From 92edb0610923fab5a9dcc59b94652f1e8a5ea1ed Mon Sep 17 00:00:00 2001
From: c0bw3b <c0bw3b@users.noreply.github.com>
Date: Mon, 11 Nov 2019 17:45:28 +0100
Subject: [PATCH] libmad: fix three CVE from 2017

* add patch for CVE-2017-8372 and CVE-2017-8373
* add patch for CVE-2017-8374
* add patch for x86_64 platforms
* fetch existing patches from remote sources
---
 .../001-mips_removal_h_constraint.patch       |  73 -----------
 pkgs/development/libraries/libmad/default.nix |  56 +++++++--
 .../libraries/libmad/optimize.diff            |  77 ------------
 .../libraries/libmad/pkgconfig.patch          | 117 ------------------
 4 files changed, 43 insertions(+), 280 deletions(-)
 delete mode 100644 pkgs/development/libraries/libmad/001-mips_removal_h_constraint.patch
 delete mode 100644 pkgs/development/libraries/libmad/optimize.diff
 delete mode 100644 pkgs/development/libraries/libmad/pkgconfig.patch

diff --git a/pkgs/development/libraries/libmad/001-mips_removal_h_constraint.patch b/pkgs/development/libraries/libmad/001-mips_removal_h_constraint.patch
deleted file mode 100644
index 1d8b385e0c57..000000000000
--- a/pkgs/development/libraries/libmad/001-mips_removal_h_constraint.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Taken from openwrt:
-https://dev.openwrt.org/browser/packages/libs/libmad/patches/001-mips_removal_h_constraint.patch?rev=18548
-
-diff -ur libmad-0.15.1b-orig/fixed.h libmad-0.15.1b/fixed.h
---- libmad-0.15.1b-orig/fixed.h	2004-02-17 12:32:03.000000000 +1030
-+++ libmad-0.15.1b/fixed.h	2009-08-05 10:46:30.000000000 +0930
-@@ -299,6 +299,23 @@
- 
- # elif defined(FPM_MIPS)
- 
-+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
-+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
-+#define __GNUC_PREREQ(maj, min) \
-+	((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
-+#else
-+#define __GNUC_PREREQ(maj, min)  0
-+#endif
-+
-+#if __GNUC_PREREQ(4,4)
-+  typedef unsigned int u64_di_t __attribute__ ((mode (DI)));
-+# define MAD_F_MLX(hi, lo, x, y) \
-+   do { \
-+      u64_di_t __ll = (u64_di_t) (x) * (y); \
-+      hi = __ll >> 32; \
-+      lo = __ll; \
-+   } while (0) 
-+#else
- /*
-  * This MIPS version is fast and accurate; the disposition of the least
-  * significant bit depends on OPT_ACCURACY via mad_f_scale64().
-@@ -328,6 +345,7 @@
- 	 : "%r" ((x) >> 12), "r" ((y) >> 16))
- #  define MAD_F_MLZ(hi, lo)  ((mad_fixed_t) (lo))
- # endif
-+#endif /* __GNU_PREREQ(4,4) */
- 
- # if defined(OPT_SPEED)
- #  define mad_f_scale64(hi, lo)  \
-diff -ur libmad-0.15.1b-orig/mad.h libmad-0.15.1b/mad.h
---- libmad-0.15.1b-orig/mad.h	2004-02-17 13:25:44.000000000 +1030
-+++ libmad-0.15.1b/mad.h	2009-08-05 10:42:40.000000000 +0930
-@@ -344,6 +344,23 @@
- 
- # elif defined(FPM_MIPS)
- 
-+/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
-+#if defined (__GNUC__) && defined (__GNUC_MINOR__)
-+#define __GNUC_PREREQ(maj, min) \
-+	((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
-+#else
-+#define __GNUC_PREREQ(maj, min)  0
-+#endif
-+
-+#if __GNUC_PREREQ(4,4)
-+  typedef unsigned int u64_di_t __attribute__ ((mode (DI)));
-+# define MAD_F_MLX(hi, lo, x, y) \
-+   do { \
-+      u64_di_t __ll = (u64_di_t) (x) * (y); \
-+      hi = __ll >> 32; \
-+      lo = __ll; \
-+   } while (0) 
-+#else
- /*
-  * This MIPS version is fast and accurate; the disposition of the least
-  * significant bit depends on OPT_ACCURACY via mad_f_scale64().
-@@ -373,6 +390,7 @@
- 	 : "%r" ((x) >> 12), "r" ((y) >> 16))
- #  define MAD_F_MLZ(hi, lo)  ((mad_fixed_t) (lo))
- # endif
-+#endif /* __GNU_PREREQ(4,4) */
- 
- # if defined(OPT_SPEED)
- #  define mad_f_scale64(hi, lo)  \
diff --git a/pkgs/development/libraries/libmad/default.nix b/pkgs/development/libraries/libmad/default.nix
index f6df090e8b5d..40d90f46288a 100644
--- a/pkgs/development/libraries/libmad/default.nix
+++ b/pkgs/development/libraries/libmad/default.nix
@@ -1,27 +1,57 @@
-{stdenv, fetchurl, autoconf}:
+{ stdenv, fetchurl, fetchpatch, autoconf }:
 
