MFH: r418576

Add patches for CVE-2016-2334 and CVE-2016-2335.

While here, use PORTREVISION?= instead of PORTREVISION= to avoid needlessly
bumping PORTREVISION in archivers/p7zip-codec-rar.

PR:		211114
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
Security:	a9bcaf57-4a7b-11e6-97f7-5453ed2e2b49
Security:	d706a3a3-4a7c-11e6-97f7-5453ed2e2b49

Approved by:	ports-secteam (with hat)

3 files changed, 44 insertions, 0 deletions

diff --git a/archivers/p7zip/Makefile b/archivers/p7zip/Makefile
index 809bf8bd..5ee63e0 100644
--- a/archivers/p7zip/Makefile
+++ b/archivers/p7zip/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	p7zip
 PORTVERSION=	15.14
+PORTREVISION?=	1
 CATEGORIES=	archivers
 MASTER_SITES=	SF
 DISTNAME=	${PORTNAME}_${DISTVERSION}_src_all
diff --git a/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp b/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp
new file mode 100644
index 0000000..2ff5cd7
--- /dev/null
+++ b/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp
@@ -0,0 +1,25 @@
+Patch for CVE-2016-2334.
+
+Obtained from: https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
+--- CPP/7zip/Archive/HfsHandler.cpp.orig	Fri Jun 19 06:52:08 2015
++++ CPP/7zip/Archive/HfsHandler.cpp	Mon May 23 20:37:42 2016
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, cons
+       item.GroupID = Get32(r + 0x24);
+       item.AdminFlags = r[0x28];
+       item.OwnerFlags = r[0x29];
++      */
+       item.FileMode = Get16(r + 0x2A);
++      /*
+       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+       item.FileType = Get32(r + 0x30);
+       item.FileCreator = Get32(r + 0x34);
+@@ -1571,6 +1573,9 @@ HRESULT CHandler::ExtractZlibFile(
+       blockSize = (UInt32)rem;
+ 
+     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
++
++    if (size > buf.Size() || size > kCompressionBlockSize + 1)
++        return S_FALSE;
+ 
+     RINOK(ReadStream_FALSE(inStream, buf, size));
+ 
diff --git a/archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp b/archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp
new file mode 100644
index 0000000..54c5006
--- /dev/null
+++ b/archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp
@@ -0,0 +1,18 @@
+Patch for CVE-2016-2335.
+
+Obtained from: https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
+--- CPP/7zip/Archive/Udf/UdfIn.cpp.orig	Fri Nov 20 15:40:08 2015
++++ CPP/7zip/Archive/Udf/UdfIn.cpp	Mon May 23 20:37:46 2016
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int volIndex, int fsI
+     return S_FALSE;
+   CFile &file = Files.Back();
+   const CLogVol &vol = LogVols[volIndex];
+-  CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++  unsigned partitionRef = lad.Location.PartitionRef;
++
++  if (partitionRef >= vol.PartitionMaps.Size())
++  	return S_FALSE;
++  CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+ 
+   UInt32 key = lad.Location.Pos;
+   UInt32 value;