Import debian patch for CVE-2015-1038, bug #536012; latest version is still vulnerable

(Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key E9402A79B03529A2!)

3 files changed, 478 insertions, 1 deletions

diff --git a/app-arch/p7zip/ChangeLog b/app-arch/p7zip/ChangeLog
index 498e3f311c9b..f8aae6875886 100644
--- a/app-arch/p7zip/ChangeLog
+++ b/app-arch/p7zip/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-arch/p7zip
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/p7zip/ChangeLog,v 1.168 2015/06/09 08:54:50 jlec Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/p7zip/ChangeLog,v 1.169 2015/06/16 06:36:45 jlec Exp $
+
+*p7zip-9.20.1-r5 (16 Jun 2015)
+
+  16 Jun 2015; Justin Lecher <jlec@gentoo.org>
+  +files/p7zip-9.20.1-CVE-2015-1038.patch, +p7zip-9.20.1-r5.ebuild:
+  Import debian patch for CVE-2015-1038, bug #536012; latest version is still
+  vulnerable
 
   09 Jun 2015; Justin Lecher <jlec@gentoo.org> metadata.xml:
   Updating remote-id in metadata.xml
diff --git a/app-arch/p7zip/files/p7zip-9.20.1-CVE-2015-1038.patch b/app-arch/p7zip/files/p7zip-9.20.1-CVE-2015-1038.patch
new file mode 100644
index 000000000000..09dd0f29cce7
--- /dev/null
+++ b/app-arch/p7zip/files/p7zip-9.20.1-CVE-2015-1038.patch
@@ -0,0 +1,315 @@
+Author: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 19 May 2015 02:38:40 +0100
+Description: Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038)
+Bug: http://sourceforge.net/p/p7zip/bugs/147/
+Bug-Debian: https://bugs.debian.org/774660
+
+Alexander Cherepanov discovered that 7zip is susceptible to a
+directory traversal vulnerability.  While extracting an archive, it
+will extract symlinks and then follow them if they are referenced in
+further entries.  This can be exploited by a rogue archive to write
+files outside the current directory.
+
+We have to create placeholder files (which we already do) and delay
+creating symlinks until the end of extraction.
+
+Due to the possibility of anti-items (deletions) in the archive, it is
+possible for placeholders to be deleted and replaced before we create
+the symlinks.  It's not clear that this can be used for mischief, but
+GNU tar guards against similar problems by checking that the placeholder
+still exists and is the same inode.  XXX It also checks 'birth time' but
+this isn't portable.  We can probably get away with comparing ctime
+since we don't support hard links.
+
+--- a/CPP/7zip/UI/Agent/Agent.cpp
++++ b/CPP/7zip/UI/Agent/Agent.cpp
+@@ -424,6 +424,8 @@ STDMETHODIMP CAgentFolder::Extract(const
+   CMyComPtr<IArchiveExtractCallback> extractCallback = extractCallbackSpec;
+   UStringVector pathParts;
+   CProxyFolder *currentProxyFolder = _proxyFolderItem;
++  HRESULT res;
++
+   while (currentProxyFolder->Parent)
+   {
+     pathParts.Insert(0, currentProxyFolder->Name);
+@@ -445,8 +447,11 @@ STDMETHODIMP CAgentFolder::Extract(const
+       (UInt64)(Int64)-1);
+   CUIntVector realIndices;
+   GetRealIndices(indices, numItems, realIndices);
+-  return _agentSpec->GetArchive()->Extract(&realIndices.Front(),
++  res = _agentSpec->GetArchive()->Extract(&realIndices.Front(),
+       realIndices.Size(), testMode, extractCallback);
++  if (res == S_OK && !extractCallbackSpec->CreateSymLinks())
++    res = E_FAIL;
++  return res;
+   COM_TRY_END
+ }
+ 
+--- a/CPP/7zip/UI/Agent/ArchiveFolder.cpp
++++ b/CPP/7zip/UI/Agent/ArchiveFolder.cpp
+@@ -20,6 +20,8 @@ STDMETHODIMP CAgentFolder::CopyTo(const
+   CMyComPtr<IArchiveExtractCallback> extractCallback = extractCallbackSpec;
+   UStringVector pathParts;
+   CProxyFolder *currentProxyFolder = _proxyFolderItem;
++  HRESULT res;
