commit: b684427f2fbb85f3f5f895f7794b81d6f83a4bea Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org> AuthorDate: Wed Feb 7 19:40:40 2018 +0000 Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org> CommitDate: Wed Feb 7 19:41:01 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b684427f
app-arch/p7zip: for CVE-2017-17969, CVE-2018-5996 Bug: https://bugs.gentoo.org/645500 Package-Manager: Portage-2.3.19, Repoman-2.3.6 app-arch/p7zip/files/CVE-2017-17969.patch | 26 ++++ app-arch/p7zip/files/CVE-2018-5996.patch | 221 ++++++++++++++++++++++++++++++ app-arch/p7zip/p7zip-16.02-r2.ebuild | 163 ++++++++++++++++++++++ 3 files changed, 410 insertions(+) diff --git a/app-arch/p7zip/files/CVE-2017-17969.patch b/app-arch/p7zip/files/CVE-2017-17969.patch new file mode 100644 index 00000000000..9a820af7306 --- /dev/null +++ b/app-arch/p7zip/files/CVE-2017-17969.patch @@ -0,0 +1,26 @@ +From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <[email protected]> +Date: Sun, 28 Jan 2018 21:19:50 +0100 +Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta + +--- + CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp +index 80b7e67..4acdce5 100644 +--- a/CPP/7zip/Compress/ShrinkDecoder.cpp ++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp +@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + { + _stack[i++] = _suffixes[cur]; + cur = _parents[cur]; +- } ++ if (i >= kNumItems) ++ break; ++ } ++ ++ if (i >= kNumItems) ++ break; + + _stack[i++] = (Byte)cur; + lastChar2 = (Byte)cur; diff --git a/app-arch/p7zip/files/CVE-2018-5996.patch b/app-arch/p7zip/files/CVE-2018-5996.patch new file mode 100644 index 00000000000..6733bff9189 --- /dev/null +++ b/app-arch/p7zip/files/CVE-2018-5996.patch @@ -0,0 +1,221 @@ +From: Robert Luberda <[email protected]> +Date: Sun, 28 Jan 2018 23:47:40 +0100 +Subject: CVE-2018-5996 + +Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by +applying a few changes from 7Zip 18.00-beta. + +Bug-Debian: https://bugs.debian.org/#888314 +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++---- + CPP/7zip/Compress/Rar1Decoder.h | 1 + + CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++- + CPP/7zip/Compress/Rar2Decoder.h | 1 + + CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++--- + CPP/7zip/Compress/Rar3Decoder.h | 2 ++ + 6 files changed, 42 insertions(+), 8 deletions(-) + +diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp +index 1aaedcc..68030c7 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.cpp ++++ b/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false) { } ++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + InitData(); + if (!m_IsSolid) + { ++ _errorMode = false; + InitStructures(); + InitHuff(); + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (m_UnpackSize > 0) + { + GetFlagsBuf(); +@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) + { + try { return CodeReal(inStream, outStream, inSize, outSize, progress); } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(const CLzOutWindowException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + } + + STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) +diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h +index 630f089..01b606b 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.h ++++ b/CPP/7zip/Compress/Rar1Decoder.h +@@ -39,6 +39,7 @@ public: + + Int64 m_UnpackSize; + bool m_IsSolid; ++ bool _errorMode; + + UInt32 ReadBits(int numBits); + HRESULT CopyBlock(UInt32 distance, UInt32 len); +diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp +index b3f2b4b..0580c8d 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.cpp ++++ b/CPP/7zip/Compress/Rar2Decoder.cpp +@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20; + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false) ++ m_IsSolid(false), ++ m_TablesOK(false) + { + } + +@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB + + bool CDecoder::ReadTables(void) + { ++ m_TablesOK = false; ++ + Byte levelLevels[kLevelTableSize]; + Byte newLevels[kMaxTableSize]; + m_AudioMode = (ReadBits(1) == 1); +@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void) + } + + memcpy(m_LastLevels, newLevels, kMaxTableSize); ++ m_TablesOK = true; ++ + return true; + } + +@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + return S_FALSE; + } + ++ if (!m_TablesOK) ++ return S_FALSE; ++ + UInt64 startPos = m_OutWindowStream.GetProcessedSize(); + while (pos < unPackSize) + { +diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h +index 3a0535c..0e9005f 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.h ++++ b/CPP/7zip/Compress/Rar2Decoder.h +@@ -139,6 +139,7 @@ class CDecoder : + + UInt64 m_PackSize; + bool m_IsSolid; ++ bool m_TablesOK; + + void InitStructures(); + UInt32 ReadBits(unsigned numBits); +diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp +index 3bf2513..6cb8a6a 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.cpp ++++ b/CPP/7zip/Compress/Rar3Decoder.cpp +@@ -92,7 +92,8 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false) ++ m_IsSolid(false), ++ _errorMode(false) + { + Ppmd7_Construct(&_ppmd); + } +@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) + return InitPPM(); + } + ++ TablesRead = false; ++ TablesOK = false; ++ + _lzMode = true; + PrevAlignBits = 0; + PrevAlignCount = 0; +@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) + } + } + } ++ if (InputEofError()) ++ return S_FALSE; ++ + TablesRead = true; + + // original code has check here: +@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) + RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); + + memcpy(m_LastLevels, newLevels, kTablesSizesSum); ++ ++ TablesOK = true; ++ + return S_OK; + } + +@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + PpmEscChar = 2; + PpmError = true; + InitFilters(); ++ _errorMode = false; + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (!m_IsSolid || !TablesRead) + { + bool keepDecompressing; +@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + bool keepDecompressing; + if (_lzMode) + { ++ if (!TablesOK) ++ return S_FALSE; + RINOK(DecodeLZ(keepDecompressing)) + } + else +@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; + return CodeReal(progress); + } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + // CNewException is possible here. But probably CNewException is caused + // by error in data stream. + } +diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h +index c130cec..2f72d7d 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.h ++++ b/CPP/7zip/Compress/Rar3Decoder.h +@@ -192,6 +192,7 @@ class CDecoder: + UInt32 _lastFilter; + + bool m_IsSolid; ++ bool _errorMode; + + bool _lzMode; + bool _unsupportedFilter; +@@ -200,6 +201,7 @@ class CDecoder: + UInt32 PrevAlignCount; + + bool TablesRead; ++ bool TablesOK; + + CPpmd7 _ppmd; + int PpmEscChar; diff --git a/app-arch/p7zip/p7zip-16.02-r2.ebuild b/app-arch/p7zip/p7zip-16.02-r2.ebuild new file mode 100644 index 00000000000..4bcce404532 --- /dev/null +++ b/app-arch/p7zip/p7zip-16.02-r2.ebuild @@ -0,0 +1,163 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +WX_GTK_VER="3.0" + +inherit toolchain-funcs wxwidgets + +DESCRIPTION="Port of 7-Zip archiver for Unix" +HOMEPAGE="http://p7zip.sourceforge.net/"; +SRC_URI="mirror://sourceforge/${PN}/${PN}_${PV}_src_all.tar.bz2" + +LICENSE="LGPL-2.1 rar? ( unRAR )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris" +IUSE="abi_x86_x32 doc kde +pch rar static wxwidgets" + +REQUIRED_USE="kde? ( wxwidgets )" + +RDEPEND="wxwidgets? ( x11-libs/wxGTK:${WX_GTK_VER}[X] )" +DEPEND="${RDEPEND} + abi_x86_x32? ( >=dev-lang/yasm-1.2.0-r1 ) + amd64? ( dev-lang/yasm ) + x86? ( dev-lang/nasm )" + +S=${WORKDIR}/${PN}_${PV} + +DOCS=( ChangeLog README TODO ) + +PATCHES=( + "${FILESDIR}"/${P}-darwin.patch + "${FILESDIR}"/CVE-2017-17969.patch + "${FILESDIR}"/CVE-2018-5996.patch +) + +src_prepare() { + default + + if ! use pch; then + sed "s:PRE_COMPILED_HEADER=StdAfx.h.gch:PRE_COMPILED_HEADER=:g" -i makefile.* || die + fi + + sed \ + -e 's:-m32 ::g' \ + -e 's:-m64 ::g' \ + -e 's:-pipe::g' \ + -e '/ALLFLAGS/s:-s ::' \ + -e "/OPTFLAGS=/s:=.*:=${CXXFLAGS}:" \ + -i makefile* || die + + # remove non-free RAR codec + if use rar; then + ewarn "Enabling nonfree RAR decompressor" + else + sed \ + -e '/Rar/d' \ + -e '/RAR/d' \ + -i makefile* CPP/7zip/Bundles/Format7zFree/makefile || die + rm -rf CPP/7zip/Compress/Rar || die + fi + + if use abi_x86_x32; then + sed -i -e "/^ASM=/s:amd64:x32:" makefile* || die + cp -f makefile.linux_amd64_asm makefile.machine || die + elif use amd64; then + cp -f makefile.linux_amd64_asm makefile.machine || die + elif use x86; then + cp -f makefile.linux_x86_asm_gcc_4.X makefile.machine || die + elif [[ ${CHOST} == *-darwin* ]] ; then + # Mac OS X needs this special makefile, because it has a non-GNU + # linker, it doesn't matter so much for bitwidth, for it doesn't + # do anything with it + cp -f makefile.macosx_llvm_64bits makefile.machine + # bundles have extension .bundle but don't die because USE=-rar + # removes the Rar directory + sed -i -e '/strcpy(name/s/\.so/.bundle/' \ + CPP/Windows/DLL.cpp || die + sed -i -e '/^PROG=/s/\.so/.bundle/' \ + CPP/7zip/Bundles/Format7zFree/makefile.list \ + $(use rar && echo CPP/7zip/Compress/Rar/makefile.list) || die + elif use x86-fbsd; then + # FreeBSD needs this special makefile, because it hasn't -ldl + sed -e 's/-lc_r/-pthread/' makefile.freebsd > makefile.machine + fi + + if use static; then + sed -i -e '/^LOCAL_LIBS=/s/LOCAL_LIBS=/&-static /' makefile.machine || die + fi + + if use kde || use wxwidgets; then + need-wxwidgets unicode + einfo "Preparing dependency list" + emake depend + fi +} + +src_compile() { + emake CC=$(tc-getCC) CXX=$(tc-getCXX) all3 + if use kde || use wxwidgets; then + emake CC=$(tc-getCC) CXX=$(tc-getCXX) -- 7zG +# emake -- 7zFM + fi +} + +src_test() { + emake test test_7z test_7zr +} + +src_install() { + # this wrappers can not be symlinks, p7zip should be called with full path + make_wrapper 7zr "/usr/$(get_libdir)/${PN}/7zr" + make_wrapper 7za "/usr/$(get_libdir)/${PN}/7za" + make_wrapper 7z "/usr/$(get_libdir)/${PN}/7z" + + if use kde || use wxwidgets; then + make_wrapper 7zG "/usr/$(get_libdir)/${PN}/7zG" +# make_wrapper 7zFM "/usr/$(get_libdir)/${PN}/7zFM" + +# make_desktop_entry 7zFM "${PN} FM" ${PN} "GTK;Utility;Archiving;Compression" + + dobin GUI/p7zipForFilemanager + exeinto /usr/$(get_libdir)/${PN} +# doexe bin/7z{G,FM} + doexe bin/7zG + + insinto /usr/$(get_libdir)/${PN} + doins -r GUI/Lang + doins -r DOC/MANUAL + + insinto /usr/share/icons/hicolor/16x16/apps/ + newins GUI/p7zip_16_ok.png p7zip.png + + if use kde; then + rm GUI/kde4/p7zip_compress.desktop || die + insinto /usr/share/kservices5/ServiceMenus + doins GUI/kde4/*.desktop + dodir /usr/share/kde4/services/ServiceMenus # drop these lines after konqueror:4/krusader:4 are gone + for item in "${ED}"usr/share/kservices5/ServiceMenus/*.desktop; do + item="$(basename ${item})" + dosym "/usr/share/kservices5/ServiceMenus/${item}" "/usr/share/kde4/services/ServiceMenus/${item}" + done + fi + fi + + dobin contrib/gzip-like_CLI_wrapper_for_7z/p7zip + doman contrib/gzip-like_CLI_wrapper_for_7z/man1/p7zip.1 + + exeinto /usr/$(get_libdir)/${PN} + doexe bin/7z bin/7za bin/7zr bin/7zCon.sfx + doexe bin/*$(get_modname) + if use rar; then + exeinto /usr/$(get_libdir)/${PN}/Codecs/ + doexe bin/Codecs/*$(get_modname) + fi + + doman man1/7z.1 man1/7za.1 man1/7zr.1 + + if use doc; then + dodoc DOC/*.txt + dohtml -r DOC/MANUAL/* + fi +}
