aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-06-01 12:43:39 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-06-01 12:43:39 -0600
commite03978708f35d916272c11b956d96bdb6302b7cf (patch)
tree621e533e31d9ce543e0593004e13bd44025f022e
parentb510067ec9dc89d259f6dcfc3a129335860727e3 (diff)
downloadaports-e03978708f35d916272c11b956d96bdb6302b7cf.tar.gz
aports-e03978708f35d916272c11b956d96bdb6302b7cf.tar.bz2
aports-e03978708f35d916272c11b956d96bdb6302b7cf.tar.xz
community/file-roller: add mitigation for CVE-2020-36314
-rw-r--r--community/file-roller/APKBUILD14
-rw-r--r--community/file-roller/CVE-2020-36314.patch218
2 files changed, 229 insertions, 3 deletions
diff --git a/community/file-roller/APKBUILD b/community/file-roller/APKBUILD
index 72a7b7d7fa..784e7a9bd8 100644
--- a/community/file-roller/APKBUILD
+++ b/community/file-roller/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=file-roller
pkgver=3.38.0
-pkgrel=0
+pkgrel=1
pkgdesc="File Roller is an archive manager for the GNOME desktop "
url="https://wiki.gnome.org/Apps/FileRoller"
arch="all !s390x !mips !mips64" # blocked by nautilus-dev
@@ -11,7 +11,12 @@ depends="cpio"
makedepends="meson glib-dev gtk+3.0-dev json-glib-dev libnotify-dev libarchive-dev
itstool nautilus-dev"
subpackages="$pkgname-lang"
-source="https://download.gnome.org/sources/file-roller/${pkgver%.*}/file-roller-$pkgver.tar.xz"
+source="https://download.gnome.org/sources/file-roller/${pkgver%.*}/file-roller-$pkgver.tar.xz
+ CVE-2020-36314.patch"
+
+# secfixes:
+# 3.38.0-r1:
+# - CVE-2020-36314
build() {
abuild-meson \
@@ -29,4 +34,7 @@ package() {
DESTDIR="$pkgdir" meson install --no-rebuild -C output
}
-sha512sums="9c2e3c105397bceb08e30c9796b9242633fe49772aed2e7f67461c34a51be1493e922301b1fc29bdcb0fa50d220f4a7db2ee7642f629007ce2bef00334d7110e file-roller-3.38.0.tar.xz"
+sha512sums="
+9c2e3c105397bceb08e30c9796b9242633fe49772aed2e7f67461c34a51be1493e922301b1fc29bdcb0fa50d220f4a7db2ee7642f629007ce2bef00334d7110e file-roller-3.38.0.tar.xz
+aa39e3a8b829e9831fcb658fccb1e01532a01fb7b94babb31553b4a9624cb0a66eec29f7d03f8cbc6b8e71022e1859ef3e526cd85ee39be235ba2fc7ec073187 CVE-2020-36314.patch
+"
diff --git a/community/file-roller/CVE-2020-36314.patch b/community/file-roller/CVE-2020-36314.patch
new file mode 100644
index 0000000000..3a9c07f0e2
--- /dev/null
+++ b/community/file-roller/CVE-2020-36314.patch
@@ -0,0 +1,218 @@
+From e970f4966bf388f6e7c277357c8b186c645683ae Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 11 Mar 2021 16:24:35 +0100
+Subject: [PATCH] libarchive: Skip files with symlinks in parents
+
+Currently, it is still possible that some files are extracted outside of
+the destination dir in case of malicious archives. The checks from commit
+21dfcdbf can be still bypassed in certain cases. See GNOME/file-roller#108
+for more details. After some investigation, I am convinced that it would be
+best to simply disallow symlinks in parents. For example, `tar` fails to
+extract such files with the `ENOTDIR` error. Let's do the same here.
+
+Fixes: https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
+---
+ src/fr-archive-libarchive.c | 136 ++++++------------------------------
+ 1 file changed, 20 insertions(+), 116 deletions(-)
+
+diff --git a/src/fr-archive-libarchive.c b/src/fr-archive-libarchive.c
+index 4f698ee4..e61f8821 100644
+--- a/src/fr-archive-libarchive.c
++++ b/src/fr-archive-libarchive.c
+@@ -697,115 +697,12 @@ _g_output_stream_add_padding (ExtractData *extract_data,
+ return success;
+ }
+
+-
+-static gboolean
+-_symlink_is_external_to_destination (GFile *file,
+- const char *symlink,
+- GFile *destination,
+- GHashTable *external_links);
+-
+-
+-static gboolean
+-_g_file_is_external_link (GFile *file,
+- GFile *destination,
+- GHashTable *external_links)
+-{
+- GFileInfo *info;
+- gboolean external;
+-
+- if (g_hash_table_lookup (external_links, file) != NULL)
+- return TRUE;
+-
+- info = g_file_query_info (file,
+- G_FILE_ATTRIBUTE_STANDARD_IS_SYMLINK "," G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET,
+- G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
+- NULL,
+- NULL);
+-
+- if (info == NULL)
+- return FALSE;
+-
+- external = FALSE;
+-
+- if (g_file_info_get_is_symlink (info)) {
+- if (_symlink_is_external_to_destination (file,
+- g_file_info_get_symlink_target (info),
+- destination,
+- external_links))
+- {
+- g_hash_table_insert (external_links, g_object_ref (file), GINT_TO_POINTER (1));
+- external = TRUE;
+- }
+- }
+-
+- g_object_unref (info);
+-
+- return external;
+-}
+-
+-
+ static gboolean
+-_symlink_is_external_to_destination (GFile *file,
+- const char *symlink,
+- GFile *destination,
+- GHashTable *external_links)
++_g_file_contains_symlinks_in_path (const char *relative_path,
++ GFile *destination,
++ GHashTable *symlinks)
+ {
+- gboolean external = FALSE;
+- GFile *parent;
+- char **components;
+- int i;
+-
+- if ((file == NULL) || (symlink == NULL))
+- return FALSE;
+-
+- if (symlink[0] == '/')
+- return TRUE;
+-
+- parent = g_file_get_parent (file);
+- components = g_strsplit (symlink, "/", -1);
+- for (i = 0; components[i] != NULL; i++) {
+- char *name = components[i];
+- GFile *tmp;
+-
+- if ((name[0] == 0) || ((name[0] == '.') && (name[1] == 0)))
+- continue;
+-
+- if ((name[0] == '.') && (name[1] == '.') && (name[2] == 0)) {
+- if (g_file_equal (parent, destination)) {
+- external = TRUE;
+- break;
+- }
+- else {
+- tmp = g_file_get_parent (parent);
+- g_object_unref (parent);
+- parent = tmp;
+- }
+- }
+- else {
+- tmp = g_file_get_child (parent, components[i]);
+- g_object_unref (parent);
+- parent = tmp;
+- }
+-
+- if (_g_file_is_external_link (parent, destination, external_links)) {
+- external = TRUE;
+- break;
+- }
+- }
+-
+- g_strfreev (components);
+- g_object_unref (parent);
+-
+- return external;
+-}
+-
+-
+-static gboolean
+-_g_path_is_external_to_destination (const char *relative_path,
+- GFile *destination,
+- GHashTable *external_links)
+-{
+- gboolean external = FALSE;
++ gboolean contains_symlinks = FALSE;
+ GFile *parent;
+ char **components;
+ int i;
+@@ -828,8 +725,8 @@ _g_path_is_external_to_destination (const char *relative_path,
+ g_object_unref (parent);
+ parent = tmp;
+
+- if (_g_file_is_external_link (parent, destination, external_links)) {
+- external = TRUE;
++ if (g_hash_table_contains (symlinks, parent)) {
++ contains_symlinks = TRUE;
+ break;
+ }
+ }
+@@ -837,7 +734,7 @@ _g_path_is_external_to_destination (const char *relative_path,
+ g_strfreev (components);
+ g_object_unref (parent);
+
+- return external;
++ return contains_symlinks;
+ }
+
+
+@@ -851,7 +748,7 @@ extract_archive_thread (GSimpleAsyncResult *result,
+ GHashTable *checked_folders;
+ GHashTable *created_files;
+ GHashTable *folders_created_during_extraction;
+- GHashTable *external_links;
++ GHashTable *symlinks;
+ struct archive *a;
+ struct archive_entry *entry;
+ int r;
+@@ -868,7 +765,7 @@ extract_archive_thread (GSimpleAsyncResult *result,
+ checked_folders = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, NULL);
+ created_files = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, g_object_unref);
+ folders_created_during_extraction = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, NULL);
+- external_links = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, NULL);
++ symlinks = g_hash_table_new_full (g_file_hash, (GEqualFunc) g_file_equal, g_object_unref, NULL);
+ fr_archive_progress_set_total_files (load_data->archive, extract_data->n_files_to_extract);
+
+ while ((r = archive_read_next_header (a, &entry)) == ARCHIVE_OK) {
+@@ -902,7 +799,14 @@ extract_archive_thread (GSimpleAsyncResult *result,
+ continue;
+ }
+
+- if (_g_path_is_external_to_destination (relative_path, extract_data->destination, external_links)) {
++ /* Symlinks in parents are dangerous as it can easily happen
++ * that files are written outside of the destination. The tar
++ * cmd fails to extract such archives with ENOTDIR. Let's skip
++ * those files here for sure. This is most probably malicious,
++ * or corrupted archive.
++ */
++ if (_g_file_contains_symlinks_in_path (relative_path, extract_data->destination, symlinks)) {
++ g_warning ("Skipping '%s' file as it has symlink in parents.", relative_path);
+ fr_archive_progress_inc_completed_files (load_data->archive, 1);
+ fr_archive_progress_inc_completed_bytes (load_data->archive, archive_entry_size_is_set (entry) ? archive_entry_size (entry) : 0);
+ archive_read_data_skip (a);
+@@ -1123,8 +1027,8 @@ extract_archive_thread (GSimpleAsyncResult *result,
+ load_data->error = g_error_copy (local_error);
+ g_clear_error (&local_error);
+ }
+- if ((load_data->error == NULL) && _symlink_is_external_to_destination (file, archive_entry_symlink (entry), extract_data->destination, external_links))
+- g_hash_table_insert (external_links, g_object_ref (file), GINT_TO_POINTER (1));
++ if (load_data->error == NULL)
++ g_hash_table_add (symlinks, g_object_ref (file));
+ archive_read_data_skip (a);
+ break;
+
+@@ -1159,7 +1063,7 @@ extract_archive_thread (GSimpleAsyncResult *result,
+ g_hash_table_unref (folders_created_during_extraction);
+ g_hash_table_unref (created_files);
+ g_hash_table_unref (checked_folders);
+- g_hash_table_unref (external_links);
++ g_hash_table_unref (symlinks);
+ archive_read_free (a);
+ extract_data_free (extract_data);
+ }
+--
+GitLab
+