libmad: fix three CVE from 2017

* add patch for CVE-2017-8372 and CVE-2017-8373 * add patch for CVE-2017-8374 * add patch for x86_64 platforms * fetch existing patches from remote sources
2019-11-11 17:45:28 +01:00 · 2019-11-11 17:45:28 +01:00 · 92edb06109
commit 92edb06109
parent 73b88e17dd
4 changed files with 43 additions and 280 deletions
--- a/pkgs/development/libraries/libmad/001-mips_removal_h_constraint.patch
+++ b/pkgs/development/libraries/libmad/001-mips_removal_h_constraint.patch
@ -1,73 +0,0 @@
 Taken from openwrt:
 https://dev.openwrt.org/browser/packages/libs/libmad/patches/001-mips_removal_h_constraint.patch?rev=18548
 diff -ur libmad-0.15.1b-orig/fixed.h libmad-0.15.1b/fixed.h
 --- libmad-0.15.1b-orig/fixed.h	2004-02-17 12:32:03.000000000 +1030
 +++ libmad-0.15.1b/fixed.h	2009-08-05 10:46:30.000000000 +0930
@@ -299,6 +299,23 @@
 # elif defined(FPM_MIPS)
 +/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
 +#if defined (__GNUC__) && defined (__GNUC_MINOR__)
 +#define __GNUC_PREREQ(maj, min) \
 +	((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
 +#else
 +#define __GNUC_PREREQ(maj, min)  0
 +#endif
 +
 +#if __GNUC_PREREQ(4,4)
 +  typedef unsigned int u64_di_t __attribute__ ((mode (DI)));
 +# define MAD_F_MLX(hi, lo, x, y) \
 +   do { \
 +      u64_di_t __ll = (u64_di_t) (x) * (y); \
 +      hi = __ll >> 32; \
 +      lo = __ll; \
 +   } while (0) 
 +#else
 /*
  * This MIPS version is fast and accurate; the disposition of the least
  * significant bit depends on OPT_ACCURACY via mad_f_scale64().
@@ -328,6 +345,7 @@
 	 : "%r" ((x) >> 12), "r" ((y) >> 16))
 #  define MAD_F_MLZ(hi, lo)  ((mad_fixed_t) (lo))
 # endif
 +#endif /* __GNU_PREREQ(4,4) */
 # if defined(OPT_SPEED)
 #  define mad_f_scale64(hi, lo)  \
 diff -ur libmad-0.15.1b-orig/mad.h libmad-0.15.1b/mad.h
 --- libmad-0.15.1b-orig/mad.h	2004-02-17 13:25:44.000000000 +1030
 +++ libmad-0.15.1b/mad.h	2009-08-05 10:42:40.000000000 +0930
@@ -344,6 +344,23 @@
 # elif defined(FPM_MIPS)
 +/* Test for gcc >= maj.min, as per __GNUC_PREREQ in glibc */
 +#if defined (__GNUC__) && defined (__GNUC_MINOR__)
 +#define __GNUC_PREREQ(maj, min) \
 +	((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
 +#else
 +#define __GNUC_PREREQ(maj, min)  0
 +#endif
 +
 +#if __GNUC_PREREQ(4,4)
 +  typedef unsigned int u64_di_t __attribute__ ((mode (DI)));
 +# define MAD_F_MLX(hi, lo, x, y) \
 +   do { \
 +      u64_di_t __ll = (u64_di_t) (x) * (y); \
 +      hi = __ll >> 32; \
 +      lo = __ll; \
 +   } while (0) 
 +#else
 /*
  * This MIPS version is fast and accurate; the disposition of the least
  * significant bit depends on OPT_ACCURACY via mad_f_scale64().
