[arch-commits] Commit in p7zip/trunk (3 files)
Date: Saturday, June 9, 2018 @ 19:54:48 Author: foutrelis Revision: 326603 upgpkg: p7zip 16.02-5 Refresh patch for CVE-2017-17969; add patch for CVE-2018-10115. Added: p7zip/trunk/CVE-2018-10115.patch Modified: p7zip/trunk/CVE-2017-17969.patch p7zip/trunk/PKGBUILD --+ CVE-2017-17969.patch | 26 ++-- CVE-2018-10115.patch | 311 + PKGBUILD | 13 +- 3 files changed, 332 insertions(+), 18 deletions(-) Modified: CVE-2017-17969.patch === --- CVE-2017-17969.patch2018-06-09 19:05:35 UTC (rev 326602) +++ CVE-2017-17969.patch2018-06-09 19:54:48 UTC (rev 326603) @@ -1,13 +1,14 @@ -From: =?utf-8?q?Antoine_Beaupr=C3=A9?= -Date: Sun, 28 Jan 2018 21:19:50 +0100 -Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta +From 79bca880ce7bcf07216c45f93afea545e0344418 Mon Sep 17 00:00:00 2001 +From: aone +Date: Mon, 5 Feb 2018 13:01:09 +0100 +Subject: [PATCH] Security fix CVE-2017-17969 --- - CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++- - 1 file changed, 6 insertions(+), 1 deletion(-) + CPP/7zip/Compress/ShrinkDecoder.cpp | 5 + + 1 file changed, 5 insertions(+) diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp -index 80b7e67..4acdce5 100644 +index 80b7e67..5bb0559 100644 --- a/CPP/7zip/Compress/ShrinkDecoder.cpp +++ b/CPP/7zip/Compress/ShrinkDecoder.cpp @@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * @@ -14,13 +15,12 @@ { _stack[i++] = _suffixes[cur]; cur = _parents[cur]; --} -+ if (i >= kNumItems) -+break; -+ } -+ -+if (i >= kNumItems) -+ break; ++if (cur >= kNumItems || i >= kNumItems) ++ break; + } ++ ++ if (cur >= kNumItems || i >= kNumItems) ++ break; _stack[i++] = (Byte)cur; lastChar2 = (Byte)cur; Added: CVE-2018-10115.patch === --- CVE-2018-10115.patch(rev 0) +++ CVE-2018-10115.patch2018-06-09 19:54:48 UTC (rev 326603) @@ -0,0 +1,311 @@ +From: Robert Luberda +Date: Tue, 29 May 2018 23:59:09 +0200 +Subject: Fix CVE-2018-10115 + +Apply "patch" taken from https://landave.io/files/patch_7zip_CVE-2018-10115.txt + + +Bugs-Debian: https://bugs.debian.org/897674 +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 16 +++- + CPP/7zip/Compress/Rar1Decoder.h | 3 ++- + CPP/7zip/Compress/Rar2Decoder.cpp | 17 + + CPP/7zip/Compress/Rar2Decoder.h | 3 ++- + CPP/7zip/Compress/Rar3Decoder.cpp | 19 +++ + CPP/7zip/Compress/Rar3Decoder.h | 3 ++- + CPP/7zip/Compress/Rar5Decoder.cpp | 8 + CPP/7zip/Compress/Rar5Decoder.h | 1 + + 8 files changed, 54 insertions(+), 16 deletions(-) + +diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp +index 68030c7..8c890c8 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } ++CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -345,7 +345,7 @@ void CDecoder::GetFlagsBuf() + + void CDecoder::InitData() + { +- if (!m_IsSolid) ++ if (!_isSolid) + { + AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0; + AvrPlc = 0x3500; +@@ -391,6 +391,11 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + if (inSize == NULL || outSize == NULL) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++return S_FALSE; ++ ++ _solidAllowed = false; ++ + if (!m_OutWindowStream.Create(kHistorySize)) + return E_OUTOFMEMORY; + if (!m_InBitStream.Create(1 << 20)) +@@ -398,13 +403,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + + m_UnpackSize = (Int64)*outSize; + m_OutWindowStream.SetStream(outStream); +- m_OutWindowStream.Init(m_IsSolid); ++ m_OutWindowStream.Init(_isSolid); + m_InBitStream.SetStream(inStream); + m_InBitStream.Init(); + + // CCoderReleaser coderReleaser(this); + InitData(); +- if (!m_IsSolid) ++ if (!_isSolid) + { + _errorMode = false; + InitStructures(); +@@ -475,6 +480,7 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + } + if (m_UnpackSize < 0) + return S_FALSE; ++ _solidAllowed = true; + return m_OutWindowStream.Flush(); + } + +@@ -491,7 +497,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff --git
[arch-commits] Commit in p7zip/trunk (3 files)
