Date: Wed, 25 May 2022 08:00:53 GMT From: Max Brazhnikov <makc@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: c62a4ee6a824 - main - archivers/p7zip: remove deprecated port Message-ID: <202205250800.24P80r3x036377@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by makc: URL: https://cgit.FreeBSD.org/ports/commit/?id=c62a4ee6a8248fe611e752a2f467707c9ffac5b6 commit c62a4ee6a8248fe611e752a2f467707c9ffac5b6 Author: Max Brazhnikov <makc@FreeBSD.org> AuthorDate: 2022-05-25 08:00:14 +0000 Commit: Max Brazhnikov <makc@FreeBSD.org> CommitDate: 2022-05-25 08:00:14 +0000 archivers/p7zip: remove deprecated port The port is unmaintained for years and has known vulnerabilities. Use archivers/7-zip instead. PR: 260866 --- MOVED | 1 + archivers/Makefile | 1 - archivers/p7zip/Makefile | 72 ------- archivers/p7zip/distinfo | 3 - archivers/p7zip/files/7z | 6 - .../p7zip/files/patch-CPP_7zip_Archive_7z_7zIn.cpp | 16 -- .../p7zip/files/patch-CPP_Windows_ErrorMsg.cpp | 33 ---- archivers/p7zip/files/patch-CPP_Windows_System.cpp | 11 -- archivers/p7zip/files/patch-CVE-2017-17969 | 35 ---- archivers/p7zip/files/patch-CVE-2018-5996 | 211 --------------------- archivers/p7zip/pkg-descr | 18 -- archivers/p7zip/pkg-plist | 11 -- 12 files changed, 1 insertion(+), 417 deletions(-) diff --git a/MOVED b/MOVED index 72dd52ecaac7..c999acfc2be1 100644 --- a/MOVED +++ b/MOVED @@ -17177,3 +17177,4 @@ java/openjdk13||2022-05-24|Has expired: EOLed since 31 march 2020 java/openjdk14||2022-05-24|Has expired: EOLed since 30 september 2020 java/openjdk15||2022-05-24|Has expired: EOLed since 31 march 2021 java/openjdk16||2022-05-24|Has expired: EOLed since 30 September 2021 +archivers/p7zip|archivers/7-zip|2022-05-25|Unmaintained for years and has known vulnerabilities. Use 7-Zip instead diff --git a/archivers/Makefile b/archivers/Makefile index bd9e0a332cee..6d4551be7eb7 100644 --- a/archivers/Makefile +++ b/archivers/Makefile @@ -134,7 +134,6 @@ SUBDIR += p5-POE-Filter-Zlib SUBDIR += p5-PerlIO-gzip SUBDIR += p5-PerlIO-via-Bzip2 - SUBDIR += p7zip SUBDIR += packddir SUBDIR += paq SUBDIR += par diff --git a/archivers/p7zip/Makefile b/archivers/p7zip/Makefile deleted file mode 100644 index c034a9b78529..000000000000 --- a/archivers/p7zip/Makefile +++ /dev/null @@ -1,72 +0,0 @@ -# Created by: Juergen Lock <nox@jelal.kn-bremen.de> - -PORTNAME= p7zip -PORTVERSION= 16.02 -PORTREVISION?= 3 -CATEGORIES= archivers -MASTER_SITES= SF -DISTNAME= ${PORTNAME}_${DISTVERSION}_src_all - -MAINTAINER= ports@FreeBSD.org -COMMENT?= File archiver with high compression ratio - -LICENSE?= LGPL21 - -DEPRECATED= Unmaintained for years and has known vulnerabilities -EXPIRATION_DATE=2022-01-01 - -ALL_TARGET?= all3 -USES= cpe tar:bzip2 -CPE_VENDOR= 7-zip -MAKEFILE= makefile -MAKE_ARGS= OPTFLAGS="${CXXFLAGS}" -WRKSRC= ${WRKDIR}/${PORTNAME}_${PORTVERSION} - -CFLAGS_arm= -fPIC -CFLAGS_armv6= -fPIC -CFLAGS_armv7= -fPIC -CFLAGS_aarch64= -fPIC -CFLAGS_amd64= -fPIC -CFLAGS_i386= -fPIC -CFLAGS_powerpc= -fPIC -CFLAGS_powerpc64= -fPIC -CFLAGS_powerpc64le= -fPIC -CFLAGS_powerpcspe= -fPIC -CFLAGS_sparc64= -fPIC - -OPTIONS_DEFINE= DOCS - -PORTDOCS= * - -post-patch: - ${SED} -e 's!g\+\+!${CXX}!' \ - -e 's!gcc!${CC}!' \ - -e 's/ -s //' \ - -e 's/-D_LARGEFILE_SOURCE//' \ - -e 's/-D_FILE_OFFSET_BITS=64//' \ - ${WRKSRC}/makefile.freebsd6+ > ${WRKSRC}/makefile.machine - ${REINPLACE_CMD} -e 's|{DEST_SHARE_DOC}|${DOCSDIR}|' \ - ${WRKSRC}/man1/* - ${MV} ${WRKSRC}/README ${WRKSRC}/DOC/readme.unix - -.if ! defined(PKGNAMESUFFIX) -do-install: - ${MKDIR} ${STAGEDIR}${PREFIX}/libexec/p7zip -.for BINARY in 7z 7za 7zr 7zCon.sfx - ${INSTALL_PROGRAM} ${WRKSRC}/bin/${BINARY} ${STAGEDIR}${PREFIX}/libexec/p7zip -.endfor - ${INSTALL_LIB} ${WRKSRC}/bin/7z.so ${STAGEDIR}${PREFIX}/libexec/p7zip - - ${INSTALL_SCRIPT} ${FILESDIR}/7z ${STAGEDIR}${PREFIX}/bin - ${LN} -sf 7z ${STAGEDIR}${PREFIX}/bin/7za - ${LN} -sf 7z ${STAGEDIR}${PREFIX}/bin/7zr - - (cd ${WRKSRC}/man1 && \ - ${INSTALL_MAN} 7z*.1 ${STAGEDIR}${PREFIX}/share/man/man1) - -do-install-DOCS-on: - (cd ${WRKSRC}/DOC && \ - ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR}) -.endif - -.include <bsd.port.mk> diff --git a/archivers/p7zip/distinfo b/archivers/p7zip/distinfo deleted file mode 100644 index f2018ba2ccb6..000000000000 --- a/archivers/p7zip/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1480508712 -SHA256 (p7zip_16.02_src_all.tar.bz2) = 5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f -SIZE (p7zip_16.02_src_all.tar.bz2) = 4239909 diff --git a/archivers/p7zip/files/7z b/archivers/p7zip/files/7z deleted file mode 100644 index 579e4f619122..000000000000 --- a/archivers/p7zip/files/7z +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -PROGNAME=${0##*/} -BINPATH=$(dirname $(realpath $0))/../libexec/p7zip - -exec "$BINPATH/$PROGNAME" "$@" diff --git a/archivers/p7zip/files/patch-CPP_7zip_Archive_7z_7zIn.cpp b/archivers/p7zip/files/patch-CPP_7zip_Archive_7z_7zIn.cpp deleted file mode 100644 index 2cf010fa147a..000000000000 --- a/archivers/p7zip/files/patch-CPP_7zip_Archive_7z_7zIn.cpp +++ /dev/null @@ -1,16 +0,0 @@ -Fix for CVE-2016-9296. - -Obtained from: https://sourceforge.net/p/p7zip/bugs/185/ -Security: 48e83187-b6e9-11e6-b6cf-5453ed2e2b49 ---- CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-30 09:35:06 UTC -+++ CPP/7zip/Archive/7z/7zIn.cpp -@@ -1091,7 +1091,8 @@ HRESULT CInArchive::ReadAndDecodePackedS - if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) - ThrowIncorrect(); - } -- HeadersSize += folders.PackPositions[folders.NumPackStreams]; -+ if (folders.PackPositions) -+ HeadersSize += folders.PackPositions[folders.NumPackStreams]; - return S_OK; - } - diff --git a/archivers/p7zip/files/patch-CPP_Windows_ErrorMsg.cpp b/archivers/p7zip/files/patch-CPP_Windows_ErrorMsg.cpp deleted file mode 100644 index 71de3e9f59c8..000000000000 --- a/archivers/p7zip/files/patch-CPP_Windows_ErrorMsg.cpp +++ /dev/null @@ -1,33 +0,0 @@ -This fixes the build with Clang 6.0: - - ../../../../CPP/Windows/ErrorMsg.cpp:24:10: error: case value evaluates to -2147024809, which cannot be narrowed to type 'DWORD' (aka 'unsigned int') [-Wc++11-narrowing] - case E_INVALIDARG : txt = "E_INVALIDARG"; break ; - ^ - ../../../../CPP/Common/MyWindows.h:89:22: note: expanded from macro 'E_INVALIDARG' - #define E_INVALIDARG ((HRESULT)0x80070057L) - ^ - -The HRESULT cast in the macro causes the value to be read as signed int. ---- CPP/Windows/ErrorMsg.cpp.orig 2015-01-18 18:20:28 UTC -+++ CPP/Windows/ErrorMsg.cpp -@@ -15,13 +15,13 @@ UString MyFormatMessage(DWORD errorCode) - - switch(errorCode) { - case ERROR_NO_MORE_FILES : txt = "No more files"; break ; -- case E_NOTIMPL : txt = "E_NOTIMPL"; break ; -- case E_NOINTERFACE : txt = "E_NOINTERFACE"; break ; -- case E_ABORT : txt = "E_ABORT"; break ; -- case E_FAIL : txt = "E_FAIL"; break ; -- case STG_E_INVALIDFUNCTION : txt = "STG_E_INVALIDFUNCTION"; break ; -- case E_OUTOFMEMORY : txt = "E_OUTOFMEMORY"; break ; -- case E_INVALIDARG : txt = "E_INVALIDARG"; break ; -+ case (DWORD)(E_NOTIMPL) : txt = "E_NOTIMPL"; break ; -+ case (DWORD)(E_NOINTERFACE) : txt = "E_NOINTERFACE"; break ; -+ case (DWORD)(E_ABORT) : txt = "E_ABORT"; break ; -+ case (DWORD)(E_FAIL) : txt = "E_FAIL"; break ; -+ case (DWORD)(STG_E_INVALIDFUNCTION) : txt = "STG_E_INVALIDFUNCTION"; break ; -+ case (DWORD)(E_OUTOFMEMORY) : txt = "E_OUTOFMEMORY"; break ; -+ case (DWORD)(E_INVALIDARG) : txt = "E_INVALIDARG"; break ; - case ERROR_DIRECTORY : txt = "Error Directory"; break ; - default: - txt = strerror(errorCode); diff --git a/archivers/p7zip/files/patch-CPP_Windows_System.cpp b/archivers/p7zip/files/patch-CPP_Windows_System.cpp deleted file mode 100644 index 4214f0888b95..000000000000 --- a/archivers/p7zip/files/patch-CPP_Windows_System.cpp +++ /dev/null @@ -1,11 +0,0 @@ ---- CPP/Windows/System.cpp.orig 2015-11-20 21:33:04 UTC -+++ CPP/Windows/System.cpp -@@ -44,7 +44,7 @@ namespace NWindows - #elif defined (__FreeBSD__) || defined (__FreeBSD_kernel__) - UInt32 GetNumberOfProcessors() { - int nbcpu = 1; -- size_t value; -+ int value; - size_t len = sizeof(value); - if (sysctlbyname("hw.ncpu", &value, &len, NULL, 0) == 0) - nbcpu = value; diff --git a/archivers/p7zip/files/patch-CVE-2017-17969 b/archivers/p7zip/files/patch-CVE-2017-17969 deleted file mode 100644 index 1d0e36ffb42f..000000000000 --- a/archivers/p7zip/files/patch-CVE-2017-17969 +++ /dev/null @@ -1,35 +0,0 @@ -Obtained-from: https://anonscm.debian.org/cgit/users/robert/p7zip.git/tree/debian/patches/13-CVE-2017-17969.patch ---- -From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org> -Date: Fri, 2 Feb 2018 11:11:41 +0100 -Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp - -Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch -Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7 -Bug: https://sourceforge.net/p/p7zip/bugs/204/ -Bug-Debian: https://bugs.debian.org/888297 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969 -Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> -Last-Update: 2018-02-01 -Applied-Upstream: 18.00-beta ---- - CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - ---- CPP/7zip/Compress/ShrinkDecoder.cpp -+++ CPP/7zip/Compress/ShrinkDecoder.cpp -@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * - { - _stack[i++] = _suffixes[cur]; - cur = _parents[cur]; -+ if (cur >= kNumItems || i >= kNumItems) -+ break; - } -- -+ -+ if (cur >= kNumItems || i >= kNumItems) -+ break; -+ - _stack[i++] = (Byte)cur; - lastChar2 = (Byte)cur; - diff --git a/archivers/p7zip/files/patch-CVE-2018-5996 b/archivers/p7zip/files/patch-CVE-2018-5996 deleted file mode 100644 index c8aaba009a67..000000000000 --- a/archivers/p7zip/files/patch-CVE-2018-5996 +++ /dev/null @@ -1,211 +0,0 @@ -Obtained from: https://anonscm.debian.org/cgit/users/robert/p7zip-rar.git/tree/debian/patches/06-CVE-2018-5996.patch ---- -From: Robert Luberda <robert@debian.org> -Date: Sun, 28 Jan 2018 23:47:40 +0100 -Subject: CVE-2018-5996 - -Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by -applying a few changes from 7Zip 18.00-beta. - -Bug-Debian: https://bugs.debian.org/#888314 ---- - CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++---- - CPP/7zip/Compress/Rar1Decoder.h | 1 + - CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++- - CPP/7zip/Compress/Rar2Decoder.h | 1 + - CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++--- - CPP/7zip/Compress/Rar3Decoder.h | 2 ++ - 6 files changed, 42 insertions(+), 8 deletions(-) - ---- CPP/7zip/Compress/Rar1Decoder.cpp -+++ CPP/7zip/Compress/Rar1Decoder.cpp -@@ -29,7 +29,7 @@ public: - }; - */ - --CDecoder::CDecoder(): m_IsSolid(false) { } -+CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } - - void CDecoder::InitStructures() - { -@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * - InitData(); - if (!m_IsSolid) - { -+ _errorMode = false; - InitStructures(); - InitHuff(); - } -+ -+ if (_errorMode) -+ return S_FALSE; -+ - if (m_UnpackSize > 0) - { - GetFlagsBuf(); -@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream - const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) - { - try { return CodeReal(inStream, outStream, inSize, outSize, progress); } -- catch(const CInBufferException &e) { return e.ErrorCode; } -- catch(const CLzOutWindowException &e) { return e.ErrorCode; } -- catch(...) { return S_FALSE; } -+ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } -+ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } -+ catch(...) { _errorMode = true; return S_FALSE; } - } - - STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) ---- CPP/7zip/Compress/Rar1Decoder.h -+++ CPP/7zip/Compress/Rar1Decoder.h -@@ -39,6 +39,7 @@ public: - - Int64 m_UnpackSize; - bool m_IsSolid; -+ bool _errorMode; - - UInt32 ReadBits(int numBits); - HRESULT CopyBlock(UInt32 distance, UInt32 len); ---- CPP/7zip/Compress/Rar2Decoder.cpp -+++ CPP/7zip/Compress/Rar2Decoder.cpp -@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20; - static const UInt32 kWindowReservSize = (1 << 22) + 256; - - CDecoder::CDecoder(): -- m_IsSolid(false) -+ m_IsSolid(false), -+ m_TablesOK(false) - { - } - -@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB - - bool CDecoder::ReadTables(void) - { -+ m_TablesOK = false; -+ - Byte levelLevels[kLevelTableSize]; - Byte newLevels[kMaxTableSize]; - m_AudioMode = (ReadBits(1) == 1); -@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void) - } - - memcpy(m_LastLevels, newLevels, kMaxTableSize); -+ m_TablesOK = true; -+ - return true; - } - -@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * - return S_FALSE; - } - -+ if (!m_TablesOK) -+ return S_FALSE; -+ - UInt64 startPos = m_OutWindowStream.GetProcessedSize(); - while (pos < unPackSize) - { ---- CPP/7zip/Compress/Rar2Decoder.h -+++ CPP/7zip/Compress/Rar2Decoder.h -@@ -139,6 +139,7 @@ class CDecoder : - - UInt64 m_PackSize; - bool m_IsSolid; -+ bool m_TablesOK; - - void InitStructures(); - UInt32 ReadBits(unsigned numBits); ---- CPP/7zip/Compress/Rar3Decoder.cpp -+++ CPP/7zip/Compress/Rar3Decoder.cpp -@@ -92,7 +92,8 @@ CDecoder::CDecoder(): - _writtenFileSize(0), - _vmData(0), - _vmCode(0), -- m_IsSolid(false) -+ m_IsSolid(false), -+ _errorMode(false) - { - Ppmd7_Construct(&_ppmd); - } -@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) - return InitPPM(); - } - -+ TablesRead = false; -+ TablesOK = false; -+ - _lzMode = true; - PrevAlignBits = 0; - PrevAlignCount = 0; -@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) - } - } - } -+ if (InputEofError()) -+ return S_FALSE; -+ - TablesRead = true; - - // original code has check here: -@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) - RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); - - memcpy(m_LastLevels, newLevels, kTablesSizesSum); -+ -+ TablesOK = true; -+ - return S_OK; - } - -@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) - PpmEscChar = 2; - PpmError = true; - InitFilters(); -+ _errorMode = false; - } -+ -+ if (_errorMode) -+ return S_FALSE; -+ - if (!m_IsSolid || !TablesRead) - { - bool keepDecompressing; -@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) - bool keepDecompressing; - if (_lzMode) - { -+ if (!TablesOK) -+ return S_FALSE; - RINOK(DecodeLZ(keepDecompressing)) - } - else -@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream - _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; - return CodeReal(progress); - } -- catch(const CInBufferException &e) { return e.ErrorCode; } -- catch(...) { return S_FALSE; } -+ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } -+ catch(...) { _errorMode = true; return S_FALSE; } - // CNewException is possible here. But probably CNewException is caused - // by error in data stream. - } ---- CPP/7zip/Compress/Rar3Decoder.h -+++ CPP/7zip/Compress/Rar3Decoder.h -@@ -192,6 +192,7 @@ class CDecoder: - UInt32 _lastFilter; - - bool m_IsSolid; -+ bool _errorMode; - - bool _lzMode; - bool _unsupportedFilter; -@@ -200,6 +201,7 @@ class CDecoder: - UInt32 PrevAlignCount; - - bool TablesRead; -+ bool TablesOK; - - CPpmd7 _ppmd; - int PpmEscChar; diff --git a/archivers/p7zip/pkg-descr b/archivers/p7zip/pkg-descr deleted file mode 100644 index 279a1a8f0fc9..000000000000 --- a/archivers/p7zip/pkg-descr +++ /dev/null @@ -1,18 +0,0 @@ -p7zip is a Unix port of 7-Zip, a file archiver with high compression -ratio (www.7-zip.org) with lots of features: - -* 7-Zip is free software distributed under the GNU LGPL -* High compression ratio in new 7z format with LZMA compression - o Unicode file names - o Variable dictionary size (up to 4 GB) - o Compressing speed: about 1 MB/s on 2 GHz CPU - o Decompressing speed: about 10-20 MB/s on 2 GHz CPU -* Supported formats: - o Packing / unpacking: 7z, ZIP, GZIP, BZIP2 and TAR - o Unpacking only: RAR, CAB, ISO, ARJ, LZH, CHM, Z, CPIO, RPM, DEB - and NSIS -* For ZIP and GZIP formats 7-Zip provides compression ratio that is - 2-10 % better than ratio provided by PKZip and WinZip -* Self-extracting capability for 7z format - -WWW: http://p7zip.sourceforge.net/ diff --git a/archivers/p7zip/pkg-plist b/archivers/p7zip/pkg-plist deleted file mode 100644 index db81af97aabc..000000000000 --- a/archivers/p7zip/pkg-plist +++ /dev/null @@ -1,11 +0,0 @@ -bin/7z -bin/7za -bin/7zr -libexec/p7zip/7z -libexec/p7zip/7z.so -libexec/p7zip/7zCon.sfx -libexec/p7zip/7za -libexec/p7zip/7zr -share/man/man1/7z.1.gz -share/man/man1/7za.1.gz -share/man/man1/7zr.1.gz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202205250800.24P80r3x036377>