commit: 63d6e0fccc6f26ec4b0ba5cd6046b6a3fd4ca073 Author: Justin Lecher <jlec <AT> gentoo <DOT> org> AuthorDate: Thu Dec 3 10:43:00 2015 +0000 Commit: Justin Lecher <jlec <AT> gentoo <DOT> org> CommitDate: Thu Dec 3 10:44:38 2015 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63d6e0fc
app-arch/p7zip: Add upstream version of CVE patch Package-Manager: portage-2.2.25 Signed-off-by: Justin Lecher <jlec <AT> gentoo.org> .../p7zip/files/p7zip-15.09-CVE-2015-1038.patch | 98 ++++++++++++---------- 1 file changed, 52 insertions(+), 46 deletions(-) diff --git a/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch b/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch index dc81317..5da28c5 100644 --- a/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch +++ b/app-arch/p7zip/files/p7zip-15.09-CVE-2015-1038.patch @@ -1,17 +1,30 @@ - CPP/7zip/UI/Agent/Agent.cpp | 2 +- - CPP/7zip/UI/Client7z/Client7z.cpp | 19 ++++++++++- - CPP/7zip/UI/Common/ArchiveExtractCallback.cpp | 14 +++++++-- - CPP/7zip/UI/Common/ArchiveExtractCallback.h | 6 +++- - CPP/7zip/UI/Common/Extract.cpp | 2 +- - CPP/Windows/FileDir.cpp | 45 +++++++++++++++++++++++++-- - CPP/Windows/FileDir.h | 31 +++++++++++++++++- - 7 files changed, 109 insertions(+), 10 deletions(-) +Author: Ben Hutchings <[email protected]> +Date: Tue, 19 May 2015 02:38:40 +0100 +Description: Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038) +Bug: http://sourceforge.net/p/p7zip/bugs/147/ +Bug-Debian: https://bugs.debian.org/774660 -diff --git a/CPP/7zip/UI/Agent/Agent.cpp b/CPP/7zip/UI/Agent/Agent.cpp -index 201e82c..b0b8316 100644 ---- a/CPP/7zip/UI/Agent/Agent.cpp -+++ b/CPP/7zip/UI/Agent/Agent.cpp -@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const UInt32 *indices, +Alexander Cherepanov discovered that 7zip is susceptible to a +directory traversal vulnerability. While extracting an archive, it +will extract symlinks and then follow them if they are referenced in +further entries. This can be exploited by a rogue archive to write +files outside the current directory. + +We have to create placeholder files (which we already do) and delay +creating symlinks until the end of extraction. + +Due to the possibility of anti-items (deletions) in the archive, it is +possible for placeholders to be deleted and replaced before we create +the symlinks. It's not clear that this can be used for mischief, but +GNU tar guards against similar problems by checking that the placeholder +still exists and is the same inode. XXX It also checks 'birth time' but +this isn't portable. We can probably get away with comparing ctime +since we don't support hard links. + +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp +--- p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp 2015-09-17 20:02:35.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp 2015-12-03 02:22:47.073724194 +0000 +@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const HRESULT result = _agentSpec->GetArchive()->Extract(&realIndices.Front(), realIndices.Size(), testMode, extractCallback); if (result == S_OK) @@ -20,10 +33,9 @@ index 201e82c..b0b8316 100644 return result; COM_TRY_END } -diff --git a/CPP/7zip/UI/Client7z/Client7z.cpp b/CPP/7zip/UI/Client7z/Client7z.cpp -index c6522fe..1919389 100644 ---- a/CPP/7zip/UI/Client7z/Client7z.cpp -+++ b/CPP/7zip/UI/Client7z/Client7z.cpp +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp +--- p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp 2015-10-17 15:52:30.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp 2015-12-03 02:22:47.073724194 +0000 @@ -230,8 +230,11 @@ private: COutFileStream *_outFileStreamSpec; CMyComPtr<ISequentialOutStream> _outFileStream; @@ -36,7 +48,7 @@ index c6522fe..1919389 100644 UInt64 NumErrors; bool PasswordIsDefined; -@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 operationResult) +@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::Se } _outFileStream.Release(); if (_extractMode && _processedFileInfo.AttribDefined) @@ -61,7 +73,7 @@ index c6522fe..1919389 100644 STDMETHODIMP CArchiveExtractCallback::CryptoGetTextPassword(BSTR *password) { -@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const char *args[]) +@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const cha // extractCallbackSpec->PasswordIsDefined = true; // extractCallbackSpec->Password = L"1"; HRESULT result = archive->Extract(NULL, (UInt32)(Int32)(-1), false, extractCallback); @@ -70,11 +82,10 @@ index c6522fe..1919389 100644 if (result != S_OK) { PrintError("Extract Error"); -diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp -index 877326b..05b13f3 100644 ---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp -+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp -@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::SetOperationResult(Int32 opRes) +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp +--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-10-03 09:49:15.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-12-03 02:24:40.444963545 +0000 +@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::Se NumFiles++; if (!_stdOutMode && _extractMode && _fi.AttribDefined) @@ -83,7 +94,7 @@ index 877326b..05b13f3 100644 RINOK(_extractCallback2->SetOperationResult(opRes, BoolToInt(_encrypted))); -@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FChar *s) +@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FCha } } @@ -94,7 +105,7 @@ index 877326b..05b13f3 100644 CRecordVector<CExtrRefSortPair> pairs; pairs.ClearAndSetSize(_extractedFolderPaths.Size()); unsigned i; -@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirsTimes() +@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirs (WriteATime && ATimeDefined) ? &ATime : NULL, (WriteMTime && MTimeDefined) ? &MTime : (_arc->MTimeDefined ? &_arc->MTime : NULL)); } @@ -108,10 +119,9 @@ index 877326b..05b13f3 100644 + + return result; } -diff --git a/CPP/7zip/UI/Common/ArchiveExtractCallback.h b/CPP/7zip/UI/Common/ArchiveExtractCallback.h -index 1e9f0b6..b51d78f 100644 ---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.h -+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.h +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h +--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-10-03 11:29:09.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-12-03 02:22:47.074724204 +0000 @@ -6,6 +6,8 @@ #include "../../../Common/MyCom.h" #include "../../../Common/Wildcard.h" @@ -139,10 +149,9 @@ index 1e9f0b6..b51d78f 100644 }; bool CensorNode_CheckPath(const NWildcard::CCensorNode &node, const CReadArcItem &item); -diff --git a/CPP/7zip/UI/Common/Extract.cpp b/CPP/7zip/UI/Common/Extract.cpp -index 5b96071..98192fa 100644 ---- a/CPP/7zip/UI/Common/Extract.cpp -+++ b/CPP/7zip/UI/Common/Extract.cpp +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp +--- p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp 2015-09-07 20:47:32.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp 2015-12-03 02:22:47.075724215 +0000 @@ -207,7 +207,7 @@ static HRESULT DecompressArchive( else result = archive->Extract(&realIndices.Front(), realIndices.Size(), testMode, ecs); @@ -152,11 +161,10 @@ index 5b96071..98192fa 100644 return callback->ExtractResult(result); } -diff --git a/CPP/Windows/FileDir.cpp b/CPP/Windows/FileDir.cpp -index 422edfc..baa6255 100644 ---- a/CPP/Windows/FileDir.cpp -+++ b/CPP/Windows/FileDir.cpp -@@ -347,7 +347,8 @@ static int convert_to_symlink(const char * name) { +diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.cpp p7zip_15.09/CPP/Windows/FileDir.cpp +--- p7zip_15.09.orig/CPP/Windows/FileDir.cpp 2015-10-10 13:37:41.000000000 +0100 ++++ p7zip_15.09/CPP/Windows/FileDir.cpp 2015-12-03 02:22:47.075724215 +0000 +@@ -347,7 +347,8 @@ static int convert_to_symlink(const char return -1; } @@ -166,7 +174,7 @@ index 422edfc..baa6255 100644 { if (!fileName) { SetLastError(ERROR_PATH_NOT_FOUND); -@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD fileAttributes) +@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD stat_info.st_mode = fileAttributes >> 16; #ifdef ENV_HAVE_LSTAT if (S_ISLNK(stat_info.st_mode)) { @@ -177,7 +185,7 @@ index 422edfc..baa6255 100644 TRACEN((printf("SetFileAttrib(%s,%d) : false-3\n",(const char *)name,fileAttributes))) return false; } -@@ -814,6 +817,44 @@ bool CTempDir::Remove() +@@ -814,6 +817,43 @@ bool CTempDir::Remove() return !_mustBeDeleted; } @@ -218,14 +226,12 @@ index 422edfc..baa6255 100644 + +#endif // ENV_UNIX + -+ }}} #ifndef _SFX -diff --git a/CPP/Windows/FileDir.h b/CPP/Windows/FileDir.h -index b13d1cc..7429a81 100644 ---- a/CPP/Windows/FileDir.h -+++ b/CPP/Windows/FileDir.h +diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.h p7zip_15.09/CPP/Windows/FileDir.h +--- p7zip_15.09.orig/CPP/Windows/FileDir.h 2015-06-19 11:52:06.000000000 +0100 ++++ p7zip_15.09/CPP/Windows/FileDir.h 2015-12-03 02:22:47.075724215 +0000 @@ -4,6 +4,7 @@ #define __WINDOWS_FILE_DIR_H
