Add patch for CVE-2016-9296 https://sourceforge.net/p/p7zip/bugs/185/ Bump revdiff -r1.63 -r1.64 pkgsrc/archivers/p7zip/Makefile
(sevan)
@@ -1,17 +1,18 @@ | @@ -1,17 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.63 2016/07/19 08:26:10 mef Exp $ | 1 | # $NetBSD: Makefile,v 1.64 2016/11/30 14:29:09 sevan Exp $ | |
2 | 2 | |||
3 | DISTNAME= p7zip_16.02_src_all | 3 | DISTNAME= p7zip_16.02_src_all | |
4 | PKGNAME= ${DISTNAME:S/_src_all//S/_/-/} | 4 | PKGNAME= ${DISTNAME:S/_src_all//S/_/-/} | |
5 | PKGREVISION= 1 | |||
5 | CATEGORIES= archivers | 6 | CATEGORIES= archivers | |
6 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=p7zip/} | 7 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=p7zip/} | |
7 | EXTRACT_SUFX= .tar.bz2 | 8 | EXTRACT_SUFX= .tar.bz2 | |
8 | 9 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 10 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://p7zip.sourceforge.net/ | 11 | HOMEPAGE= http://p7zip.sourceforge.net/ | |
11 | COMMENT= File archiver with high compression | 12 | COMMENT= File archiver with high compression | |
12 | LICENSE= gnu-lgpl-v2.1 AND unrar-license | 13 | LICENSE= gnu-lgpl-v2.1 AND unrar-license | |
13 | 14 | |||
14 | USE_LANGUAGES= c c++ | 15 | USE_LANGUAGES= c c++ | |
15 | USE_TOOLS+= gmake | 16 | USE_TOOLS+= gmake | |
16 | MAKE_FILE= makefile | 17 | MAKE_FILE= makefile | |
17 | MAKE_JOBS_SAFE= no # missing header when compiling sfx | 18 | MAKE_JOBS_SAFE= no # missing header when compiling sfx |
@@ -1,10 +1,11 @@ | @@ -1,10 +1,11 @@ | |||
1 | $NetBSD: distinfo,v 1.50 2016/07/19 08:26:10 mef Exp $ | 1 | $NetBSD: distinfo,v 1.51 2016/11/30 14:29:09 sevan Exp $ | |
2 | 2 | |||
3 | SHA1 (p7zip_16.02_src_all.tar.bz2) = e8819907132811aa1afe5ef296181d3a15cc8f22 | 3 | SHA1 (p7zip_16.02_src_all.tar.bz2) = e8819907132811aa1afe5ef296181d3a15cc8f22 | |
4 | RMD160 (p7zip_16.02_src_all.tar.bz2) = 03550898e45b3eabe4ea0df5ee3787bd8f179fd0 | 4 | RMD160 (p7zip_16.02_src_all.tar.bz2) = 03550898e45b3eabe4ea0df5ee3787bd8f179fd0 | |
5 | SHA512 (p7zip_16.02_src_all.tar.bz2) = d2c4d53817f96bb4c7683f42045198d4cd509cfc9c3e2cb85c8d9dc4ab6dfa7496449edeac4e300ecf986a9cbbc90bd8f8feef8156895d94617c04e507add55f | 5 | SHA512 (p7zip_16.02_src_all.tar.bz2) = d2c4d53817f96bb4c7683f42045198d4cd509cfc9c3e2cb85c8d9dc4ab6dfa7496449edeac4e300ecf986a9cbbc90bd8f8feef8156895d94617c04e507add55f | |
6 | Size (p7zip_16.02_src_all.tar.bz2) = 4239909 bytes | 6 | Size (p7zip_16.02_src_all.tar.bz2) = 4239909 bytes | |
7 | SHA1 (patch-CPP_7zip_Archive_7z_7zIn.cpp) = cce409d45be6ae8e96314dad1c51d9feb09bc817 | |||
7 | SHA1 (patch-CPP_Windows_DLL.cpp) = 12fb3f3cf4d32b8848f741dde6bcb0e56a9c6745 | 8 | SHA1 (patch-CPP_Windows_DLL.cpp) = 12fb3f3cf4d32b8848f741dde6bcb0e56a9c6745 | |
8 | SHA1 (patch-aa) = 9c103fa831cc6ff099e3a604c763ff416f1b48ec | 9 | SHA1 (patch-aa) = 9c103fa831cc6ff099e3a604c763ff416f1b48ec | |
9 | SHA1 (patch-ab) = c680fb037b9ef5e19e4c8dc71dd710598277a61b | 10 | SHA1 (patch-ab) = c680fb037b9ef5e19e4c8dc71dd710598277a61b | |
10 | SHA1 (patch-ac) = 747d8ab9ba3b4069227efcfce9a4b26096e68b9b | 11 | SHA1 (patch-ac) = 747d8ab9ba3b4069227efcfce9a4b26096e68b9b |
$NetBSD: patch-CPP_7zip_Archive_7z_7zIn.cpp,v 1.1 2016/11/30 14:29:09 sevan Exp $
CVE-2016-9296 https://sourceforge.net/p/p7zip/bugs/185/
--- CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-30 14:19:04.000000000 +0000
+++ CPP/7zip/Archive/7z/7zIn.cpp
@@ -1097,6 +1097,7 @@ HRESULT CInArchive::ReadAndDecodePackedS
if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
ThrowIncorrect();
}
+if (folders.PackPositions)
HeadersSize += folders.PackPositions[folders.NumPackStreams];
return S_OK;
}