CRUX
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
February 2018
- 1 participants
- 23 discussions
ports/contrib (3.4): [notify] p7zip: fixes for CVE-2016-9296.patch, CVE-2017-17969.patch, and CVE-2018-5996.patch. Closes FS#1580
by crux@crux.nu 07 Feb '18
by crux@crux.nu 07 Feb '18
07 Feb '18
commit 62e839b570baa91c51739ac9d6a21849b3c925db
Author: Danny Rawlins <monster.romster(a)gmail.com>
Date: Wed Feb 7 18:45:24 2018 +1100
[notify] p7zip: fixes for CVE-2016-9296.patch, CVE-2017-17969.patch, and CVE-2018-5996.patch. Closes FS#1580
diff --git a/p7zip/.md5sum b/p7zip/.md5sum
index 424dcc62..7fc47291 100644
--- a/p7zip/.md5sum
+++ b/p7zip/.md5sum
@@ -1 +1,4 @@
+0f0535ca888273f3779ca14e8f186813 CVE-2016-9296.patch
+ede45c239086e0a8fc4c8c3adf380f0d CVE-2017-17969.patch
+41e9a16637f6739a46a24fa07d16d94d CVE-2018-5996.patch
a0128d661cfe7cc8c121e73519c54fbf p7zip_16.02_src_all.tar.bz2
diff --git a/p7zip/.signature b/p7zip/.signature
index 57979791..66f773d1 100644
--- a/p7zip/.signature
+++ b/p7zip/.signature
@@ -1,5 +1,8 @@
untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF3yBK6ONywSal6rNFGEzZ2rY6GD5qWlnKYEb6dbTothOxcXh6SR9irKN1LBTFb75U/+6709nCG2v8D1g/HrIZ2gw=
-SHA256 (Pkgfile) = 90154b923ee35c6ffdeea4356b5bd5cd1a2f0580df91c57034405a5fc8827ce0
+RWSagIOpLGJF37IM0ATuRuLIEcxyM86x5S1dKTW0T/IR07nlrE+T9VMB6m2pCG0kIwTO+4b0RWl0Ztpx9PV8Yt97xrbmjx6YQgI=
+SHA256 (Pkgfile) = 1e5619ad27fdb542b9ef28032d9df1a7218a60061c6196db0ea0d476832ba7a0
SHA256 (.footprint) = 262106f802932fda3d849240c2989aa139523c2da42d343535491abcc22b26e5
SHA256 (p7zip_16.02_src_all.tar.bz2) = 5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f
+SHA256 (CVE-2016-9296.patch) = f9bcbf21d4aa8938861a6cba992df13dec19538286e9ed747ccec6d9a4e8f983
+SHA256 (CVE-2017-17969.patch) = 0027f47eb8633244ac0177c1bb4ed50afa64ab757b34379a4b64ac923b9385b0
+SHA256 (CVE-2018-5996.patch) = 9c92b9060fb0ecc3e754e6440d7773d04bc324d0f998ebcebc263264e5a520df
diff --git a/p7zip/CVE-2016-9296.patch b/p7zip/CVE-2016-9296.patch
new file mode 100644
index 00000000..773f92a4
--- /dev/null
+++ b/p7zip/CVE-2016-9296.patch
@@ -0,0 +1,12 @@
+--- ./CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-21 01:42:29.460901230 +0000
++++ ./CPP/7zip/Archive/7z/7zIn.cpp 2016-11-21 01:42:57.481197725 +0000
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
+ if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+ ThrowIncorrect();
+ }
+- HeadersSize += folders.PackPositions[folders.NumPackStreams];
++ if (folders.PackPositions)
++ HeadersSize += folders.PackPositions[folders.NumPackStreams];
+ return S_OK;
+ }
+
diff --git a/p7zip/CVE-2017-17969.patch b/p7zip/CVE-2017-17969.patch
new file mode 100644
index 00000000..9a820af7
--- /dev/null
+++ b/p7zip/CVE-2017-17969.patch
@@ -0,0 +1,26 @@
+From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat(a)debian.org>
+Date: Sun, 28 Jan 2018 21:19:50 +0100
+Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta
+
+---
+ CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
+index 80b7e67..4acdce5 100644
+--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+ {
+ _stack[i++] = _suffixes[cur];
+ cur = _parents[cur];
+- }
++ if (i >= kNumItems)
++ break;
++ }
++
++ if (i >= kNumItems)
++ break;
+
+ _stack[i++] = (Byte)cur;
+ lastChar2 = (Byte)cur;
diff --git a/p7zip/CVE-2018-5996.patch b/p7zip/CVE-2018-5996.patch
new file mode 100644
index 00000000..6733bff9
--- /dev/null
+++ b/p7zip/CVE-2018-5996.patch
@@ -0,0 +1,221 @@
+From: Robert Luberda <robert(a)debian.org>
+Date: Sun, 28 Jan 2018 23:47:40 +0100
+Subject: CVE-2018-5996
+
+Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by
+applying a few changes from 7Zip 18.00-beta.
