Commit ecfd3062 authored by Daniel Sabogal's avatar Daniel Sabogal Committed by Timo Teräs
Browse files

main/p7zip: security fix for CVE-2016-9296

parent 49996c01
......@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=p7zip
pkgver=16.02
pkgrel=0
pkgrel=1
pkgdesc="A command-line port of the 7zip compression utility"
url="http://p7zip.sourceforge.net"
arch="all"
......@@ -11,18 +11,24 @@ license="LGPL2+"
subpackages="$pkgname-doc"
depends=""
makedepends="bash yasm nasm"
install=""
source="http://downloads.sourceforge.net/sourceforge/$pkgname/${pkgname}_${pkgver}_src_all.tar.bz2"
source="http://downloads.sourceforge.net/sourceforge/$pkgname/${pkgname}_${pkgver}_src_all.tar.bz2
CVE-2016-9296.patch"
builddir="$srcdir/${pkgname}_$pkgver"
# secfixes:
# 16.02-r1:
# - CVE-2016-9296
_builddir="$srcdir"/${pkgname}_${pkgver}
prepare() {
default_prepare || return 1
local makefile="makefile.linux_any_cpu_gcc_4.X"
case "$CARCH" in
x86) makefile="makefile.linux_x86_asm_gcc_4.X" ;;
x86_64) makefile="makefile.linux_amd64_asm" ;;
esac
cd "$_builddir"
cd "$builddir"
ln -sf $makefile makefile.machine || return 1
sed -e "s,g++,${CXX:-g++}," -i makefile.machine
......@@ -30,12 +36,12 @@ prepare() {
}
build() {
cd "$_builddir"
cd "$builddir"
make all3 OPTFLAGS="${CXXFLAGS}" || return 1
}
package() {
cd "$_builddir"
cd "$builddir"
make install DEST_DIR="$pkgdir" DEST_HOME="/usr" \
DEST_MAN="/usr/share/man" \
DEST_SHARE_DOC="/usr/share/doc/$pkgname" || return 1
......@@ -46,6 +52,9 @@ package() {
"$pkgdir"/usr/share/man/man1/$pkgname.1 || return 1
}
md5sums="a0128d661cfe7cc8c121e73519c54fbf p7zip_16.02_src_all.tar.bz2"
sha256sums="5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f p7zip_16.02_src_all.tar.bz2"
sha512sums="d2c4d53817f96bb4c7683f42045198d4cd509cfc9c3e2cb85c8d9dc4ab6dfa7496449edeac4e300ecf986a9cbbc90bd8f8feef8156895d94617c04e507add55f p7zip_16.02_src_all.tar.bz2"
md5sums="a0128d661cfe7cc8c121e73519c54fbf p7zip_16.02_src_all.tar.bz2
0f0535ca888273f3779ca14e8f186813 CVE-2016-9296.patch"
sha256sums="5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f p7zip_16.02_src_all.tar.bz2
f9bcbf21d4aa8938861a6cba992df13dec19538286e9ed747ccec6d9a4e8f983 CVE-2016-9296.patch"
sha512sums="d2c4d53817f96bb4c7683f42045198d4cd509cfc9c3e2cb85c8d9dc4ab6dfa7496449edeac4e300ecf986a9cbbc90bd8f8feef8156895d94617c04e507add55f p7zip_16.02_src_all.tar.bz2
7a7fddf4122c3f5d4632640149a94c285a18515f38510388709c2fb9ecd450f9f34ae2e5fe4926c1c68507567b0affa2c8e9194c732673171dd5ee625192b194 CVE-2016-9296.patch"
--- ./CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-21 01:42:29.460901230 +0000
+++ ./CPP/7zip/Archive/7z/7zIn.cpp 2016-11-21 01:42:57.481197725 +0000
@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
ThrowIncorrect();
}
- HeadersSize += folders.PackPositions[folders.NumPackStreams];
+ if (folders.PackPositions)
+ HeadersSize += folders.PackPositions[folders.NumPackStreams];
return S_OK;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment