<pre style='margin:0'>
Marius Schamschula (Schamschula) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/0246d0334f425c5257eecdd87910d1bc95cf9853">https://github.com/macports/macports-ports/commit/0246d0334f425c5257eecdd87910d1bc95cf9853</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 0246d03 p7zip: update to version 16.02.
</span>0246d03 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 0246d0334f425c5257eecdd87910d1bc95cf9853
</span>Author: Marius Schamschula <mps@macports.org>
AuthorDate: Fri Nov 4 10:32:37 2016 -0500
<span style='display:block; white-space:pre;color:#404040;'> p7zip: update to version 16.02.
</span>---
archivers/p7zip/Portfile | 13 ++++-------
archivers/p7zip/files/CVE-2016-2334.patch | 38 -------------------------------
archivers/p7zip/files/CVE-2016-2335.patch | 31 -------------------------
3 files changed, 4 insertions(+), 78 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/archivers/p7zip/Portfile b/archivers/p7zip/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 8f94387..84d26c2 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/archivers/p7zip/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/archivers/p7zip/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,10 +1,9 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# $Id$
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
</span>
PortSystem 1.0
name p7zip
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 15.14.1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 16.02
</span> categories archivers
# contains unrar code which has a restrictive license
license LGPL-2.1+ Restrictive/Distributable
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -23,12 +22,8 @@ distname [strsed ${distname} {g/-/_/}]
</span> use_bzip2 yes
distfiles ${distname}_src_all${extract.suffix}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums rmd160 1b240131d6fc8322830fa893357a62a9cdb81bdb \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 699db4da3621904113e040703220abb1148dfef477b55305e2f14a4f1f8f25d4
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# security patches from Debian (will no longer be needed when version >= 16.0.2)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-patchfiles CVE-2016-2334.patch \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- CVE-2016-2335.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 03550898e45b3eabe4ea0df5ee3787bd8f179fd0 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f
</span>
variant universal {}
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/archivers/p7zip/files/CVE-2016-2334.patch b/archivers/p7zip/files/CVE-2016-2334.patch
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 1da2e3a..0000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/archivers/p7zip/files/CVE-2016-2334.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,38 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-From: Robert Luberda <robert@debian.org>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Date: Sun, 15 May 2016 11:15:02 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Subject: CVE-2016-2334
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-MIME-Version: 1.0
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Content-Type: text/plain; charset="utf-8"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Content-Transfer-Encoding: 8bit
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Patch for the Heap buffer overflow in HFS handler vulnerability
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-(CVE-2016-2334) as posted by İsmail Dönmez to
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#1dba
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>----
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- CPP/7zip/Archive/HfsHandler.cpp | 5 +++++
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 1 file changed, 5 insertions(+)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/CPP/7zip/Archive/HfsHandler.cpp b/CPP/7zip/Archive/HfsHandler.cpp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index 8459280..47b8303 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- CPP/7zip/Archive/HfsHandler.cpp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ CPP/7zip/Archive/HfsHandler.cpp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, const CObjectVector<CIdExtents
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- item.GroupID = Get32(r + 0x24);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- item.AdminFlags = r[0x28];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- item.OwnerFlags = r[0x29];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- item.FileMode = Get16(r + 0x2A);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- item.FileType = Get32(r + 0x30);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- item.FileCreator = Get32(r + 0x34);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- UInt32 size = GetUi32(tableBuf + i * 8 + 4);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (size > buf.Size() || size > kCompressionBlockSize + 1)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return S_FALSE;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- RINOK(ReadStream_FALSE(inStream, buf, size));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if ((buf[0] & 0xF) == 0xF)
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/archivers/p7zip/files/CVE-2016-2335.patch b/archivers/p7zip/files/CVE-2016-2335.patch
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index cedc4c4..0000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/archivers/p7zip/files/CVE-2016-2335.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,31 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-From: Robert Luberda <robert@debian.org>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Date: Sun, 15 May 2016 11:15:06 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Subject: CVE-2016-2335
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-MIME-Version: 1.0
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Content-Type: text/plain; charset="utf-8"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Content-Transfer-Encoding: 8bit
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Patch for the Out of bounds read in UDF handler vulnerability
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-(CVE-2016-2335) as posted by İsmail Dönmez to
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#1dba
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>----
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- CPP/7zip/Archive/Udf/UdfIn.cpp | 6 +++++-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 1 file changed, 5 insertions(+), 1 deletion(-)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/CPP/7zip/Archive/Udf/UdfIn.cpp b/CPP/7zip/Archive/Udf/UdfIn.cpp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index a051a27..5f2acb0 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- CPP/7zip/Archive/Udf/UdfIn.cpp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ CPP/7zip/Archive/Udf/UdfIn.cpp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int volIndex, int fsIndex, const CLongAllocDesc
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- return S_FALSE;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- CFile &file = Files.Back();
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- const CLogVol &vol = LogVols[volIndex];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ unsigned partitionRef = lad.Location.PartitionRef;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (partitionRef >= vol.PartitionMaps.Size())
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return S_FALSE;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- UInt32 key = lad.Location.Pos;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- UInt32 value;
</span></pre><pre style='margin:0'>
</pre>