Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-arch
diff options
context:
space:
mode:
authorJustin Lecher <jlec@gentoo.org>2015-12-03 11:43:00 +0100
committerJustin Lecher <jlec@gentoo.org>2015-12-03 11:44:38 +0100
commit63d6e0fccc6f26ec4b0ba5cd6046b6a3fd4ca073 (patch)
treeb742989f3afa88aa73f5aaaf90b3f4293c571427 /app-arch
parentapp-admin/keepass: x86 stable wrt bug #566110 (diff)
downloadgentoo-63d6e0fccc6f26ec4b0ba5cd6046b6a3fd4ca073.tar.gz
gentoo-63d6e0fccc6f26ec4b0ba5cd6046b6a3fd4ca073.tar.bz2
gentoo-63d6e0fccc6f26ec4b0ba5cd6046b6a3fd4ca073.zip
app-arch/p7zip: Add upstream version of CVE patch
Package-Manager: portage-2.2.25 Signed-off-by: Justin Lecher <jlec@gentoo.org>
Diffstat (limited to 'app-arch')
-rw-r--r--app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch98
1 files changed, 52 insertions, 46 deletions
diff --git a/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch b/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch
index dc813174fb39..5da28c5c60b2 100644
--- a/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch
+++ b/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch
@@ -1,17 +1,30 @@
- CPP/7zip/UI/Agent/Agent.cpp | 2 +-
- CPP/7zip/UI/Client7z/Client7z.cpp | 19 ++++++++++-
- CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | 14 +++++++--
- CPP/7zip/UI/Common/ArchiveExtractCallback.h | 6 +++-
- CPP/7zip/UI/Common/Extract.cpp | 2 +-
- CPP/Windows/FileDir.cpp | 45 +++++++++++++++++++++++++--
- CPP/Windows/FileDir.h | 31 +++++++++++++++++-
- 7 files changed, 109 insertions(+), 10 deletions(-)
+Author: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 19 May 2015 02:38:40 +0100
+Description: Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038)
+Bug: http://sourceforge.net/p/p7zip/bugs/147/
+Bug-Debian: https://bugs.debian.org/774660
-diff --git a/CPP/7zip/UI/Agent/Agent.cpp b/CPP/7zip/UI/Agent/Agent.cpp
-index 201e82c..b0b8316 100644
---- a/CPP/7zip/UI/Agent/Agent.cpp
-+++ b/CPP/7zip/UI/Agent/Agent.cpp
-@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const UInt32 *indices,
+Alexander Cherepanov discovered that 7zip is susceptible to a
+directory traversal vulnerability. While extracting an archive, it
+will extract symlinks and then follow them if they are referenced in
+further entries. This can be exploited by a rogue archive to write
+files outside the current directory.
+
+We have to create placeholder files (which we already do) and delay
+creating symlinks until the end of extraction.
+
+Due to the possibility of anti-items (deletions) in the archive, it is
+possible for placeholders to be deleted and replaced before we create
+the symlinks. It's not clear that this can be used for mischief, but
+GNU tar guards against similar problems by checking that the placeholder
+still exists and is the same inode. XXX It also checks 'birth time' but
+this isn't portable. We can probably get away with comparing ctime
+since we don't support hard links.
+
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp 2015-09-17 20:02:35.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp 2015-12-03 02:22:47.073724194 +0000
+@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const
HRESULT result = _agentSpec->GetArchive()->Extract(&realIndices.Front(),
realIndices.Size(), testMode, extractCallback);
if (result == S_OK)
@@ -20,10 +33,9 @@ index 201e82c..b0b8316 100644
return result;
COM_TRY_END
}
-diff --git a/CPP/7zip/UI/Client7z/Client7z.cpp b/CPP/7zip/UI/Client7z/Client7z.cpp
-index c6522fe..1919389 100644
---- a/CPP/7zip/UI/Client7z/Client7z.cpp
-+++ b/CPP/7zip/UI/Client7z/Client7z.cpp
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp 2015-10-17 15:52:30.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp 2015-12-03 02:22:47.073724194 +0000
@@ -230,8 +230,11 @@ private:
COutFileStream *_outFileStreamSpec;
CMyComPtr<ISequentialOutStream> _outFileStream;
@@ -36,7 +48,7 @@ index c6522fe..1919389 100644
UInt64 NumErrors;
bool PasswordIsDefined;
-@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 operationResult)
+@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::Se
}
_outFileStream.Release();
if (_extractMode && _processedFileInfo.AttribDefined)
@@ -61,7 +73,7 @@ index c6522fe..1919389 100644
STDMETHODIMP CArchiveExtractCallback::CryptoGetTextPassword(BSTR *password)
{
-@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const char *args[])
+@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const cha
// extractCallbackSpec->PasswordIsDefined = true;
