From patchwork Sat Apr 11 13:36:15 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Andr=C3=A9_Zwing?= <nerv@dawncrow.de>
X-Patchwork-Id: 1269336
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=busybox.net (client-ip=140.211.166.137;
	helo=fraxinus.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=dawncrow.de
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=dawncrow.de header.i=@dawncrow.de
	header.a=rsa-sha256 header.s=strato-dkim-0002
	header.b=ixr/enrF; dkim-atps=neutral
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 48zwrw6dMqz9sSk
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Sat, 11 Apr 2020 23:36:31 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id BD3C285B78;
	Sat, 11 Apr 2020 13:36:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id fXZ04V2-8azJ; Sat, 11 Apr 2020 13:36:25 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by fraxinus.osuosl.org (Postfix) with ESMTP id CE6018508E;
	Sat, 11 Apr 2020 13:36:25 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id 6D7251BF34D
	for <buildroot@lists.busybox.net>;
	Sat, 11 Apr 2020 13:36:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 6A8B486B50
	for <buildroot@lists.busybox.net>;
	Sat, 11 Apr 2020 13:36:24 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id rn1Myb-V55iQ for <buildroot@lists.busybox.net>;
	Sat, 11 Apr 2020 13:36:22 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mo4-p00-ob.smtp.rzone.de (mo4-p00-ob.smtp.rzone.de
	[85.215.255.24])
	by whitealder.osuosl.org (Postfix) with ESMTPS id 572A786A02
	for <buildroot@buildroot.org>; Sat, 11 Apr 2020 13:36:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1586612180;
	s=strato-dkim-0002; d=dawncrow.de;
	h=References:In-Reply-To:Message-Id:Date:Subject:To:From:
	X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender;
	bh=0a24IZORUus5CFM6IkxnBzxnq9J8HtamRaIjTFe6p+Q=;
	b=ixr/enrFTfFMFYb90oUIr4nzylS5dw3K4eX50s5jVec/N1OLfrgIjHSlW4Xk8ilxyj
	m26JHbE2hFweZHKRl8p15xd2uCyxQCutQZbHRScfobze3FZ5X30M9KVYkb/HTS4b4SYa
	IvhYLk2VD/bB6HMxcfUqpkmMD62w2zZm7IGVka8h7Q8uI83X2GTFOo/SFPSc46lUTsLl
	tG/3/ic1RBTQ5HqGO1AuyB01sVCpJbUPd4NrXNHxaRGqHcODVvsWSO+rDBI0/OE6NXJj
	NRYh3qdOaYSSGE5Bnr9eFreon46+qzgaorLdJvxWVxVcqfgBo6itesgPAt7dXl9ec4X/
	lL2g==
X-RZG-AUTH: 
 ":ImkWY2CseuihIZy6ZWWciR6unPhpN+aXzZGGjY6ptdusOaLnXzn3ovD/FrlcNw=="
X-RZG-CLASS-ID: mo00
Received: from tesla.fritz.box by smtp.strato.de (RZmta 46.2.1 DYNA|AUTH)
	with ESMTPSA id a09a24w3BDaJ83B
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
	(Client did not present a certificate) for <buildroot@buildroot.org>;
	Sat, 11 Apr 2020 15:36:19 +0200 (CEST)
From: =?utf-8?q?Andr=C3=A9_Hentschel?= <nerv@dawncrow.de>
To: buildroot@buildroot.org
Date: Sat, 11 Apr 2020 15:36:15 +0200
Message-Id: <20200411133616.31897-2-nerv@dawncrow.de>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200411133616.31897-1-nerv@dawncrow.de>
References: <20200411133616.31897-1-nerv@dawncrow.de>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 2/3] package/p7zip: fix CVE-2017-17969
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Signed-off-by: André Hentschel <nerv@dawncrow.de>
---
 package/p7zip/0002-CVE-2017-17969.patch | 37 +++++++++++++++++++++++++
 package/p7zip/p7zip.mk                  |  2 ++
 2 files changed, 39 insertions(+)
 create mode 100644 package/p7zip/0002-CVE-2017-17969.patch

diff --git a/package/p7zip/0002-CVE-2017-17969.patch b/package/p7zip/0002-CVE-2017-17969.patch
new file mode 100644
index 0000000000..9198127cb9
--- /dev/null
+++ b/package/p7zip/0002-CVE-2017-17969.patch
@@ -0,0 +1,37 @@
+From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org>
+Date: Fri, 2 Feb 2018 11:11:41 +0100
+Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
+
+Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
+Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
+Bug: https://sourceforge.net/p/p7zip/bugs/204/
+Bug-Debian: https://bugs.debian.org/888297
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2018-02-01
+Applied-Upstream: 18.00-beta
+
+Signed-off-by: André Hentschel <nerv@dawncrow.de>
+---
+ CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
+index 80b7e67..ca37764 100644
+--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+     {
+       _stack[i++] = _suffixes[cur];
+       cur = _parents[cur];
++      if (cur >= kNumItems || i >= kNumItems)
++        break;
+     }
+-    
++
++    if (cur >= kNumItems || i >= kNumItems)
++      break;
++
+     _stack[i++] = (Byte)cur;
+     lastChar2 = (Byte)cur;
+ 
diff --git a/package/p7zip/p7zip.mk b/package/p7zip/p7zip.mk
index 66d3198c17..be95995bab 100644
--- a/package/p7zip/p7zip.mk
+++ b/package/p7zip/p7zip.mk
@@ -12,6 +12,8 @@ P7ZIP_LICENSE_FILES = DOC/License.txt
 
 # 0001-CVE-2016-9296.patch
 P7ZIP_IGNORE_CVES += CVE-2016-9296
+# 0002-CVE-2017-17969.patch
+P7ZIP_IGNORE_CVES += CVE-2017-17969
 
 # p7zip buildsystem is a mess: it plays dirty tricks with CFLAGS and
 # CXXFLAGS, so we can't pass them. Instead, it accepts ALLFLAGS_C