1 |
commit: a877b25c4d29e1e60df8af384725e83c093fa734 |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Oct 3 20:48:42 2018 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Oct 3 21:11:27 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a877b25c |
7 |
|
8 |
media-libs/libmad: Fix vulnerabilities, EAPI-7 bump |
9 |
|
10 |
Debian does it, so let's use it too. |
11 |
|
12 |
Bug: https://bugs.gentoo.org/618022 |
13 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
14 |
Package-Manager: Portage-2.3.50, Repoman-2.3.11 |
15 |
|
16 |
...CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch | 197 +++++++++++++++++++++ |
17 |
media-libs/libmad/libmad-0.15.1b-r9.ebuild | 80 +++++++++ |
18 |
2 files changed, 277 insertions(+) |
19 |
|
20 |
diff --git a/media-libs/libmad/files/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch b/media-libs/libmad/files/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch |
21 |
new file mode 100644 |
22 |
index 00000000000..9cc8913e159 |
23 |
--- /dev/null |
24 |
+++ b/media-libs/libmad/files/libmad-0.15.1b-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch |
25 |
@@ -0,0 +1,197 @@ |
26 |
+; You can calculate where the next frame will start depending on things |
27 |
+; like the bitrate. See mad_header_decode(). It seems that when decoding |
28 |
+; the frame you can go past that boundary. This attempts to catch those cases, |
29 |
+; but might not catch all of them. |
30 |
+; For more info see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133 |
31 |
+Index: libmad-0.15.1b/layer12.c |
32 |
+=================================================================== |
33 |
+--- a/layer12.c 2008-12-23 21:38:07.000000000 +0100 |
34 |
++++ b/layer12.c 2008-12-23 21:38:12.000000000 +0100 |
35 |
+@@ -134,6 +134,12 @@ |
36 |
+ for (sb = 0; sb < bound; ++sb) { |
37 |
+ for (ch = 0; ch < nch; ++ch) { |
38 |
+ nb = mad_bit_read(&stream->ptr, 4); |
39 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
40 |
++ { |
41 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
42 |
++ stream->sync = 0; |
43 |
++ return -1; |
44 |
++ } |
45 |
+ |
46 |
+ if (nb == 15) { |
47 |
+ stream->error = MAD_ERROR_BADBITALLOC; |
48 |
+@@ -146,6 +152,12 @@ |
49 |
+ |
50 |
+ for (sb = bound; sb < 32; ++sb) { |
51 |
+ nb = mad_bit_read(&stream->ptr, 4); |
52 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
53 |
++ { |
54 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
55 |
++ stream->sync = 0; |
56 |
++ return -1; |
57 |
++ } |
58 |
+ |
59 |
+ if (nb == 15) { |
60 |
+ stream->error = MAD_ERROR_BADBITALLOC; |
61 |
+@@ -162,6 +174,12 @@ |
62 |
+ for (ch = 0; ch < nch; ++ch) { |
63 |
+ if (allocation[ch][sb]) { |
64 |
+ scalefactor[ch][sb] = mad_bit_read(&stream->ptr, 6); |
65 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
66 |
++ { |
67 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
68 |
++ stream->sync = 0; |
69 |
++ return -1; |
70 |
++ } |
71 |
+ |
72 |
+ # if defined(OPT_STRICT) |
73 |
+ /* |
74 |
+@@ -187,6 +205,12 @@ |
75 |
+ frame->sbsample[ch][s][sb] = nb ? |
76 |
+ mad_f_mul(I_sample(&stream->ptr, nb), |
77 |
+ sf_table[scalefactor[ch][sb]]) : 0; |
78 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
79 |
++ { |
80 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
81 |
++ stream->sync = 0; |
82 |
++ return -1; |
83 |
++ } |
84 |
+ } |
85 |
+ } |
86 |
+ |
87 |
+@@ -195,6 +219,12 @@ |
88 |
+ mad_fixed_t sample; |
89 |
+ |
90 |
+ sample = I_sample(&stream->ptr, nb); |
91 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
92 |
++ { |
93 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
