Fix CVE-2015-1038 in latest version, bug #536012

Package-Manager: portage-2.2.20/cvs/Linux x86_64
Manifest-Sign-Key: 0xE9402A79B03529A2!

4 files changed, 315 insertions, 12 deletions

diff --git a/app-arch/p7zip/ChangeLog b/app-arch/p7zip/ChangeLog
index d82fb59c897d..261d544cbe50 100644
--- a/app-arch/p7zip/ChangeLog
+++ b/app-arch/p7zip/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-arch/p7zip
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/p7zip/ChangeLog,v 1.175 2015/06/21 18:21:30 zlogene Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/p7zip/ChangeLog,v 1.176 2015/06/22 07:12:51 jlec Exp $
+
+*p7zip-9.38.1-r2 (22 Jun 2015)
+
+  22 Jun 2015; Justin Lecher <jlec@gentoo.org>
+  +files/p7zip-9.38.1-CVE-2015-1038.patch, +p7zip-9.38.1-r2.ebuild,
+  -p7zip-9.38.1-r1.ebuild:
+  Fix CVE-2015-1038 in latest version, bug #536012
 
   21 Jun 2015; Mikle Kolyada <zlogene@gentoo.org> p7zip-9.20.1-r5.ebuild:
   alpha stable wrt bug #536012
diff --git a/app-arch/p7zip/Manifest b/app-arch/p7zip/Manifest
index 8fd3da9d1049..e746960cfaff 100644
--- a/app-arch/p7zip/Manifest
+++ b/app-arch/p7zip/Manifest
@@ -1,5 +1,5 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
+Hash: SHA512
 
 AUX 9.04-makefile.patch 470 SHA256 c8ef2898ed994929600c04ed0ecfd2dc2b94982d274ee217cbc05234c37750f6 SHA512 2c131e0b42ae6c8cd236125be313ea032b47edf858d1248a8648fd0e794ca4094016a3bb06e15fe65582626dd9d611a08a87ad5789695fff0a2244bb7f3cec3d WHIRLPOOL b2a66b46651a8036808985524b2c6311fa0d7dbceba453f1ac4bb1cc0fef9fbe060b1d4c04e20353c4232915f340cf3bd65d0f7e0ccc3eac8651d3ac15d389db
 AUX p7zip 1210 SHA256 28d181cd1c43628da0adb485e20f270461b6cf8d743d2187a3380f7799fbc2d5 SHA512 e3f1497cc00669430de336aac1d45a0313831b7f5dc88b9b2ca49e743d8e9e7c73b403d94b4fd9de6cd59875fef47756f9dab9ddf12442ee3fff71e413715553 WHIRLPOOL e14aef0141b8260a5206bd94d22560c927a3ce0e643433ee68d8ade0601655b8a6b7c8ad78f81a0fb97323c7c37eb3fc5483d9e49c2ac259d146b60e678cc973
@@ -7,20 +7,31 @@ AUX p7zip-9.20.1-CVE-2015-1038.patch 9959 SHA256 99e67592a8d1d578c94a2d4731df36d
 AUX p7zip-9.20.1-QA.patch 650 SHA256 695b6836b13699e3db3e019dbd54275e48a01b59210fd353a2d9e46224c60785 SHA512 b07f8608b973be7c547b226bc23dd064d6cc18f6b1ea70ce72aff72fa098852914eb8d331fe7230b7fdfbb1f0fce59eb3404fd3a5b44d151ea847e87fd2d8f39 WHIRLPOOL 077a4bdf44dcbd66a525e795e082aef41321dc7770415a1cd78716d78aa5b5b2e780afcb4194ea7c2ae2947a596292be18ab8dd3f9bce302e47f8d9cdcc6a046
 AUX p7zip-9.20.1-execstack.patch 785 SHA256 0725ca42b5ac8d4024a18e2759a12c3ba04b8ea504376c14d8890f7bebba3fb1 SHA512 2b3404554295596dd1113700f72f7149baded7b381e70edea78a2cf66ad69ac6fb03653c490843ecab13e348638a0efaaeb3f5e71a0670255d09a91c70c7977f WHIRLPOOL 4aa1a9632d706c4f9f8b906a9a84929605a56e92c4289a296b767d107e11f85848d40bd58ad4df21c2d87f385318b8e740b71bc7c0467ea3af2bd6c58502d25a
 AUX p7zip-9.20.1-long_rar_pwd.patch 805 SHA256 5c2fdd7132e5fdceac91d783b1056420537f14a1e3fc7715b75dac698704ebf8 SHA512 0895fec9ec2a0eae960e44f181d2dcac618916d4bf7a5576e234ad7d2fc9417da4eb589c115b0b4040f7c9142cd43637355d8d62e8f43201117c0ee2a6da02cb WHIRLPOOL bd2d339a7356f1b3201005fe6f05ad881b2292e5fadf46a32a28c1667d32fe8b5b555105975e7c69dfa90cc157b415b86a4e153e13dfe0b8bfc4ef095c24fb57
+AUX p7zip-9.38.1-CVE-2015-1038.patch 8608 SHA256 f88a01760330f4bb70ec09a598c4c0ec45aa3d08d53d4e80e8fae2f3f951b9ba SHA512 bb03e49d2c55f67e2bd0eaea69ae951414779774b3a3c594bdd8e1db035dd47c600e218f4d81fdebc40be8829f0babac94f24de82106260d22c4fc7dd381b886 WHIRLPOOL 7687e91cc5df79d2005bea6469e83b812c7911a3cce2cd87d5fa17548e695e9794cd0b60806b8117e7a28e673a9986dd92fbda0946d46853fb4d58ae40dd6d64
 AUX p7zip-9.38.1-osversion.patch 838 SHA256 135de03123263910ed99d1afa07ee4a39e471fc257e9dcbe7a8ce0477634cc54 SHA512 28a798a2930552ee940f4f400e66e11cf7ee113c3c0fcf782404c45b95b5774c52b0518520a5f38cc9d7abe795756fce14a0c0e143c31f8da50253bcda423909 WHIRLPOOL 6c6f0e024ba590139fbb6f61ae8f3699e841ac8b00d530e6f7418ccc182aca2f5ffa81925b2bc2b1520cfbd617f0bf8f3c3f95b74222a5300b0f89b10ec19604
 DIST p7zip_9.20.1_src_all.tar.bz2 3835235 SHA256 49557e7ffca08100f9fc687f4dfc5aea703ca207640c76d9dee7b66f03cb4782 SHA512 7bb8a276aaefc4a83364e45633c48527de44c6b1205344f3356db570582f30f81d82a94938c99a7ad193587b584cc1c03219c28249de40018bdaee6c3b2a022a WHIRLPOOL cb20f37d3f796931a9b330728aa7148afe98bbf8a49bb91bfd80e4667c16416206b23bf34298e9ec37825e8b43f92a5710f0cea1f974296d5c17aa2c7b0931f3
 DIST p7zip_9.38.1_src_all.tar.bz2 3917925 SHA256 fd5019109c9a1bf34ad3257d37a6853eae8151ff50345f0a3ffba7d8c5fdb995 SHA512 f524ffae54e0d9563a509cc4b243e830d882a925e682eb2e15e2d19cb72c947fddecd72c8507d6c1538b997b240b0827046fc2fb4f5e3f7d49840257c92b9c04 WHIRLPOOL 6bad1cde056ab1e8db4079c0e649665fbc7e6b9a565261188bd0acaec6c583d8bd9425cb26d39315408d0180ba0be0069a77b704633cf05ec855220cb31f1c24
 EBUILD p7zip-9.20.1-r4.ebuild 4260 SHA256 8de34f46051d81c9b92f6479c3e77e1f366af48eec839908056c837bb11d569d SHA512 c19950e5a629d3f3f0b9083a00330ee93ef40e7dd2e69602c544938e96eaa0242df4f02813c5ca0b0ca8d1b69d2fed308150a79a1b8bc55b4f35c2933e77310a WHIRLPOOL 184124262c40eea989041d0076ba814f87f457b8407c1294c3596b983b33b2c91d29e0adbf3af5df42ee73f94aa4a9c491ed88f0ac3b95f3e8034c9097c7faf9
 EBUILD p7zip-9.20.1-r5.ebuild 4314 SHA256 1a7938dc36ca0e0ec19a1b911cf7641fa202a955a8e719b9fc19fc0b2199a9e4 SHA512 9b7f7593676308d21074cbc81fa74eb1c2ba74644920897219678f91e6ddafd5af6a0f577ecbd871f32c1f122478445fcb8dbe7a6908c37885bd9c4bc3bb3619 WHIRLPOOL e46c500ad392dad822aab61a84a65aa3be387a7a25670262b8cf8ac5643ae1951a6018884a7d717526bf68862224817fbd9a9f013fa9cc1cc0bf2deee47e41f9
-EBUILD p7zip-9.38.1-r1.ebuild 4320 SHA256 e434505eec4776080c5a1a6fef1876750158e6c2763dae767cc0f1bdefd3f049 SHA512 0e3c12a59c08df1de264abadf281592c1fb3617391f31ae6a9154fe90dbc5723bb1a7bec89a8873a3044a7688edcb2917299fdc44e87c752018c066d009c1d81 WHIRLPOOL 43056a742c6dfa93988223334ff8b4462e9c82a809a2675230d010bc35225e55c1e41a6b240ac500bfc07b3dee253edfbb762f7b420f19535f58a62c2c25ed50
-MISC ChangeLog 23067 SHA256 0c2c8f65afdb95df844bae35d2d06f819ad3dabb44570c91c85e801ef9a3323c SHA512 46cf6a680a352070275636b61d90a2e260ebc06509efd5c50487e524b08531715fa1f9feda38886345fde92a7a8daa39b11f03a3b2314ea5817755fef04dbcc3 WHIRLPOOL 54104e4b341c71800a8d29fdbaed5b4923f02e817d3be772e14bd8fe42c966aa914dc296652f01b87ee6db52714f7075951403778c5e150eb8b3e1509f42efd4
+EBUILD p7zip-9.38.1-r2.ebuild 4367 SHA256 7d03bba50c492cc5b7e7532f38b0b5411447039fe6a38179cfda79bed51bda28 SHA512 e9899fca8d13b65336f7d1f295904ab5880d14f88728301beec0e99a6b95a78729c0ecd50753e7cc9be08215d793f730a3ca0f1b787cb2035b5cdf33385f5e7a WHIRLPOOL eabe49339355cc865a05fc0eafa588cb99a6f3fb2ca4070e06a50d3568ea3780c850df78ee589f951f62a3531c204be1af52ca7dbd6c83c64705d53f54347106
+MISC ChangeLog 23290 SHA256 87a7c5bfac2b2aacc70cb00615ea69164208861865248adbfc56bb8258943010 SHA512 8a2b359d5193b7fce1690c7db96c593cac33586c263a115864521d881e843d43c36404b54e6a7907b06ea172e5608931ee61eccd5e1eebaa24d2e4f0bca9e2e4 WHIRLPOOL 7a93ab05517f82be7223f52825bb0746d520bf4213d2bfb5320a572bea0459b20467daad0ec4c08e6326bf4e2e42c71b17dfd98e41dceed5f3bcc8b710ae4c0a
