diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-09-21 18:00:10 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-09-21 18:00:10 +0100 |
commit | 265dbe5dbc14c199299496c6db8fce3f76647015 (patch) | |
tree | ab18b5617d138f6684566b619405090989d55a2c /media-libs/libquicktime | |
parent | 586819755b4dbfdffdc8a725ab7c0f86095b8489 (diff) |
gentoo resync : 21.09.2018
Diffstat (limited to 'media-libs/libquicktime')
-rw-r--r-- | media-libs/libquicktime/Manifest | 6 | ||||
-rw-r--r-- | media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2016-2399.patch (renamed from media-libs/libquicktime/files/CVE-2016-2399.patch) | 0 | ||||
-rw-r--r-- | media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2017-9122_et_al.patch | 151 | ||||
-rw-r--r-- | media-libs/libquicktime/libquicktime-1.2.4-r2.ebuild | 2 | ||||
-rw-r--r-- | media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild | 133 |
5 files changed, 289 insertions, 3 deletions
diff --git a/media-libs/libquicktime/Manifest b/media-libs/libquicktime/Manifest index 416ce7efdd95..846c53cfffff 100644 --- a/media-libs/libquicktime/Manifest +++ b/media-libs/libquicktime/Manifest @@ -1,8 +1,10 @@ -AUX CVE-2016-2399.patch 801 BLAKE2B 2794d13a0afa8a948f8f1335d7ee0a3d75691bbb9c619716707f533f52e8a8826c4a883b25db2ad8fb6544ce8b7c0fa883158b110c10b896e124b6ade9d18945 SHA512 759fee13bc96db036063efcd8288c0e467ce811b597cf6c0ceed1c8927593963174f4f3324512db0e773e936a4b9fe5c8d8fc9e0f00b2ce59110661175986f9c AUX libquicktime-1.2.4+libav-9.patch 464 BLAKE2B 0a29c9a3d1eae31731b76536a22aa23a4888b8ac55c3176c60a152330fce37e8031a4269fa28026133c7061cd769b1428bf24fe59fed574e39d52ea00b6e00a0 SHA512 691110dc18f6646e2e17f40c6a42911a6b8eaa8cea20b5595f20d218d51da11d11923a3001b7ad7c3ad6bd0d90e712b95ccee5526fa1bec176cd27813e4a775e +AUX libquicktime-1.2.4-CVE-2016-2399.patch 801 BLAKE2B 2794d13a0afa8a948f8f1335d7ee0a3d75691bbb9c619716707f533f52e8a8826c4a883b25db2ad8fb6544ce8b7c0fa883158b110c10b896e124b6ade9d18945 SHA512 759fee13bc96db036063efcd8288c0e467ce811b597cf6c0ceed1c8927593963174f4f3324512db0e773e936a4b9fe5c8d8fc9e0f00b2ce59110661175986f9c +AUX libquicktime-1.2.4-CVE-2017-9122_et_al.patch 4584 BLAKE2B 8d5be1d1a297d89da1256035042a9760227815b8e73cb994b04b3ac4a2d7b83f79625bb62dc89266ac2f3eebd4cb033c8eb66388aca6097f4dbcc86d919dbd72 SHA512 93639d3fe12eefddd1b457be702ec0a4a64a73c44fce6b3134e50bb9a4e7e5f25d256d3ace6ec5e774f2db4c0d68725f3e35e901f7d932a4be9cba566eab528e AUX libquicktime-1.2.4-ffmpeg2.patch 4046 BLAKE2B 1db6a761fa94a32741a05919d12d0211964647a61ffd32ba8619530ec089c980999aa1ded534c2652eb3baf15558bcb9842a23634eeef043a6ed3eb3f8e794ff SHA512 32ddf394aad4ed80e89ec72a534e0466268ab0061b991815e905b78eae55a7d935117b0915faf6f7f51bd7e2d9fbaa4b0e07bfcef1ef1e2f4a7e2061c489122d AUX libquicktime-1.2.4-ffmpeg29.patch 13436 BLAKE2B 8a1e7b5df65f5297f59aa17c4a52706413c1ffd88d8645de7359ec26f7059101ab81ac135cf7ef707a8acbeb709e1a6dae03d6a7e7f70c7e88185ebb271acbe4 SHA512 2a7e06c03b0f64f02b923c1a0e7121f4e1ea735f19a6df8ce8daf18177ead132d1ae921c64f3770042db3bbf29f15a7fcceece835d475e052c4c3bb7139c9e2e AUX libquicktime-1.2.4-ffmpeg4.patch 14723 BLAKE2B bd1299c24b738b3752e4d8d50ed1b2fa2f208c83e577876118d115fca22293e102614ae0cdc168060115f7145d951d290bccf21154fda4aabf55329d310b6aca SHA512 1b11a82d694654976a5f79cd8feb27eec3810e09a66dc58ca576eaf1f96e4948abd4dae7955a7da6cf99ae6ffef9e183b39090d96cc6b5fe216b4c4f4faff7a8 DIST libquicktime-1.2.4.tar.gz 1028626 BLAKE2B 6c50965be5d19fb4c57ea6b36f2581ebd575d78a34f2df7029ce2c6ee560e8135a953a2e85d91d189e2c01b97c99804d0eab602866b88a5f07c36351174680f0 SHA512 6ab6cd62ae2361bb3ad73725e9e8baa2b03361bc23e9e34b24f90c0e2bec4337de950ed7f30a6a1d2e67ab33e8f0c43538369fd07e417f54b84583a3c331f8dd -EBUILD libquicktime-1.2.4-r2.ebuild 3874 BLAKE2B a7f0b14e55deabcafe1ac0baa3648b6152b6f87e41adce1668f5170db9acee8507a91c53533304618f0bcf6abdd77d7eac7f487497fddbebcfbf6ce0ba983865 SHA512 a84ad63d5ccda95bb00833fbbbaff818693bd13c9a6036960f76ca4f4850737625a611d6c716bd649ec14c9e86a1dfa73553449a0b071b8cf0da8c9a33ea7ff5 +EBUILD libquicktime-1.2.4-r2.ebuild 3879 BLAKE2B b464fdd272c974633dec17eadd38dc0f295ba81a63f8233d55767b63e31e0bba7670f27a8e04f47ecb8f367702249621834eac6f4a7346b41fa188fd67908d86 SHA512 4c5c9bb52ad4826871f7acb45fb00c90e603465084dd375b85b07a412dd59c43b9aab791350d14579d1dd29476389fa49d4a98fb4a517a595aa396add5e0e529 +EBUILD libquicktime-1.2.4-r3.ebuild 3850 BLAKE2B 4acfafe0d7402076f9ff17f4c34ca5f2071224630d8421d61b12ab7cbb8876ceef48828d34a3d1bba7388578512cf20d65dd36daa6b938a07cbcc9412ebb4220 SHA512 023ce8db66f0ef222529fcace2e48e7efdcc0835200e7e3868bc7fc2786744a63e3fe69a89f76e14432426839332c1c2f0dfae70b518ef8aa20574d98252d172 MISC metadata.xml 506 BLAKE2B 2b6f16d304beace7cb71ac32cc734ec4bf0e28c2b155068f9c5f83fc9a5a8731056ec1b3743da9f2b6add73f4b82d4fb797dad913451ea255ab5752557f7b2eb SHA512 80ee7f91a4fafe6a9f9380bab5236633672484dea9389ab5b391319fbcbe010607903b21c12c37211575f4e55251f1718c2000225226fd0a63183ac903817ce1 diff --git a/media-libs/libquicktime/files/CVE-2016-2399.patch b/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2016-2399.patch index a1737c0dc0a9..a1737c0dc0a9 100644 --- a/media-libs/libquicktime/files/CVE-2016-2399.patch +++ b/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2016-2399.patch diff --git a/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2017-9122_et_al.patch b/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2017-9122_et_al.patch new file mode 100644 index 000000000000..06fb7b33758b --- /dev/null +++ b/media-libs/libquicktime/files/libquicktime-1.2.4-CVE-2017-9122_et_al.patch @@ -0,0 +1,151 @@ +From: Burkhard Plaum <plaum@ipf.uni-stuttgart.de> +Origin: https://sourceforge.net/p/libquicktime/mailman/libquicktime-devel/?viewmonth=201706 + +Hi, + +I committed some (mostly trivial) updates to CVS. The following CVE's +are fixed and/or no longer reproducible: + +CVE-2017-9122 +CVE-2017-9123 +CVE-2017-9124 +CVE-2017-9125 +CVE-2017-9126 +CVE-2017-9127 +CVE-2017-9128 + +I was a bit surprised that one simple sanity check fixes a whole bunch of files. + +So it could be, that the problems are still there, but better hidden since the +critical code isn't executed anymore with the sample files I got. + +If someone encounters more crashes, feel free to report them. + +Burkhard + +--- a/include/lqt_funcprotos.h ++++ b/include/lqt_funcprotos.h +@@ -1345,9 +1345,9 @@ int quicktime_write_int32_le(quicktime_t + int quicktime_write_char32(quicktime_t *file, char *string); + float quicktime_read_fixed16(quicktime_t *file); + int quicktime_write_fixed16(quicktime_t *file, float number); +-unsigned long quicktime_read_uint32(quicktime_t *file); +-long quicktime_read_int32(quicktime_t *file); +-long quicktime_read_int32_le(quicktime_t *file); ++uint32_t quicktime_read_uint32(quicktime_t *file); ++int32_t quicktime_read_int32(quicktime_t *file); ++int32_t quicktime_read_int32_le(quicktime_t *file); + int64_t quicktime_read_int64(quicktime_t *file); + int64_t quicktime_read_int64_le(quicktime_t *file); + long quicktime_read_int24(quicktime_t *file); +--- a/src/atom.c ++++ b/src/atom.c +@@ -131,6 +131,9 @@ int quicktime_atom_read_header(quicktime + atom->size = read_size64(header); + atom->end = atom->start + atom->size; + } ++/* Avoid broken files */ ++ if(atom->end > file->total_length) ++ result = 1; + } + + +--- a/src/lqt_quicktime.c ++++ b/src/lqt_quicktime.c +@@ -1788,8 +1788,8 @@ int quicktime_read_info(quicktime_t *fil + quicktime_set_position(file, start_position); + free(temp); + +- quicktime_read_moov(file, &file->moov, &leaf_atom); +- got_header = 1; ++ if(!quicktime_read_moov(file, &file->moov, &leaf_atom)) ++ got_header = 1; + } + else + quicktime_atom_skip(file, &leaf_atom); +--- a/src/moov.c ++++ b/src/moov.c +@@ -218,7 +218,8 @@ int quicktime_read_moov(quicktime_t *fil + if(quicktime_atom_is(&leaf_atom, "trak")) + { + quicktime_trak_t *trak = quicktime_add_trak(file); +- quicktime_read_trak(file, trak, &leaf_atom); ++ if(quicktime_read_trak(file, trak, &leaf_atom)) ++ return 1; + } + else + if(quicktime_atom_is(&leaf_atom, "udta")) +--- a/src/trak.c ++++ b/src/trak.c +@@ -269,6 +269,14 @@ int quicktime_read_trak(quicktime_t *fil + else quicktime_atom_skip(file, &leaf_atom); + } while(quicktime_position(file) < trak_atom->end); + ++ /* Do some sanity checks to prevent later crashes */ ++ if(trak->mdia.minf.is_video || trak->mdia.minf.is_video) ++ { ++ if(!trak->mdia.minf.stbl.stsc.table || ++ !trak->mdia.minf.stbl.stco.table) ++ return 1; ++ } ++ + #if 1 + if(trak->mdia.minf.is_video && + quicktime_match_32(trak->mdia.minf.stbl.stsd.table[0].format, "drac")) +--- a/src/util.c ++++ b/src/util.c +@@ -647,10 +647,10 @@ int quicktime_write_fixed16(quicktime_t + return quicktime_write_data(file, data, 2); + } + +-unsigned long