app-arch/p7zip: add fix for CVE-2018-10115

Bug: https://bugs.gentoo.org/655270 Package-Manager: Portage-2.3.40, Repoman-2.3.9
author: Matthew Thode <prometheanfire@gentoo.org> 2018-06-28 14:06:34 -0500
committer: Matthew Thode <prometheanfire@gentoo.org> 2018-06-28 14:07:04 -0500
commit: 2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7 (patch)
tree: e6098f83f17bd6317120c084fc96818219180b55 /app-arch
parent: net-libs/libproxy: Drop nonexistent kde-apps/kreadconfig:4 (diff)
download: gentoo-2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7.tar.gz
gentoo-2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7.tar.bz2
gentoo-2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7.zip
2 files changed, 476 insertions, 0 deletions
diff --git a/app-arch/p7zip/files/CVE-2018-10115.patch b/app-arch/p7zip/files/CVE-2018-10115.patch
new file mode 100644
index 000000000000..7d9c4bf81f00
--- /dev/null
+++ b/app-arch/p7zip/files/CVE-2018-10115.patch
@@ -0,0 +1,311 @@
+From: Robert Luberda <robert@debian.org>
+Date: Tue, 29 May 2018 23:59:09 +0200
+Subject: Fix CVE-2018-10115
+
+Apply "patch" taken from https://landave.io/files/patch_7zip_CVE-2018-10115.txt
+
+
+Bugs-Debian: https://bugs.debian.org/897674
+---
+ CPP/7zip/Compress/Rar1Decoder.cpp | 16 +++++++++++-----
+ CPP/7zip/Compress/Rar1Decoder.h   |  3 ++-
+ CPP/7zip/Compress/Rar2Decoder.cpp | 17 +++++++++++++----
+ CPP/7zip/Compress/Rar2Decoder.h   |  3 ++-
+ CPP/7zip/Compress/Rar3Decoder.cpp | 19 +++++++++++++++----
+ CPP/7zip/Compress/Rar3Decoder.h   |  3 ++-
+ CPP/7zip/Compress/Rar5Decoder.cpp |  8 ++++++++
+ CPP/7zip/Compress/Rar5Decoder.h   |  1 +
+ 8 files changed, 54 insertions(+), 16 deletions(-)
+
+diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp
+index 68030c7..8c890c8 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.cpp
++++ b/CPP/7zip/Compress/Rar1Decoder.cpp
+@@ -29,7 +29,7 @@ public:
+ };
+ */
+ 
+-CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
++CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), _errorMode(false) { }
+ 
+ void CDecoder::InitStructures()
+ {
+@@ -345,7 +345,7 @@ void CDecoder::GetFlagsBuf()
+ 
+ void CDecoder::InitData()
+ {
+-  if (!m_IsSolid)
++  if (!_isSolid)
+   {
+     AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0;
+     AvrPlc = 0x3500;
+@@ -391,6 +391,11 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+   if (inSize == NULL || outSize == NULL)
+     return E_INVALIDARG;
+ 
++  if (_isSolid && !_solidAllowed)
++    return S_FALSE;
++
++  _solidAllowed = false;
++
+   if (!m_OutWindowStream.Create(kHistorySize))
+     return E_OUTOFMEMORY;
+   if (!m_InBitStream.Create(1 << 20))
+@@ -398,13 +403,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+ 
+   m_UnpackSize = (Int64)*outSize;
+   m_OutWindowStream.SetStream(outStream);
+-  m_OutWindowStream.Init(m_IsSolid);
++  m_OutWindowStream.Init(_isSolid);
+   m_InBitStream.SetStream(inStream);
+   m_InBitStream.Init();
+ 
+   // CCoderReleaser coderReleaser(this);
+   InitData();
