summaryrefslogtreecommitdiff
path: root/libre
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2017-02-05 23:31:18 -0300
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2017-02-05 23:31:18 -0300
commitab0531d59e13e7d170ddaa0039c84b246162c574 (patch)
tree6946b9d99d451bd65d875bf8077dc51a962d354c /libre
parent80dd6b2c8a015fec1a464b6af5a4ed76035b5642 (diff)
downloadabslibre-ab0531d59e13e7d170ddaa0039c84b246162c574.tar.gz
abslibre-ab0531d59e13e7d170ddaa0039c84b246162c574.tar.bz2
abslibre-ab0531d59e13e7d170ddaa0039c84b246162c574.zip
p7zip-16.02-3.parabola1: add fix for CVE-2016-9296 - FS#52841 -> https://bugs.archlinux.org/task/52841
Diffstat (limited to 'libre')
-rw-r--r--libre/p7zip/CVE-2016-9296.patch12
-rw-r--r--libre/p7zip/PKGBUILD9
2 files changed, 19 insertions, 2 deletions
diff --git a/libre/p7zip/CVE-2016-9296.patch b/libre/p7zip/CVE-2016-9296.patch
new file mode 100644
index 000000000..773f92a46
--- /dev/null
+++ b/libre/p7zip/CVE-2016-9296.patch
@@ -0,0 +1,12 @@
+--- ./CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-21 01:42:29.460901230 +0000
++++ ./CPP/7zip/Archive/7z/7zIn.cpp 2016-11-21 01:42:57.481197725 +0000
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
+ if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+ ThrowIncorrect();
+ }
+- HeadersSize += folders.PackPositions[folders.NumPackStreams];
++ if (folders.PackPositions)
++ HeadersSize += folders.PackPositions[folders.NumPackStreams];
+ return S_OK;
+ }
+
diff --git a/libre/p7zip/PKGBUILD b/libre/p7zip/PKGBUILD
index eb4ff80be..254611af3 100644
--- a/libre/p7zip/PKGBUILD
+++ b/libre/p7zip/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 273435 2016-08-07 08:39:24Z foutrelis $
+# $Id: PKGBUILD 288091 2017-02-05 19:09:19Z foutrelis $
# Maintainer (Arch): Evangelos Foutras <evangelos@foutrelis.com>
# Contributor (Arch): Gaetan Bisson <bisson@archlinux.org>
# Contributor (Arch): Thayer Williams <thayer@archlinux.org>
@@ -10,7 +10,7 @@
_pkgname=p7zip-libre
pkgname=p7zip
pkgver=16.02
-pkgrel=2.parabola1
+pkgrel=3.parabola1
pkgdesc="Command-line file archiver with high compression ratio"
arch=('i686' 'x86_64' 'armv7h')
url="http://p7zip.sourceforge.net/"
@@ -23,9 +23,11 @@ makedepends_x86_64=('yasm')
install=$pkgname.install
mksource=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
source=(https://repo.parabola.nu/other/${_pkgname}/${_pkgname}_${pkgver}_src_all.tar.bz2
+ CVE-2016-9296.patch
libre.patch)
mksha256sums=('5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f')
sha256sums=('486e5784de9284c7123b401b3f27e684af772d03fc1fb8cdbbefb8123dc9f841'
+ 'f9bcbf21d4aa8938861a6cba992df13dec19538286e9ed747ccec6d9a4e8f983'
'feeeb3b1b7a827b7a675d6c8a363ea6c2499a4f04b3160c7e8d7bba42e0b3c15')
mksource() {
@@ -45,6 +47,9 @@ mksource() {
prepare() {
cd "$srcdir/${pkgname}_$pkgver"
+ # https://sourceforge.net/p/p7zip/bugs/185/
+ patch -Np1 -i ../CVE-2016-9296.patch
+
if [[ $CARCH = x86_64 ]]; then
cp makefile.linux_amd64_asm makefile.machine
elif [[ $CARCH = i686 ]]; then