quicktime_read_uint32(quicktime_t *file) ++uint32_t quicktime_read_uint32(quicktime_t *file) + { +- unsigned long result; +- unsigned long a, b, c, d; ++ uint32_t result; ++ uint32_t a, b, c, d; + uint8_t data[4]; + + quicktime_read_data(file, data, 4); +@@ -663,10 +663,10 @@ unsigned long quicktime_read_uint32(quic + return result; + } + +-long quicktime_read_int32(quicktime_t *file) ++int32_t quicktime_read_int32(quicktime_t *file) + { +- unsigned long result; +- unsigned long a, b, c, d; ++ uint32_t result; ++ uint32_t a, b, c, d; + uint8_t data[4]; + + quicktime_read_data(file, data, 4); +@@ -676,13 +676,13 @@ long quicktime_read_int32(quicktime_t *f + d = data[3]; + + result = (a << 24) | (b << 16) | (c << 8) | d; +- return (long)result; ++ return (int32_t)result; + } + +-long quicktime_read_int32_le(quicktime_t *file) ++int32_t quicktime_read_int32_le(quicktime_t *file) + { +- unsigned long result; +- unsigned long a, b, c, d; ++ uint32_t result; ++ uint32_t a, b, c, d; + uint8_t data[4]; + + quicktime_read_data(file, data, 4); +@@ -692,7 +692,7 @@ long quicktime_read_int32_le(quicktime_t + d = data[3]; + + result = (d << 24) | (c << 16) | (b << 8) | a; +- return (long)result; ++ return (int32_t)result; + } + + int64_t quicktime_read_int64(quicktime_t *file) diff --git a/media-libs/libquicktime/libquicktime-1.2.4-r2.ebuild b/media-libs/libquicktime/libquicktime-1.2.4-r2.ebuild index 7153bd3006a9..32f2d0f169e1 100644 --- a/media-libs/libquicktime/libquicktime-1.2.4-r2.ebuild +++ b/media-libs/libquicktime/libquicktime-1.2.4-r2.ebuild @@ -57,7 +57,7 @@ DOCS=( ChangeLog README TODO ) PATCHES=( "${FILESDIR}"/${P}+libav-9.patch "${FILESDIR}"/${P}-ffmpeg2.patch - "${FILESDIR}"/CVE-2016-2399.patch + "${FILESDIR}"/${P}-CVE-2016-2399.patch ) src_prepare() { diff --git a/media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild b/media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild new file mode 100644 index 000000000000..e4c2bea89205 --- /dev/null +++ b/media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild @@ -0,0 +1,133 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit libtool multilib-minimal + +DESCRIPTION="An enhanced version of the quicktime4linux library" +HOMEPAGE="http://libquicktime.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd" +IUSE="aac alsa doc dv encode ffmpeg gtk jpeg lame libav cpu_flags_x86_mmx opengl png schroedinger static-libs vorbis X x264" + +RDEPEND=" + sys-libs/zlib + >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] + aac? ( + >=media-libs/faad2-2.7-r3[${MULTILIB_USEDEP}] + encode? ( >=media-libs/faac-1.28-r3[${MULTILIB_USEDEP}] ) + ) + alsa? ( >=media-libs/alsa-lib-1.0.20 ) + dv? ( >=media-libs/libdv-1.0.0-r3[${MULTILIB_USEDEP}] ) + ffmpeg? ( + libav? ( >=media-video/libav-12:0=[${MULTILIB_USEDEP}] ) + !libav? ( >=media-video/ffmpeg-3.2.6:0=[${MULTILIB_USEDEP}] ) + ) + gtk? ( x11-libs/gtk+:2 ) + jpeg? ( >=virtual/jpeg-0-r2:0[${MULTILIB_USEDEP}] ) + lame? ( >=media-sound/lame-3.99.5-r1[${MULTILIB_USEDEP}] ) + opengl? ( virtual/opengl ) + png? ( >=media-libs/libpng-1.6.10:0[${MULTILIB_USEDEP}] ) + schroedinger? ( >=media-libs/schroedinger-1.0.11-r1[${MULTILIB_USEDEP}] ) + vorbis? ( + >=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}] + >=media-libs/libvorbis-1.3.3-r1[${MULTILIB_USEDEP}] + ) + X? ( + x11-libs/libX11 + x11-libs/libXaw + x11-libs/libXext + x11-libs/libXt + x11-libs/libXv + ) + x264? ( >=media-libs/x264-0.0.20130506:=[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND}" +BDEPEND=" + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] + sys-devel/gettext + doc? ( app-doc/doxygen ) + X? ( x11-base/xorg-proto )" + +REQUIRED_USE="opengl? ( X )" + +DOCS=( ChangeLog README TODO ) + +PATCHES=( + "${FILESDIR}"/${P}+libav-9.patch + "${FILESDIR}"/${P}-ffmpeg2.patch + "${FILESDIR}"/${P}-ffmpeg29.patch + "${FILESDIR}"/${P}-CVE-2016-2399.patch + "${FILESDIR}"/${P}-CVE-2017-9122_et_al.patch +) + +src_prepare() { + default + + if has_version '>media-video/ffmpeg-3.5' ; then + eapply "${FILESDIR}/${P}-ffmpeg4.patch" + fi + + local x + for x in lqt_ffmpeg.c video.c audio.c ; do + sed -i -e "s:CODEC_ID_:AV_&:g" "plugins/ffmpeg/${x}" || die + done + + elibtoolize # Required for .so versioning on g/fbsd +} + +multilib_src_configure() { + # utils use: alsa, opengl, gtk+, X + + ECONF_SOURCE=${S} \ + econf \ + --enable-gpl \ + $(use_enable static-libs static) \ + $(use_enable cpu_flags_x86_mmx asm) \ + $(multilib_native_use_with doc doxygen) \ + $(use vorbis || echo --without-vorbis) \ + $(use_with lame) \ + $(multilib_native_use_with X x) \ + $(multilib_native_use_with opengl) \ + $(multilib_native_use_with alsa) \ + $(multilib_native_use_with gtk) \ + $(use_with dv libdv) \ + $(use_with jpeg libjpeg) \ + $(use_with ffmpeg) \ + $(use_with png libpng) \ + $(use_with schroedinger) \ + $(use_with aac faac) \ + $(use encode || echo --without-faac) \ + $(use_with aac faad2) \ + $(use_with x264) \ + --without-cpuflags + + if ! multilib_is_native_abi; then + # disable building utilities + sed -i -e '/SUBDIRS =/s:utils::' Makefile || die + fi +} + +multilib_src_install_all() { + einstalldocs + find "${D}" -name '*.la' -delete || die + + # Compatibility with software that uses quicktime prefix, but + # don't do that when building for Darwin/MacOS + [[ ${CHOST} != *-darwin* ]] && dosym /usr/include/lqt /usr/include/quicktime +} + +pkg_preinst() { + if [[ -d /usr/include/quicktime && ! -L /usr/include/quicktime ]]; then + elog "For compatibility with other quicktime libraries, ${PN} was" + elog "going to create a /usr/include/quicktime symlink, but for some" + elog "reason that is a directory on your system." + + elog "Please check that is empty, and remove it, or submit a bug" + elog "telling us which package owns the directory." + die "/usr/include/quicktime is a directory." + fi +} |