2 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/0001-Set-xattrs-after-setting-times.patch b/meta/recipes-extended/libarchive/libarchive/0001-Set-xattrs-after-setting-times.patch
new file mode 100644
index 0000000000..6d74e867e6
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/0001-Set-xattrs-after-setting-times.patch
@@ -0,0 +1,59 @@
+From 545ded56095c570426fe102ff2192889681ea75c Mon Sep 17 00:00:00 2001
+From: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
+Date: Mon, 29 Feb 2016 14:38:25 +0200
+Subject: [PATCH] Set xattrs after setting times
+With Integrity Measurement Architecture (IMA) enabled in Linux
+kernel the security.ima extended attribute gets overwritten
+when setting times on a file with a futimens() call. So it's safer
+to set xattrs after times.
+Upstream-Status: Submitted [https://github.com/libarchive/libarchive/pull/664]
+Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
+---
+ libarchive/archive_write_disk_posix.c | 21 +++++++++++----------
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
+index 0fc6193..27c9c1e 100644
+--- a/libarchive/archive_write_disk_posix.c
+++ b/libarchive/archive_write_disk_posix.c
+@@ -1620,16 +1620,6 @@ _archive_write_disk_finish_entry(struct archive *_a)
+        }
+        /*
+-        * Security-related extended attributes (such as
+-        * security.capability on Linux) have to be restored last,
+-        * since they're implicitly removed by other file changes.
+-        */
+-       if (a->todo & TODO_XATTR) {
+-               int r2 = set_xattrs(a);
+-               if (r2 < ret) ret = r2;
+-       }
+-
+-       /*
+         * Some flags prevent file modification; they must be restored after
+         * file contents are written.
+         */
+@@ -1648,6 +1638,17 @@ _archive_write_disk_finish_entry(struct archive *_a)
+        }
+        /*
+        * Security-related extended attributes (such as
+        * security.capability or security.ima on Linux) have to be restored last,
+        * since they're implicitly removed by other file changes like setting
+        * times.
+        */
+       if (a->todo & TODO_XATTR) {
+               int r2 = set_xattrs(a);
+               if (r2 < ret) ret = r2;
+       }
+
+       /*
+         * Mac extended metadata includes ACLs.
+         */
+        if (a->todo & TODO_MAC_METADATA) {
+--
+2.5.0
diff --git a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
index 89c8faf5ef..ed677ac318 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
@@ -35,6 +35,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
           file://pkgconfig.patch \
           file://libarchive-CVE-2015-2304.patch \
           file://mkdir.patch \
+           file://0001-Set-xattrs-after-setting-times.patch \
           "
 SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a"

diff --git a/meta/recipes-extended/libarchive/libarchive/0001-Set-xattrs-after-setting-times.patch b/meta/recipes-extended/libarchive/libarchive/0001-Set-xattrs-after-setting-times.patch new file mode 100644 index 0000000000..6d74e867e6 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/0001-Set-xattrs-after-setting-times.patch
@@ -0,0 +1,59 @@
		1	From 545ded56095c570426fe102ff2192889681ea75c Mon Sep 17 00:00:00 2001
		2	From: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
		3	Date: Mon, 29 Feb 2016 14:38:25 +0200
		4	Subject: [PATCH] Set xattrs after setting times
		5
		6	With Integrity Measurement Architecture (IMA) enabled in Linux
		7	kernel the security.ima extended attribute gets overwritten
		8	when setting times on a file with a futimens() call. So it's safer
		9	to set xattrs after times.
		10
		11	Upstream-Status: Submitted [https://github.com/libarchive/libarchive/pull/664]
		12
		13	Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
		14
		15	---
		16	libarchive/archive_write_disk_posix.c \| 21 +++++++++++----------
		17	1 file changed, 11 insertions(+), 10 deletions(-)
		18
		19	diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
		20	index 0fc6193..27c9c1e 100644
		21	--- a/libarchive/archive_write_disk_posix.c
		22	+++ b/libarchive/archive_write_disk_posix.c
		23	@@ -1620,16 +1620,6 @@ _archive_write_disk_finish_entry(struct archive *_a)
		24	}
		25
		26	/*
		27	- * Security-related extended attributes (such as
		28	- * security.capability on Linux) have to be restored last,
		29	- * since they're implicitly removed by other file changes.
		30	- */
		31	- if (a->todo & TODO_XATTR) {
		32	- int r2 = set_xattrs(a);
		33	- if (r2 < ret) ret = r2;
		34	- }
		35	-
		36	- /*
		37	* Some flags prevent file modification; they must be restored after
		38	* file contents are written.
		39	*/
		40	@@ -1648,6 +1638,17 @@ _archive_write_disk_finish_entry(struct archive *_a)
		41	}
		42
		43	/*
		44	+ * Security-related extended attributes (such as
		45	+ * security.capability or security.ima on Linux) have to be restored last,
		46	+ * since they're implicitly removed by other file changes like setting
		47	+ * times.
		48	+ */
		49	+ if (a->todo & TODO_XATTR) {
		50	+ int r2 = set_xattrs(a);
		51	+ if (r2 < ret) ret = r2;
		52	+ }
		53	+
		54	+ /*
		55	* Mac extended metadata includes ACLs.
		56	*/
		57	if (a->todo & TODO_MAC_METADATA) {
		58	--
		59	2.5.0


diff --git a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb index 89c8faf5ef..ed677ac318 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
@@ -35,6 +35,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
35	file://pkgconfig.patch \	35	file://pkgconfig.patch \
36	file://libarchive-CVE-2015-2304.patch \	36	file://libarchive-CVE-2015-2304.patch \
37	file://mkdir.patch \	37	file://mkdir.patch \
		38	file://0001-Set-xattrs-after-setting-times.patch \
38	"	39	"
39		40
40	SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a"	41	SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a"