* [oe][meta-oe][dunfell][PATCH] p7zip: Fix for CVE-2016-9296
@ 2022-01-13 13:54 virendra thakur
2022-03-16 6:44 ` [meta-oe][dunfell][PATCH] " akash hadke
0 siblings, 1 reply; 3+ messages in thread
From: virendra thakur @ 2022-01-13 13:54 UTC (permalink / raw)
To: openembedded-devel, raj.khem; +Cc: ranjitsinh.rathod, Virendra Thakur
From: Virendra Thakur <virendra.thakur@kpit.com>
Add patch to fix CVE-2016-9296
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
---
.../p7zip/files/CVE-2016-9296.patch | 27 +++++++++++++++++++
meta-oe/recipes-extended/p7zip/p7zip_16.02.bb | 1 +
2 files changed, 28 insertions(+)
create mode 100644 meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
new file mode 100644
index 000000000..98e186cbf
--- /dev/null
+++ b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch
@@ -0,0 +1,27 @@
+p7zip: Update CVE-2016-9296 patch URL.
+From: Robert Luberda <robert@debian.org>
+Date: Sat, 19 Nov 2016 08:48:08 +0100
+Subject: Fix nullptr dereference (CVE-2016-9296)
+
+Patch taken from https://sourceforge.net/p/p7zip/bugs/185/
+This patch file taken from Debian's patch set for p7zip
+
+Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/]
+CVE: CVE-2016-9296
+
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+
+Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp
+===================================================================
+--- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp
++++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
+ if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+ ThrowIncorrect();
+ }
+- HeadersSize += folders.PackPositions[folders.NumPackStreams];
++ if (folders.PackPositions)
++ HeadersSize += folders.PackPositions[folders.NumPackStreams];
+ return S_OK;
+ }
+
diff --git a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
index 13479a90f..c79752f56 100644
--- a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
+++ b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb
@@ -9,6 +9,7 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al
file://do_not_override_compiler_and_do_not_strip.patch \
file://CVE-2017-17969.patch \
file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \
+ file://CVE-2016-9296.patch \
"
SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf"
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [meta-oe][dunfell][PATCH] p7zip: Fix for CVE-2016-9296
2022-01-13 13:54 [oe][meta-oe][dunfell][PATCH] p7zip: Fix for CVE-2016-9296 virendra thakur
@ 2022-03-16 6:44 ` akash hadke
2022-03-22 18:14 ` [oe] " akuster808
0 siblings, 1 reply; 3+ messages in thread
From: akash hadke @ 2022-03-16 6:44 UTC (permalink / raw)
To: openembedded-devel
[-- Attachment #1: Type: text/plain, Size: 31 bytes --]
Hello,
Any update on this?
[-- Attachment #2: Type: text/html, Size: 39 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [oe] [meta-oe][dunfell][PATCH] p7zip: Fix for CVE-2016-9296
2022-03-16 6:44 ` [meta-oe][dunfell][PATCH] " akash hadke
@ 2022-03-22 18:14 ` akuster808
0 siblings, 0 replies; 3+ messages in thread
From: akuster808 @ 2022-03-22 18:14 UTC (permalink / raw)
To: akash.hadke, openembedded-devel
On 3/15/22 23:44, akash hadke via lists.openembedded.org wrote:
> Hello,
>
> Any update on this?
its in the testing branch.
thanks for the ping.
-armin
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#96006): https://lists.openembedded.org/g/openembedded-devel/message/96006
> Mute This Topic: https://lists.openembedded.org/mt/88396742/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-03-22 18:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-13 13:54 [oe][meta-oe][dunfell][PATCH] p7zip: Fix for CVE-2016-9296 virendra thakur
2022-03-16 6:44 ` [meta-oe][dunfell][PATCH] " akash hadke
2022-03-22 18:14 ` [oe] " akuster808
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.