[med-svn] [Git][med-team/libzstd][debian/stable] 5 commits: initialize urgency=high team changelog
Étienne Mollier
gitlab at salsa.debian.org
Thu Feb 18 13:44:33 GMT 2021
Étienne Mollier pushed to branch debian/stable at Debian Med / libzstd
Commits:
46c35143 by Étienne Mollier at 2021-02-18T13:02:01+01:00
initialize urgency=high team changelog
- - - - -
4ef82959 by Étienne Mollier at 2021-02-18T13:15:34+01:00
replace 0017-fix-file-permissions-on-compression.patch
This patch is an adaptation of upstream patch to apply against
libzstd 1.3.8 shipped in Buster. It replaces the previous
patch which incompletely closed the window of the race condition.
- - - - -
c50e121d by Étienne Mollier at 2021-02-18T13:19:47+01:00
fix Bug-Debian in DEP3 header
- - - - -
6fc2d355 by Étienne Mollier at 2021-02-18T14:05:05+01:00
ready for buster-security upload
- - - - -
b81054f0 by Étienne Mollier at 2021-02-18T14:14:12+01:00
rm fix-file-permissions-on-compression.patch
This patch is replaced by the 0017-fix... so not needed anymore.
- - - - -
4 changed files:
- debian/changelog
- + debian/patches/0017-fix-file-permissions-on-compression.patch
- − debian/patches/fix-file-permissions-on-compression.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,14 @@
+libzstd (1.3.8+dfsg-3+deb10u2) buster-security; urgency=high
+
+ * Team upload.
+ * The previous fix-file-permissions-on-compression.patch almost closed the
+ window of the race condition, but not completely. This patch, adapted from
+ upstream, 0017-fix-file-permissions-on-compression.patch, replaces the
+ previous attempt by erasing the umask before opening the destination file.
+ Closes: #982519
+
+ -- Étienne Mollier <etienne.mollier at mailoo.org> Thu, 18 Feb 2021 12:59:48 +0100
+
libzstd (1.3.8+dfsg-3+deb10u1) buster-security; urgency=high
* Team upload.
=====================================
debian/patches/0017-fix-file-permissions-on-compression.patch
=====================================
@@ -0,0 +1,65 @@
+Description: fix race condition allowing attackers to access destination file
+ This commit addresses https://github.com/facebook/zstd/issues/2491.
+ .
+ Note that a downside of this solution is that it is global: `umask()` affects
+ all file creation calls in the process. I believe this is safe since
+ `fileio.c` functions should only ever be used in the zstd binary, and these
+ are (almost) the only files ever created by zstd, and AIUI they're only
+ created in a single thread. So we can get away with messing with global state.
+ .
+ Note that this doesn't change the permissions of files created by `dibio.c`.
+ I'm not sure what those should be...
+Author: W. Felix Handte <w at felixhandte.com>
+Origin: upstream
+Bug: https://github.com/facebook/zstd/issues/2491
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519
+Applied-Upstream: commit:a774c5797399040af62db21d8a9b9769e005430e
+Reviewed-by: Étienne Mollier <etienne.mollier at mailoo.org>
+Last-Update: 2021-02-18
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libzstd.orig/programs/fileio.c
++++ libzstd/programs/fileio.c
+@@ -481,7 +481,9 @@
+ FIO_remove(dstFileName);
+ } }
+
+- { FILE* const f = fopen( dstFileName, "wb" );
++ { const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */
++ FILE* const f = fopen( dstFileName, "wb" );
++ UTIL_umask(old_umask);
+ if (f == NULL)
+ DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+ return f;
+--- libzstd.orig/programs/util.c
++++ libzstd/programs/util.c
+@@ -51,6 +51,15 @@
+ return 1;
+ }
+
++int UTIL_umask(int mode) {
++#if PLATFORM_POSIX_VERSION > 0
++ return umask(mode);
++#else
++ /* do nothing, fake return value */
++ return mode;
++#endif
++}
++
+ int UTIL_setFileStat(const char *filename, stat_t *statbuf)
+ {
+ int res = 0;
+--- libzstd.orig/programs/util.h
++++ libzstd/programs/util.h
+@@ -181,6 +181,11 @@
+
+ U64 UTIL_getTotalFileSize(const char* const * const fileNamesTable, unsigned nbFiles);
+
++/**
++ * Wraps umask(). Does nothing when the platform doesn't have that concept.
++ */
++int UTIL_umask(int mode);
++
+ /*
+ * A modified version of realloc().
+ * If UTIL_realloc() fails the original block is freed.
=====================================
debian/patches/fix-file-permissions-on-compression.patch deleted
=====================================
@@ -1,18 +0,0 @@
---- libzstd.orig/programs/fileio.c
-+++ libzstd/programs/fileio.c
-@@ -482,8 +482,14 @@
- } }
-
- { FILE* const f = fopen( dstFileName, "wb" );
-- if (f == NULL)
-+ if (f == NULL) {
- DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
-+ } else if (srcFileName != NULL
-+ && strcmp (srcFileName, stdinmark)
-+ && strcmp(dstFileName, nulmark) ) {
-+ /* reduce rights on newly created dst file while compression is ongoing */
-+ chmod(dstFileName, 00600);
-+ }
- return f;
- }
- }
=====================================
debian/patches/series
=====================================
@@ -4,4 +4,4 @@
0014-Reproducible-build.patch
0015-Skip-dev-random-tests-on-hurd.patch
0016-fix-zstdgrep-exit-code.patch
-fix-file-permissions-on-compression.patch
+0017-fix-file-permissions-on-compression.patch
View it on GitLab: https://salsa.debian.org/med-team/libzstd/-/compare/9ecfe50cfaaa071aef968ad7b7e115fab4f8e704...b81054f003d79cff3808932665ee97ec84e443da
--
View it on GitLab: https://salsa.debian.org/med-team/libzstd/-/compare/9ecfe50cfaaa071aef968ad7b7e115fab4f8e704...b81054f003d79cff3808932665ee97ec84e443da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20210218/3e0ac907/attachment-0001.html>
More information about the debian-med-commit
mailing list