[arch-commits] Commit in p7zip/repos (12 files)
Evangelos Foutras
foutrelis at archlinux.org
Tue May 17 21:44:11 UTC 2016
Date: Tuesday, May 17, 2016 @ 23:44:11
Author: foutrelis
Revision: 268264
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
p7zip/repos/extra-i686/CVE-2016-2334.patch
(from rev 268263, p7zip/trunk/CVE-2016-2334.patch)
p7zip/repos/extra-i686/CVE-2016-2335.patch
(from rev 268263, p7zip/trunk/CVE-2016-2335.patch)
p7zip/repos/extra-i686/PKGBUILD
(from rev 268263, p7zip/trunk/PKGBUILD)
p7zip/repos/extra-i686/p7zip.install
(from rev 268263, p7zip/trunk/p7zip.install)
p7zip/repos/extra-x86_64/CVE-2016-2334.patch
(from rev 268263, p7zip/trunk/CVE-2016-2334.patch)
p7zip/repos/extra-x86_64/CVE-2016-2335.patch
(from rev 268263, p7zip/trunk/CVE-2016-2335.patch)
p7zip/repos/extra-x86_64/PKGBUILD
(from rev 268263, p7zip/trunk/PKGBUILD)
p7zip/repos/extra-x86_64/p7zip.install
(from rev 268263, p7zip/trunk/p7zip.install)
Deleted:
p7zip/repos/extra-i686/PKGBUILD
p7zip/repos/extra-i686/p7zip.install
p7zip/repos/extra-x86_64/PKGBUILD
p7zip/repos/extra-x86_64/p7zip.install
----------------------------------+
/PKGBUILD | 120 +++++++++++++++++++++++++++++++++++++
/p7zip.install | 18 +++++
extra-i686/CVE-2016-2334.patch | 24 +++++++
extra-i686/CVE-2016-2335.patch | 17 +++++
extra-i686/PKGBUILD | 52 ----------------
extra-i686/p7zip.install | 9 --
extra-x86_64/CVE-2016-2334.patch | 24 +++++++
extra-x86_64/CVE-2016-2335.patch | 17 +++++
extra-x86_64/PKGBUILD | 52 ----------------
extra-x86_64/p7zip.install | 9 --
10 files changed, 220 insertions(+), 122 deletions(-)
Copied: p7zip/repos/extra-i686/CVE-2016-2334.patch (from rev 268263, p7zip/trunk/CVE-2016-2334.patch)
===================================================================
--- extra-i686/CVE-2016-2334.patch (rev 0)
+++ extra-i686/CVE-2016-2334.patch 2016-05-17 21:44:11 UTC (rev 268264)
@@ -0,0 +1,24 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
+ item.GroupID = Get32(r + 0x24);
+ item.AdminFlags = r[0x28];
+ item.OwnerFlags = r[0x29];
++ */
+ item.FileMode = Get16(r + 0x2A);
++ /*
+ item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+ item.FileType = Get32(r + 0x30);
+ item.FileCreator = Get32(r + 0x34);
+@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+
+ UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+
++ if (size > buf.Size() || size > kCompressionBlockSize + 1)
++ return S_FALSE;
++
+ RINOK(ReadStream_FALSE(inStream, buf, size));
+
+ if ((buf[0] & 0xF) == 0xF)
Copied: p7zip/repos/extra-i686/CVE-2016-2335.patch (from rev 268263, p7zip/trunk/CVE-2016-2335.patch)
===================================================================
--- extra-i686/CVE-2016-2335.patch (rev 0)
+++ extra-i686/CVE-2016-2335.patch 2016-05-17 21:44:11 UTC (rev 268264)
@@ -0,0 +1,17 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
+ return S_FALSE;
+ CFile &file = Files.Back();
+ const CLogVol &vol = LogVols[volIndex];
+- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++ unsigned partitionRef = lad.Location.PartitionRef;
++
++ if (partitionRef >= vol.PartitionMaps.Size())
++ return S_FALSE;
++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+
+ UInt32 key = lad.Location.Pos;
+ UInt32 value;
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2016-05-17 21:43:53 UTC (rev 268263)
+++ extra-i686/PKGBUILD 2016-05-17 21:44:11 UTC (rev 268264)
@@ -1,52 +0,0 @@
-# $Id$
-# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
-# Contributor: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Thayer Williams <thayer at archlinux.org>
