Date: Saturday, June 9, 2018 @ 19:54:57 Author: foutrelis Revision: 326604
archrelease: copy trunk to extra-x86_64 Added: p7zip/repos/extra-x86_64/CVE-2016-9296.patch (from rev 326603, p7zip/trunk/CVE-2016-9296.patch) p7zip/repos/extra-x86_64/CVE-2017-17969.patch (from rev 326603, p7zip/trunk/CVE-2017-17969.patch) p7zip/repos/extra-x86_64/CVE-2018-10115.patch (from rev 326603, p7zip/trunk/CVE-2018-10115.patch) p7zip/repos/extra-x86_64/CVE-2018-5996.patch (from rev 326603, p7zip/trunk/CVE-2018-5996.patch) p7zip/repos/extra-x86_64/PKGBUILD (from rev 326603, p7zip/trunk/PKGBUILD) p7zip/repos/extra-x86_64/p7zip.install (from rev 326603, p7zip/trunk/p7zip.install) Deleted: p7zip/repos/extra-x86_64/CVE-2016-9296.patch p7zip/repos/extra-x86_64/CVE-2017-17969.patch p7zip/repos/extra-x86_64/CVE-2018-5996.patch p7zip/repos/extra-x86_64/PKGBUILD p7zip/repos/extra-x86_64/p7zip.install ----------------------+ CVE-2016-9296.patch | 24 +- CVE-2017-17969.patch | 52 ++--- CVE-2018-10115.patch | 311 ++++++++++++++++++++++++++++++++++ CVE-2018-5996.patch | 442 ++++++++++++++++++++++++------------------------- PKGBUILD | 143 ++++++++------- p7zip.install | 18 - 6 files changed, 652 insertions(+), 338 deletions(-) Deleted: CVE-2016-9296.patch =================================================================== --- CVE-2016-9296.patch 2018-06-09 19:54:48 UTC (rev 326603) +++ CVE-2016-9296.patch 2018-06-09 19:54:57 UTC (rev 326604) @@ -1,12 +0,0 @@ ---- ./CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-21 01:42:29.460901230 +0000 -+++ ./CPP/7zip/Archive/7z/7zIn.cpp 2016-11-21 01:42:57.481197725 +0000 -@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS - if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) - ThrowIncorrect(); - } -- HeadersSize += folders.PackPositions[folders.NumPackStreams]; -+ if (folders.PackPositions) -+ HeadersSize += folders.PackPositions[folders.NumPackStreams]; - return S_OK; - } - Copied: p7zip/repos/extra-x86_64/CVE-2016-9296.patch (from rev 326603, p7zip/trunk/CVE-2016-9296.patch) =================================================================== --- CVE-2016-9296.patch (rev 0) +++ CVE-2016-9296.patch 2018-06-09 19:54:57 UTC (rev 326604) @@ -0,0 +1,12 @@ +--- ./CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-21 01:42:29.460901230 +0000 ++++ ./CPP/7zip/Archive/7z/7zIn.cpp 2016-11-21 01:42:57.481197725 +0000 +@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } +- HeadersSize += folders.PackPositions[folders.NumPackStreams]; ++ if (folders.PackPositions) ++ HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } + Deleted: CVE-2017-17969.patch =================================================================== --- CVE-2017-17969.patch 2018-06-09 19:54:48 UTC (rev 326603) +++ CVE-2017-17969.patch 2018-06-09 19:54:57 UTC (rev 326604) @@ -1,26 +0,0 @@ -From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anar...@debian.org> -Date: Sun, 28 Jan 2018 21:19:50 +0100 -Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta - ---- - CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp -index 80b7e67..4acdce5 100644 ---- a/CPP/7zip/Compress/ShrinkDecoder.cpp -+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp -@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * - { - _stack[i++] = _suffixes[cur]; - cur = _parents[cur]; -- } -+ if (i >= kNumItems) -+ break; -+ } -+ -+ if (i >= kNumItems) -+ break; - - _stack[i++] = (Byte)cur; - lastChar2 = (Byte)cur; Copied: p7zip/repos/extra-x86_64/CVE-2017-17969.patch (from rev 326603, p7zip/trunk/CVE-2017-17969.patch) =================================================================== --- CVE-2017-17969.patch (rev 0) +++ CVE-2017-17969.patch 2018-06-09 19:54:57 UTC (rev 326604) @@ -0,0 +1,26 @@ +From 79bca880ce7bcf07216c45f93afea545e0344418 Mon Sep 17 00:00:00 2001 +From: aone <a...@keka.io> +Date: Mon, 5 Feb 2018 13:01:09 +0100 +Subject: [PATCH] Security fix CVE-2017-17969 + +--- + CPP/7zip/Compress/ShrinkDecoder.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp +index 80b7e67..5bb0559 100644 +--- a/CPP/7zip/Compress/ShrinkDecoder.cpp ++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp +@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + { + _stack[i++] = _suffixes[cur]; + cur = _parents[cur]; ++ if (cur >= kNumItems || i >= kNumItems) ++ break; + } ++ ++ if (cur >= kNumItems || i >= kNumItems) ++ break; + + _stack[i++] = (Byte)cur; + lastChar2 = (Byte)cur; Copied: p7zip/repos/extra-x86_64/CVE-2018-10115.patch (from rev 326603, p7zip/trunk/CVE-2018-10115.patch) =================================================================== --- CVE-2018-10115.patch (rev 0) +++ CVE-2018-10115.patch 2018-06-09 19:54:57 UTC (rev 326604) @@ -0,0 +1,311 @@ +From: Robert Luberda <rob...@debian.org> +Date: Tue, 29 May 2018 23:59:09 +0200 +Subject: Fix CVE-2018-10115 + +Apply "patch" taken from https://landave.io/files/patch_7zip_CVE-2018-10115.txt + + +Bugs-Debian: https://bugs.debian.org/897674 +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 16 +++++++++++----- + CPP/7zip/Compress/Rar1Decoder.h | 3 ++- + CPP/7zip/Compress/Rar2Decoder.cpp | 17 +++++++++++++---- + CPP/7zip/Compress/Rar2Decoder.h | 3 ++- + CPP/7zip/Compress/Rar3Decoder.cpp | 19 +++++++++++++++---- + CPP/7zip/Compress/Rar3Decoder.h | 3 ++- + CPP/7zip/Compress/Rar5Decoder.cpp | 8 ++++++++ + CPP/7zip/Compress/Rar5Decoder.h | 1 + + 8 files changed, 54 insertions(+), 16 deletions(-) + +diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp +index 68030c7..8c890c8 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.cpp ++++ b/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } ++CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -345,7 +345,7 @@ void CDecoder::GetFlagsBuf() + + void CDecoder::InitData() + { +- if (!m_IsSolid) ++ if (!_isSolid) + { + AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0; + AvrPlc = 0x3500; +@@ -391,6 +391,11 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + if (inSize == NULL || outSize == NULL) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ ++ _solidAllowed = false; ++ + if (!m_OutWindowStream.Create(kHistorySize)) + return E_OUTOFMEMORY; + if (!m_InBitStream.Create(1 << 20)) +@@ -398,13 +403,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + + m_UnpackSize = (Int64)*outSize; + m_OutWindowStream.SetStream(outStream); +- m_OutWindowStream.Init(m_IsSolid); ++ m_OutWindowStream.Init(_isSolid); + m_InBitStream.SetStream(inStream); + m_InBitStream.Init(); + + // CCoderReleaser coderReleaser(this); + InitData(); +- if (!m_IsSolid) ++ if (!_isSolid) + { + _errorMode = false; + InitStructures(); +@@ -475,6 +480,7 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + } + if (m_UnpackSize < 0) + return S_FALSE; ++ _solidAllowed = true; + return m_OutWindowStream.Flush(); + } + +@@ -491,7 +497,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h +index 01b606b..8abb3a3 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.h ++++ b/CPP/7zip/Compress/Rar1Decoder.h +@@ -38,7 +38,8 @@ public: + UInt32 LastLength; + + Int64 m_UnpackSize; +- bool m_IsSolid; ++ bool _isSolid; ++ bool _solidAllowed; + bool _errorMode; + + UInt32 ReadBits(int numBits); +diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp +index 0580c8d..be8d842 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.cpp ++++ b/CPP/7zip/Compress/Rar2Decoder.cpp +@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20; + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false), ++ _isSolid(false), ++ _solidAllowed(false), + m_TablesOK(false) + { + } +@@ -320,6 +321,10 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + if (inSize == NULL || outSize == NULL) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ _solidAllowed = false; ++ + if (!m_OutWindowStream.Create(kHistorySize)) + return E_OUTOFMEMORY; + if (!m_InBitStream.Create(1 << 20)) +@@ -330,12 +335,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + UInt64 pos = 0, unPackSize = *outSize; + + m_OutWindowStream.SetStream(outStream); +- m_OutWindowStream.Init(m_IsSolid); ++ m_OutWindowStream.Init(_isSolid); + m_InBitStream.SetStream(inStream); + m_InBitStream.Init(); + + // CCoderReleaser coderReleaser(this); +- if (!m_IsSolid) ++ if (!_isSolid) + { + InitStructures(); + if (unPackSize == 0) +@@ -343,6 +348,7 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect; + if (!ReadTables()) + return S_FALSE; ++ _solidAllowed = true; + return S_OK; + } + if (!ReadTables()) +@@ -386,6 +392,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + + if (!ReadLastTables()) + return S_FALSE; ++ ++ _solidAllowed = true; ++ + return m_OutWindowStream.Flush(); + } + +@@ -402,7 +411,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h +index 0e9005f..370bce2 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.h ++++ b/CPP/7zip/Compress/Rar2Decoder.h +@@ -138,7 +138,8 @@ class CDecoder : + Byte m_LastLevels[kMaxTableSize]; + + UInt64 m_PackSize; +- bool m_IsSolid; ++ bool _isSolid; ++ bool _solidAllowed; + bool m_TablesOK; + + void InitStructures(); +diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp +index 6cb8a6a..7b85833 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.cpp ++++ b/CPP/7zip/Compress/Rar3Decoder.cpp +@@ -92,7 +92,8 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false), ++ _isSolid(false), ++ _solidAllowed(false), + _errorMode(false) + { + Ppmd7_Construct(&_ppmd); +@@ -821,7 +822,7 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + { + _writtenFileSize = 0; + _unsupportedFilter = false; +- if (!m_IsSolid) ++ if (!_isSolid) + { + _lzSize = 0; + _winPos = 0; +@@ -840,12 +841,15 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + if (_errorMode) + return S_FALSE; + +- if (!m_IsSolid || !TablesRead) ++ if (!_isSolid || !TablesRead) + { + bool keepDecompressing; + RINOK(ReadTables(keepDecompressing)); + if (!keepDecompressing) ++ { ++ _solidAllowed = true; + return S_OK; ++ } + } + + for (;;) +@@ -870,6 +874,9 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + if (!keepDecompressing) + break; + } ++ ++ _solidAllowed = true; ++ + RINOK(WriteBuf()); + UInt64 packSize = m_InBitStream.BitDecoder.GetProcessedSize(); + RINOK(progress->SetRatioInfo(&packSize, &_writtenFileSize)); +@@ -890,6 +897,10 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + if (!inSize) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ _solidAllowed = false; ++ + if (!_vmData) + { + _vmData = (Byte *)::MidAlloc(kVmDataSizeMax + kVmCodeSizeMax); +@@ -928,7 +939,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h +index 2f72d7d..32c8943 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.h ++++ b/CPP/7zip/Compress/Rar3Decoder.h +@@ -191,7 +191,8 @@ class CDecoder: + CRecordVector<CTempFilter *> _tempFilters; + UInt32 _lastFilter; + +- bool m_IsSolid; ++ bool _isSolid; ++ bool _solidAllowed; + bool _errorMode; + + bool _lzMode; +diff --git a/CPP/7zip/Compress/Rar5Decoder.cpp b/CPP/7zip/Compress/Rar5Decoder.cpp +index dc8830f..a826d5a 100644 +--- a/CPP/7zip/Compress/Rar5Decoder.cpp ++++ b/CPP/7zip/Compress/Rar5Decoder.cpp +@@ -72,6 +72,7 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _dictSizeLog(0), + _isSolid(false), ++ _solidAllowed(false), + _wasInit(false), + _inputBuf(NULL) + { +@@ -801,7 +802,10 @@ HRESULT CDecoder::CodeReal() + */ + + if (res == S_OK) ++ { ++ _solidAllowed = true; + res = res2; ++ } + + if (res == S_OK && _unpackSize_Defined && _writtenFileSize != _unpackSize) + return S_FALSE; +@@ -821,6 +825,10 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + { + try + { ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ _solidAllowed = false; ++ + if (_dictSizeLog >= sizeof(size_t) * 8) + return E_NOTIMPL; + +diff --git a/CPP/7zip/Compress/Rar5Decoder.h b/CPP/7zip/Compress/Rar5Decoder.h +index b0a4dd1..3db5018 100644 +--- a/CPP/7zip/Compress/Rar5Decoder.h ++++ b/CPP/7zip/Compress/Rar5Decoder.h +@@ -271,6 +271,7 @@ class CDecoder: + Byte _dictSizeLog; + bool _tableWasFilled; + bool _isSolid; ++ bool _solidAllowed; + bool _wasInit; + + UInt32 _reps[kNumReps]; Deleted: CVE-2018-5996.patch =================================================================== --- CVE-2018-5996.patch 2018-06-09 19:54:48 UTC (rev 326603) +++ CVE-2018-5996.patch 2018-06-09 19:54:57 UTC (rev 326604) @@ -1,221 +0,0 @@ -From: Robert Luberda <rob...@debian.org> -Date: Sun, 28 Jan 2018 23:47:40 +0100 -Subject: CVE-2018-5996 - -Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by -applying a few changes from 7Zip 18.00-beta. - -Bug-Debian: https://bugs.debian.org/#888314 ---- - CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++---- - CPP/7zip/Compress/Rar1Decoder.h | 1 + - CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++- - CPP/7zip/Compress/Rar2Decoder.h | 1 + - CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++--- - CPP/7zip/Compress/Rar3Decoder.h | 2 ++ - 6 files changed, 42 insertions(+), 8 deletions(-) - -diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp -index 1aaedcc..68030c7 100644 ---- a/CPP/7zip/Compress/Rar1Decoder.cpp -+++ b/CPP/7zip/Compress/Rar1Decoder.cpp -@@ -29,7 +29,7 @@ public: - }; - */ - --CDecoder::CDecoder(): m_IsSolid(false) { } -+CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } - - void CDecoder::InitStructures() - { -@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * - InitData(); - if (!m_IsSolid) - { -+ _errorMode = false; - InitStructures(); - InitHuff(); - } -+ -+ if (_errorMode) -+ return S_FALSE; -+ - if (m_UnpackSize > 0) - { - GetFlagsBuf(); -@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream - const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) - { - try { return CodeReal(inStream, outStream, inSize, outSize, progress); } -- catch(const CInBufferException &e) { return e.ErrorCode; } -- catch(const CLzOutWindowException &e) { return e.ErrorCode; } -- catch(...) { return S_FALSE; } -+ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } -+ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } -+ catch(...) { _errorMode = true; return S_FALSE; } - } - - STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) -diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h -index 630f089..01b606b 100644 ---- a/CPP/7zip/Compress/Rar1Decoder.h -+++ b/CPP/7zip/Compress/Rar1Decoder.h -@@ -39,6 +39,7 @@ public: - - Int64 m_UnpackSize; - bool m_IsSolid; -+ bool _errorMode; - - UInt32 ReadBits(int numBits); - HRESULT CopyBlock(UInt32 distance, UInt32 len); -diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp -index b3f2b4b..0580c8d 100644 ---- a/CPP/7zip/Compress/Rar2Decoder.cpp -+++ b/CPP/7zip/Compress/Rar2Decoder.cpp -@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20; - static const UInt32 kWindowReservSize = (1 << 22) + 256; - - CDecoder::CDecoder(): -- m_IsSolid(false) -+ m_IsSolid(false), -+ m_TablesOK(false) - { - } - -@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB - - bool CDecoder::ReadTables(void) - { -+ m_TablesOK = false; -+ - Byte levelLevels[kLevelTableSize]; - Byte newLevels[kMaxTableSize]; - m_AudioMode = (ReadBits(1) == 1); -@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void) - } - - memcpy(m_LastLevels, newLevels, kMaxTableSize); -+ m_TablesOK = true; -+ - return true; - } - -@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * - return S_FALSE; - } - -+ if (!m_TablesOK) -+ return S_FALSE; -+ - UInt64 startPos = m_OutWindowStream.GetProcessedSize(); - while (pos < unPackSize) - { -diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h -index 3a0535c..0e9005f 100644 ---- a/CPP/7zip/Compress/Rar2Decoder.h -+++ b/CPP/7zip/Compress/Rar2Decoder.h -@@ -139,6 +139,7 @@ class CDecoder : - - UInt64 m_PackSize; - bool m_IsSolid; -+ bool m_TablesOK; - - void InitStructures(); - UInt32 ReadBits(unsigned numBits); -diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp -index 3bf2513..6cb8a6a 100644 ---- a/CPP/7zip/Compress/Rar3Decoder.cpp -+++ b/CPP/7zip/Compress/Rar3Decoder.cpp -@@ -92,7 +92,8 @@ CDecoder::CDecoder(): - _writtenFileSize(0), - _vmData(0), - _vmCode(0), -- m_IsSolid(false) -+ m_IsSolid(false), -+ _errorMode(false) - { - Ppmd7_Construct(&_ppmd); - } -@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) - return InitPPM(); - } - -+ TablesRead = false; -+ TablesOK = false; -+ - _lzMode = true; - PrevAlignBits = 0; - PrevAlignCount = 0; -@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) - } - } - } -+ if (InputEofError()) -+ return S_FALSE; -+ - TablesRead = true; - - // original code has check here: -@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) - RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); - - memcpy(m_LastLevels, newLevels, kTablesSizesSum); -+ -+ TablesOK = true; -+ - return S_OK; - } - -@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) - PpmEscChar = 2; - PpmError = true; - InitFilters(); -+ _errorMode = false; - } -+ -+ if (_errorMode) -+ return S_FALSE; -+ - if (!m_IsSolid || !TablesRead) - { - bool keepDecompressing; -@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) - bool keepDecompressing; - if (_lzMode) - { -+ if (!TablesOK) -+ return S_FALSE; - RINOK(DecodeLZ(keepDecompressing)) - } - else -@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream - _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; - return CodeReal(progress); - } -- catch(const CInBufferException &e) { return e.ErrorCode; } -- catch(...) { return S_FALSE; } -+ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } -+ catch(...) { _errorMode = true; return S_FALSE; } - // CNewException is possible here. But probably CNewException is caused - // by error in data stream. - } -diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h -index c130cec..2f72d7d 100644 ---- a/CPP/7zip/Compress/Rar3Decoder.h -+++ b/CPP/7zip/Compress/Rar3Decoder.h -@@ -192,6 +192,7 @@ class CDecoder: - UInt32 _lastFilter; - - bool m_IsSolid; -+ bool _errorMode; - - bool _lzMode; - bool _unsupportedFilter; -@@ -200,6 +201,7 @@ class CDecoder: - UInt32 PrevAlignCount; - - bool TablesRead; -+ bool TablesOK; - - CPpmd7 _ppmd; - int PpmEscChar; Copied: p7zip/repos/extra-x86_64/CVE-2018-5996.patch (from rev 326603, p7zip/trunk/CVE-2018-5996.patch) =================================================================== --- CVE-2018-5996.patch (rev 0) +++ CVE-2018-5996.patch 2018-06-09 19:54:57 UTC (rev 326604) @@ -0,0 +1,221 @@ +From: Robert Luberda <rob...