Wed Nov 30 14:29:09 2016 UTC ()
Add patch for CVE-2016-9296 https://sourceforge.net/p/p7zip/bugs/185/
Bump rev


(sevan)
diff -r1.63 -r1.64 pkgsrc/archivers/p7zip/Makefile
diff -r1.50 -r1.51 pkgsrc/archivers/p7zip/distinfo
diff -r0 -r1.1 pkgsrc/archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp
cvs diff -r1.63 -r1.64 pkgsrc/archivers/p7zip/Makefile (expand / switch to unified diff)

--- pkgsrc/archivers/p7zip/Makefile 2016/07/19 08:26:10 1.63
+++ pkgsrc/archivers/p7zip/Makefile 2016/11/30 14:29:09 1.64
@@ -1,17 +1,18 @@ @@ -1,17 +1,18 @@
1# $NetBSD: Makefile,v 1.63 2016/07/19 08:26:10 mef Exp $ 1# $NetBSD: Makefile,v 1.64 2016/11/30 14:29:09 sevan Exp $
2 2
3DISTNAME= p7zip_16.02_src_all 3DISTNAME= p7zip_16.02_src_all
4PKGNAME= ${DISTNAME:S/_src_all//S/_/-/} 4PKGNAME= ${DISTNAME:S/_src_all//S/_/-/}
 5PKGREVISION= 1
5CATEGORIES= archivers 6CATEGORIES= archivers
6MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=p7zip/} 7MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=p7zip/}
7EXTRACT_SUFX= .tar.bz2 8EXTRACT_SUFX= .tar.bz2
8 9
9MAINTAINER= pkgsrc-users@NetBSD.org 10MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= http://p7zip.sourceforge.net/ 11HOMEPAGE= http://p7zip.sourceforge.net/
11COMMENT= File archiver with high compression 12COMMENT= File archiver with high compression
12LICENSE= gnu-lgpl-v2.1 AND unrar-license 13LICENSE= gnu-lgpl-v2.1 AND unrar-license
13 14
14USE_LANGUAGES= c c++ 15USE_LANGUAGES= c c++
15USE_TOOLS+= gmake 16USE_TOOLS+= gmake
16MAKE_FILE= makefile 17MAKE_FILE= makefile
17MAKE_JOBS_SAFE= no # missing header when compiling sfx 18MAKE_JOBS_SAFE= no # missing header when compiling sfx
cvs diff -r1.50 -r1.51 pkgsrc/archivers/p7zip/distinfo (expand / switch to unified diff)

--- pkgsrc/archivers/p7zip/distinfo 2016/07/19 08:26:10 1.50
+++ pkgsrc/archivers/p7zip/distinfo 2016/11/30 14:29:09 1.51
@@ -1,10 +1,11 @@ @@ -1,10 +1,11 @@
1$NetBSD: distinfo,v 1.50 2016/07/19 08:26:10 mef Exp $ 1$NetBSD: distinfo,v 1.51 2016/11/30 14:29:09 sevan Exp $
2 2
3SHA1 (p7zip_16.02_src_all.tar.bz2) = e8819907132811aa1afe5ef296181d3a15cc8f22 3SHA1 (p7zip_16.02_src_all.tar.bz2) = e8819907132811aa1afe5ef296181d3a15cc8f22
4RMD160 (p7zip_16.02_src_all.tar.bz2) = 03550898e45b3eabe4ea0df5ee3787bd8f179fd0 4RMD160 (p7zip_16.02_src_all.tar.bz2) = 03550898e45b3eabe4ea0df5ee3787bd8f179fd0
5SHA512 (p7zip_16.02_src_all.tar.bz2) = d2c4d53817f96bb4c7683f42045198d4cd509cfc9c3e2cb85c8d9dc4ab6dfa7496449edeac4e300ecf986a9cbbc90bd8f8feef8156895d94617c04e507add55f 5SHA512 (p7zip_16.02_src_all.tar.bz2) = d2c4d53817f96bb4c7683f42045198d4cd509cfc9c3e2cb85c8d9dc4ab6dfa7496449edeac4e300ecf986a9cbbc90bd8f8feef8156895d94617c04e507add55f
6Size (p7zip_16.02_src_all.tar.bz2) = 4239909 bytes 6Size (p7zip_16.02_src_all.tar.bz2) = 4239909 bytes
 7SHA1 (patch-CPP_7zip_Archive_7z_7zIn.cpp) = cce409d45be6ae8e96314dad1c51d9feb09bc817
7SHA1 (patch-CPP_Windows_DLL.cpp) = 12fb3f3cf4d32b8848f741dde6bcb0e56a9c6745 8SHA1 (patch-CPP_Windows_DLL.cpp) = 12fb3f3cf4d32b8848f741dde6bcb0e56a9c6745
8SHA1 (patch-aa) = 9c103fa831cc6ff099e3a604c763ff416f1b48ec 9SHA1 (patch-aa) = 9c103fa831cc6ff099e3a604c763ff416f1b48ec
9SHA1 (patch-ab) = c680fb037b9ef5e19e4c8dc71dd710598277a61b 10SHA1 (patch-ab) = c680fb037b9ef5e19e4c8dc71dd710598277a61b
10SHA1 (patch-ac) = 747d8ab9ba3b4069227efcfce9a4b26096e68b9b 11SHA1 (patch-ac) = 747d8ab9ba3b4069227efcfce9a4b26096e68b9b
File Added: pkgsrc/archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp
$NetBSD: patch-CPP_7zip_Archive_7z_7zIn.cpp,v 1.1 2016/11/30 14:29:09 sevan Exp $

CVE-2016-9296 https://sourceforge.net/p/p7zip/bugs/185/

--- CPP/7zip/Archive/7z/7zIn.cpp.orig	2016-11-30 14:19:04.000000000 +0000
+++ CPP/7zip/Archive/7z/7zIn.cpp
@@ -1097,6 +1097,7 @@ HRESULT CInArchive::ReadAndDecodePackedS
       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
         ThrowIncorrect();
   }
+if (folders.PackPositions)
   HeadersSize += folders.PackPositions[folders.NumPackStreams];
   return S_OK;
 }