 MISC metadata.xml 411 SHA256 d4848799ff75dcb348928517060b9a97f5f9b557225d84bddd11612faf490c1d SHA512 88c14e42985fc90bb93a9253cad3179217046d9a99b5b4489ca1fcfa8a977a9859628cfc45c9dbd1c3c358261af7544039da001f66fa87c6e284a548572a8afb WHIRLPOOL f18e7509f2585fab1159773490e690f968cf19f29e4537d30a5a964bb3a3b135945f9fd3ee20821a52326861eda8096d43929ad986b7b96a479c7c65d1b38677
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
+Version: GnuPG v2.1
 
-iJwEAQEIAAYFAlWHACcACgkQG9wOWsQutdbkOwP+LZLFBFuWCIFRtAL73eWieS14
-/Bdd3mPVo3rlxq69aESCZtCL2hUxe/nuaACKq3gwq6ckZm6E42XFOkGM6Zf83Tve
-fH4E9irr4vcJUucY2jV/+oqz5GfqRCOEUqnEGRJKyq5cCY8aoezuZ4VN+DK575Pq
-qWyvdnM5Tx+KmOTssSM=
-=ZGkO
+iQJ8BAEBCgBmBQJVh7VzXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0QUU0N0I4NzFERUI0MTJFN0EyODE0NUFF
+OTQwMkE3OUIwMzUyOUEyAAoJEOlAKnmwNSmigC0P/2wVwnD1OXIGXPu8XUyJHcex
+HZ49dTPhccBL65ZVBv9Q9SlhoGHsjfS1hwnX96szuq+daJ6loDIl/VU5O+oF9tK+
+StqUs0WJNulSmPlLkzq69V3ajVZEO8w/W0/b6dWY5/K/CVv/qEkgAIq/4I8ZrfHG
+kvIulB6QS8sV9y95Dqp8drvRvLbn7+PzGWw0LXpsUnUwe2hZO/20pNKLTJbRgb5a
+fr7AISPGJrExRWHytkMFM7BRZH08jrXTHap1rL6hi6jGITr4w00ZCckzXYJtX7g8
+ll0RkQ+1IoUtAY89OlzB89YofXnIVZoh/eKRNLiuvORkxCrID2LL1logR9FSVB46
+Xo9M5keMgWZIdTte4P/oDOrDIMFis5Q6rvDN02eqJJCPFcjRRy/eMXrnEFT5FqsE
+py4L5sWJst66yi60/egdBA/iDbqKMe9iRwNVVqd1Hur9giTi7LISOhWLPYXOeTHE
+axzyebagioapQjhme2Nx8cxc35KSUjpVxDWD4m/E/TyDr7M+Jk9l7uiwWtzhUM3v
+gx/1jYrTJK1H4fFw0atO6rSKvqFS3dX29f9Riu3sP0U4iJf+o2DE098n7jWJZzj8
+dZSogiwTTe+y6PONRAH9XfyWFfRCP8H0nTTrnX1FDtKk124YAZvk2zJ38sqdMaCx
+d6aUuK3pIndVkWIDyDOv
+=ZniD
 -----END PGP SIGNATURE-----
diff --git a/app-arch/p7zip/files/p7zip-9.38.1-CVE-2015-1038.patch b/app-arch/p7zip/files/p7zip-9.38.1-CVE-2015-1038.patch
new file mode 100644
index 000000000000..c4e443679b05
--- /dev/null
+++ b/app-arch/p7zip/files/p7zip-9.38.1-CVE-2015-1038.patch
@@ -0,0 +1,283 @@
+Author: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 19 May 2015 02:38:40 +0100
+Description: Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038)
+Bug: http://sourceforge.net/p/p7zip/bugs/147/
+Bug-Debian: https://bugs.debian.org/774660
+
+Alexander Cherepanov discovered that 7zip is susceptible to a
+directory traversal vulnerability.  While extracting an archive, it
+will extract symlinks and then follow them if they are referenced in
+further entries.  This can be exploited by a rogue archive to write
+files outside the current directory.
+
+We have to create placeholder files (which we already do) and delay
+creating symlinks until the end of extraction.