@@ -373,6 +390,7 @@
 	 : "%r" ((x) >> 12), "r" ((y) >> 16))
 #  define MAD_F_MLZ(hi, lo)  ((mad_fixed_t) (lo))
 # endif
 +#endif /* __GNU_PREREQ(4,4) */
 # if defined(OPT_SPEED)
 #  define mad_f_scale64(hi, lo)  \
--- a/pkgs/development/libraries/libmad/default.nix
+++ b/pkgs/development/libraries/libmad/default.nix
@ -1,27 +1,57 @@
-{stdenv, fetchurl, autoconf}:
+{ stdenv, fetchurl, fetchpatch, autoconf }:
 stdenv.mkDerivation rec {
-  name = "libmad-0.15.1b";
+  pname = "libmad";
  version = "0.15.1b";
  src = fetchurl {
-    url = "mirror://sourceforge/mad/${name}.tar.gz";
+    url = "mirror://sourceforge/mad/${pname}-${version}.tar.gz";
-    sha256 = "bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690";
+    sha256 = "14460zhacxhswnzb36qfpd1f2wbk10qvksvm6wyq5hpvdgnw7ymv";
  };
-  patches = [ ./001-mips_removal_h_constraint.patch ./pkgconfig.patch ]
+  patches = [
    (fetchpatch {
      url = "https://github.com/openwrt/packages/raw/openwrt-19.07/libs/libmad/patches/001-mips_removal_h_constraint.patch";
      sha256 = "0layswr6qg6axf4vyz6xrv73jwga34mkma3ifk9w9vrk41454hr5";
    })
    (fetchpatch {
      url = "https://github.com/KaOSx/main/raw/1270b8080f37fb6cca562829a521991800b0a497/libmad/libmad.patch";
      sha256 = "0rysq0sn3dfdz6pa6bfqkmk4ymc4rzk5ym7p16dyk37sldg1pbzs";
    })
    (fetchpatch {
      url = "https://github.com/KaOSx/main/raw/1270b8080f37fb6cca562829a521991800b0a497/libmad/amd64-64bit.diff";
      sha256 = "0mx56dmkbvw3zxnqd2hjng48q0d7q7473pns4n0ksdam29b0c5ar";
    })
    (fetchpatch {
      name = "CVE-2017-8372-CVE-2017-8373.patch";
      url = "https://github.com/openwrt/packages/raw/openwrt-19.07/libs/libmad/patches/102-CVE-2017-8373-CVE-2017-8372-md-size.patch";
      sha256 = "0p6mkpn66h1ds8jvww28q4vlr58jwm58m9vb7pkvvyvy764agqnk";
    })
    (fetchpatch {
      name = "CVE-2017-8374.patch";
      url = "https://github.com/openwrt/packages/raw/openwrt-19.07/libs/libmad/patches/101-CVE-2017-8374-length-check.patch";
      sha256 = "1j1ssxwmx9nfahzl62frbzck93xrjc2v3w30c12vmk29iflf1890";
    })
  ]
  # optimize.diff is taken from https://projects.archlinux.org/svntogit/packages.git/tree/trunk/optimize.diff?h=packages/libmad
  # It is included here in order to fix a build failure in Clang
  # But it may be useful to fix other, currently unknown problems as well
-  ++ stdenv.lib.optional stdenv.cc.isClang [ ./optimize.diff ];
+  ++ stdenv.lib.optionals stdenv.cc.isClang [
    (fetchpatch {
      url = "https://github.com/KaOSx/main/raw/1270b8080f37fb6cca562829a521991800b0a497/libmad/optimize.diff";
      sha256 = "0ciyaj1acg08g8hpzqx6whayq206fvf4whksz2pjgxlv207lqgjh";
    })
  ];
  # The -fforce-mem flag has been removed in GCC 4.3.
  postPatch = ''
    substituteInPlace configure.ac --replace "-fforce-mem" ""
    substituteInPlace configure.ac --replace "arch=\"-march=i486\"" ""
  '';
  nativeBuildInputs = [ autoconf ];
-  # The -fforce-mem flag has been removed in GCC 4.3.
