Hi Steve, I have tested this and it seems the patch is working fine. I'm attaching the patch file as an attachment, please use this and let me know if that works.
It seems like something went wrong during sending using kpit email ID and currently using my gmail account I am facing the issues so I cannot send using gamil account. Also, attaching logs of do_patch task. Thanks, Best Regards, Ranjitsinh Rathod Technical Leader | | KPIT Technologies Ltd. Cellphone: +91-84606 92403 __________________________________________ KPIT<http://www.kpit.com/> | Follow us on LinkedIn<http://www.kpit.com/linkedin> [cid:824f139b-dc78-4d88-b54c-19031b89b310]<https://www.kpit.com/TheNewBrand> ________________________________ From: Steve Sakoman <st...@sakoman.com> Sent: Wednesday, September 7, 2022 4:48 AM To: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> Cc: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> Subject: Re: [OE-Core][dunfell][PATCH 1/2] libarchive: Fix CVE-2021-23177 issue Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Mon, Sep 5, 2022 at 3:06 AM Ranjitsinh Rathod via lists.openembedded.org <ranjitsinh.rathod=kpit....@lists.openembedded.org> wrote: > > Add patch to fix CVE-2021-23177 issue for libarchive > Link: > https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdeb.debian.org%2Fdebian%2Fpool%2Fmain%2Fliba%2Flibarchive%2Flibarchive_3.4.3-2%2Bdeb11u1.debian.tar.xz&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500145401%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TkHxhOMThtixBaY%2FBNYDPPje1vMASk3%2FPNdQAoHQd7o%3D&reserved=0 Fails to build with this patch: NOTE: Applying patch 'CVE-2021-23177.patch' (../meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch) ERROR: Applying patch 'CVE-2021-23177.patch' on target directory 'TOPDIR/tmp/work/x86_64-linux/libarchive-native/3.4.2-r0/libarchive-3.4.2' Command Error: 'quilt --quiltrc TOPDIR/tmp/work/x86_64-linux/libarchive-native/3.4.2-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output: Applying patch CVE-2021-23177.patch patching file libarchive/archive_disk_acl_freebsd.c Hunk #1 succeeded at 319 with fuzz 1. Hunk #2 FAILED at 364. Hunk #3 FAILED at 542. Hunk #4 FAILED at 677. Hunk #5 FAILED at 693. 4 out of 5 hunks FAILED -- rejects in file libarchive/archive_disk_acl_freebsd.c patching file libarchive/archive_disk_acl_linux.c Hunk #1 FAILED at 343. Hunk #2 succeeded at 455 with fuzz 1. Hunk #3 FAILED at 488. Hunk #4 FAILED at 727. 3 out of 4 hunks FAILED -- rejects in file libarchive/archive_disk_acl_linux.c patching file libarchive/archive_disk_acl_sunos.c Hunk #1 succeeded at 443 with fuzz 1. Hunk #2 FAILED at 467. Hunk #3 FAILED at 492. Hunk #4 FAILED at 801. Hunk #5 FAILED at 810. 4 out of 5 hunks FAILED -- rejects in file libarchive/archive_disk_acl_sunos.c Patch CVE-2021-23177.patch does not apply (enforce with -f) DEBUG: Python function patch_do_patch finished DEBUG: Python function do_patch finished I'm going to drop both patches in the series and await a v2. Steve > Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> > --- > .../libarchive/CVE-2021-23177.patch | 183 ++++++++++++++++++ > .../libarchive/libarchive_3.4.2.bb | 1 + > 2 files changed, 184 insertions(+) > create mode 100644 > meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch > > diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch > b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch > new file mode 100644 > index 0000000000..555c7a47f7 > --- /dev/null > +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch > @@ -0,0 +1,183 @@ > +Description: Fix handling of symbolic link ACLs > + Published as CVE-2021-23177 > +Origin: upstream, > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibarchive%2Flibarchive%2Fcommit%2Ffba4f123cc456d2b2538f811bb831483bf336bad&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500145401%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gvioBQMQ2EoCWnEZqMzDGb2QP3Cpe0nyt8nHZXDXbCU%3D&reserved=0 > +Bug-Debian: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.debian.org%2F1001986&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500301630%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AZAP5EPxLqEOTWQrrQqBLKB28h2F%2FzfnHrM9DdecYVo%3D&reserved=0 > +Author: Martin Matuska <mar...@matuska.org> > +Last-Updated: 2021-12-20 > + > +CVE: CVE-2021-23177 > +Upstream-Status: Backport > [https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdeb.debian.org%2Fdebian%2Fpool%2Fmain%2Fliba%2Flibarchive%2Flibarchive_3.4.3-2%2Bdeb11u1.debian.tar.xz&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500301630%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pAVwJEG5suJZAifS75UoFBNUHSmX08PffM0957Y8W00%3D&reserved=0] > +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> > + > +--- a/libarchive/archive_disk_acl_freebsd.c > ++++ b/libarchive/archive_disk_acl_freebsd.c > +@@ -319,7 +319,7 @@ > + > + static int > + set_acl(struct archive *a, int fd, const char *name, > +- struct archive_acl *abstract_acl, > ++ struct archive_acl *abstract_acl, __LA_MODE_T mode, > + int ae_requested_type, const char *tname) > + { > + int acl_type = 0; > +@@ -364,6 +364,13 @@ > + return (ARCHIVE_FAILED); > + } > + > ++ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) { > ++ errno = EINVAL; > ++ archive_set_error(a, errno, > ++ "Cannot set default ACL on non-directory"); > ++ return (ARCHIVE_WARN); > ++ } > ++ > + acl = acl_init(entries); > + if (acl == (acl_t)NULL) { > + archive_set_error(a, errno, > +@@ -542,7 +549,10 @@ > + else if (acl_set_link_np(name, acl_type, acl) != 0) > + #else > + /* FreeBSD older than 8.0 */ > +- else if (acl_set_file(name, acl_type, acl) != 0) > ++ else if (S_ISLNK(mode)) { > ++ /* acl_set_file() follows symbolic links, skip */ > ++ ret = ARCHIVE_OK; > ++ } else if (acl_set_file(name, acl_type, acl) != 0) > + #endif > + { > + if (errno == EOPNOTSUPP) { > +@@ -677,14 +687,14 @@ > + & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) { > + if ((archive_acl_types(abstract_acl) > + & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) { > +- ret = set_acl(a, fd, name, abstract_acl, > ++ ret = set_acl(a, fd, name, abstract_acl, mode, > + ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access"); > + if (ret != ARCHIVE_OK) > + return (ret); > + } > + if ((archive_acl_types(abstract_acl) > + & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0) > +- ret = set_acl(a, fd, name, abstract_acl, > ++ ret = set_acl(a, fd, name, abstract_acl, mode, > + ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default"); > + > + /* Simultaneous POSIX.1e and NFSv4 is not supported */ > +@@ -693,7 +703,7 @@ > + #if ARCHIVE_ACL_FREEBSD_NFS4 > + else if ((archive_acl_types(abstract_acl) & > + ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) { > +- ret = set_acl(a, fd, name, abstract_acl, > ++ ret = set_acl(a, fd, name, abstract_acl, mode, > + ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4"); > + } > + #endif > +--- a/libarchive/archive_disk_acl_linux.c > ++++ b/libarchive/archive_disk_acl_linux.c > +@@ -343,6 +343,11 @@ > + return (ARCHIVE_FAILED); > + } > + > ++ if (S_ISLNK(mode)) { > ++ /* Linux does not support RichACLs on symbolic links */ > ++ return (ARCHIVE_OK); > ++ } > ++ > + richacl = richacl_alloc(entries); > + if (richacl == NULL) { > + archive_set_error(a, errno, > +@@ -455,7 +460,7 @@ > + #if ARCHIVE_ACL_LIBACL > + static int > + set_acl(struct archive *a, int fd, const char *name, > +- struct archive_acl *abstract_acl, > ++ struct archive_acl *abstract_acl, __LA_MODE_T mode, > + int ae_requested_type, const char *tname) > + { > + int acl_type = 0; > +@@ -488,6 +493,18 @@ > + return (ARCHIVE_FAILED); > + } > + > ++ if (S_ISLNK(mode)) { > ++ /* Linux does not support ACLs on symbolic links */ > ++ return (ARCHIVE_OK); > ++ } > ++ > ++ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) { > ++ errno = EINVAL; > ++ archive_set_error(a, errno, > ++ "Cannot set default ACL on non-directory"); > ++ return (ARCHIVE_WARN); > ++ } > ++ > + acl = acl_init(entries); > + if (acl == (acl_t)NULL) { > + archive_set_error(a, errno, > +@@ -727,14 +744,14 @@ > + & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) { > + if ((archive_acl_types(abstract_acl) > + & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) { > +- ret = set_acl(a, fd, name, abstract_acl, > ++ ret = set_acl(a, fd, name, abstract_acl, mode, > + ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access"); > + if (ret != ARCHIVE_OK) > + return (ret); > + } > + if ((archive_acl_types(abstract_acl) > + & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0) > +- ret = set_acl(a, fd, name, abstract_acl, > ++ ret = set_acl(a, fd, name, abstract_acl, mode, > + ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default"); > + } > + #endif /* ARCHIVE_ACL_LIBACL */ > +--- a/libarchive/archive_disk_acl_sunos.c > ++++ b/libarchive/archive_disk_acl_sunos.c > +@@ -443,7 +443,7 @@ > + > + static int > + set_acl(struct archive *a, int fd, const char *name, > +- struct archive_acl *abstract_acl, > ++ struct archive_acl *abstract_acl, __LA_MODE_T mode, > + int ae_requested_type, const char *tname) > + { > + aclent_t *aclent; > +@@ -467,7 +467,6 @@ > + if (entries == 0) > + return (ARCHIVE_OK); > + > +- > + switch (ae_requested_type) { > + case ARCHIVE_ENTRY_ACL_TYPE_POSIX1E: > + cmd = SETACL; > +@@ -492,6 +491,12 @@ > + return (ARCHIVE_FAILED); > + } > + > ++ if (S_ISLNK(mode)) { > ++ /* Skip ACLs on symbolic links */ > ++ ret = ARCHIVE_OK; > ++ goto exit_free; > ++ } > ++ > + e = 0; > + > + while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type, > +@@ -801,7 +806,7 @@ > + if ((archive_acl_types(abstract_acl) > + & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) { > + /* Solaris writes POSIX.1e access and default ACLs together */ > +- ret = set_acl(a, fd, name, abstract_acl, > ++ ret = set_acl(a, fd, name, abstract_acl, mode, > + ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, "posix1e"); > + > + /* Simultaneous POSIX.1e and NFSv4 is not supported */ > +@@ -810,7 +815,7 @@ > + #if ARCHIVE_ACL_SUNOS_NFS4 > + else if ((archive_acl_types(abstract_acl) & > + ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) { > +- ret = set_acl(a, fd, name, abstract_acl, > ++ ret = set_acl(a, fd, name, abstract_acl, mode, > + ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4"); > + } > + #endif > diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb > b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb > index b7426a1be8..d8ed80686b 100644 > --- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb > +++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb > @@ -36,6 +36,7 @@ SRC_URI = > "https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flibarchive.org%2Fdownloads%2Flibarchive-%24&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500301630%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6E6NPIoer6lLtmIy%2BfJes9X%2Bb9c8LMcP4rJqEWMh9AE%3D&reserved=0{PV}.tar.gz > \ > file://CVE-2021-36976-1.patch \ > file://CVE-2021-36976-2.patch \ > file://CVE-2021-36976-3.patch \ > + file://CVE-2021-23177.patch \ > " > > SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451" > -- > 2.17.1 > > This message contains information that may be privileged or confidential and > is the property of the KPIT Technologies Ltd. It is intended only for the > person to whom it is addressed. If you are not the intended recipient, you > are not authorized to read, print, retain copy, disseminate, distribute, or > use this message or any part thereof. If you receive this message in error, > please notify the sender immediately and delete all copies of this message. > KPIT Technologies Ltd. does not accept any liability for virus infected mails. > > > This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
From 17a981ae4d483a669b92733aaa0b86e9d980b060 Mon Sep 17 00:00:00 2001 From: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> Date: Tue, 30 Aug 2022 15:27:47 +0530 Subject: [PATCH 2/2] libarchive: Fix CVE-2021-31566 issue Add patch to fix CVE-2021-31566 issue for libarchive Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> --- .../libarchive/CVE-2021-31566-01.patch | 23 +++ .../libarchive/CVE-2021-31566-02.patch | 172 ++++++++++++++++++ .../libarchive/libarchive_3.4.2.bb | 2 + 3 files changed, 197 insertions(+) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch new file mode 100644 index 0000000000..c4a2fb612c --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch @@ -0,0 +1,23 @@ +Description: Never follow symlinks when setting file flags on Linux + Published as CVE-2021-31566 +Origin: upstream, https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b +Bug-Debian: https://bugs.debian.org/1001990 +Author: Martin Matuska <mar...@matuska.org> +Last-Update: 2021-12-20 + +CVE: CVE-2021-31566 +Upstream-Status: Backport [http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> + +--- a/libarchive/archive_write_disk_posix.c ++++ b/libarchive/archive_write_disk_posix.c +@@ -3927,7 +3927,8 @@ + + /* If we weren't given an fd, open it ourselves. */ + if (myfd < 0) { +- myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC); ++ myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | ++ O_CLOEXEC | O_NOFOLLOW); + __archive_ensure_cloexec_flag(myfd); + } + if (myfd < 0) diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch new file mode 100644 index 0000000000..0dfcd1ac5c --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch @@ -0,0 +1,172 @@ +Description: Do not follow symlinks when processing the fixup list + Published as CVE-2021-31566 +Origin: upstream, https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 +Bug-Debian: https://bugs.debian.org/1001990 +Author: Martin Matuska <mar...@matuska.org> +Last-Update: 2021-12-20 + +CVE: CVE-2021-31566 +Upstream-Status: Backport [http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> + +--- a/Makefile.am ++++ b/Makefile.am +@@ -556,6 +556,7 @@ + libarchive/test/test_write_disk.c \ + libarchive/test/test_write_disk_appledouble.c \ + libarchive/test/test_write_disk_failures.c \ ++ libarchive/test/test_write_disk_fixup.c \ + libarchive/test/test_write_disk_hardlink.c \ + libarchive/test/test_write_disk_hfs_compression.c \ + libarchive/test/test_write_disk_lookup.c \ +--- a/libarchive/archive_write_disk_posix.c ++++ b/libarchive/archive_write_disk_posix.c +@@ -2461,6 +2461,7 @@ + { + struct archive_write_disk *a = (struct archive_write_disk *)_a; + struct fixup_entry *next, *p; ++ struct stat st; + int fd, ret; + + archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, +@@ -2478,6 +2479,20 @@ + (TODO_TIMES | TODO_MODE_BASE | TODO_ACLS | TODO_FFLAGS)) { + fd = open(p->name, + O_WRONLY | O_BINARY | O_NOFOLLOW | O_CLOEXEC); ++ if (fd == -1) { ++ /* If we cannot lstat, skip entry */ ++ if (lstat(p->name, &st) != 0) ++ goto skip_fixup_entry; ++ /* ++ * If we deal with a symbolic link, mark ++ * it in the fixup mode to ensure no ++ * modifications are made to its target. ++ */ ++ if (S_ISLNK(st.st_mode)) { ++ p->mode &= ~S_IFMT; ++ p->mode |= S_IFLNK; ++ } ++ } + } + if (p->fixup & TODO_TIMES) { + set_times(a, fd, p->mode, p->name, +@@ -2492,7 +2507,12 @@ + fchmod(fd, p->mode); + else + #endif +- chmod(p->name, p->mode); ++#ifdef HAVE_LCHMOD ++ lchmod(p->name, p->mode); ++#else ++ if (!S_ISLNK(p->mode)) ++ chmod(p->name, p->mode); ++#endif + } + if (p->fixup & TODO_ACLS) + archive_write_disk_set_acls(&a->archive, fd, +@@ -2503,6 +2523,7 @@ + if (p->fixup & TODO_MAC_METADATA) + set_mac_metadata(a, p->name, p->mac_metadata, + p->mac_metadata_size); ++skip_fixup_entry: + next = p->next; + archive_acl_clear(&p->acl); + free(p->mac_metadata); +@@ -2643,6 +2664,7 @@ + fe->next = a->fixup_list; + a->fixup_list = fe; + fe->fixup = 0; ++ fe->mode = 0; + fe->name = strdup(pathname); + return (fe); + } +--- a/libarchive/test/CMakeLists.txt ++++ b/libarchive/test/CMakeLists.txt +@@ -208,6 +208,7 @@ + test_write_disk.c + test_write_disk_appledouble.c + test_write_disk_failures.c ++ test_write_disk_fixup.c + test_write_disk_hardlink.c + test_write_disk_hfs_compression.c + test_write_disk_lookup.c +--- /dev/null ++++ b/libarchive/test/test_write_disk_fixup.c +@@ -0,0 +1,77 @@ ++/*- ++ * Copyright (c) 2021 Martin Matuska ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++ ++/* ++ * Test fixup entries don't follow symlinks ++ */ ++DEFINE_TEST(test_write_disk_fixup) ++{ ++ struct archive *ad; ++ struct archive_entry *ae; ++ int r; ++ ++ if (!canSymlink()) { ++ skipping("Symlinks not supported"); ++ return; ++ } ++ ++ /* Write entries to disk. */ ++ assert((ad = archive_write_disk_new()) != NULL); ++ ++ /* ++ * Create a file ++ */ ++ assertMakeFile("victim", 0600, "a"); ++ ++ /* ++ * Create a directory and a symlink with the same name ++ */ ++ ++ /* Directory: dir */ ++ assert((ae = archive_entry_new()) != NULL); ++ archive_entry_copy_pathname(ae, "dir"); ++ archive_entry_set_mode(ae, AE_IFDIR | 0606); ++ assertEqualIntA(ad, 0, archive_write_header(ad, ae)); ++ assertEqualIntA(ad, 0, archive_write_finish_entry(ad)); ++ archive_entry_free(ae); ++ ++ /* Symbolic Link: dir -> foo */ ++ assert((ae = archive_entry_new()) != NULL); ++ archive_entry_copy_pathname(ae, "dir"); ++ archive_entry_set_mode(ae, AE_IFLNK | 0777); ++ archive_entry_set_size(ae, 0); ++ archive_entry_copy_symlink(ae, "victim"); ++ assertEqualIntA(ad, 0, r = archive_write_header(ad, ae)); ++ if (r >= ARCHIVE_WARN) ++ assertEqualIntA(ad, 0, archive_write_finish_entry(ad)); ++ archive_entry_free(ae); ++ ++ assertEqualInt(ARCHIVE_OK, archive_write_free(ad)); ++ ++ /* Test the entries on disk. */ ++ assertIsSymlink("dir", "victim", 0); ++ assertFileMode("victim", 0600); ++} diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb index d8ed80686b..7d2e7b711b 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb @@ -37,6 +37,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://CVE-2021-36976-2.patch \ file://CVE-2021-36976-3.patch \ file://CVE-2021-23177.patch \ + file://CVE-2021-31566-01.patch \ + file://CVE-2021-31566-02.patch \ " SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451" -- 2.17.1
From e3aa79ec376e3441218a6be9606c3afbf86d1fe4 Mon Sep 17 00:00:00 2001 From: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> Date: Tue, 30 Aug 2022 15:22:18 +0530 Subject: [PATCH 1/2] libarchive: Fix CVE-2021-23177 issue Add patch to fix CVE-2021-23177 issue for libarchive Link: http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> --- .../libarchive/CVE-2021-23177.patch | 183 ++++++++++++++++++ .../libarchive/libarchive_3.4.2.bb | 1 + 2 files changed, 184 insertions(+) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch new file mode 100644 index 0000000000..555c7a47f7 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch @@ -0,0 +1,183 @@ +Description: Fix handling of symbolic link ACLs + Published as CVE-2021-23177 +Origin: upstream, https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad +Bug-Debian: https://bugs.debian.org/1001986 +Author: Martin Matuska <mar...@matuska.org> +Last-Updated: 2021-12-20 + +CVE: CVE-2021-23177 +Upstream-Status: Backport [http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> + +--- a/libarchive/archive_disk_acl_freebsd.c ++++ b/libarchive/archive_disk_acl_freebsd.c +@@ -319,7 +319,7 @@ + + static int + set_acl(struct archive *a, int fd, const char *name, +- struct archive_acl *abstract_acl, ++ struct archive_acl *abstract_acl, __LA_MODE_T mode, + int ae_requested_type, const char *tname) + { + int acl_type = 0; +@@ -364,6 +364,13 @@ + return (ARCHIVE_FAILED); + } + ++ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) { ++ errno = EINVAL; ++ archive_set_error(a, errno, ++ "Cannot set default ACL on non-directory"); ++ return (ARCHIVE_WARN); ++ } ++ + acl = acl_init(entries); + if (acl == (acl_t)NULL) { + archive_set_error(a, errno, +@@ -542,7 +549,10 @@ + else if (acl_set_link_np(name, acl_type, acl) != 0) + #else + /* FreeBSD older than 8.0 */ +- else if (acl_set_file(name, acl_type, acl) != 0) ++ else if (S_ISLNK(mode)) { ++ /* acl_set_file() follows symbolic links, skip */ ++ ret = ARCHIVE_OK; ++ } else if (acl_set_file(name, acl_type, acl) != 0) + #endif + { + if (errno == EOPNOTSUPP) { +@@ -677,14 +687,14 @@ + & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) { + if ((archive_acl_types(abstract_acl) + & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) { +- ret = set_acl(a, fd, name, abstract_acl, ++ ret = set_acl(a, fd, name, abstract_acl, mode, + ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access"); + if (ret != ARCHIVE_OK) + return (ret); + } + if ((archive_acl_types(abstract_acl) + & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0) +- ret = set_acl(a, fd, name, abstract_acl, ++ ret = set_acl(a, fd, name, abstract_acl, mode, + ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default"); + + /* Simultaneous POSIX.1e and NFSv4 is not supported */ +@@ -693,7 +703,7 @@ + #if ARCHIVE_ACL_FREEBSD_NFS4 + else if ((archive_acl_types(abstract_acl) & + ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) { +- ret = set_acl(a, fd, name, abstract_acl, ++ ret = set_acl(a, fd, name, abstract_acl, mode, + ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4"); + } + #endif +--- a/libarchive/archive_disk_acl_linux.c ++++ b/libarchive/archive_disk_acl_linux.c +@@ -343,6 +343,11 @@ + return (ARCHIVE_FAILED); + } + ++ if (S_ISLNK(mode)) { ++ /* Linux does not support RichACLs on symbolic links */ ++ return (ARCHIVE_OK); ++ } ++ + richacl = richacl_alloc(entries); + if (richacl == NULL) { + archive_set_error(a, errno, +@@ -455,7 +460,7 @@ + #if ARCHIVE_ACL_LIBACL + static int + set_acl(struct archive *a, int fd, const char *name, +- struct archive_acl *abstract_acl, ++ struct archive_acl *abstract_acl, __LA_MODE_T mode, + int ae_requested_type, const char *tname) + { + int acl_type = 0; +@@ -488,6 +493,18 @@ + return (ARCHIVE_FAILED); + } + ++ if (S_ISLNK(mode)) { ++ /* Linux does not support ACLs on symbolic links */ ++ return (ARCHIVE_OK); ++ } ++ ++ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) { ++ errno = EINVAL; ++ archive_set_error(a, errno, ++ "Cannot set default ACL on non-directory"); ++ return (ARCHIVE_WARN); ++ } ++ + acl = acl_init(entries); + if (acl == (acl_t)NULL) { + archive_set_error(a, errno, +@@ -727,14 +744,14 @@ + & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) { + if ((archive_acl_types(abstract_acl) + & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) { +- ret = set_acl(a, fd, name, abstract_acl, ++ ret = set_acl(a, fd, name, abstract_acl, mode, + ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access"); + if (ret != ARCHIVE_OK) + return (ret); + } + if ((archive_acl_types(abstract_acl) + & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0) +- ret = set_acl(a, fd, name, abstract_acl, ++ ret = set_acl(a, fd, name, abstract_acl, mode, + ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default"); + } + #endif /* ARCHIVE_ACL_LIBACL */ +--- a/libarchive/archive_disk_acl_sunos.c ++++ b/libarchive/archive_disk_acl_sunos.c +@@ -443,7 +443,7 @@ + + static int + set_acl(struct archive *a, int fd, const char *name, +- struct archive_acl *abstract_acl, ++ struct archive_acl *abstract_acl, __LA_MODE_T mode, + int ae_requested_type, const char *tname) + { + aclent_t *aclent; +@@ -467,7 +467,6 @@ + if (entries == 0) + return (ARCHIVE_OK); + +- + switch (ae_requested_type) { + case ARCHIVE_ENTRY_ACL_TYPE_POSIX1E: + cmd = SETACL; +@@ -492,6 +491,12 @@ + return (ARCHIVE_FAILED); + } + ++ if (S_ISLNK(mode)) { ++ /* Skip ACLs on symbolic links */ ++ ret = ARCHIVE_OK; ++ goto exit_free; ++ } ++ + e = 0; + + while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type, +@@ -801,7 +806,7 @@ + if ((archive_acl_types(abstract_acl) + & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) { + /* Solaris writes POSIX.1e access and default ACLs together */ +- ret = set_acl(a, fd, name, abstract_acl, ++ ret = set_acl(a, fd, name, abstract_acl, mode, + ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, "posix1e"); + + /* Simultaneous POSIX.1e and NFSv4 is not supported */ +@@ -810,7 +815,7 @@ + #if ARCHIVE_ACL_SUNOS_NFS4 + else if ((archive_acl_types(abstract_acl) & + ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) { +- ret = set_acl(a, fd, name, abstract_acl, ++ ret = set_acl(a, fd, name, abstract_acl, mode, + ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4"); + } + #endif diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb index b7426a1be8..d8ed80686b 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb @@ -36,6 +36,7 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://CVE-2021-36976-1.patch \ file://CVE-2021-36976-2.patch \ file://CVE-2021-36976-3.patch \ + file://CVE-2021-23177.patch \ " SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451" -- 2.17.1
log.do_fetch.7706
Description: log.do_fetch.7706
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#170386): https://lists.openembedded.org/g/openembedded-core/message/170386 Mute This Topic: https://lists.openembedded.org/mt/93477934/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-