From dd4ad81b5d8ba426b3d2d75b27f9993119f73e30 Mon Sep 17 00:00:00 2001
From: Jonathan Scruggs <j.scruggs@gmail.com>
Date: Sat, 23 Sep 2017 14:04:39 +0100
Subject: [PATCH] media-libs/openexr: Revision bump to 2.2.0-r2

* Added patch to fix a typo in the C bindings
* Added patch to install the missing header files
* Added patch to fix security issues:
  CVE-2017-9110, CVE-2017-9111, CVE-2017-9112, CVE-2017-9113,
  CVE-2017-9114, CVE-2017-9115, CVE-2017-9116
* Fixed build system patch
* Added tabs in the metadata.xml file

Closes: https://bugs.gentoo.org/616996
Closes: https://bugs.gentoo.org/631382
Closes: https://bugs.gentoo.org/620324
---
 ...CVE-2017-9110-to-9116-security-fixes.patch | 98 +++++++++++++++++++
 ...openexr-2.2.0-Fix-typo-in-C-bindings.patch | 26 +++++
 ...r-2.2.0-Install-missing-header-files.patch | 60 ++++++++++++
 .../openexr-2.2.0-fix-build-system.patch      |  4 +-
 media-libs/openexr/metadata.xml               |  9 +-
 media-libs/openexr/openexr-2.2.0-r2.ebuild    | 64 ++++++++++++
 6 files changed, 256 insertions(+), 5 deletions(-)
 create mode 100644 media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch
 create mode 100644 media-libs/openexr/files/openexr-2.2.0-Fix-typo-in-C-bindings.patch
 create mode 100644 media-libs/openexr/files/openexr-2.2.0-Install-missing-header-files.patch
 create mode 100644 media-libs/openexr/openexr-2.2.0-r2.ebuild

diff --git a/media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch b/media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch
new file mode 100644
index 0000000000000..0a37ee9c2d991
--- /dev/null
+++ b/media-libs/openexr/files/openexr-2.2.0-CVE-2017-9110-to-9116-security-fixes.patch
@@ -0,0 +1,98 @@
+From c2b32f21cbe2db7c7ef485d62ffe9bec8eaa5165 Mon Sep 17 00:00:00 2001
+From: Shawn Walker-Salas <shawn.walker@oracle.com>
+Date: Tue, 30 May 2017 19:07:52 -0700
+Subject: [PATCH] CVE-2017-{9110,9111,9112,9113,9114,9115,9116} fixes
+
+---
+ OpenEXR/IlmImf/ImfDwaCompressor.cpp |  7 ++++++-
+ OpenEXR/IlmImf/ImfHuf.cpp           | 10 ++++++----
+ OpenEXR/IlmImf/ImfPizCompressor.cpp |  6 ++++++
+ 3 files changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/IlmImf/ImfDwaCompressor.cpp b/IlmImf/ImfDwaCompressor.cpp
+index 1c1bd45..2ef8878 100644
+--- a/IlmImf/ImfDwaCompressor.cpp
++++ b/IlmImf/ImfDwaCompressor.cpp
+@@ -2377,7 +2377,12 @@ DwaCompressor::uncompress
+ 
+     const char *dataPtr            = inPtr + NUM_SIZES_SINGLE * sizeof(Int64);
+ 
+-    if (inSize < headerSize + compressedSize) 
++    /* Both the sum and individual sizes are checked in case of overflow. */
++    if (inSize < (headerSize + compressedSize) ||
++        inSize < unknownCompressedSize ||
++        inSize < acCompressedSize ||
++        inSize < dcCompressedSize ||
++        inSize < rleCompressedSize)
+     {
+         throw Iex::InputExc("Error uncompressing DWA data"
+                             "(truncated file).");
+diff --git a/IlmImf/ImfHuf.cpp b/IlmImf/ImfHuf.cpp
+index a375d05..97909a5 100644
+--- a/IlmImf/ImfHuf.cpp
++++ b/IlmImf/ImfHuf.cpp
+@@ -822,7 +822,7 @@ hufEncode				// return: output size (in bits)
+ }
+ 
+ 
+-#define getCode(po, rlc, c, lc, in, out, oe)	\
