[arch-commits] Commit in p7zip/trunk (CVE-2016-9296.patch PKGBUILD)
Evangelos Foutras
foutrelis at archlinux.org
Sun Feb 5 19:09:20 UTC 2017
Date: Sunday, February 5, 2017 @ 19:09:19
Author: foutrelis
Revision: 288091
upgpkg: p7zip 16.02-3
Add fix for CVE-2016-9296 (FS#52841).
Added:
p7zip/trunk/CVE-2016-9296.patch
Modified:
p7zip/trunk/PKGBUILD
---------------------+
CVE-2016-9296.patch | 12 ++++++++++++
PKGBUILD | 11 ++++++++---
2 files changed, 20 insertions(+), 3 deletions(-)
Added: CVE-2016-9296.patch
===================================================================
--- CVE-2016-9296.patch (rev 0)
+++ CVE-2016-9296.patch 2017-02-05 19:09:19 UTC (rev 288091)
@@ -0,0 +1,12 @@
+--- ./CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-21 01:42:29.460901230 +0000
++++ ./CPP/7zip/Archive/7z/7zIn.cpp 2016-11-21 01:42:57.481197725 +0000
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
+ if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+ ThrowIncorrect();
+ }
+- HeadersSize += folders.PackPositions[folders.NumPackStreams];
++ if (folders.PackPositions)
++ HeadersSize += folders.PackPositions[folders.NumPackStreams];
+ return S_OK;
+ }
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-02-05 18:35:52 UTC (rev 288090)
+++ PKGBUILD 2017-02-05 19:09:19 UTC (rev 288091)
@@ -8,7 +8,7 @@
pkgname=p7zip
pkgver=16.02
-pkgrel=2
+pkgrel=3
pkgdesc="Command-line file archiver with high compression ratio"
arch=('i686' 'x86_64')
url="http://p7zip.sourceforge.net/"
@@ -17,12 +17,17 @@
makedepends_i686=('nasm')
makedepends_x86_64=('yasm')
install=$pkgname.install
-source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
-sha256sums=('5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f')
+source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2
+ CVE-2016-9296.patch)
+sha256sums=('5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f'
+ 'f9bcbf21d4aa8938861a6cba992df13dec19538286e9ed747ccec6d9a4e8f983')
prepare() {
cd "$srcdir/${pkgname}_$pkgver"
+ # https://sourceforge.net/p/p7zip/bugs/185/
+ patch -Np1 -i ../CVE-2016-9296.patch
+
if [[ $CARCH = x86_64 ]]; then
cp makefile.linux_amd64_asm makefile.machine
else
More information about the arch-commits
mailing list