app-arch/p7zip: Add upstream version of CVE patch

Package-Manager: portage-2.2.25 Signed-off-by: Justin Lecher <[email protected]>
johu · Dec 3, 2015 · 63d6e0f · 63d6e0f
1 parent 06de23d
commit 63d6e0f
Showing 1 changed file with 52 additions and 46 deletions.
diff --git a/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch b/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch
@@ -1,17 +1,30 @@
- CPP/7zip/UI/Agent/Agent.cpp                   |  2 +-
- CPP/7zip/UI/Client7z/Client7z.cpp             | 19 ++++++++++-
- CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | 14 +++++++--
- CPP/7zip/UI/Common/ArchiveExtractCallback.h   |  6 +++-
- CPP/7zip/UI/Common/Extract.cpp                |  2 +-
- CPP/Windows/FileDir.cpp                       | 45 +++++++++++++++++++++++++--
- CPP/Windows/FileDir.h                         | 31 +++++++++++++++++-
- 7 files changed, 109 insertions(+), 10 deletions(-)
+Author: Ben Hutchings <[email protected]>
+Date: Tue, 19 May 2015 02:38:40 +0100
+Description: Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038)
+Bug: http://sourceforge.net/p/p7zip/bugs/147/
+Bug-Debian: https://bugs.debian.org/774660
 
-diff --git a/CPP/7zip/UI/Agent/Agent.cpp b/CPP/7zip/UI/Agent/Agent.cpp
-index 201e82c..b0b8316 100644
---- a/CPP/7zip/UI/Agent/Agent.cpp
-+++ b/CPP/7zip/UI/Agent/Agent.cpp
-@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const UInt32 *indices,
+Alexander Cherepanov discovered that 7zip is susceptible to a
+directory traversal vulnerability.  While extracting an archive, it
+will extract symlinks and then follow them if they are referenced in
+further entries.  This can be exploited by a rogue archive to write
+files outside the current directory.
+
+We have to create placeholder files (which we already do) and delay
+creating symlinks until the end of extraction.
+
+Due to the possibility of anti-items (deletions) in the archive, it is
+possible for placeholders to be deleted and replaced before we create
+the symlinks.  It's not clear that this can be used for mischief, but
+GNU tar guards against similar problems by checking that the placeholder
+still exists and is the same inode.  XXX It also checks 'birth time' but
+this isn't portable.  We can probably get away with comparing ctime
+since we don't support hard links.
+
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp	2015-09-17 20:02:35.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp	2015-12-03 02:22:47.073724194 +0000
+@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const
    HRESULT result = _agentSpec->GetArchive()->Extract(&realIndices.Front(),
        realIndices.Size(), testMode, extractCallback);
    if (result == S_OK)
@@ -20,10 +33,9 @@ index 201e82c..b0b8316 100644
    return result;
    COM_TRY_END
  }
-diff --git a/CPP/7zip/UI/Client7z/Client7z.cpp b/CPP/7zip/UI/Client7z/Client7z.cpp
-index c6522fe..1919389 100644
---- a/CPP/7zip/UI/Client7z/Client7z.cpp
-+++ b/CPP/7zip/UI/Client7z/Client7z.cpp
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp	2015-10-17 15:52:30.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp	2015-12-03 02:22:47.073724194 +0000
 @@ -230,8 +230,11 @@ private:
    COutFileStream *_outFileStreamSpec;
    CMyComPtr<ISequentialOutStream> _outFileStream;
@@ -36,7 +48,7 @@ index c6522fe..1919389 100644
 
    UInt64 NumErrors;
    bool PasswordIsDefined;
-@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 operationResult)
+@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::Se
    }
    _outFileStream.Release();
    if (_extractMode && _processedFileInfo.AttribDefined)
@@ -61,7 +73,7 @@ index c6522fe..1919389 100644
 
  STDMETHODIMP CArchiveExtractCallback::CryptoGetTextPassword(BSTR *password)
  {
-@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const char *args[])
+@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const cha
        // extractCallbackSpec->PasswordIsDefined = true;
        // extractCallbackSpec->Password = L"1";
        HRESULT result = archive->Extract(NULL, (UInt32)(Int32)(-1), false, extractCallback);
@@ -70,11 +82,10 @@ index c6522fe..1919389 100644
        if (result != S_OK)
        {
          PrintError("Extract Error");
-diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
-index 877326b..05b13f3 100644
---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
-+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
-@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 opRes)
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp	2015-10-03 09:49:15.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp	2015-12-03 02:24:40.444963545 +0000
+@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::Se
      NumFiles++;
 
    if (!_stdOutMode && _extractMode && _fi.AttribDefined)
@@ -83,7 +94,7 @@ index 877326b..05b13f3 100644
 
    RINOK(_extractCallback2->SetOperationResult(opRes, BoolToInt(_encrypted)));
 
-@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FChar *s)
+@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FCha
    }
  }
 
@@ -94,7 +105,7 @@ index 877326b..05b13f3 100644
    CRecordVector<CExtrRefSortPair> pairs;
    pairs.ClearAndSetSize(_extractedFolderPaths.Size());
    unsigned i;
-@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirsTimes()
+@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirs
        (WriteATime && ATimeDefined) ? &ATime : NULL,
        (WriteMTime && MTimeDefined) ? &MTime : (_arc->MTimeDefined ? &_arc->MTime : NULL));
    }
@@ -108,10 +119,9 @@ index 877326b..05b13f3 100644
 +
 +  return result;
  }
-diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.h b/CPP/7zip/UI/Common/ArchiveExtractCallback.h
-index 1e9f0b6..b51d78f 100644
---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.h
-+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.h
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h	2015-10-03 11:29:09.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h	2015-12-03 02:22:47.074724204 +0000
 @@ -6,6 +6,8 @@
  #include "../../../Common/MyCom.h"
  #include "../../../Common/Wildcard.h"
@@ -139,10 +149,9 @@ index 1e9f0b6..b51d78f 100644
  };
 
  bool CensorNode_CheckPath(const NWildcard::CCensorNode &node, const CReadArcItem &item);
-diff --git a/CPP/7zip/UI/Common/Extract.cpp b/CPP/7zip/UI/Common/Extract.cpp
-index 5b96071..98192fa 100644
---- a/CPP/7zip/UI/Common/Extract.cpp
-+++ b/CPP/7zip/UI/Common/Extract.cpp
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp	2015-09-07 20:47:32.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp	2015-12-03 02:22:47.075724215 +0000
 @@ -207,7 +207,7 @@ static HRESULT DecompressArchive(
    else
      result = archive->Extract(&realIndices.Front(), realIndices.Size(), testMode, ecs);
@@ -152,11 +161,10 @@ index 5b96071..98192fa 100644
    return callback->ExtractResult(result);
  }
 
-diff --git a/CPP/Windows/FileDir.cpp b/CPP/Windows/FileDir.cpp
-index 422edfc..baa6255 100644
---- a/CPP/Windows/FileDir.cpp
-+++ b/CPP/Windows/FileDir.cpp
-@@ -347,7 +347,8 @@ static int convert_to_symlink(const char * name) {
+diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.cpp p7zip_15.09/CPP/Windows/FileDir.cpp
+--- p7zip_15.09.orig/CPP/Windows/FileDir.cpp	2015-10-10 13:37:41.000000000 +0100
++++ p7zip_15.09/CPP/Windows/FileDir.cpp	2015-12-03 02:22:47.075724215 +0000
+@@ -347,7 +347,8 @@ static int convert_to_symlink(const char
    return -1;
  }
 
@@ -166,7 +174,7 @@ index 422edfc..baa6255 100644
  {
    if (!fileName) {
      SetLastError(ERROR_PATH_NOT_FOUND);
-@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD fileAttributes)
+@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD
       stat_info.st_mode = fileAttributes >> 16;
  #ifdef ENV_HAVE_LSTAT
       if (S_ISLNK(stat_info.st_mode)) {
@@ -177,7 +185,7 @@ index 422edfc..baa6255 100644
            TRACEN((printf("SetFileAttrib(%s,%d) : false-3\n",(const char *)name,fileAttributes)))
            return false;
          }
-@@ -814,6 +817,44 @@ bool CTempDir::Remove()
+@@ -814,6 +817,43 @@ bool CTempDir::Remove()
    return !_mustBeDeleted;
  }
 
@@ -217,15 +225,13 @@ index 422edfc..baa6255 100644
 +}
 +
 +#endif // ENV_UNIX
-+
 +
  }}}
 
  #ifndef _SFX
-diff --git a/CPP/Windows/FileDir.h b/CPP/Windows/FileDir.h
-index b13d1cc..7429a81 100644
---- a/CPP/Windows/FileDir.h
-+++ b/CPP/Windows/FileDir.h
+diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.h p7zip_15.09/CPP/Windows/FileDir.h
+--- p7zip_15.09.orig/CPP/Windows/FileDir.h	2015-06-19 11:52:06.000000000 +0100
++++ p7zip_15.09/CPP/Windows/FileDir.h	2015-12-03 02:22:47.075724215 +0000
 @@ -4,6 +4,7 @@
  #define __WINDOWS_FILE_DIR_H