diff --git a/packages/p7zip/1-CVE-2016-9296.patch b/packages/p7zip/1-CVE-2016-9296.patch new file mode 100644 index 000000000..83e181d9c --- /dev/null +++ b/packages/p7zip/1-CVE-2016-9296.patch @@ -0,0 +1,13 @@ +diff -Nur p7zip/CPP/7zip/Archive/7z/7zIn.cpp CVE-2016-9296_mod/CPP/7zip/Archive/7z/7zIn.cpp +--- p7zip/CPP/7zip/Archive/7z/7zIn.cpp 2016-05-20 16:20:03.000000000 +0800 ++++ CVE-2016-9296_mod/CPP/7zip/Archive/7z/7zIn.cpp 2019-03-06 22:03:43.370014466 +0800 +@@ -1097,7 +1097,8 @@ + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } +- HeadersSize += folders.PackPositions[folders.NumPackStreams]; ++ if (folders.PackPositions) ++ HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } + diff --git a/packages/p7zip/2-CVE-2017-17969.patch b/packages/p7zip/2-CVE-2017-17969.patch new file mode 100644 index 000000000..5cd9b8191 --- /dev/null +++ b/packages/p7zip/2-CVE-2017-17969.patch @@ -0,0 +1,18 @@ +diff -Nur p7zip/CPP/7zip/Compress/ShrinkDecoder.cpp CVE-2017-17969_mod/CPP/7zip/Compress/ShrinkDecoder.cpp +--- p7zip/CPP/7zip/Compress/ShrinkDecoder.cpp 2016-05-19 01:31:02.000000000 +0800 ++++ CVE-2017-17969_mod/CPP/7zip/Compress/ShrinkDecoder.cpp 2019-03-06 22:04:10.675224841 +0800 +@@ -121,8 +121,13 @@ + { + _stack[i++] = _suffixes[cur]; + cur = _parents[cur]; ++ if (cur >= kNumItems || i >= kNumItems) ++ break; + } +- ++ ++ if (cur >= kNumItems || i >= kNumItems) ++ break; ++ + _stack[i++] = (Byte)cur; + lastChar2 = (Byte)cur; + diff --git a/packages/p7zip/3-CVE-2018-5996.patch b/packages/p7zip/3-CVE-2018-5996.patch new file mode 100644 index 000000000..3437e7903 --- /dev/null +++ b/packages/p7zip/3-CVE-2018-5996.patch @@ -0,0 +1,198 @@ +diff -Nur p7zip/CPP/7zip/Compress/Rar1Decoder.cpp CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.cpp +--- p7zip/CPP/7zip/Compress/Rar1Decoder.cpp 2015-09-02 02:04:52.000000000 +0800 ++++ CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.cpp 2019-03-06 22:04:37.659374132 +0800 +@@ -29,7 +29,7 @@ + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false) { } ++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -406,9 +406,14 @@ + InitData(); + if (!m_IsSolid) + { ++ _errorMode = false; + InitStructures(); + InitHuff(); + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (m_UnpackSize > 0) + { + GetFlagsBuf(); +@@ -477,9 +482,9 @@ + const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) + { + try { return CodeReal(inStream, outStream, inSize, outSize, progress); } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(const CLzOutWindowException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + } + + STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) +diff -Nur p7zip/CPP/7zip/Compress/Rar1Decoder.h CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.h +--- p7zip/CPP/7zip/Compress/Rar1Decoder.h 2014-12-21 20:44:00.000000000 +0800 ++++ CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.h 2019-03-06 22:04:37.659374132 +0800 +@@ -39,6 +39,7 @@ + + Int64 m_UnpackSize; + bool m_IsSolid; ++ bool _errorMode; + + UInt32 ReadBits(int numBits); + HRESULT CopyBlock(UInt32 distance, UInt32 len); +diff -Nur p7zip/CPP/7zip/Compress/Rar2Decoder.cpp CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.cpp +--- p7zip/CPP/7zip/Compress/Rar2Decoder.cpp 2015-10-03 16:49:14.000000000 +0800 ++++ CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.cpp 2019-03-06 22:04:37.659374132 +0800 +@@ -80,7 +80,8 @@ + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false) ++ m_IsSolid(false), ++ m_TablesOK(false) + { + } + +@@ -100,6 +101,8 @@ + + bool CDecoder::ReadTables(void) + { ++ m_TablesOK = false; ++ + Byte levelLevels[kLevelTableSize]; + Byte newLevels[kMaxTableSize]; + m_AudioMode = (ReadBits(1) == 1); +@@ -170,6 +173,8 @@ + } + + memcpy(m_LastLevels, newLevels, kMaxTableSize); ++ m_TablesOK = true; ++ + return true; + } + +@@ -344,6 +349,9 @@ + return S_FALSE; + } + ++ if (!m_TablesOK) ++ return S_FALSE; ++ + UInt64 startPos = m_OutWindowStream.GetProcessedSize(); + while (pos < unPackSize) + { +diff -Nur p7zip/CPP/7zip/Compress/Rar2Decoder.h CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.h +--- p7zip/CPP/7zip/Compress/Rar2Decoder.h 2015-06-19 18:52:06.000000000 +0800 ++++ CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.h 2019-03-06 22:04:37.659374132 +0800 +@@ -139,6 +139,7 @@ + + UInt64 m_PackSize; + bool m_IsSolid; ++ bool m_TablesOK; + + void InitStructures(); + UInt32 ReadBits(unsigned numBits); +diff -Nur p7zip/CPP/7zip/Compress/Rar3Decoder.cpp CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.cpp +--- p7zip/CPP/7zip/Compress/Rar3Decoder.cpp 2016-05-20 16:20:03.000000000 +0800 ++++ CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.cpp 2019-03-06 22:04:37.659374132 +0800 +@@ -92,7 +92,8 @@ + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false) ++ m_IsSolid(false), ++ _errorMode(false) + { + Ppmd7_Construct(&_ppmd); + } +@@ -545,6 +546,9 @@ + return InitPPM(); + } + ++ TablesRead = false; ++ TablesOK = false; ++ + _lzMode = true; + PrevAlignBits = 0; + PrevAlignCount = 0; +@@ -606,6 +610,9 @@ + } + } + } ++ if (InputEofError()) ++ return S_FALSE; ++ + TablesRead = true; + + // original code has check here: +@@ -623,6 +630,9 @@ + RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); + + memcpy(m_LastLevels, newLevels, kTablesSizesSum); ++ ++ TablesOK = true; ++ + return S_OK; + } + +@@ -824,7 +834,12 @@ + PpmEscChar = 2; + PpmError = true; + InitFilters(); ++ _errorMode = false; + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (!m_IsSolid || !TablesRead) + { + bool keepDecompressing; +@@ -838,6 +853,8 @@ + bool keepDecompressing; + if (_lzMode) + { ++ if (!TablesOK) ++ return S_FALSE; + RINOK(DecodeLZ(keepDecompressing)) + } + else +@@ -901,8 +918,8 @@ + _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; + return CodeReal(progress); + } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + // CNewException is possible here. But probably CNewException is caused + // by error in data stream. + } +diff -Nur p7zip/CPP/7zip/Compress/Rar3Decoder.h CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.h +--- p7zip/CPP/7zip/Compress/Rar3Decoder.h 2015-10-03 16:49:12.000000000 +0800 ++++ CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.h 2019-03-06 22:04:37.659374132 +0800 +@@ -192,6 +192,7 @@ + UInt32 _lastFilter; + + bool m_IsSolid; ++ bool _errorMode; + + bool _lzMode; + bool _unsupportedFilter; +@@ -200,6 +201,7 @@ + UInt32 PrevAlignCount; + + bool TablesRead; ++ bool TablesOK; + + CPpmd7 _ppmd; + int PpmEscChar; diff --git a/packages/p7zip/4-CVE-2018-10115.patch b/packages/p7zip/4-CVE-2018-10115.patch new file mode 100644 index 000000000..edc9838d6 --- /dev/null +++ b/packages/p7zip/4-CVE-2018-10115.patch @@ -0,0 +1,284 @@ +diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.cpp +--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.cpp 2019-03-06 22:04:37.659374132 +0800 ++++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.cpp 2019-03-06 22:10:18.882278471 +0800 +@@ -29,7 +29,7 @@ + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } ++CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -345,7 +345,7 @@ + + void CDecoder::InitData() + { +- if (!m_IsSolid) ++ if (!