Date: Monday, February 5, 2018 @ 17:04:51 Author: foutrelis Revision: 315905 upgpkg: p7zip 16.02-4 Add patches for CVE-2017-17969 and CVE-2018-5996 (FS#57383). Added: p7zip/trunk/CVE-2017-17969.patch p7zip/trunk/CVE-2018-5996.patch Modified: p7zip/trunk/PKGBUILD --+ CVE-2017-17969.patch | 26 + CVE-2018-5996.patch | 221 + PKGBUILD | 16 ++- 3 files changed, 260 insertions(+), 3 deletions(-) Added: CVE-2017-17969.patch === --- CVE-2017-17969.patch(rev 0) +++ CVE-2017-17969.patch2018-02-05 17:04:51 UTC (rev 315905) @@ -0,0 +1,26 @@ +From: =?utf-8?q?Antoine_Beaupr=C3=A9?=+Date: Sun, 28 Jan 2018 21:19:50 +0100 +Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta + +--- + CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp +index 80b7e67..4acdce5 100644 +--- a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp +@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + { + _stack[i++] = _suffixes[cur]; + cur = _parents[cur]; +-} ++ if (i >= kNumItems) ++break; ++ } ++ ++if (i >= kNumItems) ++ break; + + _stack[i++] = (Byte)cur; + lastChar2 = (Byte)cur; Added: CVE-2018-5996.patch === --- CVE-2018-5996.patch (rev 0) +++ CVE-2018-5996.patch 2018-02-05 17:04:51 UTC (rev 315905) @@ -0,0 +1,221 @@ +From: Robert Luberda +Date: Sun, 28 Jan 2018 23:47:40 +0100 +Subject: CVE-2018-5996 + +Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by +applying a few changes from 7Zip 18.00-beta. + +Bug-Debian: https://bugs.debian.org/#888314 +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 13 + + CPP/7zip/Compress/Rar1Decoder.h | 1 + + CPP/7zip/Compress/Rar2Decoder.cpp | 10 +- + CPP/7zip/Compress/Rar2Decoder.h | 1 + + CPP/7zip/Compress/Rar3Decoder.cpp | 23 --- + CPP/7zip/Compress/Rar3Decoder.h | 2 ++ + 6 files changed, 42 insertions(+), 8 deletions(-) + +diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp +index 1aaedcc..68030c7 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false) { } ++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + InitData(); + if (!m_IsSolid) + { ++_errorMode = false; + InitStructures(); + InitHuff(); + } ++ ++ if (_errorMode) ++return S_FALSE; ++ + if (m_UnpackSize > 0) + { + GetFlagsBuf(); +@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) + { + try { return CodeReal(inStream, outStream, inSize, outSize, progress); } +- catch(const CInBufferException ) { return e.ErrorCode; } +- catch(const CLzOutWindowException ) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException ) { _errorMode = true; return e.ErrorCode; } ++ catch(const CLzOutWindowException ) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + } + + STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) +diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h +index 630f089..01b606b 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h +@@ -39,6 +39,7 @@ public: + + Int64 m_UnpackSize; + bool m_IsSolid; ++ bool _errorMode; + + UInt32 ReadBits(int numBits); + HRESULT CopyBlock(UInt32 distance, UInt32 len); +diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp +index b3f2b4b..0580c8d 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp +@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20; + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false) ++ m_IsSolid(false), ++ m_TablesOK(false) + { + } + +@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB + + bool CDecoder::ReadTables(void) + { ++ m_TablesOK = false; ++ + Byte levelLevels[kLevelTableSize]; + Byte newLevels[kMaxTableSize]; + m_AudioMode = (ReadBits(1) == 1); +@@ -170,6 +173,8 @@ bool
[arch-commits] Commit in p7zip/trunk (3 files)
Date: Saturday, July 16, 2016 @ 13:04:22 Author: foutrelis Revision: 271943 upgpkg: p7zip 16.02-1 New upstream release. Modified: p7zip/trunk/PKGBUILD Deleted: p7zip/trunk/CVE-2016-2334.patch p7zip/trunk/CVE-2016-2335.patch -+ CVE-2016-2334.patch | 24 CVE-2016-2335.patch | 17 - PKGBUILD| 16 3 files changed, 4 insertions(+), 53 deletions(-) Deleted: CVE-2016-2334.patch === --- CVE-2016-2334.patch 2016-07-16 12:39:18 UTC (rev 271942) +++ CVE-2016-2334.patch 2016-07-16 13:04:22 UTC (rev 271943) @@ -1,24 +0,0 @@ -Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp -=== p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp -+++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp -@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo - item.GroupID = Get32(r + 0x24); - item.AdminFlags = r[0x28]; - item.OwnerFlags = r[0x29]; -+ */ - item.FileMode = Get16(r + 0x2A); -+ /* - item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount - item.FileType = Get32(r + 0x30); - item.FileCreator = Get32(r + 0x34); -@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile( - - UInt32 size = GetUi32(tableBuf + i * 8 + 4); - -+if (size > buf.Size() || size > kCompressionBlockSize + 1) -+return S_FALSE; -+ - RINOK(ReadStream_FALSE(inStream, buf, size)); - - if ((buf[0] & 0xF) == 0xF) Deleted: CVE-2016-2335.patch === --- CVE-2016-2335.patch 2016-07-16 12:39:18 UTC (rev 271942) +++ CVE-2016-2335.patch 2016-07-16 13:04:22 UTC (rev 271943) @@ -1,17 +0,0 @@ -Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp -=== p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp -+++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp -@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol - return S_FALSE; - CFile = Files.Back(); - const CLogVol = LogVols[volIndex]; -- CPartition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex]; -+ unsigned partitionRef = lad.Location.PartitionRef; -+ -+ if (partitionRef >= vol.PartitionMaps.Size()) -+ return S_FALSE; -+ CPartition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex]; - - UInt32 key = lad.Location.Pos; - UInt32 value; Modified: PKGBUILD === --- PKGBUILD2016-07-16 12:39:18 UTC (rev 271942) +++ PKGBUILD2016-07-16 13:04:22 UTC (rev 271943) @@ -7,8 +7,8 @@ # Contributor: Daniel J Griffithspkgname=p7zip -pkgver=15.14.1 -pkgrel=2 +pkgver=16.02 +pkgrel=1 pkgdesc="Command-line file archiver with high compression ratio" arch=('i686' 'x86_64') url="http://p7zip.sourceforge.net/; @@ -17,12 +17,8 @@ makedepends_i686=('nasm') makedepends_x86_64=('yasm') install=$pkgname.install -source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2 -CVE-2016-2334.patch -CVE-2016-2335.patch) -sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4' -'632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5' -'368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf') +source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2) +sha256sums=('5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f') prepare() { cd "$srcdir/${pkgname}_$pkgver" @@ -32,10 +28,6 @@ else cp makefile.linux_x86_asm_gcc_4.X makefile.machine fi - - # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ - patch -Np1 -i ../CVE-2016-2334.patch - patch -Np1 -i ../CVE-2016-2335.patch } build() {
[arch-commits] Commit in p7zip/trunk (3 files)
Date: Tuesday, May 17, 2016 @ 23:43:53 Author: foutrelis Revision: 268263 upgpkg: p7zip 15.14.1-2 Add patches for CVE-2016-2334 and CVE-2016-2335. Added: p7zip/trunk/CVE-2016-2334.patch p7zip/trunk/CVE-2016-2335.patch Modified: p7zip/trunk/PKGBUILD -+ CVE-2016-2334.patch | 24 CVE-2016-2335.patch | 17 + PKGBUILD| 14 +++--- 3 files changed, 52 insertions(+), 3 deletions(-) Added: CVE-2016-2334.patch === --- CVE-2016-2334.patch (rev 0) +++ CVE-2016-2334.patch 2016-05-17 21:43:53 UTC (rev 268263) @@ -0,0 +1,24 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +=== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo + item.GroupID = Get32(r + 0x24); + item.AdminFlags = r[0x28]; + item.OwnerFlags = r[0x29]; ++ */ + item.FileMode = Get16(r + 0x2A); ++ /* + item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount + item.FileType = Get32(r + 0x30); + item.FileCreator = Get32(r + 0x34); +@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile( + + UInt32 size = GetUi32(tableBuf + i * 8 + 4); + ++if (size > buf.Size() || size > kCompressionBlockSize + 1) ++return S_FALSE; ++ + RINOK(ReadStream_FALSE(inStream, buf, size)); + + if ((buf[0] & 0xF) == 0xF) Added: CVE-2016-2335.patch === --- CVE-2016-2335.patch (rev 0) +++ CVE-2016-2335.patch 2016-05-17 21:43:53 UTC (rev 268263) @@ -0,0 +1,17 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +=== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol + return S_FALSE; + CFile = Files.Back(); + const CLogVol = LogVols[volIndex]; +- CPartition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex]; ++ unsigned partitionRef = lad.Location.PartitionRef; ++ ++ if (partitionRef >= vol.PartitionMaps.Size()) ++ return S_FALSE; ++ CPartition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex]; + + UInt32 key = lad.Location.Pos; + UInt32 value; Modified: PKGBUILD === --- PKGBUILD2016-05-17 21:41:51 UTC (rev 268262) +++ PKGBUILD2016-05-17 21:43:53 UTC (rev 268263) @@ -8,7 +8,7 @@ pkgname=p7zip pkgver=15.14.1 -pkgrel=1 +pkgrel=2 pkgdesc="Command-line file archiver with high compression ratio" arch=('i686' 'x86_64') url="http://p7zip.sourceforge.net/; @@ -17,8 +17,12 @@ makedepends_i686=('nasm') makedepends_x86_64=('yasm') install=$pkgname.install -source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2) -sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4') +source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2 +CVE-2016-2334.patch +CVE-2016-2335.patch) +sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4' +'632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5' +'368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf') prepare() { cd "$srcdir/${pkgname}_$pkgver" @@ -28,6 +32,10 @@ else cp makefile.linux_x86_asm_gcc_4.X makefile.machine fi + + # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ + patch -Np1 -i ../CVE-2016-2334.patch + patch -Np1 -i ../CVE-2016-2335.patch } build() {