public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #90140 from magnetophon/p7zip 

p7zip: switch to maintained fork
This commit is contained in:
Michael Raskin 2020-06-11 17:00:59 +00:00 committed by GitHub
parent efd8f66119 334b347cd0
commit 61e57e8fd7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 29 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/applications/kde/ark/default.nix
View File

@ -9,14 +9,14 @@
libarchive, libzip,
# Archive tools
lrzip,
p7zip, lrzip,
# Unfree tools
unfreeEnableUnrar ? false, unrar,
}:
let
extraTools = [ lrzip ] ++ lib.optional unfreeEnableUnrar unrar;
extraTools = [ p7zip lrzip ] ++ lib.optional unfreeEnableUnrar unrar;
in
mkDerivation {

3
pkgs/development/python-modules/binwalk/default.nix
View File

@ -7,6 +7,7 @@
, gzip
, bzip2
, gnutar
, p7zip
, cabextract
, lzma
, nose
@ -28,7 +29,7 @@ buildPythonPackage {
sha256 = "1bxgj569fzwv6jhcbl864nmlsi9x1k1r20aywjxc8b9b1zgqrlvc";
};
propagatedBuildInputs = [ zlib xz ncompress gzip bzip2 gnutar cabextract lzma pycrypto ]
propagatedBuildInputs = [ zlib xz ncompress gzip bzip2 gnutar p7zip cabextract lzma pycrypto ]
++ stdenv.lib.optional visualizationSupport pyqtgraph;
# setup.py only installs version.py during install, not test

23
pkgs/tools/archivers/p7zip/12-CVE-2016-9296.patch
View File

@ -1,23 +0,0 @@
From: Robert Luberda <robert@debian.org>
Date: Sat, 19 Nov 2016 08:48:08 +0100
Subject: Fix nullptr dereference (CVE-2016-9296)
Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
---
CPP/7zip/Archive/7z/7zIn.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp
index b0c6b98..7c6dde2 100644
--- a/CPP/7zip/Archive/7z/7zIn.cpp
+++ b/CPP/7zip/Archive/7z/7zIn.cpp
@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams(
if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
ThrowIncorrect();
}
- HeadersSize += folders.PackPositions[folders.NumPackStreams];
+ if (folders.PackPositions)
+ HeadersSize += folders.PackPositions[folders.NumPackStreams];
return S_OK;
}

35
pkgs/tools/archivers/p7zip/13-CVE-2017-17969.patch
View File

@ -1,35 +0,0 @@
From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org>
Date: Fri, 2 Feb 2018 11:11:41 +0100
Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
Bug: https://sourceforge.net/p/p7zip/bugs/204/
Bug-Debian: https://bugs.debian.org/888297
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2018-02-01
Applied-Upstream: 18.00-beta
---
CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
index 80b7e67..ca37764 100644
--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
{
_stack[i++] = _suffixes[cur];
cur = _parents[cur];
+ if (cur >= kNumItems || i >= kNumItems)
+ break;
}
-
+
+ if (cur >= kNumItems || i >= kNumItems)
+ break;
+
_stack[i++] = (Byte)cur;
lastChar2 = (Byte)cur;

47
pkgs/tools/archivers/p7zip/default.nix
View File

@ -1,28 +1,17 @@
{ stdenv, fetchurl, fetchpatch, lib, enableUnfree ? false }:
{ stdenv, fetchFromGitHub, lib, enableUnfree ? false }:
stdenv.mkDerivation rec {
pname = "p7zip";
version = "16.02";
version = "17.01";
src = fetchurl {
url = "mirror://sourceforge/p7zip/p7zip_${version}_src_all.tar.bz2";
sha256 = "5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f";
};
patches = [
./12-CVE-2016-9296.patch
./13-CVE-2017-17969.patch
(fetchpatch {
name = "3-CVE-2018-5996.patch";
url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/3-CVE-2018-5996.patch";
sha256 = "1zivvkazmza0653i498ccp3zbpbpc7dvxl3zxwllbx41b6n589yp";
})
(fetchpatch {
name = "4-CVE-2018-10115.patch";
url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/4-CVE-2018-10115.patch";
sha256 = "1cr7q8gnrk9yp6dcvxaqi1yhdbgp964nkv65ls41mw1kdfm44zn6";
})
];
src = fetchFromGitHub {
owner = "szcnick";
repo = pname;
rev = "v${version}";
sha256 = "0gczdmypwbfnxzb11rjrrndjkkb3jzxfby2cchn5j8ysny13mfps";
}
;
# Default makefile is full of impurities on Darwin. The patch doesn't hurt Linux so I'm leaving it unconditional
postPatch = ''
@ -39,14 +28,15 @@ stdenv.mkDerivation rec {
# (see DOC/License.txt, https://fedoraproject.org/wiki/Licensing:Unrar)
rm -r CPP/7zip/Compress/Rar*
find . -name makefile'*' -exec sed -i '/Rar/d' {} +
chmod +x install.sh
'';
preConfigure = ''
makeFlagsArray=(DEST_HOME=$out)
buildFlags=all3
'' + stdenv.lib.optionalString stdenv.isDarwin ''
cp makefile.macosx_llvm_64bits makefile.machine
'';
buildFlags=all3
'' + stdenv.lib.optionalString stdenv.isDarwin ''
cp makefile.macosx_llvm_64bits makefile.machine
'';
enableParallelBuilding = true;
@ -55,15 +45,10 @@ stdenv.mkDerivation rec {
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang "-Wno-error=c++11-narrowing";
meta = {
homepage = "http://p7zip.sourceforge.net/";
description = "A port of the 7-zip archiver";
homepage = "https://github.com/szcnick/p7zip";
description = "A new p7zip fork with additional codecs and improvements (forked from https://sourceforge.net/projects/p7zip/)";
platforms = stdenv.lib.platforms.unix;
maintainers = [ stdenv.lib.maintainers.raskin ];
knownVulnerabilities = [
# p7zip is abandoned, according to this thread on its forums:
# https://sourceforge.net/p/p7zip/discussion/383043/thread/fa143cf2/#1817
"p7zip is abandoned and may not receive important security fixes"
];
# RAR code is under non-free UnRAR license, but we remove it
license = if enableUnfree then lib.licenses.unfree else lib.licenses.lgpl2Plus;
};

17
pkgs/tools/compression/dtrx/default.nix
View File

@ -1,18 +1,15 @@
{stdenv, lib, fetchurl, pythonPackages
, gnutar, unzip, lhasa, rpm, binutils, cpio, gzip, cabextract, unrar, unshield
, gnutar, unzip, lhasa, rpm, binutils, cpio, gzip, p7zip, cabextract, unrar, unshield
, bzip2, xz, lzip
# unsafe:
# ,p7zip
# unzip is no longer handled by p7zip, since it's unsafe
, unzipSupport ? true
# unzip is handled by p7zip
, unzipSupport ? false
, unrarSupport ? false }:
let
# p7zip
archivers = lib.makeBinPath ([ gnutar lhasa rpm binutils cpio gzip cabextract unshield ]
++ lib.optional (unzipSupport) unzip
++ lib.optional (unrarSupport) unrar
++ [ bzip2 xz lzip ]);
archivers = lib.makeBinPath ([ gnutar lhasa rpm binutils cpio gzip p7zip cabextract unshield ]
++ lib.optional (unzipSupport) unzip
++ lib.optional (unrarSupport) unrar
++ [ bzip2 xz lzip ]);
in pythonPackages.buildPythonApplication rec {
pname = "dtrx";

4
pkgs/tools/misc/woeusb/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, autoreconfHook, makeWrapper
, coreutils, dosfstools, findutils, gawk, gnugrep, grub2_light, ncurses, ntfs3g, parted, utillinux, wget
, coreutils, dosfstools, findutils, gawk, gnugrep, grub2_light, ncurses, ntfs3g, parted, p7zip, utillinux, wget
, wxGTK30 }:
stdenv.mkDerivation rec {
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
# should be patched with a less useless default PATH, but for now
# we add everything we need manually.
wrapProgram "$out/bin/woeusb" \
--set PATH '${stdenv.lib.makeBinPath [ coreutils dosfstools findutils gawk gnugrep grub2_light ncurses ntfs3g parted utillinux wget ]}'
--set PATH '${stdenv.lib.makeBinPath [ coreutils dosfstools findutils gawk gnugrep grub2_light ncurses ntfs3g parted utillinux wget p7zip ]}'
'';
doInstallCheck = true;