!17 upgrade version to 1.5.0
From: @tong_1001 Reviewed-by: @openeuler-basic Signed-off-by: @openeuler-basic
This commit is contained in:
openeuler-ci-bot
Gitee
commit
d5b5affc07
@ -1,88 +0,0 @@
|
|||||||
From a774c5797399040af62db21d8a9b9769e005430e Mon Sep 17 00:00:00 2001
|
|
||||||
From: "W. Felix Handte" <w@felixhandte.com>
|
|
||||||
Date: Thu, 11 Feb 2021 15:50:13 -0500
|
|
||||||
Subject: [PATCH] Use umask() to Constrain Created File Permissions
|
|
||||||
|
|
||||||
This commit addresses #2491.
|
|
||||||
|
|
||||||
Note that a downside of this solution is that it is global: `umask()` affects
|
|
||||||
all file creation calls in the process. I believe this is safe since
|
|
||||||
`fileio.c` functions should only ever be used in the zstd binary, and these
|
|
||||||
are (almost) the only files ever created by zstd, and AIUI they're only
|
|
||||||
created in a single thread. So we can get away with messing with global state.
|
|
||||||
|
|
||||||
Note that this doesn't change the permissions of files created by `dibio.c`.
|
|
||||||
I'm not sure what those should be...
|
|
||||||
---
|
|
||||||
programs/fileio.c | 9 +++------
|
|
||||||
programs/util.c | 9 +++++++++
|
|
||||||
programs/util.h | 7 ++++++-
|
|
||||||
3 files changed, 18 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/programs/fileio.c b/programs/fileio.c
|
|
||||||
index 51956f681..30a2879a7 100644
|
|
||||||
--- a/programs/fileio.c
|
|
||||||
+++ b/programs/fileio.c
|
|
||||||
@@ -679,14 +679,11 @@ FIO_openDstFile(FIO_ctx_t* fCtx, FIO_prefs_t* const prefs,
|
|
||||||
FIO_removeFile(dstFileName);
|
|
||||||
} }
|
|
||||||
|
|
||||||
- { FILE* const f = fopen( dstFileName, "wb" );
|
|
||||||
+ { const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */
|
|
||||||
+ FILE* const f = fopen( dstFileName, "wb" );
|
|
||||||
+ UTIL_umask(old_umask);
|
|
||||||
if (f == NULL) {
|
|
||||||
DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
|
|
||||||
- } else if (srcFileName != NULL
|
|
||||||
- && strcmp (srcFileName, stdinmark)
|
|
||||||
- && strcmp(dstFileName, nulmark) ) {
|
|
||||||
- /* reduce rights on newly created dst file while compression is ongoing */
|
|
||||||
- UTIL_chmod(dstFileName, NULL, 00600);
|
|
||||||
}
|
|
||||||
return f;
|
|
||||||
}
|
|
||||||
diff --git a/programs/util.c b/programs/util.c
|
|
||||||
index 460d9bf11..7208d66d2 100644
|
|
||||||
--- a/programs/util.c
|
|
||||||
+++ b/programs/util.c
|
|
||||||
@@ -159,6 +159,15 @@ int UTIL_chmod(char const* filename, const stat_t* statbuf, mode_t permissions)
|
|
||||||
return chmod(filename, permissions);
|
|
||||||
}
|
|
||||||
|
|
||||||
+int UTIL_umask(int mode) {
|
|
||||||
+#if PLATFORM_POSIX_VERSION > 0
|
|
||||||
+ return umask(mode);
|
|
||||||
+#else
|
|
||||||
+ /* do nothing, fake return value */
|
|
||||||
+ return mode;
|
|
||||||
+#endif
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int UTIL_setFileStat(const char *filename, const stat_t *statbuf)
|
|
||||||
{
|
|
||||||
int res = 0;
|
|
||||||
diff --git a/programs/util.h b/programs/util.h
|
|
||||||
index d2077c9ac..0e696f003 100644
|
|
||||||
--- a/programs/util.h
|
|
||||||
+++ b/programs/util.h
|
|
||||||
@@ -22,7 +22,7 @@ extern "C" {
|
|
||||||
#include "platform.h" /* PLATFORM_POSIX_VERSION, ZSTD_NANOSLEEP_SUPPORT, ZSTD_SETPRIORITY_SUPPORT */
|
|
||||||
#include <stddef.h> /* size_t, ptrdiff_t */
|
|
||||||
#include <sys/types.h> /* stat, utime */
|
|
||||||
-#include <sys/stat.h> /* stat, chmod */
|
|
||||||
+#include <sys/stat.h> /* stat, chmod, umask */
|
|
||||||
#include "../lib/common/mem.h" /* U64 */
|
|
||||||
|
|
||||||
|
|
||||||
@@ -152,6 +152,11 @@ U64 UTIL_getFileSizeStat(const stat_t* statbuf);
|
|
||||||
*/
|
|
||||||
int UTIL_chmod(char const* filename, const stat_t* statbuf, mode_t permissions);
|
|
||||||
|
|
||||||
+/**
|
|
||||||
+ * Wraps umask(). Does nothing when the platform doesn't have that concept.
|
|
||||||
+ */
|
|
||||||
+int UTIL_umask(int mode);
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* In the absence of a pre-existing stat result on the file in question, these
|
|
||||||
* functions will do a stat() call internally and then use that result to
|
|
||||||
Binary file not shown.
BIN
zstd-1.5.0.tar.gz
Normal file
BIN
zstd-1.5.0.tar.gz
Normal file
Binary file not shown.
@ -1,15 +1,13 @@
|
|||||||
%bcond_without pzstd
|
%bcond_without pzstd
|
||||||
|
|
||||||
Name: zstd
|
Name: zstd
|
||||||
Version: 1.4.8
|
Version: 1.5.0
|
||||||
Release: 2
|
Release: 1
|
||||||
Summary: A fast lossless compression algorithm
|
Summary: A fast lossless compression algorithm
|
||||||
License: BSD and GPLv2
|
License: BSD and GPLv2
|
||||||
URL: https://github.com/facebook/zstd
|
URL: https://github.com/facebook/zstd
|
||||||
Source0: https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
Source0: https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||||
|
|
||||||
Patch6000: backport-CVE-2021-24032.patch
|
|
||||||
|
|
||||||
BuildRequires: gtest-devel gcc-c++ pkg-config
|
BuildRequires: gtest-devel gcc-c++ pkg-config
|
||||||
|
|
||||||
Provides: libzstd
|
Provides: libzstd
|
||||||
@ -89,6 +87,9 @@ install -D -m644 programs/zstd.1 %{buildroot}%{_mandir}/man1/pzstd.1
|
|||||||
%{_mandir}/man1/*.1*
|
%{_mandir}/man1/*.1*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Aug 04 2021 shixuantong <shixuantong@huawei.com> - 1.5.0-1
|
||||||
|
- upgrade version to 1.5.0
|
||||||
|
|
||||||
* Tue Mar 16 2021 shixuantong <shixuantong@huawei.com> - 1.4.8-2
|
* Tue Mar 16 2021 shixuantong <shixuantong@huawei.com> - 1.4.8-2
|
||||||
- fix CVE-2021-24032
|
- fix CVE-2021-24032
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user