From: "Justin Lecher" <jlec@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-arch/p7zip/files/
Date: Thu, 3 Dec 2015 10:44:41 +0000 (UTC) [thread overview]
Message-ID: <1449139478.63d6e0fccc6f26ec4b0ba5cd6046b6a3fd4ca073.jlec@gentoo> (raw)
commit: 63d6e0fccc6f26ec4b0ba5cd6046b6a3fd4ca073
Author: Justin Lecher <jlec <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 3 10:43:00 2015 +0000
Commit: Justin Lecher <jlec <AT> gentoo <DOT> org>
CommitDate: Thu Dec 3 10:44:38 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63d6e0fc
app-arch/p7zip: Add upstream version of CVE patch
Package-Manager: portage-2.2.25
Signed-off-by: Justin Lecher <jlec <AT> gentoo.org>
.../p7zip/files/p7zip-15.09-CVE-2015-1038.patch | 98 ++++++++++++----------
1 file changed, 52 insertions(+), 46 deletions(-)
diff --git a/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch b/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch
index dc81317..5da28c5 100644
--- a/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch
+++ b/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch
@@ -1,17 +1,30 @@
- CPP/7zip/UI/Agent/Agent.cpp | 2 +-
- CPP/7zip/UI/Client7z/Client7z.cpp | 19 ++++++++++-
- CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | 14 +++++++--
- CPP/7zip/UI/Common/ArchiveExtractCallback.h | 6 +++-
- CPP/7zip/UI/Common/Extract.cpp | 2 +-
- CPP/Windows/FileDir.cpp | 45 +++++++++++++++++++++++++--
- CPP/Windows/FileDir.h | 31 +++++++++++++++++-
- 7 files changed, 109 insertions(+), 10 deletions(-)
+Author: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 19 May 2015 02:38:40 +0100
+Description: Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038)
+Bug: http://sourceforge.net/p/p7zip/bugs/147/
+Bug-Debian: https://bugs.debian.org/774660
-diff --git a/CPP/7zip/UI/Agent/Agent.cpp b/CPP/7zip/UI/Agent/Agent.cpp
-index 201e82c..b0b8316 100644
---- a/CPP/7zip/UI/Agent/Agent.cpp
-+++ b/CPP/7zip/UI/Agent/Agent.cpp
-@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const UInt32 *indices,
+Alexander Cherepanov discovered that 7zip is susceptible to a
+directory traversal vulnerability. While extracting an archive, it
+will extract symlinks and then follow them if they are referenced in
+further entries. This can be exploited by a rogue archive to write
+files outside the current directory.
+
+We have to create placeholder files (which we already do) and delay
+creating symlinks until the end of extraction.
+
+Due to the possibility of anti-items (deletions) in the archive, it is
+possible for placeholders to be deleted and replaced before we create
+the symlinks. It's not clear that this can be used for mischief, but
+GNU tar guards against similar problems by checking that the placeholder
+still exists and is the same inode. XXX It also checks 'birth time' but
+this isn't portable. We can probably get away with comparing ctime
+since we don't support hard links.
+
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp 2015-09-17 20:02:35.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp 2015-12-03 02:22:47.073724194 +0000
+@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const
HRESULT result = _agentSpec->GetArchive()->Extract(&realIndices.Front(),
realIndices.Size(), testMode, extractCallback);
if (result == S_OK)
@@ -20,10 +33,9 @@ index 201e82c..b0b8316 100644
return result;
COM_TRY_END
}
-diff --git a/CPP/7zip/UI/Client7z/Client7z.cpp b/CPP/7zip/UI/Client7z/Client7z.cpp
-index c6522fe..1919389 100644
---- a/CPP/7zip/UI/Client7z/Client7z.cpp
-+++ b/CPP/7zip/UI/Client7z/Client7z.cpp
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp 2015-10-17 15:52:30.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp 2015-12-03 02:22:47.073724194 +0000
@@ -230,8 +230,11 @@ private:
COutFileStream *_outFileStreamSpec;
CMyComPtr<ISequentialOutStream> _outFileStream;
@@ -36,7 +48,7 @@ index c6522fe..1919389 100644
UInt64 NumErrors;
bool PasswordIsDefined;
-@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 operationResult)
+@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::Se
}
_outFileStream.Release();
if (_extractMode && _processedFileInfo.AttribDefined)
@@ -61,7 +73,7 @@ index c6522fe..1919389 100644
STDMETHODIMP CArchiveExtractCallback::CryptoGetTextPassword(BSTR *password)
{
-@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const char *args[])
+@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const cha
// extractCallbackSpec->PasswordIsDefined = true;
// extractCallbackSpec->Password = L"1";
HRESULT result = archive->Extract(NULL, (UInt32)(Int32)(-1), false, extractCallback);
@@ -70,11 +82,10 @@ index c6522fe..1919389 100644
if (result != S_OK)
{
PrintError("Extract Error");
-diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
-index 877326b..05b13f3 100644
---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
-+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
-@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 opRes)
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-10-03 09:49:15.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-12-03 02:24:40.444963545 +0000
+@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::Se
NumFiles++;
if (!_stdOutMode && _extractMode && _fi.AttribDefined)
@@ -83,7 +94,7 @@ index 877326b..05b13f3 100644
RINOK(_extractCallback2->SetOperationResult(opRes, BoolToInt(_encrypted)));
-@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FChar *s)
+@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FCha
}
}
@@ -94,7 +105,7 @@ index 877326b..05b13f3 100644
CRecordVector<CExtrRefSortPair> pairs;
pairs.ClearAndSetSize(_extractedFolderPaths.Size());
unsigned i;
-@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirsTimes()
+@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirs
(WriteATime && ATimeDefined) ? &ATime : NULL,
(WriteMTime && MTimeDefined) ? &MTime : (_arc->MTimeDefined ? &_arc->MTime : NULL));
}
@@ -108,10 +119,9 @@ index 877326b..05b13f3 100644
+
+ return result;
}
-diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.h b/CPP/7zip/UI/Common/ArchiveExtractCallback.h
-index 1e9f0b6..b51d78f 100644
---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.h
-+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.h
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-10-03 11:29:09.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-12-03 02:22:47.074724204 +0000
@@ -6,6 +6,8 @@
#include "../../../Common/MyCom.h"
#include "../../../Common/Wildcard.h"
@@ -139,10 +149,9 @@ index 1e9f0b6..b51d78f 100644
};
bool CensorNode_CheckPath(const NWildcard::CCensorNode &node, const CReadArcItem &item);
-diff --git a/CPP/7zip/UI/Common/Extract.cpp b/CPP/7zip/UI/Common/Extract.cpp
-index 5b96071..98192fa 100644
---- a/CPP/7zip/UI/Common/Extract.cpp
-+++ b/CPP/7zip/UI/Common/Extract.cpp
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp 2015-09-07 20:47:32.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp 2015-12-03 02:22:47.075724215 +0000
@@ -207,7 +207,7 @@ static HRESULT DecompressArchive(
else
result = archive->Extract(&realIndices.Front(), realIndices.Size(), testMode, ecs);
@@ -152,11 +161,10 @@ index 5b96071..98192fa 100644
return callback->ExtractResult(result);
}
-diff --git a/CPP/Windows/FileDir.cpp b/CPP/Windows/FileDir.cpp
-index 422edfc..baa6255 100644
---- a/CPP/Windows/FileDir.cpp
-+++ b/CPP/Windows/FileDir.cpp
-@@ -347,7 +347,8 @@ static int convert_to_symlink(const char * name) {
+diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.cpp p7zip_15.09/CPP/Windows/FileDir.cpp
+--- p7zip_15.09.orig/CPP/Windows/FileDir.cpp 2015-10-10 13:37:41.000000000 +0100
++++ p7zip_15.09/CPP/Windows/FileDir.cpp 2015-12-03 02:22:47.075724215 +0000
+@@ -347,7 +347,8 @@ static int convert_to_symlink(const char
return -1;
}
@@ -166,7 +174,7 @@ index 422edfc..baa6255 100644
{
if (!fileName) {
SetLastError(ERROR_PATH_NOT_FOUND);
-@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD fileAttributes)
+@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD
stat_info.st_mode = fileAttributes >> 16;
#ifdef ENV_HAVE_LSTAT
if (S_ISLNK(stat_info.st_mode)) {
@@ -177,7 +185,7 @@ index 422edfc..baa6255 100644
TRACEN((printf("SetFileAttrib(%s,%d) : false-3\n",(const char *)name,fileAttributes)))
return false;
}
-@@ -814,6 +817,44 @@ bool CTempDir::Remove()
+@@ -814,6 +817,43 @@ bool CTempDir::Remove()
return !_mustBeDeleted;
}
@@ -218,14 +226,12 @@ index 422edfc..baa6255 100644
+
+#endif // ENV_UNIX
+
-+
}}}
#ifndef _SFX
-diff --git a/CPP/Windows/FileDir.h b/CPP/Windows/FileDir.h
-index b13d1cc..7429a81 100644
---- a/CPP/Windows/FileDir.h
-+++ b/CPP/Windows/FileDir.h
+diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.h p7zip_15.09/CPP/Windows/FileDir.h
+--- p7zip_15.09.orig/CPP/Windows/FileDir.h 2015-06-19 11:52:06.000000000 +0100
++++ p7zip_15.09/CPP/Windows/FileDir.h 2015-12-03 02:22:47.075724215 +0000
@@ -4,6 +4,7 @@
#define __WINDOWS_FILE_DIR_H
next reply other threads:[~2015-12-03 10:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-03 10:44 Justin Lecher [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-03-28 7:26 [gentoo-commits] repo/gentoo:master commit in: app-arch/p7zip/files/ Fabian Groffen
2016-04-10 9:49 Lars Wendler
2016-07-03 11:57 Patrice Clement
2017-08-08 22:43 Matt Thode
2018-05-31 12:14 Fabian Groffen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1449139478.63d6e0fccc6f26ec4b0ba5cd6046b6a3fd4ca073.jlec@gentoo \
--to=jlec@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox