Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code
of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within
the PPMd code, allows remote attackers to cause a denial of service
(segmentation fault) or execute arbitrary code via a crafted RAR archive.
Obtained from: Debian (link in the patch file)
MFH: 2018Q1
Security: 7a2e0063-0e4e-11e8-94c0-5453ed2e2b49
It is not entirely clear to me what the policy is to decide whether a
license can be auto-accepted, but for now this makes it possible to build
the port without supervision (eg. with BATCH=1).
of some sed calls, supporting staging.
- Set LICENSE for the port. [1]
- Get rid of the MINIMAL and MODULES options. They were not very useful and
its handling was needlessly complicating the Makefile logic. We now always
build as if MINIMAL was unset.
- Stop installing the p7zip and Client7z wrappers.
- Move the installation of the RAR decompression codec to
archivers/p7zip-codec-rar, as its source code uses a more restrictive
license than the LGPL21 used for the rest of the code base.
PR: ports/185238 [1]
Submitted by: Hardy Schumacher <hardy.schumacher@gmx.de> [1]
