From 89ee3377a67cf18832a0e6f577b14d84734944d6 Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Wed, 21 Jun 2017 17:04:29 -0400
Subject: media-tv/kodi: Fix VMSF_DELTA vulnerability in embedded UnRAR #622384

Package-Manager: Portage-2.3.6, Repoman-2.3.2
---
 .../kodi/files/kodi-17.3-unrar-vulnerability.patch |  45 ++++
 media-tv/kodi/kodi-17.3-r1.ebuild                  | 285 +++++++++++++++++++++
 2 files changed, 330 insertions(+)
 create mode 100644 media-tv/kodi/files/kodi-17.3-unrar-vulnerability.patch
 create mode 100644 media-tv/kodi/kodi-17.3-r1.ebuild

(limited to 'media-tv')

diff --git a/media-tv/kodi/files/kodi-17.3-unrar-vulnerability.patch b/media-tv/kodi/files/kodi-17.3-unrar-vulnerability.patch
new file mode 100644
index 000000000000..95644d6921e7
--- /dev/null
+++ b/media-tv/kodi/files/kodi-17.3-unrar-vulnerability.patch
@@ -0,0 +1,45 @@
+See https://trac.kodi.tv/ticket/17510
+diff --git a/lib/UnrarXLib/rarvm.cpp b/lib/UnrarXLib/rarvm.cpp
+index 901c35dcb4..42df0a0110 100644
+--- a/lib/UnrarXLib/rarvm.cpp
++++ b/lib/UnrarXLib/rarvm.cpp
+@@ -873,14 +873,16 @@ void RarVM::ExecuteStandardFilter(VM_StandardFilters FilterType)
+       break;
+     case VMSF_DELTA:
+       {
+-        int DataSize=R[4],Channels=R[0],SrcPos=0,Border=DataSize*2;
+-        SET_VALUE(false,&Mem[VM_GLOBALMEMADDR+0x20],DataSize);
+-        if (DataSize>=VM_GLOBALMEMADDR/2)
+-          break;
+-        for (int CurChannel=0;CurChannel<Channels;CurChannel++)
++        uint DataSize=R[4],Channels=R[0],SrcPos=0,Border=DataSize*2;
++        if (DataSize>VM_MEMSIZE/2 || Channels>MAX3_UNPACK_CHANNELS || Channels==0)
++          break;
++
++        // Bytes from same channels are grouped to continual data blocks,
++        // so we need to place them back to their interleaving positions.
++        for (uint CurChannel=0;CurChannel<Channels;CurChannel++)
+         {
+           byte PrevByte=0;
+-          for (int DestPos=DataSize+CurChannel;DestPos<Border;DestPos+=Channels)
++          for (uint DestPos=DataSize+CurChannel;DestPos<Border;DestPos+=Channels)
+             Mem[DestPos]=(PrevByte-=Mem[SrcPos++]);
+         }
+       }
+diff --git a/lib/UnrarXLib/unpack.hpp b/lib/UnrarXLib/unpack.hpp
+index 83fb0f0254..36ac30d181 100644
+--- a/lib/UnrarXLib/unpack.hpp
++++ b/lib/UnrarXLib/unpack.hpp
+@@ -1,6 +1,12 @@
+ #ifndef _RAR_UNPACK_
+ #define _RAR_UNPACK_
+ 
++// Limit maximum number of channels in RAR3 delta filter to some reasonable
++// value to prevent too slow processing of corrupt archives with invalid
++// channels number. Must be equal or larger than v3_MAX_FILTER_CHANNELS.
++// No need to provide it for RAR5, which uses only 5 bits to store channels.
