~ruther/guix-local

a630c64709af2ab7fdeb797ee35d89964b1fc042 — Leo Famulari 8 years ago b1968d8 
gnu: p7zip: Fix CVE-2017-17969.

* gnu/packages/patches/p7zip-CVE-2017-17969.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/compression.scm (p7zip)[source]: Use it.
patch browse .tar.gz 
3 files changed, 38 insertions(+), 1 deletions(-)

M gnu/local.mk
M gnu/packages/compression.scm
A gnu/packages/patches/p7zip-CVE-2017-17969.patch

M gnu/local.mk => gnu/local.mk +2 -1
@@ 955,7 955,8 @@ dist_patch_DATA =						\
  %D%/packages/patches/osip-CVE-2017-7853.patch			\
  %D%/packages/patches/ots-no-include-missing-file.patch	\
  %D%/packages/patches/owncloud-disable-updatecheck.patch	\
  %D%/packages/patches/p7zip-CVE-2016-9296.patch			\
  %D%/packages/patches/p7zip-CVE-2016-9296.patch		\
  %D%/packages/patches/p7zip-CVE-2017-17969.patch		\
  %D%/packages/patches/p7zip-remove-unused-code.patch		\
  %D%/packages/patches/patchelf-page-size.patch			\
  %D%/packages/patches/patchelf-rework-for-arm.patch		\


M gnu/packages/compression.scm => gnu/packages/compression.scm +1 -0
@@ 1377,6 1377,7 @@ It can be used as a replacement for the Apache @code{CBZip2InputStream} /
                  (delete-file-recursively "CPP/7zip/Compress/Rar")
                  #t))
              (patches (search-patches "p7zip-CVE-2016-9296.patch"
                                       "p7zip-CVE-2017-17969.patch"
                                       "p7zip-remove-unused-code.patch"))))
    (build-system gnu-build-system)
    (arguments


A gnu/packages/patches/p7zip-CVE-2017-17969.patch => gnu/packages/patches/p7zip-CVE-2017-17969.patch +35 -0
@@ 0,0 1,35 @@
Fix CVE-2017-17969:

https://sourceforge.net/p/p7zip/bugs/204/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969

Patch copied from Debian.

Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
Bug: https://sourceforge.net/p/p7zip/bugs/204/
Bug-Debian: https://bugs.debian.org/888297
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
Author: Antoine Beaupré <anarcat@debian.org>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2018-02-01
Applied-Upstream: 18.00-beta

--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn
     {
       _stack[i++] = _suffixes[cur];
       cur = _parents[cur];
+      if (cur >= kNumItems || i >= kNumItems)
+        break;
     }
-    
+
+    if (cur >= kNumItems || i >= kNumItems)
+      break;
+
     _stack[i++] = (Byte)cur;
     lastChar2 = (Byte)cur;