pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2019Q2] pkgsrc/archivers/p7zip
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Jul 18 13:38:07 UTC 2019
Modified Files:
pkgsrc/archivers/p7zip [pkgsrc-2019Q2]: Makefile distinfo
Added Files:
pkgsrc/archivers/p7zip/patches [pkgsrc-2019Q2]: patch-CVE-2017-17969
Log Message:
Pullup ticket #6006 - requested by nia
archivers/p7zip: security fix
Revisions pulled up:
- archivers/p7zip/Makefile 1.67
- archivers/p7zip/distinfo 1.52
- archivers/p7zip/patches/patch-CVE-2017-17969 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jul 18 10:03:26 UTC 2019
Modified Files:
pkgsrc/archivers/p7zip: Makefile distinfo
Added Files:
pkgsrc/archivers/p7zip/patches: patch-CVE-2017-17969
Log Message:
p7zip: Apply a patch for CVE-2017-17969 (out-of-bounds-write)
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.66 -r1.66.8.1 pkgsrc/archivers/p7zip/Makefile
cvs rdiff -u -r1.51 -r1.51.24.1 pkgsrc/archivers/p7zip/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/archivers/p7zip/patches/patch-CVE-2017-17969
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/archivers/p7zip/Makefile
diff -u pkgsrc/archivers/p7zip/Makefile:1.66 pkgsrc/archivers/p7zip/Makefile:1.66.8.1
--- pkgsrc/archivers/p7zip/Makefile:1.66 Wed Jul 4 13:40:08 2018
+++ pkgsrc/archivers/p7zip/Makefile Thu Jul 18 13:38:07 2019
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.66 2018/07/04 13:40:08 jperkin Exp $
+# $NetBSD: Makefile,v 1.66.8.1 2019/07/18 13:38:07 bsiegert Exp $
DISTNAME= p7zip_16.02_src_all
PKGNAME= ${DISTNAME:S/_src_all//S/_/-/}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=p7zip/}
EXTRACT_SUFX= .tar.bz2
Index: pkgsrc/archivers/p7zip/distinfo
diff -u pkgsrc/archivers/p7zip/distinfo:1.51 pkgsrc/archivers/p7zip/distinfo:1.51.24.1
--- pkgsrc/archivers/p7zip/distinfo:1.51 Wed Nov 30 14:29:09 2016
+++ pkgsrc/archivers/p7zip/distinfo Thu Jul 18 13:38:07 2019
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2016/11/30 14:29:09 sevan Exp $
+$NetBSD: distinfo,v 1.51.24.1 2019/07/18 13:38:07 bsiegert Exp $
SHA1 (p7zip_16.02_src_all.tar.bz2) = e8819907132811aa1afe5ef296181d3a15cc8f22
RMD160 (p7zip_16.02_src_all.tar.bz2) = 03550898e45b3eabe4ea0df5ee3787bd8f179fd0
@@ -6,6 +6,7 @@ SHA512 (p7zip_16.02_src_all.tar.bz2) = d
Size (p7zip_16.02_src_all.tar.bz2) = 4239909 bytes
SHA1 (patch-CPP_7zip_Archive_7z_7zIn.cpp) = cce409d45be6ae8e96314dad1c51d9feb09bc817
SHA1 (patch-CPP_Windows_DLL.cpp) = 12fb3f3cf4d32b8848f741dde6bcb0e56a9c6745
+SHA1 (patch-CVE-2017-17969) = 4e22cf6640469a53030b956073924252e68f1ced
SHA1 (patch-aa) = 9c103fa831cc6ff099e3a604c763ff416f1b48ec
SHA1 (patch-ab) = c680fb037b9ef5e19e4c8dc71dd710598277a61b
SHA1 (patch-ac) = 747d8ab9ba3b4069227efcfce9a4b26096e68b9b
Added files:
Index: pkgsrc/archivers/p7zip/patches/patch-CVE-2017-17969
diff -u /dev/null pkgsrc/archivers/p7zip/patches/patch-CVE-2017-17969:1.1.2.2
--- /dev/null Thu Jul 18 13:38:07 2019
+++ pkgsrc/archivers/p7zip/patches/patch-CVE-2017-17969 Thu Jul 18 13:38:07 2019
@@ -0,0 +1,23 @@
+$NetBSD: patch-CVE-2017-17969,v 1.1.2.2 2019/07/18 13:38:07 bsiegert Exp $
+
+Fix CVE-2017-17969 - heap-based buffer overflow
+
+From https://sourceforge.net/p/p7zip/bugs/204/
+
+--- CPP/7zip/Compress/ShrinkDecoder.cpp.orig 2016-05-18 17:31:02.000000000 +0000
++++ CPP/7zip/Compress/ShrinkDecoder.cpp
+@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn
+ {
+ _stack[i++] = _suffixes[cur];
+ cur = _parents[cur];
++ if (cur >= kNumItems || i >= kNumItems)
++ break;
+ }
+-
++
++ if (cur >= kNumItems || i >= kNumItems)
++ break;
++
+ _stack[i++] = (Byte)cur;
+ lastChar2 = (Byte)cur;
+
Home |
Main Index |
Thread Index |
Old Index