diff options
-rw-r--r-- | libre/p7zip/CVE-2016-2334.patch | 24 | ||||
-rw-r--r-- | libre/p7zip/CVE-2016-2335.patch | 17 | ||||
-rw-r--r-- | libre/p7zip/PKGBUILD | 16 |
3 files changed, 53 insertions, 4 deletions
diff --git a/libre/p7zip/CVE-2016-2334.patch b/libre/p7zip/CVE-2016-2334.patch new file mode 100644 index 000000000..1eb5163cb --- /dev/null +++ b/libre/p7zip/CVE-2016-2334.patch @@ -0,0 +1,24 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo + item.GroupID = Get32(r + 0x24); + item.AdminFlags = r[0x28]; + item.OwnerFlags = r[0x29]; ++ */ + item.FileMode = Get16(r + 0x2A); ++ /* + item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount + item.FileType = Get32(r + 0x30); + item.FileCreator = Get32(r + 0x34); +@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile( + + UInt32 size = GetUi32(tableBuf + i * 8 + 4); + ++ if (size > buf.Size() || size > kCompressionBlockSize + 1) ++ return S_FALSE; ++ + RINOK(ReadStream_FALSE(inStream, buf, size)); + + if ((buf[0] & 0xF) == 0xF) diff --git a/libre/p7zip/CVE-2016-2335.patch b/libre/p7zip/CVE-2016-2335.patch new file mode 100644 index 000000000..a00d6a386 --- /dev/null +++ b/libre/p7zip/CVE-2016-2335.patch @@ -0,0 +1,17 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol + return S_FALSE; + CFile &file = Files.Back(); + const CLogVol &vol = LogVols[volIndex]; +- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex]; ++ unsigned partitionRef = lad.Location.PartitionRef; ++ ++ if (partitionRef >= vol.PartitionMaps.Size()) ++ return S_FALSE; ++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex]; + + UInt32 key = lad.Location.Pos; + UInt32 value; diff --git a/libre/p7zip/PKGBUILD b/libre/p7zip/PKGBUILD index 68d0ce310..73cafae17 100644 --- a/libre/p7zip/PKGBUILD +++ b/libre/p7zip/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 267789 2016-05-11 10:17:43Z foutrelis $ +# $Id: PKGBUILD 268263 2016-05-17 21:43:53Z foutrelis $ # Maintainer (Arch): Evangelos Foutras <evangelos@foutrelis.com> # Contributor (Arch): Gaetan Bisson <bisson@archlinux.org> # Contributor (Arch): Thayer Williams <thayer@archlinux.org> @@ -10,7 +10,7 @@ _pkgname=p7zip-libre pkgname=p7zip pkgver=15.14.1 -pkgrel=1.parabola1 +pkgrel=2.parabola1 pkgdesc="Command-line file archiver with high compression ratio" arch=('i686' 'x86_64' 'armv7h') url="http://p7zip.sourceforge.net/" @@ -23,10 +23,14 @@ makedepends_x86_64=('yasm') install=$pkgname.install mksource=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2) source=(https://repo.parabola.nu/other/${_pkgname}/${_pkgname}_${pkgver}_src_all.tar.bz2 - libre.patch) + libre.patch + CVE-2016-2334.patch + CVE-2016-2335.patch) mksha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4') sha256sums=('2b43c19d4367356d38f78b020f58f874a5222022c7bc8e3f9620ab3c1899f61b' - 'dd64ba789b8c23ecd3fbcccbcd62a217035de3a8c98517e7ba140a1a546ae77a') + 'dd64ba789b8c23ecd3fbcccbcd62a217035de3a8c98517e7ba140a1a546ae77a' + '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5' + '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf') mksource() { cd "${srcdir}/${pkgname}_${pkgver}" @@ -55,6 +59,10 @@ prepare() { # remove rar and parent folder icon references patch -Np1 -i ../libre.patch + + # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ + patch -Np1 -i ../CVE-2016-2334.patch + patch -Np1 -i ../CVE-2016-2335.patch } build() { |