diff mbox series

[poky,scarthgap,2/2] libarchive: Ignore CVE-2026-5745

Message ID 20260522065023.1084981-2-bhabu.bindu@kpit.com
State New
Headers show
Series [poky,scarthgap,1/2] libarchive: Fix CVE-2026-5121 | expand

Commit Message

Bhabu Bindu May 22, 2026, 6:50 a.m. UTC 
Ignore CVE-2026-5745 as libarcihive maintainer rejected CVE-2026-5745.
This is reproducible only with UBSAN, using with
'-fsanitize=pointer-overflow -fsanitize-trap=pointer-overflow'.
The root cause remains a UBSAN violation, not a NULL pointer dereference

https://github.com/libarchive/libarchive/issues/2904#issuecomment-4257068822

Signed-off-by: Sana Kazi <Sana.Kazi@bmwtechworks.in>
---
 meta/recipes-extended/libarchive/libarchive_3.7.9.bb | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb b/meta/recipes-extended/libarchive/libarchive_3.7.9.bb
index 6b31256960..e402a485b3 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.7.9.bb
@@ -80,4 +80,9 @@  ALTERNATIVE:bsdcpio = "cpio"
 ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
 ALTERNATIVE_TARGET[cpio] = "${bindir}/bsdcpio"
 
+python() {
+    if not bb.utils.filter('CFLAGS', '-fsanitize=pointer-overflow -fsanitize-trap=pointer-overflow', d):
+        d.setVarFlag("CVE_STATUS", "CVE-2026-5745", "not-applicable-config: sanitize is disabled")
+}
+
 BBCLASSEXTEND = "native nativesdk"