+
+Due to the possibility of anti-items (deletions) in the archive, it is
+possible for placeholders to be deleted and replaced before we create
+the symlinks.  It's not clear that this can be used for mischief, but
+GNU tar guards against similar problems by checking that the placeholder
+still exists and is the same inode.  XXX It also checks 'birth time' but
+this isn't portable.  We can probably get away with comparing ctime
+since we don't support hard links.
+
+--- a/CPP/7zip/UI/Agent/Agent.cpp
++++ b/CPP/7zip/UI/Agent/Agent.cpp
+@@ -1215,7 +1215,7 @@ STDMETHODIMP CAgentFolder::Extract(const
+   HRESULT result = _agentSpec->GetArchive()->Extract(&realIndices.Front(),
+       realIndices.Size(), testMode, extractCallback);
+   if (result == S_OK)
+-    result = extractCallbackSpec->SetDirsTimes();
++    result = extractCallbackSpec->SetFinalAttribs();
+   return result;
+   COM_TRY_END
+ }
+--- a/CPP/7zip/UI/Client7z/Client7z.cpp
++++ b/CPP/7zip/UI/Client7z/Client7z.cpp
+@@ -222,8 +222,11 @@ private:
+   COutFileStream *_outFileStreamSpec;
+   CMyComPtr<ISequentialOutStream> _outFileStream;
+ 
++  CObjectVector<NWindows::NFile::NDir::CDelayedSymLink> _delayedSymLinks;
++
+ public:
+   void Init(IInArchive *archiveHandler, const FString &directoryPath);
++  HRESULT SetFinalAttribs();
+ 
+   UInt64 NumErrors;
+   bool PasswordIsDefined;
+@@ -441,11 +444,23 @@ STDMETHODIMP CArchiveExtractCallback::Se
+   }
+   _outFileStream.Release();
+   if (_extractMode && _processedFileInfo.AttribDefined)
+-    SetFileAttrib(_diskFilePath, _processedFileInfo.Attrib);
++    SetFileAttrib(_diskFilePath, _processedFileInfo.Attrib, &_delayedSymLinks);
+   PrintNewLine();
+   return S_OK;
+ }
+ 
++HRESULT CArchiveExtractCallback::SetFinalAttribs()
++{
++  HRESULT result = S_OK;
++
++  for (int i = 0; i != _delayedSymLinks.Size(); ++i)
++    if (!_delayedSymLinks[i].Create())
++      result = E_FAIL;
++
++  _delayedSymLinks.Clear();
++
++  return result;
++}
+ 
+ STDMETHODIMP CArchiveExtractCallback::CryptoGetTextPassword(BSTR *password)
+ {
+@@ -912,6 +927,8 @@ int MY_CDECL main(int numArgs, const cha
+       // extractCallbackSpec->PasswordIsDefined = true;
+       // extractCallbackSpec->Password = L"1";
+       HRESULT result = archive->Extract(NULL, (UInt32)(Int32)(-1), false, extractCallback);
++      if (result == S_OK)
++	result = extractCallbackSpec->SetFinalAttribs();
+       if (result != S_OK)
+       {
+         PrintError("Extract Error");
+--- a/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
++++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
+@@ -1083,7 +1083,7 @@ STDMETHODIMP CArchiveExtractCallback::Se
+     NumFiles++;
+ 
+   if (_extractMode && _fi.AttribDefined)
+-    SetFileAttrib(_diskFilePath, _fi.Attrib);
++    SetFileAttrib(_diskFilePath, _fi.Attrib, &_delayedSymLinks);
+   RINOK(_extractCallback2->SetOperationResult(operationResult, _encrypted));
+   return S_OK;
+   COM_TRY_END
+@@ -1149,8 +1149,9 @@ static int GetNumSlashes(const FChar *s)
