subject:"\[patch\] archivers\/p7zip"

Re: [patch] archivers/p7zip

2018-06-19 Thread Josh Grosse

On Tue, Jun 19, 2018 at 11:25:01AM +0100, Stuart Henderson wrote:
> On 2018/06/19 05:15, Josh Grosse wrote:
> > A patch for CVE-2018-10115 was posted May 8, no comments received.
> > 
> >https://marc.info/?l=openbsd-ports=152581494615299=2
> > 
> > A patch for CVE-2017-17969 has been added to the attached diff.
> 
> It's a bit tricky to review the code changes directly, can you send some
> links/information for the CVE-2018-10115 ones like you have for the
> CVE-2017-17969 one so we at least have a better idea of provenance?

Sorry, Stuart, for missing that.  The patch was obtained here:
https://sourceforge.net/p/p7zip/discussion/383043/thread/5dd56271/

> Seems there is also CVE-2018-5996 which looks fairly nasty.

Yes.  Robert Luberda (Debian's robert@) had worked up a revision
which I found last night.  It was listed as a "hopeful" fix and
I would like to discuss with him before attempting to integrate it
with the 10115 patches, as there are conflicts.  FreeBSD has 
applied it, but they have not added 10115.

It is unfortunate that the p7zip project has apparently abandoned
interest in addressing any CVEs.  It leaves the various downstream
ports to haphazardly apply what they feel would be most helpful,
and there is no consistency in approach.  We could follow Redhat's
lead and eliminate the -rar subpackage, and that would eliminate
needing to deal with either 5996 or 10115.

Re: [patch] archivers/p7zip

2018-06-19 Thread Stuart Henderson

On 2018/06/19 05:15, Josh Grosse wrote:
> A patch for CVE-2018-10115 was posted May 8, no comments received.
> 
>https://marc.info/?l=openbsd-ports=152581494615299=2
> 
> A patch for CVE-2017-17969 has been added to the attached diff.

It's a bit tricky to review the code changes directly, can you send some
links/information for the CVE-2018-10115 ones like you have for the
CVE-2017-17969 one so we at least have a better idea of provenance?

Seems there is also CVE-2018-5996 which looks fairly nasty.


