Bug 1441204 - Upgrade zip crate from 0.3.1 to 0.3.3. r=maja_zf

MozReview-Commit-ID: LjzVBrGK4LM --HG-- extra : rebase_source : 0326e546304339ade10e312df0a619f627b115e7
2025-01-08 12:22:34 +00:00 · 2018-06-14 12:57:36 -07:00 · 2018-06-14 12:57:36 -07:00 · 08c845b39c
commit 08c845b39c
parent d167d54ea0
9 changed files with 66 additions and 29 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -794,7 +794,7 @@ dependencies = [
 "rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)",
 "uuid 0.1.18 (registry+https://github.com/rust-lang/crates.io-index)",
 "webdriver 0.35.1",
- "zip 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "zip 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

 [[package]]
@ -2503,7 +2503,7 @@ dependencies = [

 [[package]]
 name = "zip"
-version = "0.3.1"
+version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
 "bzip2 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
@ -2752,4 +2752,4 @@ dependencies = [
 "checksum ws2_32-sys 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "d59cefebd0c892fa2dd6de581e937301d8552cb44489cdff035c6187cb63fa5e"
 "checksum xml-rs 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3c1cb601d29fe2c2ac60a2b2e5e293994d87a1f6fa9687a31a15270f909be9c2"
 "checksum yaml-rust 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "57ab38ee1a4a266ed033496cf9af1828d8d6e6c1cfa5f643a2809effcae4d628"
-"checksum zip 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "10931e278527cea65682696481e6d840371d581079df529ebfee186e0eaad719"
+"checksum zip 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "77ce0ceee93c995954a31f77903925a6a8bb094709445238e344f2107910e29e"
--- a/third_party/rust/zip/.cargo-checksum.json
+++ b/third_party/rust/zip/.cargo-checksum.json
@ -1 +1 @@
-{"files":{".travis.yml":"93ce7e20127d942fcf3a571d004e02a3b9ec38e98c71f32a561ce41b5c27f500","Cargo.toml":"d24868ffe67921dcb17f91d4e852b40a7948102c1c623364b95e9d03bf563d6b","LICENSE":"6ac8711fb340c62ce0a4ecd463342d3fa0e8e70de697c863a2e1c0c53006003c","README.md":"ddce51a28cf4477026c4e974c7e41191f84669000a0c9dd20a8ae887590849f4","appveyor.yml":"53ebe35598907954204812614a160355f36750ede4546bc69027cbaf7643d34c","examples/extract.rs":"9f6de63fb9077ed730a004bf18ef762e0d4e60b3332bfdba38b0f6eed490b33b","examples/extract_lorem.rs":"4e4e70927d2928a411ce4abe37ef4924c7156c4fd2697527c01fbd1797a76969","examples/write_dir.rs":"1a39da7b5d31997bf353a56d009ecdcf31da765f9ab191b20792e1904a594183","examples/write_sample.rs":"72a7c2db8074d20651ba04d0a49a7d6fb213ca674c63ab48db506deb69cba64c","script/doc-upload.cfg":"10684c8f5ef7e7388cfc4742ab9a060fe8f7fc1c51a63ede3c2443260ecc2d5e","src/compression.rs":"535e422f801caf53829014a0982698483c504da4082ebb571e468d4721d8434b","src/cp437.rs":"7954c5b7df6f72fe3fe2c377c5de09973c2fa704c7ae0274a5490594e4b69517","src/crc32.rs":"8b585059958a7150a4e40f0bd95198cc906385eb42468652f96e9d3294145b01","src/lib.rs":"15206ffb3612b4bbde73604ed2e194c4ced23487ffdefe01f42653bf1bdffff8","src/read.rs":"ecda9e85217ad3aa4dc8fe04a23ee043cba3fe8a1324e47788fd32642d220790","src/result.rs":"1006e46206a5b1491ed1d4fde0955a391df78cd42aa9582784b19170332a3783","src/spec.rs":"39b5e115745d962978e55ffb63ae2d62d0176c4c5ab457eea907a7aa33bf4e18","src/types.rs":"621a7a4eea9f740175bb804339cbe7fdd93a2e32b260c591d87ec0a702aa0d7f","src/write.rs":"7b6f312c8a5bcdd78f63bdf0787d0ca8b21a71d354cb9f2e34e1f2ce89f8662d","tests/data/invalid_offset.zip":"c5534a1803145f6344b04c437d436bd583852c78dd3937f4a73a2a39aa2d76b2","tests/data/mimetype.zip":"3e2cfc7af7a0e0f0b328885c57c0864c11a91da9c25b51be12d078af8b9ef6cf","tests/data/zip64_demo.zip":"223072a480f60d6a700e427b294e575ae2d6265f3e9881b647927f31d96c7e01","tests/invalid_date.rs":"e78b63b469d1f768bb452fefb84b013d3f9a4bf71dba2f9e12ff9e9c6ff8fd25"},"package":"10931e278527cea65682696481e6d840371d581079df529ebfee186e0eaad719"}
+{"files":{".travis.yml":"93ce7e20127d942fcf3a571d004e02a3b9ec38e98c71f32a561ce41b5c27f500","Cargo.toml":"b6f076a871f5bb585272bf3d458e789d89d5ad6723e152d49c07f99320c8a0ce","LICENSE":"6ac8711fb340c62ce0a4ecd463342d3fa0e8e70de697c863a2e1c0c53006003c","README.md":"8f548f0d5a9b2661839258c14a70284638fc4ce3017fc7ed2b9540ae3617ad2d","appveyor.yml":"53ebe35598907954204812614a160355f36750ede4546bc69027cbaf7643d34c","examples/extract.rs":"53b555617192330bd2f95235b82749905ad52617a5a3ba2648dbafbfff8a49a0","examples/extract_lorem.rs":"4e4e70927d2928a411ce4abe37ef4924c7156c4fd2697527c01fbd1797a76969","examples/write_dir.rs":"1a39da7b5d31997bf353a56d009ecdcf31da765f9ab191b20792e1904a594183","examples/write_sample.rs":"72a7c2db8074d20651ba04d0a49a7d6fb213ca674c63ab48db506deb69cba64c","script/doc-upload.cfg":"10684c8f5ef7e7388cfc4742ab9a060fe8f7fc1c51a63ede3c2443260ecc2d5e","src/compression.rs":"535e422f801caf53829014a0982698483c504da4082ebb571e468d4721d8434b","src/cp437.rs":"7954c5b7df6f72fe3fe2c377c5de09973c2fa704c7ae0274a5490594e4b69517","src/crc32.rs":"8b585059958a7150a4e40f0bd95198cc906385eb42468652f96e9d3294145b01","src/lib.rs":"15206ffb3612b4bbde73604ed2e194c4ced23487ffdefe01f42653bf1bdffff8","src/read.rs":"30ee981fcf690675d3f9c892b49e1a2539b4e9511d078d13e89686e3887f250f","src/result.rs":"1006e46206a5b1491ed1d4fde0955a391df78cd42aa9582784b19170332a3783","src/spec.rs":"39b5e115745d962978e55ffb63ae2d62d0176c4c5ab457eea907a7aa33bf4e18","src/types.rs":"4aca0943f436cf52d446e1ae65c078f349821936e25ecced332f660b95382d75","src/write.rs":"eb9f2ce88180a9ee80b28a92e40ffa70f50377d2b5cdcb0e6ce763edbf0fa703","tests/data/invalid_offset.zip":"c5534a1803145f6344b04c437d436bd583852c78dd3937f4a73a2a39aa2d76b2","tests/data/mimetype.zip":"4bc6fd161d3e844b3e2b7f10fd0f9077ff565bb39fd2bfa34e7f8e9cd62db06d","tests/data/zip64_demo.zip":"223072a480f60d6a700e427b294e575ae2d6265f3e9881b647927f31d96c7e01","tests/invalid_date.rs":"e78b63b469d1f768bb452fefb84b013d3f9a4bf71dba2f9e12ff9e9c6ff8fd25"},"package":"77ce0ceee93c995954a31f77903925a6a8bb094709445238e344f2107910e29e"}
--- a/third_party/rust/zip/Cargo.toml
+++ b/third_party/rust/zip/Cargo.toml
@ -12,7 +12,7 @@

