1 |
commit: 63d6e0fccc6f26ec4b0ba5cd6046b6a3fd4ca073 |
2 |
Author: Justin Lecher <jlec <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Dec 3 10:43:00 2015 +0000 |
4 |
Commit: Justin Lecher <jlec <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Dec 3 10:44:38 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63d6e0fc |
7 |
|
8 |
app-arch/p7zip: Add upstream version of CVE patch |
9 |
|
10 |
Package-Manager: portage-2.2.25 |
11 |
Signed-off-by: Justin Lecher <jlec <AT> gentoo.org> |
12 |
|
13 |
.../p7zip/files/p7zip-15.09-CVE-2015-1038.patch | 98 ++++++++++++---------- |
14 |
1 file changed, 52 insertions(+), 46 deletions(-) |
15 |
|
16 |
diff --git a/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch b/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch |
17 |
index dc81317..5da28c5 100644 |
18 |
--- a/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch |
19 |
+++ b/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch |
20 |
@@ -1,17 +1,30 @@ |
21 |
- CPP/7zip/UI/Agent/Agent.cpp | 2 +- |
22 |
- CPP/7zip/UI/Client7z/Client7z.cpp | 19 ++++++++++- |
23 |
- CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | 14 +++++++-- |
24 |
- CPP/7zip/UI/Common/ArchiveExtractCallback.h | 6 +++- |
25 |
- CPP/7zip/UI/Common/Extract.cpp | 2 +- |
26 |
- CPP/Windows/FileDir.cpp | 45 +++++++++++++++++++++++++-- |
27 |
- CPP/Windows/FileDir.h | 31 +++++++++++++++++- |
28 |
- 7 files changed, 109 insertions(+), 10 deletions(-) |
29 |
+Author: Ben Hutchings <ben@××××××××××××.uk> |
30 |
+Date: Tue, 19 May 2015 02:38:40 +0100 |
31 |
+Description: Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038) |
32 |
+Bug: http://sourceforge.net/p/p7zip/bugs/147/ |
33 |
+Bug-Debian: https://bugs.debian.org/774660 |
34 |
|
35 |
-diff --git a/CPP/7zip/UI/Agent/Agent.cpp b/CPP/7zip/UI/Agent/Agent.cpp |
36 |
-index 201e82c..b0b8316 100644 |
37 |
---- a/CPP/7zip/UI/Agent/Agent.cpp |
38 |
-+++ b/CPP/7zip/UI/Agent/Agent.cpp |
39 |
-@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const UInt32 *indices, |
40 |
+Alexander Cherepanov discovered that 7zip is susceptible to a |
41 |
+directory traversal vulnerability. While extracting an archive, it |
42 |
+will extract symlinks and then follow them if they are referenced in |
43 |
+further entries. This can be exploited by a rogue archive to write |
44 |
+files outside the current directory. |
45 |
+ |
46 |
+We have to create placeholder files (which we already do) and delay |
47 |
+creating symlinks until the end of extraction. |
48 |
+ |
49 |
+Due to the possibility of anti-items (deletions) in the archive, it is |
50 |
+possible for placeholders to be deleted and replaced before we create |
51 |
+the symlinks. It's not clear that this can be used for mischief, but |
52 |
+GNU tar guards against similar problems by checking that the placeholder |
53 |
+still exists and is the same inode. XXX It also checks 'birth time' but |
54 |
+this isn't portable. We can probably get away with comparing ctime |
55 |
+since we don't support hard links. |
56 |
+ |
57 |
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp |
58 |
+--- p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp 2015-09-17 20:02:35.000000000 +0100 |
59 |
++++ p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp 2015-12-03 02:22:47.073724194 +0000 |
60 |
+@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const |
61 |
HRESULT result = _agentSpec->GetArchive()->Extract(&realIndices.Front(), |
62 |
realIndices.Size(), testMode, extractCallback); |
63 |
if (result == S_OK) |
64 |
@@ -20,10 +33,9 @@ index 201e82c..b0b8316 100644 |
65 |
return result; |
66 |
COM_TRY_END |
67 |
} |
68 |
-diff --git a/CPP/7zip/UI/Client7z/Client7z.cpp b/CPP/7zip/UI/Client7z/Client7z.cpp |
69 |
-index c6522fe..1919389 100644 |
70 |
---- a/CPP/7zip/UI/Client7z/Client7z.cpp |
71 |
-+++ b/CPP/7zip/UI/Client7z/Client7z.cpp |
72 |
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp |
73 |
+--- p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp 2015-10-17 15:52:30.000000000 +0100 |
74 |
++++ p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp 2015-12-03 02:22:47.073724194 +0000 |
75 |
@@ -230,8 +230,11 @@ private: |
76 |
COutFileStream *_outFileStreamSpec; |
77 |
CMyComPtr<ISequentialOutStream> _outFileStream; |
78 |
@@ -36,7 +48,7 @@ index c6522fe..1919389 100644 |
79 |
|
80 |
UInt64 NumErrors; |
81 |
bool PasswordIsDefined; |
82 |
-@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 operationResult) |
83 |
+@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::Se |
84 |
} |
85 |
_outFileStream.Release(); |
86 |
if (_extractMode && _processedFileInfo.AttribDefined) |
87 |
@@ -61,7 +73,7 @@ index c6522fe..1919389 100644 |
88 |
|
89 |
STDMETHODIMP CArchiveExtractCallback::CryptoGetTextPassword(BSTR *password) |
90 |
{ |
91 |
-@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const char *args[]) |
92 |
+@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const cha |
93 |
// extractCallbackSpec->PasswordIsDefined = true; |
94 |
// extractCallbackSpec->Password = L"1"; |
95 |
HRESULT result = archive->Extract(NULL, (UInt32)(Int32)(-1), false, extractCallback); |
96 |
@@ -70,11 +82,10 @@ index c6522fe..1919389 100644 |
97 |
if (result != S_OK) |
98 |
{ |
99 |
PrintError("Extract Error"); |
100 |
-diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp |
101 |
-index 877326b..05b13f3 100644 |
102 |
---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp |
103 |
-+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp |
104 |
-@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 opRes) |
105 |
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp |
106 |
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-10-03 09:49:15.000000000 +0100 |
107 |
++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-12-03 02:24:40.444963545 +0000 |
108 |
+@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::Se |
109 |
NumFiles++; |
110 |
|
111 |
if (!_stdOutMode && _extractMode && _fi.AttribDefined) |
112 |
@@ -83,7 +94,7 @@ index 877326b..05b13f3 100644 |
113 |
|
114 |
RINOK(_extractCallback2->SetOperationResult(opRes, BoolToInt(_encrypted))); |
115 |
|
116 |
-@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FChar *s) |
117 |
+@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FCha |
118 |
} |
119 |
} |
120 |
|
121 |
@@ -94,7 +105,7 @@ index 877326b..05b13f3 100644 |
122 |
CRecordVector<CExtrRefSortPair> pairs; |
123 |
pairs.ClearAndSetSize(_extractedFolderPaths.Size()); |
124 |
unsigned i; |
125 |
-@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirsTimes() |
126 |
+@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirs |
127 |
(WriteATime && ATimeDefined) ? &ATime : NULL, |
128 |
(WriteMTime && MTimeDefined) ? &MTime : (_arc->MTimeDefined ? &_arc->MTime : NULL)); |
129 |
} |
130 |
@@ -108,10 +119,9 @@ index 877326b..05b13f3 100644 |
131 |
+ |
132 |
+ return result; |
133 |
} |
134 |
-diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.h b/CPP/7zip/UI/Common/ArchiveExtractCallback.h |
135 |
-index 1e9f0b6..b51d78f 100644 |
