From 6369a06150b9a2991807c0418a7f0a865ef6c084 Mon Sep 17 00:00:00 2001
From: Peter Korsgaard <peter@korsgaard.com>
Date: Tue, 4 Jul 2017 10:42:11 +0200
Subject: [PATCH] libmad: add security patch from debian

Fixes:

CVE-2017-8372 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a
denial of service (assertion failure and application exit) via a crafted
audio file.

CVE-2017-8373 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted audio file.

CVE-2017-8374 - The mad_bit_skip function in bit.c in Underbit MAD libmad
0.15.1b allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) via a crafted audio file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/libmad/libmad.hash | 1 +
 package/libmad/libmad.mk   | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/package/libmad/libmad.hash b/package/libmad/libmad.hash
index 1e555568fe..173399f7ff 100644
--- a/package/libmad/libmad.hash
+++ b/package/libmad/libmad.hash
@@ -1,2 +1,3 @@
 # Locally computed:
 sha256  bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690  libmad-0.15.1b.tar.gz
+sha256  0e21f2c6b19337d0b237dacc04f7b90a56be7f359f4c9a2ee0b202d9af0cfa69  frame_length.diff
diff --git a/package/libmad/libmad.mk b/package/libmad/libmad.mk
index 0bb64da2f7..0729b1e6d4 100644
--- a/package/libmad/libmad.mk
+++ b/package/libmad/libmad.mk
@@ -10,6 +10,8 @@ LIBMAD_INSTALL_STAGING = YES
 LIBMAD_LIBTOOL_PATCH = NO
 LIBMAD_LICENSE = GPL-2.0+
 LIBMAD_LICENSE_FILES = COPYING
+LIBMAD_PATCH = \
+	https://sources.debian.net/data/main/libm/libmad/0.15.1b-8/debian/patches/frame_length.diff
 
 define LIBMAD_PREVENT_AUTOMAKE
 	# Prevent automake from running.