diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2019-07-18 13:38:07 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2019-07-18 13:38:07 +0000 |
commit | 705972f0b8a6e345a478ded9ec8405d904c9a87b (patch) | |
tree | 57ecf65f00bc30220d7b5bcd367df555f7ab0bc6 | |
parent | 92bf14ec9828519cfd0ddd99ef05262d71a96c5f (diff) | |
download | pkgsrc-705972f0b8a6e345a478ded9ec8405d904c9a87b.tar.gz |
Pullup ticket #6006 - requested by nia
archivers/p7zip: security fix
Revisions pulled up:
- archivers/p7zip/Makefile 1.67
- archivers/p7zip/distinfo 1.52
- archivers/p7zip/patches/patch-CVE-2017-17969 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jul 18 10:03:26 UTC 2019
Modified Files:
pkgsrc/archivers/p7zip: Makefile distinfo
Added Files:
pkgsrc/archivers/p7zip/patches: patch-CVE-2017-17969
Log Message:
p7zip: Apply a patch for CVE-2017-17969 (out-of-bounds-write)
Bump PKGREVISION
-rw-r--r-- | archivers/p7zip/Makefile | 4 | ||||
-rw-r--r-- | archivers/p7zip/distinfo | 3 | ||||
-rw-r--r-- | archivers/p7zip/patches/patch-CVE-2017-17969 | 23 |
3 files changed, 27 insertions, 3 deletions
diff --git a/archivers/p7zip/Makefile b/archivers/p7zip/Makefile index 569755b5836..3d89a2f6d53 100644 --- a/archivers/p7zip/Makefile +++ b/archivers/p7zip/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.66 2018/07/04 13:40:08 jperkin Exp $ +# $NetBSD: Makefile,v 1.66.8.1 2019/07/18 13:38:07 bsiegert Exp $ DISTNAME= p7zip_16.02_src_all PKGNAME= ${DISTNAME:S/_src_all//S/_/-/} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=p7zip/} EXTRACT_SUFX= .tar.bz2 diff --git a/archivers/p7zip/distinfo b/archivers/p7zip/distinfo index d3835969ad9..908c53af871 100644 --- a/archivers/p7zip/distinfo +++ b/archivers/p7zip/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.51 2016/11/30 14:29:09 sevan Exp $ +$NetBSD: distinfo,v 1.51.24.1 2019/07/18 13:38:07 bsiegert Exp $ SHA1 (p7zip_16.02_src_all.tar.bz2) = e8819907132811aa1afe5ef296181d3a15cc8f22 RMD160 (p7zip_16.02_src_all.tar.bz2) = 03550898e45b3eabe4ea0df5ee3787bd8f179fd0 @@ -6,6 +6,7 @@ SHA512 (p7zip_16.02_src_all.tar.bz2) = d2c4d53817f96bb4c7683f42045198d4cd509cfc9 Size (p7zip_16.02_src_all.tar.bz2) = 4239909 bytes SHA1 (patch-CPP_7zip_Archive_7z_7zIn.cpp) = cce409d45be6ae8e96314dad1c51d9feb09bc817 SHA1 (patch-CPP_Windows_DLL.cpp) = 12fb3f3cf4d32b8848f741dde6bcb0e56a9c6745 +SHA1 (patch-CVE-2017-17969) = 4e22cf6640469a53030b956073924252e68f1ced SHA1 (patch-aa) = 9c103fa831cc6ff099e3a604c763ff416f1b48ec SHA1 (patch-ab) = c680fb037b9ef5e19e4c8dc71dd710598277a61b SHA1 (patch-ac) = 747d8ab9ba3b4069227efcfce9a4b26096e68b9b diff --git a/archivers/p7zip/patches/patch-CVE-2017-17969 b/archivers/p7zip/patches/patch-CVE-2017-17969 new file mode 100644 index 00000000000..30653b536ea --- /dev/null +++ b/archivers/p7zip/patches/patch-CVE-2017-17969 @@ -0,0 +1,23 @@ +$NetBSD: patch-CVE-2017-17969,v 1.1.2.2 2019/07/18 13:38:07 bsiegert Exp $ + +Fix CVE-2017-17969 - heap-based buffer overflow + +From https://sourceforge.net/p/p7zip/bugs/204/ + +--- CPP/7zip/Compress/ShrinkDecoder.cpp.orig 2016-05-18 17:31:02.000000000 +0000 ++++ CPP/7zip/Compress/ShrinkDecoder.cpp +@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn + { + _stack[i++] = _suffixes[cur]; + cur = _parents[cur]; ++ if (cur >= kNumItems || i >= kNumItems) ++ break; + } +- ++ ++ if (cur >= kNumItems || i >= kNumItems) ++ break; ++ + _stack[i++] = (Byte)cur; + lastChar2 = (Byte)cur; + |