> Index: Makefile
> ===
> RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v
> retrieving revision 1.44
> diff -u -p -r1.44 Makefile
> --- Makefile  9 Apr 2018 15:58:26 -   1.44
> +++ Makefile  8 May 2018 19:57:34 -
> @@ -4,8 +4,8 @@ COMMENT-main= file archiver with high co
>  COMMENT-rar= rar modules for p7zip
>  
>  V=   16.02
> -REVISION-main=   4
> -REVISION-rar=1
> +REVISION-main=   5
> +REVISION-rar=2
>  DISTNAME=p7zip_${V}_src_all
>  PKGNAME= p7zip-${V}
>  PKGNAME-main=p7zip-${V}
> Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp
> ===
> RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp
> diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp8 May 2018 
> 19:45:54 -
> @@ -0,0 +1,49 @@
> +$OpenBSD$
> +
> +Fix for CVE-2018-10115, from Denisov Denis.
> +
> +Index: CPP/7zip/Archive/Rar/Rar5Handler.cpp
> +--- CPP/7zip/Archive/Rar/Rar5Handler.cpp.orig
>  CPP/7zip/Archive/Rar/Rar5Handler.cpp
> +@@ -102,11 +102,11 @@ static unsigned ReadVarInt(const Byte *p, size_t maxSi
> + {
> +   *val = 0;
> + 
> +-  for (unsigned i = 0; i < maxSize;)
> ++  for (unsigned i = 0; i < maxSize && i < 10;)
> +   {
> + Byte b = p[i];
> +-if (i < 10)
> +-  *val |= (UInt64)(b & 0x7F) << (7 * i++);
> ++*val |= (UInt64)(b & 0x7F) << (7 * i);
> ++i++;
> + if ((b & 0x80) == 0)
> +   return i;
> +   }
> +@@ -1182,6 +1182,7 @@ static const Byte kProps[] =
> +   kpidSymLink,
> +   kpidHardLink,
> +   kpidCopyLink,
> ++  kpidVolumeIndex
> + };
> + 
> + 
> +@@ -1601,6 +1602,18 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI
> + 
> + case kpidSplitBefore: prop = item.IsSplitBefore(); break;
> + case kpidSplitAfter: prop = lastItem.IsSplitAfter(); break;
> ++
> ++case kpidVolumeIndex:
> ++{
> ++  if (item.VolIndex < _arcs.Size())
> ++  {
> ++const CInArcInfo  = _arcs[item.VolIndex].Info;
> ++if (arcInfo.IsVolume())
> ++  prop = (UInt64)arcInfo.GetVolIndex();
> ++  }
> ++  break;
> ++}
> ++
> + case kpidCRC:
> + {
> +   const CItem *item2 = (lastItem.IsSplitAfter() ?  : );
> Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h
> ===
> RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h
> diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h  8 May 2018 19:46:51 
> -
> @@ -0,0 +1,16 @@
> +$OpenBSD$
> +
> +Fix for CVE-2018-10115, from Denisov Denis.
> +
> +Index: CPP/7zip/Archive/Rar/Rar5Handler.h
> +--- CPP/7zip/Archive/Rar/Rar5Handler.h.orig
>  CPP/7zip/Archive/Rar/Rar5Handler.h
> +@@ -168,7 +168,7 @@ struct CItem
> + 
> +   AString Name;
> + 
> +-  int VolIndex;
> ++  unsigned VolIndex;
> +   int NextItem;
> + 
> +   UInt32 UnixMTime;
> Index: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp
> ===
> RCS file: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp
> diff -N patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp 8 May 2018 19:46:59 
> -
> @@ -0,0 +1,30 @@
> +$OpenBSD$
> +
> +Fix for CVE-2018-10115, from Denisov Denis.
> +
> +Index: CPP/7zip/Archive/Rar/RarHandler.cpp
> +--- CPP/7zip/Archive/Rar/RarHandler.cpp.orig
>  CPP/7zip/Archive/Rar/RarHandler.cpp
> +@@ -768,7 +768,8 @@ static const Byte kProps[] =
> +   kpidCRC,
> +   kpidHostOS,
> +   kpidMethod,
> +-  kpidUnpackVer
> ++  kpidUnpackVer,
> ++  kpidVolumeIndex
> + };
> + 
> + static const Byte kArcProps[] =
> +@@ -989,6 +990,12 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI
> + case kpidCommented: prop = item.IsCommented(); break;
> + case kpidSplitBefore: prop = item.IsSplitBefore(); break;
> + case kpidSplitAfter: prop = _items[refItem.ItemIndex + refItem.NumItems 
> - 1].IsSplitAfter(); break;
> ++
> ++case kpidVolumeIndex:
> ++  if (_arcInfo.Is_VolNumber_Defined())
> ++prop = (UInt32)(_arcInfo.VolNumber + refItem.VolumeIndex);
> ++  break;
> ++
>

Re: [patch] archivers/p7zip

2018-06-19 Thread Josh Grosse

A patch for CVE-2018-10115 was posted May 8, no comments received.

   https://marc.info/?l=openbsd-ports=152581494615299=2

A patch for CVE-2017-17969 has been added to the attached diff.
Index: Makefile
===
RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v
retrieving revision 1.44
diff -u -p -r1.44 Makefile
--- Makefile9 Apr 2018 15:58:26 -   1.44
+++ Makefile8 May 2018 19:57:34 -
@@ -4,8 +4,8 @@ COMMENT-main=   file archiver with high co
 COMMENT-rar=   rar modules for p7zip
 
 V= 16.02
-REVISION-main= 4
-REVISION-rar=  1
+REVISION-main= 5
+REVISION-rar=  2
 DISTNAME=  p7zip_${V}_src_all
 PKGNAME=   p7zip-${V}
 PKGNAME-main=  p7zip-${V}
Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp
===
RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp
diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp  8 May 2018 19:45:54 
-
@@ -0,0 +1,49 @@
+$OpenBSD$
+
+Fix for CVE-2018-10115, from Denisov Denis.
+
+Index: CPP/7zip/Archive/Rar/Rar5Handler.cpp
+--- CPP/7zip/Archive/Rar/Rar5Handler.cpp.orig
 CPP/7zip/Archive/Rar/Rar5Handler.cpp
+@@ -102,11 +102,11 @@ static unsigned ReadVarInt(const Byte *p, size_t maxSi
+ {
+   *val = 0;
+ 
+-  for (unsigned i = 0; i < maxSize;)
++  for (unsigned i = 0; i < maxSize && i < 10;)
+   {
+ Byte b = p[i];
+-if (i < 10)
+-  *val |= (UInt64)(b & 0x7F) << (7 * i++);
++*val |= (UInt64)(b & 0x7F) << (7 * i);
++i++;
+ if ((b & 0x80) == 0)
+   return i;
+   }
+@@ -1182,6 +1182,7 @@ static const Byte kProps[] =
+   kpidSymLink,
+   kpidHardLink,
+   kpidCopyLink,
++  kpidVolumeIndex
+ };
+ 
+ 
+@@ -1601,6 +1602,18 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI
+ 
+ case kpidSplitBefore: prop = item.IsSplitBefore(); break;
+ case kpidSplitAfter: prop = lastItem.IsSplitAfter(); break;
++
++case kpidVolumeIndex:
++{
++  if (item.VolIndex < _arcs.Size())
++  {
++const CInArcInfo  = _arcs[item.VolIndex].Info;
++if (arcInfo.IsVolume())
++  prop = (UInt64)arcInfo.GetVolIndex();
++  }
++  break;
++}
++
+ case kpidCRC:
+ {
+   const CItem *item2 = (lastItem.IsSplitAfter() ?  : );
Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h
===
RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h
diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h8 May 2018 19:46:51 
-
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Fix for CVE-2018-10115, from Denisov Denis.
+
+Index: CPP/7zip/Archive/Rar/Rar5Handler.h
+--- CPP/7zip/Archive/Rar/Rar5Handler.h.orig
 CPP/7zip/Archive/Rar/Rar5Handler.h
+@@ -168,7 +168,7 @@ struct CItem
+ 
+   AString Name;
+ 
+-  int VolIndex;
++  unsigned VolIndex;
+   int NextItem;
+ 
+   UInt32 UnixMTime;
Index: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp
===
RCS file: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp
diff -N patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp   8 May 2018 19:46:59 
-
@@ -0,0 +1,30 @@
+$OpenBSD$
+
+Fix for CVE-2018-10115, from Denisov Denis.
+
+Index: CPP/7zip/Archive/Rar/RarHandler.cpp
+--- CPP/7zip/Archive/Rar/RarHandler.cpp.orig
 CPP/7zip/Archive/Rar/RarHandler.cpp
+@@ -768,7 +768,8 @@ static const Byte kProps[] =
+   kpidCRC,
+   kpidHostOS,
+   kpidMethod,
+-  kpidUnpackVer
++  kpidUnpackVer,
++  kpidVolumeIndex
+ };
+ 
+ static const Byte kArcProps[] =
+@@ -989,6 +990,12 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI
+ case kpidCommented: prop = item.IsCommented(); break;
+ case kpidSplitBefore: prop = item.IsSplitBefore(); break;
+ case kpidSplitAfter: prop = _items[refItem.ItemIndex + refItem.NumItems - 
1].IsSplitAfter(); break;
++
++case kpidVolumeIndex:
++  if (_arcInfo.Is_VolNumber_Defined())
++prop = (UInt32)(_arcInfo.VolNumber + refItem.VolumeIndex);
++  break;
++
+ case kpidCRC:
+ {
+   prop = ((lastItem.IsSplitAfter()) ? item.FileCRC : lastItem.FileCRC);
Index: patches/patch-CPP_7zip_Archive_Rar_RarHandler_h
===
RCS file: patches/patch-CPP_7zip_Archive_Rar_RarHandler_h
diff -N patches/patch-CPP_7zip_Archive_Rar_RarHandler_h
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_Rar_RarHandler_h 8 May 2018 19:47:06 
-
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Fix for CVE-2018-10115, from Denisov Denis.
+
+Index: CPP/7zip/Archive/Rar/RarHandler.h
+---

[patch] archivers/p7zip

2018-05-08 Thread Josh Grosse

This patch addresses CVE-2018-10115, an arbitrary code execution bug.

Regression tested on amd64 and i386 on current, 6.3, and 6.2.  Diffs for
all three are attached.
Index: Makefile
===
RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v
retrieving revision 1.44
diff -u -p -r1.44 Makefile
--- Makefile9 Apr 2018 15:58:26 -   1.44
+++ Makefile8 May 2018 19:57:34 -
@@ -4,8 +4,8 @@ COMMENT-main=   file archiver with high co
 COMMENT-rar=   rar modules for p7zip
 
 V= 16.02
-REVISION-main= 4
-REVISION-rar=  1
+REVISION-main= 5
+REVISION-rar=  2
 DISTNAME=  p7zip_${V}_src_all
 PKGNAME=   p7zip-${V}
 PKGNAME-main=  p7zip-${V}
Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp
===
RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp
diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp  8 May 2018 19:45:54 
-
@@ -0,0 +1,49 @@
+$OpenBSD$
+
+Fix for CVE-2018-10115, from Denisov Denis.
+
+Index: CPP/7zip/Archive/Rar/Rar5Handler.cpp
+--- CPP/7zip/Archive/Rar/Rar5Handler.cpp.orig
 CPP/7zip/Archive/Rar/Rar5Handler.cpp
+@@ -102,11 +102,11 @@ static unsigned ReadVarInt(const Byte *p, size_t maxSi
+ {
+   *val = 0;
+ 
+-  for (unsigned i = 0; i < maxSize;)
++  for (unsigned i = 0; i < maxSize && i < 10;)
+   {
+ Byte b = p[i];
+-if (i < 10)
+-  *val |= (UInt64)(b & 0x7F) << (7 * i++);
++*val |= (UInt64)(b & 0x7F) << (7 * i);
++i++;
+ if ((b & 0x80) == 0)
+   return i;
+   }
+@@ -1182,6 +1182,7 @@ static const Byte kProps[] =
+   kpidSymLink,
+   kpidHardLink,
+   kpidCopyLink,
++  kpidVolumeIndex
+ };
+ 
+ 
+@@ -1601,6 +1602,18 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI
+ 
+ case kpidSplitBefore: prop = item.IsSplitBefore(); break;
+ case kpidSplitAfter: prop = lastItem.IsSplitAfter(); break;
++
++case kpidVolumeIndex:
++{
++  if (item.VolIndex < _arcs.Size())
++  {
++const CInArcInfo  = _arcs[item.VolIndex].Info;
++if (arcInfo.IsVolume())
++  prop = (UInt64)arcInfo.GetVolIndex();
++  }
++  break;
++}
++
+ case kpidCRC:
+ {
+   const CItem *item2 = (lastItem.IsSplitAfter() ?  : );
Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h
===
RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h
diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h8 May 2018 19:46:51 
-
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Fix for CVE-2018-10115, from Denisov Denis.
+
+Index: CPP/7zip/Archive/Rar/Rar5Handler.h
+--- CPP/7zip/Archive/Rar/Rar5Handler.h.orig
 CPP/7zip/Archive/Rar/Rar5Handler.h
+@@ -168,7 +168,7 @@ struct CItem
+ 
+   AString Name;
+ 
+-  int VolIndex;
++  unsigned VolIndex;
+   int NextItem;
+ 
+   UInt32 UnixMTime;
Index: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp
===
RCS file: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp
diff -N patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp   8 May 2018 19:46:59 
-
@@ -0,0 +1,30 @@
+$OpenBSD$
+
+Fix for CVE-2018-10115, from Denisov Denis.
+
+Index: CPP/7zip/Archive/Rar/RarHandler.cpp
+--- CPP/7zip/Archive/Rar/RarHandler.cpp.orig
 CPP/7zip/Archive/Rar/RarHandler.cpp
+@@ -768,7 +768,8 @@ static const Byte kProps[] =
+   kpidCRC,
+   kpidHostOS,
+   kpidMethod,
+-  kpidUnpackVer
++  kpidUnpackVer,
++  kpidVolumeIndex
+ };
+ 
+ static const Byte kArcProps[] =
+@@ -989,6 +990,12 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI
+ case kpidCommented: prop = item.IsCommented(); break;
+ case kpidSplitBefore: prop = item.IsSplitBefore(); break;
+ case kpidSplitAfter: prop = _items[refItem.ItemIndex + refItem.NumItems - 
1].IsSplitAfter(); break;
++
++case kpidVolumeIndex:
++  if (_arcInfo.Is_VolNumber_Defined())
++prop = (UInt32)(_arcInfo.VolNumber + refItem.VolumeIndex);
++  break;
++
+ case kpidCRC:
+ {
+   prop = ((lastItem.IsSplitAfter()) ? item.FileCRC : lastItem.FileCRC);
Index: patches/patch-CPP_7zip_Archive_Rar_RarHandler_h
===
RCS file: patches/patch-CPP_7zip_Archive_Rar_RarHandler_h
diff -N patches/patch-CPP_7zip_Archive_Rar_RarHandler_h
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_Rar_RarHandler_h 8 May 2018 19:47:06 
-
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Fix for CVE-2018-10115, from Denisov Denis.
+
+Index: CPP/7zip/Archive/Rar/RarHandler.h
+---

[patch] archivers/p7zip

2016-11-20 Thread Josh Grosse

This patch addresses CVE-2016-9296.  Diffs attached for both
-current and 6.0-stable.  The CVE mentions only version 16.02, but
it also affects 15.14 (6.0-stable).

The patch comes from upstream's upstream, the developer of 7zip.
Tested on amd64 and i386.
Index: Makefile
===
RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v
retrieving revision 1.36
diff -u -p -r1.36 Makefile
--- Makefile14 Aug 2016 16:29:20 -  1.36
+++ Makefile20 Nov 2016 14:55:07 -
@@ -4,6 +4,7 @@ COMMENT-main=   file archiver with high co
 COMMENT-rar=   rar modules for p7zip
 
 V= 16.02
+REVISION-main= 0
 DISTNAME=  p7zip_${V}_src_all
 PKGNAME=   p7zip-${V}
 PKGNAME-main=  p7zip-${V}
Index: patches/patch-CPP_7zip_Archive_7z_7zIn_cpp
===
RCS file: patches/patch-CPP_7zip_Archive_7z_7zIn_cpp
diff -N patches/patch-CPP_7zip_Archive_7z_7zIn_cpp
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_7z_7zIn_cpp  20 Nov 2016 14:44:15 -
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+For CVE-2016-9296, from 7zip's developer Igor Pavlov  
+
+--- CPP/7zip/Archive/7z/7zIn.cpp.orig  Sun Nov 20 09:29:41 2016
 CPP/7zip/Archive/7z/7zIn.cpp   Sun Nov 20 09:31:22 2016
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
+   if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+ ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++  HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 
Index: Makefile
===
RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v
retrieving revision 1.35
diff -u -p -r1.35 Makefile
--- Makefile30 May 2016 21:22:50 -  1.35
+++ Makefile20 Nov 2016 15:00:07 -
@@ -7,7 +7,7 @@ V=  15.14.1
 DISTNAME=  p7zip_${V}_src_all
 PKGNAME=   p7zip-${V}
 PKGNAME-main=  p7zip-${V}
-REVISION-main= 1
+REVISION-main= 2
 PKGNAME-rar=   p7zip-rar-${V}
 CATEGORIES=archivers
 
Index: patches/patch-CPP_7zip_Archive_7z_7zIn_cpp
===
RCS file: patches/patch-CPP_7zip_Archive_7z_7zIn_cpp
diff -N patches/patch-CPP_7zip_Archive_7z_7zIn_cpp
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-CPP_7zip_Archive_7z_7zIn_cpp  20 Nov 2016 15:00:07 -
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+For CVE-2016-9296, from 7zip's developer Igor Pavlov  
+
+--- CPP/7zip/Archive/7z/7zIn.cpp.orig  Sun Nov 20 09:29:41 2016
 CPP/7zip/Archive/7z/7zIn.cpp   Sun Nov 20 09:31:22 2016
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
+   if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+ ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++  HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+

Re: [patch] archivers/p7zip

Re: [patch] archivers/p7zip

Re: [patch] archivers/p7zip

[patch] archivers/p7zip

[patch] archivers/p7zip

5 matches

Site Navigation

Mail list logo

Footer information