From aac6c53a7bc9a8d22e88a490ebc99ec79d64a05b Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 6 Aug 2019 03:12:56 -0400
Subject: gnu: libmad: Add more security fixes from Debian.

Includes fixes for CVE-2017-8372, CVE-2017-8373, and CVE-2017-8374.

Reported by <marit@secmail.pro> in <https://bugs.gnu.org/36909>.

* gnu/packages/patches/libmad-frame-length.patch: Delete file.
* gnu/packages/patches/libmad-length-check.patch,
gnu/packages/patches/libmad-md_size.patch: New files.
* gnu/local.mk (dist_patch_DATA): Update accordingly.
* gnu/packages/mp3.scm (libmad)[source]: Update patches accordingly.
---
 gnu/packages/mp3.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'gnu/packages/mp3.scm')

diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 99ca4f9007..967e299803 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -65,7 +65,8 @@ (define-public libmad
               "14460zhacxhswnzb36qfpd1f2wbk10qvksvm6wyq5hpvdgnw7ymv"))
             (patches (search-patches "libmad-armv7-thumb-pt1.patch"
                                      "libmad-armv7-thumb-pt2.patch"
-                                     "libmad-frame-length.patch"
+                                     "libmad-md_size.patch"
+                                     "libmad-length-check.patch"
                                      "libmad-mips-newgcc.patch"))))
    (build-system gnu-build-system)
    (arguments
-- 
cgit v1.2.3