Fix a bunch of CVE.
CVE-2016-2399, CVE-2017-9122, CVE-2017-9123, CVE-2017-9124, CVE-2017-9125,
CVE-2017-9126, CVE-2017-9127, CVE-2017-9128
Index: Makefile
===================================================================
RCS file: /home/cvs/ports/multimedia/libquicktime/Makefile,v
retrieving revision 1.58
diff -u -p -u -p -r1.58 Makefile
--- Makefile 24 Oct 2018 14:28:08 -0000 1.58
+++ Makefile 3 Feb 2019 04:51:02 -0000
@@ -3,7 +3,7 @@
COMMENT= library for reading and writing QuickTime files
DISTNAME= libquicktime-1.2.4
-REVISION= 12
+REVISION= 13
CATEGORIES= multimedia
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libquicktime/}
Index: patches/patch-include_lqt_funcprotos_h
===================================================================
RCS file: patches/patch-include_lqt_funcprotos_h
diff -N patches/patch-include_lqt_funcprotos_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-include_lqt_funcprotos_h 3 Feb 2019 05:41:28 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+
+CVE-2017-9122, CVE-2017-9123, CVE-2017-9124, CVE-2017-9125, CVE-2017-9126,
+CVE-2017-9127, CVE-2017-9128
+
+Index: include/lqt_funcprotos.h
+--- include/lqt_funcprotos.h.orig
++++ include/lqt_funcprotos.h
+@@ -1345,9 +1345,9 @@ int quicktime_write_int32_le(quicktime_t *file, long v
+ int quicktime_write_char32(quicktime_t *file, char *string);
+ float quicktime_read_fixed16(quicktime_t *file);
+ int quicktime_write_fixed16(quicktime_t *file, float number);
+-unsigned long quicktime_read_uint32(quicktime_t *file);
+-long quicktime_read_int32(quicktime_t *file);
+-long quicktime_read_int32_le(quicktime_t *file);
++uint32_t quicktime_read_uint32(quicktime_t *file);
++int32_t quicktime_read_int32(quicktime_t *file);
++int32_t quicktime_read_int32_le(quicktime_t *file);
+ int64_t quicktime_read_int64(quicktime_t *file);
+ int64_t quicktime_read_int64_le(quicktime_t *file);
+ long quicktime_read_int24(quicktime_t *file);
Index: patches/patch-src_atom_c
===================================================================
RCS file: patches/patch-src_atom_c
diff -N patches/patch-src_atom_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_atom_c 3 Feb 2019 05:41:00 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+
+CVE-2017-9122, CVE-2017-9123, CVE-2017-9124, CVE-2017-9125, CVE-2017-9126,
+CVE-2017-9127, CVE-2017-9128
+
+Index: src/atom.c
+--- src/atom.c.orig
++++ src/atom.c
+@@ -131,6 +131,9 @@ int quicktime_atom_read_header(quicktime_t *file, quic
+ atom->size = read_size64(header);
+ atom->end = atom->start + atom->size;
+ }
++/* Avoid broken files */
++ if(atom->end > file->total_length)
++ result = 1;
+ }
+
+
Index: patches/patch-src_lqt_quicktime_c
===================================================================
RCS file: patches/patch-src_lqt_quicktime_c
diff -N patches/patch-src_lqt_quicktime_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_lqt_quicktime_c 3 Feb 2019 05:41:13 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+CVE-2017-9122, CVE-2017-9123, CVE-2017-9124, CVE-2017-9125, CVE-2017-9126,
+CVE-2017-9127, CVE-2017-9128
+
+Index: src/lqt_quicktime.c
+--- src/lqt_quicktime.c.orig
++++ src/lqt_quicktime.c
+@@ -1788,8 +1788,8 @@ int quicktime_read_info(quicktime_t *file)
+ quicktime_set_position(file, start_position);
+ free(temp);
+
+- quicktime_read_moov(file, &file->moov, &leaf_atom);
+- got_header = 1;
++ if(!quicktime_read_moov(file, &file->moov, &leaf_atom))
++ got_header = 1;
+ }
+ else
+ quicktime_atom_skip(file, &leaf_atom);
Index: patches/patch-src_moov_c
===================================================================
RCS file: patches/patch-src_moov_c
diff -N patches/patch-src_moov_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_moov_c 3 Feb 2019 05:40:43 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+
+CVE-2017-9122, CVE-2017-9123, CVE-2017-9124, CVE-2017-9125, CVE-2017-9126,
+CVE-2017-9127, CVE-2017-9128
+
+Index: src/moov.c
+--- src/moov.c.orig
++++ src/moov.c
+@@ -218,7 +218,8 @@ int quicktime_read_moov(quicktime_t *file, quicktime_m
+ if(quicktime_atom_is(&leaf_atom, "trak"))
+ {
+ quicktime_trak_t *trak = quicktime_add_trak(file);
+- quicktime_read_trak(file, trak, &leaf_atom);
++ if(quicktime_read_trak(file, trak, &leaf_atom))
++ return 1;
+ }
+ else
+ if(quicktime_atom_is(&leaf_atom, "udta"))
Index: patches/patch-src_trak_c
===================================================================
RCS file: patches/patch-src_trak_c
diff -N patches/patch-src_trak_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_trak_c 3 Feb 2019 05:40:51 -0000
@@ -0,0 +1,23 @@
+$OpenBSD$
+
+CVE-2017-9122, CVE-2017-9123, CVE-2017-9124, CVE-2017-9125, CVE-2017-9126,
+CVE-2017-9127, CVE-2017-9128
+
+Index: src/trak.c
+--- src/trak.c.orig
++++ src/trak.c
+@@ -269,6 +269,14 @@ int quicktime_read_trak(quicktime_t *file, quicktime_t
+ else quicktime_atom_skip(file, &leaf_atom);
+ } while(quicktime_position(file) < trak_atom->end);
+
++ /* Do some sanity checks to prevent later crashes */
++ if(trak->mdia.minf.is_video || trak->mdia.minf.is_video)
++ {
++ if(!trak->mdia.minf.stbl.stsc.table ||
++ !trak->mdia.minf.stbl.stco.table)
++ return 1;
++ }
++
+ #if 1
+ if(trak->mdia.minf.is_video &&
+ quicktime_match_32(trak->mdia.minf.stbl.stsd.table[0].format, "drac"))
Index: patches/patch-src_util_c
===================================================================
RCS file: patches/patch-src_util_c
diff -N patches/patch-src_util_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_util_c 3 Feb 2019 05:40:30 -0000
@@ -0,0 +1,65 @@
+$OpenBSD$
+
+- Integer overflow in the quicktime_read_pascal function
+ CVE-2016-2399
+- CVE-2017-9122, CVE-2017-9123, CVE-2017-9124, CVE-2017-9125, CVE-2017-9126,
+ CVE-2017-9127, CVE-2017-9128
+
+Index: src/util.c
+--- src/util.c.orig
++++ src/util.c
+@@ -647,10 +647,10 @@ int quicktime_write_fixed16(quicktime_t *file, float n
+ return quicktime_write_data(file, data, 2);
+ }
+
+-unsigned long quicktime_read_uint32(quicktime_t *file)
++uint32_t quicktime_read_uint32(quicktime_t *file)
+ {
+- unsigned long result;
+- unsigned long a, b, c, d;
++ uint32_t result;
++ uint32_t a, b, c, d;
+ uint8_t data[4];
+
+ quicktime_read_data(file, data, 4);
+@@ -663,10 +663,10 @@ unsigned long quicktime_read_uint32(quicktime_t *file)
+ return result;
+ }
+
+-long quicktime_read_int32(quicktime_t *file)
++int32_t quicktime_read_int32(quicktime_t *file)
+ {
+- unsigned long result;
+- unsigned long a, b, c, d;
++ uint32_t result;
++ uint32_t a, b, c, d;
+ uint8_t data[4];
+
+ quicktime_read_data(file, data, 4);
+@@ -676,13 +676,13 @@ long quicktime_read_int32(quicktime_t *file)
+ d = data[3];
+
+ result = (a << 24) | (b << 16) | (c << 8) | d;
+- return (long)result;
++ return (int32_t)result;
+ }
+
+-long quicktime_read_int32_le(quicktime_t *file)
++int32_t quicktime_read_int32_le(quicktime_t *file)
+ {
+- unsigned long result;
+- unsigned long a, b, c, d;
++ uint32_t result;
++ uint32_t a, b, c, d;
+ uint8_t data[4];
+
+ quicktime_read_data(file, data, 4);
+@@ -692,7 +692,7 @@ long quicktime_read_int32_le(quicktime_t *file)
+ d = data[3];
+
+ result = (d << 24) | (c << 16) | (b << 8) | a;
+- return (long)result;
++ return (int32_t)result;
+ }
+
+ int64_t quicktime_read_int64(quicktime_t *file)
