commit: 2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7 Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org> AuthorDate: Thu Jun 28 19:06:34 2018 +0000 Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org> CommitDate: Thu Jun 28 19:07:04 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b160b9f
app-arch/p7zip: add fix for CVE-2018-10115 Bug: https://bugs.gentoo.org/655270 Package-Manager: Portage-2.3.40, Repoman-2.3.9 app-arch/p7zip/files/CVE-2018-10115.patch | 311 ++++++++++++++++++++++++++++++ app-arch/p7zip/p7zip-16.02-r4.ebuild | 165 ++++++++++++++++ 2 files changed, 476 insertions(+) diff --git a/app-arch/p7zip/files/CVE-2018-10115.patch b/app-arch/p7zip/files/CVE-2018-10115.patch new file mode 100644 index 00000000000..7d9c4bf81f0 --- /dev/null +++ b/app-arch/p7zip/files/CVE-2018-10115.patch @@ -0,0 +1,311 @@ +From: Robert Luberda <rob...@debian.org> +Date: Tue, 29 May 2018 23:59:09 +0200 +Subject: Fix CVE-2018-10115 + +Apply "patch" taken from https://landave.io/files/patch_7zip_CVE-2018-10115.txt + + +Bugs-Debian: https://bugs.debian.org/897674 +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 16 +++++++++++----- + CPP/7zip/Compress/Rar1Decoder.h | 3 ++- + CPP/7zip/Compress/Rar2Decoder.cpp | 17 +++++++++++++---- + CPP/7zip/Compress/Rar2Decoder.h | 3 ++- + CPP/7zip/Compress/Rar3Decoder.cpp | 19 +++++++++++++++---- + CPP/7zip/Compress/Rar3Decoder.h | 3 ++- + CPP/7zip/Compress/Rar5Decoder.cpp | 8 ++++++++ + CPP/7zip/Compress/Rar5Decoder.h | 1 + + 8 files changed, 54 insertions(+), 16 deletions(-) + +diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp +index 68030c7..8c890c8 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.cpp ++++ b/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } ++CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -345,7 +345,7 @@ void CDecoder::GetFlagsBuf() + + void CDecoder::InitData() + { +- if (!m_IsSolid) ++ if (!_isSolid) + { + AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0; + AvrPlc = 0x3500; +@@ -391,6 +391,11 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + if (inSize == NULL || outSize == NULL) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ ++ _solidAllowed = false; ++ + if (!m_OutWindowStream.Create(kHistorySize)) + return E_OUTOFMEMORY; + if (!m_InBitStream.Create(1 << 20)) +@@ -398,13 +403,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + + m_UnpackSize = (Int64)*outSize; + m_OutWindowStream.SetStream(outStream); +- m_OutWindowStream.Init(m_IsSolid); ++ m_OutWindowStream.Init(_isSolid); + m_InBitStream.SetStream(inStream); + m_InBitStream.Init(); + + // CCoderReleaser coderReleaser(this); + InitData(); +- if (!m_IsSolid) ++ if (!_isSolid) + { + _errorMode = false; + InitStructures(); +@@ -475,6 +480,7 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + } + if (m_UnpackSize < 0) + return S_FALSE; ++ _solidAllowed = true; + return m_OutWindowStream.Flush(); + } + +@@ -491,7 +497,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h +index 01b606b..8abb3a3 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.h ++++ b/CPP/7zip/Compress/Rar1Decoder.h +@@ -38,7 +38,8 @@ public: + UInt32 LastLength; + + Int64 m_UnpackSize; +- bool m_IsSolid; ++ bool _isSolid; ++ bool _solidAllowed; + bool _errorMode; + + UInt32 ReadBits(int numBits); +diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp +index 0580c8d..be8d842 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.cpp ++++ b/CPP/7zip/Compress/Rar2Decoder.cpp +@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20; + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false), ++ _isSolid(false), ++ _solidAllowed(false), + m_TablesOK(false) + { + } +@@ -320,6 +321,10 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + if (inSize == NULL || outSize == NULL) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ _solidAllowed = false; ++ + if (!m_OutWindowStream.Create(kHistorySize)) + return E_OUTOFMEMORY; + if (!m_InBitStream.Create(1 << 20)) +@@ -330,12 +335,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + UInt64 pos = 0, unPackSize = *outSize; + + m_OutWindowStream.SetStream(outStream); +- m_OutWindowStream.Init(m_IsSolid); ++ m_OutWindowStream.Init(_isSolid); + m_InBitStream.SetStream(inStream); + m_InBitStream.Init(); + + // CCoderReleaser coderReleaser(this); +- if (!m_IsSolid) ++ if (!_isSolid) + { + InitStructures(); + if (unPackSize == 0) +@@ -343,6 +348,7 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect; + if (!ReadTables()) + return S_FALSE; ++ _solidAllowed = true; + return S_OK; + } + if (!ReadTables()) +@@ -386,6 +392,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + + if (!ReadLastTables()) + return S_FALSE; ++ ++ _solidAllowed = true; ++ + return m_OutWindowStream.Flush(); + } + +@@ -402,7 +411,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h +index 0e9005f..370bce2 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.h ++++ b/CPP/7zip/Compress/Rar2Decoder.h +@@ -138,7 +138,8 @@ class CDecoder : + Byte m_LastLevels[kMaxTableSize]; + + UInt64 m_PackSize; +- bool m_IsSolid; ++ bool _isSolid; ++ bool _solidAllowed; + bool m_TablesOK; + + void InitStructures(); +diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp +index 6cb8a6a..7b85833 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.cpp ++++ b/CPP/7zip/Compress/Rar3Decoder.cpp +@@ -92,7 +92,8 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false), ++ _isSolid(false), ++ _solidAllowed(false), + _errorMode(false) + { + Ppmd7_Construct(&_ppmd); +@@ -821,7 +822,7 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + { + _writtenFileSize = 0; + _unsupportedFilter = false; +- if (!m_IsSolid) ++ if (!_isSolid) + { + _lzSize = 0; + _winPos = 0; +@@ -840,12 +841,15 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + if (_errorMode) + return S_FALSE; + +- if (!m_IsSolid || !TablesRead) ++ if (!_isSolid || !TablesRead) + { + bool keepDecompressing; + RINOK(ReadTables(keepDecompressing)); + if (!keepDecompressing) ++ { ++ _solidAllowed = true; + return S_OK; ++ } + } + + for (;;) +@@ -870,6 +874,9 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + if (!keepDecompressing) + break; + } ++ ++ _solidAllowed = true; ++ + RINOK(WriteBuf()); + UInt64 packSize = m_InBitStream.BitDecoder.GetProcessedSize(); + RINOK(progress->SetRatioInfo(&packSize, &_writtenFileSize)); +@@ -890,6 +897,10 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + if (!inSize) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ _solidAllowed = false; ++ + if (!_vmData) + { + _vmData = (Byte *)::MidAlloc(kVmDataSizeMax + kVmCodeSizeMax); +@@ -928,7 +939,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h +index 2f72d7d..32c8943 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.h ++++ b/CPP/7zip/Compress/Rar3Decoder.h +@@ -191,7 +191,8 @@ class CDecoder: + CRecordVector<CTempFilter *> _tempFilters; + UInt32 _lastFilter; + +- bool m_IsSolid; ++ bool _isSolid; ++ bool _solidAllowed; + bool _errorMode; + + bool _lzMode; +diff --git a/CPP/7zip/Compress/Rar5Decoder.cpp b/CPP/7zip/Compress/Rar5Decoder.cpp +index dc8830f..a826d5a 100644 +--- a/CPP/7zip/Compress/Rar5Decoder.cpp ++++ b/CPP/7zip/Compress/Rar5Decoder.cpp +@@ -72,6 +72,7 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _dictSizeLog(0), + _isSolid(false), ++ _solidAllowed(false), + _wasInit(false), + _inputBuf(NULL) + { +@@ -801,7 +802,10 @@ HRESULT CDecoder::CodeReal() + */ + + if (res == S_OK) ++ { ++ _solidAllowed = true; + res = res2; ++ } + + if (res == S_OK && _unpackSize_Defined && _writtenFileSize != _unpackSize) + return S_FALSE; +@@ -821,6 +825,10 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + { + try + { ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ _solidAllowed = false; ++ + if (_dictSizeLog >= sizeof(size_t) * 8) + return E_NOTIMPL; + +diff --git a/CPP/7zip/Compress/Rar5Decoder.h b/CPP/7zip/Compress/Rar5Decoder.h +index b0a4dd1..3db5018 100644 +--- a/CPP/7zip/Compress/Rar5Decoder.h ++++ b/CPP/7zip/Compress/Rar5Decoder.h +@@ -271,6 +271,7 @@ class CDecoder: + Byte _dictSizeLog; + bool _tableWasFilled; + bool _isSolid; ++ bool _solidAllowed; + bool _wasInit; + + UInt32 _reps[kNumReps]; diff --git a/app-arch/p7zip/p7zip-16.02-r4.ebuild b/app-arch/p7zip/p7zip-16.02-r4.ebuild new file mode 100644 index 00000000000..57134020e70 --- /dev/null +++ b/app-arch/p7zip/p7zip-16.02-r4.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +WX_GTK_VER="3.0" + +inherit toolchain-funcs wxwidgets + +DESCRIPTION="Port of 7-Zip archiver for Unix" +HOMEPAGE="http://p7zip.sourceforge.net/"; +SRC_URI="mirror://sourceforge/${PN}/${PN}_${PV}_src_all.tar.bz2" + +LICENSE="LGPL-2.1 rar? ( unRAR )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris" +IUSE="abi_x86_x32 doc kde +pch rar static wxwidgets" + +REQUIRED_USE="kde? ( wxwidgets )" + +RDEPEND="wxwidgets? ( x11-libs/wxGTK:${WX_GTK_VER}[X] )" +DEPEND="${RDEPEND} + abi_x86_x32? ( >=dev-lang/yasm-1.2.0-r1 ) + amd64? ( dev-lang/yasm ) + x86? ( dev-lang/nasm )" + +S=${WORKDIR}/${PN}_${PV} + +DOCS=( ChangeLog README TODO ) + +PATCHES=( + "${FILESDIR}"/${P}-darwin.patch + "${FILESDIR}"/CVE-2016-9296.patch + "${FILESDIR}"/CVE-2017-17969.patch + "${FILESDIR}"/CVE-2018-5996.patch + "${FILESDIR}"/CVE-2018-10115.patch +) + +src_prepare() { + default + + if ! use pch; then + sed "s:PRE_COMPILED_HEADER=StdAfx.h.gch:PRE_COMPILED_HEADER=:g" -i makefile.* || die + fi + + sed \ + -e 's:-m32 ::g' \ + -e 's:-m64 ::g' \ + -e 's:-pipe::g' \ + -e '/ALLFLAGS/s:-s ::' \ + -e "/OPTFLAGS=/s:=.