summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorPeter Marko <peter.marko@siemens.com>2025-11-23 23:40:25 +0100
committerSteve Sakoman <steve@sakoman.com>2025-12-01 06:50:49 -0800
commit088d1497d5e85e28309804b26378b13231ec99b1 (patch)
tree6f6332358cfb8befe3b1ac9c48d6b966250334f3 /meta
parent22f8da4818578d9840ceb764e7759163bc61e740 (diff)
downloadpoky-088d1497d5e85e28309804b26378b13231ec99b1.tar.gz
libarchive: patch CVE-2025-60753
Pick patch from [3] marked in [2] mentioned in [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-60753 [2] https://github.com/libarchive/libarchive/issues/2725 [3] https://github.com/libarchive/libarchive/pull/2787 (From OE-Core rev: e3e9dd59a32541b36d6c1036b8f83af52bef92cd) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch76
-rw-r--r--meta/recipes-extended/libarchive/libarchive_3.6.2.bb1
2 files changed, 77 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
new file mode 100644
index 0000000000..604e0421be
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch
@@ -0,0 +1,76 @@
1From 3150539edb18690c2c5f81c37fd2d3a35c69ace5 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?ARJANEN=20Lo=C3=AFc=20Jean=20David?= <ljd@luigiscorner.mu>
3Date: Fri, 14 Nov 2025 20:34:48 +0100
4Subject: [PATCH] Fix bsdtar zero-length pattern issue.
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Uses the sed-like way (and Java-like, and .Net-like, and Javascript-like…) to fix this issue of advancing the string to be processed by one if the match is zero-length.
10
11Fixes libarchive/libarchive#2725 and solves libarchive/libarchive#2438.
12
13CVE: CVE-2025-60753
14Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/3150539edb18690c2c5f81c37fd2d3a35c69ace5]
15Signed-off-by: Peter Marko <peter.marko@siemens.com>
16---
17 tar/subst.c | 19 ++++++++++++-------
18 tar/test/test_option_s.c | 8 +++++++-
19 2 files changed, 19 insertions(+), 8 deletions(-)
20
21diff --git a/tar/subst.c b/tar/subst.c
22index 9747abb9..902a4d64 100644
23--- a/tar/subst.c
24+++ b/tar/subst.c
25@@ -237,7 +237,9 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
26 continue;
27 }
28
29- while (1) {
30+ char isEnd = 0;
31+ do {
32+ isEnd = *name == '\0';
33 if (regexec(&rule->re, name, 10, matches, 0))
34 break;
35
36@@ -291,12 +293,15 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
37 }
38
39 realloc_strcat(result, rule->result + j);
40-
41- name += matches[0].rm_eo;
42-
43- if (!rule->global)
44- break;
45- }
46+ if (matches[0].rm_eo > 0) {
47+ name += matches[0].rm_eo;
48+ } else {
49+ // We skip a character because the match is 0-length
50+ // so we need to add it to the output
51+ realloc_strncat(result, name, 1);
52+ name += 1;
53+ }
54+ } while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end
55 }
56
57 if (got_match)
58diff --git a/tar/test/test_option_s.c b/tar/test/test_option_s.c
59index 564793b9..90b4c471 100644
60--- a/tar/test/test_option_s.c
61+++ b/tar/test/test_option_s.c
62@@ -61,7 +61,13 @@ DEFINE_TEST(test_option_s)
63 systemf("%s -cf test1_2.tar -s /d1/d2/ in/d1/foo", testprog);
64 systemf("%s -xf test1_2.tar -C test1", testprog);
65 assertFileContents("foo", 3, "test1/in/d2/foo");
66-
67+ systemf("%s -cf test1_3.tar -s /o/#/g in/d1/foo", testprog);
68+ systemf("%s -xf test1_3.tar -C test1", testprog);
69+ assertFileContents("foo", 3, "test1/in/d1/f##");
70+ // For the 0-length pattern check, remember that "test1/" isn't part of the string affected by the regexp
71+ systemf("%s -cf test1_4.tar -s /f*/\\<~\\>/g in/d1/foo", testprog);
72+ systemf("%s -xf test1_4.tar -C test1", testprog);
73+ assertFileContents("foo", 3, "test1/<>i<>n<>/<>d<>1<>/<f><>o<>o<>");
74 /*
75 * Test 2: Basic substitution when extracting archive.
76 */
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index b834f2dbc3..66f30ec89b 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -48,6 +48,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
48 file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \ 48 file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \
49 file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \ 49 file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \
50 file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \ 50 file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \
51 file://CVE-2025-60753.patch \
51 " 52 "
52UPSTREAM_CHECK_URI = "http://libarchive.org/" 53UPSTREAM_CHECK_URI = "http://libarchive.org/"
53 54