mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

libarchive: fix CVE-2025-60753 regression

Browse Source 
Pick patch from PR mentioned in v3.8.5 release notes.

(From OE-Core rev: c316c6e50e73a681c22fa03cdb59a0317495a418)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko
2026-01-10 14:06:19 +01:00
committed by Richard Purdie
parent 8df07c5662
commit b6ea3460e5
3 changed files with 48 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch → meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-01.patch
View File

46
meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch Normal file
View File

@@ -0,0 +1,46 @@
From cfb02de558d843dc5355c4aa2aeb4af49f88bdb9 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin@matuska.de>
Date: Mon, 8 Dec 2025 21:40:46 +0100
Subject: [PATCH] tar: fix off-bounds read resulting from #2787 (3150539ed)
CVE: CVE-2025-60753
Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/cfb02de558d843dc5355c4aa2aeb4af49f88bdb9]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
tar/subst.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/tar/subst.c b/tar/subst.c
index a466f653..53497ad0 100644
--- a/tar/subst.c
+++ b/tar/subst.c
@@ -237,7 +237,7 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
char isEnd = 0;
do {
- isEnd = *name == '\0';
+ isEnd = *name == '\0';
if (regexec(&rule->re, name, 10, matches, 0))
break;
@@ -293,13 +293,13 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
realloc_strcat(result, rule->result + j);
if (matches[0].rm_eo > 0) {
- name += matches[0].rm_eo;
- } else {
- // We skip a character because the match is 0-length
- // so we need to add it to the output
- realloc_strncat(result, name, 1);
- name += 1;
- }
+ name += matches[0].rm_eo;
+ } else if (!isEnd) {
+ // We skip a character because the match is 0-length
+ // so we need to add it to the output
+ realloc_strncat(result, name, 1);
+ name += 1;
+ }
} while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end
}

3
meta/recipes-extended/libarchive/libarchive_3.7.9.bb
View File

@@ -42,7 +42,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \ file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \
file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \ file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \
file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \ file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \
file://CVE-2025-60753.patch \ file://CVE-2025-60753-01.patch \
file://CVE-2025-60753-02.patch \
" "
UPSTREAM_CHECK_URI = "http://libarchive.org/" UPSTREAM_CHECK_URI = "http://libarchive.org/"