94 |
++ stream->sync = 0; |
95 |
++ return -1; |
96 |
++ } |
97 |
+ |
98 |
+ for (ch = 0; ch < nch; ++ch) { |
99 |
+ frame->sbsample[ch][s][sb] = |
100 |
+@@ -403,7 +433,15 @@ |
101 |
+ nbal = bitalloc_table[offsets[sb]].nbal; |
102 |
+ |
103 |
+ for (ch = 0; ch < nch; ++ch) |
104 |
++ { |
105 |
+ allocation[ch][sb] = mad_bit_read(&stream->ptr, nbal); |
106 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
107 |
++ { |
108 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
109 |
++ stream->sync = 0; |
110 |
++ return -1; |
111 |
++ } |
112 |
++ } |
113 |
+ } |
114 |
+ |
115 |
+ for (sb = bound; sb < sblimit; ++sb) { |
116 |
+@@ -411,6 +449,13 @@ |
117 |
+ |
118 |
+ allocation[0][sb] = |
119 |
+ allocation[1][sb] = mad_bit_read(&stream->ptr, nbal); |
120 |
++ |
121 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
122 |
++ { |
123 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
124 |
++ stream->sync = 0; |
125 |
++ return -1; |
126 |
++ } |
127 |
+ } |
128 |
+ |
129 |
+ /* decode scalefactor selection info */ |
130 |
+@@ -419,6 +464,12 @@ |
131 |
+ for (ch = 0; ch < nch; ++ch) { |
132 |
+ if (allocation[ch][sb]) |
133 |
+ scfsi[ch][sb] = mad_bit_read(&stream->ptr, 2); |
134 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
135 |
++ { |
136 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
137 |
++ stream->sync = 0; |
138 |
++ return -1; |
139 |
++ } |
140 |
+ } |
141 |
+ } |
142 |
+ |
143 |
+@@ -442,6 +493,12 @@ |
144 |
+ for (ch = 0; ch < nch; ++ch) { |
145 |
+ if (allocation[ch][sb]) { |
146 |
+ scalefactor[ch][sb][0] = mad_bit_read(&stream->ptr, 6); |
147 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
148 |
++ { |
149 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
150 |
++ stream->sync = 0; |
151 |
++ return -1; |
152 |
++ } |
153 |
+ |
154 |
+ switch (scfsi[ch][sb]) { |
155 |
+ case 2: |
156 |
+@@ -452,11 +509,23 @@ |
157 |
+ |
158 |
+ case 0: |
159 |
+ scalefactor[ch][sb][1] = mad_bit_read(&stream->ptr, 6); |
160 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
161 |
++ { |
162 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
163 |
++ stream->sync = 0; |
164 |
++ return -1; |
165 |
++ } |
166 |
+ /* fall through */ |
167 |
+ |
168 |
+ case 1: |
169 |
+ case 3: |
170 |
+ scalefactor[ch][sb][2] = mad_bit_read(&stream->ptr, 6); |
171 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
172 |
++ { |
173 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
174 |
++ stream->sync = 0; |
175 |
++ return -1; |
176 |
++ } |
177 |
+ } |
178 |
+ |
179 |
+ if (scfsi[ch][sb] & 1) |
180 |
+@@ -488,6 +557,12 @@ |
181 |
+ index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1]; |
182 |
+ |
183 |
+ II_samples(&stream->ptr, &qc_table[index], samples); |
184 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
185 |
++ { |
186 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
187 |
++ stream->sync = 0; |
188 |
++ return -1; |
189 |
++ } |
190 |
+ |
191 |
+ for (s = 0; s < 3; ++s) { |
192 |
+ frame->sbsample[ch][3 * gr + s][sb] = |
193 |
+@@ -506,6 +581,12 @@ |
194 |
+ index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1]; |
195 |
+ |
196 |
+ II_samples(&stream->ptr, &qc_table[index], samples); |
197 |
++ if (mad_bit_nextbyte(&stream->ptr) > stream->next_frame) |
198 |
++ { |
199 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
200 |
++ stream->sync = 0; |
201 |
++ return -1; |
202 |
++ } |
203 |
+ |
204 |
+ for (ch = 0; ch < nch; ++ch) { |
205 |
+ for (s = 0; s < 3; ++s) { |
206 |
+Index: libmad-0.15.1b/layer3.c |
207 |
+=================================================================== |
208 |
+--- a/layer3.c 2008-12-23 21:38:07.000000000 +0100 |
209 |
++++ b/layer3.c 2008-12-23 21:38:12.000000000 +0100 |
210 |
+@@ -2608,6 +2608,12 @@ |
211 |
+ next_md_begin = 0; |
212 |
+ |
213 |
+ md_len = si.main_data_begin + frame_space - next_md_begin; |
214 |
++ if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN) |
215 |
++ { |
216 |
++ stream->error = MAD_ERROR_LOSTSYNC; |
217 |
++ stream->sync = 0; |
218 |
++ return -1; |
219 |
++ } |
220 |
+ |
221 |
+ frame_used = 0; |
222 |
+ |
223 |
|
224 |
diff --git a/media-libs/libmad/libmad-0.15.1b-r9.ebuild b/media-libs/libmad/libmad-0.15.1b-r9.ebuild |
225 |
new file mode 100644 |
226 |
index 00000000000..2740db06857 |
227 |
--- /dev/null |
228 |
+++ b/media-libs/libmad/libmad-0.15.1b-r9.ebuild |
229 |
@@ -0,0 +1,80 @@ |
230 |
+# Copyright 1999-2018 Gentoo Authors |
231 |
+# Distributed under the terms of the GNU General Public License v2 |
232 |
+ |
233 |
+EAPI=7 |
234 |
+ |
235 |
+inherit autotools flag-o-matic multilib-minimal |
236 |
+ |
237 |
+DESCRIPTION="\"M\"peg \"A\"udio \"D\"ecoder library" |
238 |
+HOMEPAGE="http://mad.sourceforge.net" |
239 |
+SRC_URI="mirror://sourceforge/mad/${P}.tar.gz" |
240 |
+ |
241 |
+LICENSE="GPL-2" |
242 |
+SLOT="0" |
243 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris" |
244 |
+IUSE="debug static-libs" |
245 |
+ |
246 |
+DEPEND="" |
247 |
+RDEPEND="" |
248 |
+ |
249 |
+DOCS=( CHANGES CREDITS README TODO VERSION ) |
250 |
+ |
251 |
+MULTILIB_WRAPPED_HEADERS=( |
252 |
+ /usr/include/mad.h |
253 |
+) |
254 |
+ |
255 |
+PATCHES=( |
256 |
+ "${FILESDIR}"/${P}-cflags.patch |
257 |
+ "${FILESDIR}"/${P}-cflags-O2.patch |
258 |
+ "${FILESDIR}"/${P}-gcc44-mips-h-constraint-removal.patch |
259 |
+ "${FILESDIR}"/${P}-CVE-2017-8372_CVE-2017-8373_CVE-2017-8374.patch |
260 |
+) |
261 |
+ |
262 |
+src_prepare() { |
263 |
+ default |
264 |
+ |
265 |
+ # bug 467002 |
266 |
+ sed -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' -i configure.ac || die |
267 |
+ |
268 |
+ eautoreconf |
269 |
+} |
270 |
+ |
271 |
+multilib_src_configure() { |
272 |
+ # --enable-speed optimize for speed over accuracy |
273 |
+ # --enable-accuracy optimize for accuracy over speed |
274 |
+ # --enable-experimental enable code using the EXPERIMENTAL |
275 |
+ # preprocessor define |
276 |
+ local myconf=( |
277 |
+ --enable-accuracy |
278 |
+ $(use_enable debug debugging) |
279 |
+ $(use_enable static-libs static) |
280 |
+ ) |
281 |
+ |
282 |
+ # Fix for b0rked sound on sparc64 (maybe also sparc32?) |
283 |
+ # default/approx is also possible, uses less cpu but sounds worse |
284 |
+ use sparc && myconf+=( --enable-fpm=64bit ) |
285 |
+ |
286 |
+ [[ $(tc-arch) == "amd64" ]] && myconf+=( --enable-fpm=64bit ) |
287 |
+ [[ $(tc-arch) == "x86" ]] && myconf+=( --enable-fpm=intel ) |
288 |
+ [[ $(tc-arch) == "ppc" ]] && myconf+=( --enable-fpm=default ) |
289 |
+ [[ $(tc-arch) == "ppc64" ]] && myconf+=( --enable-fpm=64bit ) |
290 |
+ |
291 |
+ ECONF_SOURCE="${S}" econf "${myconf[@]}" |
292 |
+} |
293 |
+ |
294 |
+multilib_src_install() { |
295 |
+ emake DESTDIR="${D}" install |
296 |
+ |
297 |
+ # This file must be updated with each version update |
298 |
+ insinto /usr/$(get_libdir)/pkgconfig |
299 |
+ doins "${FILESDIR}"/mad.pc |
300 |
+ |
301 |
+ # Use correct libdir in pkgconfig file |
302 |
+ sed -e "s:^libdir.*:libdir=${EPREFIX}/usr/$(get_libdir):" \ |
303 |
+ -i "${ED}"/usr/$(get_libdir)/pkgconfig/mad.pc |
304 |
+} |
305 |
+ |
306 |
+multilib_src_install_all() { |
307 |
+ einstalldocs |
308 |
+ find "${D}" -name '*.la' -delete || die |
309 |
+} |