2 files changed, 46 insertions, 1 deletions
diff --git a/meta/recipes-extended/tar/tar/CVE-2022-48303.patch b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
new file mode 100644
index 0000000000..b2f40f3e64
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
@@ -0,0 +1,43 @@
+From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sat, 11 Feb 2023 11:57:39 +0200
+Subject: Fix boundary checking in base-256 decoder
+* src/list.c (from_header): Base-256 encoding is at least 2 bytes
+long.
+Upstream-Status: Backport [see reference below]
+CVE: CVE-2022-48303
+Reference to upstream patch:
+https://savannah.gnu.org/bugs/?62387
+https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
+Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ src/list.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
+(limited to 'src/list.c')
+diff --git a/src/list.c b/src/list.c
+index 9fafc42..86bcfdd 100644
+--- a/src/list.c
+++ b/src/list.c
+@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type,
+          where++;
+        }
+     }
+-  else if (*where == '\200' /* positive base-256 */
+-          || *where == '\377' /* negative base-256 */)
+  else if (where <= lim - 2
+          && (*where == '\200' /* positive base-256 */
+              || *where == '\377' /* negative base-256 */))
+     {
+       /* Parse base-256 output.  A nonnegative number N is
+         represented as (256**DIGS)/2 + N; a negative number -N is
+-- 
+cgit v1.1
diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.34.bb
index 7307cd57a2..1ef5fe221e 100644
--- a/meta/recipes-extended/tar/tar_1.34.bb
+++ b/meta/recipes-extended/tar/tar_1.34.bb
@@ -6,7 +6,9 @@ SECTION = "base"
 LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2"
+SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
+           file://CVE-2022-48303.patch \
+"
 SRC_URI[sha256sum] = "b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff"

diff --git a/meta/recipes-extended/tar/tar/CVE-2022-48303.patch b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch new file mode 100644 index 0000000000..b2f40f3e64 --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
@@ -0,0 +1,43 @@
		1	From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
		2	From: Sergey Poznyakoff <gray@gnu.org>
		3	Date: Sat, 11 Feb 2023 11:57:39 +0200
		4	Subject: Fix boundary checking in base-256 decoder
		5
		6	* src/list.c (from_header): Base-256 encoding is at least 2 bytes
		7	long.
		8
		9	Upstream-Status: Backport [see reference below]
		10	CVE: CVE-2022-48303
		11
		12	Reference to upstream patch:
		13	https://savannah.gnu.org/bugs/?62387
		14	https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
		15
		16	Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
		17	Signed-off-by: Joe Slater <joe.slater@windriver.com>
		18	---
		19	src/list.c \| 5 +++--
		20	1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
		21
		22
		23	(limited to 'src/list.c')
		24
		25	diff --git a/src/list.c b/src/list.c
		26	index 9fafc42..86bcfdd 100644
		27	--- a/src/list.c
		28	+++ b/src/list.c
		29	@@ -881,8 +881,9 @@ from_header (char const where0, size_t digs, char const type,
		30	where++;
		31	}
		32	}
		33	- else if (where == '\200' / positive base-256 */
		34	- \|\| where == '\377' / negative base-256 */)
		35	+ else if (where <= lim - 2
		36	+ && (where == '\200' / positive base-256 */
		37	+ \|\| where == '\377' / negative base-256 */))
		38	{
		39	/* Parse base-256 output. A nonnegative number N is
		40	represented as (256**DIGS)/2 + N; a negative number -N is
		41	--
		42	cgit v1.1
		43


diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.34.bb index 7307cd57a2..1ef5fe221e 100644 --- a/meta/recipes-extended/tar/tar_1.34.bb +++ b/meta/recipes-extended/tar/tar_1.34.bb
@@ -6,7 +6,9 @@ SECTION = "base"
6	LICENSE = "GPL-3.0-only"	6	LICENSE = "GPL-3.0-only"
7	LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"	7	LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
8		8
9	SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2"	9	SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
		10	file://CVE-2022-48303.patch \
		11	"
10		12
11	SRC_URI[sha256sum] = "b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff"	13	SRC_URI[sha256sum] = "b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff"
12		14