++
+   while (currentProxyFolder->Parent)
+   {
+     pathParts.Insert(0, currentProxyFolder->Name);
+@@ -46,8 +48,11 @@ STDMETHODIMP CAgentFolder::CopyTo(const
+       (UInt64)(Int64)-1);
+   CUIntVector realIndices;
+   GetRealIndices(indices, numItems, realIndices);
+-  return _agentSpec->GetArchive()->Extract(&realIndices.Front(),
++  res = _agentSpec->GetArchive()->Extract(&realIndices.Front(),
+       realIndices.Size(), BoolToInt(false), extractCallback);
++  if (res == S_OK && !extractCallbackSpec->CreateSymLinks())
++    res = E_FAIL;
++  return res;
+   COM_TRY_END
+ }
+ 
+--- a/CPP/7zip/UI/Client7z/Client7z.cpp
++++ b/CPP/7zip/UI/Client7z/Client7z.cpp
+@@ -197,8 +197,11 @@ private:
+   COutFileStream *_outFileStreamSpec;
+   CMyComPtr<ISequentialOutStream> _outFileStream;
+ 
++  CObjectVector<NWindows::NFile::NDirectory::CDelayedSymLink> _delayedSymLinks;
++
+ public:
+   void Init(IInArchive *archiveHandler, const UString &directoryPath);
++  bool CreateSymLinks();
+ 
+   UInt64 NumErrors;
+   bool PasswordIsDefined;
+@@ -392,11 +395,22 @@ STDMETHODIMP CArchiveExtractCallback::Se
+   }
+   _outFileStream.Release();
+   if (_extractMode && _processedFileInfo.AttribDefined)
+-    NFile::NDirectory::MySetFileAttributes(_diskFilePath, _processedFileInfo.Attrib);
++    NFile::NDirectory::MySetFileAttributes(_diskFilePath, _processedFileInfo.Attrib, &_delayedSymLinks);
+   PrintNewLine();
+   return S_OK;
+ }
+ 
++bool CArchiveExtractCallback::CreateSymLinks()
++{
++  bool success = true;
++
++  for (int i = 0; i != _delayedSymLinks.Size(); ++i)
++    success &= _delayedSymLinks[i].Create();
++
++  _delayedSymLinks.Clear();
++
++  return success;
++}
+ 
+ STDMETHODIMP CArchiveExtractCallback::CryptoGetTextPassword(BSTR *password)
+ {
+--- a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
++++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
+@@ -453,12 +453,24 @@ STDMETHODIMP CArchiveExtractCallback::Se
+     NumFiles++;
+ 
+   if (_extractMode && _fi.AttribDefined)
+-    NFile::NDirectory::MySetFileAttributes(_diskFilePath, _fi.Attrib);
++    NFile::NDirectory::MySetFileAttributes(_diskFilePath, _fi.Attrib, &_delayedSymLinks);
+   RINOK(_extractCallback2->SetOperationResult(operationResult, _encrypted));
+   return S_OK;
+   COM_TRY_END
+ }
+ 
++bool CArchiveExtractCallback::CreateSymLinks()
++{
++  bool success = true;
++
++  for (int i = 0; i != _delayedSymLinks.Size(); ++i)
++    success &= _delayedSymLinks[i].Create();
++
++  _delayedSymLinks.Clear();
++
++  return success;
++}
++
+ /*
+ STDMETHODIMP CArchiveExtractCallback::GetInStream(
+     const wchar_t *name, ISequentialInStream **inStream)
+--- a/CPP/7zip/UI/Common/ArchiveExtractCallback.h
++++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.h
+@@ -6,6 +6,8 @@
+ #include "Common/MyCom.h"
+ #include "Common/Wildcard.h"
+ 
++#include "Windows/FileDir.h"
++
+ #include "../../IPassword.h"
+ 
+ #include "../../Common/FileStreams.h"
+@@ -83,6 +85,8 @@ class CArchiveExtractCallback:
+   UInt64 _packTotal;
+   UInt64 _unpTotal;
+ 
++  CObjectVector<NWindows::NFile::NDirectory::CDelayedSymLink> _delayedSymLinks;
++
+   void CreateComplexDirectory(const UStringVector &dirPathParts, UString &fullPath);
+   HRESULT GetTime(int index, PROPID propID, FILETIME &filetime, bool &filetimeIsDefined);
+   HRESULT GetUnpackSize();
+@@ -138,6 +142,7 @@ public:
+       const UStringVector &removePathParts,
+       UInt64 packSize);
+ 
++  bool CreateSymLinks();
+ };
+ 
+ #endif
+--- a/CPP/7zip/UI/Common/Extract.cpp
++++ b/CPP/7zip/UI/Common/Extract.cpp
+@@ -96,6 +96,9 @@ static HRESULT DecompressArchive(
+   else
+     result = archive->Extract(&realIndices.Front(), realIndices.Size(), testMode, extractCallbackSpec);
+ 
++  if (result == S_OK && !extractCallbackSpec->CreateSymLinks())
++    result = E_FAIL;
++
+   return callback->ExtractResult(result);
+ }
+ 
+--- a/CPP/Windows/FileDir.cpp
++++ b/CPP/Windows/FileDir.cpp
+@@ -453,9 +453,10 @@ bool SetDirTime(LPCWSTR fileName, const
+ }
+ 
+ #ifndef _UNICODE
+-bool MySetFileAttributes(LPCWSTR fileName, DWORD fileAttributes)
++bool MySetFileAttributes(LPCWSTR fileName, DWORD fileAttributes,
++			 CObjectVector<CDelayedSymLink> *delayedSymLinks)
+ {  
+-  return MySetFileAttributes(UnicodeStringToMultiByte(fileName, CP_ACP), fileAttributes);
++  return MySetFileAttributes(UnicodeStringToMultiByte(fileName, CP_ACP), fileAttributes, delayedSymLinks);
+ }
+ 
+ bool MyRemoveDirectory(LPCWSTR pathName)
+@@ -488,7 +489,8 @@ static int convert_to_symlink(const char
+   return -1;
+ }
+ 
+-bool MySetFileAttributes(LPCTSTR fileName, DWORD fileAttributes)
++bool MySetFileAttributes(LPCTSTR fileName, DWORD fileAttributes,
++			 CObjectVector<CDelayedSymLink> *delayedSymLinks)
+ {
+   if (!fileName) {
+     SetLastError(ERROR_PATH_NOT_FOUND);
+@@ -520,7 +522,9 @@ bool MySetFileAttributes(LPCTSTR fileNam
+      stat_info.st_mode = fileAttributes >> 16;
+ #ifdef ENV_HAVE_LSTAT
+      if (S_ISLNK(stat_info.st_mode)) {
+-        if ( convert_to_symlink(name) != 0) {
++        if (delayedSymLinks)
++          delayedSymLinks->Add(CDelayedSymLink(name));
++        else if ( convert_to_symlink(name) != 0) {
+           TRACEN((printf("MySetFileAttributes(%s,%d) : false-3\n",name,fileAttributes)))
+           return false;
+         }
+@@ -924,4 +928,41 @@ bool CTempDirectory::Create(LPCTSTR pref
+ }
+ 
+ 
++#ifdef ENV_UNIX
++
++CDelayedSymLink::CDelayedSymLink(LPCSTR source)
++  : _source(source)
++{
++  struct stat st;
++
++  if (lstat(_source, &st) == 0) {
++    _dev = st.st_dev;
++    _ino = st.st_ino;
++  } else {
++    _dev = 0;
++  }
++}
++
++bool CDelayedSymLink::Create()
++{
++  struct stat st;
++
++  if (_dev == 0) {
++    errno = EPERM;
++    return false;
++  }
++  if (lstat(_source, &st) != 0)
++    return false;
++  if (_dev != st.st_dev || _ino != st.st_ino) {
++    // Placeholder file has been overwritten or moved by another
++    // symbolic link creation
++    errno = EPERM;
++    return false;
++  }
++
++  return convert_to_symlink(_source) == 0;
++}
++
++#endif // ENV_UNIX
++
+ }}}
+--- a/CPP/Windows/FileDir.h
++++ b/CPP/Windows/FileDir.h
+@@ -4,6 +4,7 @@
+ #define __WINDOWS_FILEDIR_H
+ 
+ #include "../Common/MyString.h"
++#include "../Common/MyVector.h"
+ #include "Defs.h"
+ 
+ /* GetFullPathName for 7zAES.cpp */
+@@ -13,11 +14,15 @@ namespace NWindows {
+ namespace NFile {
+ namespace NDirectory {
+ 
++class CDelayedSymLink;
++
+ bool SetDirTime(LPCWSTR fileName, const FILETIME *creationTime, const FILETIME *lastAccessTime, const FILETIME *lastWriteTime);
+ 
+-bool MySetFileAttributes(LPCTSTR fileName, DWORD fileAttributes);
++bool MySetFileAttributes(LPCTSTR fileName, DWORD fileAttributes,
++			 CObjectVector<CDelayedSymLink> *delayedSymLinks = 0);
+ #ifndef _UNICODE
+-bool MySetFileAttributes(LPCWSTR fileName, DWORD fileAttributes);
++bool MySetFileAttributes(LPCWSTR fileName, DWORD fileAttributes,
++			 CObjectVector<CDelayedSymLink> *delayedSymLinks = 0);
+ #endif
+ 
+ bool MyMoveFile(LPCTSTR existFileName, LPCTSTR newFileName);
+@@ -80,6 +85,31 @@ public:
+   bool Remove();
+ };
+ 
++// Symbolic links must be created last so that they can't be used to
++// create or overwrite files above the extraction directory.
