diff options
| author | Virendra Thakur <virendra.thakur@kpit.com> | 2022-01-13 19:24:32 +0530 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2022-03-27 08:18:20 -0700 |
| commit | 4f701b46551d7a68aaed2c59943007f1e685c800 (patch) | |
| tree | d62925196acd60588fca396edfd773c8594b3ed5 | |
| parent | 17e931e7762174046aec7914ab1c1b3f1bc2c32d (diff) | |
| download | meta-openembedded-4f701b46551d7a68aaed2c59943007f1e685c800.tar.gz | |
p7zip: Fix for CVE-2016-9296
Add patch to fix CVE-2016-9296
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch | 27 | ||||
| -rw-r--r-- | meta-oe/recipes-extended/p7zip/p7zip_16.02.bb | 1 |
2 files changed, 28 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch new file mode 100644 index 0000000000..98e186cbf0 --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch | |||
| @@ -0,0 +1,27 @@ | |||
| 1 | p7zip: Update CVE-2016-9296 patch URL. | ||
| 2 | From: Robert Luberda <robert@debian.org> | ||
| 3 | Date: Sat, 19 Nov 2016 08:48:08 +0100 | ||
| 4 | Subject: Fix nullptr dereference (CVE-2016-9296) | ||
| 5 | |||
| 6 | Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ | ||
| 7 | This patch file taken from Debian's patch set for p7zip | ||
| 8 | |||
| 9 | Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/] | ||
| 10 | CVE: CVE-2016-9296 | ||
| 11 | |||
| 12 | Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> | ||
| 13 | |||
| 14 | Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp | ||
| 15 | =================================================================== | ||
| 16 | --- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp | ||
| 17 | +++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp | ||
| 18 | @@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS | ||
| 19 | if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) | ||
| 20 | ThrowIncorrect(); | ||
| 21 | } | ||
| 22 | - HeadersSize += folders.PackPositions[folders.NumPackStreams]; | ||
| 23 | + if (folders.PackPositions) | ||
| 24 | + HeadersSize += folders.PackPositions[folders.NumPackStreams]; | ||
| 25 | return S_OK; | ||
| 26 | } | ||
| 27 | |||
diff --git a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb index 8984f960fe..79677c6487 100644 --- a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb +++ b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb | |||
| @@ -11,6 +11,7 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al | |||
| 11 | file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \ | 11 | file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \ |
| 12 | file://change_numMethods_from_bool_to_unsigned.patch \ | 12 | file://change_numMethods_from_bool_to_unsigned.patch \ |
| 13 | file://CVE-2018-5996.patch \ | 13 | file://CVE-2018-5996.patch \ |
| 14 | file://CVE-2016-9296.patch \ | ||
| 14 | " | 15 | " |
| 15 | 16 | ||
| 16 | SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf" | 17 | SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf" |