From aac6c53a7bc9a8d22e88a490ebc99ec79d64a05b Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 6 Aug 2019 03:12:56 -0400
Subject: gnu: libmad: Add more security fixes from Debian.

Includes fixes for CVE-2017-8372, CVE-2017-8373, and CVE-2017-8374.

Reported by <marit@secmail.pro> in <https://bugs.gnu.org/36909>.

* gnu/packages/patches/libmad-frame-length.patch: Delete file.
* gnu/packages/patches/libmad-length-check.patch,
gnu/packages/patches/libmad-md_size.patch: New files.
* gnu/local.mk (dist_patch_DATA): Update accordingly.
* gnu/packages/mp3.scm (libmad)[source]: Update patches accordingly.
---
 gnu/local.mk | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 5bd47c733e..42e79e879a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1024,7 +1024,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/libotr-test-auth-fix.patch		\
   %D%/packages/patches/libmad-armv7-thumb-pt1.patch		\
   %D%/packages/patches/libmad-armv7-thumb-pt2.patch		\
-  %D%/packages/patches/libmad-frame-length.patch		\
+  %D%/packages/patches/libmad-length-check.patch		\
+  %D%/packages/patches/libmad-md_size.patch			\
   %D%/packages/patches/libmad-mips-newgcc.patch			\
   %D%/packages/patches/libmygpo-qt-fix-qt-5.11.patch		\
   %D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch	\
-- 
cgit v1.2.3