++#define getCode(po, rlc, c, lc, in, out, ob, oe)\
+ {						\
+     if (po == rlc)				\
+     {						\
+@@ -835,6 +835,8 @@ hufEncode				// return: output size (in bits)
+ 						\
+ 	if (out + cs > oe)			\
+ 	    tooMuchData();			\
++	else if (out - 1 < ob)			\
++	    notEnoughData();			\
+ 						\
+ 	unsigned short s = out[-1];		\
+ 						\
+@@ -895,7 +897,7 @@ hufDecode
+ 		//
+ 
+ 		lc -= pl.len;
+-		getCode (pl.lit, rlc, c, lc, in, out, oe);
++		getCode (pl.lit, rlc, c, lc, in, out, outb, oe);
+ 	    }
+ 	    else
+ 	    {
+@@ -925,7 +927,7 @@ hufDecode
+ 			    //
+ 
+ 			    lc -= l;
+-			    getCode (pl.p[j], rlc, c, lc, in, out, oe);
++			    getCode (pl.p[j], rlc, c, lc, in, out, outb, oe);
+ 			    break;
+ 			}
+ 		    }
+@@ -952,7 +954,7 @@ hufDecode
+ 	if (pl.len)
+ 	{
+ 	    lc -= pl.len;
+-	    getCode (pl.lit, rlc, c, lc, in, out, oe);
++	    getCode (pl.lit, rlc, c, lc, in, out, outb, oe);
+ 	}
+ 	else
+ 	{
+diff --git a/IlmImf/ImfPizCompressor.cpp b/IlmImf/ImfPizCompressor.cpp
+index 46c6fba..8b3ee38 100644
+--- a/IlmImf/ImfPizCompressor.cpp
++++ b/IlmImf/ImfPizCompressor.cpp
+@@ -573,6 +573,12 @@ PizCompressor::uncompress (const char *inPtr,
+     int length;
+     Xdr::read <CharPtrIO> (inPtr, length);
+ 
++    if (length > inSize)
++    {
++	throw InputExc ("Error in header for PIZ-compressed data "
++			"(invalid array length).");
++    }
++
+     hufUncompress (inPtr, length, _tmpBuffer, tmpBufferEnd - _tmpBuffer);
+ 
+     //
+-- 
+2.14.1
+
diff --git a/media-libs/openexr/files/openexr-2.2.0-Fix-typo-in-C-bindings.patch b/media-libs/openexr/files/openexr-2.2.0-Fix-typo-in-C-bindings.patch
new file mode 100644
index 0000000000000..966e95e72c3ca
--- /dev/null
+++ b/media-libs/openexr/files/openexr-2.2.0-Fix-typo-in-C-bindings.patch
@@ -0,0 +1,26 @@
+From c229dfe63380f41dfae1e977b10dfc7c49c7efc7 Mon Sep 17 00:00:00 2001
+From: Edward Kmett <ekmett@gmail.com>
+Date: Wed, 9 Dec 2015 12:15:48 -0500
+Subject: [PATCH] Fix typo in C bindings (Close #140)
+
+IMF_RAMDOM_Y should be IMF_RANDOM_Y
+---
+ OpenEXR/IlmImf/ImfCRgbaFile.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/IlmImf/ImfCRgbaFile.h b/IlmImf/ImfCRgbaFile.h
+index 5ac2bf8..db58247 100644
+--- a/IlmImf/ImfCRgbaFile.h
++++ b/IlmImf/ImfCRgbaFile.h
+@@ -98,7 +98,7 @@ typedef struct ImfRgba ImfRgba;
+ 
+ #define IMF_INCREASING_Y	0
+ #define IMF_DECREASING_Y	1
+-#define IMF_RAMDOM_Y		2
++#define IMF_RANDOM_Y		2
+ 
+ 
+ /*
+-- 
+2.14.1
+
diff --git a/media-libs/openexr/files/openexr-2.2.0-Install-missing-header-files.patch b/media-libs/openexr/files/openexr-2.2.0-Install-missing-header-files.patch
new file mode 100644
index 0000000000000..1075cd9a30fab
--- /dev/null
+++ b/media-libs/openexr/files/openexr-2.2.0-Install-missing-header-files.patch
@@ -0,0 +1,60 @@
+From a018f82655402421a995565dd4a5192259cbc207 Mon Sep 17 00:00:00 2001
+From: Jonathan Scruggs <j.scruggs@gmail.com>
+Date: Sat, 23 Sep 2017 10:36:40 +0100
+Subject: [PATCH] OpenEXR: Install missing header files
+
+Some header files are not installed via Autotools, but are with
+CMake which breaks compatibility with certain programs. This patch
+enables Autotools to install these header files.