-# Contributor: Hugo Doria <hugo at archlinux.org>
-# Contributor: TuxSpirit<tuxspirit at archlinux.fr> 2007/11/17 21:22:36 UTC
-# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
-
-pkgname=p7zip
-pkgver=15.14.1
-pkgrel=1
-pkgdesc="Command-line file archiver with high compression ratio"
-arch=('i686' 'x86_64')
-url="http://p7zip.sourceforge.net/"
-license=('LGPL' 'custom:unRAR')
-depends=('gcc-libs' 'sh')
-makedepends_i686=('nasm')
-makedepends_x86_64=('yasm')
-install=$pkgname.install
-source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
-sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4')
-
-prepare() {
- cd "$srcdir/${pkgname}_$pkgver"
-
- if [[ $CARCH = x86_64 ]]; then
- cp makefile.linux_amd64_asm makefile.machine
- else
- cp makefile.linux_x86_asm_gcc_4.X makefile.machine
- fi
-}
-
-build() {
- cd "$srcdir/${pkgname}_$pkgver"
- make all3 OPTFLAGS="$CFLAGS"
-}
-
-package() {
- cd "$srcdir/${pkgname}_$pkgver"
-
- make install \
- DEST_DIR="$pkgdir" \
- DEST_HOME=/usr \
- DEST_MAN=/usr/share/man
-
- install -d "${pkgdir}"/usr/share/licenses/p7zip
- ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \
- /usr/share/doc/p7zip/DOC/License.txt \
- /usr/share/doc/p7zip/DOC/unRarLicense.txt
-}
-
-# vim:set ts=2 sw=2 et:
Copied: p7zip/repos/extra-i686/PKGBUILD (from rev 268263, p7zip/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2016-05-17 21:44:11 UTC (rev 268264)
@@ -0,0 +1,60 @@
+# $Id$
+# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
+# Contributor: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Thayer Williams <thayer at archlinux.org>
+# Contributor: Hugo Doria <hugo at archlinux.org>
+# Contributor: TuxSpirit<tuxspirit at archlinux.fr> 2007/11/17 21:22:36 UTC
+# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
+
+pkgname=p7zip
+pkgver=15.14.1
+pkgrel=2
+pkgdesc="Command-line file archiver with high compression ratio"
+arch=('i686' 'x86_64')
+url="http://p7zip.sourceforge.net/"
+license=('LGPL' 'custom:unRAR')
+depends=('gcc-libs' 'sh')
+makedepends_i686=('nasm')
+makedepends_x86_64=('yasm')
+install=$pkgname.install
+source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2
+ CVE-2016-2334.patch
+ CVE-2016-2335.patch)
+sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4'
+ '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5'
+ '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf')
+
+prepare() {
+ cd "$srcdir/${pkgname}_$pkgver"
+
+ if [[ $CARCH = x86_64 ]]; then
+ cp makefile.linux_amd64_asm makefile.machine
+ else
+ cp makefile.linux_x86_asm_gcc_4.X makefile.machine
+ fi
+
+ # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
+ patch -Np1 -i ../CVE-2016-2334.patch
+ patch -Np1 -i ../CVE-2016-2335.patch
+}
+
+build() {
+ cd "$srcdir/${pkgname}_$pkgver"
+ make all3 OPTFLAGS="$CFLAGS"
+}
+
+package() {
+ cd "$srcdir/${pkgname}_$pkgver"
+
+ make install \
+ DEST_DIR="$pkgdir" \
+ DEST_HOME=/usr \
+ DEST_MAN=/usr/share/man
+
+ install -d "${pkgdir}"/usr/share/licenses/p7zip
+ ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \
+ /usr/share/doc/p7zip/DOC/License.txt \
+ /usr/share/doc/p7zip/DOC/unRarLicense.txt
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: extra-i686/p7zip.install
===================================================================
--- extra-i686/p7zip.install 2016-05-17 21:43:53 UTC (rev 268263)
+++ extra-i686/p7zip.install 2016-05-17 21:44:11 UTC (rev 268264)
@@ -1,9 +0,0 @@
-post_upgrade() {
- if (($(vercmp $2 9.38.1-3) < 0)); then
- echo ':: The 7zFM graphical frontend is no longer included in this package.'
- echo ' If you used it, consider installing one of the following packages:'
- echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.'
- fi
-}
-
-# vim:set ts=2 sw=2 et:
Copied: p7zip/repos/extra-i686/p7zip.install (from rev 268263, p7zip/trunk/p7zip.install)
===================================================================
--- extra-i686/p7zip.install (rev 0)
+++ extra-i686/p7zip.install 2016-05-17 21:44:11 UTC (rev 268264)
@@ -0,0 +1,9 @@
+post_upgrade() {
+ if (($(vercmp $2 9.38.1-3) < 0)); then
+ echo ':: The 7zFM graphical frontend is no longer included in this package.'
+ echo ' If you used it, consider installing one of the following packages:'
+ echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.'
+ fi
+}
+
+# vim:set ts=2 sw=2 et:
Copied: p7zip/repos/extra-x86_64/CVE-2016-2334.patch (from rev 268263, p7zip/trunk/CVE-2016-2334.patch)
===================================================================
--- extra-x86_64/CVE-2016-2334.patch (rev 0)
+++ extra-x86_64/CVE-2016-2334.patch 2016-05-17 21:44:11 UTC (rev 268264)
@@ -0,0 +1,24 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
+ item.GroupID = Get32(r + 0x24);
+ item.AdminFlags = r[0x28];
+ item.OwnerFlags = r[0x29];
++ */
+ item.FileMode = Get16(r + 0x2A);
++ /*
+ item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+ item.FileType = Get32(r + 0x30);
+ item.FileCreator = Get32(r + 0x34);
+@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+
+ UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+
++ if (size > buf.Size() || size > kCompressionBlockSize + 1)
++ return S_FALSE;
++
+ RINOK(ReadStream_FALSE(inStream, buf, size));
+
+ if ((buf[0] & 0xF) == 0xF)
Copied: p7zip/repos/extra-x86_64/CVE-2016-2335.patch (from rev 268263, p7zip/trunk/CVE-2016-2335.patch)
===================================================================
--- extra-x86_64/CVE-2016-2335.patch (rev 0)
+++ extra-x86_64/CVE-2016-2335.patch 2016-05-17 21:44:11 UTC (rev 268264)
@@ -0,0 +1,17 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
+ return S_FALSE;
+ CFile &file = Files.Back();
+ const CLogVol &vol = LogVols[volIndex];
+- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++ unsigned partitionRef = lad.Location.PartitionRef;
++
++ if (partitionRef >= vol.PartitionMaps.Size())
++ return S_FALSE;
++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+
+ UInt32 key = lad.Location.Pos;
+ UInt32 value;
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2016-05-17 21:43:53 UTC (rev 268263)
+++ extra-x86_64/PKGBUILD 2016-05-17 21:44:11 UTC (rev 268264)
@@ -1,52 +0,0 @@
-# $Id$
-# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
-# Contributor: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Thayer Williams <thayer at archlinux.org>
-# Contributor: Hugo Doria <hugo at archlinux.org>
-# Contributor: TuxSpirit<tuxspirit at archlinux.fr> 2007/11/17 21:22:36 UTC
-# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
-
-pkgname=p7zip
-pkgver=15.14.1
-pkgrel=1
-pkgdesc="Command-line file archiver with high compression ratio"
-arch=('i686' 'x86_64')
-url="http://p7zip.sourceforge.net/"
-license=('LGPL' 'custom:unRAR')
-depends=('gcc-libs' 'sh')
-makedepends_i686=('nasm')
-makedepends_x86_64=('yasm')
-install=$pkgname.install
-source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
-sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4')
-
-prepare() {
- cd "$srcdir/${pkgname}_$pkgver"
-
- if [[ $CARCH = x86_64 ]]; then
- cp makefile.linux_amd64_asm makefile.machine
- else
- cp makefile.linux_x86_asm_gcc_4.X makefile.machine
- fi
-}
-
-build() {
- cd "$srcdir/${pkgname}_$pkgver"
- make all3 OPTFLAGS="$CFLAGS"
-}
-
-package() {
- cd "$srcdir/${pkgname}_$pkgver"
-
- make install \
- DEST_DIR="$pkgdir" \
- DEST_HOME=/usr \
- DEST_MAN=/usr/share/man
-
- install -d "${pkgdir}"/usr/share/licenses/p7zip
- ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \
- /usr/share/doc/p7zip/DOC/License.txt \
- /usr/share/doc/p7zip/DOC/unRarLicense.txt
-}
-
-# vim:set ts=2 sw=2 et:
Copied: p7zip/repos/extra-x86_64/PKGBUILD (from rev 268263, p7zip/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2016-05-17 21:44:11 UTC (rev 268264)
@@ -0,0 +1,60 @@
+# $Id$
+# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
+# Contributor: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Thayer Williams <thayer at archlinux.org>
+# Contributor: Hugo Doria <hugo at archlinux.org>
+# Contributor: TuxSpirit<tuxspirit at archlinux.fr> 2007/11/17 21:22:36 UTC
+# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
+
+pkgname=p7zip
+pkgver=15.14.1
+pkgrel=2
+pkgdesc="Command-line file archiver with high compression ratio"
+arch=('i686' 'x86_64')
+url="http://p7zip.sourceforge.net/"
+license=('LGPL' 'custom:unRAR')
+depends=('gcc-libs' 'sh')
+makedepends_i686=('nasm')
+makedepends_x86_64=('yasm')
+install=$pkgname.install
+source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2
+ CVE-2016-2334.patch
+ CVE-2016-2335.patch)
+sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4'
+ '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5'
+ '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf')
+
+prepare() {
+ cd "$srcdir/${pkgname}_$pkgver"
+
+ if [[ $CARCH = x86_64 ]]; then
+ cp makefile.linux_amd64_asm makefile.machine
+ else
+ cp makefile.linux_x86_asm_gcc_4.X makefile.machine
+ fi
+
+ # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
+ patch -Np1 -i ../CVE-2016-2334.patch
+ patch -Np1 -i ../CVE-2016-2335.patch
+}
+
+build() {
+ cd "$srcdir/${pkgname}_$pkgver"
+ make all3 OPTFLAGS="$CFLAGS"
+}
+
+package() {
+ cd "$srcdir/${pkgname}_$pkgver"
+
+ make install \
+ DEST_DIR="$pkgdir" \
+ DEST_HOME=/usr \
+ DEST_MAN=/usr/share/man
+
+ install -d "${pkgdir}"/usr/share/licenses/p7zip
+ ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \
+ /usr/share/doc/p7zip/DOC/License.txt \
+ /usr/share/doc/p7zip/DOC/unRarLicense.txt
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: extra-x86_64/p7zip.install
===================================================================
--- extra-x86_64/p7zip.install 2016-05-17 21:43:53 UTC (rev 268263)
+++ extra-x86_64/p7zip.install 2016-05-17 21:44:11 UTC (rev 268264)
@@ -1,9 +0,0 @@
-post_upgrade() {
- if (($(vercmp $2 9.38.1-3) < 0)); then
- echo ':: The 7zFM graphical frontend is no longer included in this package.'
- echo ' If you used it, consider installing one of the following packages:'
- echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.'
- fi
-}
-
-# vim:set ts=2 sw=2 et:
Copied: p7zip/repos/extra-x86_64/p7zip.install (from rev 268263, p7zip/trunk/p7zip.install)
===================================================================
--- extra-x86_64/p7zip.install (rev 0)
+++ extra-x86_64/p7zip.install 2016-05-17 21:44:11 UTC (rev 268264)
@@ -0,0 +1,9 @@
+post_upgrade() {
+ if (($(vercmp $2 9.38.1-3) < 0)); then
+ echo ':: The 7zFM graphical frontend is no longer included in this package.'
+ echo ' If you used it, consider installing one of the following packages:'
+ echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.'
+ fi
+}
+
+# vim:set ts=2 sw=2 et:
More information about the arch-commits
mailing list