diff --git a/backport-CVE-2021-24032.patch b/backport-CVE-2021-24032.patch new file mode 100644 index 0000000000000000000000000000000000000000..0b5855fca04fe647ebd7cf6cfc0ee4dca832cdc6 --- /dev/null +++ b/backport-CVE-2021-24032.patch @@ -0,0 +1,88 @@ +From a774c5797399040af62db21d8a9b9769e005430e Mon Sep 17 00:00:00 2001 +From: "W. Felix Handte" +Date: Thu, 11 Feb 2021 15:50:13 -0500 +Subject: [PATCH] Use umask() to Constrain Created File Permissions + +This commit addresses #2491. + +Note that a downside of this solution is that it is global: `umask()` affects +all file creation calls in the process. I believe this is safe since +`fileio.c` functions should only ever be used in the zstd binary, and these +are (almost) the only files ever created by zstd, and AIUI they're only +created in a single thread. So we can get away with messing with global state. + +Note that this doesn't change the permissions of files created by `dibio.c`. +I'm not sure what those should be... +--- + programs/fileio.c | 9 +++------ + programs/util.c | 9 +++++++++ + programs/util.h | 7 ++++++- + 3 files changed, 18 insertions(+), 7 deletions(-) + +diff --git a/programs/fileio.c b/programs/fileio.c +index 51956f681..30a2879a7 100644 +--- a/programs/fileio.c ++++ b/programs/fileio.c +@@ -679,14 +679,11 @@ FIO_openDstFile(FIO_ctx_t* fCtx, FIO_prefs_t* const prefs, + FIO_removeFile(dstFileName); + } } + +- { FILE* const f = fopen( dstFileName, "wb" ); ++ { const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */ ++ FILE* const f = fopen( dstFileName, "wb" ); ++ UTIL_umask(old_umask); + if (f == NULL) { + DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno)); +- } else if (srcFileName != NULL +- && strcmp (srcFileName, stdinmark) +- && strcmp(dstFileName, nulmark) ) { +- /* reduce rights on newly created dst file while compression is ongoing */ +- UTIL_chmod(dstFileName, NULL, 00600); + } + return f; + } +diff --git a/programs/util.c b/programs/util.c +index 460d9bf11..7208d66d2 100644 +--- a/programs/util.c ++++ b/programs/util.c +@@ -159,6 +159,15 @@ int UTIL_chmod(char const* filename, const stat_t* statbuf, mode_t permissions) + return chmod(filename, permissions); + } + ++int UTIL_umask(int mode) { ++#if PLATFORM_POSIX_VERSION > 0 ++ return umask(mode); ++#else ++ /* do nothing, fake return value */ ++ return mode; ++#endif ++} ++ + int UTIL_setFileStat(const char *filename, const stat_t *statbuf) + { + int res = 0; +diff --git a/programs/util.h b/programs/util.h +index d2077c9ac..0e696f003 100644 +--- a/programs/util.h ++++ b/programs/util.h +@@ -22,7 +22,7 @@ extern "C" { + #include "platform.h" /* PLATFORM_POSIX_VERSION, ZSTD_NANOSLEEP_SUPPORT, ZSTD_SETPRIORITY_SUPPORT */ + #include /* size_t, ptrdiff_t */ + #include /* stat, utime */ +-#include /* stat, chmod */ ++#include /* stat, chmod, umask */ + #include "../lib/common/mem.h" /* U64 */ + + +@@ -152,6 +152,11 @@ U64 UTIL_getFileSizeStat(const stat_t* statbuf); + */ + int UTIL_chmod(char const* filename, const stat_t* statbuf, mode_t permissions); + ++/** ++ * Wraps umask(). Does nothing when the platform doesn't have that concept. ++ */ ++int UTIL_umask(int mode); ++ + /* + * In the absence of a pre-existing stat result on the file in question, these + * functions will do a stat() call internally and then use that result to diff --git a/zstd.spec b/zstd.spec index e74c336bef8a102076ed7b68db7b5d8e5f69a2f6..86681967b8404a3fd720d584d582a8ff29733a91 100644 --- a/zstd.spec +++ b/zstd.spec @@ -2,12 +2,14 @@ Name: zstd Version: 1.4.8 -Release: 1 +Release: 2 Summary: A fast lossless compression algorithm License: BSD and GPLv2 URL: https://github.com/facebook/zstd Source0: https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch6000: backport-CVE-2021-24032.patch + BuildRequires: gtest-devel gcc-c++ pkg-config Provides: libzstd @@ -87,6 +89,9 @@ install -D -m644 programs/zstd.1 %{buildroot}%{_mandir}/man1/pzstd.1 %{_mandir}/man1/*.1* %changelog +* Tue Mar 16 2021 shixuantong - 1.4.8-2 +- fix CVE-2021-24032 + * Thu Jan 28 2021 liudabo - 1.4.8-1 - upgrade version to 1.4.8