mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-11 09:49:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

libarchive: patch regression of patch for CVE-2025-5918

Browse Source 
Picked commit per [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-5918

(From OE-Core rev: c947e01b3c27e9f08dc55ee4939d5537318f12e3)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
2025-08-25 18:31:14 +02:00
committed by Steve Sakoman
parent ecef511127
commit 34ee6fc494
3 changed files with 53 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch → meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-01.patch
View File

51
meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch Normal file
View File

@@ -0,0 +1,51 @@
From 51b4c35bb38b7df4af24de7f103863dd79129b01 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Tue, 27 May 2025 17:09:12 +0200
Subject: [PATCH] Fix FILE_skip regression
The fseek* family of functions return 0 on success, not the new offset.
This is only true for lseek.
Fixes https://github.com/libarchive/libarchive/issues/2641
Fixes dcbf1e0ededa95849f098d154a25876ed5754bcf
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
CVE: CVE-2025-5918
Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/51b4c35bb38b7df4af24de7f103863dd79129b01]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
libarchive/archive_read_open_file.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/libarchive/archive_read_open_file.c b/libarchive/archive_read_open_file.c
index 6ed18a0c..742923ab 100644
--- a/libarchive/archive_read_open_file.c
+++ b/libarchive/archive_read_open_file.c
@@ -133,7 +133,7 @@ FILE_skip(struct archive *a, void *client_data, int64_t request)
#else
long skip = (long)request;
#endif
- int64_t old_offset, new_offset;
+ int64_t old_offset, new_offset = -1;
int skip_bits = sizeof(skip) * 8 - 1;
(void)a; /* UNUSED */
@@ -171,11 +171,14 @@ FILE_skip(struct archive *a, void *client_data, int64_t request)
#ifdef __ANDROID__
new_offset = lseek(fileno(mine->f), skip, SEEK_CUR);
#elif HAVE__FSEEKI64
- new_offset = _fseeki64(mine->f, skip, SEEK_CUR);
+ if (_fseeki64(mine->f, skip, SEEK_CUR) == 0)
+ new_offset = _ftelli64(mine->f);
#elif HAVE_FSEEKO
- new_offset = fseeko(mine->f, skip, SEEK_CUR);
+ if (fseeko(mine->f, skip, SEEK_CUR) == 0)
+ new_offset = ftello(mine->f);
#else
- new_offset = fseek(mine->f, skip, SEEK_CUR);
+ if (fseek(mine->f, skip, SEEK_CUR) == 0)
+ new_offset = ftell(mine->f);
#endif
if (new_offset >= 0)
return (new_offset - old_offset);

3
meta/recipes-extended/libarchive/libarchive_3.6.2.bb
View File

@@ -41,7 +41,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://CVE-2025-5917.patch \
file://0001-FILE-seeking-support-2539.patch \
file://0001-Improve-lseek-handling-2564.patch \
file://CVE-2025-5918.patch \
file://CVE-2025-5918-01.patch \
file://CVE-2025-5918-02.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"