libarchive: Fix CVE-2021-23177 issue

Add patch to fix CVE-2021-23177 issue for libarchive Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz (From OE-Core rev: 01d7e2c7a0da55a7c00aebed107c1338f5f032b1) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> 2022-08-30 15:22:18 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-09-12 08:41:51 +0100
commit: a5de603a1b9316dd945aaea3136af027bbc61fdd (patch)
tree: 777c8a1016945d5997531d2b0df58d0a6e47c3f5 /meta/recipes-extended
parent: 8f4bbd9359109b5d05fca1b424f45de61b4376ae (diff)
download: poky-a5de603a1b9316dd945aaea3136af027bbc61fdd.tar.gz
2 files changed, 184 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
new file mode 100644
index 0000000000..555c7a47f7
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
@@ -0,0 +1,183 @@
+Description: Fix handling of symbolic link ACLs
+ Published as CVE-2021-23177
+Origin: upstream, https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
+Bug-Debian: https://bugs.debian.org/1001986
+Author: Martin Matuska <martin@matuska.org>
+Last-Updated: 2021-12-20
+CVE: CVE-2021-23177
+Upstream-Status: Backport [http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+--- a/libarchive/archive_disk_acl_freebsd.c
+++ b/libarchive/archive_disk_acl_freebsd.c
+@@ -319,7 +319,7 @@
+ 
+ static int
+ set_acl(struct archive *a, int fd, const char *name,
+-    struct archive_acl *abstract_acl,
+    struct archive_acl *abstract_acl, __LA_MODE_T mode,
+     int ae_requested_type, const char *tname)
+ {
+        int              acl_type = 0;
+@@ -364,6 +364,13 @@
+                return (ARCHIVE_FAILED);
+        }
+ 
+       if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
+               errno = EINVAL;
+               archive_set_error(a, errno,
+                   "Cannot set default ACL on non-directory");
+               return (ARCHIVE_WARN);
+       }
+
+        acl = acl_init(entries);
+        if (acl == (acl_t)NULL) {
+                archive_set_error(a, errno,
+@@ -542,7 +549,10 @@
+        else if (acl_set_link_np(name, acl_type, acl) != 0)
+ #else
+        /* FreeBSD older than 8.0 */
+-       else if (acl_set_file(name, acl_type, acl) != 0)
+       else if (S_ISLNK(mode)) {
+           /* acl_set_file() follows symbolic links, skip */
+           ret = ARCHIVE_OK;
+       } else if (acl_set_file(name, acl_type, acl) != 0)
+ #endif
+        {
+                if (errno == EOPNOTSUPP) {
+@@ -677,14 +687,14 @@
+            & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
+                if ((archive_acl_types(abstract_acl)
+                    & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
+-                       ret = set_acl(a, fd, name, abstract_acl,
+                       ret = set_acl(a, fd, name, abstract_acl, mode,
+                            ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
+                        if (ret != ARCHIVE_OK)
+                                return (ret);
+                }
+                if ((archive_acl_types(abstract_acl)
+                    & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
+-                       ret = set_acl(a, fd, name, abstract_acl,
+                       ret = set_acl(a, fd, name, abstract_acl, mode,
+                            ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
+ 
+                /* Simultaneous POSIX.1e and NFSv4 is not supported */
+@@ -693,7 +703,7 @@
+ #if ARCHIVE_ACL_FREEBSD_NFS4
+        else if ((archive_acl_types(abstract_acl) &
+            ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
+-               ret = set_acl(a, fd, name, abstract_acl,
+               ret = set_acl(a, fd, name, abstract_acl, mode,
+                    ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
+        }
+ #endif
+--- a/libarchive/archive_disk_acl_linux.c
+++ b/libarchive/archive_disk_acl_linux.c
+@@ -343,6 +343,11 @@
