kumquat-buildroot/package/libmad
Fabrice Fontaine 858df3643f package/libmad: switch to debian to fix CVEs
Upstream libmad is dead since 2004 so switch to debian package to get
two patches that fix the following CVEs:
 - CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD
   libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to
   cause a denial of service (assertion failure and application exit)
   via a crafted audio file.
 - CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD
   libmad 0.15.1b allows remote attackers to cause a denial of service
   (heap-based buffer overflow and application crash) or possibly have
   unspecified other impact via a crafted audio file.
 - CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD
   libmad 0.15.1b allows remote attackers to cause a denial of service
   (heap-based buffer over-read and application crash) via a crafted
   audio file.

Moreover:
 - Remove third patch (replaced by optimize.diff debian patch)
 - Remove fourth patch (same patch than
   Provide-Thumb-2-alternative-code-for-MAD_F_MLN.diff)
 - Remove fifth patch (same patch than libmad.thumb.diff)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-12 22:21:02 +02:00
..
0001-mips-h-constraint-removal.patch
0002-configure-ac-automake-foreign.patch
Config.in
libmad.hash
libmad.mk
mad.pc