gentoo resync : 21.09.2018

5 files changed, 289 insertions, 3 deletions

diff --git a/media-libs/libquicktime/Manifest b/media-libs/libquicktime/Manifest
index 416ce7efdd95..846c53cfffff 100644
--- a/media-libs/libquicktime/Manifest
+++ b/media-libs/libquicktime/Manifest
@@ -1,8 +1,10 @@
-AUX CVE-2016-2399.patch 801 BLAKE2B 2794d13a0afa8a948f8f1335d7ee0a3d75691bbb9c619716707f533f52e8a8826c4a883b25db2ad8fb6544ce8b7c0fa883158b110c10b896e124b6ade9d18945 SHA512 759fee13bc96db036063efcd8288c0e467ce811b597cf6c0ceed1c8927593963174f4f3324512db0e773e936a4b9fe5c8d8fc9e0f00b2ce59110661175986f9c
 AUX libquicktime-1.2.4+libav-9.patch 464 BLAKE2B 0a29c9a3d1eae31731b76536a22aa23a4888b8ac55c3176c60a152330fce37e8031a4269fa28026133c7061cd769b1428bf24fe59fed574e39d52ea00b6e00a0 SHA512 691110dc18f6646e2e17f40c6a42911a6b8eaa8cea20b5595f20d218d51da11d11923a3001b7ad7c3ad6bd0d90e712b95ccee5526fa1bec176cd27813e4a775e
+AUX libquicktime-1.2.4-CVE-2016-2399.patch 801 BLAKE2B 2794d13a0afa8a948f8f1335d7ee0a3d75691bbb9c619716707f533f52e8a8826c4a883b25db2ad8fb6544ce8b7c0fa883158b110c10b896e124b6ade9d18945 SHA512 759fee13bc96db036063efcd8288c0e467ce811b597cf6c0ceed1c8927593963174f4f3324512db0e773e936a4b9fe5c8d8fc9e0f00b2ce59110661175986f9c
+AUX libquicktime-1.2.4-CVE-2017-9122_et_al.patch 4584 BLAKE2B 8d5be1d1a297d89da1256035042a9760227815b8e73cb994b04b3ac4a2d7b83f79625bb62dc89266ac2f3eebd4cb033c8eb66388aca6097f4dbcc86d919dbd72 SHA512 93639d3fe12eefddd1b457be702ec0a4a64a73c44fce6b3134e50bb9a4e7e5f25d256d3ace6ec5e774f2db4c0d68725f3e35e901f7d932a4be9cba566eab528e
 AUX libquicktime-1.2.4-ffmpeg2.patch 4046 BLAKE2B 1db6a761fa94a32741a05919d12d0211964647a61ffd32ba8619530ec089c980999aa1ded534c2652eb3baf15558bcb9842a23634eeef043a6ed3eb3f8e794ff SHA512 32ddf394aad4ed80e89ec72a534e0466268ab0061b991815e905b78eae55a7d935117b0915faf6f7f51bd7e2d9fbaa4b0e07bfcef1ef1e2f4a7e2061c489122d
 AUX libquicktime-1.2.4-ffmpeg29.patch 13436 BLAKE2B 8a1e7b5df65f5297f59aa17c4a52706413c1ffd88d8645de7359ec26f7059101ab81ac135cf7ef707a8acbeb709e1a6dae03d6a7e7f70c7e88185ebb271acbe4 SHA512 2a7e06c03b0f64f02b923c1a0e7121f4e1ea735f19a6df8ce8daf18177ead132d1ae921c64f3770042db3bbf29f15a7fcceece835d475e052c4c3bb7139c9e2e
 AUX libquicktime-1.2.4-ffmpeg4.patch 14723 BLAKE2B bd1299c24b738b3752e4d8d50ed1b2fa2f208c83e577876118d115fca22293e102614ae0cdc168060115f7145d951d290bccf21154fda4aabf55329d310b6aca SHA512 1b11a82d694654976a5f79cd8feb27eec3810e09a66dc58ca576eaf1f96e4948abd4dae7955a7da6cf99ae6ffef9e183b39090d96cc6b5fe216b4c4f4faff7a8
 DIST libquicktime-1.2.4.tar.gz 1028626 BLAKE2B 6c50965be5d19fb4c57ea6b36f2581ebd575d78a34f2df7029ce2c6ee560e8135a953a2e85d91d189e2c01b97c99804d0eab602866b88a5f07c36351174680f0 SHA512 6ab6cd62ae2361bb3ad73725e9e8baa2b03361bc23e9e34b24f90c0e2bec4337de950ed7f30a6a1d2e67ab33e8f0c43538369fd07e417f54b84583a3c331f8dd
-EBUILD libquicktime-1.2.4-r2.ebuild 3874 BLAKE2B a7f0b14e55deabcafe1ac0baa3648b6152b6f87e41adce1668f5170db9acee8507a91c53533304618f0bcf6abdd77d7eac7f487497fddbebcfbf6ce0ba983865 SHA512 a84ad63d5ccda95bb00833fbbbaff818693bd13c9a6036960f76ca4f4850737625a611d6c716bd649ec14c9e86a1dfa73553449a0b071b8cf0da8c9a33ea7ff5
+EBUILD libquicktime-1.2.4-r2.ebuild 3879 BLAKE2B b464fdd272c974633dec17eadd38dc0f295ba81a63f8233d55767b63e31e0bba7670f27a8e04f47ecb8f367702249621834eac6f4a7346b41fa188fd67908d86 SHA512 4c5c9bb52ad4826871f7acb45fb00c90e603465084dd375b85b07a412dd59c43b9aab791350d14579d1dd29476389fa49d4a98fb4a517a595aa396add5e0e529
+EBUILD libquicktime-1.2.4-r3.ebuild 3850 BLAKE2B 4acfafe0d7402076f9ff17f4c34ca5f2071224630d8421d61b12ab7cbb8876ceef48828d34a3d1bba7388578512cf20d65dd36daa6b938a07cbcc9412ebb4220 SHA512 023ce8db66f0ef222529fcace2e48e7efdcc0835200e7e3868bc7fc2786744a63e3fe69a89f76e14432426839332c1c2f0dfae70b518ef8aa20574d98252d172
 MISC metadata.xml 506 BLAKE2B 2b6f16d304beace7cb71ac32cc734ec4bf0e28c2b155068f9c5f83fc9a5a8731056ec1b3743da9f2b6add73f4b82d4fb797dad913451ea255ab5752557f7b2eb SHA512 80ee7f91a4fafe6a9f9380bab5236633672484dea9389ab5b391319fbcbe010607903b21c12c37211575f4e55251f1718c2000225226fd0a63183ac903817ce1
diff --git a/media-libs/libquicktime/files/CVE-2016-2399.patch b/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2016-2399.patch
index a1737c0dc0a9..a1737c0dc0a9 100644
--- a/media-libs/libquicktime/files/CVE-2016-2399.patch
+++ b/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2016-2399.patch
diff --git a/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2017-9122_et_al.patch b/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2017-9122_et_al.patch
new file mode 100644
index 000000000000..06fb7b33758b
--- /dev/null
+++ b/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2017-9122_et_al.patch
@@ -0,0 +1,151 @@
+From: Burkhard Plaum <plaum@ipf.uni-stuttgart.de>
+Origin: https://sourceforge.net/p/libquicktime/mailman/libquicktime-devel/?viewmonth=201706
+
+Hi,
+
+I committed some (mostly trivial) updates to CVS. The following CVE's
+are fixed and/or no longer reproducible:
+
+CVE-2017-9122
+CVE-2017-9123
+CVE-2017-9124
+CVE-2017-9125
+CVE-2017-9126
+CVE-2017-9127
+CVE-2017-9128
+
+I was a bit surprised that one simple sanity check fixes a whole bunch of files.
+
+So it could be, that the problems are still there, but better hidden since the
+critical code isn't executed anymore with the sample files I got.
+
+If someone encounters more crashes, feel free to report them.
+
+Burkhard
+
+--- a/include/lqt_funcprotos.h
++++ b/include/lqt_funcprotos.h
+@@ -1345,9 +1345,9 @@ int quicktime_write_int32_le(quicktime_t
+ int quicktime_write_char32(quicktime_t *file, char *string);
+ float quicktime_read_fixed16(quicktime_t *file);
+ int quicktime_write_fixed16(quicktime_t *file, float number);
+-unsigned long quicktime_read_uint32(quicktime_t *file);
+-long quicktime_read_int32(quicktime_t *file);
+-long quicktime_read_int32_le(quicktime_t *file);
++uint32_t quicktime_read_uint32(quicktime_t *file);
++int32_t quicktime_read_int32(quicktime_t *file);
++int32_t quicktime_read_int32_le(quicktime_t *file);
+ int64_t quicktime_read_int64(quicktime_t *file);
+ int64_t quicktime_read_int64_le(quicktime_t *file);
+ long quicktime_read_int24(quicktime_t *file);
+--- a/src/atom.c
++++ b/src/atom.c
+@@ -131,6 +131,9 @@ int quicktime_atom_read_header(quicktime
+ 			atom->size = read_size64(header);
+ 			atom->end = atom->start + atom->size;
+ 		}
++/* Avoid broken files */
++        if(atom->end > file->total_length)
++          result = 1;
+ 	}
+ 
+ 
+--- a/src/lqt_quicktime.c
++++ b/src/lqt_quicktime.c
+@@ -1788,8 +1788,8 @@ int quicktime_read_info(quicktime_t *fil
+                 quicktime_set_position(file, start_position);
+                 free(temp);
+ 
+-                quicktime_read_moov(file, &file->moov, &leaf_atom);
+-                got_header = 1;
++                if(!quicktime_read_moov(file, &file->moov, &leaf_atom))
++                  got_header = 1;
+                 }
+               else
+                 quicktime_atom_skip(file, &leaf_atom);
+--- a/src/moov.c
++++ b/src/moov.c
+@@ -218,7 +218,8 @@ int quicktime_read_moov(quicktime_t *fil
+ 		if(quicktime_atom_is(&leaf_atom, "trak"))
+ 		{
+ 			quicktime_trak_t *trak = quicktime_add_trak(file);
+-			quicktime_read_trak(file, trak, &leaf_atom);
++			if(quicktime_read_trak(file, trak, &leaf_atom))
++                          return 1;
+ 		}
+ 		else
+ 		if(quicktime_atom_is(&leaf_atom, "udta"))
+--- a/src/trak.c
++++ b/src/trak.c
+@@ -269,6 +269,14 @@ int quicktime_read_trak(quicktime_t *fil
+     else quicktime_atom_skip(file, &leaf_atom);
+     } while(quicktime_position(file) < trak_atom->end);
+ 
++  /* Do some sanity checks to prevent later crashes */
++  if(trak->mdia.minf.is_video || trak->mdia.minf.is_video)
++    {
++    if(!trak->mdia.minf.stbl.stsc.table ||
++       !trak->mdia.minf.stbl.stco.table)
++      return 1;
++    }
++
+ #if 1 
+   if(trak->mdia.minf.is_video &&
+      quicktime_match_32(trak->mdia.minf.stbl.stsd.table[0].format, "drac"))
+--- a/src/util.c
++++ b/src/util.c
+@@ -647,10 +647,10 @@ int quicktime_write_fixed16(quicktime_t
+ 	return quicktime_write_data(file, data, 2);
