mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2025-01-27 23:44:04 +00:00
extra/p7zip to 15.14.1-2
This commit is contained in:
parent
3106a04787
commit
ce90a7a450
3 changed files with 52 additions and 3 deletions
24
extra/p7zip/CVE-2016-2334.patch
Normal file
24
extra/p7zip/CVE-2016-2334.patch
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
|
||||||
|
===================================================================
|
||||||
|
--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
|
||||||
|
+++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
|
||||||
|
@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
|
||||||
|
item.GroupID = Get32(r + 0x24);
|
||||||
|
item.AdminFlags = r[0x28];
|
||||||
|
item.OwnerFlags = r[0x29];
|
||||||
|
+ */
|
||||||
|
item.FileMode = Get16(r + 0x2A);
|
||||||
|
+ /*
|
||||||
|
item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
|
||||||
|
item.FileType = Get32(r + 0x30);
|
||||||
|
item.FileCreator = Get32(r + 0x34);
|
||||||
|
@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
|
||||||
|
|
||||||
|
UInt32 size = GetUi32(tableBuf + i * 8 + 4);
|
||||||
|
|
||||||
|
+ if (size > buf.Size() || size > kCompressionBlockSize + 1)
|
||||||
|
+ return S_FALSE;
|
||||||
|
+
|
||||||
|
RINOK(ReadStream_FALSE(inStream, buf, size));
|
||||||
|
|
||||||
|
if ((buf[0] & 0xF) == 0xF)
|
17
extra/p7zip/CVE-2016-2335.patch
Normal file
17
extra/p7zip/CVE-2016-2335.patch
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
|
||||||
|
===================================================================
|
||||||
|
--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
|
||||||
|
+++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
|
||||||
|
@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
|
||||||
|
return S_FALSE;
|
||||||
|
CFile &file = Files.Back();
|
||||||
|
const CLogVol &vol = LogVols[volIndex];
|
||||||
|
- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
|
||||||
|
+ unsigned partitionRef = lad.Location.PartitionRef;
|
||||||
|
+
|
||||||
|
+ if (partitionRef >= vol.PartitionMaps.Size())
|
||||||
|
+ return S_FALSE;
|
||||||
|
+ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
|
||||||
|
|
||||||
|
UInt32 key = lad.Location.Pos;
|
||||||
|
UInt32 value;
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
pkgname=p7zip
|
pkgname=p7zip
|
||||||
pkgver=15.14.1
|
pkgver=15.14.1
|
||||||
pkgrel=1
|
pkgrel=2
|
||||||
pkgdesc="Command-line file archiver with high compression ratio"
|
pkgdesc="Command-line file archiver with high compression ratio"
|
||||||
arch=('i686' 'x86_64')
|
arch=('i686' 'x86_64')
|
||||||
url="http://p7zip.sourceforge.net/"
|
url="http://p7zip.sourceforge.net/"
|
||||||
|
@ -20,13 +20,21 @@ depends=('gcc-libs' 'sh')
|
||||||
makedepends_i686=('nasm')
|
makedepends_i686=('nasm')
|
||||||
makedepends_x86_64=('yasm')
|
makedepends_x86_64=('yasm')
|
||||||
install=$pkgname.install
|
install=$pkgname.install
|
||||||
source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
|
source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2
|
||||||
sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4')
|
CVE-2016-2334.patch
|
||||||
|
CVE-2016-2335.patch)
|
||||||
|
sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4'
|
||||||
|
'632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5'
|
||||||
|
'368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf')
|
||||||
|
|
||||||
prepare() {
|
prepare() {
|
||||||
cd "$srcdir/${pkgname}_$pkgver"
|
cd "$srcdir/${pkgname}_$pkgver"
|
||||||
|
|
||||||
cp makefile.linux_any_cpu_gcc_4.X makefile.machine
|
cp makefile.linux_any_cpu_gcc_4.X makefile.machine
|
||||||
|
|
||||||
|
# https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
|
||||||
|
patch -Np1 -i ../CVE-2016-2334.patch
|
||||||
|
patch -Np1 -i ../CVE-2016-2335.patch
|
||||||
}
|
}
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
|
|
Loading…
Reference in a new issue