1 files changed, 23 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
new file mode 100644
index 0000000000..c4a2fb612c
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
@@ -0,0 +1,23 @@
+Description: Never follow symlinks when setting file flags on Linux
+ Published as CVE-2021-31566
+Origin: upstream, https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b
+Bug-Debian: https://bugs.debian.org/1001990
+Author: Martin Matuska <martin@matuska.org>
+Last-Update: 2021-12-20
+CVE: CVE-2021-31566
+Upstream-Status: Backport [http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+--- a/libarchive/archive_write_disk_posix.c
+++ b/libarchive/archive_write_disk_posix.c
+@@ -3927,7 +3927,8 @@
+ 
+        /* If we weren't given an fd, open it ourselves. */
+        if (myfd < 0) {
+-               myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
+               myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY |
+                   O_CLOEXEC | O_NOFOLLOW);
+                __archive_ensure_cloexec_flag(myfd);
+        }
+        if (myfd < 0)

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch new file mode 100644 index 0000000000..c4a2fb612c --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
@@ -0,0 +1,23 @@
	1	Description: Never follow symlinks when setting file flags on Linux
	2	Published as CVE-2021-31566
	3	Origin: upstream, https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b
	4	Bug-Debian: https://bugs.debian.org/1001990
	5	Author: Martin Matuska <martin@matuska.org>
	6	Last-Update: 2021-12-20
	7
	8	CVE: CVE-2021-31566
	9	Upstream-Status: Backport [http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
	10	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	11
	12	--- a/libarchive/archive_write_disk_posix.c
	13	+++ b/libarchive/archive_write_disk_posix.c
	14	@@ -3927,7 +3927,8 @@
	15
	16	/* If we weren't given an fd, open it ourselves. */
	17	if (myfd < 0) {
	18	- myfd = open(name, O_RDONLY \| O_NONBLOCK \| O_BINARY \| O_CLOEXEC);
	19	+ myfd = open(name, O_RDONLY \| O_NONBLOCK \| O_BINARY \|
	20	+ O_CLOEXEC \| O_NOFOLLOW);
	21	__archive_ensure_cloexec_flag(myfd);
	22	}
	23	if (myfd < 0)