[kirkstone] libarchive: CVE-2022-36227 NULL pointer dereference in archive_write.c

Upstream-Status: Backport from https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 .../libarchive/CVE-2022-36227.patch           | 41 +++++++++++++++++++
 .../libarchive/libarchive_3.6.1.bb            |  4 +-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2022-36227.patch

>
>
> +From afa85b75607649f3a89cb4d17cf3f003738d3576 Mon Sep 17 00:00:00 2001
> +From: Hitendra Prajapati <hprajapati@mvista.com>
> +Date: Fri, 2 Dec 2022 11:22:39 +0530
> +Subject: [PATCH] CVE-2022-36227
> +
> +Upstream-Status: Backport [
> https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5
> ]
> +CVE: CVE-2022-36227
>

Please don't change the Author of the patch when backporting something, the
original change says:

From bff38efe8c110469c5080d387bec62a6ca15b1a5 Mon Sep 17 00:00:00 2001
From: obiwac <obiwac@gmail.com>
Date: Fri, 22 Jul 2022 22:41:10 +0200
Subject: [PATCH] libarchive: Handle a `calloc` returning NULL (fixes #1754)

And you should keep it.

Also please check your e-mail, my previous 2 reply were returned with 550
(hopefully you might see them in the ML:
https://lists.openembedded.org/g/openembedded-core/message/174225
https://lists.openembedded.org/g/openembedded-core/message/174224
that might explain why you haven't noticed the answer from Steve).

 ** Address not found **

Your message wasn't delivered to hpprajapati@mvista.com because the address=
 couldn't be found, or is unable to receive mail.

Learn more here: https://support.google.com/mail/?p=3DNoSuchUser

The response was:

550 5.1.1 The email account that you tried to reach does not exist. Please =
try double-checking the recipient's email address for typos or unnecessary =
spaces. Learn more at https://support.google.com/mail/?p=3DNoSuchUser u6-20=
020adfc646000000b0024187597f81sor4016963wrg.5 - gsmtp

Hi Martin/Team,

Yes, I missed that part.

It is my mistake. I'm extremely sorry for that.

I'll correct the patch and resubmit.

Regards,
Hitendra Prajapati

On Fri, 2 Dec 2022, 1:19 pm Martin Jansa, <martin.jansa@gmail.com> wrote:

>
>> +From afa85b75607649f3a89cb4d17cf3f003738d3576 Mon Sep 17 00:00:00 2001
>> +From: Hitendra Prajapati <hprajapati@mvista.com>
>> +Date: Fri, 2 Dec 2022 11:22:39 +0530
>> +Subject: [PATCH] CVE-2022-36227
>> +
>> +Upstream-Status: Backport [
>> https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5
>> ]
>> +CVE: CVE-2022-36227
>>
>
> Please don't change the Author of the patch when backporting something,
> the original change says:
>
> From bff38efe8c110469c5080d387bec62a6ca15b1a5 Mon Sep 17 00:00:00 2001
> From: obiwac <obiwac@gmail.com>
> Date: Fri, 22 Jul 2022 22:41:10 +0200
> Subject: [PATCH] libarchive: Handle a `calloc` returning NULL (fixes #1754)
>
> And you should keep it.
>
> Also please check your e-mail, my previous 2 reply were returned with 550
> (hopefully you might see them in the ML:
> https://lists.openembedded.org/g/openembedded-core/message/174225
> https://lists.openembedded.org/g/openembedded-core/message/174224
> that might explain why you haven't noticed the answer from Steve).
>
>  ** Address not found **
>
> Your message wasn't delivered to hpprajapati@mvista.com because the
> address=
>  couldn't be found, or is unable to receive mail.
>
> Learn more here: https://support.google.com/mail/?p=3DNoSuchUser
>
> The response was:
>
> 550 5.1.1 The email account that you tried to reach does not exist. Please
> =
> try double-checking the recipient's email address for typos or unnecessary
> =
> spaces. Learn more at https://support.google.com/mail/?p=3DNoSuchUser
> u6-20=
> 020adfc646000000b0024187597f81sor4016963wrg.5 - gsmtp
>