diff options
author | Alexander Tsoy <alexander@tsoy.me> | 2020-06-29 10:52:36 +0300 |
---|---|---|
committer | Aaron Bauman <bman@gentoo.org> | 2020-06-29 13:29:20 -0400 |
commit | 3cc06e5fd4889a3fd2d77d6a411efe0f82f37777 (patch) | |
tree | 0f119d4890e2eb677c9ceb9550d6e14612f3c63d /net-libs | |
parent | dev-ruby/asciimath: add missing test dep (diff) | |
download | gentoo-3cc06e5fd4889a3fd2d77d6a411efe0f82f37777.tar.gz gentoo-3cc06e5fd4889a3fd2d77d6a411efe0f82f37777.tar.bz2 gentoo-3cc06e5fd4889a3fd2d77d6a411efe0f82f37777.zip |
net-libs/libvncserver: Security cleanup
Bug: https://bugs.gentoo.org/728594
Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
Closes: https://github.com/gentoo/gentoo/pull/16483
Signed-off-by: Aaron Bauman <bman@gentoo.org>
Diffstat (limited to 'net-libs')
11 files changed, 0 insertions, 458 deletions
diff --git a/net-libs/libvncserver/Manifest b/net-libs/libvncserver/Manifest index 836e8ec1e80a..c7569e5d4778 100644 --- a/net-libs/libvncserver/Manifest +++ b/net-libs/libvncserver/Manifest @@ -1,2 +1 @@ -DIST LibVNCServer-0.9.12.tar.gz 2237447 BLAKE2B 583500c0bcfb6e9e3a02a33fb2701113b164851f0906fcc4845de7c7d82d4f7f65f5edd6c9a672348ee1deeefc65c1b0a257da024254598ba86d121d424f027e SHA512 60ff1cc93a937d6f8f97449bc58b763095846207112f7b1b3c43eb2d74448b595d6da949903a764bd484ee54e38ff6277e882adbe965dd6d26ba15ef6ff6fcb8 DIST LibVNCServer-0.9.13.tar.gz 567491 BLAKE2B 138c7ca63f8cd30a21dc1b58aafa744e12a1a9eca503ffec18a63d18791d7a5df4eef176d7e4e797a2aadda1dd04d1b051abfd76bf5c6806d558c09ffee78cce SHA512 18b0a1698d32bbdbfe6f65f76130b2a95860e3cc76e8adb904269663698c7c0ae982f451fda1f25e5461f096045d40a89d9014258f439366d5b4feaa4999d643 diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2018-20750.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2018-20750.patch deleted file mode 100644 index 55f122d12584..000000000000 --- a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2018-20750.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> -Date: Mon, 7 Jan 2019 10:40:01 +0100 -Subject: [PATCH 01/51] Limit lenght to INT_MAX bytes in - rfbProcessFileTransferReadBuffer() - -This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap -out-of-bound write access in rfbProcessFileTransferReadBuffer() when -reading a transfered file content in a server. The former fix did not -work on platforms with a 32-bit int type (expected by rfbReadExact()). - -CVE-2018-15127 -<https://github.com/LibVNC/libvncserver/issues/243> -<https://github.com/LibVNC/libvncserver/issues/273> ---- - libvncserver/rfbserver.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index 7af8490..f2edbee 100644 ---- a/libvncserver/rfbserver.c -+++ b/libvncserver/rfbserver.c -@@ -88,6 +88,8 @@ - #include <errno.h> - /* strftime() */ - #include <time.h> -+/* INT_MAX */ -+#include <limits.h> - - #ifdef LIBVNCSERVER_WITH_WEBSOCKETS - #include "rfbssl.h" -@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length) - 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF - will safely be allocated since this check will never trigger and malloc() can digest length+1 - without problems as length is a uint32_t. -+ We also later pass length to rfbReadExact() that expects a signed int type and -+ that might wrap on platforms with a 32-bit int type if length is bigger -+ than 0X7FFFFFFF. - */ -- if(length == SIZE_MAX) { -+ if(length == SIZE_MAX || length > INT_MAX) { - rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length); - rfbCloseClient(cl); - return NULL; --- -2.23.0 - diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch deleted file mode 100644 index 301d1340d14c..000000000000 --- a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001 -From: Christian Beier <dontmind@freeshell.org> -Date: Mon, 19 Aug 2019 22:32:25 +0200 -Subject: [PATCH 48/51] rfbserver: don't leak stack memory to the remote - -Thanks go to Pavel Cheremushkin of Kaspersky for reporting. ---- - libvncserver/rfbserver.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index 3bacc89..310e548 100644 ---- a/libvncserver/rfbserver.c -+++ b/libvncserver/rfbserver.c -@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len) - rfbServerCutTextMsg sct; - rfbClientIteratorPtr iterator; - -+ memset((char *)&sct, 0, sizeof(sct)); -+ - iterator = rfbGetClientIterator(rfbScreen); - while ((cl = rfbClientIteratorNext(iterator)) != NULL) { - sct.type = rfbServerCutText; --- -2.23.0 - diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch deleted file mode 100644 index 5ef290129c72..000000000000 --- a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 54220248886b5001fbbb9fa73c4e1a2cb9413fed Mon Sep 17 00:00:00 2001 -From: Christian Beier <dontmind@freeshell.org> -Date: Sun, 17 Nov 2019 17:18:35 +0100 -Subject: [PATCH] libvncclient/cursor: limit width/height input values - -Avoids a possible heap overflow reported by Pavel Cheremushkin -<Pavel.Cheremushkin@kaspersky.com>. - -re #275 ---- - libvncclient/cursor.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/libvncclient/cursor.c b/libvncclient/cursor.c -index 67f4572..40ffb3b 100644 ---- a/libvncclient/cursor.c -+++ b/libvncclient/cursor.c -@@ -28,6 +28,8 @@ - #define OPER_SAVE 0 - #define OPER_RESTORE 1 - -+#define MAX_CURSOR_SIZE 1024 -+ - #define RGB24_TO_PIXEL(bpp,r,g,b) \ - ((((uint##bpp##_t)(r) & 0xFF) * client->format.redMax + 127) / 255 \ - << client->format.redShift | \ -@@ -54,6 +56,9 @@ rfbBool HandleCursorShape(rfbClient* client,int xhot, int yhot, int width, int h - if (width * height == 0) - return TRUE; - -+ if (width >= MAX_CURSOR_SIZE || height >= MAX_CURSOR_SIZE) -+ return FALSE; -+ - /* Allocate memory for pixel data and temporary mask data. */ - if(client->rcSource) - free(client->rcSource); --- -2.24.1 - diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch deleted file mode 100644 index cc6e4bdc9097..000000000000 --- a/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 3348a7e42e86dfb98dd7458ad29def476cf6096f Mon Sep 17 00:00:00 2001 -From: Christian Beier <dontmind@freeshell.org> -Date: Sat, 9 Feb 2019 13:23:26 +0100 -Subject: [PATCH 02/51] CMake: replace hardcoded 'lib' with - ${CMAKE_INSTALL_LIBDIR} - -Closes #281 ---- - CMakeLists.txt | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 873cc7b..55f7e65 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -9,6 +9,7 @@ include(CheckTypeSize) - include(TestBigEndian) - include(CheckCSourceCompiles) - include(CheckCSourceRuns) -+include(GNUInstallDirs) - - enable_testing() - -@@ -666,8 +667,8 @@ get_link_libraries(PRIVATE_LIBS vncclient) - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libvncclient.pc.cmakein ${CMAKE_CURRENT_BINARY_DIR}/libvncclient.pc @ONLY) - - --install_targets(/lib vncserver) --install_targets(/lib vncclient) -+install_targets(/${CMAKE_INSTALL_LIBDIR} vncserver) -+install_targets(/${CMAKE_INSTALL_LIBDIR} vncclient) - install_files(/include/rfb FILES - rfb/keysym.h - rfb/rfb.h -@@ -677,7 +678,7 @@ install_files(/include/rfb FILES - rfb/rfbregion.h - ) - --install_files(/lib/pkgconfig FILES -+install_files(/${CMAKE_INSTALL_LIBDIR}/pkgconfig FILES - libvncserver.pc - libvncclient.pc - ) --- -2.23.0 - diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-fix-shutdown-crash.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-fix-shutdown-crash.patch deleted file mode 100644 index 0ae8d38c6f89..000000000000 --- a/net-libs/libvncserver/files/libvncserver-0.9.12-fix-shutdown-crash.patch +++ /dev/null @@ -1,63 +0,0 @@ -From d0a76539835d11c0f4723499f8be4bc9c7724eb9 Mon Sep 17 00:00:00 2001 -From: Rajesh Sahoo <rajesh.sahoo@lge.com> -Date: Tue, 11 Jun 2019 15:13:04 +0530 -Subject: [PATCH] avoid pthread_join if backgroundLoop is FALSE - -client_thread is created depending upon backgroundLoop, but joining -without checking for same condition. so we are trying to join a garbage -thread_id. ---- - libvncserver/main.