+  preConfigure = "autoconf";
  preConfigure = ''
    autoconf
    substituteInPlace configure --replace "-fforce-mem" ""
    substituteInPlace configure --replace "arch=\"-march=i486\"" ""
  '';
  meta = with stdenv.lib; {
    homepage    = https://sourceforge.net/projects/mad/;
--- a/pkgs/development/libraries/libmad/optimize.diff
+++ b/pkgs/development/libraries/libmad/optimize.diff
@ -1,77 +0,0 @@
 Index: libmad-0.15.1b/configure.ac
 ===================================================================
 --- libmad-0.15.1b.orig/configure.ac	2008-03-07 20:31:23.000000000 +0000
 +++ libmad-0.15.1b/configure.ac	2008-03-07 20:34:26.000000000 +0000
@@ -124,71 +124,7 @@
 if test "$GCC" = yes
 then
 -    if test -z "$arch"
 -    then
 -	case "$host" in
 -	    i386-*)           ;;
 -	    i?86-*)           arch="-march=i486" ;;
 -	    arm*-empeg-*)     arch="-march=armv4 -mtune=strongarm1100" ;;
 -	    armv4*-*)         arch="-march=armv4 -mtune=strongarm" ;;
 -	    powerpc-*)        ;;
 -	    mips*-agenda-*)   arch="-mcpu=vr4100" ;;
 -	    mips*-luxsonor-*) arch="-mips1 -mcpu=r3000 -Wa,-m4010" ;;
 -	esac
 -    fi
 -
 -    case "$optimize" in
 -	-O|"-O "*)
 -	    optimize="-O"
 -	    optimize="$optimize -fforce-mem"
 -	    optimize="$optimize -fforce-addr"
 -	    : #x optimize="$optimize -finline-functions"
 -	    : #- optimize="$optimize -fstrength-reduce"
 -	    optimize="$optimize -fthread-jumps"
 -	    optimize="$optimize -fcse-follow-jumps"
 -	    optimize="$optimize -fcse-skip-blocks"
 -	    : #x optimize="$optimize -frerun-cse-after-loop"
 -	    : #x optimize="$optimize -frerun-loop-opt"
 -	    : #x optimize="$optimize -fgcse"
 -	    optimize="$optimize -fexpensive-optimizations"
 -	    optimize="$optimize -fregmove"
 -	    : #* optimize="$optimize -fdelayed-branch"
 -	    : #x optimize="$optimize -fschedule-insns"
 -	    optimize="$optimize -fschedule-insns2"
 -	    : #? optimize="$optimize -ffunction-sections"
 -	    : #? optimize="$optimize -fcaller-saves"
 -	    : #> optimize="$optimize -funroll-loops"
 -	    : #> optimize="$optimize -funroll-all-loops"
 -	    : #x optimize="$optimize -fmove-all-movables"
 -	    : #x optimize="$optimize -freduce-all-givs"
 -	    : #? optimize="$optimize -fstrict-aliasing"
 -	    : #* optimize="$optimize -fstructure-noalias"
 -
 -	    case "$host" in
 -		arm*-*)
 -		    optimize="$optimize -fstrength-reduce"
 -		    ;;
 -		mips*-*)
 -		    optimize="$optimize -fstrength-reduce"
 -		    optimize="$optimize -finline-functions"
 -		    ;;
 -		i?86-*)
 -		    optimize="$optimize -fstrength-reduce"
 -		    ;;
 -		powerpc-apple-*)
 -		    # this triggers an internal compiler error with gcc2
 -		    : #optimize="$optimize -fstrength-reduce"
 -
 -		    # this is really only beneficial with gcc3
 -		    : #optimize="$optimize -finline-functions"
 -		    ;;
 -		*)
 -		    # this sometimes provokes bugs in gcc 2.95.2
 -		    : #optimize="$optimize -fstrength-reduce"
 -		    ;;
 -	    esac
 -	    ;;
 -    esac
 +    optimize="-O2"
 fi
 case "$host" in
--- a/pkgs/development/libraries/libmad/pkgconfig.patch
+++ b/pkgs/development/libraries/libmad/pkgconfig.patch
@ -1,117 +0,0 @@
 diff -ruN libmad-0.15.1b.orig/Makefile.am libmad-0.15.1b/Makefile.am
 --- libmad-0.15.1b.orig/Makefile.am	2004-02-17 02:02:03.000000000 +0000
 +++ libmad-0.15.1b/Makefile.am	2005-08-25 12:08:04.000000000 +0000
@@ -33,9 +33,12 @@
 minimad_INCLUDES =	
 minimad_LDADD =		libmad.la
 -EXTRA_DIST =		mad.h.sed  \
 +EXTRA_DIST =		mad.h.sed mad.pc.in \
 			CHANGES COPYRIGHT CREDITS README TODO VERSION
 +pkgconfigdir = $(libdir)/pkgconfig
 +pkgconfig_DATA= mad.pc
 +
 exported_headers =	version.h fixed.h bit.h timer.h stream.h frame.h  \
 			synth.h decoder.h
 diff -ruN libmad-0.15.1b.orig/Makefile.in libmad-0.15.1b/Makefile.in
 --- libmad-0.15.1b.orig/Makefile.in	2004-02-17 02:33:23.000000000 +0000
 +++ libmad-0.15.1b/Makefile.in	2005-08-25 12:09:34.000000000 +0000
@@ -14,6 +14,8 @@
 @SET_MAKE@
 +pkgconfigdir = $(libdir)/pkgconfig
 +pkgconfig_DATA = mad.pc
 SOURCES = $(libmad_la_SOURCES) $(EXTRA_libmad_la_SOURCES) $(minimad_SOURCES)
@@ -43,7 +45,7 @@
 	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
 	$(srcdir)/config.h.in $(srcdir)/libmad.list.in \
 	$(top_srcdir)/configure COPYING INSTALL TODO config.guess \
 -	config.sub depcomp install-sh ltmain.sh missing mkinstalldirs
 +	config.sub depcomp install-sh ltmain.sh missing mkinstalldirs mad.pc.in
 subdir = .
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/configure.ac
@@ -53,7 +55,7 @@
  configure.lineno configure.status.lineno
 mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
 CONFIG_HEADER = config.h
 -CONFIG_CLEAN_FILES = libmad.list
 +CONFIG_CLEAN_FILES = libmad.list mad.pc
 am__installdirs = $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
 libLTLIBRARIES_INSTALL = $(INSTALL)
 LTLIBRARIES = $(lib_LTLIBRARIES)
@@ -218,7 +220,7 @@
 minimad_SOURCES = minimad.c
 minimad_INCLUDES = 
 minimad_LDADD = libmad.la
 -EXTRA_DIST = mad.h.sed  \
 +EXTRA_DIST = mad.h.sed  mad.pc.in \
 			CHANGES COPYRIGHT CREDITS README TODO VERSION
 exported_headers = version.h fixed.h bit.h timer.h stream.h frame.h  \
@@ -298,6 +300,28 @@
 	rm -f stamp-h1
 	touch $@
 +mad.pc: $(top_builddir)/config.status mad.pc.in
 +	cd $(top_builddir) && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status
 +
 +install-pkgconfigDATA: $(pkgconfig_DATA)
 +	@$(NORMAL_INSTALL)
 +	$(mkinstalldirs) $(DESTDIR)$(pkgconfigdir)
 +	@list='$(pkgconfig_DATA)'; for p in $$list; do \
 +	  if test -f $(srcdir)/$$p; then \
 +	    echo " $(INSTALL_DATA) $(srcdir)/$$p $(DESTDIR)$(pkgconfigdir)/$$p"; \
 +	    $(INSTALL_DATA) $(srcdir)/$$p $(DESTDIR)$(pkgconfigdir)/$$p; \
 +	  else if test -f $$p; then \
 +	    echo " $(INSTALL_DATA) $$p $(DESTDIR)$(pkgconfigdir)/$$p"; \
 +	    $(INSTALL_DATA) $$p $(DESTDIR)$(pkgconfigdir)/$$p; \
 +	  fi; fi; \
 +	done
 +
 +uninstall-pkgconfigDATA:
 +	@$(NORMAL_UNINSTALL)
 +	list='$(pkgconfig_DATA)'; for p in $$list; do \
 +	  rm -f $(DESTDIR)$(pkgconfigdir)/$$p; \
 +	done
 +
 distclean-hdr:
 	-rm -f config.h stamp-h1
 libmad.list: $(top_builddir)/config.status $(srcdir)/libmad.list.in
@@ -726,7 +750,7 @@
 info-am:
 -install-data-am: install-includeHEADERS
 +install-data-am: install-includeHEADERS install-pkgconfigDATA
 install-exec-am: install-libLTLIBRARIES
@@ -757,7 +781,7 @@
 ps-am:
 uninstall-am: uninstall-includeHEADERS uninstall-info-am \
 -	uninstall-libLTLIBRARIES
 +	uninstall-libLTLIBRARIES install-pkgconfigDATA
 uninstall-info: uninstall-info-recursive
 diff -ruN libmad-0.15.1b.orig/mad.pc.in libmad-0.15.1b/mad.pc.in
 --- libmad-0.15.1b.orig/mad.pc.in	1970-01-01 00:00:00.000000000 +0000
 +++ libmad-0.15.1b/mad.pc.in	2005-08-25 12:08:04.000000000 +0000
@@ -0,0 +1,10 @@
 +prefix=@prefix@
 +exec_prefix=@exec_prefix@
 +libdir=@libdir@
 +includedir=@includedir@
 +
 +Name: MAD
 +Description: libmad - MPEG audio decoder library
 +Version: @VERSION@
 +Libs: -L${libdir} -lmad
 +Cflags: