Fix CVE-2017-17969:

https://sourceforge.net/p/p7zip/bugs/204/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969

Patch copied from Debian.

Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
Bug: https://sourceforge.net/p/p7zip/bugs/204/
Bug-Debian: https://bugs.debian.org/888297
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
Author: Antoine Beaupré <anarcat@debian.org>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2018-02-01
Applied-Upstream: 18.00-beta

--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn
     {
       _stack[i++] = _suffixes[cur];
       cur = _parents[cur];
+      if (cur >= kNumItems || i >= kNumItems)
+        break;
     }
-    
+
+    if (cur >= kNumItems || i >= kNumItems)
+      break;
+
     _stack[i++] = (Byte)cur;
     lastChar2 = (Byte)cur;
 
' href='/guix/log/tests/go.scm'>log</a><a href='/guix/tree/tests/go.scm?id=bc71be1a1d1491087c2588ad7d3a12974c2f1403'>tree</a><a href='/guix/commit/tests/go.scm?id=bc71be1a1d1491087c2588ad7d3a12974c2f1403'>commit</a><a href='/guix/diff/tests/go.scm?id=bc71be1a1d1491087c2588ad7d3a12974c2f1403'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/go.scm'>
<input type='hidden' name='id' value='bc71be1a1d1491087c2588ad7d3a12974c2f1403'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=bc71be1a1d1491087c2588ad7d3a12974c2f1403'>root</a>/<a href='/guix/log/tests?id=bc71be1a1d1491087c2588ad7d3a12974c2f1403'>tests</a>/<a href='/guix/log/tests/go.scm?id=bc71be1a1d1491087c2588ad7d3a12974c2f1403'>go.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/go.scm?id=bc71be1a1d1491087c2588ad7d3a12974c2f1403&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-09-28 22:00:47 +0200'>2021-09-28</span></td><td><a href='/guix/commit/tests/go.scm?id=770ae098604d0bd9f21d625e8959e6c7ced3c36f'>tests: go: Fix typo.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2021-09-01 23:41:42 +0200'>2021-09-01</span></td><td><a href='/guix/commit/tests/go.scm?id=be13e2be08feb88d868f911d8f55b0451fe15e10'>import: go: Improve error handling.</a><span class='msg-avail'>...</span></td><td>zimoun</td></tr>
<tr><td><span title='2021-07-18 01:57:17 -0400'>2021-07-18</span></td><td><a href='/guix/commit/tests/go.scm?id=793ba333c6039545684e8af7e384704e76bc0f2f'>import: go: Upgrade go.mod parser.</a><span class='msg-avail'>...</span></td><td>Sarah Morgensen</td></tr>
<tr><td><span title='2021-07-17 23:26:58 -0400'>2021-07-17</span></td><td><a href='/guix/commit/tests/go.scm?id=3217a04b0352c2dd13323257b369604eeabfccc3'>tests/go: Remove unused variable.</a><span class='msg-avail'>...</span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2021-05-05 00:58:04 -0400'>2021-05-05</span></td><td><a href='/guix/commit/tests/go.scm?id=2354d79b88e80b34593dfdeb307ae602e21dcc8a'>tests: go: Remove duplicate go-version-&gt;git-ref test.</a><span class='msg-avail'>...</span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2021-05-04 22:48:27 +0200'>2021-05-04</span></td><td><a href='/guix/commit/tests/go.scm?id=9f0bdfd18668f177a899d489ac39d87f3963f88f'>tests: go: Fix typos in test descriptions.</a><span class='msg-avail'>...</span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2021-04-09 22:41:32 -0400'>2021-04-09</span></td><td><a href='/guix/commit/tests/go.scm?id=a8b927a562aad7e5f77d0e4db2d9cee3434446d2'>import: go: Add an option to use pinned versions.</a><span class='msg-avail'>...</span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2021-04-09 22:41:31 -0400'>2021-04-09</span></td><td><a href='/guix/commit/tests/go.scm?id=6aee902eaf9e38d5f41f568ef787fa0cc5203318'>import: go: Improve synopsis and description parsing.</a><span class='msg-avail'>...</span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2021-03-10 18:01:48 +0100'>2021-03-10</span></td><td><a href='/guix/commit/tests/go.scm?id=d028aef31c9dd05c0390addc3d7f419e41c530ab'>import: go: Compute the hash of Git checkouts.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-03-10 18:01:48 +0100'>2021-03-10</span></td><td><a href='/guix/commit/tests/go.scm?id=02e2e093e858e8a0ca7bd66c1f1f6fd0a1705edb'>import: Add Go importer.</a><span class='msg-avail'>...</span></td><td>Katherine Cox-Buday</td></tr>