Date: Tuesday, May 17, 2016 @ 23:44:11 Author: foutrelis Revision: 268264
archrelease: copy trunk to extra-i686, extra-x86_64 Added: p7zip/repos/extra-i686/CVE-2016-2334.patch (from rev 268263, p7zip/trunk/CVE-2016-2334.patch) p7zip/repos/extra-i686/CVE-2016-2335.patch (from rev 268263, p7zip/trunk/CVE-2016-2335.patch) p7zip/repos/extra-i686/PKGBUILD (from rev 268263, p7zip/trunk/PKGBUILD) p7zip/repos/extra-i686/p7zip.install (from rev 268263, p7zip/trunk/p7zip.install) p7zip/repos/extra-x86_64/CVE-2016-2334.patch (from rev 268263, p7zip/trunk/CVE-2016-2334.patch) p7zip/repos/extra-x86_64/CVE-2016-2335.patch (from rev 268263, p7zip/trunk/CVE-2016-2335.patch) p7zip/repos/extra-x86_64/PKGBUILD (from rev 268263, p7zip/trunk/PKGBUILD) p7zip/repos/extra-x86_64/p7zip.install (from rev 268263, p7zip/trunk/p7zip.install) Deleted: p7zip/repos/extra-i686/PKGBUILD p7zip/repos/extra-i686/p7zip.install p7zip/repos/extra-x86_64/PKGBUILD p7zip/repos/extra-x86_64/p7zip.install ----------------------------------+ /PKGBUILD | 120 +++++++++++++++++++++++++++++++++++++ /p7zip.install | 18 +++++ extra-i686/CVE-2016-2334.patch | 24 +++++++ extra-i686/CVE-2016-2335.patch | 17 +++++ extra-i686/PKGBUILD | 52 ---------------- extra-i686/p7zip.install | 9 -- extra-x86_64/CVE-2016-2334.patch | 24 +++++++ extra-x86_64/CVE-2016-2335.patch | 17 +++++ extra-x86_64/PKGBUILD | 52 ---------------- extra-x86_64/p7zip.install | 9 -- 10 files changed, 220 insertions(+), 122 deletions(-) Copied: p7zip/repos/extra-i686/CVE-2016-2334.patch (from rev 268263, p7zip/trunk/CVE-2016-2334.patch) =================================================================== --- extra-i686/CVE-2016-2334.patch (rev 0) +++ extra-i686/CVE-2016-2334.patch 2016-05-17 21:44:11 UTC (rev 268264) @@ -0,0 +1,24 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo + item.GroupID = Get32(r + 0x24); + item.AdminFlags = r[0x28]; + item.OwnerFlags = r[0x29]; ++ */ + item.FileMode = Get16(r + 0x2A); ++ /* + item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount + item.FileType = Get32(r + 0x30); + item.FileCreator = Get32(r + 0x34); +@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile( + + UInt32 size = GetUi32(tableBuf + i * 8 + 4); + ++ if (size > buf.Size() || size > kCompressionBlockSize + 1) ++ return S_FALSE; ++ + RINOK(ReadStream_FALSE(inStream, buf, size)); + + if ((buf[0] & 0xF) == 0xF) Copied: p7zip/repos/extra-i686/CVE-2016-2335.patch (from rev 268263, p7zip/trunk/CVE-2016-2335.patch) =================================================================== --- extra-i686/CVE-2016-2335.patch (rev 0) +++ extra-i686/CVE-2016-2335.patch 2016-05-17 21:44:11 UTC (rev 268264) @@ -0,0 +1,17 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol + return S_FALSE; + CFile &file = Files.Back(); + const CLogVol &vol = LogVols[volIndex]; +- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex]; ++ unsigned partitionRef = lad.Location.PartitionRef; ++ ++ if (partitionRef >= vol.PartitionMaps.Size()) ++ return S_FALSE; ++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex]; + + UInt32 key = lad.Location.Pos; + UInt32 value; Deleted: extra-i686/PKGBUILD =================================================================== --- extra-i686/PKGBUILD 2016-05-17 21:43:53 UTC (rev 268263) +++ extra-i686/PKGBUILD 2016-05-17 21:44:11 UTC (rev 268264) @@ -1,52 +0,0 @@ -# $Id$ -# Maintainer: Evangelos Foutras <evange...@foutrelis.com> -# Contributor: Gaetan Bisson <bis...@archlinux.org> -# Contributor: Thayer Williams <tha...@archlinux.org> -# Contributor: Hugo Doria <h...@archlinux.org> -# Contributor: TuxSpirit<tuxspi...