From 578cf139e9ec7d1dbfbccb44e48acec255ae833f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= Date: Thu, 3 Dec 2015 02:52:22 +0000 Subject: [PATCH] Added the correct p7zip-15.09-CVE-2015-1038.patch --- ...8.patch => p7zip-15.09-CVE-2015-1038.patch | 77 ++++++++++--------- 1 file changed, 42 insertions(+), 35 deletions(-) rename p7zip-9.38.1-CVE-2015-1038.patch => p7zip-15.09-CVE-2015-1038.patch (70%) diff --git a/p7zip-9.38.1-CVE-2015-1038.patch b/p7zip-15.09-CVE-2015-1038.patch similarity index 70% rename from p7zip-9.38.1-CVE-2015-1038.patch rename to p7zip-15.09-CVE-2015-1038.patch index c4e4436..5da28c5 100644 --- a/p7zip-9.38.1-CVE-2015-1038.patch +++ b/p7zip-15.09-CVE-2015-1038.patch @@ -21,9 +21,10 @@ still exists and is the same inode. XXX It also checks 'birth time' but this isn't portable. We can probably get away with comparing ctime since we don't support hard links. ---- a/CPP/7zip/UI/Agent/Agent.cpp -+++ b/CPP/7zip/UI/Agent/Agent.cpp -@@ -1215,7 +1215,7 @@ STDMETHODIMP CAgentFolder::Extract(const +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp +--- p7zip_15.09.orig/CPP/7zip/UI/Agent/Agent.cpp 2015-09-17 20:02:35.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Agent/Agent.cpp 2015-12-03 02:22:47.073724194 +0000 +@@ -1515,7 +1515,7 @@ STDMETHODIMP CAgentFolder::Extract(const HRESULT result = _agentSpec->GetArchive()->Extract(&realIndices.Front(), realIndices.Size(), testMode, extractCallback); if (result == S_OK) @@ -32,9 +33,10 @@ since we don't support hard links. return result; COM_TRY_END } ---- a/CPP/7zip/UI/Client7z/Client7z.cpp -+++ b/CPP/7zip/UI/Client7z/Client7z.cpp -@@ -222,8 +222,11 @@ private: +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp +--- p7zip_15.09.orig/CPP/7zip/UI/Client7z/Client7z.cpp 2015-10-17 15:52:30.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Client7z/Client7z.cpp 2015-12-03 02:22:47.073724194 +0000 +@@ -230,8 +230,11 @@ private: COutFileStream *_outFileStreamSpec; CMyComPtr _outFileStream; @@ -46,7 +48,7 @@ since we don't support hard links. UInt64 NumErrors; bool PasswordIsDefined; -@@ -441,11 +444,23 @@ STDMETHODIMP CArchiveExtractCallback::Se +@@ -449,11 +452,23 @@ STDMETHODIMP CArchiveExtractCallback::Se } _outFileStream.Release(); if (_extractMode && _processedFileInfo.AttribDefined) @@ -71,7 +73,7 @@ since we don't support hard links. STDMETHODIMP CArchiveExtractCallback::CryptoGetTextPassword(BSTR *password) { -@@ -912,6 +927,8 @@ int MY_CDECL main(int numArgs, const cha +@@ -914,6 +929,8 @@ int MY_CDECL main(int numArgs, const cha // extractCallbackSpec->PasswordIsDefined = true; // extractCallbackSpec->Password = L"1"; HRESULT result = archive->Extract(NULL, (UInt32)(Int32)(-1), false, extractCallback); @@ -80,18 +82,19 @@ since we don't support hard links. if (result != S_OK) { PrintError("Extract Error"); ---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp -+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp -@@ -1083,7 +1083,7 @@ STDMETHODIMP CArchiveExtractCallback::Se +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp +--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-10-03 09:49:15.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp 2015-12-03 02:24:40.444963545 +0000 +@@ -1502,7 +1502,7 @@ STDMETHODIMP CArchiveExtractCallback::Se NumFiles++; - if (_extractMode && _fi.AttribDefined) + if (!_stdOutMode && _extractMode && _fi.AttribDefined) - SetFileAttrib(_diskFilePath, _fi.Attrib); + SetFileAttrib(_diskFilePath, _fi.Attrib, &_delayedSymLinks); - RINOK(_extractCallback2->SetOperationResult(operationResult, _encrypted)); - return S_OK; - COM_TRY_END -@@ -1149,8 +1149,9 @@ static int GetNumSlashes(const FChar *s) + + RINOK(_extractCallback2->SetOperationResult(opRes, BoolToInt(_encrypted))); + +@@ -1584,8 +1584,9 @@ static unsigned GetNumSlashes(const FCha } } @@ -102,7 +105,7 @@ since we don't support hard links. CRecordVector pairs; pairs.ClearAndSetSize(_extractedFolderPaths.Size()); unsigned i; -@@ -1187,5 +1188,12 @@ HRESULT CArchiveExtractCallback::SetDirs +@@ -1622,5 +1623,12 @@ HRESULT CArchiveExtractCallback::SetDirs (WriteATime && ATimeDefined) ? &ATime : NULL, (WriteMTime && MTimeDefined) ? &MTime : (_arc->MTimeDefined ? &_arc->MTime : NULL)); } @@ -116,8 +119,9 @@ since we don't support hard links. + + return result; } ---- a/CPP/7zip/UI/Common/ArchiveExtractCallback.h -+++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.h +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h +--- p7zip_15.09.orig/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-10-03 11:29:09.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Common/ArchiveExtractCallback.h 2015-12-03 02:22:47.074724204 +0000 @@ -6,6 +6,8 @@ #include "../../../Common/MyCom.h" #include "../../../Common/Wildcard.h" @@ -127,7 +131,7 @@ since we don't support hard links. #include "../../IPassword.h" #include "../../Common/FileStreams.h" -@@ -213,6 +215,8 @@ class CArchiveExtractCallback: +@@ -237,6 +239,8 @@ class CArchiveExtractCallback: bool _saclEnabled; #endif @@ -136,18 +140,19 @@ since we don't support hard links. void CreateComplexDirectory(const UStringVector &dirPathParts, FString &fullPath); HRESULT GetTime(int index, PROPID propID, FILETIME &filetime, bool &filetimeIsDefined); HRESULT GetUnpackSize(); -@@ -293,7 +297,7 @@ public: - _baseParentFolder = indexInArc; +@@ -330,7 +334,7 @@ public: } + #endif - HRESULT SetDirsTimes(); + HRESULT SetFinalAttribs(); }; - #endif ---- a/CPP/7zip/UI/Common/Extract.cpp -+++ b/CPP/7zip/UI/Common/Extract.cpp -@@ -170,7 +170,7 @@ static HRESULT DecompressArchive( + bool CensorNode_CheckPath(const NWildcard::CCensorNode &node, const CReadArcItem &item); +diff -rup p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp +--- p7zip_15.09.orig/CPP/7zip/UI/Common/Extract.cpp 2015-09-07 20:47:32.000000000 +0100 ++++ p7zip_15.09/CPP/7zip/UI/Common/Extract.cpp 2015-12-03 02:22:47.075724215 +0000 +@@ -207,7 +207,7 @@ static HRESULT DecompressArchive( else result = archive->Extract(&realIndices.Front(), realIndices.Size(), testMode, ecs); if (result == S_OK && !options.StdInMode) @@ -156,9 +161,10 @@ since we don't support hard links. return callback->ExtractResult(result); } ---- a/CPP/Windows/FileDir.cpp -+++ b/CPP/Windows/FileDir.cpp -@@ -343,7 +343,8 @@ static int convert_to_symlink(const char +diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.cpp p7zip_15.09/CPP/Windows/FileDir.cpp +--- p7zip_15.09.orig/CPP/Windows/FileDir.cpp 2015-10-10 13:37:41.000000000 +0100 ++++ p7zip_15.09/CPP/Windows/FileDir.cpp 2015-12-03 02:22:47.075724215 +0000 +@@ -347,7 +347,8 @@ static int convert_to_symlink(const char return -1; } @@ -168,7 +174,7 @@ since we don't support hard links. { if (!fileName) { SetLastError(ERROR_PATH_NOT_FOUND); -@@ -375,7 +376,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD +@@ -379,7 +380,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD stat_info.st_mode = fileAttributes >> 16; #ifdef ENV_HAVE_LSTAT if (S_ISLNK(stat_info.st_mode)) { @@ -179,7 +185,7 @@ since we don't support hard links. TRACEN((printf("SetFileAttrib(%s,%d) : false-3\n",(const char *)name,fileAttributes))) return false; } -@@ -885,6 +888,43 @@ bool CTempDir::Remove() +@@ -814,6 +817,43 @@ bool CTempDir::Remove() return !_mustBeDeleted; } @@ -222,9 +228,10 @@ since we don't support hard links. + }}} - ---- a/CPP/Windows/FileDir.h -+++ b/CPP/Windows/FileDir.h + #ifndef _SFX +diff -rup p7zip_15.09.orig/CPP/Windows/FileDir.h p7zip_15.09/CPP/Windows/FileDir.h +--- p7zip_15.09.orig/CPP/Windows/FileDir.h 2015-06-19 11:52:06.000000000 +0100 ++++ p7zip_15.09/CPP/Windows/FileDir.h 2015-12-03 02:22:47.075724215 +0000 @@ -4,6 +4,7 @@ #define __WINDOWS_FILE_DIR_H @@ -249,7 +256,7 @@ since we don't support hard links. bool MyMoveFile(CFSTR existFileName, CFSTR newFileName); #ifndef UNDER_CE -@@ -69,6 +73,31 @@ public: +@@ -76,6 +80,31 @@ public: bool Remove(); };