- rel 2; SECURITY fixes from FC

diff --git a/05-hardening-flags.patch b/05-hardening-flags.patch
new file mode 100644 (file)
index 0000000..aa42431
--- /dev/null
+++ b/05-hardening-flags.patch
@@ -0,0 +1,33 @@
+From: Robert Luberda <robert@debian.org>
+Date: Fri, 22 Jan 2016 00:53:09 +0100
+Subject: Hardening flags
+
+Add support for $(CPPFLAGS) and do not override $(CXXFLAGS)
+and $(CFLAGS)
+
+Bug-Debian: https://bugs.debian.org/#682167
+---
+ makefile.glb | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/makefile.glb b/makefile.glb
+index fb001d5..e10ae03 100644
+--- a/makefile.glb
++++ b/makefile.glb
+@@ -1,14 +1,14 @@
+ 
+ RM=rm -f
+ 
+-CFLAGS=-c -I. \
++CFLAGS+=$(CPPFLAGS) -c -I. \
+ -I../../../../C \
+ -I../../../../CPP/myWindows \
+ -I../../../../CPP/include_windows \
+ -I../../../../CPP \
+ $(ALLFLAGS) $(ALLFLAGS_C)
+ 
+-CXXFLAGS=-c -I. \
++CXXFLAGS+=$(CPPFLAGS) -c -I. \
+ -I../../../../C \
+ -I../../../../CPP/myWindows \
+ -I../../../../CPP/include_windows \

diff --git a/14-Fix-g++-warning.patch b/14-Fix-g++-warning.patch
new file mode 100644 (file)
index 0000000..226e239
--- /dev/null
+++ b/14-Fix-g++-warning.patch
@@ -0,0 +1,24 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sun, 28 Jan 2018 22:19:13 +0100
+Subject: Fix g++ warning
+
+Fix for "use of an operand of type 'bool' in 'operator++'
+is deprecated [-Wdeprecated]" warning taken from 7zip 18.00.beta
+package.
+---
+ CPP/7zip/Archive/Wim/WimHandler.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/Wim/WimHandler.cpp b/CPP/7zip/Archive/Wim/WimHandler.cpp
+index 27d3298..4ff5cfe 100644
+--- a/CPP/7zip/Archive/Wim/WimHandler.cpp
++++ b/CPP/7zip/Archive/Wim/WimHandler.cpp
+@@ -298,7 +298,7 @@ STDMETHODIMP CHandler::GetArchiveProperty(PROPID propID, PROPVARIANT *value)
+ 
+       AString res;
+ 
+-      bool numMethods = 0;
++      unsigned numMethods = 0;
+       for (unsigned i = 0; i < ARRAY_SIZE(k_Methods); i++)
+       {
+         if (methodMask & ((UInt32)1 << i))

diff --git a/CVE-2016-9296.patch b/CVE-2016-9296.patch
new file mode 100644 (file)
index 0000000..773f92a
--- /dev/null
+++ b/CVE-2016-9296.patch
@@ -0,0 +1,12 @@
+--- ./CPP/7zip/Archive/7z/7zIn.cpp.orig        2016-11-21 01:42:29.460901230 +0000
++++ ./CPP/7zip/Archive/7z/7zIn.cpp     2016-11-21 01:42:57.481197725 +0000
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 

diff --git a/CVE-2017-17969.patch b/CVE-2017-17969.patch
new file mode 100644 (file)
index 0000000..ebc0ac9
--- /dev/null
+++ b/CVE-2017-17969.patch
@@ -0,0 +1,26 @@
+From 79bca880ce7bcf07216c45f93afea545e0344418 Mon Sep 17 00:00:00 2001
+From: aone <aone@keka.io>
+Date: Mon, 5 Feb 2018 13:01:09 +0100
+Subject: [PATCH] Security fix CVE-2017-17969
+
+---
+ CPP/7zip/Compress/ShrinkDecoder.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
+index 80b7e67..5bb0559 100644
+--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+     {
+       _stack[i++] = _suffixes[cur];
+       cur = _parents[cur];
++        if (cur >= kNumItems || i >= kNumItems)
++              break;
+     }
++      
++      if (cur >= kNumItems || i >= kNumItems)
++              break;
+     
+     _stack[i++] = (Byte)cur;
+     lastChar2 = (Byte)cur;

diff --git a/gcc10-conversion.patch b/gcc10-conversion.patch
new file mode 100644 (file)
index 0000000..45f9f84
--- /dev/null
+++ b/gcc10-conversion.patch
@@ -0,0 +1,26 @@
+diff -Nrup a/CPP/Windows/ErrorMsg.cpp b/CPP/Windows/ErrorMsg.cpp
+--- a/CPP/Windows/ErrorMsg.cpp 2015-01-18 11:20:28.000000000 -0700
++++ b/CPP/Windows/ErrorMsg.cpp 2019-09-24 13:01:18.887289152 -0600
+@@ -14,14 +14,14 @@ UString MyFormatMessage(DWORD errorCode)
+   AString msg;
+ 
+   switch(errorCode) {
+-    case ERROR_NO_MORE_FILES   : txt = "No more files"; break ;
+-    case E_NOTIMPL             : txt = "E_NOTIMPL"; break ;
+-    case E_NOINTERFACE         : txt = "E_NOINTERFACE"; break ;
+-    case E_ABORT               : txt = "E_ABORT"; break ;
+-    case E_FAIL                : txt = "E_FAIL"; break ;
+-    case STG_E_INVALIDFUNCTION : txt = "STG_E_INVALIDFUNCTION"; break ;
+-    case E_OUTOFMEMORY         : txt = "E_OUTOFMEMORY"; break ;
+-    case E_INVALIDARG          : txt = "E_INVALIDARG"; break ;
++    case unsigned (ERROR_NO_MORE_FILES)   : txt = "No more files"; break ;
++    case unsigned (E_NOTIMPL)             : txt = "E_NOTIMPL"; break ;
++    case unsigned (E_NOINTERFACE)         : txt = "E_NOINTERFACE"; break ;
++    case unsigned (E_ABORT)               : txt = "E_ABORT"; break ;
++    case unsigned (E_FAIL)                : txt = "E_FAIL"; break ;
++    case unsigned (STG_E_INVALIDFUNCTION) : txt = "STG_E_INVALIDFUNCTION"; break ;
++    case unsigned (E_OUTOFMEMORY)         : txt = "E_OUTOFMEMORY"; break ;
++    case unsigned (E_INVALIDARG)          : txt = "E_INVALIDARG"; break ;
+     case ERROR_DIRECTORY          : txt = "Error Directory"; break ;
+     default:
+       txt = strerror(errorCode);

diff --git a/p7zip.spec b/p7zip.spec
index 35e92e2a55e6ce015830908113c9f117ee91cb13..30a881ceafab9b1b4c895ca2e45eae56331f5b96 100644 (file)
--- a/p7zip.spec
+++ b/p7zip.spec
@@ -2,11 +2,16 @@ Summary:      File archiver with highest compression ratio
 Summary(pl.UTF-8):     Paker plików z najwyższym stopniem kompresji
 Name:          p7zip
 Version:       16.02
-Release:       1
+Release:       2
 License:       LGPL v2.1+
 Group:         Applications/Archiving
 Source0:       http://downloads.sourceforge.net/p7zip/%{name}_%{version}_src_all.tar.bz2
 # Source0-md5: a0128d661cfe7cc8c121e73519c54fbf
+Patch0:                05-hardening-flags.patch
+Patch1:                14-Fix-g++-warning.patch
+Patch2:                CVE-2016-9296.patch
+Patch3:                CVE-2017-17969.patch
+Patch4:                gcc10-conversion.patch
 URL:           http://p7zip.sourceforge.net/
 BuildRequires: libstdc++-devel
 BuildRequires: sed >= 4.0
@@ -54,6 +59,11 @@ wersja obsługująca wtyczki.
 
 %prep
 %setup -q -n %{name}_%{version}
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %{__sed} -i -e 's/ -s / /' makefile.machine
 
@@ -64,6 +74,7 @@ find . -name '*.cpp' -exec %{__sed} -i -e 's@getenv("P7ZIP_HOME_DIR")@"%{_libdir
 %{__make} all2 \
        CC="%{__cc} \$(ALLFLAGS)" \
        CXX="%{__cxx} \$(ALLFLAGS)" \
+       CPPFLAGS="%{rpmcppflags}" \
        LDFLAGS="%{rpmldflags}" \
        OPTFLAGS="%{rpmcxxflags}"