+   }
+ }
+ 
+-HRESULT CArchiveExtractCallback::SetDirsTimes()
++HRESULT CArchiveExtractCallback::SetFinalAttribs()
+ {
++  HRESULT result = S_OK;
+   CRecordVector<CExtrRefSortPair> pairs;
+   pairs.ClearAndSetSize(_extractedFolderPaths.Size());
+   unsigned i;
+@@ -1187,5 +1188,12 @@ HRESULT CArchiveExtractCallback::SetDirs
+       (WriteATime && ATimeDefined) ? &ATime : NULL,
+       (WriteMTime && MTimeDefined) ? &MTime : (_arc->MTimeDefined ? &_arc->MTime : NULL));
+   }
+-  return S_OK;
++
++  for (int i = 0; i != _delayedSymLinks.Size(); ++i)
++    if (!_delayedSymLinks[i].Create())
++      result = E_FAIL;
++
++  _delayedSymLinks.Clear();
++
++  return result;
+ }
+--- a/CPP/7zip/UI/Common/ArchiveExtractCallback.h
++++ b/CPP/7zip/UI/Common/ArchiveExtractCallback.h
+@@ -6,6 +6,8 @@
+ #include "../../../Common/MyCom.h"
+ #include "../../../Common/Wildcard.h"
+ 
++#include "../../../Windows/FileDir.h"
++
+ #include "../../IPassword.h"
+ 
+ #include "../../Common/FileStreams.h"
+@@ -213,6 +215,8 @@ class CArchiveExtractCallback:
+   bool _saclEnabled;
+   #endif
+ 
++  CObjectVector<NWindows::NFile::NDir::CDelayedSymLink> _delayedSymLinks;
++
+   void CreateComplexDirectory(const UStringVector &dirPathParts, FString &fullPath);
+   HRESULT GetTime(int index, PROPID propID, FILETIME &filetime, bool &filetimeIsDefined);
+   HRESULT GetUnpackSize();
+@@ -293,7 +297,7 @@ public:
+     _baseParentFolder = indexInArc;
+   }
+ 
+-  HRESULT SetDirsTimes();
++  HRESULT SetFinalAttribs();
+ };
+ 
+ #endif
+--- a/CPP/7zip/UI/Common/Extract.cpp
++++ b/CPP/7zip/UI/Common/Extract.cpp
+@@ -170,7 +170,7 @@ static HRESULT DecompressArchive(
+   else
+     result = archive->Extract(&realIndices.Front(), realIndices.Size(), testMode, ecs);
+   if (result == S_OK && !options.StdInMode)
+-    result = ecs->SetDirsTimes();
++    result = ecs->SetFinalAttribs();
+   return callback->ExtractResult(result);
+ }
+ 
+--- a/CPP/Windows/FileDir.cpp
++++ b/CPP/Windows/FileDir.cpp
+@@ -343,7 +343,8 @@ static int convert_to_symlink(const char
+   return -1;
+ }
+ 
+-bool SetFileAttrib(CFSTR fileName, DWORD fileAttributes)
++bool SetFileAttrib(CFSTR fileName, DWORD fileAttributes,
++		   CObjectVector<CDelayedSymLink> *delayedSymLinks)
+ {
+   if (!fileName) {
+     SetLastError(ERROR_PATH_NOT_FOUND);
+@@ -375,7 +376,9 @@ bool SetFileAttrib(CFSTR fileName, DWORD
+      stat_info.st_mode = fileAttributes >> 16;
+ #ifdef ENV_HAVE_LSTAT
+      if (S_ISLNK(stat_info.st_mode)) {
+-        if ( convert_to_symlink(name) != 0) {
++        if (delayedSymLinks)
++          delayedSymLinks->Add(CDelayedSymLink(name));
++        else if ( convert_to_symlink(name) != 0) {
+           TRACEN((printf("SetFileAttrib(%s,%d) : false-3\n",(const char *)name,fileAttributes)))
+           return false;
+         }
+@@ -885,6 +888,43 @@ bool CTempDir::Remove()
+   return !_mustBeDeleted;
+ }
+ 
++#ifdef ENV_UNIX
++
++CDelayedSymLink::CDelayedSymLink(const char * source)
++  : _source(source)
++{
++  struct stat st;
++
++  if (lstat(_source, &st) == 0) {
++    _dev = st.st_dev;
++    _ino = st.st_ino;
++  } else {
++    _dev = 0;
++  }
++}
++
++bool CDelayedSymLink::Create()
++{
++  struct stat st;
++
++  if (_dev == 0) {
++    errno = EPERM;
++    return false;
++  }
++  if (lstat(_source, &st) != 0)
++    return false;
++  if (_dev != st.st_dev || _ino != st.st_ino) {
++    // Placeholder file has been overwritten or moved by another
++    // symbolic link creation
++    errno = EPERM;
++    return false;
++  }
++
++  return convert_to_symlink(_source) == 0;
++}
++
++#endif // ENV_UNIX
++
+ }}}
+ 
+ 
+--- a/CPP/Windows/FileDir.h
++++ b/CPP/Windows/FileDir.h
+@@ -4,6 +4,7 @@
+ #define __WINDOWS_FILE_DIR_H
+ 
+ #include "../Common/MyString.h"
++#include "../Common/MyVector.h"
+ 
+ #include "FileIO.h"
+ 
+@@ -11,11 +12,14 @@ namespace NWindows {
+ namespace NFile {
+ namespace NDir {
+ 
++class CDelayedSymLink;
++
+ bool GetWindowsDir(FString &path);
+ bool GetSystemDir(FString &path);
+ 
+ bool SetDirTime(CFSTR path, const FILETIME *cTime, const FILETIME *aTime, const FILETIME *mTime);
+-bool SetFileAttrib(CFSTR path, DWORD attrib);
++bool SetFileAttrib(CFSTR path, DWORD attrib,
++		   CObjectVector<CDelayedSymLink> *delayedSymLinks = 0);
+ bool MyMoveFile(CFSTR existFileName, CFSTR newFileName);
+ 
+ #ifndef UNDER_CE
+@@ -69,6 +73,31 @@ public:
+   bool Remove();
+ };
+ 
++// Symbolic links must be created last so that they can't be used to
++// create or overwrite files above the extraction directory.
++class CDelayedSymLink
++{
++#ifdef ENV_UNIX
++  // Where the symlink should be created.  The target is specified in
++  // the placeholder file.
++  AString _source;
++
++  // Device and inode of the placeholder file.  Before creating the
++  // symlink, we must check that these haven't been changed by creation
++  // of another symlink.
++  dev_t _dev;
++  ino_t _ino;
++
++public:
++  explicit CDelayedSymLink(const char * source);
++  bool Create();
++#else // !ENV_UNIX
++public:
++  CDelayedSymLink(const char * source) {}
++  bool Create() { return true; }
++#endif // ENV_UNIX
++};
++
+ #if !defined(UNDER_CE)
+ class CCurrentDirRestorer
+ {
diff --git a/app-arch/p7zip/p7zip-9.38.1-r1.ebuild b/app-arch/p7zip/p7zip-9.38.1-r2.ebuild
index baf02da63dd2..867de5165649 100644
--- a/app-arch/p7zip/p7zip-9.38.1-r1.ebuild
+++ b/app-arch/p7zip/p7zip-9.38.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/p7zip/p7zip-9.38.1-r1.ebuild,v 1.1 2015/05/04 12:23:31 jlec Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/p7zip/p7zip-9.38.1-r2.ebuild,v 1.1 2015/06/22 07:12:51 jlec Exp $
 
 EAPI=5
 
@@ -30,7 +30,9 @@ DEPEND="${RDEPEND}
 S=${WORKDIR}/${PN}_${PV}
 
 src_prepare() {
-	epatch "${FILESDIR}"/${P}-osversion.patch
+	epatch \
+		"${FILESDIR}"/${P}-osversion.patch \
+		"${FILESDIR}"/${P}-CVE-2015-1038.patch
 
 	if ! use pch; then
 		sed "s:PRE_COMPILED_HEADER=StdAfx.h.gch:PRE_COMPILED_HEADER=:g" -i makefile.* || die