+
+Bug-Debian: https://bugs.debian.org/#888314
+---
+ CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++----
+ CPP/7zip/Compress/Rar1Decoder.h | 1 +
+ CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++-
+ CPP/7zip/Compress/Rar2Decoder.h | 1 +
+ CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++---
+ CPP/7zip/Compress/Rar3Decoder.h | 2 ++
+ 6 files changed, 42 insertions(+), 8 deletions(-)
+
+diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp
+index 1aaedcc..68030c7 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.cpp
++++ b/CPP/7zip/Compress/Rar1Decoder.cpp
+@@ -29,7 +29,7 @@ public:
+ };
+ */
+
+-CDecoder::CDecoder(): m_IsSolid(false) { }
++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
+
+ void CDecoder::InitStructures()
+ {
+@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+ InitData();
+ if (!m_IsSolid)
+ {
++ _errorMode = false;
+ InitStructures();
+ InitHuff();
+ }
++
++ if (_errorMode)
++ return S_FALSE;
++
+ if (m_UnpackSize > 0)
+ {
+ GetFlagsBuf();
+@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+ const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress)
+ {
+ try { return CodeReal(inStream, outStream, inSize, outSize, progress); }
+- catch(const CInBufferException &e) { return e.ErrorCode; }
+- catch(const CLzOutWindowException &e) { return e.ErrorCode; }
+- catch(...) { return S_FALSE; }
++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; }
++ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; }
++ catch(...) { _errorMode = true; return S_FALSE; }
+ }
+
+ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
+diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h
+index 630f089..01b606b 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.h
++++ b/CPP/7zip/Compress/Rar1Decoder.h
+@@ -39,6 +39,7 @@ public:
+
+ Int64 m_UnpackSize;
+ bool m_IsSolid;
++ bool _errorMode;
+
+ UInt32 ReadBits(int numBits);
+ HRESULT CopyBlock(UInt32 distance, UInt32 len);
+diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp
+index b3f2b4b..0580c8d 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.cpp
++++ b/CPP/7zip/Compress/Rar2Decoder.cpp
+@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20;
+ static const UInt32 kWindowReservSize = (1 << 22) + 256;
+
+ CDecoder::CDecoder():
+- m_IsSolid(false)
++ m_IsSolid(false),
++ m_TablesOK(false)
+ {
+ }
+
+@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB
+
+ bool CDecoder::ReadTables(void)
+ {
++ m_TablesOK = false;
++
+ Byte levelLevels[kLevelTableSize];
+ Byte newLevels[kMaxTableSize];
+ m_AudioMode = (ReadBits(1) == 1);
+@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void)
+ }
+
+ memcpy(m_LastLevels, newLevels, kMaxTableSize);
++ m_TablesOK = true;
++
+ return true;
+ }
+
+@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+ return S_FALSE;
+ }
+
++ if (!m_TablesOK)
++ return S_FALSE;
++
+ UInt64 startPos = m_OutWindowStream.GetProcessedSize();
+ while (pos < unPackSize)
+ {
+diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h
+index 3a0535c..0e9005f 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.h
++++ b/CPP/7zip/Compress/Rar2Decoder.h
+@@ -139,6 +139,7 @@ class CDecoder :
+
+ UInt64 m_PackSize;
+ bool m_IsSolid;
++ bool m_TablesOK;
+
+ void InitStructures();
+ UInt32 ReadBits(unsigned numBits);
+diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp
+index 3bf2513..6cb8a6a 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.cpp