+ }
+ 
+-unsigned long quicktime_read_uint32(quicktime_t *file)
++uint32_t quicktime_read_uint32(quicktime_t *file)
+ {
+-	unsigned long result;
+-	unsigned long a, b, c, d;
++	uint32_t result;
++	uint32_t a, b, c, d;
+ 	uint8_t data[4];
+ 
+ 	quicktime_read_data(file, data, 4);
+@@ -663,10 +663,10 @@ unsigned long quicktime_read_uint32(quic
+ 	return result;
+ }
+ 
+-long quicktime_read_int32(quicktime_t *file)
++int32_t quicktime_read_int32(quicktime_t *file)
+ {
+-	unsigned long result;
+-	unsigned long a, b, c, d;
++	uint32_t result;
++	uint32_t a, b, c, d;
+ 	uint8_t data[4];
+ 
+ 	quicktime_read_data(file, data, 4);
+@@ -676,13 +676,13 @@ long quicktime_read_int32(quicktime_t *f
+ 	d = data[3];
+ 
+ 	result = (a << 24) | (b << 16) | (c << 8) | d;
+-	return (long)result;
++	return (int32_t)result;
+ }
+ 
+-long quicktime_read_int32_le(quicktime_t *file)
++int32_t quicktime_read_int32_le(quicktime_t *file)
+ {
+-	unsigned long result;
+-	unsigned long a, b, c, d;
++	uint32_t result;
++	uint32_t a, b, c, d;
+ 	uint8_t data[4];
+ 
+ 	quicktime_read_data(file, data, 4);
+@@ -692,7 +692,7 @@ long quicktime_read_int32_le(quicktime_t
+ 	d = data[3];
+ 
+ 	result = (d << 24) | (c << 16) | (b << 8) | a;
+-	return (long)result;
++	return (int32_t)result;
+ }
+ 
+ int64_t quicktime_read_int64(quicktime_t *file)
diff --git a/media-libs/libquicktime/libquicktime-1.2.4-r2.ebuild b/media-libs/libquicktime/libquicktime-1.2.4-r2.ebuild
index 7153bd3006a9..32f2d0f169e1 100644
--- a/media-libs/libquicktime/libquicktime-1.2.4-r2.ebuild
+++ b/media-libs/libquicktime/libquicktime-1.2.4-r2.ebuild
@@ -57,7 +57,7 @@ DOCS=( ChangeLog README TODO )
 PATCHES=(
 	"${FILESDIR}"/${P}+libav-9.patch
 	"${FILESDIR}"/${P}-ffmpeg2.patch
-	"${FILESDIR}"/CVE-2016-2399.patch
+	"${FILESDIR}"/${P}-CVE-2016-2399.patch
 )
 
 src_prepare() {
diff --git a/media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild b/media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild
new file mode 100644
index 000000000000..e4c2bea89205
--- /dev/null
+++ b/media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild
@@ -0,0 +1,133 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit libtool multilib-minimal
+
+DESCRIPTION="An enhanced version of the quicktime4linux library"
+HOMEPAGE="http://libquicktime.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
+IUSE="aac alsa doc dv encode ffmpeg gtk jpeg lame libav cpu_flags_x86_mmx opengl png schroedinger static-libs vorbis X x264"
+
+RDEPEND="
+	sys-libs/zlib
+	>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
+	aac? (
+		>=media-libs/faad2-2.7-r3[${MULTILIB_USEDEP}]
+		encode? ( >=media-libs/faac-1.28-r3[${MULTILIB_USEDEP}] )
+	)
+	alsa? ( >=media-libs/alsa-lib-1.0.20 )
+	dv? ( >=media-libs/libdv-1.0.0-r3[${MULTILIB_USEDEP}] )
+	ffmpeg? (
+		libav? ( >=media-video/libav-12:0=[${MULTILIB_USEDEP}] )
+		!libav? ( >=media-video/ffmpeg-3.2.6:0=[${MULTILIB_USEDEP}] )
+	)
+	gtk? ( x11-libs/gtk+:2 )
+	jpeg? ( >=virtual/jpeg-0-r2:0[${MULTILIB_USEDEP}] )
+	lame? ( >=media-sound/lame-3.99.5-r1[${MULTILIB_USEDEP}] )
+	opengl? ( virtual/opengl )
+	png? ( >=media-libs/libpng-1.6.10:0[${MULTILIB_USEDEP}] )
+	schroedinger? ( >=media-libs/schroedinger-1.0.11-r1[${MULTILIB_USEDEP}] )
+	vorbis? (
+		>=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}]
+		>=media-libs/libvorbis-1.3.3-r1[${MULTILIB_USEDEP}]
+	)
+	X? (
+		x11-libs/libX11
+		x11-libs/libXaw
+		x11-libs/libXext
+		x11-libs/libXt
+		x11-libs/libXv
+	)
+	x264? ( >=media-libs/x264-0.0.20130506:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	sys-devel/gettext
+	doc? ( app-doc/doxygen )
+	X? ( x11-base/xorg-proto )"
+
+REQUIRED_USE="opengl? ( X )"
+
+DOCS=( ChangeLog README TODO )
+
+PATCHES=(
+	"${FILESDIR}"/${P}+libav-9.patch
+	"${FILESDIR}"/${P}-ffmpeg2.patch
+	"${FILESDIR}"/${P}-ffmpeg29.patch
+	"${FILESDIR}"/${P}-CVE-2016-2399.patch
+	"${FILESDIR}"/${P}-CVE-2017-9122_et_al.patch
+)
+
+src_prepare() {
+	default
+
+	if has_version '>media-video/ffmpeg-3.5' ; then
+		eapply "${FILESDIR}/${P}-ffmpeg4.patch"
+	fi
+
+	local x
+	for x in lqt_ffmpeg.c video.c audio.c ; do
+		sed -i -e "s:CODEC_ID_:AV_&:g" "plugins/ffmpeg/${x}" || die
+	done
+
+	elibtoolize # Required for .so versioning on g/fbsd
+}
+
+multilib_src_configure() {
+	# utils use: alsa, opengl, gtk+, X
+
+	ECONF_SOURCE=${S} \
+	econf \
+		--enable-gpl \
+		$(use_enable static-libs static) \
+		$(use_enable cpu_flags_x86_mmx asm) \
+		$(multilib_native_use_with doc doxygen) \
+		$(use vorbis || echo --without-vorbis) \
+		$(use_with lame) \
+		$(multilib_native_use_with X x) \
+		$(multilib_native_use_with opengl) \
+		$(multilib_native_use_with alsa) \
+		$(multilib_native_use_with gtk) \
+		$(use_with dv libdv) \
+		$(use_with jpeg libjpeg) \
+		$(use_with ffmpeg) \
+		$(use_with png libpng) \
+		$(use_with schroedinger) \
+		$(use_with aac faac) \
+		$(use encode || echo --without-faac) \
+		$(use_with aac faad2) \
+		$(use_with x264) \
+		--without-cpuflags
+
+	if ! multilib_is_native_abi; then
+		# disable building utilities
+		sed -i -e '/SUBDIRS =/s:utils::' Makefile || die
+	fi
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${D}" -name '*.la' -delete || die
+
+	# Compatibility with software that uses quicktime prefix, but
+	# don't do that when building for Darwin/MacOS
+	[[ ${CHOST} != *-darwin* ]] && dosym /usr/include/lqt /usr/include/quicktime
+}
+
+pkg_preinst() {
+	if [[ -d /usr/include/quicktime && ! -L /usr/include/quicktime ]]; then
+		elog "For compatibility with other quicktime libraries, ${PN} was"
+		elog "going to create a /usr/include/quicktime symlink, but for some"
+		elog "reason that is a directory on your system."
+
+		elog "Please check that is empty, and remove it, or submit a bug"
+		elog "telling us which package owns the directory."
+		die "/usr/include/quicktime is a directory."
+	fi
+}