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libvncserver/main.c b/libvncserver/main.c -index d3cd9b1..772fb18 100644 ---- a/libvncserver/main.c -+++ b/libvncserver/main.c -@@ -1112,6 +1112,7 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) { - } - - #ifdef LIBVNCSERVER_HAVE_LIBPTHREAD -+ if(currentCl->screen->backgroundLoop) { - /* - Notify the thread. This simply writes a NULL byte to the notify pipe in order to get past the select() - in clientInput(), the loop in there will then break because the rfbCloseClient() above has set -@@ -1120,6 +1121,7 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) { - write(currentCl->pipe_notify_client_thread[1], "\x00", 1); - /* And wait for it to finish. */ - pthread_join(currentCl->client_thread, NULL); -+ } - #else - rfbClientConnectionGone(currentCl); - #endif --- -2.24.1 - -From 15c4f144a3783d9f1f2c976acf9f4d85988fd466 Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid <aacid@kde.org> -Date: Sun, 5 Jan 2020 19:56:57 +0100 -Subject: [PATCH] rfbShutdownServer: Call rfbClientConnectionGone if no - backgroundLoop - -Otherwise the servers that don't use rfbRunEventLoop don't get -notified of client disconnections ---- - libvncserver/main.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libvncserver/main.c b/libvncserver/main.c -index b51f0ab..738a501 100644 ---- a/libvncserver/main.c -+++ b/libvncserver/main.c -@@ -1152,6 +1152,8 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) { - write(currentCl->pipe_notify_client_thread[1], "\x00", 1); - /* And wait for it to finish. */ - pthread_join(currentCl->client_thread, NULL); -+ } else { -+ rfbClientConnectionGone(currentCl); - } - #else - rfbClientConnectionGone(currentCl); --- -2.24.1 - diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-fix-tight-raw-decoding.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-fix-tight-raw-decoding.patch deleted file mode 100644 index e862d634346f..000000000000 --- a/net-libs/libvncserver/files/libvncserver-0.9.12-fix-tight-raw-decoding.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 6b87d6154200667a66212f80068f7468eaa0f048 Mon Sep 17 00:00:00 2001 -From: DRC <information@virtualgl.org> -Date: Sat, 28 Sep 2019 14:54:30 -0500 -Subject: [PATCH 50/51] LibVNCClient: Fix regression in Tight/Raw decoding - -Introduced by d7b1462 in LibVNCServer 0.9.12. This regression caused -the pixels in some RFB rectangles to become corrupted/garbled when the -Tight encoding was used, without the JPEG subencoding, with a 15-bit or -16-bit color depth. - -Fixes #335 -Fixes https://gitlab.com/Remmina/Remmina/issues/1824 ---- - libvncclient/tight.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/libvncclient/tight.c b/libvncclient/tight.c -index df01812..0586f47 100644 ---- a/libvncclient/tight.c -+++ b/libvncclient/tight.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (C) 2017 D. R. Commander. All Rights Reserved. -+ * Copyright (C) 2017, 2019 D. R. Commander. All Rights Reserved. - * Copyright (C) 2004-2008 Sun Microsystems, Inc. All Rights Reserved. - * Copyright (C) 2004 Landmark Graphics Corporation. All Rights Reserved. - * Copyright (C) 2000, 2001 Const Kaplinsky. All Rights Reserved. -@@ -360,7 +360,8 @@ FilterCopyBPP (rfbClient* client, int srcx, int srcy, int numRows) - #endif - - for (y = 0; y < numRows; y++) -- memcpy (&dst[y*client->width], &client->buffer[y*client->rectWidth], -+ memcpy (&dst[y*client->width], -+ &client->buffer[y * client->rectWidth * (BPP / 8)], - client->rectWidth * (BPP / 8)); - } - --- -2.23.0 - diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-libgcrypt.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-libgcrypt.patch deleted file mode 100644 index a0313562ff1b..000000000000 --- a/net-libs/libvncserver/files/libvncserver-0.9.12-libgcrypt.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 57be637006a95091119f7a49b4232e461116520f Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy <alexander@tsoy.me> -Date: Sat, 25 May 2019 02:02:47 +0300 -Subject: [PATCH] crypto: rfbcrypto_gnutls is actually libgcrypt-based - -Long time ago gnutls used libgcrypt as a cryptographic backend. Perhaps -that was what caused the confusion. ---- - CMakeLists.txt | 9 ++++----- - common/{rfbcrypto_gnutls.c => rfbcrypto_libgcrypt.c} | 0 - 2 files changed, 4 insertions(+), 5 deletions(-) - rename common/{rfbcrypto_gnutls.c => rfbcrypto_libgcrypt.c} (100%) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index b9ca4ba..0d3b4dc 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -226,11 +226,10 @@ if(SYSTEMD_FOUND) - endif(SYSTEMD_FOUND) - - if(LIBVNCSERVER_HAVE_SYS_UIO_H) -- if(GNUTLS_FOUND) -- message(STATUS "Building crypto with GnuTLS") -- set(CRYPTO_LIBRARIES ${GNUTLS_LIBRARIES}) -- set(CRYPTO_SOURCES ${COMMON_DIR}/rfbcrypto_gnutls) -- include_directories(${GNUTLS_INCLUDE_DIR}) -+ if(WITH_GCRYPT AND LIBGCRYPT_LIBRARIES) -+ message(STATUS "Building crypto with Libgcrypt") -+ set(CRYPTO_LIBRARIES ${LIBGCRYPT_LIBRARIES}) -+ set(CRYPTO_SOURCES ${COMMON_DIR}/rfbcrypto_libgcrypt) - elseif(OPENSSL_FOUND) - message(STATUS "Building crypto with OpenSSL") - set(CRYPTO_LIBRARIES ${OPENSSL_LIBRARIES}) -diff --git a/common/rfbcrypto_gnutls.c b/common/rfbcrypto_libgcrypt.c -similarity index 100% -rename from common/rfbcrypto_gnutls.c -rename to common/rfbcrypto_libgcrypt.c --- -2.21.0 - diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-pkgconfig-libdir.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-pkgconfig-libdir.patch deleted file mode 100644 index 6a50ac892064..000000000000 --- a/net-libs/libvncserver/files/libvncserver-0.9.12-pkgconfig-libdir.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 36a71279ed5b10effecd879caf6c3791842ca713 Mon Sep 17 00:00:00 2001 -From: Christian Beier <dontmind@freeshell.org> -Date: Thu, 28 Mar 2019 21:06:36 +0100 -Subject: [PATCH 03/51] CMake: replace 'lib' with ${CMAKE_INSTALL_LIBDIR} for - pkgconfig files as well - -Thanks to https://github.com/ikelos for spotting this ;-) - -Closes #290 ---- - libvncclient.pc.cmakein | 2 +- - libvncserver.pc.cmakein | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libvncclient.pc.cmakein b/libvncclient.pc.cmakein -index 169a8b7..445f7e7 100644 ---- a/libvncclient.pc.cmakein -+++ b/libvncclient.pc.cmakein -@@ -1,6 +1,6 @@ - prefix=@CMAKE_INSTALL_PREFIX@ - exec_prefix=@CMAKE_INSTALL_PREFIX@ --libdir=@CMAKE_INSTALL_PREFIX@/lib -+libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@ - includedir=@CMAKE_INSTALL_PREFIX@/include - - Name: LibVNCClient -diff --git a/libvncserver.pc.cmakein b/libvncserver.pc.cmakein -index f38d74f..c689806 100644 ---- a/libvncserver.pc.cmakein -+++ b/libvncserver.pc.cmakein -@@ -1,6 +1,6 @@ - prefix=@CMAKE_INSTALL_PREFIX@ - exec_prefix=@CMAKE_INSTALL_PREFIX@ --libdir=@CMAKE_INSTALL_PREFIX@/lib -+libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@ - includedir=@CMAKE_INSTALL_PREFIX@/include - - Name: LibVNCServer --- -2.23.0 - diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-sparc-unaligned.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-sparc-unaligned.patch deleted file mode 100644 index dce787f1295a..000000000000 --- a/net-libs/libvncserver/files/libvncserver-0.9.12-sparc-unaligned.