++++ b/CPP/7zip/Compress/Rar3Decoder.cpp
+@@ -92,7 +92,8 @@ CDecoder::CDecoder():
+ _writtenFileSize(0),
+ _vmData(0),
+ _vmCode(0),
+- m_IsSolid(false)
++ m_IsSolid(false),
++ _errorMode(false)
+ {
+ Ppmd7_Construct(&_ppmd);
+ }
+@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+ return InitPPM();
+ }
+
++ TablesRead = false;
++ TablesOK = false;
++
+ _lzMode = true;
+ PrevAlignBits = 0;
+ PrevAlignCount = 0;
+@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+ }
+ }
+ }
++ if (InputEofError())
++ return S_FALSE;
++
+ TablesRead = true;
+
+ // original code has check here:
+@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+ RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize]));
+
+ memcpy(m_LastLevels, newLevels, kTablesSizesSum);
++
++ TablesOK = true;
++
+ return S_OK;
+ }
+
+@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+ PpmEscChar = 2;
+ PpmError = true;
+ InitFilters();
++ _errorMode = false;
+ }
++
++ if (_errorMode)
++ return S_FALSE;
++
+ if (!m_IsSolid || !TablesRead)
+ {
+ bool keepDecompressing;
+@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+ bool keepDecompressing;
+ if (_lzMode)
+ {
++ if (!TablesOK)
++ return S_FALSE;
+ RINOK(DecodeLZ(keepDecompressing))
+ }
+ else
+@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+ _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1;
+ return CodeReal(progress);
+ }
+- catch(const CInBufferException &e) { return e.ErrorCode; }
+- catch(...) { return S_FALSE; }
++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; }
++ catch(...) { _errorMode = true; return S_FALSE; }
+ // CNewException is possible here. But probably CNewException is caused
+ // by error in data stream.
+ }
+diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h
+index c130cec..2f72d7d 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.h
++++ b/CPP/7zip/Compress/Rar3Decoder.h
+@@ -192,6 +192,7 @@ class CDecoder:
+ UInt32 _lastFilter;
+
+ bool m_IsSolid;
++ bool _errorMode;
+
+ bool _lzMode;
+ bool _unsupportedFilter;
+@@ -200,6 +201,7 @@ class CDecoder:
+ UInt32 PrevAlignCount;
+
+ bool TablesRead;
++ bool TablesOK;
+
+ CPpmd7 _ppmd;
+ int PpmEscChar;
diff --git a/p7zip/Pkgfile b/p7zip/Pkgfile
index f032e566..fefb6770 100644
--- a/p7zip/Pkgfile
+++ b/p7zip/Pkgfile
@@ -1,17 +1,28 @@
# Description: A port of 7-zip for POSIX systems.
# URL: http://p7zip.sourceforge.net/
# Maintainer: Danny Rawlins, crux at romster dot me
-# Packager: Matt Housh, jaeger at crux dot nu
# Depends on: yasm
name=p7zip
version=16.02
-release=1
-source=(http://downloads.sourceforge.net/project/$name/$name/$version/${name}_${version}_src_all.tar.bz2)
+release=2
+source=(https://downloads.sourceforge.net/project/$name/$name/$version/${name}_${version}_src_all.tar.bz2
+ CVE-2016-9296.patch
+ CVE-2017-17969.patch
+ CVE-2018-5996.patch)
build() {
cd ${name}_$version
+ # https://nvd.nist.gov/vuln/detail/CVE-2016-9296
+ patch -p1 -i $SRC/CVE-2016-9296.patch
+
+ # https://nvd.nist.gov/vuln/detail/CVE-2017-17969
+ patch -p1 -i $SRC/CVE-2017-17969.patch
+
+ # https://nvd.nist.gov/vuln/detail/CVE-2018-5996
+ patch -p1 -i $SRC/CVE-2018-5996.patch
+
cp makefile.linux_amd64_asm makefile.machine
make all3 OPTFLAGS="$CFLAGS"
1
0
ports/contrib (3.3): [notify] p7zip: fixes for CVE-2016-9296.patch, CVE-2017-17969.patch, and CVE-2018-5996.patch. Closes FS#1580
by crux@crux.nu 07 Feb '18