+                return (ARCHIVE_FAILED);
+        }
+ 
+       if (S_ISLNK(mode)) {
+               /* Linux does not support RichACLs on symbolic links */
+               return (ARCHIVE_OK);
+       }
+
+        richacl = richacl_alloc(entries);
+        if (richacl == NULL) {
+                archive_set_error(a, errno,
+@@ -455,7 +460,7 @@
+ #if ARCHIVE_ACL_LIBACL
+ static int
+ set_acl(struct archive *a, int fd, const char *name,
+-    struct archive_acl *abstract_acl,
+    struct archive_acl *abstract_acl, __LA_MODE_T mode,
+     int ae_requested_type, const char *tname)
+ {
+        int              acl_type = 0;
+@@ -488,6 +493,18 @@
+                return (ARCHIVE_FAILED);
+        }
+ 
+       if (S_ISLNK(mode)) {
+               /* Linux does not support ACLs on symbolic links */
+               return (ARCHIVE_OK);
+       }
+
+       if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
+               errno = EINVAL;
+               archive_set_error(a, errno,
+                   "Cannot set default ACL on non-directory");
+               return (ARCHIVE_WARN);
+       }
+
+        acl = acl_init(entries);
+        if (acl == (acl_t)NULL) {
+                archive_set_error(a, errno,
+@@ -727,14 +744,14 @@
+            & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
+                if ((archive_acl_types(abstract_acl)
+                    & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
+-                       ret = set_acl(a, fd, name, abstract_acl,
+                       ret = set_acl(a, fd, name, abstract_acl, mode,
+                            ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
+                        if (ret != ARCHIVE_OK)
+                                return (ret);
+                }
+                if ((archive_acl_types(abstract_acl)
+                    & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
+-                       ret = set_acl(a, fd, name, abstract_acl,
+                       ret = set_acl(a, fd, name, abstract_acl, mode,
+                            ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
+        }
+ #endif /* ARCHIVE_ACL_LIBACL */
+--- a/libarchive/archive_disk_acl_sunos.c
+++ b/libarchive/archive_disk_acl_sunos.c
+@@ -443,7 +443,7 @@
+ 
+ static int
+ set_acl(struct archive *a, int fd, const char *name,
+-    struct archive_acl *abstract_acl,
+    struct archive_acl *abstract_acl, __LA_MODE_T mode,
+     int ae_requested_type, const char *tname)
+ {
+        aclent_t         *aclent;
+@@ -467,7 +467,6 @@
+        if (entries == 0)
+                return (ARCHIVE_OK);
+ 
+-
+        switch (ae_requested_type) {
+        case ARCHIVE_ENTRY_ACL_TYPE_POSIX1E:
+                cmd = SETACL;
+@@ -492,6 +491,12 @@
+                return (ARCHIVE_FAILED);
+        }
+ 
+        if (S_ISLNK(mode)) {
+                /* Skip ACLs on symbolic links */
+               ret = ARCHIVE_OK;
+               goto exit_free;
+        }
+
+        e = 0;
+ 
+        while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
+@@ -801,7 +806,7 @@
+        if ((archive_acl_types(abstract_acl)
+            & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
+                /* Solaris writes POSIX.1e access and default ACLs together */
+-               ret = set_acl(a, fd, name, abstract_acl,
+               ret = set_acl(a, fd, name, abstract_acl, mode,
+                    ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, "posix1e");
+ 
+                /* Simultaneous POSIX.1e and NFSv4 is not supported */
+@@ -810,7 +815,7 @@
+ #if ARCHIVE_ACL_SUNOS_NFS4
+        else if ((archive_acl_types(abstract_acl) &
+            ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
+-               ret = set_acl(a, fd, name, abstract_acl,
+               ret = set_acl(a, fd, name, abstract_acl, mode,
+                    ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
+        }
+ #endif
diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
index b7426a1be8..d8ed80686b 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
           file://CVE-2021-36976-1.patch \
           file://CVE-2021-36976-2.patch \
           file://CVE-2021-36976-3.patch \
+           file://CVE-2021-23177.patch \
 "
 SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451"
author	Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>	2022-08-30 15:22:18 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:51 +0100
commit	a5de603a1b9316dd945aaea3136af027bbc61fdd (patch)
tree	777c8a1016945d5997531d2b0df58d0a6e47c3f5 /meta/recipes-extended
parent	8f4bbd9359109b5d05fca1b424f45de61b4376ae (diff)
download	poky-a5de603a1b9316dd945aaea3136af027bbc61fdd.tar.gz

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch new file mode 100644 index 0000000000..555c7a47f7 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
@@ -0,0 +1,183 @@
		1	Description: Fix handling of symbolic link ACLs
		2	Published as CVE-2021-23177
		3	Origin: upstream, https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
		4	Bug-Debian: https://bugs.debian.org/1001986
		5	Author: Martin Matuska <martin@matuska.org>
		6	Last-Updated: 2021-12-20
		7
		8	CVE: CVE-2021-23177
		9	Upstream-Status: Backport [http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
		10	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
		11
		12	--- a/libarchive/archive_disk_acl_freebsd.c
		13	+++ b/libarchive/archive_disk_acl_freebsd.c
		14	@@ -319,7 +319,7 @@
		15
		16	static int
		17	set_acl(struct archive a, int fd, const char name,
		18	- struct archive_acl *abstract_acl,
		19	+ struct archive_acl *abstract_acl, __LA_MODE_T mode,
		20	int ae_requested_type, const char *tname)
		21	{
		22	int acl_type = 0;
		23	@@ -364,6 +364,13 @@
		24	return (ARCHIVE_FAILED);
		25	}
		26
		27	+ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
		28	+ errno = EINVAL;
		29	+ archive_set_error(a, errno,
		30	+ "Cannot set default ACL on non-directory");
		31	+ return (ARCHIVE_WARN);
		32	+ }
		33	+
		34	acl = acl_init(entries);
		35	if (acl == (acl_t)NULL) {
		36	archive_set_error(a, errno,
		37	@@ -542,7 +549,10 @@
		38	else if (acl_set_link_np(name, acl_type, acl) != 0)
		39	#else
		40	/* FreeBSD older than 8.0 */
		41	- else if (acl_set_file(name, acl_type, acl) != 0)
		42	+ else if (S_ISLNK(mode)) {
		43	+ /* acl_set_file() follows symbolic links, skip */
		44	+ ret = ARCHIVE_OK;
		45	+ } else if (acl_set_file(name, acl_type, acl) != 0)
		46	#endif
		47	{
		48	if (errno == EOPNOTSUPP) {
		49	@@ -677,14 +687,14 @@
		50	& ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
		51	if ((archive_acl_types(abstract_acl)
		52	& ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
		53	- ret = set_acl(a, fd, name, abstract_acl,
		54	+ ret = set_acl(a, fd, name, abstract_acl, mode,
		55	ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
		56	if (ret != ARCHIVE_OK)
		57	return (ret);
		58	}
		59	if ((archive_acl_types(abstract_acl)
		60	& ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
		61	- ret = set_acl(a, fd, name, abstract_acl,
		62	+ ret = set_acl(a, fd, name, abstract_acl, mode,
		63	ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
		64
		65	/* Simultaneous POSIX.1e and NFSv4 is not supported */
		66	@@ -693,7 +703,7 @@
		67	#if ARCHIVE_ACL_FREEBSD_NFS4
		68	else if ((archive_acl_types(abstract_acl) &
		69	ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
		70	- ret = set_acl(a, fd, name, abstract_acl,
		71	+ ret = set_acl(a, fd, name, abstract_acl, mode,
		72	ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
		73	}
		74	#endif
		75	--- a/libarchive/archive_disk_acl_linux.c
		76	+++ b/libarchive/archive_disk_acl_linux.c
		77	@@ -343,6 +343,11 @@
		78	return (ARCHIVE_FAILED);
		79	}
		80
		81	+ if (S_ISLNK(mode)) {
		82	+ /* Linux does not support RichACLs on symbolic links */
		83	+ return (ARCHIVE_OK);
		84	+ }
		85	+
		86	richacl = richacl_alloc(entries);
		87	if (richacl == NULL) {
		88	archive_set_error(a, errno,
		89	@@ -455,7 +460,7 @@
		90	#if ARCHIVE_ACL_LIBACL
		91	static int
		92	set_acl(struct archive a, int fd, const char name,
		93	- struct archive_acl *abstract_acl,
		94	+ struct archive_acl *abstract_acl, __LA_MODE_T mode,
		95	int ae_requested_type, const char *tname)
		96	{
		97	int acl_type = 0;
		98	@@ -488,6 +493,18 @@
		99	return (ARCHIVE_FAILED);
		100	}
		101
		102	+ if (S_ISLNK(mode)) {
		103	+ /* Linux does not support ACLs on symbolic links */
		104	+ return (ARCHIVE_OK);
		105	+ }
		106	+
		107	+ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
		108	+ errno = EINVAL;
		109	+ archive_set_error(a, errno,
		110	+ "Cannot set default ACL on non-directory");
		111	+ return (ARCHIVE_WARN);
		112	+ }
		113	+
		114	acl = acl_init(entries);
		115	if (acl == (acl_t)NULL) {
		116	archive_set_error(a, errno,
		117	@@ -727,14 +744,14 @@
		118	& ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
		119	if ((archive_acl_types(abstract_acl)
		120	& ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
		121	- ret = set_acl(a, fd, name, abstract_acl,
		122	+ ret = set_acl(a, fd, name, abstract_acl, mode,
		123	ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
		124	if (ret != ARCHIVE_OK)
		125	return (ret);
		126	}
		127	if ((archive_acl_types(abstract_acl)
		128	& ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
		129	- ret = set_acl(a, fd, name, abstract_acl,
		130	+ ret = set_acl(a, fd, name, abstract_acl, mode,
		131	ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
		132	}
		133	#endif /* ARCHIVE_ACL_LIBACL */
		134	--- a/libarchive/archive_disk_acl_sunos.c
		135	+++ b/libarchive/archive_disk_acl_sunos.c
		136	@@ -443,7 +443,7 @@
		137
		138	static int
		139	set_acl(struct archive a, int fd, const char name,
		140	- struct archive_acl *abstract_acl,
		141	+ struct archive_acl *abstract_acl, __LA_MODE_T mode,
		142	int ae_requested_type, const char *tname)
		143	{
		144	aclent_t *aclent;
		145	@@ -467,7 +467,6 @@
		146	if (entries == 0)
		147	return (ARCHIVE_OK);
		148
		149	-
		150	switch (ae_requested_type) {
		151	case ARCHIVE_ENTRY_ACL_TYPE_POSIX1E:
		152	cmd = SETACL;
		153	@@ -492,6 +491,12 @@
		154	return (ARCHIVE_FAILED);
		155	}
		156
		157	+ if (S_ISLNK(mode)) {
		158	+ /* Skip ACLs on symbolic links */
		159	+ ret = ARCHIVE_OK;
		160	+ goto exit_free;
		161	+ }
		162	+
		163	e = 0;
		164
		165	while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
		166	@@ -801,7 +806,7 @@
		167	if ((archive_acl_types(abstract_acl)
		168	& ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
		169	/* Solaris writes POSIX.1e access and default ACLs together */
		170	- ret = set_acl(a, fd, name, abstract_acl,
		171	+ ret = set_acl(a, fd, name, abstract_acl, mode,
		172	ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, "posix1e");
		173
		174	/* Simultaneous POSIX.1e and NFSv4 is not supported */
		175	@@ -810,7 +815,7 @@
		176	#if ARCHIVE_ACL_SUNOS_NFS4
		177	else if ((archive_acl_types(abstract_acl) &
		178	ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
		179	- ret = set_acl(a, fd, name, abstract_acl,
		180	+ ret = set_acl(a, fd, name, abstract_acl, mode,
		181	ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
		182	}
		183	#endif


diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb index b7426a1be8..d8ed80686b 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
36	file://CVE-2021-36976-1.patch \	36	file://CVE-2021-36976-1.patch \
37	file://CVE-2021-36976-2.patch \	37	file://CVE-2021-36976-2.patch \
38	file://CVE-2021-36976-3.patch \	38	file://CVE-2021-36976-3.patch \
		39	file://CVE-2021-23177.patch \
39	"	40	"
40		41
41	SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451"	42	SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451"