summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRanjitsinh Rathod <ranjitsinh.rathod@kpit.com>2022-08-30 15:22:18 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-09-12 08:41:51 +0100
commita5de603a1b9316dd945aaea3136af027bbc61fdd (patch)
tree777c8a1016945d5997531d2b0df58d0a6e47c3f5 /meta
parent8f4bbd9359109b5d05fca1b424f45de61b4376ae (diff)
downloadpoky-a5de603a1b9316dd945aaea3136af027bbc61fdd.tar.gz
libarchive: Fix CVE-2021-23177 issue
Add patch to fix CVE-2021-23177 issue for libarchive Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz (From OE-Core rev: 01d7e2c7a0da55a7c00aebed107c1338f5f032b1) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch183
-rw-r--r--meta/recipes-extended/libarchive/libarchive_3.4.2.bb1
2 files changed, 184 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
new file mode 100644
index 0000000000..555c7a47f7
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
@@ -0,0 +1,183 @@
1Description: Fix handling of symbolic link ACLs
2 Published as CVE-2021-23177
3Origin: upstream, https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
4Bug-Debian: https://bugs.debian.org/1001986
5Author: Martin Matuska <martin@matuska.org>
6Last-Updated: 2021-12-20
7
8CVE: CVE-2021-23177
9Upstream-Status: Backport [http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
10Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
11
12--- a/libarchive/archive_disk_acl_freebsd.c
13+++ b/libarchive/archive_disk_acl_freebsd.c
14@@ -319,7 +319,7 @@
15
16 static int
17 set_acl(struct archive *a, int fd, const char *name,
18- struct archive_acl *abstract_acl,
19+ struct archive_acl *abstract_acl, __LA_MODE_T mode,
20 int ae_requested_type, const char *tname)
21 {
22 int acl_type = 0;
23@@ -364,6 +364,13 @@
24 return (ARCHIVE_FAILED);
25 }
26
27+ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
28+ errno = EINVAL;
29+ archive_set_error(a, errno,
30+ "Cannot set default ACL on non-directory");
31+ return (ARCHIVE_WARN);
32+ }
33+
34 acl = acl_init(entries);
35 if (acl == (acl_t)NULL) {
36 archive_set_error(a, errno,
37@@ -542,7 +549,10 @@
38 else if (acl_set_link_np(name, acl_type, acl) != 0)
39 #else
40 /* FreeBSD older than 8.0 */
41- else if (acl_set_file(name, acl_type, acl) != 0)
42+ else if (S_ISLNK(mode)) {
43+ /* acl_set_file() follows symbolic links, skip */
44+ ret = ARCHIVE_OK;
45+ } else if (acl_set_file(name, acl_type, acl) != 0)
46 #endif
47 {
48 if (errno == EOPNOTSUPP) {
49@@ -677,14 +687,14 @@
50 & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
51 if ((archive_acl_types(abstract_acl)
52 & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
53- ret = set_acl(a, fd, name, abstract_acl,
54+ ret = set_acl(a, fd, name, abstract_acl, mode,
55 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
56 if (ret != ARCHIVE_OK)
57 return (ret);
58 }
59 if ((archive_acl_types(abstract_acl)
60 & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
61- ret = set_acl(a, fd, name, abstract_acl,
62+ ret = set_acl(a, fd, name, abstract_acl, mode,
63 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
64
65 /* Simultaneous POSIX.1e and NFSv4 is not supported */
66@@ -693,7 +703,7 @@
67 #if ARCHIVE_ACL_FREEBSD_NFS4
68 else if ((archive_acl_types(abstract_acl) &
69 ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
70- ret = set_acl(a, fd, name, abstract_acl,
71+ ret = set_acl(a, fd, name, abstract_acl, mode,
72 ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
73 }
74 #endif
75--- a/libarchive/archive_disk_acl_linux.c
76+++ b/libarchive/archive_disk_acl_linux.c
77@@ -343,6 +343,11 @@
78 return (ARCHIVE_FAILED);
79 }
80
81+ if (S_ISLNK(mode)) {
82+ /* Linux does not support RichACLs on symbolic links */
83+ return (ARCHIVE_OK);
84+ }
85+
86 richacl = richacl_alloc(entries);
87 if (richacl == NULL) {
88 archive_set_error(a, errno,
89@@ -455,7 +460,7 @@
90 #if ARCHIVE_ACL_LIBACL
91 static int
92 set_acl(struct archive *a, int fd, const char *name,
93- struct archive_acl *abstract_acl,
94+ struct archive_acl *abstract_acl, __LA_MODE_T mode,
95 int ae_requested_type, const char *tname)
96 {
97 int acl_type = 0;
98@@ -488,6 +493,18 @@
99 return (ARCHIVE_FAILED);
100 }
101
102+ if (S_ISLNK(mode)) {
103+ /* Linux does not support ACLs on symbolic links */
104+ return (ARCHIVE_OK);
105+ }
106+
107+ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
108+ errno = EINVAL;
109+ archive_set_error(a, errno,
110+ "Cannot set default ACL on non-directory");
111+ return (ARCHIVE_WARN);
112+ }
113+
114 acl = acl_init(entries);
115 if (acl == (acl_t)NULL) {
116 archive_set_error(a, errno,
117@@ -727,14 +744,14 @@
118 & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
119 if ((archive_acl_types(abstract_acl)
120 & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
121- ret = set_acl(a, fd, name, abstract_acl,
122+ ret = set_acl(a, fd, name, abstract_acl, mode,
123 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
124 if (ret != ARCHIVE_OK)
125 return (ret);
126 }
127 if ((archive_acl_types(abstract_acl)
128 & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
129- ret = set_acl(a, fd, name, abstract_acl,
130+ ret = set_acl(a, fd, name, abstract_acl, mode,
131 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
132 }
133 #endif /* ARCHIVE_ACL_LIBACL */
134--- a/libarchive/archive_disk_acl_sunos.c
135+++ b/libarchive/archive_disk_acl_sunos.c
136@@ -443,7 +443,7 @@
137
138 static int
139 set_acl(struct archive *a, int fd, const char *name,
140- struct archive_acl *abstract_acl,
141+ struct archive_acl *abstract_acl, __LA_MODE_T mode,
142 int ae_requested_type, const char *tname)
143 {
144 aclent_t *aclent;
145@@ -467,7 +467,6 @@
146 if (entries == 0)
147 return (ARCHIVE_OK);
148
149-
150 switch (ae_requested_type) {
151 case ARCHIVE_ENTRY_ACL_TYPE_POSIX1E:
152 cmd = SETACL;
153@@ -492,6 +491,12 @@
154 return (ARCHIVE_FAILED);
155 }
156
157+ if (S_ISLNK(mode)) {
158+ /* Skip ACLs on symbolic links */
159+ ret = ARCHIVE_OK;
160+ goto exit_free;
161+ }
162+
163 e = 0;
164
165 while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
166@@ -801,7 +806,7 @@
167 if ((archive_acl_types(abstract_acl)
168 & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
169 /* Solaris writes POSIX.1e access and default ACLs together */
170- ret = set_acl(a, fd, name, abstract_acl,
171+ ret = set_acl(a, fd, name, abstract_acl, mode,
172 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, "posix1e");
173
174 /* Simultaneous POSIX.1e and NFSv4 is not supported */
175@@ -810,7 +815,7 @@
176 #if ARCHIVE_ACL_SUNOS_NFS4
177 else if ((archive_acl_types(abstract_acl) &
178 ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
179- ret = set_acl(a, fd, name, abstract_acl,
180+ ret = set_acl(a, fd, name, abstract_acl, mode,
181 ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
182 }
183 #endif
diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
index b7426a1be8..d8ed80686b 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
36 file://CVE-2021-36976-1.patch \ 36 file://CVE-2021-36976-1.patch \
37 file://CVE-2021-36976-2.patch \ 37 file://CVE-2021-36976-2.patch \
38 file://CVE-2021-36976-3.patch \ 38 file://CVE-2021-36976-3.patch \
39 file://CVE-2021-23177.patch \
39" 40"
40 41
41SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451" 42SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451"