@debian.org> +Date: Sun, 28 Jan 2018 23:47:40 +0100 +Subject: CVE-2018-5996 + +Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by +applying a few changes from 7Zip 18.00-beta. + +Bug-Debian: https://bugs.debian.org/#888314 +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++---- + CPP/7zip/Compress/Rar1Decoder.h | 1 + + CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++- + CPP/7zip/Compress/Rar2Decoder.h | 1 + + CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++--- + CPP/7zip/Compress/Rar3Decoder.h | 2 ++ + 6 files changed, 42 insertions(+), 8 deletions(-) + +diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp +index 1aaedcc..68030c7 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.cpp ++++ b/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false) { } ++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + InitData(); + if (!m_IsSolid) + { ++ _errorMode = false; + InitStructures(); + InitHuff(); + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (m_UnpackSize > 0) + { + GetFlagsBuf(); +@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) + { + try { return CodeReal(inStream, outStream, inSize, outSize, progress); } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(const CLzOutWindowException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + } + + STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) +diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h +index 630f089..01b606b 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.h ++++ b/CPP/7zip/Compress/Rar1Decoder.h +@@ -39,6 +39,7 @@ public: + + Int64 m_UnpackSize; + bool m_IsSolid; ++ bool _errorMode; + + UInt32 ReadBits(int numBits); + HRESULT CopyBlock(UInt32 distance, UInt32 len); +diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp +index b3f2b4b..0580c8d 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.cpp ++++ b/CPP/7zip/Compress/Rar2Decoder.cpp +@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20; + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false) ++ m_IsSolid(false), ++ m_TablesOK(false) + { + } + +@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB + + bool CDecoder::ReadTables(void) + { ++ m_TablesOK = false; ++ + Byte levelLevels[kLevelTableSize]; + Byte newLevels[kMaxTableSize]; + m_AudioMode = (ReadBits(1) == 1); +@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void) + } + + memcpy(m_LastLevels, newLevels, kMaxTableSize); ++ m_TablesOK = true; ++ + return true; + } + +@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + return S_FALSE; + } + ++ if (!m_TablesOK) ++ return S_FALSE; ++ + UInt64 startPos = m_OutWindowStream.GetProcessedSize(); + while (pos < unPackSize) + { +diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h +index 3a0535c..0e9005f 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.h ++++ b/CPP/7zip/Compress/Rar2Decoder.h +@@ -139,6 +139,7 @@ class CDecoder : + + UInt64 m_PackSize; + bool m_IsSolid; ++ bool m_TablesOK; + + void InitStructures(); + UInt32 ReadBits(unsigned numBits); +diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp +index 3bf2513..6cb8a6a 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.cpp ++++ b/CPP/7zip/Compress/Rar3Decoder.cpp +@@ -92,7 +92,8 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false) ++ m_IsSolid(false), ++ _errorMode(false) + { + Ppmd7_Construct(&_ppmd); + } +@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) + return InitPPM(); + } + ++ TablesRead = false; ++ TablesOK = false; ++ + _lzMode = true; + PrevAlignBits = 0; + PrevAlignCount = 0; +@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) + } + } + } ++ if (InputEofError()) ++ return S_FALSE; ++ + TablesRead = true; + + // original code has check here: +@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) + RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); + + memcpy(m_LastLevels, newLevels, kTablesSizesSum); ++ ++ TablesOK = true; ++ + return S_OK; + } + +@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + PpmEscChar = 2; + PpmError = true; + InitFilters(); ++ _errorMode = false; + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (!m_IsSolid || !TablesRead) + { + bool keepDecompressing; +@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + bool keepDecompressing; + if (_lzMode) + { ++ if (!TablesOK) ++ return S_FALSE; + RINOK(DecodeLZ(keepDecompressing)) + } + else +@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; + return CodeReal(progress); + } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + // CNewException is possible here. But probably CNewException is caused + // by error in data stream. + } +diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h +index c130cec..2f72d7d 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.h ++++ b/CPP/7zip/Compress/Rar3Decoder.h +@@ -192,6 +192,7 @@ class CDecoder: + UInt32 _lastFilter; + + bool m_IsSolid; ++ bool _errorMode; + + bool _lzMode; + bool _unsupportedFilter; +@@ -200,6 +201,7 @@ class CDecoder: + UInt32 PrevAlignCount; + + bool TablesRead; ++ bool TablesOK; + + CPpmd7 _ppmd; + int PpmEscChar; Deleted: PKGBUILD =================================================================== --- PKGBUILD 2018-06-09 19:54:48 UTC (rev 326603) +++ PKGBUILD 2018-06-09 19:54:57 UTC (rev 326604) @@ -1,70 +0,0 @@ -# $Id$ -# Maintainer: Evangelos Foutras <evange...@foutrelis.com> -# Contributor: Gaetan Bisson <bis...@archlinux.org> -# Contributor: Thayer Williams <tha...@archlinux.org> -# Contributor: Hugo Doria <h...@archlinux.org> -# Contributor: TuxSpirit<tuxspi...@archlinux.fr> 2007/11/17 21:22:36 UTC -# Contributor: Daniel J Griffiths <ghost1...@archlinux.us> - -pkgname=p7zip -pkgver=16.02 -pkgrel=4 -pkgdesc="Command-line file archiver with high compression ratio" -arch=('x86_64') -url="http://p7zip.sourceforge.net/" -license=('LGPL' 'custom:unRAR') -depends=('gcc-libs' 'sh') -makedepends_i686=('nasm') -makedepends_x86_64=('yasm') -install=$pkgname.install -source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2 - CVE-2016-9296.patch - CVE-2017-17969.patch - CVE-2018-5996.patch) -sha256sums=('5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f' - 'f9bcbf21d4aa8938861a6cba992df13dec19538286e9ed747ccec6d9a4e8f983' - '0027f47eb8633244ac0177c1bb4ed50afa64ab757b34379a4b64ac923b9385b0' - '9c92b9060fb0ecc3e754e6440d7773d04bc324d0f998ebcebc263264e5a520df') - -prepare() { - cd "$srcdir/${pkgname}_$pkgver" - - # https://sourceforge.net/p/p7zip/bugs/185/ - patch -Np1 -i ../CVE-2016-9296.patch - - # https://sourceforge.net/p/p7zip/bugs/204/ - patch -Np1 -i ../CVE-2017-17969.patch - - # Patch from Debian which hopefully fixes CVE-2018-5996 - patch -Np1 -i ../CVE-2018-5996.patch - - if [[ $CARCH = x86_64 ]]; then - cp makefile.linux_amd64_asm makefile.machine - else - cp makefile.linux_x86_asm_gcc_4.X makefile.machine - fi -} - -build() { - cd "$srcdir/${pkgname}_$pkgver" - make all3 OPTFLAGS="$CFLAGS" -} - -package() { - cd "$srcdir/${pkgname}_$pkgver" - - make install \ - DEST_DIR="$pkgdir" \ - DEST_HOME=/usr \ - DEST_MAN=/usr/share/man - - # Remove documentation for the GUI file manager - rm -r "$pkgdir/usr/share/doc/p7zip/DOC/MANUAL/fm" - - install -d "${pkgdir}"/usr/share/licenses/p7zip - ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \ - /usr/share/doc/p7zip/DOC/License.txt \ - /usr/share/doc/p7zip/DOC/unRarLicense.txt -} - -# vim:set ts=2 sw=2 et: Copied: p7zip/repos/extra-x86_64/PKGBUILD (from rev 326603, p7zip/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2018-06-09 19:54:57 UTC (rev 326604) @@ -0,0 +1,73 @@ +# $Id$ +# Maintainer: Evangelos Foutras <evange...