[arch-commits] Commit in libytnef/trunk (CVE-2017-9058.patch PKGBUILD)

Jan de Groot jgc at archlinux.org
Sat Aug 12 21:22:30 UTC 2017 

    Date: Saturday, August 12, 2017 @ 21:22:29
  Author: jgc
Revision: 301988

upgpkg: libytnef 1.9.2-2

Fix CVE-2017-9058

Added:
  libytnef/trunk/CVE-2017-9058.patch
Modified:
  libytnef/trunk/PKGBUILD

---------------------+
 CVE-2017-9058.patch |   13 +++++++++++++
 PKGBUILD            |   13 ++++++++++---
 2 files changed, 23 insertions(+), 3 deletions(-)

Added: CVE-2017-9058.patch
===================================================================
--- CVE-2017-9058.patch	                        (rev 0)
+++ CVE-2017-9058.patch	2017-08-12 21:22:29 UTC (rev 301988)
@@ -0,0 +1,13 @@
+Index: ytnef/lib/ytnef.c
+===================================================================
+--- ytnef.orig/lib/ytnef.c
++++ ytnef/lib/ytnef.c
+@@ -57,7 +57,7 @@
+ 
+ #define ALLOCCHECK(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(-1); } }
+ #define ALLOCCHECK_CHAR(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(NULL); } }
+-#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) > size) {  printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } }
++#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) >= size) {  printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } }
+ 
+ int TNEFFillMapi(TNEFStruct *TNEF, BYTE *data, DWORD size, MAPIProps *p);
+ void SetFlip(void);

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-08-12 21:15:46 UTC (rev 301987)
+++ PKGBUILD	2017-08-12 21:22:29 UTC (rev 301988)
@@ -4,7 +4,7 @@
 
 pkgname=libytnef
 pkgver=1.9.2
-pkgrel=1
+pkgrel=2
 pkgdesc="Yerase's TNEF Stream Reader library (decode winmail.dat)"
 url="https://github.com/Yeraze/ytnef"
 license=('GPL')
@@ -12,9 +12,16 @@
 depends=('glibc')
 makedepends=('perl')
 optdepends=('perl: ytnefprocess.pl script')
-source=(https://github.com/Yeraze/ytnef/archive/v${pkgver}.tar.gz)
-sha256sums=('48f7d7272ba74b267d3f98a1b14c81fef54cfb53460346d7c36a9604df1f95ad')
+source=(https://github.com/Yeraze/ytnef/archive/v${pkgver}.tar.gz
+        CVE-2017-9058.patch)
+sha256sums=('48f7d7272ba74b267d3f98a1b14c81fef54cfb53460346d7c36a9604df1f95ad'
+            'd2fcf8e9c3253f8a56006b2e622b527a37c4352487cdfc86719eb3fb719318ed')
 
+prepare() {
+  cd ytnef-${pkgver}
+  patch -Np1 -i ../CVE-2017-9058.patch
+}
+
 build() {
   cd ytnef-${pkgver}
   ./autogen.sh

More information about the arch-commits mailing list