openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
sources/meta-openembedded/meta-oe/recipes-extended/p7zip/files/0001-Fix-narrowing-errors-Wc-11-narrowing.patch Normal file
View File

@@ -0,0 +1,49 @@
From 653674e11872465dd5edf1c1e8413ea813d7e086 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 23 Apr 2018 23:07:21 -0700
Subject: [PATCH] Fix narrowing errors -Wc++11-narrowing
Clang 6.x finds these errors
../../../../CPP/Windows/ErrorMsg.cpp:24:10: error: case value evaluates to -2147024809, which cannot be narrowed to type 'DWORD' (aka 'unsigned int') [-Wc++11-narrowing]
case E_INVALIDARG : txt = "E_INVALIDARG"; break ;
^
HRESULT causes the macro to be parsed as a signed long, so we need to force it
to be checked as an unsigned long instead.
also reported here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224930
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
CPP/Windows/ErrorMsg.cpp | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/CPP/Windows/ErrorMsg.cpp b/CPP/Windows/ErrorMsg.cpp
index 99684ae..78a64ba 100644
--- a/CPP/Windows/ErrorMsg.cpp
+++ b/CPP/Windows/ErrorMsg.cpp
@@ -15,13 +15,13 @@ UString MyFormatMessage(DWORD errorCode)
switch(errorCode) {
case ERROR_NO_MORE_FILES : txt = "No more files"; break ;
- case E_NOTIMPL : txt = "E_NOTIMPL"; break ;
- case E_NOINTERFACE : txt = "E_NOINTERFACE"; break ;
- case E_ABORT : txt = "E_ABORT"; break ;
- case E_FAIL : txt = "E_FAIL"; break ;
- case STG_E_INVALIDFUNCTION : txt = "STG_E_INVALIDFUNCTION"; break ;
- case E_OUTOFMEMORY : txt = "E_OUTOFMEMORY"; break ;
- case E_INVALIDARG : txt = "E_INVALIDARG"; break ;
+ case (DWORD) E_NOTIMPL : txt = "E_NOTIMPL"; break ;
+ case (DWORD) E_NOINTERFACE : txt = "E_NOINTERFACE"; break ;
+ case (DWORD) E_ABORT : txt = "E_ABORT"; break ;
+ case (DWORD) E_FAIL : txt = "E_FAIL"; break ;
+ case (DWORD) STG_E_INVALIDFUNCTION : txt = "STG_E_INVALIDFUNCTION"; break ;
+ case (DWORD) E_OUTOFMEMORY : txt = "E_OUTOFMEMORY"; break ;
+ case (DWORD) E_INVALIDARG : txt = "E_INVALIDARG"; break ;
case ERROR_DIRECTORY : txt = "Error Directory"; break ;
default:
txt = strerror(errorCode);

455
sources/meta-openembedded/meta-oe/recipes-extended/p7zip/files/0001-Fix-two-buffer-overflow-vulnerabilities.patch Normal file
View File

@@ -0,0 +1,455 @@
From 1f266347b154ed90b8262126f04e8cc8f59fa617 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Fri, 22 Nov 2024 21:25:21 +0800
Subject: [PATCH] Fix two buffer overflow vulnerabilities
According to [1][2], Igor Pavlov, the author of 7-Zip, refused to
provide an advisory or any related change log entries. We have to
backport a part of ./CPP/7zip/Archive/NtfsHandler.cpp from upstream
big commit
Upstream-Status: Backport [https://github.com/ip7z/7zip/commit/fc662341e6f85da78ada0e443f6116b978f79f22]
[1] https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
[2] https://dfir.ru/wp-content/uploads/2024/07/screenshot-2024-07-03-at-02-13-40-7-zip-_-bugs-_-2402-two-vulnerabilities-in-the-ntfs-handler.png
CVE: CVE-2023-52169
CVE: CVE-2023-52168
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
CPP/7zip/Archive/NtfsHandler.cpp | 229 ++++++++++++++++++++-----------
1 file changed, 151 insertions(+), 78 deletions(-)
diff --git a/CPP/7zip/Archive/NtfsHandler.cpp b/CPP/7zip/Archive/NtfsHandler.cpp
index 93e9f88..2701439 100644
--- a/CPP/7zip/Archive/NtfsHandler.cpp
+++ b/CPP/7zip/Archive/NtfsHandler.cpp
@@ -71,8 +71,9 @@ struct CHeader
{
unsigned SectorSizeLog;
unsigned ClusterSizeLog;
+ unsigned MftRecordSizeLog;
// Byte MediaType;
- UInt32 NumHiddenSectors;
+ //UInt32 NumHiddenSectors;
UInt64 NumSectors;
UInt64 NumClusters;
UInt64 MftCluster;
@@ -111,30 +112,42 @@ bool CHeader::Parse(const Byte *p)
if (memcmp(p + 3, "NTFS ", 8) != 0)
return false;
{
- int t = GetLog(Get16(p + 11));
- if (t < 9 || t > 12)
- return false;
- SectorSizeLog = t;
- t = GetLog(p[13]);
- if (t < 0)
- return false;
- sectorsPerClusterLog = t;
- ClusterSizeLog = SectorSizeLog + sectorsPerClusterLog;
- if (ClusterSizeLog > 30)
- return false;
+ {
+ const int t = GetLog(Get16(p + 11));
+ if (t < 9 || t > 12)
+ return false;
+ SectorSizeLog = (unsigned)t;
+ }
+ {
+ const unsigned v = p[13];
+ if (v <= 0x80)
+ {
+ const int t = GetLog(v);
+ if (t < 0)
+ return false;
+ sectorsPerClusterLog = (unsigned)t;
+ }
+ else
+ sectorsPerClusterLog = 0x100 - v;
+ ClusterSizeLog = SectorSizeLog + sectorsPerClusterLog;
+ if (ClusterSizeLog > 30)
+ return false;
+ }
}
for (int i = 14; i < 21; i++)
if (p[i] != 0)
return false;
+ // F8 : a hard disk
+ // F0 : high-density 3.5-inch floppy disk
if (p[21] != 0xF8) // MediaType = Fixed_Disk
return false;
if (Get16(p + 22) != 0) // NumFatSectors
return false;
- G16(p + 24, SectorsPerTrack); // 63 usually
- G16(p + 26, NumHeads); // 255
- G32(p + 28, NumHiddenSectors); // 63 (XP) / 2048 (Vista and win7) / (0 on media that are not partitioned ?)
+ // G16(p + 24, SectorsPerTrack); // 63 usually
+ // G16(p + 26, NumHeads); // 255
+ // G32(p + 28, NumHiddenSectors); // 63 (XP) / 2048 (Vista and win7) / (0 on media that are not partitioned ?)
if (Get32(p + 32) != 0) // NumSectors32
return false;
@@ -156,14 +169,47 @@ bool CHeader::Parse(const Byte *p)
NumClusters = NumSectors >> sectorsPerClusterLog;
- G64(p + 0x30, MftCluster);
+ G64(p + 0x30, MftCluster); // $MFT.
// G64(p + 0x38, Mft2Cluster);
- G64(p + 0x48, SerialNumber);
- UInt32 numClustersInMftRec;
- UInt32 numClustersInIndexBlock;
- G32(p + 0x40, numClustersInMftRec); // -10 means 2 ^10 = 1024 bytes.
- G32(p + 0x44, numClustersInIndexBlock);
- return (numClustersInMftRec < 256 && numClustersInIndexBlock < 256);
+ G64(p + 0x48, SerialNumber); // $MFTMirr
+
+ /*
+ numClusters_per_MftRecord:
+ numClusters_per_IndexBlock:
+ only low byte from 4 bytes is used. Another 3 high bytes are zeros.
+ If the number is positive (number < 0x80),
+ then it represents the number of clusters.
+ If the number is negative (number >= 0x80),
+ then the size of the file record is 2 raised to the absolute value of this number.
+ example: (0xF6 == -10) means 2^10 = 1024 bytes.
+ */
+ {
+ UInt32 numClusters_per_MftRecord;
+ G32(p + 0x40, numClusters_per_MftRecord);
+ if (numClusters_per_MftRecord >= 0x100 || numClusters_per_MftRecord == 0)
+ return false;
+ if (numClusters_per_MftRecord < 0x80)
+ {
+ const int t = GetLog(numClusters_per_MftRecord);
+ if (t < 0)
+ return false;
+ MftRecordSizeLog = (unsigned)t + ClusterSizeLog;
+ }
+ else
+ MftRecordSizeLog = 0x100 - numClusters_per_MftRecord;
+ // what exact MFT record sizes are possible and supported by Windows?
+ // do we need to change this limit here?
+ const unsigned k_MftRecordSizeLog_MAX = 12;
+ if (MftRecordSizeLog > k_MftRecordSizeLog_MAX)
+ return false;
+ if (MftRecordSizeLog < SectorSizeLog)
+ return false;
+ }
+ {
+ UInt32 numClusters_per_IndexBlock;
+ G32(p + 0x44, numClusters_per_IndexBlock);
+ return (numClusters_per_IndexBlock < 0x100);
+ }
}
struct CMftRef
@@ -235,7 +281,7 @@ struct CFileNameAttr
bool Parse(const Byte *p, unsigned size);
};
-static void GetString(const Byte *p, unsigned len, UString2 &res)
+static void GetString(const Byte *p, const unsigned len, UString2 &res)
{
if (len == 0 && res.IsEmpty())
return;
@@ -266,8 +312,8 @@ bool CFileNameAttr::Parse(const Byte *p, unsigned size)
G32(p + 0x38, Attrib);
// G16(p + 0x3C, PackedEaSize);
NameType = p[0x41];
- unsigned len = p[0x40];
- if (0x42 + len > size)
+ const unsigned len = p[0x40];
+ if (0x42 + len * 2 > size)
return false;
if (len != 0)
GetString(p + 0x42, len, Name);
@@ -954,6 +1000,14 @@ struct CDataRef
static const UInt32 kMagic_FILE = 0x454C4946;
static const UInt32 kMagic_BAAD = 0x44414142;
+// 22.02: we support some rare case magic values:
+static const UInt32 kMagic_INDX = 0x58444e49;
+static const UInt32 kMagic_HOLE = 0x454c4f48;
+static const UInt32 kMagic_RSTR = 0x52545352;
+static const UInt32 kMagic_RCRD = 0x44524352;
+static const UInt32 kMagic_CHKD = 0x444b4843;
+static const UInt32 kMagic_FFFFFFFF = 0xFFFFFFFF;
+
struct CMftRec
{
UInt32 Magic;
@@ -1030,6 +1084,26 @@ struct CMftRec
bool Parse(Byte *p, unsigned sectorSizeLog, UInt32 numSectors, UInt32 recNumber, CObjectVector<CAttr> *attrs);
+ bool Is_Magic_Empty() const
+ {
+ // what exact Magic values are possible for empty and unused records?
+ const UInt32 k_Magic_Unused_MAX = 5; // 22.02
+ return (Magic <= k_Magic_Unused_MAX);
+ }
+ bool Is_Magic_FILE() const { return (Magic == kMagic_FILE); }
+ // bool Is_Magic_BAAD() const { return (Magic == kMagic_BAAD); }
+ bool Is_Magic_CanIgnore() const
+ {
+ return Is_Magic_Empty()
+ || Magic == kMagic_BAAD
+ || Magic == kMagic_INDX
+ || Magic == kMagic_HOLE
+ || Magic == kMagic_RSTR
+ || Magic == kMagic_RCRD
+ || Magic == kMagic_CHKD
+ || Magic == kMagic_FFFFFFFF;
+ }
+
bool IsEmpty() const { return (Magic <= 2); }
bool IsFILE() const { return (Magic == kMagic_FILE); }
bool IsBAAD() const { return (Magic == kMagic_BAAD); }
@@ -1141,9 +1215,8 @@ bool CMftRec::Parse(Byte *p, unsigned sectorSizeLog, UInt32 numSectors, UInt32 r
CObjectVector<CAttr> *attrs)
{
G32(p, Magic);
- if (!IsFILE())
- return IsEmpty() || IsBAAD();
-
+ if (!Is_Magic_FILE())
+ return Is_Magic_CanIgnore();
{
UInt32 usaOffset;
@@ -1188,12 +1261,12 @@ bool CMftRec::Parse(Byte *p, unsigned sectorSizeLog, UInt32 numSectors, UInt32 r
G16(p + 0x10, SeqNumber);
// G16(p + 0x12, LinkCount);
// PRF(printf(" L=%d", LinkCount));
- UInt32 attrOffs = Get16(p + 0x14);
+ const UInt32 attrOffs = Get16(p + 0x14);
G16(p + 0x16, Flags);
PRF(printf(" F=%4X", Flags));
- UInt32 bytesInUse = Get32(p + 0x18);
- UInt32 bytesAlloc = Get32(p + 0x1C);
+ const UInt32 bytesInUse = Get32(p + 0x18);
+ const UInt32 bytesAlloc = Get32(p + 0x1C);
G64(p + 0x20, BaseMftRef.Val);
if (BaseMftRef.Val != 0)
{
@@ -1667,68 +1740,57 @@ HRESULT CDatabase::Open()
SeekToCluster(Header.MftCluster);
- CMftRec mftRec;
- UInt32 numSectorsInRec;
-
+ // we use ByteBuf for records reading.
+ // so the size of ByteBuf must be >= mftRecordSize
+ const size_t recSize = (size_t)1 << Header.MftRecordSizeLog;
+ const size_t kBufSize = MyMax((size_t)(1 << 15), recSize);
+ ByteBuf.Alloc(kBufSize);
+ RINOK(ReadStream_FALSE(InStream, ByteBuf, recSize))
+ {
+ const UInt32 allocSize = Get32(ByteBuf + 0x1C);
+ if (allocSize != recSize)
+ return S_FALSE;
+ }
+ // MftRecordSizeLog >= SectorSizeLog
+ const UInt32 numSectorsInRec = 1u << (Header.MftRecordSizeLog - Header.SectorSizeLog);
CMyComPtr<IInStream> mftStream;
+ CMftRec mftRec;
{
- UInt32 blockSize = 1 << 12;
- ByteBuf.Alloc(blockSize);
- RINOK(ReadStream_FALSE(InStream, ByteBuf, blockSize));
-
- {
- UInt32 allocSize = Get32(ByteBuf + 0x1C);
- int t = GetLog(allocSize);
- if (t < (int)Header.SectorSizeLog)
- return S_FALSE;
- RecSizeLog = t;
- if (RecSizeLog > 15)
- return S_FALSE;
- }
-
- numSectorsInRec = 1 << (RecSizeLog - Header.SectorSizeLog);
if (!mftRec.Parse(ByteBuf, Header.SectorSizeLog, numSectorsInRec, 0, NULL))
return S_FALSE;
- if (!mftRec.IsFILE())
+ if (!mftRec.Is_Magic_FILE())
return S_FALSE;
mftRec.ParseDataNames();
if (mftRec.DataRefs.IsEmpty())
return S_FALSE;
- RINOK(mftRec.GetStream(InStream, 0, Header.ClusterSizeLog, Header.NumClusters, &mftStream));
+ RINOK(mftRec.GetStream(InStream, 0, Header.ClusterSizeLog, Header.NumClusters, &mftStream))
if (!mftStream)
return S_FALSE;
}
// CObjectVector<CAttr> SecurityAttrs;
- UInt64 mftSize = mftRec.DataAttrs[0].Size;
+ const UInt64 mftSize = mftRec.DataAttrs[0].Size;
if ((mftSize >> 4) > Header.GetPhySize_Clusters())
return S_FALSE;
- const size_t kBufSize = (1 << 15);
- const size_t recSize = ((size_t)1 << RecSizeLog);
- if (kBufSize < recSize)
- return S_FALSE;
-
{
- const UInt64 numFiles = mftSize >> RecSizeLog;
+ const UInt64 numFiles = mftSize >> Header.MftRecordSizeLog;
if (numFiles > (1 << 30))
return S_FALSE;
if (OpenCallback)
{
RINOK(OpenCallback->SetTotal(&numFiles, &mftSize));
}
-
- ByteBuf.Alloc(kBufSize);
Recs.ClearAndReserve((unsigned)numFiles);
}
-
+
for (UInt64 pos64 = 0;;)
{
if (OpenCallback)
{
const UInt64 numFiles = Recs.Size();
- if ((numFiles & 0x3FF) == 0)
+ if ((numFiles & 0x3FFF) == 0)
{
RINOK(OpenCallback->SetCompleted(&numFiles, &pos64));
}
@@ -1817,12 +1879,18 @@ HRESULT CDatabase::Open()
for (i = 0; i < Recs.Size(); i++)
{
CMftRec &rec = Recs[i];
+ if (!rec.Is_Magic_FILE())
+ continue;
+
if (!rec.BaseMftRef.IsBaseItself())
{
- UInt64 refIndex = rec.BaseMftRef.GetIndex();
- if (refIndex > (UInt32)Recs.Size())
+ const UInt64 refIndex = rec.BaseMftRef.GetIndex();
+ if (refIndex >= Recs.Size())
return S_FALSE;
CMftRec &refRec = Recs[(unsigned)refIndex];
+ if (!refRec.Is_Magic_FILE())
+ continue;
+
bool moveAttrs = (refRec.SeqNumber == rec.BaseMftRef.GetNumber() && refRec.BaseMftRef.IsBaseItself());
if (rec.InUse() && refRec.InUse())
{
@@ -1837,12 +1905,17 @@ HRESULT CDatabase::Open()
}
for (i = 0; i < Recs.Size(); i++)
- Recs[i].ParseDataNames();
+ {
+ CMftRec &rec = Recs[i];
+ if (!rec.Is_Magic_FILE())
+ continue;
+ rec.ParseDataNames();
+ }
for (i = 0; i < Recs.Size(); i++)
{
CMftRec &rec = Recs[i];
- if (!rec.IsFILE() || !rec.BaseMftRef.IsBaseItself())
+ if (!rec.Is_Magic_FILE() || !rec.BaseMftRef.IsBaseItself())
continue;
if (i < kNumSysRecs && !_showSystemFiles)
continue;
@@ -1864,7 +1937,7 @@ HRESULT CDatabase::Open()
FOR_VECTOR (di, rec.DataRefs)
if (rec.DataAttrs[rec.DataRefs[di].Start].Name.IsEmpty())
{
- indexOfUnnamedStream = di;
+ indexOfUnnamedStream = (int)di;
break;
}
}
@@ -1922,14 +1995,14 @@ HRESULT CDatabase::Open()
indexOfUnnamedStream);
if (rec.MyItemIndex < 0)
- rec.MyItemIndex = Items.Size();
- item.ParentHost = Items.Add(item);
+ rec.MyItemIndex = (int)Items.Size();
+ item.ParentHost = (int)Items.Add(item);
/* we can use that code to reduce the number of alt streams:
it will not show how alt streams for hard links. */
// if (!isMainName) continue; isMainName = false;
- unsigned numAltStreams = 0;
+ // unsigned numAltStreams = 0;
FOR_VECTOR (di, rec.DataRefs)
{
@@ -1947,9 +2020,9 @@ HRESULT CDatabase::Open()
continue;
}
- numAltStreams++;
+ // numAltStreams++;
ThereAreAltStreams = true;
- item.DataIndex = di;
+ item.DataIndex = (int)di;
Items.Add(item);
}
}
@@ -1964,10 +2037,10 @@ HRESULT CDatabase::Open()
if (attr.Name == L"$SDS")
{
CMyComPtr<IInStream> sdsStream;
- RINOK(rec.GetStream(InStream, di, Header.ClusterSizeLog, Header.NumClusters, &sdsStream));
+ RINOK(rec.GetStream(InStream, (int)di, Header.ClusterSizeLog, Header.NumClusters, &sdsStream));
if (sdsStream)
{
- UInt64 size64 = attr.GetSize();
+ const UInt64 size64 = attr.GetSize();
if (size64 < (UInt32)1 << 29)
{
size_t size = (size_t)size64;
@@ -1997,7 +2070,7 @@ HRESULT CDatabase::Open()
const CMftRec &rec = Recs[item.RecIndex];
const CFileNameAttr &fn = rec.FileNames[item.NameIndex];
const CMftRef &parentDirRef = fn.ParentDirRef;
- UInt64 refIndex = parentDirRef.GetIndex();
+ const UInt64 refIndex = parentDirRef.GetIndex();
if (refIndex == kRecIndex_RootDir)
item.ParentFolder = -1;
else
@@ -2024,17 +2097,17 @@ HRESULT CDatabase::Open()
unsigned virtIndex = Items.Size();
if (_showSystemFiles)
{
- _systemFolderIndex = virtIndex++;
+ _systemFolderIndex = (int)(virtIndex++);
VirtFolderNames.Add(kVirtualFolder_System);
}
if (thereAreUnknownFolders_Normal)
{
- _lostFolderIndex_Normal = virtIndex++;
+ _lostFolderIndex_Normal = (int)(virtIndex++);
VirtFolderNames.Add(kVirtualFolder_Lost_Normal);
}
if (thereAreUnknownFolders_Deleted)
{
- _lostFolderIndex_Deleted = virtIndex++;
+ _lostFolderIndex_Deleted = (int)(virtIndex++);
VirtFolderNames.Add(kVirtualFolder_Lost_Deleted);
}
--
2.34.1

27
sources/meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch Normal file
View File

@@ -0,0 +1,27 @@
p7zip: Update CVE-2016-9296 patch URL.
From: Robert Luberda <robert@debian.org>
Date: Sat, 19 Nov 2016 08:48:08 +0100
Subject: Fix nullptr dereference (CVE-2016-9296)
Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
This patch file taken from Debian's patch set for p7zip
Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/]
CVE: CVE-2016-9296
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp
===================================================================
--- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp
+++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp
@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
ThrowIncorrect();
}
- HeadersSize += folders.PackPositions[folders.NumPackStreams];
+ if (folders.PackPositions)
+ HeadersSize += folders.PackPositions[folders.NumPackStreams];
return S_OK;
}

40
sources/meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2017-17969.patch Normal file
View File

@@ -0,0 +1,40 @@
From 7f2da4f810b429ddb7afa0e252e3d02ced0eba87 Mon Sep 17 00:00:00 2001
From: Radovan Scasny <radovan.scasny@siemens.com>
Date: Tue, 20 Feb 2018 12:08:13 +0100
Subject: [PATCH] p7zip: Fix CVE-2017-17969
[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888297
Heap-based buffer overflow in 7zip
Compress/ShrinkDecoder.cpp: Heap-based buffer overflow
in the NCompress::NShrink::CDecoder::CodeReal method
in 7-Zip before 18.00 and p7zip allows remote attackers
to cause a denial of service (out-of-bounds write)
or potentially execute arbitrary code via a crafted ZIP archive.
Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/8316/attachment/CVE-2017-17969.patch]
CVE: CVE-2017-17969
Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
---
CPP/7zip/Compress/ShrinkDecoder.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
index 80b7e67..5bb0559 100644
--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
{
_stack[i++] = _suffixes[cur];
cur = _parents[cur];
+ if (cur >= kNumItems || i >= kNumItems)
+ break;
}
+
+ if (cur >= kNumItems || i >= kNumItems)
+ break;
_stack[i++] = (Byte)cur;
lastChar2 = (Byte)cur;

227
sources/meta-openembedded/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch Normal file
View File

@@ -0,0 +1,227 @@
From: Robert Luberda <robert@debian.org>
Date: Sun, 28 Jan 2018 23:47:40 +0100
Subject: CVE-2018-5996
Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by
applying a few changes from 7Zip 18.00-beta.
Bug-Debian: https://bugs.debian.org/#888314
Upstream-Status: Backport [https://sources.debian.org/data/non-free/p/p7zip-rar/16.02-3/debian/patches/06-CVE-2018-5996.patch]
CVE: CVE-2018-5996
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
---
CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++----
CPP/7zip/Compress/Rar1Decoder.h | 1 +
CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++-
CPP/7zip/Compress/Rar2Decoder.h | 1 +
CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++---
CPP/7zip/Compress/Rar3Decoder.h | 2 ++
6 files changed, 42 insertions(+), 8 deletions(-)
diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp
index 1aaedcc..68030c7 100644
--- a/CPP/7zip/Compress/Rar1Decoder.cpp
+++ b/CPP/7zip/Compress/Rar1Decoder.cpp
@@ -29,7 +29,7 @@ public:
};
*/
-CDecoder::CDecoder(): m_IsSolid(false) { }
+CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
void CDecoder::InitStructures()
{
@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
InitData();
if (!m_IsSolid)
{
+ _errorMode = false;
InitStructures();
InitHuff();
}
+
+ if (_errorMode)
+ return S_FALSE;
+
if (m_UnpackSize > 0)
{
GetFlagsBuf();
@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress)
{
try { return CodeReal(inStream, outStream, inSize, outSize, progress); }
- catch(const CInBufferException &e) { return e.ErrorCode; }
- catch(const CLzOutWindowException &e) { return e.ErrorCode; }
- catch(...) { return S_FALSE; }
+ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; }
+ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; }
+ catch(...) { _errorMode = true; return S_FALSE; }
}
STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h
index 630f089..01b606b 100644
--- a/CPP/7zip/Compress/Rar1Decoder.h
+++ b/CPP/7zip/Compress/Rar1Decoder.h
@@ -39,6 +39,7 @@ public:
Int64 m_UnpackSize;
bool m_IsSolid;
+ bool _errorMode;
UInt32 ReadBits(int numBits);
HRESULT CopyBlock(UInt32 distance, UInt32 len);
diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp
index b3f2b4b..0580c8d 100644
--- a/CPP/7zip/Compress/Rar2Decoder.cpp
+++ b/CPP/7zip/Compress/Rar2Decoder.cpp
@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20;
static const UInt32 kWindowReservSize = (1 << 22) + 256;
CDecoder::CDecoder():
- m_IsSolid(false)
+ m_IsSolid(false),
+ m_TablesOK(false)
{
}
@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB
bool CDecoder::ReadTables(void)
{
+ m_TablesOK = false;
+
Byte levelLevels[kLevelTableSize];
Byte newLevels[kMaxTableSize];
m_AudioMode = (ReadBits(1) == 1);
@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void)
}
memcpy(m_LastLevels, newLevels, kMaxTableSize);
+ m_TablesOK = true;
+
return true;
}
@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
return S_FALSE;
}
+ if (!m_TablesOK)
+ return S_FALSE;
+
UInt64 startPos = m_OutWindowStream.GetProcessedSize();
while (pos < unPackSize)
{
diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h
index 3a0535c..0e9005f 100644
--- a/CPP/7zip/Compress/Rar2Decoder.h
+++ b/CPP/7zip/Compress/Rar2Decoder.h
@@ -139,6 +139,7 @@ class CDecoder :
UInt64 m_PackSize;
bool m_IsSolid;
+ bool m_TablesOK;
void InitStructures();
UInt32 ReadBits(unsigned numBits);
diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp
index 3bf2513..6cb8a6a 100644
--- a/CPP/7zip/Compress/Rar3Decoder.cpp
+++ b/CPP/7zip/Compress/Rar3Decoder.cpp
@@ -92,7 +92,8 @@ CDecoder::CDecoder():
_writtenFileSize(0),
_vmData(0),
_vmCode(0),
- m_IsSolid(false)
+ m_IsSolid(false),
+ _errorMode(false)
{
Ppmd7_Construct(&_ppmd);
}
@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
return InitPPM();
}
+ TablesRead = false;
+ TablesOK = false;
+
_lzMode = true;
PrevAlignBits = 0;
PrevAlignCount = 0;
@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
}
}
}
+ if (InputEofError())
+ return S_FALSE;
+
TablesRead = true;
// original code has check here:
@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing)
RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize]));
memcpy(m_LastLevels, newLevels, kTablesSizesSum);
+
+ TablesOK = true;
+
return S_OK;
}
@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
PpmEscChar = 2;
PpmError = true;
InitFilters();
+ _errorMode = false;
}
+
+ if (_errorMode)
+ return S_FALSE;
+
if (!m_IsSolid || !TablesRead)
{
bool keepDecompressing;
@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress)
bool keepDecompressing;
if (_lzMode)
{
+ if (!TablesOK)
+ return S_FALSE;
RINOK(DecodeLZ(keepDecompressing))
}
else
@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream
_unpackSize = outSize ? *outSize : (UInt64)(Int64)-1;
return CodeReal(progress);
}
- catch(const CInBufferException &e) { return e.ErrorCode; }
- catch(...) { return S_FALSE; }
+ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; }
+ catch(...) { _errorMode = true; return S_FALSE; }
// CNewException is possible here. But probably CNewException is caused
// by error in data stream.
}
diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h
index c130cec..2f72d7d 100644
--- a/CPP/7zip/Compress/Rar3Decoder.h
+++ b/CPP/7zip/Compress/Rar3Decoder.h
@@ -192,6 +192,7 @@ class CDecoder:
UInt32 _lastFilter;
bool m_IsSolid;
+ bool _errorMode;
bool _lzMode;
bool _unsupportedFilter;
@@ -200,6 +201,7 @@ class CDecoder:
UInt32 PrevAlignCount;
bool TablesRead;
+ bool TablesOK;
CPpmd7 _ppmd;
int PpmEscChar;

34
sources/meta-openembedded/meta-oe/recipes-extended/p7zip/files/change_numMethods_from_bool_to_unsigned.patch Normal file
View File

@@ -0,0 +1,34 @@
From 0820ef4b9238c1e39ae5bda32cc08cce3fd3ce89 Mon Sep 17 00:00:00 2001
From: Nisha Parrakat <Nisha.Parrakat@kpit.com>
Date: Wed, 26 May 2021 19:59:28 +0000
Subject: [PATCH] fixes the below error
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp: In member function 'virtual LONG NArchive::NWim::CHandler::GetArchiveProperty(PROPID, PROPVARIANT*)':
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:308:11: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17
| 308 | numMethods++;
| | ^~~~~~~~~~
| ../../../../CPP/7zip/Archive/Wim/WimHandler.cpp:318:9: error: use of an operand of type 'bool' in 'operator++' is forbidden in C++17
| 318 | numMethods++;
use unsigned instead of bool
Signed-off-by: Nisha Parrakat <Nisha.Parrakat@kpit.com>
Upstream-Status: Pending
---
CPP/7zip/Archive/Wim/WimHandler.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CPP/7zip/Archive/Wim/WimHandler.cpp b/CPP/7zip/Archive/Wim/WimHandler.cpp
index 27d3298..4ff5cfe 100644
--- a/CPP/7zip/Archive/Wim/WimHandler.cpp
+++ b/CPP/7zip/Archive/Wim/WimHandler.cpp
@@ -298,7 +298,7 @@ STDMETHODIMP CHandler::GetArchiveProperty(PROPID propID, PROPVARIANT *value)
AString res;
- bool numMethods = 0;
+ unsigned numMethods = 0;
for (unsigned i = 0; i < ARRAY_SIZE(k_Methods); i++)
{
if (methodMask & ((UInt32)1 << i))

38
sources/meta-openembedded/meta-oe/recipes-extended/p7zip/files/do_not_override_compiler_and_do_not_strip.patch Normal file
View File

@@ -0,0 +1,38 @@
From b2aa209dfc5e59d6329b55b9764782334b63dbe8 Mon Sep 17 00:00:00 2001
From: Raphael Freudiger <raphael.freudiger@siemens.com>
Date: Wed, 11 Feb 2015 09:11:47 +0100
Subject: [PATCH] do not override compiler and do not strip
The default makefile sets the compiler to g++ or gcc. This leads to a wrong architecture when cross-compiling.
Remove the hardcoded compiler and just append the flags to CXX and CC.
Upstream-Status: Pending
Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com>
Reviewed-By: Pascal Bach <pascal.bach@siemens.com>
---
makefile.machine | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/makefile.machine b/makefile.machine
index 9e34c34..e9244d9 100644
--- a/makefile.machine
+++ b/makefile.machine
@@ -2,7 +2,7 @@
# makefile for Linux (x86, PPC, alpha ...)
#
-OPTFLAGS=-O -s
+OPTFLAGS=-O
ALLFLAGS=${OPTFLAGS} -pipe \
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE \
@@ -10,8 +10,6 @@ ALLFLAGS=${OPTFLAGS} -pipe \
-D_7ZIP_LARGE_PAGES \
$(LOCAL_FLAGS)
-CXX=g++
-CC=gcc
CC_SHARED=-fPIC
LINK_SHARED=-fPIC -shared