[arch-commits] Commit in p7zip/trunk (3 files)

2018-06-09 Thread Evangelos Foutras via arch-commits 
Date: Saturday, June 9, 2018 @ 19:54:48
  Author: foutrelis
Revision: 326603

upgpkg: p7zip 16.02-5

Refresh patch for CVE-2017-17969; add patch for CVE-2018-10115.

Added:
  p7zip/trunk/CVE-2018-10115.patch
Modified:
  p7zip/trunk/CVE-2017-17969.patch
  p7zip/trunk/PKGBUILD

--+
 CVE-2017-17969.patch |   26 ++--
 CVE-2018-10115.patch |  311 +
 PKGBUILD |   13 +-
 3 files changed, 332 insertions(+), 18 deletions(-)

Modified: CVE-2017-17969.patch
===
--- CVE-2017-17969.patch2018-06-09 19:05:35 UTC (rev 326602)
+++ CVE-2017-17969.patch2018-06-09 19:54:48 UTC (rev 326603)
@@ -1,13 +1,14 @@
-From: =?utf-8?q?Antoine_Beaupr=C3=A9?= 
-Date: Sun, 28 Jan 2018 21:19:50 +0100
-Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta
+From 79bca880ce7bcf07216c45f93afea545e0344418 Mon Sep 17 00:00:00 2001
+From: aone 
+Date: Mon, 5 Feb 2018 13:01:09 +0100
+Subject: [PATCH] Security fix CVE-2017-17969
 
 ---
- CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
+ CPP/7zip/Compress/ShrinkDecoder.cpp | 5 +
+ 1 file changed, 5 insertions(+)
 
 diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp 
b/CPP/7zip/Compress/ShrinkDecoder.cpp
-index 80b7e67..4acdce5 100644
+index 80b7e67..5bb0559 100644
 --- a/CPP/7zip/Compress/ShrinkDecoder.cpp
 +++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
 @@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, 
ISequentialOutStream *
@@ -14,13 +15,12 @@
  {
_stack[i++] = _suffixes[cur];
cur = _parents[cur];
--}
-+  if (i >= kNumItems)
-+break;
-+ }
-+
-+if (i >= kNumItems)
-+  break;
++if (cur >= kNumItems || i >= kNumItems)
++  break;
+ }
++  
++  if (cur >= kNumItems || i >= kNumItems)
++  break;
  
  _stack[i++] = (Byte)cur;
  lastChar2 = (Byte)cur;

Added: CVE-2018-10115.patch
===
--- CVE-2018-10115.patch(rev 0)
+++ CVE-2018-10115.patch2018-06-09 19:54:48 UTC (rev 326603)
@@ -0,0 +1,311 @@
+From: Robert Luberda 
+Date: Tue, 29 May 2018 23:59:09 +0200
+Subject: Fix CVE-2018-10115
+
+Apply "patch" taken from https://landave.io/files/patch_7zip_CVE-2018-10115.txt
+
+
+Bugs-Debian: https://bugs.debian.org/897674
+---
+ CPP/7zip/Compress/Rar1Decoder.cpp | 16 +++-
+ CPP/7zip/Compress/Rar1Decoder.h   |  3 ++-
+ CPP/7zip/Compress/Rar2Decoder.cpp | 17 +
+ CPP/7zip/Compress/Rar2Decoder.h   |  3 ++-
+ CPP/7zip/Compress/Rar3Decoder.cpp | 19 +++
+ CPP/7zip/Compress/Rar3Decoder.h   |  3 ++-
+ CPP/7zip/Compress/Rar5Decoder.cpp |  8 
+ CPP/7zip/Compress/Rar5Decoder.h   |  1 +
+ 8 files changed, 54 insertions(+), 16 deletions(-)
+
+diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp 
b/CPP/7zip/Compress/Rar1Decoder.cpp
+index 68030c7..8c890c8 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.cpp
 b/CPP/7zip/Compress/Rar1Decoder.cpp
+@@ -29,7 +29,7 @@ public:
+ };
+ */
+ 
+-CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
++CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), 
_errorMode(false) { }
+ 
+ void CDecoder::InitStructures()
+ {
+@@ -345,7 +345,7 @@ void CDecoder::GetFlagsBuf()
+ 
+ void CDecoder::InitData()
+ {
+-  if (!m_IsSolid)
++  if (!_isSolid)
+   {
+ AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0;
+ AvrPlc = 0x3500;
+@@ -391,6 +391,11 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, 
ISequentialOutStream *
+   if (inSize == NULL || outSize == NULL)
+ return E_INVALIDARG;
+ 
++  if (_isSolid && !_solidAllowed)
++return S_FALSE;
++
++  _solidAllowed = false;
++
+   if (!m_OutWindowStream.Create(kHistorySize))
+ return E_OUTOFMEMORY;
+   if (!m_InBitStream.Create(1 << 20))
+@@ -398,13 +403,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream 
*inStream, ISequentialOutStream *
+ 
+   m_UnpackSize = (Int64)*outSize;
+   m_OutWindowStream.SetStream(outStream);
+-  m_OutWindowStream.Init(m_IsSolid);
++  m_OutWindowStream.Init(_isSolid);
+   m_InBitStream.SetStream(inStream);
+   m_InBitStream.Init();
+ 
+   // CCoderReleaser coderReleaser(this);
+   InitData();
+-  if (!m_IsSolid)
++  if (!_isSolid)
+   {
+ _errorMode = false;
+ InitStructures();
+@@ -475,6 +480,7 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, 
ISequentialOutStream *
+   }
+   if (m_UnpackSize < 0)
+ return S_FALSE;
++  _solidAllowed = true;
+   return m_OutWindowStream.Flush();
+ }
+ 
+@@ -491,7 +497,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte 
*data, UInt32 size)
+ {
+   if (size < 1)
+ return E_INVALIDARG;
+-  m_IsSolid = ((data[0] & 1) != 0);
++  _isSolid = ((data[0] & 1) != 0);
+   return S_OK;
+ }
+ 
+diff --git

[arch-commits] Commit in p7zip/trunk (3 files)

2018-02-05 Thread Evangelos Foutras via arch-commits 
Date: Monday, February 5, 2018 @ 17:04:51
  Author: foutrelis
Revision: 315905

upgpkg: p7zip 16.02-4

Add patches for CVE-2017-17969 and CVE-2018-5996 (FS#57383).

Added:
  p7zip/trunk/CVE-2017-17969.patch
  p7zip/trunk/CVE-2018-5996.patch
Modified:
  p7zip/trunk/PKGBUILD

--+
 CVE-2017-17969.patch |   26 +
 CVE-2018-5996.patch  |  221 +
 PKGBUILD |   16 ++-
 3 files changed, 260 insertions(+), 3 deletions(-)

Added: CVE-2017-17969.patch
===
--- CVE-2017-17969.patch(rev 0)
+++ CVE-2017-17969.patch2018-02-05 17:04:51 UTC (rev 315905)
@@ -0,0 +1,26 @@
+From: =?utf-8?q?Antoine_Beaupr=C3=A9?= 
+Date: Sun, 28 Jan 2018 21:19:50 +0100
+Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta
+
+---
+ CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp 
b/CPP/7zip/Compress/ShrinkDecoder.cpp
+index 80b7e67..4acdce5 100644
+--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
 b/CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, 
ISequentialOutStream *
+ {
+   _stack[i++] = _suffixes[cur];
+   cur = _parents[cur];
+-}
++  if (i >= kNumItems)
++break;
++ }
++
++if (i >= kNumItems)
++  break;
+ 
+ _stack[i++] = (Byte)cur;
+ lastChar2 = (Byte)cur;

Added: CVE-2018-5996.patch
===
--- CVE-2018-5996.patch (rev 0)
+++ CVE-2018-5996.patch 2018-02-05 17:04:51 UTC (rev 315905)
@@ -0,0 +1,221 @@
+From: Robert Luberda 
+Date: Sun, 28 Jan 2018 23:47:40 +0100
+Subject: CVE-2018-5996
+
+Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by
+applying a few changes from 7Zip 18.00-beta.
+
+Bug-Debian: https://bugs.debian.org/#888314
+---
+ CPP/7zip/Compress/Rar1Decoder.cpp | 13 +
+ CPP/7zip/Compress/Rar1Decoder.h   |  1 +
+ CPP/7zip/Compress/Rar2Decoder.cpp | 10 +-
+ CPP/7zip/Compress/Rar2Decoder.h   |  1 +
+ CPP/7zip/Compress/Rar3Decoder.cpp | 23 ---
+ CPP/7zip/Compress/Rar3Decoder.h   |  2 ++
+ 6 files changed, 42 insertions(+), 8 deletions(-)
+
+diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp 
b/CPP/7zip/Compress/Rar1Decoder.cpp
+index 1aaedcc..68030c7 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.cpp
 b/CPP/7zip/Compress/Rar1Decoder.cpp
+@@ -29,7 +29,7 @@ public:
+ };
+ */
+ 
+-CDecoder::CDecoder(): m_IsSolid(false) { }
++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
+ 
+ void CDecoder::InitStructures()
+ {
+@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, 
ISequentialOutStream *
+   InitData();
+   if (!m_IsSolid)
+   {
++_errorMode = false;
+ InitStructures();
+ InitHuff();
+   }
++
++  if (_errorMode)
++return S_FALSE;
++
+   if (m_UnpackSize > 0)
+   {
+ GetFlagsBuf();
+@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, 
ISequentialOutStream
+ const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo 
*progress)
+ {
+   try { return CodeReal(inStream, outStream, inSize, outSize, progress); }
+-  catch(const CInBufferException ) { return e.ErrorCode; }
+-  catch(const CLzOutWindowException ) { return e.ErrorCode; }
+-  catch(...) { return S_FALSE; }
++  catch(const CInBufferException ) { _errorMode = true; return e.ErrorCode; 
}
++  catch(const CLzOutWindowException ) { _errorMode = true; return 
e.ErrorCode; }
++  catch(...) { _errorMode = true; return S_FALSE; }
+ }
+ 
+ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
+diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h
+index 630f089..01b606b 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.h
 b/CPP/7zip/Compress/Rar1Decoder.h
+@@ -39,6 +39,7 @@ public:
+ 
+   Int64 m_UnpackSize;
+   bool m_IsSolid;
++  bool _errorMode;
+ 
+   UInt32 ReadBits(int numBits);
+   HRESULT CopyBlock(UInt32 distance, UInt32 len);
+diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp 
b/CPP/7zip/Compress/Rar2Decoder.cpp
+index b3f2b4b..0580c8d 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.cpp
 b/CPP/7zip/Compress/Rar2Decoder.cpp
+@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20;
+ static const UInt32 kWindowReservSize = (1 << 22) + 256;
+ 
+ CDecoder::CDecoder():
+-  m_IsSolid(false)
++  m_IsSolid(false),
++  m_TablesOK(false)
+ {
+ }
+ 
+@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return 
m_InBitStream.ReadBits(numB
+ 
+ bool CDecoder::ReadTables(void)
+ {
++  m_TablesOK = false;
++
+   Byte levelLevels[kLevelTableSize];
+   Byte newLevels[kMaxTableSize];
+   m_AudioMode = (ReadBits(1) == 1);
+@@ -170,6 +173,8 @@ bool

[arch-commits] Commit in p7zip/trunk (3 files)

2016-07-16 Thread Evangelos Foutras 
Date: Saturday, July 16, 2016 @ 13:04:22
  Author: foutrelis
Revision: 271943

upgpkg: p7zip 16.02-1

New upstream release.

Modified:
  p7zip/trunk/PKGBUILD
Deleted:
  p7zip/trunk/CVE-2016-2334.patch
  p7zip/trunk/CVE-2016-2335.patch

-+
 CVE-2016-2334.patch |   24 
 CVE-2016-2335.patch |   17 -
 PKGBUILD|   16 
 3 files changed, 4 insertions(+), 53 deletions(-)

Deleted: CVE-2016-2334.patch
===
--- CVE-2016-2334.patch 2016-07-16 12:39:18 UTC (rev 271942)
+++ CVE-2016-2334.patch 2016-07-16 13:04:22 UTC (rev 271943)
@@ -1,24 +0,0 @@
-Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
-===
 p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
-+++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
-@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
-   item.GroupID = Get32(r + 0x24);
-   item.AdminFlags = r[0x28];
-   item.OwnerFlags = r[0x29];
-+  */
-   item.FileMode = Get16(r + 0x2A);
-+  /*
-   item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
-   item.FileType = Get32(r + 0x30);
-   item.FileCreator = Get32(r + 0x34);
-@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
- 
- UInt32 size = GetUi32(tableBuf + i * 8 + 4);
- 
-+if (size > buf.Size() || size > kCompressionBlockSize + 1)
-+return S_FALSE;
-+
- RINOK(ReadStream_FALSE(inStream, buf, size));
- 
- if ((buf[0] & 0xF) == 0xF)

Deleted: CVE-2016-2335.patch
===
--- CVE-2016-2335.patch 2016-07-16 12:39:18 UTC (rev 271942)
+++ CVE-2016-2335.patch 2016-07-16 13:04:22 UTC (rev 271943)
@@ -1,17 +0,0 @@
-Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
-===
 p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
-+++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
-@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
- return S_FALSE;
-   CFile  = Files.Back();
-   const CLogVol  = LogVols[volIndex];
--  CPartition  = 
Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
-+  unsigned partitionRef = lad.Location.PartitionRef;
-+
-+  if (partitionRef >= vol.PartitionMaps.Size())
-+  return S_FALSE;
-+  CPartition  = 
Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
- 
-   UInt32 key = lad.Location.Pos;
-   UInt32 value;

Modified: PKGBUILD
===
--- PKGBUILD2016-07-16 12:39:18 UTC (rev 271942)
+++ PKGBUILD2016-07-16 13:04:22 UTC (rev 271943)
@@ -7,8 +7,8 @@
 # Contributor: Daniel J Griffiths 
 
 pkgname=p7zip
-pkgver=15.14.1
-pkgrel=2
+pkgver=16.02
+pkgrel=1
 pkgdesc="Command-line file archiver with high compression ratio"
 arch=('i686' 'x86_64')
 url="http://p7zip.sourceforge.net/;
@@ -17,12 +17,8 @@
 makedepends_i686=('nasm')
 makedepends_x86_64=('yasm')
 install=$pkgname.install
-source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2
-CVE-2016-2334.patch
-CVE-2016-2335.patch)
-sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4'
-'632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5'
-'368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf')
+source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
+sha256sums=('5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f')
 
 prepare() {
   cd "$srcdir/${pkgname}_$pkgver"
@@ -32,10 +28,6 @@
   else
 cp makefile.linux_x86_asm_gcc_4.X makefile.machine
   fi
-
-  # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
-  patch -Np1 -i ../CVE-2016-2334.patch
-  patch -Np1 -i ../CVE-2016-2335.patch
 }
 
 build() {

[arch-commits] Commit in p7zip/trunk (3 files)

2016-05-17 Thread Evangelos Foutras 
Date: Tuesday, May 17, 2016 @ 23:43:53
  Author: foutrelis
Revision: 268263

upgpkg: p7zip 15.14.1-2

Add patches for CVE-2016-2334 and CVE-2016-2335.

Added:
  p7zip/trunk/CVE-2016-2334.patch
  p7zip/trunk/CVE-2016-2335.patch
Modified:
  p7zip/trunk/PKGBUILD

-+
 CVE-2016-2334.patch |   24 
 CVE-2016-2335.patch |   17 +
 PKGBUILD|   14 +++---
 3 files changed, 52 insertions(+), 3 deletions(-)

Added: CVE-2016-2334.patch
===
--- CVE-2016-2334.patch (rev 0)
+++ CVE-2016-2334.patch 2016-05-17 21:43:53 UTC (rev 268263)
@@ -0,0 +1,24 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+===
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
 p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
+   item.GroupID = Get32(r + 0x24);
+   item.AdminFlags = r[0x28];
+   item.OwnerFlags = r[0x29];
++  */
+   item.FileMode = Get16(r + 0x2A);
++  /*
+   item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+   item.FileType = Get32(r + 0x30);
+   item.FileCreator = Get32(r + 0x34);
+@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+ 
+ UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+ 
++if (size > buf.Size() || size > kCompressionBlockSize + 1)
++return S_FALSE;
++
+ RINOK(ReadStream_FALSE(inStream, buf, size));
+ 
+ if ((buf[0] & 0xF) == 0xF)

Added: CVE-2016-2335.patch
===
--- CVE-2016-2335.patch (rev 0)
+++ CVE-2016-2335.patch 2016-05-17 21:43:53 UTC (rev 268263)
@@ -0,0 +1,17 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+===
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
 p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
+ return S_FALSE;
+   CFile  = Files.Back();
+   const CLogVol  = LogVols[volIndex];
+-  CPartition  = 
Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++  unsigned partitionRef = lad.Location.PartitionRef;
++
++  if (partitionRef >= vol.PartitionMaps.Size())
++  return S_FALSE;
++  CPartition  = 
Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+ 
+   UInt32 key = lad.Location.Pos;
+   UInt32 value;

Modified: PKGBUILD
===
--- PKGBUILD2016-05-17 21:41:51 UTC (rev 268262)
+++ PKGBUILD2016-05-17 21:43:53 UTC (rev 268263)
@@ -8,7 +8,7 @@
 
 pkgname=p7zip
 pkgver=15.14.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Command-line file archiver with high compression ratio"
 arch=('i686' 'x86_64')
 url="http://p7zip.sourceforge.net/;
@@ -17,8 +17,12 @@
 makedepends_i686=('nasm')
 makedepends_x86_64=('yasm')
 install=$pkgname.install
-source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
-sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4')
+source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2
+CVE-2016-2334.patch
+CVE-2016-2335.patch)
+sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4'
+'632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5'
+'368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf')
 
 prepare() {
   cd "$srcdir/${pkgname}_$pkgver"
@@ -28,6 +32,10 @@
   else
 cp makefile.linux_x86_asm_gcc_4.X makefile.machine
   fi
+
+  # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
+  patch -Np1 -i ../CVE-2016-2334.patch
+  patch -Np1 -i ../CVE-2016-2335.patch
 }
 
 build() {