@foutrelis.com> +# Contributor: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Thayer Williams <tha...@archlinux.org> +# Contributor: Hugo Doria <h...@archlinux.org> +# Contributor: TuxSpirit<tuxspi...@archlinux.fr> 2007/11/17 21:22:36 UTC +# Contributor: Daniel J Griffiths <ghost1...@archlinux.us> + +pkgname=p7zip +pkgver=16.02 +pkgrel=5 +pkgdesc="Command-line file archiver with high compression ratio" +arch=('x86_64') +url="http://p7zip.sourceforge.net/" +license=('LGPL' 'custom:unRAR') +depends=('gcc-libs' 'sh') +makedepends_i686=('nasm') +makedepends_x86_64=('yasm') +install=$pkgname.install +source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2 + CVE-2016-9296.patch + CVE-2017-17969.patch + CVE-2018-5996.patch + CVE-2018-10115.patch) +sha256sums=('5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f' + 'f9bcbf21d4aa8938861a6cba992df13dec19538286e9ed747ccec6d9a4e8f983' + 'c6af5ba588b8932a5e99f3741fcf1011b7c94b533de903176c7d1d4c02a9ebef' + '9c92b9060fb0ecc3e754e6440d7773d04bc324d0f998ebcebc263264e5a520df' + 'c397eb6ad60bfab8d388ea9b39c0c13ae818f86746210c6435e35b35c786607f') + +prepare() { + cd "$srcdir/${pkgname}_$pkgver" + + # https://sourceforge.net/p/p7zip/bugs/185/ + patch -Np1 -i ../CVE-2016-9296.patch + + # https://sourceforge.net/p/p7zip/bugs/204/ + patch -Np1 -i ../CVE-2017-17969.patch + + # Security patches from Debian + patch -Np1 -i ../CVE-2018-5996.patch + patch -Np1 -i ../CVE-2018-10115.patch + + if [[ $CARCH = x86_64 ]]; then + cp makefile.linux_amd64_asm makefile.machine + else + cp makefile.linux_x86_asm_gcc_4.X makefile.machine + fi +} + +build() { + cd "$srcdir/${pkgname}_$pkgver" + make all3 OPTFLAGS="$CFLAGS" +} + +package() { + cd "$srcdir/${pkgname}_$pkgver" + + make install \ + DEST_DIR="$pkgdir" \ + DEST_HOME=/usr \ + DEST_MAN=/usr/share/man + + # Remove documentation for the GUI file manager + rm -r "$pkgdir/usr/share/doc/p7zip/DOC/MANUAL/fm" + + install -d "${pkgdir}"/usr/share/licenses/p7zip + ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \ + /usr/share/doc/p7zip/DOC/License.txt \ + /usr/share/doc/p7zip/DOC/unRarLicense.txt +} + +# vim:set ts=2 sw=2 et: Deleted: p7zip.install =================================================================== --- p7zip.install 2018-06-09 19:54:48 UTC (rev 326603) +++ p7zip.install 2018-06-09 19:54:57 UTC (rev 326604) @@ -1,9 +0,0 @@ -post_upgrade() { - if (($(vercmp $2 9.38.1-3) < 0)); then - echo ':: The 7zFM graphical frontend is no longer included in this package.' - echo ' If you used it, consider installing one of the following packages:' - echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.' - fi -} - -# vim:set ts=2 sw=2 et: Copied: p7zip/repos/extra-x86_64/p7zip.install (from rev 326603, p7zip/trunk/p7zip.install) =================================================================== --- p7zip.install (rev 0) +++ p7zip.install 2018-06-09 19:54:57 UTC (rev 326604) @@ -0,0 +1,9 @@ +post_upgrade() { + if (($(vercmp $2 9.38.1-3) < 0)); then + echo ':: The 7zFM graphical frontend is no longer included in this package.' + echo ' If you used it, consider installing one of the following packages:' + echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.' + fi +} + +# vim:set ts=2 sw=2 et: