| Message ID | 20250825161000.2593497-1-peter.marko@siemens.com |
|---|---|
| State | Superseded |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [kirkstone] ibarchive: patch regression of patch for CVE-2025-5918 | expand |
On Mon, Aug 25, 2025 at 6:10 PM Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > > From: Peter Marko <peter.marko@siemens.com> > > Picked commit per [1]. > > [1] https://security-tracker.debian.org/tracker/CVE-2025-5918 > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > ...2025-5918.patch => CVE-2025-5918-01.patch} | 0 > .../libarchive/CVE-2025-5918-02.patch | 51 +++++++++++++++++++ > .../libarchive/libarchive_3.6.2.bb | 3 +- > 3 files changed, 53 insertions(+), 1 deletion(-) Small nitpick, but the first character is missing in subject (which makes it harder to find in git log).
> -----Original Message----- > From: Martin Jansa <martin.jansa@gmail.com> > Sent: Monday, August 25, 2025 18:13 > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> > Cc: openembedded-core@lists.openembedded.org > Subject: Re: [OE-core][kirkstone][PATCH] ibarchive: patch regression of patch for > CVE-2025-5918 > > On Mon, Aug 25, 2025 at 6:10 PM Peter Marko via lists.openembedded.org > <peter.marko=siemens.com@lists.openembedded.org> wrote: > > > > From: Peter Marko <peter.marko@siemens.com> > > > > > Picked commit per [1]. > > > > [1] https://security-tracker.debian.org/tracker/CVE-2025-5918 > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > > --- > > ...2025-5918.patch => CVE-2025-5918-01.patch} | 0 > > .../libarchive/CVE-2025-5918-02.patch | 51 +++++++++++++++++++ > > .../libarchive/libarchive_3.6.2.bb | 3 +- > > 3 files changed, 53 insertions(+), 1 deletion(-) > > Small nitpick, but the first character is missing in subject (which > makes it harder to find in git log). Thanks for noticing. Resent now with correct subject. Peter
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-01.patch similarity index 100% rename from meta/recipes-extended/libarchive/libarchive/CVE-2025-5918.patch rename to meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-01.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch new file mode 100644 index 0000000000..223cd01c0d --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5918-02.patch @@ -0,0 +1,51 @@ +From 51b4c35bb38b7df4af24de7f103863dd79129b01 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Tue, 27 May 2025 17:09:12 +0200 +Subject: [PATCH] Fix FILE_skip regression + +The fseek* family of functions return 0 on success, not the new offset. +This is only true for lseek. + +Fixes https://github.com/libarchive/libarchive/issues/2641 +Fixes dcbf1e0ededa95849f098d154a25876ed5754bcf + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> + +CVE: CVE-2025-5918 +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/51b4c35bb38b7df4af24de7f103863dd79129b01] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + libarchive/archive_read_open_file.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/libarchive/archive_read_open_file.c b/libarchive/archive_read_open_file.c +index 6ed18a0c..742923ab 100644 +--- a/libarchive/archive_read_open_file.c ++++ b/libarchive/archive_read_open_file.c +@@ -133,7 +133,7 @@ FILE_skip(struct archive *a, void *client_data, int64_t request) + #else + long skip = (long)request; + #endif +- int64_t old_offset, new_offset; ++ int64_t old_offset, new_offset = -1; + int skip_bits = sizeof(skip) * 8 - 1; + + (void)a; /* UNUSED */ +@@ -171,11 +171,14 @@ FILE_skip(struct archive *a, void *client_data, int64_t request) + #ifdef __ANDROID__ + new_offset = lseek(fileno(mine->f), skip, SEEK_CUR); + #elif HAVE__FSEEKI64 +- new_offset = _fseeki64(mine->f, skip, SEEK_CUR); ++ if (_fseeki64(mine->f, skip, SEEK_CUR) == 0) ++ new_offset = _ftelli64(mine->f); + #elif HAVE_FSEEKO +- new_offset = fseeko(mine->f, skip, SEEK_CUR); ++ if (fseeko(mine->f, skip, SEEK_CUR) == 0) ++ new_offset = ftello(mine->f); + #else +- new_offset = fseek(mine->f, skip, SEEK_CUR); ++ if (fseek(mine->f, skip, SEEK_CUR) == 0) ++ new_offset = ftell(mine->f); + #endif + if (new_offset >= 0) + return (new_offset - old_offset); diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index bfd4df8ad1..65b4649147 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -41,7 +41,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://CVE-2025-5917.patch \ file://0001-FILE-seeking-support-2539.patch \ file://0001-Improve-lseek-handling-2564.patch \ - file://CVE-2025-5918.patch \ + file://CVE-2025-5918-01.patch \ + file://CVE-2025-5918-02.patch \ " UPSTREAM_CHECK_URI = "http://libarchive.org/"