main/lame: security fixes:

* CVE-2015-9099
* CVE-2015-9100
* CVE-2017-9410
* CVE-2017-9411
* CVE-2017-9412
* CVE-2017-11720
  Fixes #7627

4 files changed, 74 insertions, 5 deletions

diff --git a/main/lame/APKBUILD b/main/lame/APKBUILD
index 1013b29f94..9117e787ea 100644
--- a/main/lame/APKBUILD
+++ b/main/lame/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=lame
 pkgver=3.99.5
 _ver=${pkgver%.*}
-pkgrel=5
+pkgrel=6
 pkgdesc="An MP3 encoder and graphical frame analyzer"
 url="http://lame.sourceforge.net/"
 arch="all"
@@ -12,10 +12,22 @@ depends=
 makedepends="nasm ncurses-dev autoconf automake libtool"
 source="http://downloads.sourceforge.net/project/lame/lame/$_ver/lame-$pkgver.tar.gz
 	sse.patch
-	lame-automake-1.12.patch"
+	lame-automake-1.12.patch
+	CVE-2015-9099.patch                    
+	CVE-2015-9100_2017-9410_2017-9411.patch
+	CVE-2017-9412_CVE-2017-11720.patch"
 
 _builddir="$srcdir"/$pkgname-$pkgver
 
+# secfixes:ss
+#   3.99.5-r6:
+#     - CVE-2015-9099
+#     - CVE-2015-9100
+#     - CVE-2017-9410
+#     - CVE-2017-9411
+#     - CVE-2017-9412
+#     - CVE-2017-11720
+
 prepare() {
 	cd "$_builddir"
 	for i in $source; do
@@ -65,10 +77,19 @@ package() {
 
 md5sums="84835b313d4a8b68f5349816d33e07ce  lame-3.99.5.tar.gz
 ca77f3259ed398ae1c55073dacdd752f  sse.patch
-54814745b84480da3b643582f2e5b485  lame-automake-1.12.patch"
+54814745b84480da3b643582f2e5b485  lame-automake-1.12.patch
+67e2b8ce0551d70ca391b59a3de3d195  CVE-2015-9099.patch
+d41d8cd98f00b204e9800998ecf8427e  CVE-2015-9100_2017-9410_2017-9411.patch
+8baf1f177fd1622c1cb30a81a8b85e97  CVE-2017-9412_CVE-2017-11720.patch"
 sha256sums="24346b4158e4af3bd9f2e194bb23eb473c75fb7377011523353196b19b9a23ff  lame-3.99.5.tar.gz
 1c8e1798391f45ee37632287ceaff7bcb9cd0221b6e5cf1d40a989b9541e341f  sse.patch
-52ba7c70db1223775b3f1f84f1895f27c1c01f73c58ea381ec97ec8e5236e0d7  lame-automake-1.12.patch"
+52ba7c70db1223775b3f1f84f1895f27c1c01f73c58ea381ec97ec8e5236e0d7  lame-automake-1.12.patch
+ffe13b2c1f3c0f1533a63c335b7f2e1f427c6a825824fe050ea966ba203e31be  CVE-2015-9099.patch
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  CVE-2015-9100_2017-9410_2017-9411.patch
+cf2e798e835b08034a5ab26cf9739653034cff11c10c44b9ac680a0f97ba185a  CVE-2017-9412_CVE-2017-11720.patch"
 sha512sums="ce62d7eb9fc8c53c343374ded30f11153a296910f0be7e649197bca7412c6660aad1aa6143d56b750f866229eb492cf7bb4f682535c383fb4aa57d7077d8b4d8  lame-3.99.5.tar.gz
 89c1a3b52c6469c78ab1fcb52e7dbb3a62dac20953905027301f659ebcb166d0fc4ef78b8459feec0c26e458f3e1415bb88209b9c43a5af1e0643764ffb6fe83  sse.patch
-fa789f706e5efffaac9d7a6cf001b5a0fef7e04845ee2c02d5af4e735629b5f225e355673890892f028d6c35d3969124b3ef4a28c980050f1635c2a58b8f25ed  lame-automake-1.12.patch"
+fa789f706e5efffaac9d7a6cf001b5a0fef7e04845ee2c02d5af4e735629b5f225e355673890892f028d6c35d3969124b3ef4a28c980050f1635c2a58b8f25ed  lame-automake-1.12.patch
+15de6a6f55c0c8d600b71ef93a38a8a3b42cea90657ee8295e49209dbe4c6215a0c6fd9572d0de2bd523e76bb414a876a828d26029230fe93e11711df4991fe5  CVE-2015-9099.patch
+cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e  CVE-2015-9100_2017-9410_2017-9411.patch
+769dd3e7693689c9a35b33111ff99da657df720d9f63d4c2ee30b97ac28c25ba89ff3690f68da3f72b59e6812c2d19af6321fabd605563c3819882ddcfa814e4  CVE-2017-9412_CVE-2017-11720.patch"
diff --git a/main/lame/CVE-2015-9099.patch b/main/lame/CVE-2015-9099.patch
new file mode 100644
index 0000000000..5be534bd02
--- /dev/null
+++ b/main/lame/CVE-2015-9099.patch
@@ -0,0 +1,31 @@
+From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001
+From: Maks Naumov <maksqwe1@ukr.net>
+Date: Thu, 22 Jan 2015 16:20:40 +0200
+Subject: [PATCH] Add check for invalid input sample rate
+
+Signed-off-by: Maks Naumov <maksqwe1@ukr.net>
+---
+ libmp3lame/lame.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libmp3lame/lame.c b/libmp3lame/lame.c
+index 5989160..51d689c 100644
+--- a/libmp3lame/lame.c
++++ b/libmp3lame/lame.c
+@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp)
+     }
+ #endif
+ 
++    if (gfp->samplerate_in < 0) {
++        freegfc(gfc);
++        gfp->internal_flags = NULL;
++        return -1;
++    }
++
+     cfg->disable_reservoir = gfp->disable_reservoir;
+     cfg->lowpassfreq = gfp->lowpassfreq;
+     cfg->highpassfreq = gfp->highpassfreq;
+-- 
+1.9.4.msysgit.1
+
+
diff --git a/main/lame/CVE-2015-9100_2017-9410_2017-9411.patch b/main/lame/CVE-2015-9100_2017-9410_2017-9411.patch
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/main/lame/CVE-2015-9100_2017-9410_2017-9411.patch
diff --git a/main/lame/CVE-2017-9412_CVE-2017-11720.patch b/main/lame/CVE-2017-9412_CVE-2017-11720.patch
new file mode 100644
index 0000000000..214ca459c6
--- /dev/null
+++ b/main/lame/CVE-2017-9412_CVE-2017-11720.patch
@@ -0,0 +1,17 @@
+Description: Avoid malformed wav causing floating point exception (integer divide by zero) 
+Author: Fabian Greffrath <fabian+debian@greffrath.com>
+Bug-Debian: https://bugs.debian.org/777159
+
+--- a/frontend/get_audio.c
++++ b/frontend/get_audio.c
+@@ -1448,6 +1448,10 @@ parse_wave_header(lame_global_flags * gf
+         else {
+             (void) lame_set_in_samplerate(gfp, global_reader.input_samplerate);
+         }
++        /* avoid division by zero */
++        if (bits_per_sample < 1)
++            return -1;
++
+         global. pcmbitwidth = bits_per_sample;
+         global. pcm_is_unsigned_8bit = 1;
+         global. pcm_is_ieee_float = (format_tag == WAVE_FORMAT_IEEE_FLOAT ? 1 : 0);