Re: [patch] archivers/p7zip
On Tue, Jun 19, 2018 at 11:25:01AM +0100, Stuart Henderson wrote: > On 2018/06/19 05:15, Josh Grosse wrote: > > A patch for CVE-2018-10115 was posted May 8, no comments received. > > > >https://marc.info/?l=openbsd-ports&m=152581494615299&w=2 > > > > A patch for CVE-2017-17969 has been added to the attached diff. > > It's a bit tricky to review the code changes directly, can you send some > links/information for the CVE-2018-10115 ones like you have for the > CVE-2017-17969 one so we at least have a better idea of provenance? Sorry, Stuart, for missing that. The patch was obtained here: https://sourceforge.net/p/p7zip/discussion/383043/thread/5dd56271/ > Seems there is also CVE-2018-5996 which looks fairly nasty. Yes. Robert Luberda (Debian's robert@) had worked up a revision which I found last night. It was listed as a "hopeful" fix and I would like to discuss with him before attempting to integrate it with the 10115 patches, as there are conflicts. FreeBSD has applied it, but they have not added 10115. It is unfortunate that the p7zip project has apparently abandoned interest in addressing any CVEs. It leaves the various downstream ports to haphazardly apply what they feel would be most helpful, and there is no consistency in approach. We could follow Redhat's lead and eliminate the -rar subpackage, and that would eliminate needing to deal with either 5996 or 10115.
Re: [patch] archivers/p7zip
On 2018/06/19 05:15, Josh Grosse wrote: > A patch for CVE-2018-10115 was posted May 8, no comments received. > >https://marc.info/?l=openbsd-ports&m=152581494615299&w=2 > > A patch for CVE-2017-17969 has been added to the attached diff. It's a bit tricky to review the code changes directly, can you send some links/information for the CVE-2018-10115 ones like you have for the CVE-2017-17969 one so we at least have a better idea of provenance? Seems there is also CVE-2018-5996 which looks fairly nasty. > Index: Makefile > === > RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v > retrieving revision 1.44 > diff -u -p -r1.44 Makefile > --- Makefile 9 Apr 2018 15:58:26 - 1.44 > +++ Makefile 8 May 2018 19:57:34 - > @@ -4,8 +4,8 @@ COMMENT-main= file archiver with high co > COMMENT-rar= rar modules for p7zip > > V= 16.02 > -REVISION-main= 4 > -REVISION-rar=1 > +REVISION-main= 5 > +REVISION-rar=2 > DISTNAME=p7zip_${V}_src_all > PKGNAME= p7zip-${V} > PKGNAME-main=p7zip-${V} > Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp > === > RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp > diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp > --- /dev/null 1 Jan 1970 00:00:00 - > +++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp8 May 2018 > 19:45:54 - > @@ -0,0 +1,49 @@ > +$OpenBSD$ > + > +Fix for CVE-2018-10115, from Denisov Denis. > + > +Index: CPP/7zip/Archive/Rar/Rar5Handler.cpp > +--- CPP/7zip/Archive/Rar/Rar5Handler.cpp.orig > CPP/7zip/Archive/Rar/Rar5Handler.cpp > +@@ -102,11 +102,11 @@ static unsigned ReadVarInt(const Byte *p, size_t maxSi > + { > + *val = 0; > + > +- for (unsigned i = 0; i < maxSize;) > ++ for (unsigned i = 0; i < maxSize && i < 10;) > + { > + Byte b = p[i]; > +-if (i < 10) > +- *val |= (UInt64)(b & 0x7F) << (7 * i++); > ++*val |= (UInt64)(b & 0x7F) << (7 * i); > ++i++; > + if ((b & 0x80) == 0) > + return i; > + } > +@@ -1182,6 +1182,7 @@ static const Byte kProps[] = > + kpidSymLink, > + kpidHardLink, > + kpidCopyLink, > ++ kpidVolumeIndex > + }; > + > + > +@@ -1601,6 +1602,18 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI > + > + case kpidSplitBefore: prop = item.IsSplitBefore(); break; > + case kpidSplitAfter: prop = lastItem.IsSplitAfter(); break; > ++ > ++case kpidVolumeIndex: > ++{ > ++ if (item.VolIndex < _arcs.Size()) > ++ { > ++const CInArcInfo &arcInfo = _arcs[item.VolIndex].Info; > ++if (arcInfo.IsVolume()) > ++ prop = (UInt64)arcInfo.GetVolIndex(); > ++ } > ++ break; > ++} > ++ > + case kpidCRC: > + { > + const CItem *item2 = (lastItem.IsSplitAfter() ? &item : &lastItem); > Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h > === > RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h > diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h > --- /dev/null 1 Jan 1970 00:00:00 - > +++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h 8 May 2018 19:46:51 > - > @@ -0,0 +1,16 @@ > +$OpenBSD$ > + > +Fix for CVE-2018-10115, from Denisov Denis. > + > +Index: CPP/7zip/Archive/Rar/Rar5Handler.h > +--- CPP/7zip/Archive/Rar/Rar5Handler.h.orig > CPP/7zip/Archive/Rar/Rar5Handler.h > +@@ -168,7 +168,7 @@ struct CItem > + > + AString Name; > + > +- int VolIndex; > ++ unsigned VolIndex; > + int NextItem; > + > + UInt32 UnixMTime; > Index: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp > === > RCS file: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp > diff -N patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp > --- /dev/null 1 Jan 1970 00:00:00 - > +++ patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp 8 May 2018 19:46:59 > - > @@ -0,0 +1,30 @@ > +$OpenBSD$ > + > +Fix for CVE-2018-10115, from Denisov Denis. > + > +Index: CPP/7zip/Archive/Rar/RarHandler.cpp > +--- CPP/7zip/Archive/Rar/RarHandler.cpp.orig > CPP/7zip/Archive/Rar/RarHandler.cpp > +@@ -768,7 +768,8 @@ static const Byte kProps[] = > + kpidCRC, > + kpidHostOS, > + kpidMethod, > +- kpidUnpackVer > ++ kpidUnpackVer, > ++ kpidVolumeIndex > + }; > + > + static const Byte kArcProps[] = > +@@ -989,6 +990,12 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI > + case kpidCommented: prop = item.IsCommented(); break; > + case kpidSplitBefore: prop = item.IsSplitBefore(); break; > + case kpidSplitAfter: prop = _items[refItem.ItemIndex + refItem.NumItems > - 1].IsSplitAfter(); break; > ++ > ++case kpidVolumeIndex: > ++ if (_arcInfo.Is_VolNumber_Defined()) > ++prop = (UInt32)(_arcInfo.VolNumber + refItem.VolumeIndex);
Re: [patch] archivers/p7zip
A patch for CVE-2018-10115 was posted May 8, no comments received. https://marc.info/?l=openbsd-ports&m=152581494615299&w=2 A patch for CVE-2017-17969 has been added to the attached diff. Index: Makefile === RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v retrieving revision 1.44 diff -u -p -r1.44 Makefile --- Makefile9 Apr 2018 15:58:26 - 1.44 +++ Makefile8 May 2018 19:57:34 - @@ -4,8 +4,8 @@ COMMENT-main= file archiver with high co COMMENT-rar= rar modules for p7zip V= 16.02 -REVISION-main= 4 -REVISION-rar= 1 +REVISION-main= 5 +REVISION-rar= 2 DISTNAME= p7zip_${V}_src_all PKGNAME= p7zip-${V} PKGNAME-main= p7zip-${V} Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp === RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_cpp 8 May 2018 19:45:54 - @@ -0,0 +1,49 @@ +$OpenBSD$ + +Fix for CVE-2018-10115, from Denisov Denis. + +Index: CPP/7zip/Archive/Rar/Rar5Handler.cpp +--- CPP/7zip/Archive/Rar/Rar5Handler.cpp.orig CPP/7zip/Archive/Rar/Rar5Handler.cpp +@@ -102,11 +102,11 @@ static unsigned ReadVarInt(const Byte *p, size_t maxSi + { + *val = 0; + +- for (unsigned i = 0; i < maxSize;) ++ for (unsigned i = 0; i < maxSize && i < 10;) + { + Byte b = p[i]; +-if (i < 10) +- *val |= (UInt64)(b & 0x7F) << (7 * i++); ++*val |= (UInt64)(b & 0x7F) << (7 * i); ++i++; + if ((b & 0x80) == 0) + return i; + } +@@ -1182,6 +1182,7 @@ static const Byte kProps[] = + kpidSymLink, + kpidHardLink, + kpidCopyLink, ++ kpidVolumeIndex + }; + + +@@ -1601,6 +1602,18 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI + + case kpidSplitBefore: prop = item.IsSplitBefore(); break; + case kpidSplitAfter: prop = lastItem.IsSplitAfter(); break; ++ ++case kpidVolumeIndex: ++{ ++ if (item.VolIndex < _arcs.Size()) ++ { ++const CInArcInfo &arcInfo = _arcs[item.VolIndex].Info; ++if (arcInfo.IsVolume()) ++ prop = (UInt64)arcInfo.GetVolIndex(); ++ } ++ break; ++} ++ + case kpidCRC: + { + const CItem *item2 = (lastItem.IsSplitAfter() ? &item : &lastItem); Index: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h === RCS file: patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h diff -N patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-CPP_7zip_Archive_Rar_Rar5Handler_h8 May 2018 19:46:51 - @@ -0,0 +1,16 @@ +$OpenBSD$ + +Fix for CVE-2018-10115, from Denisov Denis. + +Index: CPP/7zip/Archive/Rar/Rar5Handler.h +--- CPP/7zip/Archive/Rar/Rar5Handler.h.orig CPP/7zip/Archive/Rar/Rar5Handler.h +@@ -168,7 +168,7 @@ struct CItem + + AString Name; + +- int VolIndex; ++ unsigned VolIndex; + int NextItem; + + UInt32 UnixMTime; Index: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp === RCS file: patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp diff -N patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-CPP_7zip_Archive_Rar_RarHandler_cpp 8 May 2018 19:46:59 - @@ -0,0 +1,30 @@ +$OpenBSD$ + +Fix for CVE-2018-10115, from Denisov Denis. + +Index: CPP/7zip/Archive/Rar/RarHandler.cpp +--- CPP/7zip/Archive/Rar/RarHandler.cpp.orig CPP/7zip/Archive/Rar/RarHandler.cpp +@@ -768,7 +768,8 @@ static const Byte kProps[] = + kpidCRC, + kpidHostOS, + kpidMethod, +- kpidUnpackVer ++ kpidUnpackVer, ++ kpidVolumeIndex + }; + + static const Byte kArcProps[] = +@@ -989,6 +990,12 @@ STDMETHODIMP CHandler::GetProperty(UInt32 index, PROPI + case kpidCommented: prop = item.IsCommented(); break; + case kpidSplitBefore: prop = item.IsSplitBefore(); break; + case kpidSplitAfter: prop = _items[refItem.ItemIndex + refItem.NumItems - 1].IsSplitAfter(); break; ++ ++case kpidVolumeIndex: ++ if (_arcInfo.Is_VolNumber_Defined()) ++prop = (UInt32)(_arcInfo.VolNumber + refItem.VolumeIndex); ++ break; ++ + case kpidCRC: + { + prop = ((lastItem.IsSplitAfter()) ? item.FileCRC : lastItem.FileCRC); Index: patches/patch-CPP_7zip_Archive_Rar_RarHandler_h === RCS file: patches/patch-CPP_7zip_Archive_Rar_RarHandler_h diff -N patches/patch-CPP_7zip_Archive_Rar_RarHandler_h --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-CPP_7zip_Archive_Rar_RarHandler_h 8 May 2018 19:47:06 - @@ -0,0 +1,16 @@ +$OpenBSD$ + +Fix for CVE-2018-10115, from Denisov Denis. + +Index: CPP/7zip/Archive/Rar/RarHandl