head 1.1; access; symbols pkgsrc-2026Q1:1.1.0.56 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.54 pkgsrc-2025Q4-base:1.1 pkgsrc-2025Q3:1.1.0.52 pkgsrc-2025Q3-base:1.1 pkgsrc-2025Q2:1.1.0.50 pkgsrc-2025Q2-base:1.1 pkgsrc-2025Q1:1.1.0.48 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.46 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.44 pkgsrc-2024Q3-base:1.1 pkgsrc-2024Q2:1.1.0.42 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.40 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.38 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.36 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.34 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.32 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.30 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.28 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.26 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.24 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.22 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.20 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.18 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.16 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.14 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.12 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.10 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.6 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.8 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.4 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.2; locks; strict; comment @# @; 1.1 date 2019.07.18.10.03.26; author nia; state Exp; branches 1.1.2.1; next ; commitid 7sKWJYdLV2EmHvvB; 1.1.2.1 date 2019.07.18.10.03.26; author bsiegert; state dead; branches; next 1.1.2.2; commitid 3NqaSwnbnI39TwvB; 1.1.2.2 date 2019.07.18.13.38.07; author bsiegert; state Exp; branches; next ; commitid 3NqaSwnbnI39TwvB; desc @@ 1.1 log @p7zip: Apply a patch for CVE-2017-17969 (out-of-bounds-write) Bump PKGREVISION @ text @$NetBSD$ Fix CVE-2017-17969 - heap-based buffer overflow From https://sourceforge.net/p/p7zip/bugs/204/ --- CPP/7zip/Compress/ShrinkDecoder.cpp.orig 2016-05-18 17:31:02.000000000 +0000 +++ CPP/7zip/Compress/ShrinkDecoder.cpp @@@@ -121,8 +121,13 @@@@ HRESULT CDecoder::CodeReal(ISequentialIn { _stack[i++] = _suffixes[cur]; cur = _parents[cur]; + if (cur >= kNumItems || i >= kNumItems) + break; } - + + if (cur >= kNumItems || i >= kNumItems) + break; + _stack[i++] = (Byte)cur; lastChar2 = (Byte)cur; @ 1.1.2.1 log @file patch-CVE-2017-17969 was added on branch pkgsrc-2019Q2 on 2019-07-18 13:38:07 +0000 @ text @d1 23 @ 1.1.2.2 log @Pullup ticket #6006 - requested by nia archivers/p7zip: security fix Revisions pulled up: - archivers/p7zip/Makefile 1.67 - archivers/p7zip/distinfo 1.52 - archivers/p7zip/patches/patch-CVE-2017-17969 1.1 --- Module Name: pkgsrc Committed By: nia Date: Thu Jul 18 10:03:26 UTC 2019 Modified Files: pkgsrc/archivers/p7zip: Makefile distinfo Added Files: pkgsrc/archivers/p7zip/patches: patch-CVE-2017-17969 Log Message: p7zip: Apply a patch for CVE-2017-17969 (out-of-bounds-write) Bump PKGREVISION @ text @a0 23 $NetBSD: patch-CVE-2017-17969,v 1.1 2019/07/18 10:03:26 nia Exp $ Fix CVE-2017-17969 - heap-based buffer overflow From https://sourceforge.net/p/p7zip/bugs/204/ --- CPP/7zip/Compress/ShrinkDecoder.cpp.orig 2016-05-18 17:31:02.000000000 +0000 +++ CPP/7zip/Compress/ShrinkDecoder.cpp @@@@ -121,8 +121,13 @@@@ HRESULT CDecoder::CodeReal(ISequentialIn { _stack[i++] = _suffixes[cur]; cur = _parents[cur]; + if (cur >= kNumItems || i >= kNumItems) + break; } - + + if (cur >= kNumItems || i >= kNumItems) + break; + _stack[i++] = (Byte)cur; lastChar2 = (Byte)cur; @