[arch-commits] Commit in libytnef/trunk (CVE-2017-9058.patch PKGBUILD)
Jan de Groot
jgc at archlinux.org
Sat Aug 12 21:22:30 UTC 2017
Date: Saturday, August 12, 2017 @ 21:22:29
Author: jgc
Revision: 301988
upgpkg: libytnef 1.9.2-2
Fix CVE-2017-9058
Added:
libytnef/trunk/CVE-2017-9058.patch
Modified:
libytnef/trunk/PKGBUILD
---------------------+
CVE-2017-9058.patch | 13 +++++++++++++
PKGBUILD | 13 ++++++++++---
2 files changed, 23 insertions(+), 3 deletions(-)
Added: CVE-2017-9058.patch
===================================================================
--- CVE-2017-9058.patch (rev 0)
+++ CVE-2017-9058.patch 2017-08-12 21:22:29 UTC (rev 301988)
@@ -0,0 +1,13 @@
+Index: ytnef/lib/ytnef.c
+===================================================================
+--- ytnef.orig/lib/ytnef.c
++++ ytnef/lib/ytnef.c
+@@ -57,7 +57,7 @@
+
+ #define ALLOCCHECK(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(-1); } }
+ #define ALLOCCHECK_CHAR(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(NULL); } }
+-#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) > size) { printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } }
++#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) >= size) { printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } }
+
+ int TNEFFillMapi(TNEFStruct *TNEF, BYTE *data, DWORD size, MAPIProps *p);
+ void SetFlip(void);
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-08-12 21:15:46 UTC (rev 301987)
+++ PKGBUILD 2017-08-12 21:22:29 UTC (rev 301988)
@@ -4,7 +4,7 @@
pkgname=libytnef
pkgver=1.9.2
-pkgrel=1
+pkgrel=2
pkgdesc="Yerase's TNEF Stream Reader library (decode winmail.dat)"
url="https://github.com/Yeraze/ytnef"
license=('GPL')
@@ -12,9 +12,16 @@
depends=('glibc')
makedepends=('perl')
optdepends=('perl: ytnefprocess.pl script')
-source=(https://github.com/Yeraze/ytnef/archive/v${pkgver}.tar.gz)
-sha256sums=('48f7d7272ba74b267d3f98a1b14c81fef54cfb53460346d7c36a9604df1f95ad')
+source=(https://github.com/Yeraze/ytnef/archive/v${pkgver}.tar.gz
+ CVE-2017-9058.patch)
+sha256sums=('48f7d7272ba74b267d3f98a1b14c81fef54cfb53460346d7c36a9604df1f95ad'
+ 'd2fcf8e9c3253f8a56006b2e622b527a37c4352487cdfc86719eb3fb719318ed')
+prepare() {
+ cd ytnef-${pkgver}
+ patch -Np1 -i ../CVE-2017-9058.patch
+}
+
build() {
cd ytnef-${pkgver}
./autogen.sh
More information about the arch-commits
mailing list