libarchive: ignore CVE-2025-1632

As already mentioned in [1] when backporting commit including fix for this CVE, this vulnerability applies only from libarchive 3.7.0 commit [2] which introduced bsdunzip which contains this vulnerability. [1] https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=ec837d3b21b4f8b98abac53e2833f1490ba6bf1e [2] https://github.com/libarchive/libarchive/commit/c157e4ce8eb170a92945cc2d292fd7106bdfcce1 (From OE-Core rev: bf7654877ba99f0b18a1cf6f83032af5ecabd01f) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-03-28 18:37:16 +0100
committer: Steve Sakoman <steve@sakoman.com> 2025-04-04 08:42:47 -0700
commit: 717a181fd2f068268d8252c04177fa2e2eae1e64 (patch)
tree: 9813367c882f2c627c0dced0caa1c0c30e656715
parent: 68c9f9f44982e8caabc82c25292cbdf93877aef6 (diff)
download: poky-717a181fd2f068268d8252c04177fa2e2eae1e64.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index 4ceb0df2c0..f7e576b688 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -44,6 +44,8 @@ SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f
 CVE_CHECK_IGNORE += "CVE-2023-30571"
 # cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948
 CVE_CHECK_IGNORE += "CVE-2024-37407"
+# cpe-incorrect: bsdtar was introduced in v3.7.0, so 3.6.2 is not affected yet
+CVE_CHECK_IGNORE += "CVE-2025-1632"
 inherit autotools update-alternatives pkgconfig
author	Peter Marko <peter.marko@siemens.com>	2025-03-28 18:37:16 +0100
committer	Steve Sakoman <steve@sakoman.com>	2025-04-04 08:42:47 -0700
commit	717a181fd2f068268d8252c04177fa2e2eae1e64 (patch)
tree	9813367c882f2c627c0dced0caa1c0c30e656715
parent	68c9f9f44982e8caabc82c25292cbdf93877aef6 (diff)
download	poky-717a181fd2f068268d8252c04177fa2e2eae1e64.tar.gz

diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index 4ceb0df2c0..f7e576b688 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -44,6 +44,8 @@ SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f
44	CVE_CHECK_IGNORE += "CVE-2023-30571"	44	CVE_CHECK_IGNORE += "CVE-2023-30571"
45	# cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948	45	# cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948
46	CVE_CHECK_IGNORE += "CVE-2024-37407"	46	CVE_CHECK_IGNORE += "CVE-2024-37407"
		47	# cpe-incorrect: bsdtar was introduced in v3.7.0, so 3.6.2 is not affected yet
		48	CVE_CHECK_IGNORE += "CVE-2025-1632"
47		49
48	inherit autotools update-alternatives pkgconfig	50	inherit autotools update-alternatives pkgconfig
49		51