[arch-commits] Commit in p7zip/trunk (3 files)

Evangelos Foutras foutrelis at archlinux.org
Sat Jul 16 13:04:22 UTC 2016


    Date: Saturday, July 16, 2016 @ 13:04:22
  Author: foutrelis
Revision: 271943

upgpkg: p7zip 16.02-1

New upstream release.

Modified:
  p7zip/trunk/PKGBUILD
Deleted:
  p7zip/trunk/CVE-2016-2334.patch
  p7zip/trunk/CVE-2016-2335.patch

---------------------+
 CVE-2016-2334.patch |   24 ------------------------
 CVE-2016-2335.patch |   17 -----------------
 PKGBUILD            |   16 ++++------------
 3 files changed, 4 insertions(+), 53 deletions(-)

Deleted: CVE-2016-2334.patch
===================================================================
--- CVE-2016-2334.patch	2016-07-16 12:39:18 UTC (rev 271942)
+++ CVE-2016-2334.patch	2016-07-16 13:04:22 UTC (rev 271943)
@@ -1,24 +0,0 @@
-Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
-===================================================================
---- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
-+++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
-@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
-       item.GroupID = Get32(r + 0x24);
-       item.AdminFlags = r[0x28];
-       item.OwnerFlags = r[0x29];
-+      */
-       item.FileMode = Get16(r + 0x2A);
-+      /*
-       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
-       item.FileType = Get32(r + 0x30);
-       item.FileCreator = Get32(r + 0x34);
-@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
- 
-     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
- 
-+    if (size > buf.Size() || size > kCompressionBlockSize + 1)
-+        return S_FALSE;
-+
-     RINOK(ReadStream_FALSE(inStream, buf, size));
- 
-     if ((buf[0] & 0xF) == 0xF)

Deleted: CVE-2016-2335.patch
===================================================================
--- CVE-2016-2335.patch	2016-07-16 12:39:18 UTC (rev 271942)
+++ CVE-2016-2335.patch	2016-07-16 13:04:22 UTC (rev 271943)
@@ -1,17 +0,0 @@
-Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
-===================================================================
---- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
-+++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
-@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
-     return S_FALSE;
-   CFile &file = Files.Back();
-   const CLogVol &vol = LogVols[volIndex];
--  CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
-+  unsigned partitionRef = lad.Location.PartitionRef;
-+
-+  if (partitionRef >= vol.PartitionMaps.Size())
-+  	return S_FALSE;
-+  CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
- 
-   UInt32 key = lad.Location.Pos;
-   UInt32 value;

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2016-07-16 12:39:18 UTC (rev 271942)
+++ PKGBUILD	2016-07-16 13:04:22 UTC (rev 271943)
@@ -7,8 +7,8 @@
 # Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
 
 pkgname=p7zip
-pkgver=15.14.1
-pkgrel=2
+pkgver=16.02
+pkgrel=1
 pkgdesc="Command-line file archiver with high compression ratio"
 arch=('i686' 'x86_64')
 url="http://p7zip.sourceforge.net/"
@@ -17,12 +17,8 @@
 makedepends_i686=('nasm')
 makedepends_x86_64=('yasm')
 install=$pkgname.install
-source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2
-        CVE-2016-2334.patch
-        CVE-2016-2335.patch)
-sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4'
-            '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5'
-            '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf')
+source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
+sha256sums=('5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f')
 
 prepare() {
   cd "$srcdir/${pkgname}_$pkgver"
@@ -32,10 +28,6 @@
   else
     cp makefile.linux_x86_asm_gcc_4.X makefile.machine
   fi
-
-  # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
-  patch -Np1 -i ../CVE-2016-2334.patch
-  patch -Np1 -i ../CVE-2016-2335.patch
 }
 
 build() {



More information about the arch-commits mailing list