CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

libarchive: patch 3.8.3 security issue 2

Browse Source 
Pick patch [2] as listed in [1].

[1] https://github.com/libarchive/libarchive/releases/tag/v3.8.3
[2] https://github.com/libarchive/libarchive/pull/2768

(From OE-Core rev: efe032eef7034009f1202985b2036fc79e06bddf)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko 2025-11-22 23:16:53 +01:00 committed by Steve Sakoman
parent 03c1257cfd
commit 842fd60ebb
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
meta/recipes-extended/libarchive/libarchive/0001-Merge-pull-request-2768-from-Commandoss-master.patch Normal file
View File

@ -0,0 +1,28 @@
From 82b57a9740aa6d084edcf4592a3b8e49f63dec98 Mon Sep 17 00:00:00 2001
From: Tim Kientzle <kientzle@acm.org>
Date: Fri, 31 Oct 2025 22:07:19 -0700
Subject: [PATCH] Merge pull request #2768 from Commandoss/master
Fix for an out-of-bounds buffer overrun when using p[H_LEVEL_OFFSET]
(cherry picked from commit ce614c65246158bcb0dc1f9c1dce5a5af65f9827)
Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/82b57a9740aa6d084edcf4592a3b8e49f63dec98]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
libarchive/archive_read_support_format_lha.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
index 2a84ad9d..abf8b879 100644
--- a/libarchive/archive_read_support_format_lha.c
+++ b/libarchive/archive_read_support_format_lha.c
@@ -690,7 +690,7 @@ archive_read_format_lha_read_header(struct archive_read *a,
* a pathname and a symlink has '\' character, a directory
* separator in DOS/Windows. So we should convert it to '/'.
*/
- if (p[H_LEVEL_OFFSET] == 0)
+ if (lha->level == 0)
lha_replace_path_separator(lha, entry);
archive_entry_set_mode(entry, lha->mode);

1
meta/recipes-extended/libarchive/libarchive_3.7.9.bb
View File

@ -41,6 +41,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://0001-Merge-pull-request-2696-from-al3xtjames-mkstemp.patch \
file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \
file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \
file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \
"
UPSTREAM_CHECK_URI = "http://libarchive.org/"