From 97b5d61fea66725b8e28e4acc16016ce55b188da Mon Sep 17 00:00:00 2001
From: sxt1001 <shixuantong@huawei.com>
Date: Tue, 16 Mar 2021 17:02:41 +0800
Subject: [PATCH] fix CVE-2021-24032

---
 backport-CVE-2021-24032.patch | 92 +++++++++++++++++++++++++++++++++++
 zstd.spec                     | 10 +++-
 2 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-24032.patch

diff --git a/backport-CVE-2021-24032.patch b/backport-CVE-2021-24032.patch
new file mode 100644
index 0000000..f30f07f
--- /dev/null
+++ b/backport-CVE-2021-24032.patch
@@ -0,0 +1,92 @@
+From a774c5797399040af62db21d8a9b9769e005430e Mon Sep 17 00:00:00 2001
+From: "W. Felix Handte" <w@felixhandte.com>
+Date: Thu, 11 Feb 2021 15:50:13 -0500
+Subject: [PATCH] Use umask() to Constrain Created File Permissions
+
+This commit addresses #2491.
+
+Note that a downside of this solution is that it is global: `umask()` affects
+all file creation calls in the process. I believe this is safe since
+`fileio.c` functions should only ever be used in the zstd binary, and these
+are (almost) the only files ever created by zstd, and AIUI they're only
+created in a single thread. So we can get away with messing with global state.
+
+Note that this doesn't change the permissions of files created by `dibio.c`.
+I'm not sure what those should be...
+---
+ programs/fileio.c | 9 +++------
+ programs/util.c   | 9 +++++++++
+ programs/util.h   | 8 +++++++-
+ 3 files changed, 19 insertions(+), 7 deletions(-)
+
+diff --git a/programs/fileio.c b/programs/fileio.c
+index d72879d..f452984 100644
+--- a/programs/fileio.c
++++ b/programs/fileio.c
+@@ -611,14 +611,11 @@ FIO_openDstFile(FIO_prefs_t* const prefs,
+             FIO_remove(dstFileName);
+     }   }
+ 
+-    {   FILE* const f = fopen( dstFileName, "wb" );
++    {   const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */
++        FILE* const f = fopen( dstFileName, "wb" );
++        UTIL_umask(old_umask);
+         if (f == NULL) {
+             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
+-        } else if (srcFileName != NULL
+-               && strcmp (srcFileName, stdinmark)
+-               && strcmp(dstFileName, nulmark) ) {
+-            /* reduce rights on newly created dst file while compression is ongoing */
+-            UTIL_chmod(dstFileName, 00600);
+         }
+         return f;
+     }
+diff --git a/programs/util.c b/programs/util.c
+index ab1abd3..9506972 100644
+--- a/programs/util.c
++++ b/programs/util.c
+@@ -137,6 +137,15 @@ int UTIL_chmod(char const* filename, mode_t permissions)
+     return chmod(filename, permissions);
+ }
+ 
++int UTIL_umask(int mode) {
++#if PLATFORM_POSIX_VERSION > 0
++    return umask(mode);
++#else
++    /* do nothing, fake return value */
++    return mode;
++#endif
++}
++
+ int UTIL_setFileStat(const char *filename, stat_t *statbuf)
+ {
+     int res = 0;
+diff --git a/programs/util.h b/programs/util.h
+index 8e187e4..3bc7e1c 100644
+--- a/programs/util.h
++++ b/programs/util.h
+@@ -22,7 +22,7 @@ extern "C" {
+ #include "platform.h"     /* PLATFORM_POSIX_VERSION, ZSTD_NANOSLEEP_SUPPORT, ZSTD_SETPRIORITY_SUPPORT */
+ #include <stddef.h>       /* size_t, ptrdiff_t */
+ #include <sys/types.h>    /* stat, utime */
+-#include <sys/stat.h>     /* stat, chmod */
++#include <sys/stat.h>     /* stat, chmod, umask */
+ #include "../lib/common/mem.h"          /* U64 */
+ 
+ 
+@@ -119,6 +119,12 @@ U64 UTIL_getTotalFileSize(const char* const * fileNamesTable, unsigned nbFiles);
+ int UTIL_getFileStat(const char* infilename, stat_t* statbuf);
+ int UTIL_setFileStat(const char* filename, stat_t* statbuf);
+ int UTIL_chmod(char const* filename, mode_t permissions);   /*< like chmod, but avoid changing permission of /dev/null */
++
++/**
++ * Wraps umask(). Does nothing when the platform doesn't have that concept.
++ */
++int UTIL_umask(int mode);
++
+ int UTIL_compareStr(const void *p1, const void *p2);
+ const char* UTIL_getFileExtension(const char* infilename);
+ 
+-- 
+1.8.3.1
+
diff --git a/zstd.spec b/zstd.spec
index cb01beb..4cf02bb 100644
--- a/zstd.spec
+++ b/zstd.spec
@@ -2,12 +2,14 @@
 
 Name:            zstd
 Version:         1.4.5
-Release:	0
+Release:	 1
 Summary:         A fast lossless compression algorithm
 License:         BSD and GPLv2
 URL:             https://github.com/facebook/zstd
 Source0:         https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 
+Patch6000:       backport-CVE-2021-24032.patch
+
 BuildRequires:   gtest-devel gcc-c++ pkg-config
 
 Provides:        libzstd
@@ -87,6 +89,12 @@ install -D -m644 programs/zstd.1 %{buildroot}%{_mandir}/man1/pzstd.1
 %{_mandir}/man1/*.1*
 
 %changelog
+* Tue Mar 16 2021 shixuantong<shixuantong@huawei.com> - 1.4.5-1
+- Type:CVE
+- CVE:CVE-2021-24032
+- SUG:NA
+- DESC:fix CVE-2021-24032
+
 * Sat Jun 20 2020 maqiang<maqiang42@huawei.com> -1.4.5
 - Type:Update 
 - ID:
-- 
Gitee