+
+Signed-off by: Jonathan Scruggs <j.scruggs@gmail.com>
+---
+ OpenEXR/IlmImf/Makefile.am     |  3 ++-
+ OpenEXR/IlmImfUtil/Makefile.am | 17 +++++++++++++++++
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/IlmImf/Makefile.am b/IlmImf/Makefile.am
+index a7c219c..b7b96ac 100644
+--- a/IlmImf/Makefile.am
++++ b/IlmImf/Makefile.am
+@@ -162,7 +162,8 @@ libIlmImfinclude_HEADERS = ImfForward.h ImfAttribute.h ImfBoxAttribute.h \
+ 			   ImfMisc.h          \
+ 			   ImfPartHelper.h \
+ 			   ImfDeepImageState.h \
+-			   ImfDeepImageStateAttribute.h
++			   ImfDeepImageStateAttribute.h \
++			   ImfFloatVectorAttribute.h
+ 
+ noinst_HEADERS = ImfCompressor.h    \
+ 		 ImfRleCompressor.h \
+diff --git a/IlmImfUtil/Makefile.am b/IlmImfUtil/Makefile.am
+index 8005ee1..e1d3674 100644
+--- a/IlmImfUtil/Makefile.am
++++ b/IlmImfUtil/Makefile.am
+@@ -33,6 +33,23 @@ libIlmImfUtil_la_LIBADD =  -L$(top_builddir)/IlmImf $(ILMBASE_LIBS) -lIlmImf
+ 
+ libIlmImfUtilincludedir = $(includedir)/OpenEXR
+ 
++libIlmImfUtilinclude_HEADERS = ImfFlatImage.h \
++			       ImfDeepImage.h \
++			       ImfDeepImageChannel.h \
++			       ImfImageLevel.h \
++			       ImfDeepImageLevel.h \
++			       ImfDeepImageIO.h \
++			       ImfImageChannelRenaming.h \
++			       ImfImageIO.h \
++			       ImfFlatImageChannel.h \
++			       ImfImage.h \
++			       ImfFlatImageLevel.h \
++			       ImfImageDataWindow.h \
++			       ImfSampleCountChannel.h \
++			       ImfFlatImageIO.h \
++			       ImfImageChannel.h
++
++
+ EXTRA_DIST = CMakeLists.txt
+ 
+ INCLUDES = \
+-- 
+2.14.1
+
diff --git a/media-libs/openexr/files/openexr-2.2.0-fix-build-system.patch b/media-libs/openexr/files/openexr-2.2.0-fix-build-system.patch
index 446e4e53c872a..3ccfb1da7ac5d 100644
--- a/media-libs/openexr/files/openexr-2.2.0-fix-build-system.patch
+++ b/media-libs/openexr/files/openexr-2.2.0-fix-build-system.patch
@@ -69,8 +69,8 @@
 -AC_DEFINE_UNQUOTED(OPENEXR_VERSION_MAJOR, ${OPENEXR_VERSION_MAJOR})
 -AC_DEFINE_UNQUOTED(OPENEXR_VERSION_MINOR, ${OPENEXR_VERSION_MINOR})
 -AC_DEFINE_UNQUOTED(OPENEXR_VERSION_PATCH, ${OPENEXR_VERSION_PATCH})
-+AC_DEFINE_UNQUOTED([OPENEXR_VERSION_STRING], [${VERSION}], [OpenEXR version string])
-+AC_DEFINE_UNQUOTED([OPENEXR_PACKAGE_STRING], [${PACKAGE_STRING}], [OpenEXR version string])
++AC_DEFINE_UNQUOTED([OPENEXR_VERSION_STRING], ["${VERSION}"], [OpenEXR version string])
++AC_DEFINE_UNQUOTED([OPENEXR_PACKAGE_STRING], ["${PACKAGE_STRING}"], [OpenEXR version string])
 +AC_DEFINE_UNQUOTED([OPENEXR_VERSION_MAJOR], [${OPENEXR_VERSION_MAJOR}], [OpenEXR version string])
 +AC_DEFINE_UNQUOTED([OPENEXR_VERSION_MINOR], [${OPENEXR_VERSION_MINOR}], [OpenEXR version string])
 +AC_DEFINE_UNQUOTED([OPENEXR_VERSION_PATCH], [${OPENEXR_VERSION_PATCH}], [OpenEXR version string])
diff --git a/media-libs/openexr/metadata.xml b/media-libs/openexr/metadata.xml
index 0427ec20bfd46..fc9e500d69e1d 100644
--- a/media-libs/openexr/metadata.xml
+++ b/media-libs/openexr/metadata.xml
@@ -1,7 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<maintainer type="project">
-<email>media-video@gentoo.org</email>
-</maintainer>
+	<maintainer type="project">
+		<email>media-video@gentoo.org</email>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">openexr/openexr</remote-id>
+	</upstream>
 </pkgmetadata>
diff --git a/media-libs/openexr/openexr-2.2.0-r2.ebuild b/media-libs/openexr/openexr-2.2.0-r2.ebuild
new file mode 100644
index 0000000000000..91e85f36c2b7c
--- /dev/null
+++ b/media-libs/openexr/openexr-2.2.0-r2.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools multilib-minimal
+
+DESCRIPTION="ILM's OpenEXR high dynamic-range image file format libraries"
+HOMEPAGE="http://openexr.com/"
+SRC_URI="http://download.savannah.gnu.org/releases/openexr/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0/22" # based on SONAME
+KEYWORDS="~amd64 -arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-solaris"
+IUSE="cpu_flags_x86_avx examples static-libs"
+
+RDEPEND="
+	sys-libs/zlib[${MULTILIB_USEDEP}]
+	>=media-libs/ilmbase-${PV}:=[${MULTILIB_USEDEP}]"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig[${MULTILIB_USEDEP}]
+	>=sys-devel/autoconf-archive-2016.09.16"
+
+PATCHES=(
+	"${FILESDIR}/${P}-fix-cpuid-on-abi_x86_32.patch"
+	"${FILESDIR}/${P}-use-ull-for-64-bit-literals.patch"
+	"${FILESDIR}/${P}-fix-build-system.patch"
+	"${FILESDIR}/${P}-fix-config.h-collision.patch"
+	"${FILESDIR}/${P}-Fix-typo-in-C-bindings.patch"
+	"${FILESDIR}/${P}-Install-missing-header-files.patch"
+	"${FILESDIR}/${P}-CVE-2017-9110-to-9116-security-fixes.patch"
+)
+
+src_prepare() {
+	default
+	# Fix path for testsuite
+	sed -i -e "s:/var/tmp/:${T}:" IlmImfTest/tmpDir.h || die
+
+	# delete stray config files causing havoc
+	rm -f config*/OpenEXRConfig.h* || die
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	ECONF_SOURCE="${S}" econf \
+		--enable-threading \
+		$(use_enable cpu_flags_x86_avx avx) \
+		$(use_enable static-libs static) \
+		$(use_enable examples imfexamples)
+}
+
+multilib_src_install_all() {
+	einstalldocs
+
+	if use examples; then
+		docompress -x /usr/share/doc/${PF}/examples
+	else
+		rm -rf "${ED%/}"/usr/share/doc/${PF}/examples || die
+	fi
+
+	# package provides .pc files
+	find "${D}" -name '*.la' -delete || die
+}