@archlinux.fr> 2007/11/17 21:22:36 UTC -# Contributor: Daniel J Griffiths <ghost1...@archlinux.us> - -pkgname=p7zip -pkgver=15.14.1 -pkgrel=1 -pkgdesc="Command-line file archiver with high compression ratio" -arch=('i686' 'x86_64') -url="http://p7zip.sourceforge.net/" -license=('LGPL' 'custom:unRAR') -depends=('gcc-libs' 'sh') -makedepends_i686=('nasm') -makedepends_x86_64=('yasm') -install=$pkgname.install -source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2) -sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4') - -prepare() { - cd "$srcdir/${pkgname}_$pkgver" - - if [[ $CARCH = x86_64 ]]; then - cp makefile.linux_amd64_asm makefile.machine - else - cp makefile.linux_x86_asm_gcc_4.X makefile.machine - fi -} - -build() { - cd "$srcdir/${pkgname}_$pkgver" - make all3 OPTFLAGS="$CFLAGS" -} - -package() { - cd "$srcdir/${pkgname}_$pkgver" - - make install \ - DEST_DIR="$pkgdir" \ - DEST_HOME=/usr \ - DEST_MAN=/usr/share/man - - install -d "${pkgdir}"/usr/share/licenses/p7zip - ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \ - /usr/share/doc/p7zip/DOC/License.txt \ - /usr/share/doc/p7zip/DOC/unRarLicense.txt -} - -# vim:set ts=2 sw=2 et: Copied: p7zip/repos/extra-i686/PKGBUILD (from rev 268263, p7zip/trunk/PKGBUILD) =================================================================== --- extra-i686/PKGBUILD (rev 0) +++ extra-i686/PKGBUILD 2016-05-17 21:44:11 UTC (rev 268264) @@ -0,0 +1,60 @@ +# $Id$ +# Maintainer: Evangelos Foutras <evange...@foutrelis.com> +# Contributor: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Thayer Williams <tha...@archlinux.org> +# Contributor: Hugo Doria <h...@archlinux.org> +# Contributor: TuxSpirit<tuxspi...@archlinux.fr> 2007/11/17 21:22:36 UTC +# Contributor: Daniel J Griffiths <ghost1...@archlinux.us> + +pkgname=p7zip +pkgver=15.14.1 +pkgrel=2 +pkgdesc="Command-line file archiver with high compression ratio" +arch=('i686' 'x86_64') +url="http://p7zip.sourceforge.net/" +license=('LGPL' 'custom:unRAR') +depends=('gcc-libs' 'sh') +makedepends_i686=('nasm') +makedepends_x86_64=('yasm') +install=$pkgname.install +source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2 + CVE-2016-2334.patch + CVE-2016-2335.patch) +sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4' + '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5' + '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf') + +prepare() { + cd "$srcdir/${pkgname}_$pkgver" + + if [[ $CARCH = x86_64 ]]; then + cp makefile.linux_amd64_asm makefile.machine + else + cp makefile.linux_x86_asm_gcc_4.X makefile.machine + fi + + # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ + patch -Np1 -i ../CVE-2016-2334.patch + patch -Np1 -i ../CVE-2016-2335.patch +} + +build() { + cd "$srcdir/${pkgname}_$pkgver" + make all3 OPTFLAGS="$CFLAGS" +} + +package() { + cd "$srcdir/${pkgname}_$pkgver" + + make install \ + DEST_DIR="$pkgdir" \ + DEST_HOME=/usr \ + DEST_MAN=/usr/share/man + + install -d "${pkgdir}"/usr/share/licenses/p7zip + ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \ + /usr/share/doc/p7zip/DOC/License.txt \ + /usr/share/doc/p7zip/DOC/unRarLicense.txt +} + +# vim:set ts=2 sw=2 et: Deleted: extra-i686/p7zip.install =================================================================== --- extra-i686/p7zip.install 2016-05-17 21:43:53 UTC (rev 268263) +++ extra-i686/p7zip.install 2016-05-17 21:44:11 UTC (rev 268264) @@ -1,9 +0,0 @@ -post_upgrade() { - if (($(vercmp $2 9.38.1-3) < 0)); then - echo ':: The 7zFM graphical frontend is no longer included in this package.' - echo ' If you used it, consider installing one of the following