From 2da69a08ce12325672e852ac2980ad25301242f6 Mon Sep 17 00:00:00 2001
From: André Fabian Silva Delgado <emulatorman@parabola.nu>
Date: Wed, 18 May 2016 13:56:12 -0300
Subject: p7zip-15.14.1-2.parabola1: add patches for CVE-2016-2334 and
 CVE-2016-2335

---
 libre/p7zip/CVE-2016-2334.patch | 24 ++++++++++++++++++++++++
 libre/p7zip/CVE-2016-2335.patch | 17 +++++++++++++++++
 libre/p7zip/PKGBUILD            | 16 ++++++++++++----
 3 files changed, 53 insertions(+), 4 deletions(-)
 create mode 100644 libre/p7zip/CVE-2016-2334.patch
 create mode 100644 libre/p7zip/CVE-2016-2335.patch

diff --git a/libre/p7zip/CVE-2016-2334.patch b/libre/p7zip/CVE-2016-2334.patch
new file mode 100644
index 000000000..1eb5163cb
--- /dev/null
+++ b/libre/p7zip/CVE-2016-2334.patch
@@ -0,0 +1,24 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
+       item.GroupID = Get32(r + 0x24);
+       item.AdminFlags = r[0x28];
+       item.OwnerFlags = r[0x29];
++      */
+       item.FileMode = Get16(r + 0x2A);
++      /*
+       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+       item.FileType = Get32(r + 0x30);
+       item.FileCreator = Get32(r + 0x34);
+@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+ 
+     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+ 
++    if (size > buf.Size() || size > kCompressionBlockSize + 1)
++        return S_FALSE;
++
+     RINOK(ReadStream_FALSE(inStream, buf, size));
+ 
+     if ((buf[0] & 0xF) == 0xF)
diff --git a/libre/p7zip/CVE-2016-2335.patch b/libre/p7zip/CVE-2016-2335.patch
new file mode 100644
index 000000000..a00d6a386
--- /dev/null
+++ b/libre/p7zip/CVE-2016-2335.patch
@@ -0,0 +1,17 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
+     return S_FALSE;
+   CFile &file = Files.Back();
+   const CLogVol &vol = LogVols[volIndex];
+-  CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++  unsigned partitionRef = lad.Location.PartitionRef;
++
++  if (partitionRef >= vol.PartitionMaps.Size())
++  	return S_FALSE;
++  CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+ 
+   UInt32 key = lad.Location.Pos;
+   UInt32 value;
diff --git a/libre/p7zip/PKGBUILD b/libre/p7zip/PKGBUILD
index 68d0ce310..73cafae17 100644
--- a/libre/p7zip/PKGBUILD
+++ b/libre/p7zip/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 267789 2016-05-11 10:17:43Z foutrelis $
+# $Id: PKGBUILD 268263 2016-05-17 21:43:53Z foutrelis $
 # Maintainer (Arch): Evangelos Foutras <evangelos@foutrelis.com>
 # Contributor (Arch): Gaetan Bisson <bisson@archlinux.org>
 # Contributor (Arch): Thayer Williams <thayer@archlinux.org>
@@ -10,7 +10,7 @@
 _pkgname=p7zip-libre
 pkgname=p7zip
 pkgver=15.14.1
-pkgrel=1.parabola1
+pkgrel=2.parabola1
 pkgdesc="Command-line file archiver with high compression ratio"
 arch=('i686' 'x86_64' 'armv7h')
 url="http://p7zip.sourceforge.net/"
@@ -23,10 +23,14 @@ makedepends_x86_64=('yasm')
 install=$pkgname.install
 mksource=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
 source=(https://repo.parabola.nu/other/${_pkgname}/${_pkgname}_${pkgver}_src_all.tar.bz2
-        libre.patch)
+        libre.patch
+        CVE-2016-2334.patch
+        CVE-2016-2335.patch)
 mksha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4')
 sha256sums=('2b43c19d4367356d38f78b020f58f874a5222022c7bc8e3f9620ab3c1899f61b'
-            'dd64ba789b8c23ecd3fbcccbcd62a217035de3a8c98517e7ba140a1a546ae77a')
+            'dd64ba789b8c23ecd3fbcccbcd62a217035de3a8c98517e7ba140a1a546ae77a'
+            '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5'
+            '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf')
 
 mksource() {
   cd "${srcdir}/${pkgname}_${pkgver}"
@@ -55,6 +59,10 @@ prepare() {
 
   # remove rar and parent folder icon references
   patch -Np1 -i ../libre.patch
+
+  # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
+  patch -Np1 -i ../CVE-2016-2334.patch
+  patch -Np1 -i ../CVE-2016-2335.patch
 }
 
 build() {
-- 
cgit v1.2.3