+-  if (!m_IsSolid)
++  if (!_isSolid)
+   {
+     _errorMode = false;
+     InitStructures();
+@@ -475,6 +480,7 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+   }
+   if (m_UnpackSize < 0)
+     return S_FALSE;
++  _solidAllowed = true;
+   return m_OutWindowStream.Flush();
+ }
+ 
+@@ -491,7 +497,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
+ {
+   if (size < 1)
+     return E_INVALIDARG;
+-  m_IsSolid = ((data[0] & 1) != 0);
++  _isSolid = ((data[0] & 1) != 0);
+   return S_OK;
+ }
+ 
+diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h
+index 01b606b..8abb3a3 100644
+--- a/CPP/7zip/Compress/Rar1Decoder.h
++++ b/CPP/7zip/Compress/Rar1Decoder.h
+@@ -38,7 +38,8 @@ public:
+   UInt32 LastLength;
+ 
+   Int64 m_UnpackSize;
+-  bool m_IsSolid;
++  bool _isSolid;
++  bool _solidAllowed;
+   bool _errorMode;
+ 
+   UInt32 ReadBits(int numBits);
+diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp
+index 0580c8d..be8d842 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.cpp
++++ b/CPP/7zip/Compress/Rar2Decoder.cpp
+@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20;
+ static const UInt32 kWindowReservSize = (1 << 22) + 256;
+ 
+ CDecoder::CDecoder():
+-  m_IsSolid(false),
++  _isSolid(false),
++  _solidAllowed(false),
+   m_TablesOK(false)
+ {
+ }
+@@ -320,6 +321,10 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+   if (inSize == NULL || outSize == NULL)
+     return E_INVALIDARG;
+ 
++  if (_isSolid && !_solidAllowed)
++    return S_FALSE;
++  _solidAllowed = false;
++
+   if (!m_OutWindowStream.Create(kHistorySize))
+     return E_OUTOFMEMORY;
+   if (!m_InBitStream.Create(1 << 20))
+@@ -330,12 +335,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+   UInt64 pos = 0, unPackSize = *outSize;
+   
+   m_OutWindowStream.SetStream(outStream);
+-  m_OutWindowStream.Init(m_IsSolid);
++  m_OutWindowStream.Init(_isSolid);
+   m_InBitStream.SetStream(inStream);
+   m_InBitStream.Init();
+ 
+   // CCoderReleaser coderReleaser(this);
+-  if (!m_IsSolid)
++  if (!_isSolid)
+   {
+     InitStructures();
+     if (unPackSize == 0)
+@@ -343,6 +348,7 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+       if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect;
+         if (!ReadTables())
+           return S_FALSE;
++      _solidAllowed = true;
+       return S_OK;
+     }
+     if (!ReadTables())
+@@ -386,6 +392,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+ 
+   if (!ReadLastTables())
+     return S_FALSE;
++
++  _solidAllowed = true;
++
+   return m_OutWindowStream.Flush();
+ }
+ 
+@@ -402,7 +411,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
+ {
+   if (size < 1)
+     return E_INVALIDARG;
+-  m_IsSolid = ((data[0] & 1) != 0);
++  _isSolid = ((data[0] & 1) != 0);
+   return S_OK;
+ }
+ 
+diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h
+index 0e9005f..370bce2 100644
+--- a/CPP/7zip/Compress/Rar2Decoder.h
++++ b/CPP/7zip/Compress/Rar2Decoder.h
+@@ -138,7 +138,8 @@ class CDecoder :
+   Byte m_LastLevels[kMaxTableSize];
+ 
+   UInt64 m_PackSize;
+-  bool m_IsSolid;
++  bool _isSolid;
++  bool _solidAllowed;
+   bool m_TablesOK;
+ 
+   void InitStructures();
+diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp
+index 6cb8a6a..7b85833 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.cpp
++++ b/CPP/7zip/Compress/Rar3Decoder.cpp
+@@ -92,7 +92,8 @@ CDecoder::CDecoder():
+   _writtenFileSize(0),
+   _vmData(0),
+   _vmCode(0),
+-  m_IsSolid(false),
++  _isSolid(false),
++  _solidAllowed(false),
+   _errorMode(false)
+ {
+   Ppmd7_Construct(&_ppmd);
+@@ -821,7 +822,7 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+ {
+   _writtenFileSize = 0;
+   _unsupportedFilter = false;
+-  if (!m_IsSolid)
++  if (!_isSolid)
+   {
+     _lzSize = 0;
+     _winPos = 0;
+@@ -840,12 +841,15 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+   if (_errorMode)
+     return S_FALSE;
+ 
+-  if (!m_IsSolid || !TablesRead)
++  if (!_isSolid || !TablesRead)
+   {
+     bool keepDecompressing;
+     RINOK(ReadTables(keepDecompressing));
+     if (!keepDecompressing)
++    {
++      _solidAllowed = true;
+       return S_OK;
++    }
+   }
+ 
+   for (;;)
+@@ -870,6 +874,9 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
+     if (!keepDecompressing)
+       break;
+   }
++
++  _solidAllowed = true;
++
+   RINOK(WriteBuf());
+   UInt64 packSize = m_InBitStream.BitDecoder.GetProcessedSize();
+   RINOK(progress->SetRatioInfo(&packSize, &_writtenFileSize));
+@@ -890,6 +897,10 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+     if (!inSize)
+       return E_INVALIDARG;
+ 
++    if (_isSolid && !_solidAllowed)
++      return S_FALSE;
++    _solidAllowed = false;
++
+     if (!_vmData)
+     {
+       _vmData = (Byte *)::MidAlloc(kVmDataSizeMax + kVmCodeSizeMax);
+@@ -928,7 +939,7 @@ STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
+ {
+   if (size < 1)
+     return E_INVALIDARG;
+-  m_IsSolid = ((data[0] & 1) != 0);
++  _isSolid = ((data[0] & 1) != 0);
+   return S_OK;
+ }
+ 
+diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h
+index 2f72d7d..32c8943 100644
+--- a/CPP/7zip/Compress/Rar3Decoder.h
++++ b/CPP/7zip/Compress/Rar3Decoder.h
+@@ -191,7 +191,8 @@ class CDecoder:
+   CRecordVector<CTempFilter *>  _tempFilters;
+   UInt32 _lastFilter;
+ 
+-  bool m_IsSolid;
++  bool _isSolid;
++  bool _solidAllowed;
+   bool _errorMode;
+ 
+   bool _lzMode;
+diff --git a/CPP/7zip/Compress/Rar5Decoder.cpp b/CPP/7zip/Compress/Rar5Decoder.cpp
+index dc8830f..a826d5a 100644
+--- a/CPP/7zip/Compress/Rar5Decoder.cpp
++++ b/CPP/7zip/Compress/Rar5Decoder.cpp
+@@ -72,6 +72,7 @@ CDecoder::CDecoder():
+     _writtenFileSize(0),
+     _dictSizeLog(0),
+     _isSolid(false),
++    _solidAllowed(false),
+     _wasInit(false),
+     _inputBuf(NULL)
+ {
+@@ -801,7 +802,10 @@ HRESULT CDecoder::CodeReal()
+   */
+ 
+   if (res == S_OK)
++  {
++    _solidAllowed = true;
+     res = res2;
++  }
+      
+   if (res == S_OK && _unpackSize_Defined && _writtenFileSize != _unpackSize)
+     return S_FALSE;
+@@ -821,6 +825,10 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
+ {
+   try
+   {
++    if (_isSolid && !_solidAllowed)
++      return S_FALSE;
++    _solidAllowed = false;
++
+     if (_dictSizeLog >= sizeof(size_t) * 8)
+       return E_NOTIMPL;
+ 
+diff --git a/CPP/7zip/Compress/Rar5Decoder.h b/CPP/7zip/Compress/Rar5Decoder.h
+index b0a4dd1..3db5018 100644
+--- a/CPP/7zip/Compress/Rar5Decoder.h
++++ b/CPP/7zip/Compress/Rar5Decoder.h
+@@ -271,6 +271,7 @@ class CDecoder:
+   Byte _dictSizeLog;
+   bool _tableWasFilled;
+   bool _isSolid;
++  bool _solidAllowed;
+   bool _wasInit;
+ 
+   UInt32 _reps[kNumReps];
diff --git a/app-arch/p7zip/p7zip-16.02-r4.ebuild b/app-arch/p7zip/p7zip-16.02-r4.ebuild
new file mode 100644
index 000000000000..57134020e700
--- /dev/null
+++ b/app-arch/p7zip/p7zip-16.02-r4.ebuild
@@ -0,0 +1,165 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+WX_GTK_VER="3.0"
+
+inherit toolchain-funcs wxwidgets
+
+DESCRIPTION="Port of 7-Zip archiver for Unix"
+HOMEPAGE="http://p7zip.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${PN}_${PV}_src_all.tar.bz2"
+
+LICENSE="LGPL-2.1 rar? ( unRAR )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris"
+IUSE="abi_x86_x32 doc kde +pch rar static wxwidgets"
+
+REQUIRED_USE="kde? ( wxwidgets )"
+
+RDEPEND="wxwidgets? ( x11-libs/wxGTK:${WX_GTK_VER}[X] )"
+DEPEND="${RDEPEND}
+	abi_x86_x32? ( >=dev-lang/yasm-1.2.0-r1 )
+	amd64? ( dev-lang/yasm )
+	x86? ( dev-lang/nasm )"
+
+S=${WORKDIR}/${PN}_${PV}
+
+DOCS=( ChangeLog README TODO )
+
+PATCHES=(
+	"${FILESDIR}"/${P}-darwin.patch
+	"${FILESDIR}"/CVE-2016-9296.patch
+	"${FILESDIR}"/CVE-2017-17969.patch
+	"${FILESDIR}"/CVE-2018-5996.patch
+	"${FILESDIR}"/CVE-2018-10115.patch
+)
+
+src_prepare() {
+	default
+
+	if ! use pch; then
+		sed "s:PRE_COMPILED_HEADER=StdAfx.h.gch:PRE_COMPILED_HEADER=:g" -i makefile.* || die
+	fi
+
+	sed \
+		-e 's:-m32 ::g' \
+		-e 's:-m64 ::g' \
+		-e 's:-pipe::g' \
+		-e '/ALLFLAGS/s:-s ::' \
+		-e "/OPTFLAGS=/s:=.*:=${CXXFLAGS}:" \
+		-i makefile* || die
+
+	# remove non-free RAR codec
+	if use rar; then
+		ewarn "Enabling nonfree RAR decompressor"
+	else
+		sed \
+			-e '/Rar/d' \
+			-e '/RAR/d' \
+			-i makefile* CPP/7zip/Bundles/Format7zFree/makefile || die
+		rm -rf CPP/7zip/Compress/Rar || die
+	fi
+
+	if use abi_x86_x32; then
+		sed -i -e "/^ASM=/s:amd64:x32:" makefile* || die
+		cp -f makefile.linux_amd64_asm makefile.machine || die
+	elif use amd64; then
+		cp -f makefile.linux_amd64_asm makefile.machine || die
+	elif use x86; then
+		cp -f makefile.linux_x86_asm_gcc_4.X makefile.machine || die
+	elif [[ ${CHOST} == *-darwin* ]] ; then
+		# Mac OS X needs this special makefile, because it has a non-GNU
+		# linker, it doesn't matter so much for bitwidth, for it doesn't
+		# do anything with it
+		cp -f makefile.macosx_llvm_64bits makefile.machine
+		# bundles have extension .bundle but don't die because USE=-rar
+		# removes the Rar directory
+		sed -i -e '/strcpy(name/s/\.so/.bundle/' \
+			CPP/Windows/DLL.cpp || die
+		sed -i -e '/^PROG=/s/\.so/.bundle/' \
+			CPP/7zip/Bundles/Format7zFree/makefile.list \
+			$(use rar && echo CPP/7zip/Compress/Rar/makefile.list) || die
+	elif use x86-fbsd; then
+		# FreeBSD needs this special makefile, because it hasn't -ldl
+		sed -e 's/-lc_r/-pthread/' makefile.freebsd > makefile.machine
+	fi
+
+	if use static; then
+		sed -i -e '/^LOCAL_LIBS=/s/LOCAL_LIBS=/&-static /' makefile.machine || die
+	fi
+
+	if use kde || use wxwidgets; then
+		need-wxwidgets unicode
+		einfo "Preparing dependency list"
+		emake depend
+	fi
+}
+
+src_compile() {
+	emake CC=$(tc-getCC) CXX=$(tc-getCXX) all3
+	if use kde || use wxwidgets; then
+		emake CC=$(tc-getCC) CXX=$(tc-getCXX) -- 7zG
+#		emake -- 7zFM
+	fi
+}
+
+src_test() {
+	emake test test_7z test_7zr
+}
+
+src_install() {
+	# this wrappers can not be symlinks, p7zip should be called with full path
+	make_wrapper 7zr "/usr/$(get_libdir)/${PN}/7zr"
+	make_wrapper 7za "/usr/$(get_libdir)/${PN}/7za"
+	make_wrapper 7z "/usr/$(get_libdir)/${PN}/7z"
+
+	if use kde || use wxwidgets; then
+		make_wrapper 7zG "/usr/$(get_libdir)/${PN}/7zG"
+#		make_wrapper 7zFM "/usr/$(get_libdir)/${PN}/7zFM"
+
+#		make_desktop_entry 7zFM "${PN} FM" ${PN} "GTK;Utility;Archiving;Compression"
+
+		dobin GUI/p7zipForFilemanager
+		exeinto /usr/$(get_libdir)/${PN}
+#		doexe bin/7z{G,FM}
+		doexe bin/7zG
+
+		insinto /usr/$(get_libdir)/${PN}
+		doins -r GUI/Lang
+		doins -r DOC/MANUAL
+
+		insinto /usr/share/icons/hicolor/16x16/apps/
+		newins GUI/p7zip_16_ok.png p7zip.png
+
+		if use kde; then
+			rm GUI/kde4/p7zip_compress.desktop || die
+			insinto /usr/share/kservices5/ServiceMenus
+			doins GUI/kde4/*.desktop
+			dodir /usr/share/kde4/services/ServiceMenus # drop these lines after konqueror:4/krusader:4 are gone
+			for item in "${ED}"usr/share/kservices5/ServiceMenus/*.desktop; do
+				item="$(basename ${item})"
+				dosym "/usr/share/kservices5/ServiceMenus/${item}" "/usr/share/kde4/services/ServiceMenus/${item}"
+			done
+		fi
+	fi
+
+	dobin contrib/gzip-like_CLI_wrapper_for_7z/p7zip
+	doman contrib/gzip-like_CLI_wrapper_for_7z/man1/p7zip.1
+
+	exeinto /usr/$(get_libdir)/${PN}
+	doexe bin/7z bin/7za bin/7zr bin/7zCon.sfx
+	doexe bin/*$(get_modname)
+	if use rar; then
+		exeinto /usr/$(get_libdir)/${PN}/Codecs/
+		doexe bin/Codecs/*$(get_modname)
+	fi
+
+	doman man1/7z.1 man1/7za.1 man1/7zr.1
+
+	if use doc; then
+		dodoc DOC/*.txt
+		dohtml -r DOC/MANUAL/*
+	fi
+}
author	Matthew Thode <prometheanfire@gentoo.org>	2018-06-28 14:06:34 -0500
committer	Matthew Thode <prometheanfire@gentoo.org>	2018-06-28 14:07:04 -0500
commit	2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7 (patch)
tree	e6098f83f17bd6317120c084fc96818219180b55 /app-arch
parent	net-libs/libproxy: Drop nonexistent kde-apps/kreadconfig:4 (diff)
download	gentoo-2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7.tar.gz gentoo-2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7.tar.bz2 gentoo-2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7.zip