From patchwork Fri Apr 10 17:31:17 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Andr=C3=A9_Zwing?= <nerv@dawncrow.de>
X-Patchwork-Id: 1269149
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=busybox.net (client-ip=140.211.166.136;
	helo=silver.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=dawncrow.de
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=dawncrow.de header.i=@dawncrow.de
	header.a=rsa-sha256 header.s=strato-dkim-0002
	header.b=AiAaAVCu; dkim-atps=neutral
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 48zQ6Y3lrJz9sSM
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Sat, 11 Apr 2020 03:31:33 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id C6DE324CEB;
	Fri, 10 Apr 2020 17:31:29 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id AUDCH4qPkpTn; Fri, 10 Apr 2020 17:31:27 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id 44DDC204EB;
	Fri, 10 Apr 2020 17:31:27 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	by ash.osuosl.org (Postfix) with ESMTP id 299081BF408
	for <buildroot@lists.busybox.net>;
	Fri, 10 Apr 2020 17:31:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 2601886166
	for <buildroot@lists.busybox.net>;
	Fri, 10 Apr 2020 17:31:26 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id mgzUUnpUWyhY for <buildroot@lists.busybox.net>;
	Fri, 10 Apr 2020 17:31:24 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mo4-p00-ob.smtp.rzone.de (mo4-p00-ob.smtp.rzone.de
	[85.215.255.20])
	by fraxinus.osuosl.org (Postfix) with ESMTPS id 5706885D56
	for <buildroot@buildroot.org>; Fri, 10 Apr 2020 17:31:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1586539881;
	s=strato-dkim-0002; d=dawncrow.de;
	h=Message-Id:Date:Subject:To:From:X-RZG-CLASS-ID:X-RZG-AUTH:From:
	Subject:Sender;
	bh=PF83ovB8y5ds8DZv5iTCkl7l8FrAHGoE/LQSKO5qQUI=;
	b=AiAaAVCumnCCVn1tvQZKdE2MThQFvEp94Ihpe9HKSj0a8vE809kUvJZDXpsuEEzkl8
	ejYBUWvgNiDfhDjxcUlNDWh8h60x0dbupY8L4gIw2n+Nn8C2duGK1mYB+6zjc/4toNDn
	SJox0icczN6WydPry0Bwb8yOnpnw5qqwZIK2w6hAdrHXExkDbK0wMJqDvLVUa8B6P4h2
	A+e71e7wCb4qLXcbwbR0wLy5SoZ/y+yoOSmfmPHymID8kWiVxf99ZC66Z9Afb3Pos+R+
	1yK1f4CT/aYKHMq5b5/k4PKC22265uqXcYRbxTOhOrKPoqYQaVsrPl7UB940B4oxnALP
	r3tA==
X-RZG-AUTH: 
 ":ImkWY2CseuihIZy6ZWWciR6unPhpN+aXzZGGjY6ptdusOaLnXzn3ovD/FrlcNw=="
X-RZG-CLASS-ID: mo00
Received: from tesla.fritz.box by smtp.strato.de (RZmta 46.2.1 DYNA|AUTH)
	with ESMTPSA id a09a24w3AHVL6sm
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
	(Client did not present a certificate) for <buildroot@buildroot.org>;
	Fri, 10 Apr 2020 19:31:21 +0200 (CEST)
From: =?utf-8?q?Andr=C3=A9_Hentschel?= <nerv@dawncrow.de>
To: buildroot@buildroot.org
Date: Fri, 10 Apr 2020 19:31:17 +0200
Message-Id: <20200410173118.21538-1-nerv@dawncrow.de>
X-Mailer: git-send-email 2.17.1
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/2] package/p7zip: fix CVE-2016-9296
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Signed-off-by: André Hentschel <nerv@dawncrow.de>
---
 package/p7zip/0001-CVE-2016-9296.patch | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 package/p7zip/0001-CVE-2016-9296.patch

diff --git a/package/p7zip/0001-CVE-2016-9296.patch b/package/p7zip/0001-CVE-2016-9296.patch
new file mode 100644
index 0000000000..42245c92c0
--- /dev/null
+++ b/package/p7zip/0001-CVE-2016-9296.patch
@@ -0,0 +1,23 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sat, 19 Nov 2016 08:48:08 +0100
+Subject: Fix nullptr dereference (CVE-2016-9296)
+
+Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
+---
+ CPP/7zip/Archive/7z/7zIn.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp
+index b0c6b98..7c6dde2 100644
+--- a/CPP/7zip/Archive/7z/7zIn.cpp
++++ b/CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 

From patchwork Fri Apr 10 17:31:18 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Andr=C3=A9_Zwing?= <nerv@dawncrow.de>
X-Patchwork-Id: 1269150
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=busybox.net (client-ip=140.211.166.133;
	helo=hemlock.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=dawncrow.de
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=dawncrow.de header.i=@dawncrow.de
	header.a=rsa-sha256 header.s=strato-dkim-0002
	header.b=X8Cv/RD/; dkim-atps=neutral
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 48zQ6h1CnFz9sRN
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Sat, 11 Apr 2020 03:31:39 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id D267B88231;
	Fri, 10 Apr 2020 17:31:33 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ehPnqDCT95ak; Fri, 10 Apr 2020 17:31:30 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id AA2F1875C2;
	Fri, 10 Apr 2020 17:31:30 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	by ash.osuosl.org (Postfix) with ESMTP id C77951BF408
	for <buildroot@lists.busybox.net>;
	Fri, 10 Apr 2020 17:31:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id B6E92204EB
	for <buildroot@lists.busybox.net>;
	Fri, 10 Apr 2020 17:31:26 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id HEqShtHqmfyX for <buildroot@lists.busybox.net>;
	Fri, 10 Apr 2020 17:31:24 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mo4-p00-ob.smtp.rzone.de (mo4-p00-ob.smtp.rzone.de
	[85.215.255.23])
	by silver.osuosl.org (Postfix) with ESMTPS id 5D7B12049B
	for <buildroot@buildroot.org>; Fri, 10 Apr 2020 17:31:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1586539881;
	s=strato-dkim-0002; d=dawncrow.de;
	h=References:In-Reply-To:Message-Id:Date:Subject:To:From:
	X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender;
	bh=dICrLG3AvSO28YDTB587B8nI8DEQfmZcmOuW8spQAu4=;
	b=X8Cv/RD/vbiHLgH0S9AjCCs0mUvF/WyQSv6UsJPbHReeaMQUE/TXeWN9S2OdhJAvk2
	UZJEkiuStV0WumSY2IVMGvF9f67Il++l/xv512mJmqL+v1uchP6PI4YDmdz64oDuhig4
	XvyMw8fdQyuQZ04nR9SqyVzcBcmxFPm6DXMbQM9agjDb7cwy29T5uJE9qZaEF+7f10ZW
	w0E4Z5WTt+UphSLQS+W0Ciej7NI74yakM/9h1JLjfdxOaves7nDfTmvPFS8OWMGK0DKT
	c7KSsnPxgm6k+hh62BkD9l2dmzEjo+azpCav+Qw1W4Zmn5UjzOZtslgR0dCYd991hVKl
	DYEA==
X-RZG-AUTH: 
 ":ImkWY2CseuihIZy6ZWWciR6unPhpN+aXzZGGjY6ptdusOaLnXzn3ovD/FrlcNw=="
X-RZG-CLASS-ID: mo00
Received: from tesla.fritz.box by smtp.strato.de (RZmta 46.2.1 DYNA|AUTH)
	with ESMTPSA id a09a24w3AHVL6sn
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
	(Client did not present a certificate) for <buildroot@buildroot.org>;
	Fri, 10 Apr 2020 19:31:21 +0200 (CEST)
From: =?utf-8?q?Andr=C3=A9_Hentschel?= <nerv@dawncrow.de>
To: buildroot@buildroot.org
Date: Fri, 10 Apr 2020 19:31:18 +0200
Message-Id: <20200410173118.21538-2-nerv@dawncrow.de>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200410173118.21538-1-nerv@dawncrow.de>
References: <20200410173118.21538-1-nerv@dawncrow.de>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 2/2] package/p7zip: fix CVE-2017-17969
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Signed-off-by: André Hentschel <nerv@dawncrow.de>
---
 package/p7zip/0002-CVE-2017-17969.patch | 35 +++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 package/p7zip/0002-CVE-2017-17969.patch

diff --git a/package/p7zip/0002-CVE-2017-17969.patch b/package/p7zip/0002-CVE-2017-17969.patch
new file mode 100644
index 0000000000..a9787c4a90
--- /dev/null
+++ b/package/p7zip/0002-CVE-2017-17969.patch
@@ -0,0 +1,35 @@
+From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org>
+Date: Fri, 2 Feb 2018 11:11:41 +0100
+Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
+
+Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
+Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
+Bug: https://sourceforge.net/p/p7zip/bugs/204/
+Bug-Debian: https://bugs.debian.org/888297
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2018-02-01
+Applied-Upstream: 18.00-beta
+---
+ CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
+index 80b7e67..ca37764 100644
+--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+     {
+       _stack[i++] = _suffixes[cur];
+       cur = _parents[cur];
++      if (cur >= kNumItems || i >= kNumItems)
++        break;
+     }
+-    
++
++    if (cur >= kNumItems || i >= kNumItems)
++      break;
++
+     _stack[i++] = (Byte)cur;
+     lastChar2 = (Byte)cur;
+