dev-libs/capstone: bump up to 3.0.5-rc2, fix CVE-2017-6952, bug #612912

I don't believe 3.0.4 is affected:

- it's a vulnerability in windows kernel driver. Not something you can easily build in gentoo today as it requires MSVS to build a driver
- the windows code was added in capstone-3.0.5-rc1. It's not present in 3.0.4 in gentoo at all

But not to forget about the vulnerability on next bump
I'm bumping up to vilnerable release candidate and applying
the upstream patch to fix CVE-2017-6952.

Reported-by: Agostino Sarubbo
Bug: https://bugs.gentoo.org/612912
Package-Manager: Portage-2.3.5, Repoman-2.3.2

4 files changed, 102 insertions, 0 deletions

diff --git a/dev-libs/capstone/Manifest b/dev-libs/capstone/Manifest
index 239b44faf895..3f35304c88d7 100644
--- a/dev-libs/capstone/Manifest
+++ b/dev-libs/capstone/Manifest
@@ -1 +1,2 @@
 DIST capstone-3.0.4.tar.gz 2800818 SHA256 5d6dadf5864c56f8de66c66088fa68e849d0bff6577865a4f81b6f23112b14f2 SHA512 a5c29e7c559b5391d6a4ec9a7f766699ea6d321aa2f1fc57fdcec893107fa3ef2f5f6323629971c1129f1ca087df4f3ad03d0a8234d2eae368c8ccfec04dbf4d WHIRLPOOL 24aa002e215ee2a74c06a9be40218c78258a853028c74e1cdf95a5e2ea484471cf084cc8f5cc9db1aaefc16cf80a0b37480d4af60ca9119730334cbe2a02b906
+DIST capstone-3.0.5_rc2.tar.gz 2829338 SHA256 587c092454ad59137686529f3c008c265cc6d427a85d5d2e8f6a902b72d215b3 SHA512 31bafdb0b3183d0c054a4244cc135db9a3c3dc5cb2e2af706bfede0d53cca8cba81d74b74ef9a4adbfd6c79cc408864dd80b8203791e17bd6c98bb69ea4f6894 WHIRLPOOL 11a84f178cae68507d2686a81ca6cbc84b6402cb02e7278c03ec598887a0aa02d28a9ecbf388e09c8c3ae8d8ecf323dd4eaa211f79969089c4c7d6fbbe022349
diff --git a/dev-libs/capstone/capstone-3.0.5_rc2.ebuild b/dev-libs/capstone/capstone-3.0.5_rc2.ebuild
new file mode 100644
index 000000000000..80fb03207d64
--- /dev/null
+++ b/dev-libs/capstone/capstone-3.0.5_rc2.ebuild
@@ -0,0 +1,44 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit toolchain-funcs
+
+DESCRIPTION="disassembly/disassembler framework + bindings"
+HOMEPAGE="http://www.capstone-engine.org/"
+SRC_URI="https://github.com/aquynh/${PN}/archive/${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0/3" # libcapstone.so.3
+KEYWORDS="~amd64 ~arm ~x86"
+
+RDEPEND=""
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-CVE-2017-6952.patch
+	"${FILESDIR}"/${P}-FLAGS.patch
+)
+
+S=${WORKDIR}/${P/_rc/-rc}
+
+src_configure() {
+	{
+		cat <<-EOF
+		# Gentoo overrides:
+		#   verbose build
+		V = 1
+		#   toolchain
+		AR = $(tc-getAR)
+		CC = $(tc-getCC)
+		RANLIB = $(tc-getRANLIB)
+		#  toolchain flags
+		CFLAGS = ${CFLAGS}
+		LDFLAGS = ${LDFLAGS}
+		#  libs
+		LIBDIRARCH = $(get_libdir)
+		EOF
+	} >> config.mk || die
+
+}
diff --git a/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch b/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch
new file mode 100644
index 000000000000..ba16126f7411
--- /dev/null
+++ b/dev-libs/capstone/files/capstone-3.0.5_rc2-CVE-2017-6952.patch
@@ -0,0 +1,41 @@
+commit 6fe86eef621b9849f51a5e1e5d73258a93440403
+Author: Quang Nguyễn <quangnh89@users.noreply.github.com>
+Date:   Mon Mar 13 22:34:48 2017 +0700
+
+    provide a validity check to prevent against Integer overflow conditions (#870)
+    
+    * provide a validity check to prevent against Integer overflow conditions
+    
+    * fix some style issues.
+
+diff --git a/windows/winkernel_mm.c b/windows/winkernel_mm.c
+index c127da3a..ecdc1ca2 100644
+--- a/windows/winkernel_mm.c
++++ b/windows/winkernel_mm.c
+@@ -3,6 +3,7 @@
+ 
+ #include "winkernel_mm.h"
+ #include <ntddk.h>
++#include <Ntintsafe.h>
+ 
+ // A pool tag for memory allocation
+ static const ULONG CS_WINKERNEL_POOL_TAG = 'kwsC';
+@@ -33,8 +34,16 @@ void * CAPSTONE_API cs_winkernel_malloc(size_t size)
+ 
+ 	// FP; a use of NonPagedPool is required for Windows 7 support
+ #pragma prefast(suppress : 30030)		// Allocating executable POOL_TYPE memory
+-	CS_WINKERNEL_MEMBLOCK *block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag(
+-			NonPagedPool, size + sizeof(CS_WINKERNEL_MEMBLOCK), CS_WINKERNEL_POOL_TAG);
++	size_t number_of_bytes = 0;
++	CS_WINKERNEL_MEMBLOCK *block = NULL;
++	// A specially crafted size value can trigger the overflow.
++	// If the sum in a value that overflows or underflows the capacity of the type,
++	// the function returns NULL.
++	if (!NT_SUCCESS(RtlSizeTAdd(size, sizeof(CS_WINKERNEL_MEMBLOCK), &number_of_bytes))) {
++		return NULL;
++	}
++	block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag(
++			NonPagedPool, number_of_bytes, CS_WINKERNEL_POOL_TAG);
+ 	if (!block) {
+ 		return NULL;
+ 	}
diff --git a/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch b/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch
new file mode 100644
index 000000000000..4be2ed4ba0e6
--- /dev/null
+++ b/dev-libs/capstone/files/capstone-3.0.5_rc2-FLAGS.patch
@@ -0,0 +1,16 @@
+Add support for user overridden CFLAGS and LDFLAGS
+diff --git a/cstool/Makefile b/cstool/Makefile
+index 450ac1b..3cf2a81 100644
+--- a/cstool/Makefile
++++ b/cstool/Makefile
+@@ -3,2 +3,3 @@
+ include ../functions.mk
++include ../config.mk
+ 
+@@ -8,4 +9,4 @@ LIBNAME = capstone
+ 
+-CFLAGS = -I../include
+-LDFLAGS = -O3 -Wall -L.. -l$(LIBNAME)
++CFLAGS += -I../include
++LDFLAGS += -Wall -L.. -l$(LIBNAME)
+