 [package]
 name = "zip"
-version = "0.3.1"
+version = "0.3.3"
 authors = ["Mathijs van de Nes <git@mathijs.vd-nes.nl>"]
 description = "Library to support the reading and writing of zip files.\n"
 documentation = "http://mvdnes.github.io/rust-docs/zip-rs/zip/index.html"
--- a/third_party/rust/zip/README.md
+++ b/third_party/rust/zip/README.md
@ -48,6 +48,6 @@ Examples

 See the [examples directory](examples) for:
   * How to write a file to a zip.
-   * how to write a directory of files to a zip (using [walkdir](/BurntSushi/walkdir)).
+   * how to write a directory of files to a zip (using [walkdir](https://github.com/BurntSushi/walkdir)).
   * How to extract a zip file.
   * How to extract a single file from a zip.
--- a/third_party/rust/zip/examples/extract.rs
+++ b/third_party/rust/zip/examples/extract.rs
@ -20,7 +20,7 @@ fn real_main() -> i32 {

    for i in 0..archive.len() {
        let mut file = archive.by_index(i).unwrap();
-        let outpath = sanitize_filename(file.name());
+        let outpath = file.sanitized_name();

        {
            let comment = file.comment();
@ -55,21 +55,3 @@ fn real_main() -> i32 {
    }
    return 0;
 }
-
-fn sanitize_filename(filename: &str) -> std::path::PathBuf {
-    let no_null_filename = match filename.find('\0') {
-        Some(index) => &filename[0..index],
-        None => filename,
-    };
-
-    std::path::Path::new(no_null_filename)
-        .components()
-        .filter(|component| match *component {
-            std::path::Component::Normal(..) => true,
-            _ => false,
-        })
-        .fold(std::path::PathBuf::new(), |mut path, ref cur| {
-            path.push(cur.as_os_str());
-            path
-        })
-}
--- a/third_party/rust/zip/src/read.rs
+++ b/third_party/rust/zip/src/read.rs
@ -415,6 +415,11 @@ impl<'a> ZipFile<'a> {
    pub fn name_raw(&self) -> &[u8] {
        &*self.data.file_name_raw
    }
+    /// Get the name of the file in a sanitized form. It truncates the name to the first NULL byte,
+    /// removes a leading '/' and removes '..' parts.
+    pub fn sanitized_name(&self) -> ::std::path::PathBuf {
+        self.data.file_name_sanitized()
+    }
    /// Get the comment of the file
    pub fn comment(&self) -> &str {
        &*self.data.file_comment
--- a/third_party/rust/zip/src/types.rs
+++ b/third_party/rust/zip/src/types.rs
@ -25,7 +25,7 @@ impl System {
    }
 }

-pub const DEFAULT_VERSION: u8 = 20;
+pub const DEFAULT_VERSION: u8 = 46;

 /// Structure representing a ZIP file.
 #[derive(Debug)]
@ -61,6 +61,34 @@ pub struct ZipFileData
    pub external_attributes: u32,
 }

+impl ZipFileData {
+    pub fn file_name_sanitized(&self) -> ::std::path::PathBuf {
+        let no_null_filename = match self.file_name.find('\0') {
+            Some(index) => &self.file_name[0..index],
+            None => &self.file_name,
+        };
+
+        ::std::path::Path::new(no_null_filename)
+            .components()
+            .filter(|component| match *component {
+                ::std::path::Component::Normal(..) => true,
+                _ => false,
+            })
+            .fold(::std::path::PathBuf::new(), |mut path, ref cur| {
+                path.push(cur.as_os_str());
+                path
+            })
+    }
+
+    pub fn version_needed(&self) -> u16 {
+        match self.compression_method {
+            #[cfg(feature = "bzip2")]
+            ::compression::CompressionMethod::Bzip2 => 46,
+            _ => 20,
+        }
+    }
+}
+
 #[cfg(test)]
 mod test {
    #[test]
@ -71,4 +99,27 @@ mod test {
        assert_eq!(System::from_u8(0), System::Dos);
        assert_eq!(System::from_u8(3), System::Unix);
    }
+
+    #[test]
+    fn sanitize() {
+        use super::*;
+        let file_name = "/path/../../../../etc/./passwd\0/etc/shadow".to_string();
+        let data = ZipFileData {
+            system: System::Dos,
+            version_made_by: 0,
+            encrypted: false,
+            compression_method: ::compression::CompressionMethod::Stored,
+            last_modified_time: time::empty_tm(),
+            crc32: 0,
+            compressed_size: 0,
+            uncompressed_size: 0,
+            file_name: file_name.clone(),
+            file_name_raw: file_name.into_bytes(),
+            file_comment: String::new(),
+            header_start: 0,
+            data_start: 0,
+            external_attributes: 0,
+        };
+        assert_eq!(data.file_name_sanitized(), ::std::path::PathBuf::from("path/etc/passwd"));
+    }
 }
--- a/third_party/rust/zip/src/write.rs
+++ b/third_party/rust/zip/src/write.rs
@ -424,8 +424,7 @@ fn write_local_file_header<T: Write>(writer: &mut T, file: &ZipFileData) -> ZipR
    // local file header signature
    try!(writer.write_u32::<LittleEndian>(spec::LOCAL_FILE_HEADER_SIGNATURE));
    // version needed to extract
-    let version_made_by = (file.system as u16) << 8 | (file.version_made_by as u16);
-    try!(writer.write_u16::<LittleEndian>(version_made_by));
+    try!(writer.write_u16::<LittleEndian>(file.version_needed()));
    // general purpose bit flag
    let flag = if !file.file_name.is_ascii() { 1u16 << 11 } else { 0 };
    try!(writer.write_u16::<LittleEndian>(flag));
@ -472,7 +471,7 @@ fn write_central_directory_header<T: Write>(writer: &mut T, file: &ZipFileData)
    let version_made_by = (file.system as u16) << 8 | (file.version_made_by as u16);
    try!(writer.write_u16::<LittleEndian>(version_made_by));
    // version needed to extract
-    try!(writer.write_u16::<LittleEndian>(20));
+    try!(writer.write_u16::<LittleEndian>(file.version_needed()));
    // general puprose bit flag
    let flag = if !file.file_name.is_ascii() { 1u16 << 11 } else { 0 };
    try!(writer.write_u16::<LittleEndian>(flag));
--- a/third_party/rust/zip/tests/data/mimetype.zip
+++ b/third_party/rust/zip/tests/data/mimetype.zip