*:=${CXXFLAGS}:" \ + -i makefile* || die + + # remove non-free RAR codec + if use rar; then + ewarn "Enabling nonfree RAR decompressor" + else + sed \ + -e '/Rar/d' \ + -e '/RAR/d' \ + -i makefile* CPP/7zip/Bundles/Format7zFree/makefile || die + rm -rf CPP/7zip/Compress/Rar || die + fi + + if use abi_x86_x32; then + sed -i -e "/^ASM=/s:amd64:x32:" makefile* || die + cp -f makefile.linux_amd64_asm makefile.machine || die + elif use amd64; then + cp -f makefile.linux_amd64_asm makefile.machine || die + elif use x86; then + cp -f makefile.linux_x86_asm_gcc_4.X makefile.machine || die + elif [[ ${CHOST} == *-darwin* ]] ; then + # Mac OS X needs this special makefile, because it has a non-GNU + # linker, it doesn't matter so much for bitwidth, for it doesn't + # do anything with it + cp -f makefile.macosx_llvm_64bits makefile.machine + # bundles have extension .bundle but don't die because USE=-rar + # removes the Rar directory + sed -i -e '/strcpy(name/s/\.so/.bundle/' \ + CPP/Windows/DLL.cpp || die + sed -i -e '/^PROG=/s/\.so/.bundle/' \ + CPP/7zip/Bundles/Format7zFree/makefile.list \ + $(use rar && echo CPP/7zip/Compress/Rar/makefile.list) || die + elif use x86-fbsd; then + # FreeBSD needs this special makefile, because it hasn't -ldl + sed -e 's/-lc_r/-pthread/' makefile.freebsd > makefile.machine + fi + + if use static; then + sed -i -e '/^LOCAL_LIBS=/s/LOCAL_LIBS=/&-static /' makefile.machine || die + fi + + if use kde || use wxwidgets; then + need-wxwidgets unicode + einfo "Preparing dependency list" + emake depend + fi +} + +src_compile() { + emake CC=$(tc-getCC) CXX=$(tc-getCXX) all3 + if use kde || use wxwidgets; then + emake CC=$(tc-getCC) CXX=$(tc-getCXX) -- 7zG +# emake -- 7zFM + fi +} + +src_test() { + emake test test_7z test_7zr +} + +src_install() { + # this wrappers can not be symlinks, p7zip should be called with full path + make_wrapper 7zr "/usr/$(get_libdir)/${PN}/7zr" + make_wrapper 7za "/usr/$(get_libdir)/${PN}/7za" + make_wrapper 7z "/usr/$(get_libdir)/${PN}/7z" + + if use kde || use wxwidgets; then + make_wrapper 7zG "/usr/$(get_libdir)/${PN}/7zG" +# make_wrapper 7zFM "/usr/$(get_libdir)/${PN}/7zFM" + +# make_desktop_entry 7zFM "${PN} FM" ${PN} "GTK;Utility;Archiving;Compression" + + dobin GUI/p7zipForFilemanager + exeinto /usr/$(get_libdir)/${PN} +# doexe bin/7z{G,FM} + doexe bin/7zG + + insinto /usr/$(get_libdir)/${PN} + doins -r GUI/Lang + doins -r DOC/MANUAL + + insinto /usr/share/icons/hicolor/16x16/apps/ + newins GUI/p7zip_16_ok.png p7zip.png + + if use kde; then + rm GUI/kde4/p7zip_compress.desktop || die + insinto /usr/share/kservices5/ServiceMenus + doins GUI/kde4/*.desktop + dodir /usr/share/kde4/services/ServiceMenus # drop these lines after konqueror:4/krusader:4 are gone + for item in "${ED}"usr/share/kservices5/ServiceMenus/*.desktop; do + item="$(basename ${item})" + dosym "/usr/share/kservices5/ServiceMenus/${item}" "/usr/share/kde4/services/ServiceMenus/${item}" + done + fi + fi + + dobin contrib/gzip-like_CLI_wrapper_for_7z/p7zip + doman contrib/gzip-like_CLI_wrapper_for_7z/man1/p7zip.1 + + exeinto /usr/$(get_libdir)/${PN} + doexe bin/7z bin/7za bin/7zr bin/7zCon.sfx + doexe bin/*$(get_modname) + if use rar; then + exeinto /usr/$(get_libdir)/${PN}/Codecs/ + doexe bin/Codecs/*$(get_modname) + fi + + doman man1/7z.1 man1/7za.1 man1/7zr.1 + + if use doc; then + dodoc DOC/*.txt + dohtml -r DOC/MANUAL/* + fi +}
