Date: Saturday, August 12, 2017 @ 21:22:29 Author: jgc Revision: 301988
upgpkg: libytnef 1.9.2-2 Fix CVE-2017-9058 Added: libytnef/trunk/CVE-2017-9058.patch Modified: libytnef/trunk/PKGBUILD ---------------------+ CVE-2017-9058.patch | 13 +++++++++++++ PKGBUILD | 13 ++++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) Added: CVE-2017-9058.patch =================================================================== --- CVE-2017-9058.patch (rev 0) +++ CVE-2017-9058.patch 2017-08-12 21:22:29 UTC (rev 301988) @@ -0,0 +1,13 @@ +Index: ytnef/lib/ytnef.c +=================================================================== +--- ytnef.orig/lib/ytnef.c ++++ ytnef/lib/ytnef.c +@@ -57,7 +57,7 @@ + + #define ALLOCCHECK(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(-1); } } + #define ALLOCCHECK_CHAR(x) { if(!x) { printf("Out of Memory at %s : %i\n", __FILE__, __LINE__); return(NULL); } } +-#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) > size) { printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } } ++#define SIZECHECK(x) { if ((((char *)d - (char *)data) + x) >= size) { printf("Corrupted file detected at %s : %i\n", __FILE__, __LINE__); return(-1); } } + + int TNEFFillMapi(TNEFStruct *TNEF, BYTE *data, DWORD size, MAPIProps *p); + void SetFlip(void); Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-08-12 21:15:46 UTC (rev 301987) +++ PKGBUILD 2017-08-12 21:22:29 UTC (rev 301988) @@ -4,7 +4,7 @@ pkgname=libytnef pkgver=1.9.2 -pkgrel=1 +pkgrel=2 pkgdesc="Yerase's TNEF Stream Reader library (decode winmail.dat)" url="https://github.com/Yeraze/ytnef" license=('GPL') @@ -12,9 +12,16 @@ depends=('glibc') makedepends=('perl') optdepends=('perl: ytnefprocess.pl script') -source=(https://github.com/Yeraze/ytnef/archive/v${pkgver}.tar.gz) -sha256sums=('48f7d7272ba74b267d3f98a1b14c81fef54cfb53460346d7c36a9604df1f95ad') +source=(https://github.com/Yeraze/ytnef/archive/v${pkgver}.tar.gz + CVE-2017-9058.patch) +sha256sums=('48f7d7272ba74b267d3f98a1b14c81fef54cfb53460346d7c36a9604df1f95ad' + 'd2fcf8e9c3253f8a56006b2e622b527a37c4352487cdfc86719eb3fb719318ed') +prepare() { + cd ytnef-${pkgver} + patch -Np1 -i ../CVE-2017-9058.patch +} + build() { cd ytnef-${pkgver} ./autogen.sh