Changeset 04131a2


Ignore:
Timestamp:
08/20/2024 09:43:43 PM (4 weeks ago)
Author:
Douglas R. Reno <renodr@…>
Branches:
12.2, lazarus, trunk
Children:
aa996df1
Parents:
ba7fffb
Message:

p7zip: fix CVE-2023-52168, CVE-2023-52169, and roll in the fix for
CVE-2021-3465 into the patch.

Files:
2 edited

Legend:

Unmodified
Added
Removed

  • general/sysutils/p7zip.xml

    rba7fffb r04131a2  
    7070    </itemizedlist>
    7171
    72 <!-- Applied in 17.03
    7372    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
    7473    <itemizedlist spacing='compact'>
    7574      <listitem>
    76         <para>Required patch: <ulink
    77         url="&patch-root;/p7zip-&p7zip-version;-consolidated_fixes-1.patch"/></para>
     75        <para>
     76          Required patch:
     77          <ulink url="&patch-root;/p7zip-&p7zip-version;-consolidated_fixes-1.patch"/>
     78        </para>
    7879      </listitem>
    7980    </itemizedlist>
    80 -->
    8181
    8282    <bridgehead renderas="sect3">p7zip Dependencies</bridgehead>
     
    9393    <title>Installation of p7zip</title>
    9494
    95 <!-- Applied in 17.03
    96     <para>
    97       First, update the package for gcc10 and some security issues:
     95    <para>
     96      First, fix several security vulnerabilities:
    9897    </para>
    9998
    10099<screen><userinput>patch -Np1 -i ../p7zip-&p7zip-version;-consolidated_fixes-1.patch</userinput></screen>
    101 -->
    102 
    103     <para>
    104       First, prevent <application>p7zip</application> from installing
     100
     101    <para>
     102      Next, prevent <application>p7zip</application> from installing
    105103      compressed manual pages:
    106104    </para>
    107105
    108106<screen><userinput remap="pre">sed '/^gzip/d' -i install.sh</userinput></screen>
    109 
    110     <para>
    111       Next, fix a security vulnerability:
    112     </para>
    113 
    114 <screen><userinput remap="pre">sed -i '160a if(_buffer == nullptr || _size == _pos) return E_FAIL;' CPP/7zip/Common/StreamObjects.cpp</userinput></screen>
    115107
    116108    <para>

  • introduction/welcome/changelog.xml

    rba7fffb r04131a2  
    3939    </listitem>
    4040    -->
     41    <listitem>
     42      <para>August 20th, 2024</para>
     43      <itemizedlist>
     44        <listitem>
     45          <para>[renodr] - Fix three security vulnerabilities in p7zip. Fixes
     46          <ulink url="&blfs-ticket-root;20251">#20251</ulink>.</para>
     47        </listitem>
     48      </itemizedlist>
     49    </listitem>
     50
    4151    <listitem>
    4252      <para>August 19th, 2024</para>
Note: See TracChangeset for help on using the changeset viewer.