From d2543d8da2dec0a587e0610c25d2a11c2876442b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com>
Date: Sat, 27 Jan 2018 01:16:04 +0000
Subject: [PATCH] Security fix for CVE-2017-17969 (from Debian)

Add 05-hardening-flags.patch, 09-man-update.patch, 10-drop-fm-doc.patch
  and 14-Fix-g++-warning.patch patches from Debian, very small changes
  better documentation, compile flags and compile warning.
---
 02_man.patch => 02-man.patch |   0
 05-hardening-flags.patch     |  33 ++
 09-man-update.patch          | 838 +++++++++++++++++++++++++++++++++++
 10-drop-fm-doc.patch         |  96 ++++
 13-CVE-2017-17969.patch      |  26 ++
 14-Fix-g++-warning.patch     |  24 +
 p7zip.spec                   |  17 +-
 7 files changed, 1031 insertions(+), 3 deletions(-)
 rename 02_man.patch => 02-man.patch (100%)
 create mode 100644 05-hardening-flags.patch
 create mode 100644 09-man-update.patch
 create mode 100644 10-drop-fm-doc.patch
 create mode 100644 13-CVE-2017-17969.patch
 create mode 100644 14-Fix-g++-warning.patch

diff --git a/02_man.patch b/02-man.patch
similarity index 100%
rename from 02_man.patch
rename to 02-man.patch
diff --git a/05-hardening-flags.patch b/05-hardening-flags.patch
new file mode 100644
index 0000000..aa42431
--- /dev/null
+++ b/05-hardening-flags.patch
@@ -0,0 +1,33 @@
+From: Robert Luberda <robert@debian.org>
+Date: Fri, 22 Jan 2016 00:53:09 +0100
+Subject: Hardening flags
+
+Add support for $(CPPFLAGS) and do not override $(CXXFLAGS)
+and $(CFLAGS)
+
+Bug-Debian: https://bugs.debian.org/#682167
+---
+ makefile.glb | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/makefile.glb b/makefile.glb
+index fb001d5..e10ae03 100644
+--- a/makefile.glb
++++ b/makefile.glb
+@@ -1,14 +1,14 @@
+ 
+ RM=rm -f
+ 
+-CFLAGS=-c -I. \
++CFLAGS+=$(CPPFLAGS) -c -I. \
+ -I../../../../C \
+ -I../../../../CPP/myWindows \
+ -I../../../../CPP/include_windows \
+ -I../../../../CPP \
+ $(ALLFLAGS) $(ALLFLAGS_C)
+ 
+-CXXFLAGS=-c -I. \
++CXXFLAGS+=$(CPPFLAGS) -c -I. \
+ -I../../../../C \
+ -I../../../../CPP/myWindows \
+ -I../../../../CPP/include_windows \
diff --git a/09-man-update.patch b/09-man-update.patch
new file mode 100644
index 0000000..a200932
--- /dev/null
+++ b/09-man-update.patch
@@ -0,0 +1,838 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sun, 6 Mar 2016 12:52:49 +0100
+Subject: Update man pages
+
+Update 7z, 7za and 7zr man pages based on the usage output printed
+by the commands.
+
+Remove reference to -p{Password} option from the 7zr(1) page, as the
+command does not support it (LP: 558609)
+
+Mention in 7z(1) that the 7z command might be slower than 7za (closes: #636667).
+
+Replace "the highest compression ratio" with "high" or "very high"
+and make sure the phrase refers to the 7z format, not to the archive
+program itself (closes: #636179)
+
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/p7zip/+bug/558609
+Bug-Debian: https://bugs.debian.org/636179
+Bug-Debian: https://bugs.debian.org/636667
+---
+ man1/7z.1  | 188 ++++++++++++++++++++++++++++++++++++++++++++---------------
+ man1/7za.1 | 185 ++++++++++++++++++++++++++++++++++++++++++++--------------
+ man1/7zr.1 | 192 +++++++++++++++++++++++++++++++++++++++++++++----------------
+ 3 files changed, 426 insertions(+), 139 deletions(-)
+
+diff --git a/man1/7z.1 b/man1/7z.1
+index d2b7378..72e262b 100644
+--- a/man1/7z.1
++++ b/man1/7z.1
+@@ -1,97 +1,187 @@
+-.TH 7z 1 "September 1 2006" "Mohammed Adnene Trojette"
++.TH 7z 1 "March 6th, 2016" "7-Zip"
+ .SH NAME
+-7z \- A file archiver with highest compression ratio
++7z \- A file archiver with high compression ratio format
+ .SH SYNOPSIS
+ .B 7z
+-.BR [adeltux]
+-.BR [\-]
+-.BR [SWITCH]
+-.BR <ARCHIVE_NAME>
+-.BR <ARGUMENTS>...
++.B <command>
++.RB [ <switches> "... ]"
++.B <archive_name>
++.RB [ <file_names> "... ]"
++.RB [ <@listfiles> "... ]"
+ .PP
+ .SH DESCRIPTION
+-7-Zip is a file archiver with the highest compression ratio. The program supports 7z (that implements LZMA compression algorithm), LZMA2, XZ, ZIP, Zip64, CAB, RAR (if the non-free p7zip-rar package is installed), ARJ, GZIP, BZIP2, TAR, CPIO, RPM, ISO, most filesystem images and DEB formats. Compression ratio in the new 7z format is 30-50% better than ratio in ZIP format.
+-.TP
+-7z uses plugins to handle archives.
++7-Zip is a file archiver supporting 7z (that implements LZMA compression algorithm
++featuring very high compression ratio), LZMA2, XZ, ZIP, Zip64, CAB,
++RAR (if the non-free p7zip-rar package is installed), ARJ, GZIP, BZIP2, TAR, CPIO, RPM, ISO,
++most filesystem images and DEB formats.
++Compression ratio in the new 7z format is 30-50% better than ratio in ZIP format.
+ .PP
+-.SH FUNCTION LETTERS
++.B 7z
++uses plugins to handle archives, so it might be slightly slower than
++.BR 7za (1)
++but can handle more archive formats.
++.SH COMMANDS
+ .TP
+ .B a
+-Add
++Add files to archive
++.TP
++.B b
++Benchmark
+ .TP
+ .B d
+-Delete
++Delete files from archive
+ .TP
+ .B e
+-Extract
++Extract files from archive (without using directory names)
++.TP
++.B h
++Calculate hash values for files
++.TP
++.B i
++Show information about supported formats
+ .TP
+ .B l
+-List
++List contents of archive
++.TP
++.B rn
++Rename files in archive
+ .TP
+ .B t
+-Test
++Test integrity of archive
+ .TP
+ .B u
+-Update
++Update files to archive
+ .TP
+ .B x
+-eXtract with full paths
++eXtract files with full paths
+ .PP
+ .SH SWITCHES
+ .TP
+-.B \-ai[r[\-|0]]{@listfile|!wildcard}
++.B \-\-
++Stop switches parsing
++.TP
++.B \-ai[r[-|0]]{@listfile|!wildcard}
+ Include archives
+ .TP
+-.B \-ax[r[\-|0]]{@listfile|!wildcard}
+-eXclude archives
++.B \-ax[r[-|0]]{@listfile|!wildcard}
++Exclude archives
++.TP
++.B \-ao{a|s|t|u}
++Set Overwrite mode
++.TP
++.B \-an
++Disable archive_name field
++.TP
++.B -bb[0-3]
++Set output log level
+ .TP
+ .B \-bd
+-Disable percentage indicator
++Disable progress indicator
++.TP
++.B \-bs{o|e|p}{0|1|2}
++Set output stream for output/error/progress line
++.TP
++.B \-bt
++Show execution time statistics
+ .TP
+ .B \-i[r[\-|0]]{@listfile|!wildcard}
+ Include filenames
+ .TP
+-.B \-l
+-don't store symlinks; store the files/directories they point to (CAUTION : the scanning stage can never end because of recursive symlinks like 'ln \-s .. ldir')
+-.TP
+ .B \-m{Parameters}
+-Set Compression Method (see /usr/share/doc/p7zip-full/DOC/MANUAL/cmdline/switches/method.htm for a list of methods)
+-.TP
+-.B \-mhe=on|off
+-7z format only : enables or disables archive header encryption (Default : off)
++Set Compression Method (see /usr/share/doc/p7zip/DOC/MANUAL/cmdline/switches/method.htm from the p7zip-full package for a list of methods)
+ .TP
+ .B \-o{Directory}
+ Set Output directory
+ .TP
+ .B \-p{Password}
+-Set Password
++Set Password (NOTE: this flag does not work with 7zr)
+ .TP
+ .B \-r[\-|0]
+ Recurse subdirectories (CAUTION: this flag does not do what you think, avoid using it)
+ .TP
++.B \-sa{a|e|s}
++Set archive name mode
++.TP
++.B \-scc{UTF\-8|WIN|DOS}
++Set charset for for console input/output
++.TP
++.B \-scs{UTF\-8|UTF\-16LE|UTF\-16BE|WIN|DOS|{id}}
++Set charset for list files
++.TP
++.B \-scrc[CRC32|CRC64|SHA1|SHA256|*]
++Set hash function for x, e, h commands
++.TP
++.B \-sdel
++Delete files after compression
++.TP
++.B \-seml[.]