++class CDelayedSymLink
++{
++#ifdef ENV_UNIX
++  // Where the symlink should be created.  The target is specified in
++  // the placeholder file.
++  AString _source;
++
++  // Device and inode of the placeholder file.  Before creating the
++  // symlink, we must check that these haven't been changed by creation
++  // of another symlink.
++  dev_t _dev;
++  ino_t _ino;
++
++public:
++  explicit CDelayedSymLink(LPCSTR source);
++  bool Create();
++#else // !ENV_UNIX
++public:
++  CDelayedSymLink(LPCSTR source) {}
++  bool Create() { return true; }
++#endif // ENV_UNIX
++};
++
+ #ifdef _UNICODE
+ typedef CTempFile CTempFileW;
+ #endif
diff --git a/app-arch/p7zip/p7zip-9.20.1-r5.ebuild b/app-arch/p7zip/p7zip-9.20.1-r5.ebuild
new file mode 100644
index 000000000000..95c96ac62798
--- /dev/null
+++ b/app-arch/p7zip/p7zip-9.20.1-r5.ebuild
@@ -0,0 +1,155 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-arch/p7zip/p7zip-9.20.1-r5.ebuild,v 1.7 2015/06/16 06:36:45 jlec Exp $
+
+EAPI=4
+
+WX_GTK_VER="2.8"
+
+inherit eutils multilib toolchain-funcs wxwidgets
+
+DESCRIPTION="Port of 7-Zip archiver for Unix"
+HOMEPAGE="http://p7zip.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${PN}_${PV}_src_all.tar.bz2"
+
+LICENSE="LGPL-2.1 rar? ( unRAR )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris"
+IUSE="doc kde rar +pch static wxwidgets"
+
+REQUIRED_USE="kde? ( wxwidgets )"
+
+RDEPEND="
+	kde? ( x11-libs/wxGTK:2.8[X,-odbc] kde-base/kdelibs )
+	wxwidgets? ( x11-libs/wxGTK:2.8[X,-odbc] )"
+DEPEND="${RDEPEND}
+	amd64? ( dev-lang/yasm )
+	x86? ( dev-lang/nasm )"
+
+S=${WORKDIR}/${PN}_${PV}
+
+src_prepare() {
+	epatch \
+		"${FILESDIR}"/${P}-execstack.patch \
+		"${FILESDIR}"/${P}-QA.patch \
+		"${FILESDIR}"/${P}-CVE-2015-1038.patch
+
+	if ! use pch; then
+		sed "s:PRE_COMPILED_HEADER=StdAfx.h.gch:PRE_COMPILED_HEADER=:g" -i makefile.* || die
+	fi
+
+	sed \
+		-e 's:-m32 ::g' \
+		-e 's:-m64 ::g' \
+		-e 's:-O::g' \
+		-e 's:-pipe::g' \
+		-e "/^CC/s:\$(ALLFLAGS):${CFLAGS} \$(ALLFLAGS):g" \
+		-e "/^CXX/s:\$(ALLFLAGS):${CXXFLAGS} \$(ALLFLAGS):g" \
+		-i makefile* || die
+
+	# remove non-free RAR codec
+	if use rar; then
+		ewarn "Enabling nonfree RAR decompressor"
+	else
+		sed -e '/Rar/d' -i makefile* || die
+		rm -rf CPP/7zip/Compress/Rar || die
+		epatch "${FILESDIR}"/9.04-makefile.patch
+	fi
+
+	sed -i \
+		-e "/^CXX=/s:g++:$(tc-getCXX):" \
+		-e "/^CC=/s:gcc:$(tc-getCC):" \
+		-e '/ALLFLAGS/s:-s ::' \
+		makefile* || die "changing makefiles"
+
+	if use amd64; then
+		cp -f makefile.linux_amd64_asm makefile.machine || die
