p7zip: Fix for CVE-2016-9296

Add patch to fix CVE-2016-9296 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 102abb1c33bfa248ac1b1bb57fefa6bb7a44fe95) Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Virendra Thakur <virendra.thakur@kpit.com> 2023-04-19 16:01:09 +0200
committer: Armin Kuster <akuster808@gmail.com> 2023-05-07 12:16:21 -0400
commit: 847784895ca851f2cef76c3ebb249e8e0e0e5959 (patch)
tree: b2d4f799945605eda562afdbe563f5c313565d33
parent: aa14a241a548dc2b0fb9a7c743ad753d273f7e97 (diff)
download: meta-openembedded-847784895ca851f2cef76c3ebb249e8e0e0e5959.tar.gz
2 files changed, 28 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
new file mode 100644
index 0000000000..98e186cbf0
--- /dev/null
+++ b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
@@ -0,0 +1,27 @@
+p7zip: Update CVE-2016-9296 patch URL.
+From: Robert Luberda <robert@debian.org>
+Date: Sat, 19 Nov 2016 08:48:08 +0100
+Subject: Fix nullptr dereference (CVE-2016-9296)
+Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
+This patch file taken from Debian's patch set for p7zip
+Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/]
+CVE: CVE-2016-9296
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp
+===================================================================
+--- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp
+++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
+  if (folders.PackPositions)
+      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 
diff --git a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
index 88cb13488d..e795482eb6 100644
--- a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
+++ b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
@@ -11,6 +11,7 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al
           file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \
           file://change_numMethods_from_bool_to_unsigned.patch \
           file://CVE-2018-5996.patch \
+           file://CVE-2016-9296.patch \
           "
 SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf"
author	Virendra Thakur <virendra.thakur@kpit.com>	2023-04-19 16:01:09 +0200
committer	Armin Kuster <akuster808@gmail.com>	2023-05-07 12:16:21 -0400
commit	847784895ca851f2cef76c3ebb249e8e0e0e5959 (patch)
tree	b2d4f799945605eda562afdbe563f5c313565d33
parent	aa14a241a548dc2b0fb9a7c743ad753d273f7e97 (diff)
download	meta-openembedded-847784895ca851f2cef76c3ebb249e8e0e0e5959.tar.gz

diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch new file mode 100644 index 0000000000..98e186cbf0 --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
@@ -0,0 +1,27 @@
		1	p7zip: Update CVE-2016-9296 patch URL.
		2	From: Robert Luberda <robert@debian.org>
		3	Date: Sat, 19 Nov 2016 08:48:08 +0100
		4	Subject: Fix nullptr dereference (CVE-2016-9296)
		5
		6	Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
		7	This patch file taken from Debian's patch set for p7zip
		8
		9	Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/]
		10	CVE: CVE-2016-9296
		11
		12	Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
		13
		14	Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp
		15	===================================================================
		16	--- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp
		17	+++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp
		18	@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
		19	if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
		20	ThrowIncorrect();
		21	}
		22	- HeadersSize += folders.PackPositions[folders.NumPackStreams];
		23	+ if (folders.PackPositions)
		24	+ HeadersSize += folders.PackPositions[folders.NumPackStreams];
		25	return S_OK;
		26	}
		27


diff --git a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb index 88cb13488d..e795482eb6 100644 --- a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb +++ b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
@@ -11,6 +11,7 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al
11	file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \	11	file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \
12	file://change_numMethods_from_bool_to_unsigned.patch \	12	file://change_numMethods_from_bool_to_unsigned.patch \
13	file://CVE-2018-5996.patch \	13	file://CVE-2018-5996.patch \
		14	file://CVE-2016-9296.patch \
14	"	15	"
15		16
16	SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf"	17	SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf"