diff options
Diffstat (limited to 'meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch')
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch new file mode 100644 index 0000000000..c4a2fb612c --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch | |||
@@ -0,0 +1,23 @@ | |||
1 | Description: Never follow symlinks when setting file flags on Linux | ||
2 | Published as CVE-2021-31566 | ||
3 | Origin: upstream, https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b | ||
4 | Bug-Debian: https://bugs.debian.org/1001990 | ||
5 | Author: Martin Matuska <martin@matuska.org> | ||
6 | Last-Update: 2021-12-20 | ||
7 | |||
8 | CVE: CVE-2021-31566 | ||
9 | Upstream-Status: Backport [http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz] | ||
10 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
11 | |||
12 | --- a/libarchive/archive_write_disk_posix.c | ||
13 | +++ b/libarchive/archive_write_disk_posix.c | ||
14 | @@ -3927,7 +3927,8 @@ | ||
15 | |||
16 | /* If we weren't given an fd, open it ourselves. */ | ||
17 | if (myfd < 0) { | ||
18 | - myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC); | ||
19 | + myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | | ||
20 | + O_CLOEXEC | O_NOFOLLOW); | ||
21 | __archive_ensure_cloexec_flag(myfd); | ||
22 | } | ||
23 | if (myfd < 0) | ||