extra/p7zip to 15.14.1-2

2024-11-08 22:45:43 +00:00 · 2016-05-17 18:18:32 -04:00 · 2016-05-17 18:18:32 -04:00 · ce90a7a450
commit ce90a7a450
parent 3106a04787
3 changed files with 52 additions and 3 deletions
--- a/extra/p7zip/CVE-2016-2334.patch
+++ b/extra/p7zip/CVE-2016-2334.patch
@ -0,0 +1,24 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
+++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
+       item.GroupID = Get32(r + 0x24);
+       item.AdminFlags = r[0x28];
+       item.OwnerFlags = r[0x29];
+      */
+       item.FileMode = Get16(r + 0x2A);
+      /*
+       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+       item.FileType = Get32(r + 0x30);
+       item.FileCreator = Get32(r + 0x34);
+@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+ 
+     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+ 
+    if (size > buf.Size() || size > kCompressionBlockSize + 1)
+        return S_FALSE;
+
+     RINOK(ReadStream_FALSE(inStream, buf, size));
+ 
+     if ((buf[0] & 0xF) == 0xF)
--- a/extra/p7zip/CVE-2016-2335.patch
+++ b/extra/p7zip/CVE-2016-2335.patch
@ -0,0 +1,17 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
+++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
+     return S_FALSE;
+   CFile &file = Files.Back();
+   const CLogVol &vol = LogVols[volIndex];
+-  CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
+  unsigned partitionRef = lad.Location.PartitionRef;
+
+  if (partitionRef >= vol.PartitionMaps.Size())
+  	return S_FALSE;
+  CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+ 
+   UInt32 key = lad.Location.Pos;
+   UInt32 value;
--- a/extra/p7zip/PKGBUILD
+++ b/extra/p7zip/PKGBUILD
@ -11,7 +11,7 @@

 pkgname=p7zip
 pkgver=15.14.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Command-line file archiver with high compression ratio"
 arch=('i686' 'x86_64')
 url="http://p7zip.sourceforge.net/"
@ -20,13 +20,21 @@ depends=('gcc-libs' 'sh')
 makedepends_i686=('nasm')
 makedepends_x86_64=('yasm')
 install=$pkgname.install
-source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2)
-sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4')
+source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2
+        CVE-2016-2334.patch
+        CVE-2016-2335.patch)
+sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4'
+            '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5'
+            '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf')

 prepare() {
  cd "$srcdir/${pkgname}_$pkgver"

  cp makefile.linux_any_cpu_gcc_4.X makefile.machine
+
+  # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
+  patch -Np1 -i ../CVE-2016-2334.patch
+  patch -Np1 -i ../CVE-2016-2335.patch
 }

 build() {