X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-qk0-f176.google.com (mail-qk0-f176.google.com [209.85.220.176]) by lists.alpinelinux.org (Postfix) with ESMTP id F1BCA5C4E1F for ; Tue, 6 Feb 2018 14:50:32 +0000 (GMT) Received: by mail-qk0-f176.google.com with SMTP id y204so2549773qkb.10 for ; Tue, 06 Feb 2018 06:50:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=Fr4hVHQy2j7U8FkRdd2KasG+BwyJr8tDsUJi1dWlqJA=; b=t7MCUcGWSiYFvhWoMH2q8xcnUXyQuFi1OH6n8xuAhXHMCcgdjEBHWv0AcCL+k+KcOK h96XofyT36BOtheDD0wG8kStaSDY2oajz9nAvlZhBCxE7z2Uclb1ckQ0fSUs9lt4vxu7 7/UbwAVJoGgfh2SIEwI4p5SF3XeWaT0v6hMRE3O6vTyzpu3JdKO2fcJ+twJ1dZpeufDV o0WcXazefYm230b7aNB6yE9NwYZ3ICA+JYqe2iqNmhmdbGhKVyUOW5aDT2doh3VUSRN+ hbsKsBJGE+UO2SgO4Pj54D7v1HMb4AHNeMq7BitwREIj+Oy8Iu2ktUTSmiKWqqFtZ8om t5Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=Fr4hVHQy2j7U8FkRdd2KasG+BwyJr8tDsUJi1dWlqJA=; b=iS/mTlfg3WBYMWGXrRL1ATrLe1fC8j5oaVcj9obaE/Gm+M8KOlqV3/prn/JbPzcVAh psMI5UQA3DNYBXHngx9xPAM8kyqL1zgUNWKWkH/6Gr+xxdYevXUXTY4adzPiidFnn3pN kGvpRiTGyQirRzHd0crpj1fLSbM5derhsF6mSwtIitu/+oUH0axYM//LBU3dPDdMhfiz 3sEW5g3DVJpgo9OTUepN1jbP6J/+HdUBuDA2Prwb9q4RsQ38JN02Vt6U1F6VON0Wnoc3 hl3ydoFxT+GPG1xBNIKQiaN3YPvp5piFbdoR7WA+lLm2uk7a3FQSYXdn6x9my9mJvb5+ CBLg== X-Gm-Message-State: APf1xPAO/Cr929Kqfry4+bfbJ407NivF6ArDmiKV9HQyjkzM+REn0AiP IOo0EevwrbzdoKSYcvxTRcVMOA== X-Google-Smtp-Source: AH8x227w2IZxEGfaBVxBuAHHlXZCN9i+1tr6P+bcveFAw7CmC/7uJB/kF9XW604ABQL9q4bmElnYIQ== X-Received: by 10.55.141.67 with SMTP id p64mr3396895qkd.43.1517928632332; Tue, 06 Feb 2018 06:50:32 -0800 (PST) Received: from localhost.localdomain (c-71-60-35-21.hsd1.pa.comcast.net. [71.60.35.21]) by smtp.googlemail.com with ESMTPSA id d20sm7325851qte.88.2018.02.06.06.50.31 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Feb 2018 06:50:31 -0800 (PST) From: Daniel Sabogal To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] [PATCH] main/p7zip: security fix for CVE-2017-17969, modernize Date: Tue, 6 Feb 2018 09:53:48 -0500 Message-Id: <20180206145348.29575-1-dsabogalcc@gmail.com> X-Mailer: git-send-email 2.16.1 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: --- main/p7zip/APKBUILD | 31 ++++++++++++++++++------------- main/p7zip/CVE-2017-17969.patch | 16 ++++++++++++++++ 2 files changed, 34 insertions(+), 13 deletions(-) create mode 100644 main/p7zip/CVE-2017-17969.patch diff --git a/main/p7zip/APKBUILD b/main/p7zip/APKBUILD index 55f38372b2..722f7a4bf9 100644 --- a/main/p7zip/APKBUILD +++ b/main/p7zip/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa pkgname=p7zip pkgver=16.02 -pkgrel=1 +pkgrel=2 pkgdesc="A command-line port of the 7zip compression utility" url="http://p7zip.sourceforge.net" arch="all" @@ -12,15 +12,18 @@ subpackages="$pkgname-doc" depends="" makedepends="bash yasm nasm" source="http://downloads.sourceforge.net/sourceforge/$pkgname/${pkgname}_${pkgver}_src_all.tar.bz2 - CVE-2016-9296.patch" + CVE-2016-9296.patch + CVE-2017-17969.patch" builddir="$srcdir/${pkgname}_$pkgver" # secfixes: # 16.02-r1: # - CVE-2016-9296 +# 16.02-r2: +# - CVE-2017-17969 prepare() { - default_prepare || return 1 + default_prepare local makefile="makefile.linux_any_cpu_gcc_4.X" case "$CARCH" in @@ -29,32 +32,34 @@ prepare() { esac cd "$builddir" - ln -sf $makefile makefile.machine || return 1 + ln -sf $makefile makefile.machine sed -e "s,g++,${CXX:-g++}," -i makefile.machine sed -e "s,gcc,${CC:-gcc}," -i makefile.machine } +check() { + cd "$builddir" + make test +} + build() { cd "$builddir" - make all3 OPTFLAGS="${CXXFLAGS}" || return 1 + make all3 OPTFLAGS="${CXXFLAGS}" } package() { cd "$builddir" make install DEST_DIR="$pkgdir" DEST_HOME="/usr" \ DEST_MAN="/usr/share/man" \ - DEST_SHARE_DOC="/usr/share/doc/$pkgname" || return 1 + DEST_SHARE_DOC="/usr/share/doc/$pkgname" install -Dm755 contrib/gzip-like_CLI_wrapper_for_7z/$pkgname \ - "$pkgdir"/usr/bin/$pkgname || return 1 + "$pkgdir"/usr/bin/$pkgname install -Dm644 contrib/gzip-like_CLI_wrapper_for_7z/man1/$pkgname.1 \ - "$pkgdir"/usr/share/man/man1/$pkgname.1 || return 1 + "$pkgdir"/usr/share/man/man1/$pkgname.1 } -md5sums="a0128d661cfe7cc8c121e73519c54fbf p7zip_16.02_src_all.tar.bz2 -0f0535ca888273f3779ca14e8f186813 CVE-2016-9296.patch" -sha256sums="5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f p7zip_16.02_src_all.tar.bz2 -f9bcbf21d4aa8938861a6cba992df13dec19538286e9ed747ccec6d9a4e8f983 CVE-2016-9296.patch" sha512sums="d2c4d53817f96bb4c7683f42045198d4cd509cfc9c3e2cb85c8d9dc4ab6dfa7496449edeac4e300ecf986a9cbbc90bd8f8feef8156895d94617c04e507add55f p7zip_16.02_src_all.tar.bz2 -7a7fddf4122c3f5d4632640149a94c285a18515f38510388709c2fb9ecd450f9f34ae2e5fe4926c1c68507567b0affa2c8e9194c732673171dd5ee625192b194 CVE-2016-9296.patch" +7a7fddf4122c3f5d4632640149a94c285a18515f38510388709c2fb9ecd450f9f34ae2e5fe4926c1c68507567b0affa2c8e9194c732673171dd5ee625192b194 CVE-2016-9296.patch +22b6437770f2fb70675ed6971239ec3d40d5b9c7e1c5aa28c670d082bd2e7d861863f2f00feacec759eab216081dc49544b980b2ebe9fe40c7d0d1ca1dfc3069 CVE-2017-17969.patch" diff --git a/main/p7zip/CVE-2017-17969.patch b/main/p7zip/CVE-2017-17969.patch new file mode 100644 index 0000000000..af9e03931f --- /dev/null +++ b/main/p7zip/CVE-2017-17969.patch @@ -0,0 +1,16 @@ +--- p7zip_16.02/CPP/7zip/Compress/ShrinkDecoder.cpp.orig ++++ p7zip_16.02/CPP/7zip/Compress/ShrinkDecoder.cpp +@@ -121,7 +121,12 @@ + { + _stack[i++] = _suffixes[cur]; + cur = _parents[cur]; +- } ++ if (i >= kNumItems) ++ break; ++ } ++ ++ if (i >= kNumItems) ++ break; + + _stack[i++] = (Byte)cur; + lastChar2 = (Byte)cur; -- 2.16.1 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---