summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCraig Andrews <candrews@integralblue.com>2017-06-21 17:04:29 -0400
committerMichał Górny <mgorny@gentoo.org>2017-07-11 23:54:20 +0200
commit89ee3377a67cf18832a0e6f577b14d84734944d6 (patch)
treeedca2aff4e600b1fd2628619860c407792cc17fe /media-tv
parentmedia-tv/kodi: Fix ‘string’ was not declared in this scope #624280 (diff)
downloadgentoo-89ee3377a67cf18832a0e6f577b14d84734944d6.tar.gz
gentoo-89ee3377a67cf18832a0e6f577b14d84734944d6.tar.bz2
gentoo-89ee3377a67cf18832a0e6f577b14d84734944d6.zip
media-tv/kodi: Fix VMSF_DELTA vulnerability in embedded UnRAR #622384
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Diffstat (limited to 'media-tv')
-rw-r--r--media-tv/kodi/files/kodi-17.3-unrar-vulnerability.patch45
-rw-r--r--media-tv/kodi/kodi-17.3-r1.ebuild285
2 files changed, 330 insertions, 0 deletions
diff --git a/media-tv/kodi/files/kodi-17.3-unrar-vulnerability.patch b/media-tv/kodi/files/kodi-17.3-unrar-vulnerability.patch
new file mode 100644
index 000000000000..95644d6921e7
--- /dev/null
+++ b/media-tv/kodi/files/kodi-17.3-unrar-vulnerability.patch
@@ -0,0 +1,45 @@
+See https://trac.kodi.tv/ticket/17510
+diff --git a/lib/UnrarXLib/rarvm.cpp b/lib/UnrarXLib/rarvm.cpp
+index 901c35dcb4..42df0a0110 100644
+--- a/lib/UnrarXLib/rarvm.cpp
++++ b/lib/UnrarXLib/rarvm.cpp
+@@ -873,14 +873,16 @@ void RarVM::ExecuteStandardFilter(VM_StandardFilters FilterType)
+ break;
+ case VMSF_DELTA:
+ {
+- int DataSize=R[4],Channels=R[0],SrcPos=0,Border=DataSize*2;
+- SET_VALUE(false,&Mem[VM_GLOBALMEMADDR+0x20],DataSize);
+- if (DataSize>=VM_GLOBALMEMADDR/2)
+- break;
+- for (int CurChannel=0;CurChannel<Channels;CurChannel++)
++ uint DataSize=R[4],Channels=R[0],SrcPos=0,Border=DataSize*2;
++ if (DataSize>VM_MEMSIZE/2 || Channels>MAX3_UNPACK_CHANNELS || Channels==0)
++ break;
++
++ // Bytes from same channels are grouped to continual data blocks,
++ // so we need to place them back to their interleaving positions.
++ for (uint CurChannel=0;CurChannel<Channels;CurChannel++)
+ {
+ byte PrevByte=0;
+- for (int DestPos=DataSize+CurChannel;DestPos<Border;DestPos+=Channels)
++ for (uint DestPos=DataSize+CurChannel;DestPos<Border;DestPos+=Channels)
+ Mem[DestPos]=(PrevByte-=Mem[SrcPos++]);
+ }
+ }
+diff --git a/lib/UnrarXLib/unpack.hpp b/lib/UnrarXLib/unpack.hpp
+index 83fb0f0254..36ac30d181 100644
+--- a/lib/UnrarXLib/unpack.hpp
++++ b/lib/UnrarXLib/unpack.hpp
+@@ -1,6 +1,12 @@
+ #ifndef _RAR_UNPACK_
+ #define _RAR_UNPACK_
+
++// Limit maximum number of channels in RAR3 delta filter to some reasonable
++// value to prevent too slow processing of corrupt archives with invalid
++// channels number. Must be equal or larger than v3_MAX_FILTER_CHANNELS.
++// No need to provide it for RAR5, which uses only 5 bits to store channels.
++#define MAX3_UNPACK_CHANNELS 1024
++
+ enum BLOCK_TYPES {BLOCK_LZ,BLOCK_PPM};
+
+ struct Decode
diff --git a/media-tv/kodi/kodi-17.3-r1.ebuild b/media-tv/kodi/kodi-17.3-r1.ebuild
new file mode 100644
index 000000000000..7c7b190ddecd
--- /dev/null
+++ b/media-tv/kodi/kodi-17.3-r1.ebuild
@@ -0,0 +1,285 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+# Does not work with py3 here
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="sqlite"
+
+inherit autotools cmake-utils eutils linux-info pax-utils python-single-r1
+
+LIBDVDCSS_COMMIT="2f12236bc1c92f73c21e973363f79eb300de603f"
+LIBDVDREAD_COMMIT="17d99db97e7b8f23077b342369d3c22a6250affd"
+LIBDVDNAV_COMMIT="43b5f81f5fe30bceae3b7cecf2b0ca57fc930dac"
+FFMPEG_VERSION="3.1.6"
+CODENAME="Krypton"
+PATCHES=(
+ "${FILESDIR}/${P}-ftpparse_string.patch"
+ "${FILESDIR}/${P}-unrar-vulnerability.patch"
+)
+SRC_URI="https://github.com/xbmc/libdvdcss/archive/${LIBDVDCSS_COMMIT}.tar.gz -> libdvdcss-${LIBDVDCSS_COMMIT}.tar.gz
+ https://github.com/xbmc/libdvdread/archive/${LIBDVDREAD_COMMIT}.tar.gz -> libdvdread-${LIBDVDREAD_COMMIT}.tar.gz
+ https://github.com/xbmc/libdvdnav/archive/${LIBDVDNAV_COMMIT}.tar.gz -> libdvdnav-${LIBDVDNAV_COMMIT}.tar.gz
+ !system-ffmpeg? ( https://github.com/xbmc/FFmpeg/archive/${FFMPEG_VERSION}-${CODENAME}.tar.gz -> ffmpeg-${PN}-${FFMPEG_VERSION}-${CODENAME}.tar.gz )"
+
+DESCRIPTION="Kodi is a free and open source media-player and entertainment hub"
+HOMEPAGE="https://kodi.tv/ http://kodi.wiki/"
+
+LICENSE="GPL-2"
+SLOT="0"
+# use flag is called libusb so that it doesn't fool people in thinking that
+# it is _required_ for USB support. Otherwise they'll disable udev and
+# that's going to be worse.
+IUSE="airplay alsa bluetooth bluray caps cec +css dbus debug dvd gles libressl libusb lirc mysql nfs nonfree +opengl pulseaudio samba sftp systemd +system-ffmpeg test +udev udisks upnp upower vaapi vdpau webserver +X +xslt zeroconf"
+REQUIRED_USE="
+ ${PYTHON_REQUIRED_USE}
+ || ( gles opengl )
+ gles? ( X )
+ opengl? ( X )
+ udev? ( !libusb )
+ udisks? ( dbus )
+ upower? ( dbus )
+"
+
+COMMON_DEPEND="${PYTHON_DEPS}
+ airplay? (
+ app-pda/libplist
+ net-libs/shairplay
+ )
+ alsa? ( media-libs/alsa-lib )
+ bluetooth? ( net-wireless/bluez )
+ bluray? ( >=media-libs/libbluray-0.7.0 )
+ caps? ( sys-libs/libcap )
+ dbus? ( sys-apps/dbus )
+ dev-db/sqlite
+ dev-libs/expat
+ dev-libs/fribidi
+ cec? ( >=dev-libs/libcec-4.0 )
+ dev-libs/libpcre[cxx]
+ dev-libs/libxml2
+ >=dev-libs/lzo-2.04
+ dev-libs/tinyxml[stl]
+ >=dev-libs/yajl-2
+ dev-python/pillow[${PYTHON_USEDEP}]
+ dev-libs/libcdio
+ gles? ( media-libs/mesa[gles2] )
+ libusb? ( virtual/libusb:1 )
+ media-fonts/corefonts
+ >=media-fonts/noto-20160531
+ media-fonts/roboto
+ media-libs/fontconfig
+ media-libs/freetype
+ >=media-libs/libass-0.13.4
+ media-libs/mesa[egl]
+ >=media-libs/taglib-1.11.1
+ system-ffmpeg? ( >=media-video/ffmpeg-${FFMPEG_VERSION}:=[encode,postproc] )
+ mysql? ( virtual/mysql )
+ >=net-misc/curl-7.51.0
+ nfs? ( net-fs/libnfs:= )
+ opengl? ( media-libs/glu )
+ !libressl? ( >=dev-libs/openssl-1.0.2j:0= )
+ libressl? ( dev-libs/libressl:0= )
+ pulseaudio? ( media-sound/pulseaudio )
+ samba? ( >=net-fs/samba-3.4.6[smbclient(+)] )
+ sftp? ( net-libs/libssh[sftp] )
+ sys-libs/zlib
+ udev? ( virtual/udev )
+ vaapi? ( x11-libs/libva[opengl] )
+ vdpau? (
+ || ( >=x11-libs/libvdpau-1.1 >=x11-drivers/nvidia-drivers-180.51 )
+ system-ffmpeg? ( media-video/ffmpeg[vdpau] )
+ )
+ webserver? ( >=net-libs/libmicrohttpd-0.9.50[messages] )
+ X? (
+ x11-libs/libdrm
+ x11-libs/libX11
+ x11-libs/libXrandr
+ x11-libs/libXrender
+ )
+ xslt? ( dev-libs/libxslt )
+ zeroconf? ( net-dns/avahi[dbus] )
+"
+RDEPEND="${COMMON_DEPEND}
+ lirc? (
+ || ( app-misc/lirc app-misc/inputlircd )
+ )
+ !media-tv/xbmc
+ udisks? ( sys-fs/udisks:0 )
+ upower? (
+ systemd? ( sys-power/upower )
+ !systemd? (
+ || ( sys-power/upower-pm-utils sys-power/upower )
+ )
+ )
+"
+DEPEND="${COMMON_DEPEND}
+ app-arch/bzip2
+ app-arch/unzip
+ app-arch/xz-utils
+ app-arch/zip
+ dev-lang/swig
+ dev-libs/crossguid
+ dev-util/cmake
+ dev-util/gperf
+ media-libs/giflib
+ >=media-libs/libjpeg-turbo-1.5.1:=
+ >=media-libs/libpng-1.6.26:0=
+ test? ( dev-cpp/gtest )
+ virtual/pkgconfig
+ x86? ( dev-lang/nasm )
+"
+case ${PV} in
+9999)
+ EGIT_REPO_URI="git://github.com/xbmc/xbmc.git"
+ inherit git-r3
+ # Force java for latest git version to avoid having to hand maintain the
+ # generated addons package. #488118
+ DEPEND+="
+ virtual/jre
+ "
+ ;;
+*)
+ MY_PV=${PV/_p/_r}
+ MY_PV=${MY_PV/_alpha/a}
+ MY_PV=${MY_PV/_beta/b}
+ MY_PV=${MY_PV/_rc/rc}
+ MY_P="${PN}-${MY_PV}"
+ SRC_URI+=" https://github.com/xbmc/xbmc/archive/${MY_PV}-${CODENAME}.tar.gz -> ${MY_P}.tar.gz
+ !java? ( https://github.com/candrews/gentoo-kodi/raw/master/${MY_P}-generated-addons.tar.xz )"
+ KEYWORDS="~amd64 ~x86"
+ IUSE+=" java"
+ DEPEND+="
+ java? ( virtual/jre )
+ "
+
+ S=${WORKDIR}/xbmc-${MY_PV}-${CODENAME}
+ ;;
+esac
+
+CONFIG_CHECK="~IP_MULTICAST"
+ERROR_IP_MULTICAST="
+In some cases Kodi needs to access multicast addresses.
+Please consider enabling IP_MULTICAST under Networking options.
+"
+
+CMAKE_USE_DIR=${S}/project/cmake/
+
+pkg_setup() {
+ check_extra_config
+ python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ if in_iuse java && use !java; then
+ eapply "${FILESDIR}"/${PN}-cmake-no-java.patch
+ fi
+ cmake-utils_src_prepare
+
+ # avoid long delays when powerkit isn't running #348580
+ sed -i \
+ -e '/dbus_connection_send_with_reply_and_block/s:-1:3000:' \
+ xbmc/linux/*.cpp || die
+
+ # Prepare tools and libs witch are configured with autotools during compile time
+ AUTOTOOLS_DIRS=(
+ "${S}"/lib/cpluff
+ "${S}"/tools/depends/native/TexturePacker/src
+ "${S}"/tools/depends/native/JsonSchemaBuilder/src
+ )
+
+ local d
+ for d in "${AUTOTOOLS_DIRS[@]}" ; do
+ pushd ${d} >/dev/null || die
+ AT_NOELIBTOOLIZE="yes" AT_TOPLEVEL_EAUTORECONF="yes" eautoreconf
+ popd >/dev/null || die
+ done
+ elibtoolize
+
+ # Prevent autoreconf rerun
+ sed -e 's/autoreconf -vif/echo "autoreconf already done in src_prepare()"/' -i \
+ "${S}"/project/cmake/modules/FindCpluff.cmake \
+ "${S}"/tools/depends/native/TexturePacker/src/autogen.sh \
+ "${S}"/tools/depends/native/JsonSchemaBuilder/src/autogen.sh \
+ || die
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -Ddocdir="${EPREFIX}/usr/share/doc/${PF}"
+ -DENABLE_LDGOLD=OFF # https://bugs.gentoo.org/show_bug.cgi?id=606124
+ -DENABLE_ALSA=$(usex alsa)
+ -DENABLE_AIRTUNES=$(usex airplay)
+ -DENABLE_AVAHI=$(usex zeroconf)
+ -DENABLE_BLUETOOTH=$(usex bluetooth)
+ -DENABLE_BLURAY=$(usex bluray)
+ -DENABLE_CCACHE=OFF
+ -DENABLE_CEC=$(usex cec)
+ -DENABLE_DBUS=$(usex dbus)
+ -DENABLE_DVDCSS=$(usex css)
+ -DENABLE_INTERNAL_CROSSGUID=OFF
+ -DENABLE_INTERNAL_FFMPEG="$(usex !system-ffmpeg)"
+ -DENABLE_CAP=$(usex caps)
+ -DENABLE_LIRC=$(usex lirc)
+ -DENABLE_MICROHTTPD=$(usex webserver)
+ -DENABLE_MYSQLCLIENT=$(usex mysql)
+ -DENABLE_NFS=$(usex nfs)
+ -DENABLE_NONFREE=$(usex nonfree)
+ -DENABLE_OPENGLES=$(usex gles)
+ -DENABLE_OPENGL=$(usex opengl)
+ -DENABLE_OPENSSL=ON
+ -DENABLE_OPTICAL=$(usex dvd)
+ -DENABLE_PLIST=$(usex airplay)
+ -DENABLE_PULSEAUDIO=$(usex pulseaudio)
+ -DENABLE_SMBCLIENT=$(usex samba)
+ -DENABLE_SSH=$(usex sftp)
+ -DENABLE_UDEV=$(usex udev)
+ -DENABLE_UPNP=$(usex upnp)
+ -DENABLE_VAAPI=$(usex vaapi)
+ -DENABLE_VDPAU=$(usex vdpau)
+ -DENABLE_X11=$(usex X)
+ -DENABLE_XSLT=$(usex xslt)
+ -Dlibdvdread_URL="${DISTDIR}/libdvdread-${LIBDVDREAD_COMMIT}.tar.gz"
+ -Dlibdvdnav_URL="${DISTDIR}/libdvdnav-${LIBDVDNAV_COMMIT}.tar.gz"
+ -Dlibdvdcss_URL="${DISTDIR}/libdvdcss-${LIBDVDCSS_COMMIT}.tar.gz"
+ )
+
+ use libusb && mycmakeargs+=( -DENABLE_LIBUSB=$(usex libusb) )
+
+ use !system-ffmpeg && mycmakeargs+=( -DFFMPEG_URL="${DISTDIR}/ffmpeg-${PN}-${FFMPEG_VERSION}-${CODENAME}.tar.gz" )
+
+ cmake-utils_src_configure
+}
+
+src_compile() {
+ cmake-utils_src_compile all $(usev test)
+}
+
+src_install() {
+ cmake-utils_src_install
+
+ pax-mark Em "${ED%/}"/usr/$(get_libdir)/${PN}/${PN}.bin
+
+ rm "${ED%/}"/usr/share/doc/*/{LICENSE.GPL,copying.txt}* || die
+
+ newicon media/icon48x48.png kodi.png
+
+ # Replace bundled fonts with system ones.
+ rm "${ED%/}"/usr/share/kodi/addons/skin.estouchy/fonts/NotoSans-Regular.ttf || die
+ dosym ../../../../fonts/noto/NotoSans-Regular.ttf \
+ usr/share/kodi/addons/skin.estouchy/fonts/NotoSans-Regular.ttf
+
+ local f
+ for f in NotoMono-Regular.ttf NotoSans-Bold.ttf NotoSans-Regular.ttf ; do
+ rm "${ED%/}"/usr/share/kodi/addons/skin.estuary/fonts/"${f}" || die
+ dosym ../../../../fonts/noto/"${f}" \
+ usr/share/kodi/addons/skin.estuary/fonts/"${f}"
+ done
+
+ rm "${ED%/}"/usr/share/kodi/addons/skin.estuary/fonts/Roboto-Thin.ttf || die
+ dosym ../../../../fonts/roboto/Roboto-Thin.ttf \
+ usr/share/kodi/addons/skin.estuary/fonts/Roboto-Thin.ttf
+
+ python_domodule tools/EventClients/lib/python/xbmcclient.py
+ python_newscript "tools/EventClients/Clients/Kodi Send/kodi-send.py" kodi-send
+}