[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-ports
Subject:    archivers/p7zip: patches for CVE-2016-2334 and CVE-2016-2335
From:       Josh Grosse <josh () jggimi ! homeip ! net>
Date:       2016-05-24 2:03:07
Message-ID: 20160524020307.GA32271 () fw2 ! jggimi ! homeip ! net
[Download RAW message or body]

CVE-2016-2334 and CVE-2016-2335 affect 7zip, with code shared
in p7zip that is installed in /usr/local/lib/p7zip/7z.so.

Upstream has not yet applied these fixes to code shared with
7zip.

Attached are -current, 5.9, and 5.8 patches.

["p7zip.current" (text/plain)]

Index: Makefile
===================================================================
RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v
retrieving revision 1.34
diff -u -p -r1.34 Makefile
--- Makefile	12 Apr 2016 23:13:22 -0000	1.34
+++ Makefile	24 May 2016 00:31:06 -0000
@@ -7,7 +7,7 @@ V=		15.14.1
 DISTNAME=	p7zip_${V}_src_all
 PKGNAME=	p7zip-${V}
 PKGNAME-main=	p7zip-${V}
-REVISION-main=	0
+REVISION-main=	1
 PKGNAME-rar=	p7zip-rar-${V}
 CATEGORIES=	archivers
 
Index: patches/patch-CPP_7zip_Archive_HfsHandler_cpp
===================================================================
RCS file: patches/patch-CPP_7zip_Archive_HfsHandler_cpp
diff -N patches/patch-CPP_7zip_Archive_HfsHandler_cpp
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-CPP_7zip_Archive_HfsHandler_cpp	24 May 2016 00:38:41 -0000
@@ -0,0 +1,26 @@
+$OpenBSD$
+
+CVE-2016-2334
+
+--- CPP/7zip/Archive/HfsHandler.cpp.orig	Fri Jun 19 06:52:08 2015
++++ CPP/7zip/Archive/HfsHandler.cpp	Mon May 23 20:37:42 2016
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, cons
+       item.GroupID = Get32(r + 0x24);
+       item.AdminFlags = r[0x28];
+       item.OwnerFlags = r[0x29];
++      */
+       item.FileMode = Get16(r + 0x2A);
++      /*
+       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+       item.FileType = Get32(r + 0x30);
+       item.FileCreator = Get32(r + 0x34);
+@@ -1571,6 +1573,9 @@ HRESULT CHandler::ExtractZlibFile(
+       blockSize = (UInt32)rem;
+ 
+     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
++
++    if (size > buf.Size() || size > kCompressionBlockSize + 1)
++        return S_FALSE;
+ 
+     RINOK(ReadStream_FALSE(inStream, buf, size));
+ 
Index: patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp
===================================================================
RCS file: patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp
diff -N patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp	24 May 2016 00:38:25 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+CVE-2016-2335
+
+--- CPP/7zip/Archive/Udf/UdfIn.cpp.orig	Fri Nov 20 15:40:08 2015
++++ CPP/7zip/Archive/Udf/UdfIn.cpp	Mon May 23 20:37:46 2016
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int volIndex, int fsI
+     return S_FALSE;
+   CFile &file = Files.Back();
+   const CLogVol &vol = LogVols[volIndex];
+-  CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++  unsigned partitionRef = lad.Location.PartitionRef;
++
++  if (partitionRef >= vol.PartitionMaps.Size())
++  	return S_FALSE;
++  CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+ 
+   UInt32 key = lad.Location.Pos;
+   UInt32 value;

["p7zip.stable" (text/plain)]

Index: Makefile
===================================================================
RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- Makefile	4 Feb 2016 10:38:26 -0000	1.31
+++ Makefile	24 May 2016 00:46:00 -0000
@@ -6,7 +6,7 @@ COMMENT-main=	file archiver with high co
 COMMENT-rar=	rar modules for p7zip
 
 V=		15.09
-REVISION=	4
+REVISION=	5
 DISTNAME=	p7zip_${V}_src_all
 PKGNAME=	p7zip-${V}
 PKGNAME-main=	p7zip-${V}
Index: patches/patch-CPP_7zip_Archive_HfsHandler_cpp
===================================================================
RCS file: patches/patch-CPP_7zip_Archive_HfsHandler_cpp
diff -N patches/patch-CPP_7zip_Archive_HfsHandler_cpp
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-CPP_7zip_Archive_HfsHandler_cpp	24 May 2016 00:44:39 -0000
@@ -0,0 +1,26 @@
+$OpenBSD$
+
+CVE-2016-2334
+
+--- CPP/7zip/Archive/HfsHandler.cpp.orig	Fri Jun 19 06:52:08 2015
++++ CPP/7zip/Archive/HfsHandler.cpp	Mon May 23 20:37:42 2016
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, cons
+       item.GroupID = Get32(r + 0x24);
+       item.AdminFlags = r[0x28];
+       item.OwnerFlags = r[0x29];
++      */
+       item.FileMode = Get16(r + 0x2A);
++      /*
+       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+       item.FileType = Get32(r + 0x30);
+       item.FileCreator = Get32(r + 0x34);
+@@ -1571,6 +1573,9 @@ HRESULT CHandler::ExtractZlibFile(
+       blockSize = (UInt32)rem;
+ 
+     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
++
++    if (size > buf.Size() || size > kCompressionBlockSize + 1)
++        return S_FALSE;
+ 
+     RINOK(ReadStream_FALSE(inStream, buf, size));
+ 
Index: patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp
===================================================================
RCS file: patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp
diff -N patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp	24 May 2016 00:44:39 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+CVE-2016-2335
+
+--- CPP/7zip/Archive/Udf/UdfIn.cpp.orig	Fri Nov 20 15:40:08 2015
++++ CPP/7zip/Archive/Udf/UdfIn.cpp	Mon May 23 20:37:46 2016
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int volIndex, int fsI
+     return S_FALSE;
+   CFile &file = Files.Back();
+   const CLogVol &vol = LogVols[volIndex];
+-  CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++  unsigned partitionRef = lad.Location.PartitionRef;
++
++  if (partitionRef >= vol.PartitionMaps.Size())
++  	return S_FALSE;
++  CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+ 
+   UInt32 key = lad.Location.Pos;
+   UInt32 value;

["p7zip.58" (text/plain)]

Index: Makefile
===================================================================
RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v
retrieving revision 1.24
diff -u -p -r1.24 Makefile
--- Makefile	16 Mar 2015 17:20:40 -0000	1.24
+++ Makefile	24 May 2016 01:01:41 -0000
@@ -6,6 +6,7 @@ COMMENT-main=	file archiver with high co
 COMMENT-rar=	rar modules for p7zip
 
 V=		9.38.1
+REVISION=	0
 DISTNAME=	p7zip_${V}_src_all
 PKGNAME=	p7zip-${V}
 PKGNAME-main=	p7zip-${V}
Index: patches/patch-CPP_7zip_Archive_HfsHandler_cpp
===================================================================
RCS file: patches/patch-CPP_7zip_Archive_HfsHandler_cpp
diff -N patches/patch-CPP_7zip_Archive_HfsHandler_cpp
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-CPP_7zip_Archive_HfsHandler_cpp	24 May 2016 01:01:56 -0000
@@ -0,0 +1,26 @@
+$OpenBSD$
+
+CVE-2016-2334
+
+--- CPP/7zip/Archive/HfsHandler.cpp.orig	Fri Jun 19 06:52:08 2015
++++ CPP/7zip/Archive/HfsHandler.cpp	Mon May 23 20:37:42 2016
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, cons
+       item.GroupID = Get32(r + 0x24);
+       item.AdminFlags = r[0x28];
+       item.OwnerFlags = r[0x29];
++      */
+       item.FileMode = Get16(r + 0x2A);
++      /*
+       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+       item.FileType = Get32(r + 0x30);
+       item.FileCreator = Get32(r + 0x34);
+@@ -1571,6 +1573,9 @@ HRESULT CHandler::ExtractZlibFile(
+       blockSize = (UInt32)rem;
+ 
+     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
++
++    if (size > buf.Size() || size > kCompressionBlockSize + 1)
++        return S_FALSE;
+ 
+     RINOK(ReadStream_FALSE(inStream, buf, size));
+ 
Index: patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp
===================================================================
RCS file: patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp
diff -N patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-CPP_7zip_Archive_Udf_UdfIn_cpp	24 May 2016 01:01:56 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+CVE-2016-2335
+
+--- CPP/7zip/Archive/Udf/UdfIn.cpp.orig	Fri Nov 20 15:40:08 2015
++++ CPP/7zip/Archive/Udf/UdfIn.cpp	Mon May 23 20:37:46 2016
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int volIndex, int fsI
+     return S_FALSE;
+   CFile &file = Files.Back();
+   const CLogVol &vol = LogVols[volIndex];
+-  CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++  unsigned partitionRef = lad.Location.PartitionRef;
++
++  if (partitionRef >= vol.PartitionMaps.Size())
++  	return S_FALSE;
++  CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+ 
+   UInt32 key = lad.Location.Pos;
+   UInt32 value;


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic