forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
app-arch/p7zip: Add upstream version of CVE patch
Package-Manager: portage-2.2.25 Signed-off-by: Justin Lecher <[email protected]>
- Loading branch information
Showing
1 changed file
with
52 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,30 @@ | ||
CPP/7zip/UI/Agent/Agent.cpp | 2 +- | ||
CPP/7zip/UI/Client7z/Client7z.cpp | 19 ++++++++++- | ||
CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | 14 +++++++-- | ||
CPP/7zip/UI/Common/ArchiveExtractCallback.h | 6 +++- | ||
CPP/7zip/UI/Common/Extract.cpp | 2 +- | ||
CPP/Windows/FileDir.cpp | 45 +++++++++++++++++++++++++-- | ||
CPP/Windows/FileDir.h | 31 +++++++++++++++++- | ||
7 files changed, 109 insertions(+), 10 deletions(-) | ||
Author: Ben Hutchings <[email protected]> | ||
Date: Tue, 19 May 2015 02:38:40 +0100 | ||
Description: Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038) | ||
Bug: http://sourceforge.net/p/p7zip/bugs/147/ | ||
Bug-Debian: https://bugs.debian.org/774660 | ||
|
||
diff --git a/CPP/7zip/UI/Agent/Agent.cpp b/CPP/7zip/UI/Agent/Agent.cpp | ||
index 201e82c..b0b8316 100644 | ||
--- a/CPP/7zip/UI/Agent/Agent.cpp | ||
+++ b/CPP/7zip/UI/Agent/Agent.cpp | ||
@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const UInt32 *indices, | ||
Alexander Cherepanov discovered that 7zip is susceptible to a | ||
directory traversal vulnerability. While extracting an archive, it | ||
will extract symlinks and then follow them if they are referenced in | ||
further entries. This can be exploited by a rogue archive to write | ||
files outside the current directory. | ||
|
||
We have to create placeholder files (which we already do) and delay | ||
creating symlinks until the end of extraction. | ||
|
||
Due to the possibility of anti-items (deletions) in the archive, it is | ||
possible for placeholders to be deleted and replaced before we create | ||
the symlinks. It's not clear that this can be used for mischief, but | ||
GNU tar guards against similar problems by checking that the placeholder | ||
still exists and is the same inode. XXX It also checks 'birth time' but | ||
this isn't portable. We can probably get away with comparing ctime | ||
since we don't support hard links. | ||
|
||
diff -rup p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp | ||
--- p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp 2015-09-17 20:02:35.000000000 +0100 | ||
+++ p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp 2015-12-03 02:22:47.073724194 +0000 | ||
@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const | ||
HRESULT result = _agentSpec->GetArchive()->Extract(&realIndices.Front(), | ||
realIndices.Size(), testMode, extractCallback); | ||
if (result == S_OK) | ||
|
@@ -20,10 +33,9 @@ index 201e82c..b0b8316 100644 | |
return result; | ||
COM_TRY_END | ||
} | ||
diff --git a/CPP/7zip/UI/Client7z/Client7z.cpp b/CPP/7zip/UI/Client7z/Client7z.cpp | ||
index c6522fe..1919389 100644 | ||
--- a/CPP/7zip/UI/Client7z/Client7z.cpp | ||
+++ b/CPP/7zip/UI/Client7z/Client7z.cpp | ||
diff -rup p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp | ||
--- p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp 2015-10-17 15:52:30.000000000 +0100 | ||
+++ p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp 2015-12-03 02:22:47.073724194 +0000 | ||
@@ -230,8 +230,11 @@ private: | ||
COutFileStream *_outFileStreamSpec; | ||
CMyComPtr<ISequentialOutStream> _outFileStream; | ||
|
@@ -36,7 +48,7 @@ index c6522fe..1919389 100644 | |
|
||
UInt64 NumErrors; | ||
bool PasswordIsDefined; | ||
@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 operationResult) | ||
@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::Se | ||
} | ||
_outFileStream.Release(); | ||
if (_extractMode && _processedFileInfo.AttribDefined) | ||
|
@@ -61,7 +73,7 @@ index c6522fe..1919389 100644 | |
|
||
STDMETHODIMP CArchiveExtractCallback::CryptoGetTextPassword(BSTR *password) | ||
{ | ||
@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const char *args[]) | ||
@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const cha | ||
// extractCallbackSpec->PasswordIsDefined = true; | ||
// extractCallbackSpec->Password = L"1"; | ||
HRESULT result = archive->Extract(NULL, (UInt32)(Int32)(-1), false, extractCallback); | ||
|
@@ -70,11 +82,10 @@ index c6522fe..1919389 100644 | |
if (result != S_OK) | ||
{ | ||
PrintError("Extract Error"); | ||
diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | ||
index 877326b..05b13f3 100644 | ||
--- a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | ||
+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | ||
@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 opRes) | ||
diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | ||
--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-10-03 09:49:15.000000000 +0100 | ||
+++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-12-03 02:24:40.444963545 +0000 | ||
@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::Se | ||
NumFiles++; | ||
|
||
if (!_stdOutMode && _extractMode && _fi.AttribDefined) | ||
|
@@ -83,7 +94,7 @@ index 877326b..05b13f3 100644 | |
|
||
RINOK(_extractCallback2->SetOperationResult(opRes, BoolToInt(_encrypted))); | ||
|
||
@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FChar *s) | ||
@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FCha | ||
} | ||
} | ||
|
||
|
@@ -94,7 +105,7 @@ index 877326b..05b13f3 100644 | |
CRecordVector<CExtrRefSortPair> pairs; | ||
pairs.ClearAndSetSize(_extractedFolderPaths.Size()); | ||
unsigned i; | ||
@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirsTimes() | ||
@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirs | ||
(WriteATime && ATimeDefined) ? &ATime : NULL, | ||
(WriteMTime && MTimeDefined) ? &MTime : (_arc->MTimeDefined ? &_arc->MTime : NULL)); | ||
} | ||
|
@@ -108,10 +119,9 @@ index 877326b..05b13f3 100644 | |
+ | ||
+ return result; | ||
} | ||
diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.h b/CPP/7zip/UI/Common/ArchiveExtractCallback.h | ||
index 1e9f0b6..b51d78f 100644 | ||
--- a/CPP/7zip/UI/Common/ArchiveExtractCallback.h | ||
+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.h | ||
diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h | ||
--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-10-03 11:29:09.000000000 +0100 | ||
+++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-12-03 02:22:47.074724204 +0000 | ||
@@ -6,6 +6,8 @@ | ||
#include "../../../Common/MyCom.h" | ||
#include "../../../Common/Wildcard.h" | ||
|
@@ -139,10 +149,9 @@ index 1e9f0b6..b51d78f 100644 | |
}; | ||
|
||
bool CensorNode_CheckPath(const NWildcard::CCensorNode &node, const CReadArcItem &item); | ||
diff --git a/CPP/7zip/UI/Common/Extract.cpp b/CPP/7zip/UI/Common/Extract.cpp | ||
index 5b96071..98192fa 100644 | ||
--- a/CPP/7zip/UI/Common/Extract.cpp | ||
+++ b/CPP/7zip/UI/Common/Extract.cpp | ||
diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp | ||
--- p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp 2015-09-07 20:47:32.000000000 +0100 | ||
+++ p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp 2015-12-03 02:22:47.075724215 +0000 | ||
@@ -207,7 +207,7 @@ static HRESULT DecompressArchive( | ||
else | ||
result = archive->Extract(&realIndices.Front(), realIndices.Size(), testMode, ecs); | ||
|
@@ -152,11 +161,10 @@ index 5b96071..98192fa 100644 | |
return callback->ExtractResult(result); | ||
} | ||
|
||
diff --git a/CPP/Windows/FileDir.cpp b/CPP/Windows/FileDir.cpp | ||
index 422edfc..baa6255 100644 | ||
--- a/CPP/Windows/FileDir.cpp | ||
+++ b/CPP/Windows/FileDir.cpp | ||
@@ -347,7 +347,8 @@ static int convert_to_symlink(const char * name) { | ||
diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.cpp p7zip_15.09/CPP/Windows/FileDir.cpp | ||
--- p7zip_15.09.orig/CPP/Windows/FileDir.cpp 2015-10-10 13:37:41.000000000 +0100 | ||
+++ p7zip_15.09/CPP/Windows/FileDir.cpp 2015-12-03 02:22:47.075724215 +0000 | ||
@@ -347,7 +347,8 @@ static int convert_to_symlink(const char | ||
return -1; | ||
} | ||
|
||
|
@@ -166,7 +174,7 @@ index 422edfc..baa6255 100644 | |
{ | ||
if (!fileName) { | ||
SetLastError(ERROR_PATH_NOT_FOUND); | ||
@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD fileAttributes) | ||
@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD | ||
stat_info.st_mode = fileAttributes >> 16; | ||
#ifdef ENV_HAVE_LSTAT | ||
if (S_ISLNK(stat_info.st_mode)) { | ||
|
@@ -177,7 +185,7 @@ index 422edfc..baa6255 100644 | |
TRACEN((printf("SetFileAttrib(%s,%d) : false-3\n",(const char *)name,fileAttributes))) | ||
return false; | ||
} | ||
@@ -814,6 +817,44 @@ bool CTempDir::Remove() | ||
@@ -814,6 +817,43 @@ bool CTempDir::Remove() | ||
return !_mustBeDeleted; | ||
} | ||
|
||
|
@@ -217,15 +225,13 @@ index 422edfc..baa6255 100644 | |
+} | ||
+ | ||
+#endif // ENV_UNIX | ||
+ | ||
+ | ||
}}} | ||
|
||
#ifndef _SFX | ||
diff --git a/CPP/Windows/FileDir.h b/CPP/Windows/FileDir.h | ||
index b13d1cc..7429a81 100644 | ||
--- a/CPP/Windows/FileDir.h | ||
+++ b/CPP/Windows/FileDir.h | ||
diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.h p7zip_15.09/CPP/Windows/FileDir.h | ||
--- p7zip_15.09.orig/CPP/Windows/FileDir.h 2015-06-19 11:52:06.000000000 +0100 | ||
+++ p7zip_15.09/CPP/Windows/FileDir.h 2015-12-03 02:22:47.075724215 +0000 | ||
@@ -4,6 +4,7 @@ | ||
#define __WINDOWS_FILE_DIR_H | ||
|
||
|