_isSolid) + { + AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0; + AvrPlc = 0x3500; +@@ -391,6 +391,11 @@ + if (inSize == NULL || outSize == NULL) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ ++ _solidAllowed = false; ++ + if (!m_OutWindowStream.Create(kHistorySize)) + return E_OUTOFMEMORY; + if (!m_InBitStream.Create(1 << 20)) +@@ -398,13 +403,13 @@ + + m_UnpackSize = (Int64)*outSize; + m_OutWindowStream.SetStream(outStream); +- m_OutWindowStream.Init(m_IsSolid); ++ m_OutWindowStream.Init(_isSolid); + m_InBitStream.SetStream(inStream); + m_InBitStream.Init(); + + // CCoderReleaser coderReleaser(this); + InitData(); +- if (!m_IsSolid) ++ if (!_isSolid) + { + _errorMode = false; + InitStructures(); +@@ -475,6 +480,7 @@ + } + if (m_UnpackSize < 0) + return S_FALSE; ++ _solidAllowed = true; + return m_OutWindowStream.Flush(); + } + +@@ -491,7 +497,7 @@ + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.h +--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.h 2019-03-06 22:04:37.659374132 +0800 ++++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.h 2019-03-06 22:10:18.882278471 +0800 +@@ -38,7 +38,8 @@ + UInt32 LastLength; + + Int64 m_UnpackSize; +- bool m_IsSolid; ++ bool _isSolid; ++ bool _solidAllowed; + bool _errorMode; + + UInt32 ReadBits(int numBits); +diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.cpp +--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.cpp 2019-03-06 22:04:37.659374132 +0800 ++++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.cpp 2019-03-06 22:10:18.882278471 +0800 +@@ -80,7 +80,8 @@ + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false), ++ _isSolid(false), ++ _solidAllowed(false), + m_TablesOK(false) + { + } +@@ -320,6 +321,10 @@ + if (inSize == NULL || outSize == NULL) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ _solidAllowed = false; ++ + if (!m_OutWindowStream.Create(kHistorySize)) + return E_OUTOFMEMORY; + if (!m_InBitStream.Create(1 << 20)) +@@ -330,12 +335,12 @@ + UInt64 pos = 0, unPackSize = *outSize; + + m_OutWindowStream.SetStream(outStream); +- m_OutWindowStream.Init(m_IsSolid); ++ m_OutWindowStream.Init(_isSolid); + m_InBitStream.SetStream(inStream); + m_InBitStream.Init(); + + // CCoderReleaser coderReleaser(this); +- if (!m_IsSolid) ++ if (!_isSolid) + { + InitStructures(); + if (unPackSize == 0) +@@ -343,6 +348,7 @@ + if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect; + if (!ReadTables()) + return S_FALSE; ++ _solidAllowed = true; + return S_OK; + } + if (!ReadTables()) +@@ -386,6 +392,9 @@ + + if (!ReadLastTables()) + return S_FALSE; ++ ++ _solidAllowed = true; ++ + return m_OutWindowStream.Flush(); + } + +@@ -402,7 +411,7 @@ + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.h +--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.h 2019-03-06 22:04:37.659374132 +0800 ++++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.h 2019-03-06 22:10:18.882278471 +0800 +@@ -138,7 +138,8 @@ + Byte m_LastLevels[kMaxTableSize]; + + UInt64 m_PackSize; +- bool m_IsSolid; ++ bool _isSolid; ++ bool _solidAllowed; + bool m_TablesOK; + + void InitStructures(); +diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.cpp +--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.cpp 2019-03-06 22:04:37.659374132 +0800 ++++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.cpp 2019-03-06 22:10:18.882278471 +0800 +@@ -92,7 +92,8 @@ + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false), ++ _isSolid(false), ++ _solidAllowed(false), + _errorMode(false) + { + Ppmd7_Construct(&_ppmd); +@@ -821,7 +822,7 @@ + { + _writtenFileSize = 0; + _unsupportedFilter = false; +- if (!m_IsSolid) ++ if (!_isSolid) + { + _lzSize = 0; + _winPos = 0; +@@ -840,12 +841,15 @@ + if (_errorMode) + return S_FALSE; + +- if (!m_IsSolid || !TablesRead) ++ if (!_isSolid || !TablesRead) + { + bool keepDecompressing; + RINOK(ReadTables(keepDecompressing)); + if (!keepDecompressing) ++ { ++ _solidAllowed = true; + return S_OK; ++ } + } + + for (;;) +@@ -870,6 +874,9 @@ + if (!keepDecompressing) + break; + } ++ ++ _solidAllowed = true; ++ + RINOK(WriteBuf()); + UInt64 packSize = m_InBitStream.BitDecoder.GetProcessedSize(); + RINOK(progress->SetRatioInfo(&packSize, &_writtenFileSize)); +@@ -890,6 +897,10 @@ + if (!inSize) + return E_INVALIDARG; + ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ _solidAllowed = false; ++ + if (!_vmData) + { + _vmData = (Byte *)::MidAlloc(kVmDataSizeMax + kVmCodeSizeMax); +@@ -928,7 +939,7 @@ + { + if (size < 1) + return E_INVALIDARG; +- m_IsSolid = ((data[0] & 1) != 0); ++ _isSolid = ((data[0] & 1) != 0); + return S_OK; + } + +diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.h +--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.h 2019-03-06 22:04:37.659374132 +0800 ++++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.h 2019-03-06 22:10:18.882278471 +0800 +@@ -191,7 +191,8 @@ + CRecordVector _tempFilters; + UInt32 _lastFilter; + +- bool m_IsSolid; ++ bool _isSolid; ++ bool _solidAllowed; + bool _errorMode; + + bool _lzMode; +diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.cpp +--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.cpp 2019-03-06 22:03:12.632738487 +0800 ++++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.cpp 2019-03-06 22:10:18.882278471 +0800 +@@ -72,6 +72,7 @@ + _writtenFileSize(0), + _dictSizeLog(0), + _isSolid(false), ++ _solidAllowed(false), + _wasInit(false), + _inputBuf(NULL) + { +@@ -801,7 +802,10 @@ + */ + + if (res == S_OK) ++ { ++ _solidAllowed = true; + res = res2; ++ } + + if (res == S_OK && _unpackSize_Defined && _writtenFileSize != _unpackSize) + return S_FALSE; +@@ -821,6 +825,10 @@ + { + try + { ++ if (_isSolid && !_solidAllowed) ++ return S_FALSE; ++ _solidAllowed = false; ++ + if (_dictSizeLog >= sizeof(size_t) * 8) + return E_NOTIMPL; + +diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.h +--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.h 2019-03-06 22:03:12.632738487 +0800 ++++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.h 2019-03-06 22:10:18.882278471 +0800 +@@ -271,6 +271,7 @@ + Byte _dictSizeLog; + bool _tableWasFilled; + bool _isSolid; ++ bool _solidAllowed; + bool _wasInit; + + UInt32 _reps[kNumReps]; diff --git a/packages/p7zip/build.sh b/packages/p7zip/build.sh index ae2ba4403..4c815326d 100644 --- a/packages/p7zip/build.sh +++ b/packages/p7zip/build.sh @@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Command-line version of the 7zip compressed file archive TERMUX_PKG_LICENSE="LGPL-2.1" TERMUX_PKG_MAINTAINER="Francisco Demartino @franciscod" TERMUX_PKG_VERSION=16.02 -TERMUX_PKG_REVISION=2 +TERMUX_PKG_REVISION=3 TERMUX_PKG_SHA256=5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f TERMUX_PKG_SRCURL=https://downloads.sourceforge.net/project/p7zip/p7zip/${TERMUX_PKG_VERSION}/p7zip_${TERMUX_PKG_VERSION}_src_all.tar.bz2 TERMUX_PKG_BUILD_IN_SRC=yes