3 files changed, 53 insertions, 1 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-01.patch
index 6ca6f6678c..6ca6f6678c 100644
--- a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-01.patch
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
new file mode 100644
index 0000000000..223cd01c0d
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
@@ -0,0 +1,51 @@
+From 51b4c35bb38b7df4af24de7f103863dd79129b01 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Tue, 27 May 2025 17:09:12 +0200
+Subject: [PATCH] Fix FILE_skip regression
+The fseek* family of functions return 0 on success, not the new offset.
+This is only true for lseek.
+Fixes https://github.com/libarchive/libarchive/issues/2641
+Fixes dcbf1e0ededa95849f098d154a25876ed5754bcf
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+CVE: CVE-2025-5918
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/51b4c35bb38b7df4af24de7f103863dd79129b01]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libarchive/archive_read_open_file.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+diff --git a/libarchive/archive_read_open_file.c b/libarchive/archive_read_open_file.c
+index 6ed18a0c..742923ab 100644
+--- a/libarchive/archive_read_open_file.c
+++ b/libarchive/archive_read_open_file.c
+@@ -133,7 +133,7 @@ FILE_skip(struct archive *a, void *client_data, int64_t request)
+ #else
+        long skip = (long)request;
+ #endif
+-       int64_t old_offset, new_offset;
+       int64_t old_offset, new_offset = -1;
+        int skip_bits = sizeof(skip) * 8 - 1;
+ 
+        (void)a; /* UNUSED */
+@@ -171,11 +171,14 @@ FILE_skip(struct archive *a, void *client_data, int64_t request)
+ #ifdef __ANDROID__
+                        new_offset = lseek(fileno(mine->f), skip, SEEK_CUR);
+ #elif HAVE__FSEEKI64
+-                       new_offset = _fseeki64(mine->f, skip, SEEK_CUR);
+                       if (_fseeki64(mine->f, skip, SEEK_CUR) == 0)
+                               new_offset = _ftelli64(mine->f);
+ #elif HAVE_FSEEKO
+-                       new_offset = fseeko(mine->f, skip, SEEK_CUR);
+                       if (fseeko(mine->f, skip, SEEK_CUR) == 0)
+                               new_offset = ftello(mine->f);
+ #else
+-                       new_offset = fseek(mine->f, skip, SEEK_CUR);
+                       if (fseek(mine->f, skip, SEEK_CUR) == 0)
+                               new_offset = ftell(mine->f);
+ #endif
+                        if (new_offset >= 0)
+                                return (new_offset - old_offset);
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index bfd4df8ad1..65b4649147 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -41,7 +41,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
           file://CVE-2025-5917.patch \
           file://0001-FILE-seeking-support-2539.patch \
           file://0001-Improve-lseek-handling-2564.patch \
-           file://CVE-2025-5918.patch \
+           file://CVE-2025-5918-01.patch \
+           file://CVE-2025-5918-02.patch \
           "
 UPSTREAM_CHECK_URI = "http://libarchive.org/"

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-01.patch index 6ca6f6678c..6ca6f6678c 100644 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-01.patch


diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch new file mode 100644 index 0000000000..223cd01c0d --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch
@@ -0,0 +1,51 @@
		1	From 51b4c35bb38b7df4af24de7f103863dd79129b01 Mon Sep 17 00:00:00 2001
		2	From: Tobias Stoeckmann <tobias@stoeckmann.org>
		3	Date: Tue, 27 May 2025 17:09:12 +0200
		4	Subject: [PATCH] Fix FILE_skip regression
		5
		6	The fseek* family of functions return 0 on success, not the new offset.
		7	This is only true for lseek.
		8
		9	Fixes https://github.com/libarchive/libarchive/issues/2641
		10	Fixes dcbf1e0ededa95849f098d154a25876ed5754bcf
		11
		12	Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
		13
		14	CVE: CVE-2025-5918
		15	Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/51b4c35bb38b7df4af24de7f103863dd79129b01]
		16	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		17	---
		18	libarchive/archive_read_open_file.c \| 11 +++++++----
		19	1 file changed, 7 insertions(+), 4 deletions(-)
		20
		21	diff --git a/libarchive/archive_read_open_file.c b/libarchive/archive_read_open_file.c
		22	index 6ed18a0c..742923ab 100644
		23	--- a/libarchive/archive_read_open_file.c
		24	+++ b/libarchive/archive_read_open_file.c
		25	@@ -133,7 +133,7 @@ FILE_skip(struct archive a, void client_data, int64_t request)
		26	#else
		27	long skip = (long)request;
		28	#endif
		29	- int64_t old_offset, new_offset;
		30	+ int64_t old_offset, new_offset = -1;
		31	int skip_bits = sizeof(skip) * 8 - 1;
		32
		33	(void)a; /* UNUSED */
		34	@@ -171,11 +171,14 @@ FILE_skip(struct archive a, void client_data, int64_t request)
		35	#ifdef __ANDROID__
		36	new_offset = lseek(fileno(mine->f), skip, SEEK_CUR);
		37	#elif HAVE__FSEEKI64
		38	- new_offset = _fseeki64(mine->f, skip, SEEK_CUR);
		39	+ if (_fseeki64(mine->f, skip, SEEK_CUR) == 0)
		40	+ new_offset = _ftelli64(mine->f);
		41	#elif HAVE_FSEEKO
		42	- new_offset = fseeko(mine->f, skip, SEEK_CUR);
		43	+ if (fseeko(mine->f, skip, SEEK_CUR) == 0)
		44	+ new_offset = ftello(mine->f);
		45	#else
		46	- new_offset = fseek(mine->f, skip, SEEK_CUR);
		47	+ if (fseek(mine->f, skip, SEEK_CUR) == 0)
		48	+ new_offset = ftell(mine->f);
		49	#endif
		50	if (new_offset >= 0)
		51	return (new_offset - old_offset);


diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index bfd4df8ad1..65b4649147 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -41,7 +41,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
41	file://CVE-2025-5917.patch \	41	file://CVE-2025-5917.patch \
42	file://0001-FILE-seeking-support-2539.patch \	42	file://0001-FILE-seeking-support-2539.patch \
43	file://0001-Improve-lseek-handling-2564.patch \	43	file://0001-Improve-lseek-handling-2564.patch \
44	file://CVE-2025-5918.patch \	44	file://CVE-2025-5918-01.patch \
		45	file://CVE-2025-5918-02.patch \
45	"	46	"
46	UPSTREAM_CHECK_URI = "http://libarchive.org/"	47	UPSTREAM_CHECK_URI = "http://libarchive.org/"
47		48