by crux@crux.nu 07 Feb '18
07 Feb '18
commit 62e839b570baa91c51739ac9d6a21849b3c925db
Author: Danny Rawlins <monster.romster(a)gmail.com>
Date: Wed Feb 7 18:45:24 2018 +1100
[notify] p7zip: fixes for CVE-2016-9296.patch, CVE-2017-17969.patch, and CVE-2018-5996.patch. Closes FS#1580
diff --git a/p7zip/.md5sum b/p7zip/.md5sum
index 424dcc62..7fc47291 100644
--- a/p7zip/.md5sum
+++ b/p7zip/.md5sum
@@ -1 +1,4 @@
+0f0535ca888273f3779ca14e8f186813 CVE-2016-9296.patch
+ede45c239086e0a8fc4c8c3adf380f0d CVE-2017-17969.patch
+41e9a16637f6739a46a24fa07d16d94d CVE-2018-5996.patch
a0128d661cfe7cc8c121e73519c54fbf p7zip_16.02_src_all.tar.bz2
diff --git a/p7zip/.signature b/p7zip/.signature
index 57979791..66f773d1 100644
--- a/p7zip/.signature
+++ b/p7zip/.signature
@@ -1,5 +1,8 @@
untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF3yBK6ONywSal6rNFGEzZ2rY6GD5qWlnKYEb6dbTothOxcXh6SR9irKN1LBTFb75U/+6709nCG2v8D1g/HrIZ2gw=
-SHA256 (Pkgfile) = 90154b923ee35c6ffdeea4356b5bd5cd1a2f0580df91c57034405a5fc8827ce0
+RWSagIOpLGJF37IM0ATuRuLIEcxyM86x5S1dKTW0T/IR07nlrE+T9VMB6m2pCG0kIwTO+4b0RWl0Ztpx9PV8Yt97xrbmjx6YQgI=
+SHA256 (Pkgfile) = 1e5619ad27fdb542b9ef28032d9df1a7218a60061c6196db0ea0d476832ba7a0
SHA256 (.footprint) = 262106f802932fda3d849240c2989aa139523c2da42d343535491abcc22b26e5
SHA256 (p7zip_16.02_src_all.tar.bz2) = 5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f
+SHA256 (CVE-2016-9296.patch) = f9bcbf21d4aa8938861a6cba992df13dec19538286e9ed747ccec6d9a4e8f983
+SHA256 (CVE-2017-17969.patch) = 0027f47eb8633244ac0177c1bb4ed50afa64ab757b34379a4b64ac923b9385b0
+SHA256 (CVE-2018-5996.patch) = 9c92b9060fb0ecc3e754e6440d7773d04bc324d0f998ebcebc263264e5a520df
diff --git a/p7zip/CVE-2016-9296.patch b/p7zip/CVE-2016-9296.patch
new file mode 100644
index 00000000..773f92a4
--- /dev/null
+++ b/p7zip/CVE-2016-9296.patch
@@ -0,0 +1,12 @@
+--- ./CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-21 01:42:29.460901230 +0000
++++ ./CPP/7zip/Archive/7z/7zIn.cpp 2016-11-21 01:42:57.481197725 +0000
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
+ if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+ ThrowIncorrect();
+ }
+- HeadersSize += folders.PackPositions[folders.NumPackStreams];
++ if (folders.PackPositions)
++ HeadersSize += folders.PackPositions[folders.NumPackStreams];
+ return S_OK;
+ }
+
diff --git a/p7zip/CVE-2017-17969.patch b/p7zip/CVE-2017-17969.patch
new file mode 100644
index 00000000..9a820af7
--- /dev/null
+++ b/p7zip/CVE-2017-17969.patch
@@ -0,0 +1,26 @@
+From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat(a)debian.org>
+Date: Sun, 28 Jan 2018 21:19:50 +0100
+Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta
+
+---
+ CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
+index 80b7e67..4acdce5 100644
+--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+ {
+ _stack[i++] = _suffixes[cur];
+ cur = _parents[cur];
+- }
++ if (i >= kNumItems)
++ break;
++ }
++
++ if (i >= kNumItems)
++ break;
+
+ _stack[i++] = (Byte)cur;
+ lastChar2 = (Byte)cur;
diff --git a/p7zip/CVE-2018-5996.patch b/p7zip/CVE-2018-5996.patch
new file mode 100644
index 00000000..6733bff9
--- /dev/null
+++ b/p7zip/CVE-2018-5996.patch
@@ -0,0 +1,221 @@
+From: Robert Luberda <robert(a)debian.org>
+Date: Sun, 28 Jan 2018 23:47:40 +0100
+Subject: CVE-2018-5996
+
+Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by
+applying a few changes from 7Zip 18.00-beta.
+
+Bug-Debian: https://bugs.debian.org/#888314
+---
+ CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++----
+ CPP/7zip/Compress/Rar1Decoder.h | 1 +
+ CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++-
+ CPP/7zip/Compress/Rar2Decoder.h | 1 +
+ CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++---
+ CPP/7zip/Compress/Rar3Decoder.h | 2 ++
+ 6 files changed, 42 insertions(+), 8 deletions(-)
+
+diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp
+index 1aaedcc..68030c7 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.cpp
++++ b/CPP/7zip/Compress/Rar1Decoder.cpp
+@@ -29,7 +29,7 @@ public:
+ };
+ */
+
+-CDecoder::CDecoder(): m_IsSolid(false) { }
++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
+
+ void CDecoder::InitStructures()
+ {
+@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+ InitData();
+ if (!m_IsSolid)
+ {
++ _errorMode = false;
+ InitStructures();
+ InitHuff();
+ }
++
++ if (_errorMode)
++ return S_FALSE;
++
+ if (m_UnpackSize > 0)
+ {
+ GetFlagsBuf();
+@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+ const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress)
+ {
+ try { return CodeReal(inStream, outStream, inSize, outSize, progress); }
+- catch(const CInBufferException &e) { return e.ErrorCode; }
+- catch(const CLzOutWindowException &e) { return e.ErrorCode; }
+- catch(...) { return S_FALSE; }
++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; }
++ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; }
++ catch(...) { _errorMode = true; return S_FALSE; }
+ }
+
+ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
+diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h
+index 630f089..01b606b 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.h
++++ b/CPP/7zip/Compress/Rar1Decoder.h
+@@ -39,6 +39,7 @@ public:
+
+ Int64 m_UnpackSize;
+ bool m_IsSolid;
++ bool _errorMode;
+
+ UInt32 ReadBits(int numBits);
+ HRESULT CopyBlock(UInt32 distance, UInt32 len);
+diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp
+index b3f2b4b..0580c8d 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.cpp
++++ b/CPP/7zip/Compress/Rar2Decoder.cpp
+@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20;
+ static const UInt32 kWindowReservSize = (1 << 22) + 256;
+
+ CDecoder::CDecoder():
+- m_IsSolid(false)
++ m_IsSolid(false),
++ m_TablesOK(false)
+ {
+ }
+
+@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB
+
+ bool CDecoder::ReadTables(void)
+ {
++ m_TablesOK = false;
++
+ Byte levelLevels[kLevelTableSize];
+ Byte newLevels[kMaxTableSize];
+ m_AudioMode = (ReadBits(1) == 1);
+@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void)
+ }
+
+ memcpy(m_LastLevels, newLevels, kMaxTableSize);
++ m_TablesOK = true;
++
+ return true;
+ }
+
+@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+ return S_FALSE;
+ }
+
++ if (!m_TablesOK)
++ return S_FALSE;
++
+ UInt64 startPos = m_OutWindowStream.GetProcessedSize();
+ while (pos < unPackSize)
+ {
+diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h
+index 3a0535c..0e9005f 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.h
++++ b/CPP/7zip/Compress/Rar2Decoder.h
+@@ -139,6 +139,7 @@ class CDecoder :
+
+ UInt64 m_PackSize;
+ bool m_IsSolid;
++ bool m_TablesOK;
+
+ void InitStructures();
+ UInt32 ReadBits(unsigned numBits);
+diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp
+index 3bf2513..6cb8a6a 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.cpp
++++ b/CPP/7zip/Compress/Rar3Decoder.cpp
+@@ -92,7 +92,8 @@ CDecoder::CDecoder():
+ _writtenFileSize(0),
+ _vmData(0),
+ _vmCode(0),
+- m_IsSolid(false)
++ m_IsSolid(false),
++ _errorMode(false)
+ {
+ Ppmd7_Construct(&_ppmd);
+ }
+@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+ return InitPPM();
+ }
+
++ TablesRead = false;
++ TablesOK = false;
++
+ _lzMode = true;
+ PrevAlignBits = 0;
+ PrevAlignCount = 0;
+@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+ }
+ }
+ }
++ if (InputEofError())
++ return S_FALSE;
++
+ TablesRead = true;
+
+ // original code has check here:
+@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
+ RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize]));
+
+ memcpy(m_LastLevels, newLevels, kTablesSizesSum);
++
++ TablesOK = true;
++
+ return S_OK;
+ }
+
+@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+ PpmEscChar = 2;
+ PpmError = true;
+ InitFilters();
++ _errorMode = false;
+ }
++
++ if (_errorMode)
++ return S_FALSE;
++
+ if (!m_IsSolid || !TablesRead)
+ {
+ bool keepDecompressing;
+@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+ bool keepDecompressing;
+ if (_lzMode)
+ {
++ if (!TablesOK)
++ return S_FALSE;
+ RINOK(DecodeLZ(keepDecompressing))
+ }
+ else
+@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+ _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1;
+ return CodeReal(progress);
+ }
+- catch(const CInBufferException &e) { return e.ErrorCode; }
+- catch(...) { return S_FALSE; }
++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; }
++ catch(...) { _errorMode = true; return S_FALSE; }
+ // CNewException is possible here. But probably CNewException is caused
+ // by error in data stream.
+ }
+diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h
+index c130cec..2f72d7d 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.h
++++ b/CPP/7zip/Compress/Rar3Decoder.h
+@@ -192,6 +192,7 @@ class CDecoder:
+ UInt32 _lastFilter;
+
+ bool m_IsSolid;
++ bool _errorMode;
+
+ bool _lzMode;
+ bool _unsupportedFilter;
+@@ -200,6 +201,7 @@ class CDecoder:
+ UInt32 PrevAlignCount;
+
+ bool TablesRead;
++ bool TablesOK;
+
+ CPpmd7 _ppmd;
+ int PpmEscChar;
diff --git a/p7zip/Pkgfile b/p7zip/Pkgfile
index f032e566..fefb6770 100644
--- a/p7zip/Pkgfile
+++ b/p7zip/Pkgfile
@@ -1,17 +1,28 @@
# Description: A port of 7-zip for POSIX systems.
# URL: http://p7zip.sourceforge.net/
# Maintainer: Danny Rawlins, crux at romster dot me
-# Packager: Matt Housh, jaeger at crux dot nu
# Depends on: yasm
name=p7zip
version=16.02
-release=1
-source=(http://downloads.sourceforge.net/project/$name/$name/$version/${name}_${version}_src_all.tar.bz2)
+release=2
+source=(https://downloads.sourceforge.net/project/$name/$name/$version/${name}_${version}_src_all.tar.bz2
+ CVE-2016-9296.patch
+ CVE-2017-17969.patch
+ CVE-2018-5996.patch)
build() {
cd ${name}_$version
+ # https://nvd.nist.gov/vuln/detail/CVE-2016-9296
+ patch -p1 -i $SRC/CVE-2016-9296.patch
+
+ # https://nvd.nist.gov/vuln/detail/CVE-2017-17969
+ patch -p1 -i $SRC/CVE-2017-17969.patch
+
+ # https://nvd.nist.gov/vuln/detail/CVE-2018-5996
+ patch -p1 -i $SRC/CVE-2018-5996.patch
+
cp makefile.linux_amd64_asm makefile.machine
make all3 OPTFLAGS="$CFLAGS"
1
0
07 Feb '18
commit 91773e40ee9bfb477ee795ede30c2f58f6edbf72
Author: Danny Rawlins <monster.romster(a)gmail.com>
Date: Wed Feb 7 18:20:14 2018 +1100
[notify] ffmpeg: CVE-2018-6621 closes FS#1581
diff --git a/ffmpeg/.md5sum b/ffmpeg/.md5sum
index 8d389f99..19b11a71 100644
--- a/ffmpeg/.md5sum
+++ b/ffmpeg/.md5sum
@@ -1,2 +1,3 @@
+5e0c5cca88620751af75ce7a219b5b09 CVE-2018-6621.patch
bbf3fcded80c33968c91bf323a744286 ffmpeg-3.4.1.tar.bz2
dae0c10c99399580c929fc100e79faef ffmpeg-x264-10bit.sh
diff --git a/ffmpeg/.signature b/ffmpeg/.signature
index 267c88cc..2ee8ffb1 100644
--- a/ffmpeg/.signature
+++ b/ffmpeg/.signature
@@ -1,6 +1,7 @@
untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF3/q/HTqDYuPVkPLXCqSg5s0Xlw/0KBw1nBtA13pgd0SYJ9Icm5OCEuTto6+vnUetzQtYLbcvRbKdTowr0/tLLwI=
-SHA256 (Pkgfile) = 00461a23cccf3da23b382be6273ba844f794633976f2a3034d6059abc5e8d6bd
+RWSagIOpLGJF3wYh+oQIJbx0WSoQpCT6i1GSDkuKl7IZOamNm4WWhu0zaBE2I5NJJpNYrxHmn5duvTE7aAuBZEpOHWHDx5KjtQo=
+SHA256 (Pkgfile) = aef3aa9d55efc42256094b9d9c2fe6b8398910ee4f6d8387559f14fc85b85e9e
SHA256 (.footprint) = 2b74837c5c830b52d0bb6f4258bdf7c2e4dd56982b9f9455248b8195b970d1cb
SHA256 (ffmpeg-3.4.1.tar.bz2) = f3443e20154a590ab8a9eef7bc951e8731425efc75b44ff4bee31d8a7a574a2c
SHA256 (ffmpeg-x264-10bit.sh) = dde9627c41800235fbcfe0f74d2181be96239a82cd2d0d277715dddb57eb9cb3
+SHA256 (CVE-2018-6621.patch) = e3b9aff1fe9aef2d7153d7517f9c349beef27c2859bf1fb01076eeab263a445e
diff --git a/ffmpeg/CVE-2018-6621.patch b/ffmpeg/CVE-2018-6621.patch
new file mode 100644
index 00000000..8c9e4dd0
--- /dev/null
+++ b/ffmpeg/CVE-2018-6621.patch
@@ -0,0 +1,11 @@
+--- a/libavcodec/utvideodec.c 2017-12-11 05:35:09.000000000 +0800
++++ b/libavcodec/utvideodec.c 2018-02-06 15:54:54.872000000 +0800
+@@ -561,7 +561,7 @@ static int decode_frame(AVCodecContext *
+ for (j = 0; j < c->slices; j++) {
+ slice_end = bytestream2_get_le32u(&gb);
+ if (slice_end < 0 || slice_end < slice_start ||
+- bytestream2_get_bytes_left(&gb) < slice_end) {
++ bytestream2_get_bytes_left(&gb) < slice_end + 1024LL) {
+ av_log(avctx, AV_LOG_ERROR, "Incorrect slice size\n");
+ return AVERROR_INVALIDDATA;
+ }
diff --git a/ffmpeg/Pkgfile b/ffmpeg/Pkgfile
index ae6617e3..fa82cded 100644
--- a/ffmpeg/Pkgfile
+++ b/ffmpeg/Pkgfile
@@ -7,13 +7,17 @@
name=ffmpeg
version=3.4.1
-release=1
+release=2
source=(https://ffmpeg.org/releases/$name-$version.tar.bz2
- ffmpeg-x264-10bit.sh)
+ ffmpeg-x264-10bit.sh
+ CVE-2018-6621.patch)
build() {
cd $name-$version
+ #https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6621
+ patch -p1 -i $SRC/CVE-2018-6621.patch
+
[ -e '/usr/lib/pkgconfig/libwebp.pc' ] && PKGMK_FFMPEG+=' --enable-libwebp'
[ -e '/usr/lib/pkgconfig/vdpau.pc' ] && PKGMK_FFMPEG+=' --enable-vdpau'
[ -e '/usr/lib/pkgconfig/freetype2.pc' ] && PKGMK_FFMPEG+=' --enable-libfreetype'
1
0