// extractCallbackSpec->Password = L"1";
HRESULT result = archive->Extract(NULL, (UInt32)(Int32)(-1), false, extractCallback);
@@ -70,11 +82,10 @@ index c6522fe..1919389 100644
if (result != S_OK)
{
PrintError("Extract Error");
-diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
-index 877326b..05b13f3 100644
---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
-+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
-@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 opRes)
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-10-03 09:49:15.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-12-03 02:24:40.444963545 +0000
+@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::Se
NumFiles++;
if (!_stdOutMode && _extractMode && _fi.AttribDefined)
@@ -83,7 +94,7 @@ index 877326b..05b13f3 100644
RINOK(_extractCallback2->SetOperationResult(opRes, BoolToInt(_encrypted)));
-@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FChar *s)
+@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FCha
}
}
@@ -94,7 +105,7 @@ index 877326b..05b13f3 100644
CRecordVector<CExtrRefSortPair> pairs;
pairs.ClearAndSetSize(_extractedFolderPaths.Size());
unsigned i;
-@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirsTimes()
+@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirs
(WriteATime && ATimeDefined) ? &ATime : NULL,
(WriteMTime && MTimeDefined) ? &MTime : (_arc->MTimeDefined ? &_arc->MTime : NULL));
}
@@ -108,10 +119,9 @@ index 877326b..05b13f3 100644
+
+ return result;
}
-diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.h b/CPP/7zip/UI/Common/ArchiveExtractCallback.h
-index 1e9f0b6..b51d78f 100644
---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.h
-+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.h
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-10-03 11:29:09.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-12-03 02:22:47.074724204 +0000
@@ -6,6 +6,8 @@
#include "../../../Common/MyCom.h"
#include "../../../Common/Wildcard.h"
@@ -139,10 +149,9 @@ index 1e9f0b6..b51d78f 100644
};
bool CensorNode_CheckPath(const NWildcard::CCensorNode &node, const CReadArcItem &item);
-diff --git a/CPP/7zip/UI/Common/Extract.cpp b/CPP/7zip/UI/Common/Extract.cpp
-index 5b96071..98192fa 100644
---- a/CPP/7zip/UI/Common/Extract.cpp
-+++ b/CPP/7zip/UI/Common/Extract.cpp
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp 2015-09-07 20:47:32.000000000 +0100
++++ p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp 2015-12-03 02:22:47.075724215 +0000
@@ -207,7 +207,7 @@ static HRESULT DecompressArchive(
else
result = archive->Extract(&realIndices.Front(), realIndices.Size(), testMode, ecs);
@@ -152,11 +161,10 @@ index 5b96071..98192fa 100644
return callback->ExtractResult(result);
}
-diff --git a/CPP/Windows/FileDir.cpp b/CPP/Windows/FileDir.cpp
-index 422edfc..baa6255 100644
---- a/CPP/Windows/FileDir.cpp
-+++ b/CPP/Windows/FileDir.cpp
-@@ -347,7 +347,8 @@ static int convert_to_symlink(const char * name) {
+diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.cpp p7zip_15.09/CPP/Windows/FileDir.cpp
+--- p7zip_15.09.orig/CPP/Windows/FileDir.cpp 2015-10-10 13:37:41.000000000 +0100
++++ p7zip_15.09/CPP/Windows/FileDir.cpp 2015-12-03 02:22:47.075724215 +0000
+@@ -347,7 +347,8 @@ static int convert_to_symlink(const char
return -1;
}
@@ -166,7 +174,7 @@ index 422edfc..baa6255 100644
{
if (!fileName) {
SetLastError(ERROR_PATH_NOT_FOUND);
-@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD fileAttributes)
+@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD
stat_info.st_mode = fileAttributes >> 16;
#ifdef ENV_HAVE_LSTAT
if (S_ISLNK(stat_info.st_mode)) {
@@ -177,7 +185,7 @@ index 422edfc..baa6255 100644
TRACEN((printf("SetFileAttrib(%s,%d) : false-3\n",(const char *)name,fileAttributes)))
return false;
}
-@@ -814,6 +817,44 @@ bool CTempDir::Remove()
+@@ -814,6 +817,43 @@ bool CTempDir::Remove()
return !_mustBeDeleted;
}
@@ -218,14 +226,12 @@ index 422edfc..baa6255 100644
+
+#endif // ENV_UNIX
+
-+
}}}
#ifndef _SFX
-diff --git a/CPP/Windows/FileDir.h b/CPP/Windows/FileDir.h
-index b13d1cc..7429a81 100644
---- a/CPP/Windows/FileDir.h
-+++ b/CPP/Windows/FileDir.h
+diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.h p7zip_15.09/CPP/Windows/FileDir.h
+--- p7zip_15.09.orig/CPP/Windows/FileDir.h 2015-06-19 11:52:06.000000000 +0100
++++ p7zip_15.09/CPP/Windows/FileDir.h 2015-12-03 02:22:47.075724215 +0000
@@ -4,6 +4,7 @@
#define __WINDOWS_FILE_DIR_H