summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libre/p7zip/CVE-2016-2334.patch24
-rw-r--r--libre/p7zip/CVE-2016-2335.patch17
-rw-r--r--libre/p7zip/PKGBUILD16
3 files changed, 53 insertions, 4 deletions
diff --git a/libre/p7zip/CVE-2016-2334.patch b/libre/p7zip/CVE-2016-2334.patch
new file mode 100644
index 000000000..1eb5163cb
--- /dev/null
+++ b/libre/p7zip/CVE-2016-2334.patch
@@ -0,0 +1,24 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
+ item.GroupID = Get32(r + 0x24);
+ item.AdminFlags = r[0x28];
+ item.OwnerFlags = r[0x29];
++ */
+ item.FileMode = Get16(r + 0x2A);
++ /*
+ item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+ item.FileType = Get32(r + 0x30);
+ item.FileCreator = Get32(r + 0x34);
+@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+
+ UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+
++ if (size > buf.Size() || size > kCompressionBlockSize + 1)
++ return S_FALSE;
++
+ RINOK(ReadStream_FALSE(inStream, buf, size));
+
+ if ((buf[0] & 0xF) == 0xF)
diff --git a/libre/p7zip/CVE-2016-2335.patch b/libre/p7zip/CVE-2016-2335.patch
new file mode 100644
index 000000000..a00d6a386
--- /dev/null
+++ b/libre/p7zip/CVE-2016-2335.patch
@@ -0,0 +1,17 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
+ return S_FALSE;
+ CFile &file = Files.Back();
+ const CLogVol &vol = LogVols[volIndex];
+- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++ unsigned partitionRef = lad.Location.PartitionRef;
++
++ if (partitionRef >= vol.PartitionMaps.Size())
++ return S_FALSE;
++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+
+ UInt32 key = lad.Location.Pos;
+ UInt32 value;
diff --git a/libre/p7zip/PKGBUILD b/libre/p7zip/PKGBUILD
index 68d0ce310..73cafae17 100644
--- a/libre/p7zip/PKGBUILD
+++ b/libre/p7zip/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 267789 2016-05-11 10:17:43Z foutrelis $
+# $Id: PKGBUILD 268263 2016-05-17 21:43:53Z foutrelis $
# Maintainer (Arch): Evangelos Foutras <evangelos@foutrelis.com>
# Contributor (Arch): Gaetan Bisson <bisson@archlinux.org>
# Contributor (Arch): Thayer Williams <thayer@archlinux.org>
@@ -10,7 +10,7 @@
_pkgname=p7zip-libre
pkgname=p7zip
pkgver=15.14.1
-pkgrel=1.parabola1
+pkgrel=2.parabola1
pkgdesc="Command-line file archiver with high compression ratio"
arch=('i686' 'x86_64' 'armv7h')
url="http://p7zip.sourceforge.net/"
@@ -23,10 +23,14 @@ makedepends_x86_64=('yasm')
install=$pkgname.install
mksource=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
source=(https://repo.parabola.nu/other/${_pkgname}/${_pkgname}_${pkgver}_src_all.tar.bz2
- libre.patch)
+ libre.patch
+ CVE-2016-2334.patch
+ CVE-2016-2335.patch)
mksha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4')
sha256sums=('2b43c19d4367356d38f78b020f58f874a5222022c7bc8e3f9620ab3c1899f61b'
- 'dd64ba789b8c23ecd3fbcccbcd62a217035de3a8c98517e7ba140a1a546ae77a')
+ 'dd64ba789b8c23ecd3fbcccbcd62a217035de3a8c98517e7ba140a1a546ae77a'
+ '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5'
+ '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf')
mksource() {
cd "${srcdir}/${pkgname}_${pkgver}"
@@ -55,6 +59,10 @@ prepare() {
# remove rar and parent folder icon references
patch -Np1 -i ../libre.patch
+
+ # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
+ patch -Np1 -i ../CVE-2016-2334.patch
+ patch -Np1 -i ../CVE-2016-2335.patch
}
build() {