1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch
new file mode 100644
index 0000000000..e85fec40aa
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch
@@ -0,0 +1,37 @@
+libarchive-3.3.2: Fix CVE-2017-14166
+[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/935
+archive_read_support_format_xar: heap-based buffer overflow in xml_data
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71]
+CVE: CVE-2017-14166
+Bug: 935
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb..93eeacc 100644
+--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+        uint64_t l;
+        int digit;
+ 
+       if (char_cnt == 0)
+               return (0);
+
+        l = 0;
+        digit = *p - '0';
+        while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+        int64_t l;
+        int digit;
+-        
+
+       if (char_cnt == 0)
+               return (0);
+
+        l = 0;
+        while (char_cnt-- > 0) {
+                if (*p >= '0' && *p <= '7')

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch new file mode 100644 index 0000000000..e85fec40aa --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch
@@ -0,0 +1,37 @@
	1	libarchive-3.3.2: Fix CVE-2017-14166
	2
	3	[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/935
	4
	5	archive_read_support_format_xar: heap-based buffer overflow in xml_data
	6
	7	Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71]
	8	CVE: CVE-2017-14166
	9	Bug: 935
	10	Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
	11
	12	diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
	13	index 7a22beb..93eeacc 100644
	14	--- a/libarchive/archive_read_support_format_xar.c
	15	+++ b/libarchive/archive_read_support_format_xar.c
	16	@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
	17	uint64_t l;
	18	int digit;
	19
	20	+ if (char_cnt == 0)
	21	+ return (0);
	22	+
	23	l = 0;
	24	digit = *p - '0';
	25	while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
	26	@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
	27	{
	28	int64_t l;
	29	int digit;
	30	-
	31	+
	32	+ if (char_cnt == 0)
	33	+ return (0);
	34	+
	35	l = 0;
	36	while (char_cnt-- > 0) {
	37	if (p >= '0' && p <= '7')