MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

libarchive: fix CVE-2025-5914

Browse Source 
Adds patch to backport fix for CVE-2025-5914.

(From OE-Core rev: ba5c5ca00d31d6440a1d810f7ef19720019845e8)

Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Colin Pinnell McAllister 2025-06-30 09:15:15 -05:00 committed by Steve Sakoman
parent f53d6b5b2f
commit 55ab739f17
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
meta/recipes-extended/libarchive/libarchive/CVE-2025-5914.patch Normal file
View File

@ -0,0 +1,46 @@
From 72a83b2885c31254687702e3a8429e3e0523221c Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <stoeckmann@users.noreply.github.com>
Date: Sun, 11 May 2025 02:17:19 +0200
Subject: [PATCH] rar: Fix double free with over 4 billion nodes (#2598)
If a system is capable of handling 4 billion nodes in memory, a double
free could occur because of an unsigned integer overflow leading to a
realloc call with size argument of 0. Eventually, the client will
release that memory again, triggering a double free.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
CVE: CVE-2025-5914
Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/09685126fcec664e2b8ca595e1fc371bd494d209]
Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
---
libarchive/archive_read_support_format_rar.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index 9d155c66..9eb3c848 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -335,8 +335,8 @@ struct rar
int found_first_header;
char has_endarc_header;
struct data_block_offsets *dbo;
- unsigned int cursor;
- unsigned int nodes;
+ size_t cursor;
+ size_t nodes;
char filename_must_match;
/* LZSS members */
@@ -1186,7 +1186,7 @@ archive_read_format_rar_seek_data(struct archive_read *a, int64_t offset,
int whence)
{
int64_t client_offset, ret;
- unsigned int i;
+ size_t i;
struct rar *rar = (struct rar *)(a->format->data);
if (rar->compression_method == COMPRESS_METHOD_STORE)
--
2.49.0

4
meta/recipes-extended/libarchive/libarchive_3.7.9.bb
View File

@ -29,7 +29,9 @@ PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd,"
EXTRA_OECONF += "--enable-largefile --without-iconv"
SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz"
SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://CVE-2025-5914.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"