summary refs log tree commit diff
path: root/gnu/packages/mp3.scm
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2019-08-06 03:12:56 -0400
committerMark H Weaver <mhw@netris.org>2019-08-06 03:18:24 -0400
commitaac6c53a7bc9a8d22e88a490ebc99ec79d64a05b (patch)
tree5a3ccebef05dbd0e1959b79728040b9b6d652eaf /gnu/packages/mp3.scm
parentb0c48829b61966f44dbfbf1fcaaf304dab3136e9 (diff)
downloadguix-aac6c53a7bc9a8d22e88a490ebc99ec79d64a05b.tar.gz
gnu: libmad: Add more security fixes from Debian.
Includes fixes for CVE-2017-8372, CVE-2017-8373, and CVE-2017-8374.

Reported by <marit@secmail.pro> in <https://bugs.gnu.org/36909>.

* gnu/packages/patches/libmad-frame-length.patch: Delete file.
* gnu/packages/patches/libmad-length-check.patch,
gnu/packages/patches/libmad-md_size.patch: New files.
* gnu/local.mk (dist_patch_DATA): Update accordingly.
* gnu/packages/mp3.scm (libmad)[source]: Update patches accordingly.
Diffstat (limited to 'gnu/packages/mp3.scm')
-rw-r--r--gnu/packages/mp3.scm3
1 files changed, 2 insertions, 1 deletions
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 99ca4f9007..967e299803 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -65,7 +65,8 @@
               "14460zhacxhswnzb36qfpd1f2wbk10qvksvm6wyq5hpvdgnw7ymv"))
             (patches (search-patches "libmad-armv7-thumb-pt1.patch"
                                      "libmad-armv7-thumb-pt2.patch"
-                                     "libmad-frame-length.patch"
+                                     "libmad-md_size.patch"
+                                     "libmad-length-check.patch"
                                      "libmad-mips-newgcc.patch"))))
    (build-system gnu-build-system)
    (arguments