1 files changed, 13 insertions, 1 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
index 0ab40fc096..728eedc401 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
@@ -32,11 +32,23 @@ PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,"
 EXTRA_OECONF += "--enable-largefile"
-SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
+SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
+           file://CVE-2021-36976-1.patch \
+           file://CVE-2021-36976-2.patch \
+           file://CVE-2021-36976-3.patch \
+           file://CVE-2021-23177.patch \
+           file://CVE-2021-31566-01.patch \
+           file://CVE-2021-31566-02.patch \
+           file://CVE-2022-26280.patch \
+           file://CVE-2022-36227.patch \
+"
 SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451"
 SRC_URI[sha256sum] = "b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176"
+# upstream-wontfix: upstream has documented that reported function is not thread-safe
+CVE_CHECK_WHITELIST += "CVE-2023-30571"
 inherit autotools update-alternatives pkgconfig
 CPPFLAGS += "-I${WORKDIR}/extra-includes"

diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb index 0ab40fc096..728eedc401 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb
@@ -32,11 +32,23 @@ PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls,"
32		32
33	EXTRA_OECONF += "--enable-largefile"	33	EXTRA_OECONF += "--enable-largefile"
34		34
35	SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"	35	SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
		36	file://CVE-2021-36976-1.patch \
		37	file://CVE-2021-36976-2.patch \
		38	file://CVE-2021-36976-3.patch \
		39	file://CVE-2021-23177.patch \
		40	file://CVE-2021-31566-01.patch \
		41	file://CVE-2021-31566-02.patch \
		42	file://CVE-2022-26280.patch \
		43	file://CVE-2022-36227.patch \
		44	"
36		45
37	SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451"	46	SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451"
38	SRC_URI[sha256sum] = "b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176"	47	SRC_URI[sha256sum] = "b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176"
39		48
		49	# upstream-wontfix: upstream has documented that reported function is not thread-safe
		50	CVE_CHECK_WHITELIST += "CVE-2023-30571"
		51
40	inherit autotools update-alternatives pkgconfig	52	inherit autotools update-alternatives pkgconfig
41		53
42	CPPFLAGS += "-I${WORKDIR}/extra-includes"	54	CPPFLAGS += "-I${WORKDIR}/extra-includes"