++#define MAX3_UNPACK_CHANNELS      1024
++
+ enum BLOCK_TYPES {BLOCK_LZ,BLOCK_PPM};
+ 
+ struct Decode
diff --git a/media-tv/kodi/kodi-17.3-r1.ebuild b/media-tv/kodi/kodi-17.3-r1.ebuild
new file mode 100644
index 000000000000..7c7b190ddecd
--- /dev/null
+++ b/media-tv/kodi/kodi-17.3-r1.ebuild
@@ -0,0 +1,285 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+# Does not work with py3 here
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="sqlite"
+
+inherit autotools cmake-utils eutils linux-info pax-utils python-single-r1
+
+LIBDVDCSS_COMMIT="2f12236bc1c92f73c21e973363f79eb300de603f"
+LIBDVDREAD_COMMIT="17d99db97e7b8f23077b342369d3c22a6250affd"
+LIBDVDNAV_COMMIT="43b5f81f5fe30bceae3b7cecf2b0ca57fc930dac"
+FFMPEG_VERSION="3.1.6"
+CODENAME="Krypton"
+PATCHES=(
+	"${FILESDIR}/${P}-ftpparse_string.patch"
+	"${FILESDIR}/${P}-unrar-vulnerability.patch"
+)
+SRC_URI="https://github.com/xbmc/libdvdcss/archive/${LIBDVDCSS_COMMIT}.tar.gz -> libdvdcss-${LIBDVDCSS_COMMIT}.tar.gz
+	https://github.com/xbmc/libdvdread/archive/${LIBDVDREAD_COMMIT}.tar.gz -> libdvdread-${LIBDVDREAD_COMMIT}.tar.gz
+	https://github.com/xbmc/libdvdnav/archive/${LIBDVDNAV_COMMIT}.tar.gz -> libdvdnav-${LIBDVDNAV_COMMIT}.tar.gz
+	!system-ffmpeg? ( https://github.com/xbmc/FFmpeg/archive/${FFMPEG_VERSION}-${CODENAME}.tar.gz -> ffmpeg-${PN}-${FFMPEG_VERSION}-${CODENAME}.tar.gz )"
+
+DESCRIPTION="Kodi is a free and open source media-player and entertainment hub"
+HOMEPAGE="https://kodi.tv/ http://kodi.wiki/"
+
+LICENSE="GPL-2"
+SLOT="0"
+# use flag is called libusb so that it doesn't fool people in thinking that
+# it is _required_ for USB support. Otherwise they'll disable udev and
+# that's going to be worse.
+IUSE="airplay alsa bluetooth bluray caps cec +css dbus debug dvd gles libressl libusb lirc mysql nfs nonfree +opengl pulseaudio samba sftp systemd +system-ffmpeg test +udev udisks upnp upower vaapi vdpau webserver +X +xslt zeroconf"
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	|| ( gles opengl )
+	gles? ( X )
+	opengl? ( X )
+	udev? ( !libusb )
+	udisks? ( dbus )
+	upower? ( dbus )
+"
+
+COMMON_DEPEND="${PYTHON_DEPS}
+	airplay? (
+		app-pda/libplist
+		net-libs/shairplay
+	)
+	alsa? ( media-libs/alsa-lib )
+	bluetooth? ( net-wireless/bluez )
+	bluray? ( >=media-libs/libbluray-0.7.0 )
+	caps? ( sys-libs/libcap )
+	dbus? ( sys-apps/dbus )
+	dev-db/sqlite
+	dev-libs/expat
+	dev-libs/fribidi
+	cec? ( >=dev-libs/libcec-4.0 )
+	dev-libs/libpcre[cxx]
+	dev-libs/libxml2
+	>=dev-libs/lzo-2.04
+	dev-libs/tinyxml[stl]
+	>=dev-libs/yajl-2
+	dev-python/pillow[${PYTHON_USEDEP}]
+	dev-libs/libcdio
+	gles? ( media-libs/mesa[gles2] )
+	libusb? ( virtual/libusb:1 )
+	media-fonts/corefonts
+	>=media-fonts/noto-20160531
+	media-fonts/roboto
+	media-libs/fontconfig
+	media-libs/freetype
+	>=media-libs/libass-0.13.4
+	media-libs/mesa[egl]
+	>=media-libs/taglib-1.11.1
+	system-ffmpeg? ( >=media-video/ffmpeg-${FFMPEG_VERSION}:=[encode,postproc] )
+	mysql? ( virtual/mysql )
+	>=net-misc/curl-7.51.0
+	nfs? ( net-fs/libnfs:= )
+	opengl? ( media-libs/glu )
+	!libressl? ( >=dev-libs/openssl-1.0.2j:0= )
+	libressl? ( dev-libs/libressl:0= )
+	pulseaudio? ( media-sound/pulseaudio )
+	samba? ( >=net-fs/samba-3.4.6[smbclient(+)] )
+	sftp? ( net-libs/libssh[sftp] )
+	sys-libs/zlib
+	udev? ( virtual/udev )
+	vaapi? ( x11-libs/libva[opengl] )
+	vdpau? (
+		|| ( >=x11-libs/libvdpau-1.1 >=x11-drivers/nvidia-drivers-180.51 )
+		system-ffmpeg? ( media-video/ffmpeg[vdpau] )
+	)
+	webserver? ( >=net-libs/libmicrohttpd-0.9.50[messages] )
+	X? (
+		x11-libs/libdrm
+		x11-libs/libX11
+		x11-libs/libXrandr
+		x11-libs/libXrender
+	)
+	xslt? ( dev-libs/libxslt )
+	zeroconf? ( net-dns/avahi[dbus] )
+"
+RDEPEND="${COMMON_DEPEND}
+	lirc? (
+		|| ( app-misc/lirc app-misc/inputlircd )
+	)
+	!media-tv/xbmc
+	udisks? ( sys-fs/udisks:0 )
+	upower? (
+		systemd? ( sys-power/upower )
+		!systemd? (
+			|| ( sys-power/upower-pm-utils sys-power/upower )
+		)
+	)
+"
+DEPEND="${COMMON_DEPEND}
+	app-arch/bzip2
+	app-arch/unzip
+	app-arch/xz-utils
+	app-arch/zip
+	dev-lang/swig
+	dev-libs/crossguid
+	dev-util/cmake
+	dev-util/gperf
+	media-libs/giflib
+	>=media-libs/libjpeg-turbo-1.5.1:=
+	>=media-libs/libpng-1.6.26:0=
+	test? ( dev-cpp/gtest )
+	virtual/pkgconfig
+	x86? ( dev-lang/nasm )
+"
+case ${PV} in
+9999)
+	EGIT_REPO_URI="git://github.com/xbmc/xbmc.git"
+	inherit git-r3
+	# Force java for latest git version to avoid having to hand maintain the
+	# generated addons package.  #488118
+	DEPEND+="
+		virtual/jre
+		"
+	;;
+*)
+	MY_PV=${PV/_p/_r}
+	MY_PV=${MY_PV/_alpha/a}
+	MY_PV=${MY_PV/_beta/b}
+	MY_PV=${MY_PV/_rc/rc}
+	MY_P="${PN}-${MY_PV}"
+	SRC_URI+=" https://github.com/xbmc/xbmc/archive/${MY_PV}-${CODENAME}.tar.gz -> ${MY_P}.tar.gz
+		 !java? ( https://github.com/candrews/gentoo-kodi/raw/master/${MY_P}-generated-addons.tar.xz )"
+	KEYWORDS="~amd64 ~x86"
+	IUSE+=" java"
+	DEPEND+="
+		java? ( virtual/jre )
+		"
+
+	S=${WORKDIR}/xbmc-${MY_PV}-${CODENAME}
+	;;
+esac
+
+CONFIG_CHECK="~IP_MULTICAST"
+ERROR_IP_MULTICAST="
+In some cases Kodi needs to access multicast addresses.
+Please consider enabling IP_MULTICAST under Networking options.
+"
+
+CMAKE_USE_DIR=${S}/project/cmake/
+
+pkg_setup() {
+	check_extra_config
+	python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	if in_iuse java && use !java; then
+		eapply "${FILESDIR}"/${PN}-cmake-no-java.patch
+	fi
+	cmake-utils_src_prepare
+
+	# avoid long delays when powerkit isn't running #348580
+	sed -i \
+		-e '/dbus_connection_send_with_reply_and_block/s:-1:3000:' \
+		xbmc/linux/*.cpp || die
+
+	# Prepare tools and libs witch are configured with autotools during compile time
+	AUTOTOOLS_DIRS=(
+		"${S}"/lib/cpluff
+		"${S}"/tools/depends/native/TexturePacker/src
+		"${S}"/tools/depends/native/JsonSchemaBuilder/src
+	)
+
+	local d
+	for d in "${AUTOTOOLS_DIRS[@]}" ; do
+		pushd ${d} >/dev/null || die
+		AT_NOELIBTOOLIZE="yes" AT_TOPLEVEL_EAUTORECONF="yes" eautoreconf
+		popd >/dev/null || die
+	done
+	elibtoolize
+
+	# Prevent autoreconf rerun
+	sed -e 's/autoreconf -vif/echo "autoreconf already done in src_prepare()"/' -i \
+		"${S}"/project/cmake/modules/FindCpluff.cmake \
+		"${S}"/tools/depends/native/TexturePacker/src/autogen.sh \
+		"${S}"/tools/depends/native/JsonSchemaBuilder/src/autogen.sh \
+		|| die
+}
+
+src_configure() {
+	local mycmakeargs=(
+		-Ddocdir="${EPREFIX}/usr/share/doc/${PF}"
+		-DENABLE_LDGOLD=OFF # https://bugs.gentoo.org/show_bug.cgi?id=606124
+		-DENABLE_ALSA=$(usex alsa)
+		-DENABLE_AIRTUNES=$(usex airplay)
+		-DENABLE_AVAHI=$(usex zeroconf)
+		-DENABLE_BLUETOOTH=$(usex bluetooth)
+		-DENABLE_BLURAY=$(usex bluray)
+		-DENABLE_CCACHE=OFF
+		-DENABLE_CEC=$(usex cec)
+		-DENABLE_DBUS=$(usex dbus)
+		-DENABLE_DVDCSS=$(usex css)
+		-DENABLE_INTERNAL_CROSSGUID=OFF
+		-DENABLE_INTERNAL_FFMPEG="$(usex !system-ffmpeg)"
+		-DENABLE_CAP=$(usex caps)
+		-DENABLE_LIRC=$(usex lirc)
+		-DENABLE_MICROHTTPD=$(usex webserver)
+		-DENABLE_MYSQLCLIENT=$(usex mysql)
+		-DENABLE_NFS=$(usex nfs)
+		-DENABLE_NONFREE=$(usex nonfree)
+		-DENABLE_OPENGLES=$(usex gles)
+		-DENABLE_OPENGL=$(usex opengl)
+		-DENABLE_OPENSSL=ON
+		-DENABLE_OPTICAL=$(usex dvd)
+		-DENABLE_PLIST=$(usex airplay)
+		-DENABLE_PULSEAUDIO=$(usex pulseaudio)
+		-DENABLE_SMBCLIENT=$(usex samba)
+		-DENABLE_SSH=$(usex sftp)
+		-DENABLE_UDEV=$(usex udev)
+		-DENABLE_UPNP=$(usex upnp)
+		-DENABLE_VAAPI=$(usex vaapi)
+		-DENABLE_VDPAU=$(usex vdpau)
+		-DENABLE_X11=$(usex X)
+		-DENABLE_XSLT=$(usex xslt)
+		-Dlibdvdread_URL="${DISTDIR}/libdvdread-${LIBDVDREAD_COMMIT}.tar.gz"
+		-Dlibdvdnav_URL="${DISTDIR}/libdvdnav-${LIBDVDNAV_COMMIT}.tar.gz"
+		-Dlibdvdcss_URL="${DISTDIR}/libdvdcss-${LIBDVDCSS_COMMIT}.tar.gz"
+	)
+
+	use libusb && mycmakeargs+=( -DENABLE_LIBUSB=$(usex libusb) )
+
+	use !system-ffmpeg && mycmakeargs+=( -DFFMPEG_URL="${DISTDIR}/ffmpeg-${PN}-${FFMPEG_VERSION}-${CODENAME}.tar.gz" )
+
+	cmake-utils_src_configure
+}
+
+src_compile() {
+	cmake-utils_src_compile all $(usev test)
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	pax-mark Em "${ED%/}"/usr/$(get_libdir)/${PN}/${PN}.bin
+
+	rm "${ED%/}"/usr/share/doc/*/{LICENSE.GPL,copying.txt}* || die
+
+	newicon media/icon48x48.png kodi.png
+
+	# Replace bundled fonts with system ones.
+	rm "${ED%/}"/usr/share/kodi/addons/skin.estouchy/fonts/NotoSans-Regular.ttf || die
+	dosym ../../../../fonts/noto/NotoSans-Regular.ttf \
+		usr/share/kodi/addons/skin.estouchy/fonts/NotoSans-Regular.ttf
+
+	local f
+	for f in NotoMono-Regular.ttf NotoSans-Bold.ttf NotoSans-Regular.ttf ; do
+		rm "${ED%/}"/usr/share/kodi/addons/skin.estuary/fonts/"${f}" || die
+		dosym ../../../../fonts/noto/"${f}" \
+			usr/share/kodi/addons/skin.estuary/fonts/"${f}"
+	done
+
+	rm "${ED%/}"/usr/share/kodi/addons/skin.estuary/fonts/Roboto-Thin.ttf || die
+	dosym ../../../../fonts/roboto/Roboto-Thin.ttf \
+		usr/share/kodi/addons/skin.estuary/fonts/Roboto-Thin.ttf
+
+	python_domodule tools/EventClients/lib/python/xbmcclient.py
+	python_newscript "tools/EventClients/Clients/Kodi Send/kodi-send.py" kodi-send
+}
-- 
cgit v1.2.3-65-gdbad