rpms
/
p7zip
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve security patch

Browse Source
i9fe
Sérgio M. Basto 7 years ago
parent 178154db11
commit 7db88227fe
2 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File

26
13-CVE-2017-17969.patch → CVE-2017-17969.patch
Unescape View File

@ -1,26 +1,26 @@
From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org> From 79bca880ce7bcf07216c45f93afea545e0344418 Mon Sep 17 00:00:00 2001
Date: Sun, 28 Jan 2018 21:19:50 +0100 From: aone <aone@keka.io>
Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta Date: Mon, 5 Feb 2018 13:01:09 +0100
Subject: [PATCH] Security fix CVE-2017-17969
--- ---
CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++- CPP/7zip/Compress/ShrinkDecoder.cpp | 5 +++++
1 file changed, 6 insertions(+), 1 deletion(-) 1 file changed, 5 insertions(+)
diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
index 80b7e67..4acdce5 100644 index 80b7e67..5bb0559 100644
--- a/CPP/7zip/Compress/ShrinkDecoder.cpp --- a/CPP/7zip/Compress/ShrinkDecoder.cpp
+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp +++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * @@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
{ {
_stack[i++] = _suffixes[cur]; _stack[i++] = _suffixes[cur];
cur = _parents[cur]; cur = _parents[cur];
- } + if (cur >= kNumItems || i >= kNumItems)
+ if (i >= kNumItems) + break;
+ break; }
+ } +
+ + if (cur >= kNumItems || i >= kNumItems)
+ if (i >= kNumItems) + break;
+ break;
_stack[i++] = (Byte)cur; _stack[i++] = (Byte)cur;
lastChar2 = (Byte)cur; lastChar2 = (Byte)cur;

7
p7zip.spec
Unescape View File

@ -7,7 +7,7 @@
Summary: Very high compression ratio file archiver Summary: Very high compression ratio file archiver
Name: p7zip Name: p7zip
Version: 16.02 Version: 16.02
Release: 9%{?dist} Release: 10%{?dist}
# Files under C/Compress/Lzma/ are dual LGPL or CPL # Files under C/Compress/Lzma/ are dual LGPL or CPL
License: LGPLv2 and (LGPLv2+ or CPL) License: LGPLv2 and (LGPLv2+ or CPL)
URL: http://p7zip.sourceforge.net/ URL: http://p7zip.sourceforge.net/
@ -26,7 +26,7 @@ Patch4: p7zip-manpages.patch
Patch5: 02-man.patch Patch5: 02-man.patch
Patch6: CVE-2016-9296.patch Patch6: CVE-2016-9296.patch
Patch7: 05-hardening-flags.patch Patch7: 05-hardening-flags.patch
Patch10: 13-CVE-2017-17969.patch Patch10: CVE-2017-17969.patch
Patch11: 14-Fix-g++-warning.patch Patch11: 14-Fix-g++-warning.patch
BuildRequires: cmake BuildRequires: cmake
@ -171,6 +171,9 @@ make test
%changelog %changelog
* Tue Feb 06 2018 Sérgio Basto <sergio@serjux.com> - 16.02-10
- Improve security patch
* Sat Jan 27 2018 Sérgio Basto <sergio@serjux.com> - 16.02-9 * Sat Jan 27 2018 Sérgio Basto <sergio@serjux.com> - 16.02-9
- Security fix for CVE-2017-17969 (from Debian) - Security fix for CVE-2017-17969 (from Debian)
- Add 05-hardening-flags.patch, 09-man-update.patch, 10-drop-fm-doc.patch - Add 05-hardening-flags.patch, 09-man-update.patch, 10-drop-fm-doc.patch

Write Preview
Loading…
Cancel
Save