Fix CVE-2017-17969:

https://sourceforge.net/p/p7zip/bugs/204/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969

Patch copied from Debian.

Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
Bug: https://sourceforge.net/p/p7zip/bugs/204/
Bug-Debian: https://bugs.debian.org/888297
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
Author: Antoine Beaupré <anarcat@debian.org>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2018-02-01
Applied-Upstream: 18.00-beta

--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn
     {
       _stack[i++] = _suffixes[cur];
       cur = _parents[cur];
+      if (cur >= kNumItems || i >= kNumItems)
+        break;
     }
-    
+
+    if (cur >= kNumItems || i >= kNumItems)
+      break;
+
     _stack[i++] = (Byte)cur;
     lastChar2 = (Byte)cur;
 
f6fe9b4af9f17e6a567f692'>refs</a><a href='/guix/log/Makefile.am'>log</a><a href='/guix/tree/Makefile.am?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>tree</a><a class='active' href='/guix/commit/Makefile.am?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>commit</a><a href='/guix/diff/Makefile.am?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/Makefile.am'>
<input type='hidden' name='id' value='e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/commit/?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>root</a>/<a href='/guix/commit/Makefile.am?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>Makefile.am</a></div><div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='id' value='e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><table summary='commit info' class='commit-info'>
<tr><th>author</th><td>Marius Bakke &lt;marius@gnu.org&gt;</td><td class='right'>2021-08-11 10:01:01 +0200</td></tr>
<tr><th>committer</th><td>Marius Bakke &lt;marius@gnu.org&gt;</td><td class='right'>2021-08-11 23:19:02 +0200</td></tr>
<tr><th>commit</th><td colspan='2' class='oid'><a href='/guix/commit/Makefile.am?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692</a> (<a href='/guix/patch/Makefile.am?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='oid'><a href='/guix/tree/?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>0d673c757221d2492074b736fda00732cab14d63</a> /<a href='/guix/tree/Makefile.am?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>Makefile.am</a></td></tr>
<tr><th>parent</th><td colspan='2' class='oid'><a href='/guix/commit/Makefile.am?id=443e7f6338049d39427439fc5d997f8c59916fe1'>443e7f6338049d39427439fc5d997f8c59916fe1</a> (<a href='/guix/diff/Makefile.am?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692&amp;id2=443e7f6338049d39427439fc5d997f8c59916fe1'>diff</a>)</td></tr><tr><th>download</th><td colspan='2' class='oid'><a href='/guix/snapshot/guix-e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692.tar.gz'>guix-e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692.tar.gz</a><br/><a href='/guix/snapshot/guix-e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692.zip'>guix-e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692.zip</a><br/></td></tr></table>
<div class='commit-subject'>gnu: rapidjson: Remove unused configure flag.</div><div class='commit-msg'>* gnu/packages/web.scm (rapidjson)[arguments]: Remove #:configure-flags, as
the entry is not honored by the build system and would only affect tests and
examples, which are not installed.
[source](snippet): Remove trailing #t.
</div><div class='diffstat-header'><a href='/guix/diff/?id=e65bcfda22fe4e3a0f6fe9b4af9f17e6a567f692'>Diffstat</a> (limited to 'Makefile.am')</div><table summary='diffstat' class='diffstat'></table><div class='diffstat-summary'>0 files changed, 0 insertions, 0 deletions</div><table summary='diff' class='diff'><tr><td></td></tr></table></div> <!-- class=content -->
                         <div class=footer>generated by
                             <a href="https://git.zx2c4.com/cgit/about/">
                                 cgit
                             </a>
                         </div>
                        </div> <!-- id=cgit -->
</body>
</html>