858df3643f
Upstream libmad is dead since 2004 so switch to debian package to get two patches that fix the following CVEs: - CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. - CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. - CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. Moreover: - Remove third patch (replaced by optimize.diff debian patch) - Remove fourth patch (same patch than Provide-Thumb-2-alternative-code-for-MAD_F_MLN.diff) - Remove fifth patch (same patch than libmad.thumb.diff) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
17 lines
477 B
Diff
17 lines
477 B
Diff
configure.ac: don't require GNU-specific files when running automake
|
|
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
|
|
diff -ur libmad-0.15.1b-orig/configure.ac libmad-0.15.1b/configure.ac
|
|
--- libmad-0.15.1b-orig/configure.ac 2019-01-17 21:24:52.259194527 +0100
|
|
+++ libmad-0.15.1b/configure.ac 2019-01-17 21:25:32.779481058 +0100
|
|
@@ -26,7 +26,7 @@
|
|
|
|
AC_CONFIG_SRCDIR([decoder.h])
|
|
|
|
-AM_INIT_AUTOMAKE
|
|
+AM_INIT_AUTOMAKE([foreign])
|
|
|
|
AM_CONFIG_HEADER([config.h])
|
|
|