+	elif use x86; then
+		cp -f makefile.linux_x86_asm_gcc_4.X makefile.machine || die
+	elif [[ ${CHOST} == *-darwin* ]] ; then
+		# Mac OS X needs this special makefile, because it has a non-GNU linker
+		[[ ${CHOST} == *64-* ]] \
+			&& cp -f makefile.macosx_64bits makefile.machine \
+			|| cp -f makefile.macosx_32bits makefile.machine
+		# bundles have extension .bundle but don't die because USE=-rar
+		# removes the Rar directory
+		sed -i -e '/strcpy(name/s/\.so/.bundle/' \
+			CPP/Windows/DLL.cpp || die
+		sed -i -e '/^PROG=/s/\.so/.bundle/' \
+			CPP/7zip/Bundles/Format7zFree/makefile \
+			$(use rar && echo CPP/7zip/Compress/Rar/makefile) || die
+	elif use x86-fbsd; then
+		# FreeBSD needs this special makefile, because it hasn't -ldl
+		sed -e 's/-lc_r/-pthread/' makefile.freebsd > makefile.machine
+	fi
+
+	if use static; then
+		sed -i -e '/^LOCAL_LIBS=/s/LOCAL_LIBS=/&-static /' makefile.machine || die
+	fi
+
+	if use kde || use wxwidgets; then
+		einfo "Preparing dependency list"
+		emake depend
+	fi
+}
+
+src_compile() {
+	emake all3
+	if use kde || use wxwidgets; then
+		emake -- 7zG
+		emake -- 7zFM
+	fi
+}
+
+src_test() {
+	emake test test_7z test_7zr
+}
+
+src_install() {
+	# this wrappers can not be symlinks, p7zip should be called with full path
+	make_wrapper 7zr "/usr/$(get_libdir)/${PN}/7zr"
+	make_wrapper 7za "/usr/$(get_libdir)/${PN}/7za"
+	make_wrapper 7z "/usr/$(get_libdir)/${PN}/7z"
+
+	if use kde || use wxwidgets; then
+		make_wrapper 7zG "/usr/$(get_libdir)/${PN}/7zG"
+		make_wrapper 7zFM "/usr/$(get_libdir)/${PN}/7zFM"
+
+		make_desktop_entry 7zFM "${PN} FM" ${PN} "GTK;Utility;Archiving;Compression"
+
+		dobin GUI/p7zipForFilemanager
+		exeinto /usr/$(get_libdir)/${PN}
+		doexe bin/7z{G,FM}
+
+		insinto /usr/$(get_libdir)/${PN}
+		doins -r GUI/{Lang,help}
+
+		insinto /usr/share/icons/hicolor/16x16/apps/
+		newins GUI/p7zip_16_ok.png p7zip.png
+
+		if use kde; then
+			rm GUI/kde4/p7zip_compress.desktop || die
+			insinto /usr/share/kde4/services/ServiceMenus
+			doins GUI/kde4/*.desktop
+		fi
+	fi
+
+	dobin contrib/gzip-like_CLI_wrapper_for_7z/p7zip
+	doman contrib/gzip-like_CLI_wrapper_for_7z/man1/p7zip.1
+
+	exeinto /usr/$(get_libdir)/${PN}
+	doexe bin/7z bin/7za bin/7zr bin/7zCon.sfx
+	doexe bin/*$(get_modname)
+	if use rar; then
+		exeinto /usr/$(get_libdir)/${PN}/Codecs/
+		doexe bin/Codecs/*$(get_modname)
+	fi
+
+	doman man1/7z.1 man1/7za.1 man1/7zr.1
+	dodoc ChangeLog README TODO
+
+	if use doc; then
+		dodoc DOCS/*.txt
+		dohtml -r DOCS/MANUAL/*
+	fi
+}