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0cf1400c61850065de590d403f6d49e32882fd76 Mon Sep 17 00:00:00 2001 -From: Rolf Eike Beer <eike@sf-mail.de> -Date: Tue, 28 May 2019 18:30:46 +0200 -Subject: [PATCH] fix crash because of unaligned accesses in - hybiReadAndDecode() - ---- - libvncserver/ws_decode.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/libvncserver/ws_decode.c b/libvncserver/ws_decode.c -index 441ebc7..10c44d1 100644 ---- a/libvncserver/ws_decode.c -+++ b/libvncserver/ws_decode.c -@@ -327,7 +327,6 @@ hybiReadAndDecode(ws_ctx_t *wsctx, char *dst, int len, int *sockRet, int nInBuf) - int bufsize; - int nextRead; - unsigned char *data; -- uint32_t *data32; - - /* if data was carried over, copy to start of buffer */ - memcpy(wsctx->writePos, wsctx->carryBuf, wsctx->carrylen); -@@ -383,10 +382,12 @@ hybiReadAndDecode(ws_ctx_t *wsctx, char *dst, int len, int *sockRet, int nInBuf) - /* for a possible base64 decoding, we decode multiples of 4 bytes until - * the whole frame is received and carry over any remaining bytes in the carry buf*/ - data = (unsigned char *)(wsctx->writePos - toDecode); -- data32= (uint32_t *)data; - - for (i = 0; i < (toDecode >> 2); i++) { -- data32[i] ^= wsctx->header.mask.u; -+ uint32_t tmp; -+ memcpy(&tmp, data + i * sizeof(tmp), sizeof(tmp)); -+ tmp ^= wsctx->header.mask.u; -+ memcpy(data + i * sizeof(tmp), &tmp, sizeof(tmp)); - } - ws_dbg("mask decoding; i=%d toDecode=%d\n", i, toDecode); - --- -2.16.4 - diff --git a/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild b/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild deleted file mode 100644 index 9ea5a4c3370d..000000000000 --- a/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit cmake - -MY_P="LibVNCServer-${PV}" - -DESCRIPTION="library for creating vnc servers" -HOMEPAGE="https://libvnc.github.io/" -SRC_URI="https://github.com/LibVNC/${PN}/archive/${MY_P}.tar.gz" -S="${WORKDIR}/${PN}-${MY_P}" - -# libvncserver/tightvnc-filetransfer/*: GPL-2, but we don't build it -# common/d3des.*: https://github.com/LibVNC/libvncserver/issues/88 -LICENSE="GPL-2+ LGPL-2.1+ BSD MIT" -# no sub slot wanted (yet), see #578958 -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux" -IUSE="+24bpp gcrypt gnutls ipv6 +jpeg libressl lzo +png sasl ssl systemd +threads +zlib" -# https://bugs.gentoo.org/690202 -# https://bugs.gentoo.org/435326 -# https://bugs.gentoo.org/550916 -REQUIRED_USE="jpeg? ( zlib ) png? ( zlib ) ssl? ( !gnutls? ( threads ) )" - -DEPEND=" - gcrypt? ( >=dev-libs/libgcrypt-1.5.3:0= ) - ssl? ( - !gnutls? ( - !libressl? ( >=dev-libs/openssl-1.0.2:0= ) - libressl? ( >=dev-libs/libressl-2.7.0:0= ) - ) - gnutls? ( >=net-libs/gnutls-2.12.23-r6:0= ) - ) - jpeg? ( >=virtual/jpeg-0-r2:0 ) - lzo? ( dev-libs/lzo ) - png? ( >=media-libs/libpng-1.6.10:0= ) - sasl? ( dev-libs/cyrus-sasl ) - systemd? ( sys-apps/systemd:= ) - zlib? ( >=sys-libs/zlib-1.2.8-r1:0= )" -RDEPEND="${DEPEND}" - -DOCS=( AUTHORS ChangeLog NEWS README.md TODO ) - -PATCHES=( - "${FILESDIR}"/${P}-cmake-libdir.patch - "${FILESDIR}"/${P}-pkgconfig-libdir.patch - "${FILESDIR}"/${P}-libgcrypt.patch - "${FILESDIR}"/${P}-sparc-unaligned.patch - "${FILESDIR}"/${P}-CVE-2018-20750.patch - "${FILESDIR}"/${P}-CVE-2019-15681.patch - "${FILESDIR}"/${P}-fix-tight-raw-decoding.patch - "${FILESDIR}"/${P}-fix-shutdown-crash.patch - "${FILESDIR}"/${P}-CVE-2019-15690.patch -) - -src_configure() { - local mycmakeargs=( - -DWITH_ZLIB=$(usex zlib ON OFF) - -DWITH_LZO=$(usex lzo ON OFF) - -DWITH_JPEG=$(usex jpeg ON OFF) - -DWITH_PNG=$(usex png ON OFF) - -DWITH_THREADS=$(usex threads ON OFF) - -DWITH_GNUTLS=$(usex gnutls $(usex ssl ON OFF) OFF) - -DWITH_OPENSSL=$(usex gnutls OFF $(usex ssl ON OFF)) - -DWITH_GCRYPT=$(usex gcrypt ON OFF) - -DWITH_SYSTEMD=$(usex systemd ON OFF) - -DWITH_FFMPEG=OFF - -DWITH_24BPP=$(usex 24bpp ON OFF) - -DWITH_IPv6=$(usex ipv6 ON OFF) - -DWITH_SASL=$(usex sasl ON OFF) - ) - cmake_src_configure -} |