Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package p7zip for openSUSE:Factory checked in at 2021-05-05 20:39:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/p7zip (Old) and /work/SRC/openSUSE:Factory/.p7zip.new.2988 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "p7zip" Wed May 5 20:39:30 2021 rev:43 rq:889947 version:16.02 Changes: -------- --- /work/SRC/openSUSE:Factory/p7zip/p7zip.changes 2021-03-24 16:10:22.851777102 +0100 +++ /work/SRC/openSUSE:Factory/.p7zip.new.2988/p7zip.changes 2021-05-05 20:39:31.087040585 +0200 @@ -1,0 +2,5 @@ +Thu Apr 29 12:38:13 UTC 2021 - Mark??ta Machov?? <[email protected]> + +- Add almost-upstream CVE-2021-3465.patch (bsc#1184699, CVE-2021-3465) + +------------------------------------------------------------------- New: ---- CVE-2021-3465.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ p7zip.spec ++++++ --- /var/tmp/diff_new_pack.gMuvAB/_old 2021-05-05 20:39:31.595038405 +0200 +++ /var/tmp/diff_new_pack.gMuvAB/_new 2021-05-05 20:39:31.595038405 +0200 @@ -48,6 +48,8 @@ Patch2: p7zip-16.02-CVE-2017-17969.patch # PATCH-FIX-UPSTREAM Patch3: 0001-Fix-g-warning.patch +# see https://github.com/jinfeihan57/p7zip/issues/130 +Patch4: CVE-2021-3465.patch BuildRequires: fdupes BuildRequires: gcc-c++ Suggests: p7zip-full @@ -100,8 +102,8 @@ Requires: kf5-filesystem Requires(post): hicolor-icon-theme Requires(post): update-desktop-files -Requires(postun): hicolor-icon-theme -Requires(postun): update-desktop-files +Requires(postun):hicolor-icon-theme +Requires(postun):update-desktop-files %description gui p7zip is a quick port of 7z.exe and 7za.exe (command line version of ++++++ CVE-2021-3465.patch ++++++ Index: p7zip_16.02/CPP/7zip/Common/StreamObjects.cpp =================================================================== --- p7zip_16.02.orig/CPP/7zip/Common/StreamObjects.cpp +++ p7zip_16.02/CPP/7zip/Common/StreamObjects.cpp @@ -157,6 +157,8 @@ STDMETHODIMP CDynBufSeqOutStream::Write( STDMETHODIMP CBufPtrSeqOutStream::Write(const void *data, UInt32 size, UInt32 *processedSize) { + if(_buffer == nullptr || _size == _pos) + return E_FAIL; size_t rem = _size - _pos; if (rem > size) rem = (size_t)size;