 stdenv.mkDerivation rec {
-  name = "libmad-0.15.1b";
-  
+  pname = "libmad";
+  version = "0.15.1b";
+
   src = fetchurl {
-    url = "mirror://sourceforge/mad/${name}.tar.gz";
-    sha256 = "bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690";
+    url = "mirror://sourceforge/mad/${pname}-${version}.tar.gz";
+    sha256 = "14460zhacxhswnzb36qfpd1f2wbk10qvksvm6wyq5hpvdgnw7ymv";
   };
 
-  patches = [ ./001-mips_removal_h_constraint.patch ./pkgconfig.patch ]
+  patches = [
+    (fetchpatch {
+      url = "https://github.com/openwrt/packages/raw/openwrt-19.07/libs/libmad/patches/001-mips_removal_h_constraint.patch";
+      sha256 = "0layswr6qg6axf4vyz6xrv73jwga34mkma3ifk9w9vrk41454hr5";
+    })
+    (fetchpatch {
+      url = "https://github.com/KaOSx/main/raw/1270b8080f37fb6cca562829a521991800b0a497/libmad/libmad.patch";
+      sha256 = "0rysq0sn3dfdz6pa6bfqkmk4ymc4rzk5ym7p16dyk37sldg1pbzs";
+    })
+    (fetchpatch {
+      url = "https://github.com/KaOSx/main/raw/1270b8080f37fb6cca562829a521991800b0a497/libmad/amd64-64bit.diff";
+      sha256 = "0mx56dmkbvw3zxnqd2hjng48q0d7q7473pns4n0ksdam29b0c5ar";
+    })
+    (fetchpatch {
+      name = "CVE-2017-8372-CVE-2017-8373.patch";
+      url = "https://github.com/openwrt/packages/raw/openwrt-19.07/libs/libmad/patches/102-CVE-2017-8373-CVE-2017-8372-md-size.patch";
+      sha256 = "0p6mkpn66h1ds8jvww28q4vlr58jwm58m9vb7pkvvyvy764agqnk";
+    })
+    (fetchpatch {
+      name = "CVE-2017-8374.patch";
+      url = "https://github.com/openwrt/packages/raw/openwrt-19.07/libs/libmad/patches/101-CVE-2017-8374-length-check.patch";
+      sha256 = "1j1ssxwmx9nfahzl62frbzck93xrjc2v3w30c12vmk29iflf1890";
+    })
+  ]
   # optimize.diff is taken from https://projects.archlinux.org/svntogit/packages.git/tree/trunk/optimize.diff?h=packages/libmad
   # It is included here in order to fix a build failure in Clang
   # But it may be useful to fix other, currently unknown problems as well
-  ++ stdenv.lib.optional stdenv.cc.isClang [ ./optimize.diff ];
+  ++ stdenv.lib.optionals stdenv.cc.isClang [
+    (fetchpatch {
+      url = "https://github.com/KaOSx/main/raw/1270b8080f37fb6cca562829a521991800b0a497/libmad/optimize.diff";
+      sha256 = "0ciyaj1acg08g8hpzqx6whayq206fvf4whksz2pjgxlv207lqgjh";
+    })
+  ];
+
+  # The -fforce-mem flag has been removed in GCC 4.3.
+  postPatch = ''
+    substituteInPlace configure.ac --replace "-fforce-mem" ""
+    substituteInPlace configure.ac --replace "arch=\"-march=i486\"" ""
+  '';
 
   nativeBuildInputs = [ autoconf ];
 
-  # The -fforce-mem flag has been removed in GCC 4.3.
-  preConfigure = ''
-    autoconf
-    substituteInPlace configure --replace "-fforce-mem" ""
-    substituteInPlace configure --replace "arch=\"-march=i486\"" ""
-  '';
+  preConfigure = "autoconf";
 
   meta = with stdenv.lib; {
     homepage    = https://sourceforge.net/projects/mad/;
diff --git a/pkgs/development/libraries/libmad/optimize.diff b/pkgs/development/libraries/libmad/optimize.diff
deleted file mode 100644
index 1418dc927073..000000000000
--- a/pkgs/development/libraries/libmad/optimize.diff
+++ /dev/null
@@ -1,77 +0,0 @@
-Index: libmad-0.15.1b/configure.ac
-===================================================================
---- libmad-0.15.1b.orig/configure.ac	2008-03-07 20:31:23.000000000 +0000
-+++ libmad-0.15.1b/configure.ac	2008-03-07 20:34:26.000000000 +0000
-@@ -124,71 +124,7 @@
- 
- if test "$GCC" = yes
- then
--    if test -z "$arch"
--    then
--	case "$host" in
--	    i386-*)           ;;
--	    i?86-*)           arch="-march=i486" ;;
--	    arm*-empeg-*)     arch="-march=armv4 -mtune=strongarm1100" ;;
--	    armv4*-*)         arch="-march=armv4 -mtune=strongarm" ;;
--	    powerpc-*)        ;;
--	    mips*-agenda-*)   arch="-mcpu=vr4100" ;;
--	    mips*-luxsonor-*) arch="-mips1 -mcpu=r3000 -Wa,-m4010" ;;
--	esac
--    fi
--
--    case "$optimize" in
--	-O|"-O "*)
--	    optimize="-O"
--	    optimize="$optimize -fforce-mem"
--	    optimize="$optimize -fforce-addr"
--	    : #x optimize="$optimize -finline-functions"
--	    : #- optimize="$optimize -fstrength-reduce"
--	    optimize="$optimize -fthread-jumps"
--	    optimize="$optimize -fcse-follow-jumps"
--	    optimize="$optimize -fcse-skip-blocks"
--	    : #x optimize="$optimize -frerun-cse-after-loop"
--	    : #x optimize="$optimize -frerun-loop-opt"
--	    : #x optimize="$optimize -fgcse"
--	    optimize="$optimize -fexpensive-optimizations"
--	    optimize="$optimize -fregmove"
--	    : #* optimize="$optimize -fdelayed-branch"
--	    : #x optimize="$optimize -fschedule-insns"
--	    optimize="$optimize -fschedule-insns2"
--	    : #? optimize="$optimize -ffunction-sections"
--	    : #? optimize="$optimize -fcaller-saves"
--	    : #> optimize="$optimize -funroll-loops"
--	    : #> optimize="$optimize -funroll-all-loops"
--	    : #x optimize="$optimize -fmove-all-movables"
--	    : #x optimize="$optimize -freduce-all-givs"
--	    : #? optimize="$optimize -fstrict-aliasing"
--	    : #* optimize="$optimize -fstructure-noalias"
--
--	    case "$host" in
--		arm*-*)
--		    optimize="$optimize -fstrength-reduce"
--		    ;;
--		mips*-*)
--		    optimize="$optimize -fstrength-reduce"
--		    optimize="$optimize -finline-functions"
--		    ;;
--		i?86-*)
--		    optimize="$optimize -fstrength-reduce"
--		    ;;
--		powerpc-apple-*)
--		    # this triggers an internal compiler error with gcc2
--		    : #optimize="$optimize -fstrength-reduce"
--
--		    # this is really only beneficial with gcc3
--		    : #optimize="$optimize -finline-functions"
--		    ;;
--		*)
--		    # this sometimes provokes bugs in gcc 2.95.2
--		    : #optimize="$optimize -fstrength-reduce"
--		    ;;
--	    esac
--	    ;;
--    esac
-+    optimize="-O2"
- fi
- 
- case "$host" in
diff --git a/pkgs/development/libraries/libmad/pkgconfig.patch b/pkgs/development/libraries/libmad/pkgconfig.patch
deleted file mode 100644
index 0ac88acb8415..000000000000
--- a/pkgs/development/libraries/libmad/pkgconfig.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-diff -ruN libmad-0.15.1b.orig/Makefile.am libmad-0.15.1b/Makefile.am
---- libmad-0.15.1b.orig/Makefile.am	2004-02-17 02:02:03.000000000 +0000
-+++ libmad-0.15.1b/Makefile.am	2005-08-25 12:08:04.000000000 +0000
-@@ -33,9 +33,12 @@
- minimad_INCLUDES =	
- minimad_LDADD =		libmad.la
- 
--EXTRA_DIST =		mad.h.sed  \
-+EXTRA_DIST =		mad.h.sed mad.pc.in \
- 			CHANGES COPYRIGHT CREDITS README TODO VERSION
- 
-+pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfig_DATA= mad.pc
-+
- exported_headers =	version.h fixed.h bit.h timer.h stream.h frame.h  \
- 			synth.h decoder.h
- 
-diff -ruN libmad-0.15.1b.orig/Makefile.in libmad-0.15.1b/Makefile.in
---- libmad-0.15.1b.orig/Makefile.in	2004-02-17 02:33:23.000000000 +0000
-+++ libmad-0.15.1b/Makefile.in	2005-08-25 12:09:34.000000000 +0000
-@@ -14,6 +14,8 @@
- 
- @SET_MAKE@
- 
-+pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfig_DATA = mad.pc
- 
- SOURCES = $(libmad_la_SOURCES) $(EXTRA_libmad_la_SOURCES) $(minimad_SOURCES)
- 
-@@ -43,7 +45,7 @@
- 	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
- 	$(srcdir)/config.h.in $(srcdir)/libmad.list.in \
- 	$(top_srcdir)/configure COPYING INSTALL TODO config.guess \
--	config.sub depcomp install-sh ltmain.sh missing mkinstalldirs
-+	config.sub depcomp install-sh ltmain.sh missing mkinstalldirs mad.pc.in
- subdir = .
- ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
- am__aclocal_m4_deps = $(top_srcdir)/configure.ac
-@@ -53,7 +55,7 @@
-  configure.lineno configure.status.lineno
- mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
- CONFIG_HEADER = config.h
--CONFIG_CLEAN_FILES = libmad.list
-+CONFIG_CLEAN_FILES = libmad.list mad.pc
- am__installdirs = $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
- libLTLIBRARIES_INSTALL = $(INSTALL)
- LTLIBRARIES = $(lib_LTLIBRARIES)
-@@ -218,7 +220,7 @@
- minimad_SOURCES = minimad.c
- minimad_INCLUDES = 
- minimad_LDADD = libmad.la
--EXTRA_DIST = mad.h.sed  \
-+EXTRA_DIST = mad.h.sed  mad.pc.in \
- 			CHANGES COPYRIGHT CREDITS README TODO VERSION
- 
- exported_headers = version.h fixed.h bit.h timer.h stream.h frame.h  \
-@@ -298,6 +300,28 @@
- 	rm -f stamp-h1
- 	touch $@
- 
-+mad.pc: $(top_builddir)/config.status mad.pc.in
-+	cd $(top_builddir) && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status
-+
-+install-pkgconfigDATA: $(pkgconfig_DATA)
-+	@$(NORMAL_INSTALL)
-+	$(mkinstalldirs) $(DESTDIR)$(pkgconfigdir)
-+	@list='$(pkgconfig_DATA)'; for p in $$list; do \
-+	  if test -f $(srcdir)/$$p; then \
-+	    echo " $(INSTALL_DATA) $(srcdir)/$$p $(DESTDIR)$(pkgconfigdir)/$$p"; \
-+	    $(INSTALL_DATA) $(srcdir)/$$p $(DESTDIR)$(pkgconfigdir)/$$p; \
-+	  else if test -f $$p; then \
-+	    echo " $(INSTALL_DATA) $$p $(DESTDIR)$(pkgconfigdir)/$$p"; \
-+	    $(INSTALL_DATA) $$p $(DESTDIR)$(pkgconfigdir)/$$p; \
-+	  fi; fi; \
-+	done
-+
-+uninstall-pkgconfigDATA:
-+	@$(NORMAL_UNINSTALL)
-+	list='$(pkgconfig_DATA)'; for p in $$list; do \
-+	  rm -f $(DESTDIR)$(pkgconfigdir)/$$p; \
-+	done
-+
- distclean-hdr:
- 	-rm -f config.h stamp-h1
- libmad.list: $(top_builddir)/config.status $(srcdir)/libmad.list.in
-@@ -726,7 +750,7 @@
- 
- info-am:
- 
--install-data-am: install-includeHEADERS
-+install-data-am: install-includeHEADERS install-pkgconfigDATA
- 
- install-exec-am: install-libLTLIBRARIES
- 
-@@ -757,7 +781,7 @@
- ps-am:
- 
- uninstall-am: uninstall-includeHEADERS uninstall-info-am \
--	uninstall-libLTLIBRARIES
-+	uninstall-libLTLIBRARIES install-pkgconfigDATA
- 
- uninstall-info: uninstall-info-recursive
- 
-diff -ruN libmad-0.15.1b.orig/mad.pc.in libmad-0.15.1b/mad.pc.in
---- libmad-0.15.1b.orig/mad.pc.in	1970-01-01 00:00:00.000000000 +0000
-+++ libmad-0.15.1b/mad.pc.in	2005-08-25 12:08:04.000000000 +0000
-@@ -0,0 +1,10 @@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-+
-+Name: MAD
-+Description: libmad - MPEG audio decoder library
-+Version: @VERSION@
-+Libs: -L${libdir} -lmad
-+Cflags: