Date: Tuesday, May 17, 2016 @ 23:43:53 Author: foutrelis Revision: 268263
upgpkg: p7zip 15.14.1-2 Add patches for CVE-2016-2334 and CVE-2016-2335. Added: p7zip/trunk/CVE-2016-2334.patch p7zip/trunk/CVE-2016-2335.patch Modified: p7zip/trunk/PKGBUILD ---------------------+ CVE-2016-2334.patch | 24 ++++++++++++++++++++++++ CVE-2016-2335.patch | 17 +++++++++++++++++ PKGBUILD | 14 +++++++++++--- 3 files changed, 52 insertions(+), 3 deletions(-) Added: CVE-2016-2334.patch =================================================================== --- CVE-2016-2334.patch (rev 0) +++ CVE-2016-2334.patch 2016-05-17 21:43:53 UTC (rev 268263) @@ -0,0 +1,24 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo + item.GroupID = Get32(r + 0x24); + item.AdminFlags = r[0x28]; + item.OwnerFlags = r[0x29]; ++ */ + item.FileMode = Get16(r + 0x2A); ++ /* + item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount + item.FileType = Get32(r + 0x30); + item.FileCreator = Get32(r + 0x34); +@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile( + + UInt32 size = GetUi32(tableBuf + i * 8 + 4); + ++ if (size > buf.Size() || size > kCompressionBlockSize + 1) ++ return S_FALSE; ++ + RINOK(ReadStream_FALSE(inStream, buf, size)); + + if ((buf[0] & 0xF) == 0xF) Added: CVE-2016-2335.patch =================================================================== --- CVE-2016-2335.patch (rev 0) +++ CVE-2016-2335.patch 2016-05-17 21:43:53 UTC (rev 268263) @@ -0,0 +1,17 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol + return S_FALSE; + CFile &file = Files.Back(); + const CLogVol &vol = LogVols[volIndex]; +- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex]; ++ unsigned partitionRef = lad.Location.PartitionRef; ++ ++ if (partitionRef >= vol.PartitionMaps.Size()) ++ return S_FALSE; ++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex]; + + UInt32 key = lad.Location.Pos; + UInt32 value; Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-05-17 21:41:51 UTC (rev 268262) +++ PKGBUILD 2016-05-17 21:43:53 UTC (rev 268263) @@ -8,7 +8,7 @@ pkgname=p7zip pkgver=15.14.1 -pkgrel=1 +pkgrel=2 pkgdesc="Command-line file archiver with high compression ratio" arch=('i686' 'x86_64') url="http://p7zip.sourceforge.net/" @@ -17,8 +17,12 @@ makedepends_i686=('nasm') makedepends_x86_64=('yasm') install=$pkgname.install -source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2) -sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4') +source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2 + CVE-2016-2334.patch + CVE-2016-2335.patch) +sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4' + '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5' + '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf') prepare() { cd "$srcdir/${pkgname}_$pkgver" @@ -28,6 +32,10 @@ else cp makefile.linux_x86_asm_gcc_4.X makefile.machine fi + + # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ + patch -Np1 -i ../CVE-2016-2334.patch + patch -Np1 -i ../CVE-2016-2335.patch } build() {