIST = mad.h.sed \
|
||||
+EXTRA_DIST = mad.h.sed mad.pc.in \
|
||||
CHANGES COPYRIGHT CREDITS README TODO VERSION
|
||||
|
||||
exported_headers = version.h fixed.h bit.h timer.h stream.h frame.h \
|
||||
@@ -298,6 +300,28 @@
|
||||
rm -f stamp-h1
|
||||
touch $@
|
||||
|
||||
+mad.pc: $(top_builddir)/config.status mad.pc.in
|
||||
+ cd $(top_builddir) && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status
|
||||
+
|
||||
+install-pkgconfigDATA: $(pkgconfig_DATA)
|
||||
+ @$(NORMAL_INSTALL)
|
||||
+ $(mkinstalldirs) $(DESTDIR)$(pkgconfigdir)
|
||||
+ @list='$(pkgconfig_DATA)'; for p in $$list; do \
|
||||
+ if test -f $(srcdir)/$$p; then \
|
||||
+ echo " $(INSTALL_DATA) $(srcdir)/$$p $(DESTDIR)$(pkgconfigdir)/$$p"; \
|
||||
+ $(INSTALL_DATA) $(srcdir)/$$p $(DESTDIR)$(pkgconfigdir)/$$p; \
|
||||
+ else if test -f $$p; then \
|
||||
+ echo " $(INSTALL_DATA) $$p $(DESTDIR)$(pkgconfigdir)/$$p"; \
|
||||
+ $(INSTALL_DATA) $$p $(DESTDIR)$(pkgconfigdir)/$$p; \
|
||||
+ fi; fi; \
|
||||
+ done
|
||||
+
|
||||
+uninstall-pkgconfigDATA:
|
||||
+ @$(NORMAL_UNINSTALL)
|
||||
+ list='$(pkgconfig_DATA)'; for p in $$list; do \
|
||||
+ rm -f $(DESTDIR)$(pkgconfigdir)/$$p; \
|
||||
+ done
|
||||
+
|
||||
distclean-hdr:
|
||||
-rm -f config.h stamp-h1
|
||||
libmad.list: $(top_builddir)/config.status $(srcdir)/libmad.list.in
|
||||
@@ -726,7 +750,7 @@
|
||||
|
||||
info-am:
|
||||
|
||||
-install-data-am: install-includeHEADERS
|
||||
+install-data-am: install-includeHEADERS install-pkgconfigDATA
|
||||
|
||||
install-exec-am: install-libLTLIBRARIES
|
||||
|
||||
@@ -757,7 +781,7 @@
|
||||
ps-am:
|
||||
|
||||
uninstall-am: uninstall-includeHEADERS uninstall-info-am \
|
||||
- uninstall-libLTLIBRARIES
|
||||
+ uninstall-libLTLIBRARIES install-pkgconfigDATA
|
||||
|
||||
uninstall-info: uninstall-info-recursive
|
||||
|
||||
diff -ruN libmad-0.15.1b.orig/mad.pc.in libmad-0.15.1b/mad.pc.in
|
||||
--- libmad-0.15.1b.orig/mad.pc.in 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ libmad-0.15.1b/mad.pc.in 2005-08-25 12:08:04.000000000 +0000
|
||||
@@ -0,0 +1,10 @@
|
||||
+prefix=@prefix@
|
||||
+exec_prefix=@exec_prefix@
|
||||
+libdir=@libdir@
|
||||
+includedir=@includedir@
|
||||
+
|
||||
+Name: MAD
|
||||
+Description: libmad - MPEG audio decoder library
|
||||
+Version: @VERSION@
|
||||
+Libs: -L${libdir} -lmad
|
||||
+Cflags:
|
||||
Loading…
Reference in a new issue