++Send archive by email
++.TP
+ .B \-sfx[{name}]
+ Create SFX archive
+ .TP
+-.B \-si
+-Read data from StdIn (eg: tar cf \- directory | 7z a \-si directory.tar.7z)
++.B \-si[{name}]
++Read data from stdin (e.g. tar cf \- directory | 7z a \-si directory.tar.7z)
+ .TP
+-.B \-so
+-Write data to StdOut (eg: % echo foo | 7z a dummy \-tgzip \-si \-so > /dev/null)
++.B \-slp
++Set Large Pages mode
+ .TP
+ .B \-slt
+-Sets technical mode for l (list) command
++Show technical information for l (List) command
++.TP
++.B \-snh
++Store hard links as links
++.TP
++.B \-snl
++Store symbolic links as links
++.TP
++.B \-sni
++Store NT security information
++.TP
++.B \-sns[\-]
++Store NTFS alternate streams
++.TP
++.B \-sfx[{name}]
++Create SFX archive
++.TP
++.B \-so
++Write data to stdout (e.g. 7z x \-so directory.tar.7z | tar xf \-)
++.TP
++.B \-spd
++Disable wildcard matching for file names
++.TP
++.B \-spe
++Eliminate duplication of root folder for extract command
++.TP
++.B \-spf
++Use fully qualified file paths
++.TP
++.B \-ssc[\-]
++Set sensitive case mode
++.TP
++.B \-ssw
++Compress shared files
++.TP
++.B \-stl
++Set archive timestamp from the most recently modified file
++.TP
++.B \-stm{HexMask}
++Set CPU thread affinity mask (hexadecimal number)
++.TP
++.B \-stx{Type}
++Exclude archive type
+ .TP
+ .B \-t{Type}
+-Type of archive (7z, zip, gzip, bzip2 or tar. 7z format is default)
++Set type of archive
++.TP
++.B \-u[-][p#][q#][r#][x#][y#][z#][!newArchiveName]
++Update options
+ .TP
+ .B \-v{Size}[b|k|m|g]
+ Create volumes
+ .TP
+-.B \-u[\-][p#][q#][r#][x#][y#][z#][!newArchiveName]
+-Update options
+-.TP
+ .B \-w[path]
+-Set Working directory
++Set working directory. Empty path means a temporary directory
+ .TP
+ .B \-x[r[\-|0]]]{@listfile|!wildcard}
+ Exclude filenames
+@@ -105,7 +195,8 @@ Assume Yes on all queries
+ .IP 0
+ Normal (no errors or warnings detected)
+ .IP 1
+-Warning (Non fatal error(s)). For example, some files cannot be read during compressing. So they were not compressed
++Warning (Non fatal error(s)). For example, some files cannot be read during compressing,
++so they were not compressed
+ .IP 2
+ Fatal error
+ .IP 7
+@@ -120,13 +211,13 @@ DO NOT USE the 7-zip format for backup purpose on Linux/Unix because :
+ 
+ .LP
+ On Linux/Unix, in order to backup directories you must use tar :
+- \- to backup a directory  : tar cf \- directory | 7za a \-si directory.tar.7z
+- \- to restore your backup : 7za x \-so directory.tar.7z | tar xf \-
++ \- to backup a directory  : tar cf \- directory | 7z a \-si directory.tar.7z
++ \- to restore your backup : 7z x \-so directory.tar.7z | tar xf \-
+ 
+ If you want to send files and directories (not the owner of file)
+ to others Unix/MacOS/Windows users, you can use the 7-zip format.
+ 
+-  example : 7za a directory.7z  directory
++  example : 7z a directory.7z  directory
+ 
+ .LP
+ Do not use "\-r" because this flag does not do what you think.
+@@ -165,10 +256,15 @@ add all files from directory "dir1" to SFX archive archive.exe (Remark : SFX arc
+ 7z a \-mhe=on \-pmy_password archive.7z a_directory
+ add all files from directory "a_directory" to the archive "archive.7z" (with data and header archive encryption on)
+ .SH "SEE ALSO"
+-7za(1), 7zr(1), bzip2(1), gzip(1), zip(1)
++.BR 7zr (1),
++.BR 7za (1),
++.BR p7zip (1),
++.BR bzip2 (1),
++.BR gzip (1),
++.BR zip(1),
+ .PP
+ .SH "HTML Documentation"
+ /usr/share/doc/p7zip-full/DOC/MANUAL/start.htm
+ .SH AUTHOR
+ .TP
+-Written for Debian by Mohammed Adnene Trojette.
++Written for Debian by Mohammed Adnene Trojette. Updated by Robert Luberda.
+diff --git a/man1/7za.1 b/man1/7za.1
+index ae5730b..218e245 100644
+--- a/man1/7za.1
++++ b/man1/7za.1
+@@ -1,99 +1,190 @@
+-.TH 7za 1 "September 1 2006" "Mohammed Adnene Trojette"
++.TH 7za 1 "March 6th, 2016" "7-Zip"
+ .SH NAME
+-7za \- A file archiver with highest compression ratio
++7za \- A file archiver with high compression ratio format
+ .SH SYNOPSIS
+ .B 7za
+-.BR [adeltux]
+-.BR [-]
+-.BR [SWITCH]
+-.BR <ARCHIVE_NAME>
+-.BR <ARGUMENTS>...
++.B <command>
++.RB [ <switches> "... ]"
++.B <archive_name>
++.RB [ <file_names> "... ]"
++.RB [ <@listfiles> "... ]"
+ .PP
+ .SH DESCRIPTION
+-7-Zip is a file archiver with the highest compression ratio. The program supports 7z (that implements LZMA compression algorithm), LZMA2, XZ, ZIP, Zip64, CAB, RAR (if the non-free p7zip-rar package is installed), ARJ, GZIP, BZIP2, TAR, CPIO, RPM, ISO, most filesystem images and DEB formats. Compression ratio in the new 7z format is 30-50% better than ratio in ZIP format.
+-.TP
+-7za is a stand-alone executable. 7za handles fewer archive formats than 7z.
++7-Zip is a file archiver supporting 7z (that implements LZMA compression algorithm
++featuring very high compression ratio), LZMA2, XZ, ZIP, Zip64, CAB,
++RAR (if the non-free p7zip-rar package is installed), ARJ, GZIP, BZIP2, TAR, CPIO, RPM, ISO,
++most filesystem images and DEB formats.
++Compression ratio in the new 7z format is 30-50% better than ratio in ZIP format.
+ .PP
+-.SH FUNCTION LETTERS
++.B 7za
++is a stand-alone executable.
++.B 7za
++handles fewer archive formats than
++.BR 7z (1).
++.SH COMMANDS
+ .TP
+ .B a
+-Add
++Add files to archive
++.TP
++.B b
++Benchmark
+ .TP
+ .B d
+-Delete
++Delete files from archive
+ .TP
+ .B e
+-Extract
++Extract files from archive (without using directory names)
++.TP
++.B h
++Calculate hash values for files
++.TP
++.B i
++Show information about supported formats
+ .TP
+ .B l
+-List
++List contents of archive
++.TP
++.B rn
++Rename files in archive
+ .TP
+ .B t
+-Test
++Test integrity of archive
+ .TP
+ .B u
+-Update
++Update files to archive
+ .TP
+ .B x
+-eXtract with full paths
++eXtract files with full paths
+ .PP
+ .SH SWITCHES
+ .TP
++.B \-\-
++Stop switches parsing
++.TP
+ .B \-ai[r[-|0]]{@listfile|!wildcard}
+ Include archives
+ .TP
+ .B \-ax[r[-|0]]{@listfile|!wildcard}
+-eXclude archives
++Exclude archives
++.TP
++.B \-ao{a|s|t|u}
++Set Overwrite mode
++.TP
++.B \-an
++Disable archive_name field
++.TP
++.B -bb[0-3]
++Set output log level
+ .TP
+ .B \-bd
+-Disable percentage indicator
++Disable progress indicator
+ .TP
+-.B \-i[r[-|0]]{@listfile|!wildcard}
+-Include filenames
++.B \-bs{o|e|p}{0|1|2}
++Set output stream for output/error/progress line
+ .TP
+-.B \-l
+-don't store symlinks; store the files/directories they point to (CAUTION : the scanning stage can never end because of recursive symlinks like 'ln \-s .. ldir')
++.B \-bt
++Show execution time statistics
+ .TP
+-.B \-m{Parameters}
+-Set Compression Method (see /usr/share/doc/p7zip-full/DOC/MANUAL/cmdline/switches/method.htm for a list of methods)
++.B \-i[r[\-|0]]{@listfile|!wildcard}
++Include filenames
+ .TP
+-.B \-mhe=on|off
+-7z format only : enables or disables archive header encryption (Default : off)
++.B \-m{Parameters}
++Set Compression Method (see /usr/share/doc/p7zip/DOC/MANUAL/cmdline/switches/method.htm from the p7zip-full package for a list of methods)
+ .TP
+ .B \-o{Directory}
+ Set Output directory
+ .TP
+ .B \-p{Password}
+-Set Password
++Set Password (NOTE: this flag does not work with 7zr)
+ .TP
+-.B \-r[-|0]
++.B \-r[\-|0]
+ Recurse subdirectories (CAUTION: this flag does not do what you think, avoid using it)
+ .TP
++.B \-sa{a|e|s}
++Set archive name mode
++.TP
++.B \-scc{UTF\-8|WIN|DOS}
++Set charset for for console input/output
++.TP
++.B \-scs{UTF\-8|UTF\-16LE|UTF\-16BE|WIN|DOS|{id}}
++Set charset for list files
++.TP
++.B \-scrc[CRC32|CRC64|SHA1|SHA256|*]
++Set hash function for x, e, h commands
++.TP
++.B \-sdel
++Delete files after compression
++.TP
++.B \-seml[.]
++Send archive by email
++.TP
+ .B \-sfx[{name}]
+ Create SFX archive
+ .TP
+-.B \-si
+-Read data from StdIn (eg: tar cf \- directory | 7za a \-si directory.tar.7z)
++.B \-si[{name}]
++Read data from stdin (e.g. tar cf \- directory | 7za a \-si directory.tar.7z)
+ .TP
+-.B \-so
+-Write data to StdOut (eg: % echo foo | 7z a dummy \-tgzip \-si \-so > /dev/null)
++.B \-slp
++Set Large Pages mode
+ .TP
+ .B \-slt
+-Sets technical mode for l (list) command
++Show technical information for l (List) command
+ .TP
+-.B \-t{Type}
+-Type of archive (7z, zip, gzip, bzip2 or tar. 7z format is default)
++.B \-snh
++Store hard links as links
+ .TP
+-.B \-v{Size}[b|k|m|g]
+-Create volumes
++.B \-snl
++Store symbolic links as links
++.TP
++.B \-sni
++Store NT security information
++.TP
++.B \-sns[\-]
++Store NTFS alternate streams
++.TP
++.B \-sfx[{name}]
++Create SFX archive
++.TP
++.B \-so
++Write data to stdout (e.g. 7za x \-so directory.tar.7z | tar xf \-)
++.TP
++.B \-spd
++Disable wildcard matching for file names
++.TP
++.B \-spe
++Eliminate duplication of root folder for extract command
++.TP
++.B \-spf
++Use fully qualified file paths
++.TP
++.B \-ssc[\-]
++Set sensitive case mode
++.TP
++.B \-ssw
++Compress shared files
++.TP
++.B \-stl
++Set archive timestamp from the most recently modified file
++.TP
++.B \-stm{HexMask}
++Set CPU thread affinity mask (hexadecimal number)
++.TP
++.B \-stx{Type}
++Exclude archive type
++.TP
++.B \-t{Type}
++Set type of archive
+ .TP
+ .B \-u[-][p#][q#][r#][x#][y#][z#][!newArchiveName]
+ Update options
+ .TP
++.B \-v{Size}[b|k|m|g]
++Create volumes
++.TP
+ .B \-w[path]
+-Set Working directory
++Set working directory. Empty path means a temporary directory
+ .TP
+-.B \-x[r[-|0]]]{@listfile|!wildcard}
++.B \-x[r[\-|0]]]{@listfile|!wildcard}
+ Exclude filenames
+ .TP
+ .B \-y
+@@ -105,7 +196,8 @@ Assume Yes on all queries
+ .IP 0
+ Normal (no errors or warnings detected)
+ .IP 1
+-Warning (Non fatal error(s)). For example, some files cannot be read during compressing. So they were not compressed
++Warning (Non fatal error(s)). For example, some files cannot be read during compressing,
++so they were not compressed
+ .IP 2
+ Fatal error
+ .IP 7
+@@ -165,10 +257,15 @@ add all files from directory "dir1" to SFX archive archive.exe (Remark : SFX arc
+ 7za a \-mhe=on \-pmy_password archive.7z a_directory
+ add all files from directory "a_directory" to the archive "archive.7z" (with data and header archive encryption on)
+ .SH "SEE ALSO"
+-7z(1), 7zr(1), bzip2(1), gzip(1), zip(1)
++.BR 7zr (1),
++.BR 7z (1),
++.BR p7zip (1),
++.BR bzip2 (1),
++.BR gzip (1),
++.BR zip(1),
+ .PP
+ .SH "HTML Documentation"
+ /usr/share/doc/p7zip-full/DOC/MANUAL/start.htm
+ .SH AUTHOR
+ .TP
+-Written for Debian by Mohammed Adnene Trojette.
++Written for Debian by Mohammed Adnene Trojette. Updated by Robert Luberda.
+diff --git a/man1/7zr.1 b/man1/7zr.1
+index fb2dcfd..494efc9 100644
+--- a/man1/7zr.1
++++ b/man1/7zr.1
+@@ -1,99 +1,192 @@
+-.TH 7zr 1 "September 1 2006" "Mohammed Adnene Trojette"
++.TH 7zr 1 "March 6th, 2016" "7-Zip"
+ .SH NAME
+-7zr \- A file archiver with highest compression ratio
++7zr \- A file archiver with high compression ratio format
+ .SH SYNOPSIS
+ .B 7zr
+-.BR [adeltux]
+-.BR [-]
+-.BR [SWITCH]
+-.BR <ARCHIVE_NAME>
+-.BR <ARGUMENTS>...
++.B <command>
++.RB [ <switches> "... ]"
++.B <archive_name>
++.RB [ <file_names> "... ]"
++.RB [ <@listfiles> "... ]"
+ .PP
+ .SH DESCRIPTION
+-7-Zip is a file archiver with the highest compression ratio. The program supports 7z (that implements LZMA compression algorithm), LZMA2, XZ, ZIP, Zip64, CAB, RAR (if the non-free p7zip-rar package is installed), ARJ, GZIP, BZIP2, TAR, CPIO, RPM, ISO, most filesystem images and DEB formats. Compression ratio in the new 7z format is 30-50% better than ratio in ZIP format.
+-.TP
+-7zr is a stand-alone executable. 7zr handles fewer archive formats than 7z. 7zr is a "light-version" of 7za that only handles 7z archives.
++7-Zip is a file archiver supporting 7z (that implements LZMA compression algorithm
++featuring very high compression ratio), LZMA2, XZ, ZIP, Zip64, CAB,
++RAR (if the non-free p7zip-rar package is installed), ARJ, GZIP, BZIP2, TAR, CPIO, RPM, ISO,
++most filesystem images and DEB formats.
++Compression ratio in the new 7z format is 30-50% better than ratio in ZIP format.
+ .PP
+-.SH FUNCTION LETTERS
++.B 7zr
++is a stand-alone executable.
++.B 7zr
++is a "light-version" of
++.BR 7za (1).
++.B 7zr
++handles password-less archives in the 7z, LZMA2, and XZ formats only.
++.SH COMMANDS
+ .TP
+ .B a
+-Add
++Add files to archive
++.TP
++.B b
++Benchmark
+ .TP
+ .B d
+-Delete
++Delete files from archive
+ .TP
+ .B e
+-Extract
++Extract files from archive (without using directory names)
++.TP
++.B h
++Calculate hash values for files
++.TP
++.B i
++Show information about supported formats
+ .TP
+ .B l
+-List
++List contents of archive
++.TP
++.B rn
++Rename files in archive
+ .TP
+ .B t
+-Test
++Test integrity of archive
+ .TP
+ .B u
+-Update
++Update files to archive
+ .TP
+ .B x
+-eXtract with full paths
++eXtract files with full paths
+ .PP
+ .SH SWITCHES
+ .TP
++.B \-\-
++Stop switches parsing
++.TP
+ .B \-ai[r[-|0]]{@listfile|!wildcard}
+ Include archives
+ .TP
+ .B \-ax[r[-|0]]{@listfile|!wildcard}
+-eXclude archives
++Exclude archives
++.TP
++.B \-ao{a|s|t|u}
++Set Overwrite mode
++.TP
++.B \-an
++Disable archive_name field
++.TP
++.B -bb[0-3]
++Set output log level
+ .TP
+ .B \-bd
+-Disable percentage indicator
++Disable progress indicator
+ .TP
+-.B \-i[r[-|0]]{@listfile|!wildcard}
+-Include filenames
++.B \-bs{o|e|p}{0|1|2}
++Set output stream for output/error/progress line
++.TP
++.B \-bt
++Show execution time statistics
+ .TP
+-.B \-l
+-don't store symlinks; store the files/directories they point to (CAUTION : the scanning stage can never end because of recursive symlinks like 'ln \-s .. ldir')
++.B \-i[r[\-|0]]{@listfile|!wildcard}
++Include filenames
+ .TP
+ .B \-m{Parameters}
+ Set Compression Method (see /usr/share/doc/p7zip/DOC/MANUAL/cmdline/switches/method.htm from the p7zip-full package for a list of methods)
+ .TP
+-.B \-mhe=on|off
+-7z format only : enables or disables archive header encryption (Default : off)
+-.TP
+ .B \-o{Directory}
+ Set Output directory
+ .TP
+-.B \-p{Password}
+-Set Password
+-.TP
+-.B \-r[-|0]
++.B \-r[\-|0]
+ Recurse subdirectories (CAUTION: this flag does not do what you think, avoid using it)
+ .TP
++.B \-sa{a|e|s}
++Set archive name mode
++.TP
++.B \-scc{UTF\-8|WIN|DOS}
++Set charset for for console input/output
++.TP
++.B \-scs{UTF\-8|UTF\-16LE|UTF\-16BE|WIN|DOS|{id}}
++Set charset for list files
++.TP
++.B \-scrc[CRC32|CRC64|SHA1|SHA256|*]
++Set hash function for x, e, h commands
++.TP
++.B \-sdel
++Delete files after compression
++.TP
++.B \-seml[.]
++Send archive by email
++.TP
+ .B \-sfx[{name}]
+ Create SFX archive
+ .TP
+-.B \-si
+-Read data from StdIn (eg: tar cf \- directory | 7zr a \-si directory.tar.7z)
++.B \-si[{name}]
++Read data from stdin (e.g. tar cf \- directory | 7zr a \-si directory.tar.7z)
+ .TP
+-.B \-so
+-Write data to StdOut (eg: 7zr x \-so directory.tar.7z | tar xf \-)
++.B \-slp
++Set Large Pages mode
+ .TP
+ .B \-slt
+-Sets technical mode for l (list) command
++Show technical information for l (List) command
+ .TP
+-.B \-v{Size}[b|k|m|g]
+-Create volumes
++.B \-snh
++Store hard links as links
++.TP
++.B \-snl
++Store symbolic links as links
++.TP
++.B \-sni
++Store NT security information
++.TP
++.B \-sns[\-]
++Store NTFS alternate streams
++.TP
++.B \-sfx[{name}]
++Create SFX archive
++.TP
++.B \-so
++Write data to stdout (e.g. 7zr x \-so directory.tar.7z | tar xf \-)
++.TP
++.B \-spd
++Disable wildcard matching for file names
++.TP
++.B \-spe
++Eliminate duplication of root folder for extract command
++.TP
++.B \-spf
++Use fully qualified file paths
++.TP
++.B \-ssc[\-]
++Set sensitive case mode
++.TP
++.B \-ssw
++Compress shared files
++.TP
++.B \-stl
++Set archive timestamp from the most recently modified file
++.TP
++.B \-stm{HexMask}
++Set CPU thread affinity mask (hexadecimal number)
++.TP
++.B \-stx{Type}
++Exclude archive type
++.TP
++.B \-t{Type}
++Set type of archive
+ .TP
+ .B \-u[-][p#][q#][r#][x#][y#][z#][!newArchiveName]
+ Update options
+ .TP
++.B \-v{Size}[b|k|m|g]
++Create volumes
++.TP
+ .B \-w[path]
+-Set Working directory
++Set working directory. Empty path means a temporary directory
+ .TP
+-.B \-x[r[-|0]]]{@listfile|!wildcard}
++.B \-x[r[\-|0]]]{@listfile|!wildcard}
+ Exclude filenames
+ .TP
+-.B \-y 
++.B \-y
+ Assume Yes on all queries
+ .PP
+ .SH DIAGNOSTICS
+@@ -102,7 +195,8 @@ Assume Yes on all queries
+ .IP 0
+ Normal (no errors or warnings detected)
+ .IP 1
+-Warning (Non fatal error(s)). For example, some files cannot be read during compressing. So they were not compressed
++Warning (Non fatal error(s)). For example, some files cannot be read during compressing,
++so they were not compressed
+ .IP 2
+ Fatal error
+ .IP 7
+@@ -156,16 +250,16 @@ solid archive = on
+ .B
+ 7zr a \-sfx archive.exe dir1
+ add all files from directory "dir1" to SFX archive archive.exe (Remark : SFX archive MUST end with ".exe")
+-.SH EXAMPLE 3
+-.TP
+-.B
+-7zr a \-mhe=on \-pmy_password archive.7z a_directory
+-add all files from directory "a_directory" to the archive "archive.7z" (with data and header archive encryption on)
+ .SH "SEE ALSO"
+-7z(1), 7za(1), bzip2(1), gzip(1), zip(1)
++.BR 7za (1),
++.BR 7z (1),
++.BR p7zip (1),
++.BR bzip2 (1),
++.BR gzip (1),
++.BR zip(1),
+ .PP
+ .SH "HTML Documentation"
+ /usr/share/doc/p7zip/DOC/MANUAL/start.htm (avabilable when the p7zip-full package is installed)
+ .SH AUTHOR
+ .TP
+-Written for Debian by Mohammed Adnene Trojette.
++Written for Debian by Mohammed Adnene Trojette. Updated by Robert Luberda.
diff --git a/10-drop-fm-doc.patch b/10-drop-fm-doc.patch
new file mode 100644
index 0000000..aadf9cb
--- /dev/null
+++ b/10-drop-fm-doc.patch
@@ -0,0 +1,96 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sun, 6 Mar 2016 13:16:16 +0100
+Subject: Remove references to fm/ dir and license.htm
+
+Remove references to fm/* which describes Windows GUI,  which
+is not available in this package.
+
+Replace references to license.htm with references to copyright.
+
+Drop .exe extension from 7z commands (LP: #181402).
+
+Bugs-Ubuntu https://bugs.launchpad.net/ubuntu/+source/p7zip/+bug/181402
+---
+ DOC/MANUAL/cmdline/index.htm        | 10 +++++-----
+ DOC/MANUAL/cmdline/switches/sfx.htm |  2 +-
+ DOC/MANUAL/general/index.htm        |  3 +--
+ DOC/MANUAL/start.htm                |  3 +--
+ 4 files changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/DOC/MANUAL/cmdline/index.htm b/DOC/MANUAL/cmdline/index.htm
+index c3515a3..129c479 100644
+--- a/DOC/MANUAL/cmdline/index.htm
++++ b/DOC/MANUAL/cmdline/index.htm
+@@ -11,12 +11,12 @@
+ <H1>Command Line Version User's Guide</H1>
+ 
+ 
+-<P>7z.exe is the command line version of 7-Zip. 7z.exe uses 7z.dll
+-from the 7-Zip package. 7z.dll is used by the 7-Zip File Manager also.</LI>
++<P>7z is the command line version of 7-Zip. 7z uses 7z.so
++from the 7-Zip package.
+ 
+-<P>7za.exe (a = alone) is a standalone version of 7-Zip.
+-7za.exe supports only 7z, lzma, cab, zip, gzip, bzip2, Z and tar formats.
+-7za.exe doesn't use external modules.</LI>
++<P>7za (a = alone) is a standalone version of 7-Zip.
++7za supports only 7z, lzma, cab, zip, gzip, bzip2, Z and tar formats.
++7za doesn't use external modules.
+ 
+ <UL>
+   <LI><A href = "syntax.htm">Command Line syntax</A></LI>
+diff --git a/DOC/MANUAL/cmdline/switches/sfx.htm b/DOC/MANUAL/cmdline/switches/sfx.htm
+index bed2f33..e93a284 100644
+--- a/DOC/MANUAL/cmdline/switches/sfx.htm
++++ b/DOC/MANUAL/cmdline/switches/sfx.htm
+@@ -22,7 +22,7 @@
+   <DT><A name="SFX_Module"></A>{SFX_Module}</DT>
+   <DD>
+     <P>Specifies the SFX module that will be combined with the archive.
+-       This module must be placed in the same directory as the 7z.exe.
++       This module must be placed in the same directory as the 7z.
+        If {SFX_Module} is not assigned, 7-Zip will use standard console 
+        SFX module 7zCon.sfx.</P>
+     <TABLE>
+diff --git a/DOC/MANUAL/general/index.htm b/DOC/MANUAL/general/index.htm
+index 2e304a4..4c5e55a 100644
+--- a/DOC/MANUAL/general/index.htm
++++ b/DOC/MANUAL/general/index.htm
+@@ -13,7 +13,6 @@
+ <h4>The main features of 7-Zip</h4>
+ 
+ <UL>
+-  <LI><A href = "../fm/index.htm">Powerful file manager</A></LI>
+   <LI><A href = "performance.htm">High compression ratio and high speed</A></LI>
+   <LI><A href = "formats.htm">Big number of supported archive formats</A></LI>
+   <LI><A href = "../cmdline/index.htm">Additional command line version</A></LI>
+@@ -21,7 +20,7 @@
+ 
+ <H4>See Also</H4>
+ <UL>
+-  <LI><A href = "license.htm">License for use and distribution</A></LI>
++  <LI><A href = "../../../copyright">License for use and distribution</A></LI>
+ </UL>
+ 
+ </BODY>
+diff --git a/DOC/MANUAL/start.htm b/DOC/MANUAL/start.htm
+index e4f96b4..e767c49 100644
+--- a/DOC/MANUAL/start.htm
++++ b/DOC/MANUAL/start.htm
+@@ -17,7 +17,6 @@
+ 
+ <UL>
+   <LI><A href = "general/index.htm">General information about 7-Zip</A></LI>
+-  <LI><A href = "fm/index.htm">User's Guide for 7-Zip File Manager</A></LI>
+   <LI><A href = "cmdline/index.htm">User's Guide for command line version</A></LI>
+ </UL>
+ 
+@@ -25,7 +24,7 @@
+ 
+ <UL>
+   <LI><A href = "general/faq.htm">Frequently Asked Questions (FAQ)</A></LI>
+-  <!-- <LI><A href = "general/license.htm">License for use and distribution</A></LI> -->
++  <!-- <LI><A href = "../../copyright">License for use and distribution</A></LI> -->
+ </UL>
+ 
+ <HR>
diff --git a/13-CVE-2017-17969.patch b/13-CVE-2017-17969.patch
new file mode 100644
index 0000000..9a820af
--- /dev/null
+++ b/13-CVE-2017-17969.patch
@@ -0,0 +1,26 @@
+From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org>
+Date: Sun, 28 Jan 2018 21:19:50 +0100
+Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta
+
+---
+ CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
+index 80b7e67..4acdce5 100644
+--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
++++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
+     {
+       _stack[i++] = _suffixes[cur];
+       cur = _parents[cur];
+-    }
++      if (i >= kNumItems)
++        break;
++     }
++
++    if (i >= kNumItems)
++      break;
+     
+     _stack[i++] = (Byte)cur;
+     lastChar2 = (Byte)cur;
diff --git a/14-Fix-g++-warning.patch b/14-Fix-g++-warning.patch
new file mode 100644
index 0000000..226e239
--- /dev/null
+++ b/14-Fix-g++-warning.patch
@@ -0,0 +1,24 @@
+From: Robert Luberda <robert@debian.org>
+Date: Sun, 28 Jan 2018 22:19:13 +0100
+Subject: Fix g++ warning
+
+Fix for "use of an operand of type 'bool' in 'operator++'
+is deprecated [-Wdeprecated]" warning taken from 7zip 18.00.beta
+package.
+---
+ CPP/7zip/Archive/Wim/WimHandler.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/Wim/WimHandler.cpp b/CPP/7zip/Archive/Wim/WimHandler.cpp
+index 27d3298..4ff5cfe 100644
+--- a/CPP/7zip/Archive/Wim/WimHandler.cpp
++++ b/CPP/7zip/Archive/Wim/WimHandler.cpp
+@@ -298,7 +298,7 @@ STDMETHODIMP CHandler::GetArchiveProperty(PROPID propID, PROPVARIANT *value)
+ 
+       AString res;
+ 
+-      bool numMethods = 0;
++      unsigned numMethods = 0;
+       for (unsigned i = 0; i < ARRAY_SIZE(k_Methods); i++)
+       {
+         if (methodMask & ((UInt32)1 << i))
diff --git a/p7zip.spec b/p7zip.spec
index 30c0358..902ab8e 100644
--- a/p7zip.spec
+++ b/p7zip.spec
@@ -7,7 +7,7 @@
 Summary: Very high compression ratio file archiver
 Name: p7zip
 Version: 16.02
-Release: 8%{?dist}
+Release: 9%{?dist}
 # Files under C/Compress/Lzma/ are dual LGPL or CPL
 License: LGPLv2 and (LGPLv2+ or CPL)
 URL: http://p7zip.sourceforge.net/
@@ -22,8 +22,13 @@ URL: http://p7zip.sourceforge.net/
 Source: p7zip_%{version}_src_all-norar.tar.bz2
 Patch0: p7zip_15.14-norar_cmake.patch
 # from Debain
-Patch5: 02_man.patch
+Patch5: 02-man.patch
 Patch6: CVE-2016-9296.patch
+Patch7: 05-hardening-flags.patch
+Patch8: 09-man-update.patch
+Patch9: 10-drop-fm-doc.patch
+Patch10: 13-CVE-2017-17969.patch
+Patch11: 14-Fix-g++-warning.patch
 
 BuildRequires: cmake
 %if %{with gui}
@@ -124,7 +129,7 @@ chmod +x %{buildroot}%{_bindir}/p7zipForFilemanager
 %endif
 
 %check
-%if 0%{?rhel} != 6
+%if ! 0%{?rhel} || 0%{?rhel} >= 7
 make test
 %endif
 # Next test fails, because we don't have X11 envoirment ...
@@ -167,6 +172,12 @@ make test
 
 
 %changelog
+* Sat Jan 27 2018 Sérgio Basto <sergio@serjux.com> - 16.02-9
+- Security fix for CVE-2017-17969 (from Debian)
+- Add 05-hardening-flags.patch, 09-man-update.patch, 10-drop-fm-doc.patch
+  and 14-Fix-g++-warning.patch patches from Debian, very small changes
+  better documentation, compile flags and compile warning.
+
 * Wed Jan 24 2018 Sérgio Basto <sergio@serjux.com> - 16.02-8
 - Add sub-package doc