136 |
---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.h |
137 |
-+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.h |
138 |
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h |
139 |
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-10-03 11:29:09.000000000 +0100 |
140 |
++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-12-03 02:22:47.074724204 +0000 |
141 |
@@ -6,6 +6,8 @@ |
142 |
#include "../../../Common/MyCom.h" |
143 |
#include "../../../Common/Wildcard.h" |
144 |
@@ -139,10 +149,9 @@ index 1e9f0b6..b51d78f 100644 |
145 |
}; |
146 |
|
147 |
bool CensorNode_CheckPath(const NWildcard::CCensorNode &node, const CReadArcItem &item); |
148 |
-diff --git a/CPP/7zip/UI/Common/Extract.cpp b/CPP/7zip/UI/Common/Extract.cpp |
149 |
-index 5b96071..98192fa 100644 |
150 |
---- a/CPP/7zip/UI/Common/Extract.cpp |
151 |
-+++ b/CPP/7zip/UI/Common/Extract.cpp |
152 |
+diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp |
153 |
+--- p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp 2015-09-07 20:47:32.000000000 +0100 |
154 |
++++ p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp 2015-12-03 02:22:47.075724215 +0000 |
155 |
@@ -207,7 +207,7 @@ static HRESULT DecompressArchive( |
156 |
else |
157 |
result = archive->Extract(&realIndices.Front(), realIndices.Size(), testMode, ecs); |
158 |
@@ -152,11 +161,10 @@ index 5b96071..98192fa 100644 |
159 |
return callback->ExtractResult(result); |
160 |
} |
161 |
|
162 |
-diff --git a/CPP/Windows/FileDir.cpp b/CPP/Windows/FileDir.cpp |
163 |
-index 422edfc..baa6255 100644 |
164 |
---- a/CPP/Windows/FileDir.cpp |
165 |
-+++ b/CPP/Windows/FileDir.cpp |
166 |
-@@ -347,7 +347,8 @@ static int convert_to_symlink(const char * name) { |
167 |
+diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.cpp p7zip_15.09/CPP/Windows/FileDir.cpp |
168 |
+--- p7zip_15.09.orig/CPP/Windows/FileDir.cpp 2015-10-10 13:37:41.000000000 +0100 |
169 |
++++ p7zip_15.09/CPP/Windows/FileDir.cpp 2015-12-03 02:22:47.075724215 +0000 |
170 |
+@@ -347,7 +347,8 @@ static int convert_to_symlink(const char |
171 |
return -1; |
172 |
} |
173 |
|
174 |
@@ -166,7 +174,7 @@ index 422edfc..baa6255 100644 |
175 |
{ |
176 |
if (!fileName) { |
177 |
SetLastError(ERROR_PATH_NOT_FOUND); |
178 |
-@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD fileAttributes) |
179 |
+@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD |
180 |
stat_info.st_mode = fileAttributes >> 16; |
181 |
#ifdef ENV_HAVE_LSTAT |
182 |
if (S_ISLNK(stat_info.st_mode)) { |
183 |
@@ -177,7 +185,7 @@ index 422edfc..baa6255 100644 |
184 |
TRACEN((printf("SetFileAttrib(%s,%d) : false-3\n",(const char *)name,fileAttributes))) |
185 |
return false; |
186 |
} |
187 |
-@@ -814,6 +817,44 @@ bool CTempDir::Remove() |
188 |
+@@ -814,6 +817,43 @@ bool CTempDir::Remove() |
189 |
return !_mustBeDeleted; |
190 |
} |
191 |
|
192 |
@@ -218,14 +226,12 @@ index 422edfc..baa6255 100644 |
193 |
+ |
194 |
+#endif // ENV_UNIX |
195 |
+ |
196 |
-+ |
197 |
}}} |
198 |
|
199 |
#ifndef _SFX |
200 |
-diff --git a/CPP/Windows/FileDir.h b/CPP/Windows/FileDir.h |
201 |
-index b13d1cc..7429a81 100644 |
202 |
---- a/CPP/Windows/FileDir.h |
203 |
-+++ b/CPP/Windows/FileDir.h |
204 |
+diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.h p7zip_15.09/CPP/Windows/FileDir.h |
205 |
+--- p7zip_15.09.orig/CPP/Windows/FileDir.h 2015-06-19 11:52:06.000000000 +0100 |
206 |
++++ p7zip_15.09/CPP/Windows/FileDir.h 2015-12-03 02:22:47.075724215 +0000 |
207 |
@@ -4,6 +4,7 @@ |
208 |
#define __WINDOWS_FILE_DIR_H |