packages:' - echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.' - fi -} - -# vim:set ts=2 sw=2 et: Copied: p7zip/repos/extra-i686/p7zip.install (from rev 268263, p7zip/trunk/p7zip.install) =================================================================== --- extra-i686/p7zip.install (rev 0) +++ extra-i686/p7zip.install 2016-05-17 21:44:11 UTC (rev 268264) @@ -0,0 +1,9 @@ +post_upgrade() { + if (($(vercmp $2 9.38.1-3) < 0)); then + echo ':: The 7zFM graphical frontend is no longer included in this package.' + echo ' If you used it, consider installing one of the following packages:' + echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.' + fi +} + +# vim:set ts=2 sw=2 et: Copied: p7zip/repos/extra-x86_64/CVE-2016-2334.patch (from rev 268263, p7zip/trunk/CVE-2016-2334.patch) =================================================================== --- extra-x86_64/CVE-2016-2334.patch (rev 0) +++ extra-x86_64/CVE-2016-2334.patch 2016-05-17 21:44:11 UTC (rev 268264) @@ -0,0 +1,24 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo + item.GroupID = Get32(r + 0x24); + item.AdminFlags = r[0x28]; + item.OwnerFlags = r[0x29]; ++ */ + item.FileMode = Get16(r + 0x2A); ++ /* + item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount + item.FileType = Get32(r + 0x30); + item.FileCreator = Get32(r + 0x34); +@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile( + + UInt32 size = GetUi32(tableBuf + i * 8 + 4); + ++ if (size > buf.Size() || size > kCompressionBlockSize + 1) ++ return S_FALSE; ++ + RINOK(ReadStream_FALSE(inStream, buf, size)); + + if ((buf[0] & 0xF) == 0xF) Copied: p7zip/repos/extra-x86_64/CVE-2016-2335.patch (from rev 268263, p7zip/trunk/CVE-2016-2335.patch) =================================================================== --- extra-x86_64/CVE-2016-2335.patch (rev 0) +++ extra-x86_64/CVE-2016-2335.patch 2016-05-17 21:44:11 UTC (rev 268264) @@ -0,0 +1,17 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol + return S_FALSE; + CFile &file = Files.Back(); + const CLogVol &vol = LogVols[volIndex]; +- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex]; ++ unsigned partitionRef = lad.Location.PartitionRef; ++ ++ if (partitionRef >= vol.PartitionMaps.Size()) ++ return S_FALSE; ++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex]; + + UInt32 key = lad.Location.Pos; + UInt32 value; Deleted: extra-x86_64/PKGBUILD =================================================================== --- extra-x86_64/PKGBUILD 2016-05-17 21:43:53 UTC (rev 268263) +++ extra-x86_64/PKGBUILD 2016-05-17 21:44:11 UTC (rev 268264) @@ -1,52 +0,0 @@ -# $Id$ -# Maintainer: Evangelos Foutras <evange...@foutrelis.com> -# Contributor: Gaetan Bisson <bis...@archlinux.org> -# Contributor: Thayer Williams <tha...@archlinux.org> -# Contributor: Hugo Doria <h...@archlinux.org> -# Contributor: TuxSpirit<tuxspi...@archlinux.fr> 2007/11/17 21:22:36 UTC -# Contributor: Daniel J Griffiths <ghost1...@archlinux.us> - -pkgname=p7zip -pkgver=15.14.1 -pkgrel=1 -pkgdesc="Command-line file archiver with high compression ratio" -arch=('i686' 'x86_64') -url="http://p7zip.sourceforge.net/" -license=('LGPL' 'custom:unRAR') -depends=('gcc-libs' 'sh') -makedepends_i686=('nasm') -makedepends_x86_64=('yasm') -install=$pkgname.install -source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2) -sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4') - -prepare() { - cd "$srcdir/${pkgname}_$pkgver" - - if [[ $CARCH = x86_64 ]]; then - cp makefile.linux_amd64_asm makefile.machine - else - cp makefile.linux_x86_asm_gcc_4.X makefile.machine - fi -} - -build() { - cd "$srcdir/${pkgname}_$pkgver" - make all3 OPTFLAGS="$CFLAGS" -} - -package() { - cd "$srcdir/${pkgname}_$pkgver" - - make install \ - DEST_DIR="$pkgdir" \ - DEST_HOME=/usr \ - DEST_MAN=/usr/share/man - - install -d "${pkgdir}"/usr/share/licenses/p7zip - ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \ - /usr/share/doc/p7zip/DOC/License.txt \ - /usr/share/doc/p7zip/DOC/unRarLicense.txt -} - -# vim:set ts=2 sw=2 et: Copied: p7zip/repos/extra-x86_64/PKGBUILD (from rev 268263, p7zip/trunk/PKGBUILD) =================================================================== --- extra-x86_64/PKGBUILD (rev 0) +++ extra-x86_64/PKGBUILD 2016-05-17 21:44:11 UTC (rev 268264) @@ -0,0 +1,60 @@ +# $Id$ +# Maintainer: Evangelos Foutras <evange...@foutrelis.com> +# Contributor: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Thayer Williams <tha...@archlinux.org> +# Contributor: Hugo Doria <h...@archlinux.org> +# Contributor: TuxSpirit<tuxspi...@archlinux.fr> 2007/11/17 21:22:36 UTC +# Contributor: Daniel J Griffiths <ghost1...@archlinux.us> + +pkgname=p7zip +pkgver=15.14.1 +pkgrel=2 +pkgdesc="Command-line file archiver with high compression ratio" +arch=('i686' 'x86_64') +url="http://p7zip.sourceforge.net/" +license=('LGPL' 'custom:unRAR') +depends=('gcc-libs' 'sh') +makedepends_i686=('nasm') +makedepends_x86_64=('yasm') +install=$pkgname.install +source=(https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/${pkgname}_${pkgver}_src_all.tar.bz2 + CVE-2016-2334.patch + CVE-2016-2335.patch) +sha256sums=('699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4' + '632cae14095e065cb550b0f16faf39d8f822d0a8bb5b605e903f3bc7657a4ee5' + '368870f92c658e8add261695923470855a969c0d7ecafd880ec7144ac245adbf') + +prepare() { + cd "$srcdir/${pkgname}_$pkgver" + + if [[ $CARCH = x86_64 ]]; then + cp makefile.linux_amd64_asm makefile.machine + else + cp makefile.linux_x86_asm_gcc_4.X makefile.machine + fi + + # https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ + patch -Np1 -i ../CVE-2016-2334.patch + patch -Np1 -i ../CVE-2016-2335.patch +} + +build() { + cd "$srcdir/${pkgname}_$pkgver" + make all3 OPTFLAGS="$CFLAGS" +} + +package() { + cd "$srcdir/${pkgname}_$pkgver" + + make install \ + DEST_DIR="$pkgdir" \ + DEST_HOME=/usr \ + DEST_MAN=/usr/share/man + + install -d "${pkgdir}"/usr/share/licenses/p7zip + ln -s -t "$pkgdir/usr/share/licenses/p7zip/" \ + /usr/share/doc/p7zip/DOC/License.txt \ + /usr/share/doc/p7zip/DOC/unRarLicense.txt +} + +# vim:set ts=2 sw=2 et: Deleted: extra-x86_64/p7zip.install =================================================================== --- extra-x86_64/p7zip.install 2016-05-17 21:43:53 UTC (rev 268263) +++ extra-x86_64/p7zip.install 2016-05-17 21:44:11 UTC (rev 268264) @@ -1,9 +0,0 @@ -post_upgrade() { - if (($(vercmp $2 9.38.1-3) < 0)); then - echo ':: The 7zFM graphical frontend is no longer included in this package.' - echo ' If you used it, consider installing one of the following packages:' - echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.' - fi -} - -# vim:set ts=2 sw=2 et: Copied: p7zip/repos/extra-x86_64/p7zip.install (from rev 268263, p7zip/trunk/p7zip.install) =================================================================== --- extra-x86_64/p7zip.install (rev 0) +++ extra-x86_64/p7zip.install 2016-05-17 21:44:11 UTC (rev 268264) @@ -0,0 +1,9 @@ +post_upgrade() { + if (($(vercmp $2 9.38.1-3) < 0)); then + echo ':: The 7zFM graphical frontend is no longer included in this package.' + echo ' If you used it, consider installing one of the following packages:' + echo ' 1) file-roller, 2) engrampa, 3) kdeutils-ark.' + fi +} + +# vim:set ts=2 sw=2 et: