Pullup ticket #5167 - requested by sevan

archivers/p7zip: security fix

Revisions pulled up:
- archivers/p7zip/Makefile                                      1.64
- archivers/p7zip/distinfo                                      1.51
- archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp    1.1

---
   Module Name:    pkgsrc
   Committed By:   sevan
   Date:           Wed Nov 30 14:29:09 UTC 2016

   Modified Files:
           pkgsrc/archivers/p7zip: Makefile distinfo
   Added Files:
           pkgsrc/archivers/p7zip/patches: patch-CPP_7zip_Archive_7z_7zIn.cpp

   Log Message:
   Add patch for CVE-2016-9296 https://sourceforge.net/p/p7zip/bugs/185/
   Bump rev

1 files changed, 14 insertions, 0 deletions

diff --git a/archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp b/archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp
new file mode 100644
index 00000000000..2008c48fd34
--- /dev/null
+++ b/archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp
@@ -0,0 +1,14 @@
+$NetBSD: patch-CPP_7zip_Archive_7z_7zIn.cpp,v 1.1.2.2 2016/12/04 15:28:33 bsiegert Exp $
+
+CVE-2016-9296 https://sourceforge.net/p/p7zip/bugs/185/
+
+--- CPP/7zip/Archive/7z/7zIn.cpp.orig	2016-11-30 14:19:04.000000000 +0000
++++ CPP/7zip/Archive/7z/7zIn.cpp
+@@ -1097,6 +1097,7 @@ HRESULT CInArchive::ReadAndDecodePackedS
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
++if (folders.PackPositions)
+   HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }