commit libarchive for openSUSE:Factory

Source-Sync Wed, 12 Mar 2025 13:01:29 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libarchive for openSUSE:Factory 
checked in at 2025-03-12 15:20:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libarchive (Old)
 and      /work/SRC/openSUSE:Factory/.libarchive.new.19136 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libarchive"

Wed Mar 12 15:20:01 2025 rev:56 rq:1252112 version:3.7.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/libarchive/libarchive.changes    2025-02-27 
14:52:27.332286162 +0100
+++ /work/SRC/openSUSE:Factory/.libarchive.new.19136/libarchive.changes 
2025-03-12 15:20:06.152291741 +0100
@@ -1,0 +2,10 @@
+Tue Mar 11 15:54:34 UTC 2025 - Marius Grossu <[email protected]>
+
+- Fix CVE-2025-1632, null pointer dereference in bsdunzip.c
+  (CVE-2025-1632, bsc#1237606)
+  * CVE-2025-1632.patch
+- Fix CVE-2025-25724, Buffer Overflow vulnerability in libarchive
+  (CVE-2025-25724, bsc#1238610)
+  * CVE-2025-25724.patch 
+
+-------------------------------------------------------------------

New:
----
  CVE-2025-1632.patch
  CVE-2025-25724.patch

BETA DEBUG BEGIN:
  New:  (CVE-2025-1632, bsc#1237606)
  * CVE-2025-1632.patch
- Fix CVE-2025-25724, Buffer Overflow vulnerability in libarchive
  New:  (CVE-2025-25724, bsc#1238610)
  * CVE-2025-25724.patch 
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libarchive.spec ++++++
--- /var/tmp/diff_new_pack.CeuTtb/_old  2025-03-12 15:20:06.932324407 +0100
+++ /var/tmp/diff_new_pack.CeuTtb/_new  2025-03-12 15:20:06.936324574 +0100
@@ -43,6 +43,10 @@
 Patch1:         lib-suffix.patch
 # PATCH-FIX-UPSTREAM CVE-2024-57970.patch bsc#1237233 [email protected]
 Patch2:         CVE-2024-57970.patch
+# PATCH-FIX-UPSTREAM bsc#1238610 [email protected] CVE-2025-25724
+Patch3:         CVE-2025-25724.patch
+# PATCH-FIX-UPSTREAM bsc#1237606 [email protected] CVE-2025-1632
+Patch4:         CVE-2025-1632.patch
 BuildRequires:  cmake
 BuildRequires:  libacl-devel
 BuildRequires:  libbz2-devel

++++++ CVE-2025-1632.patch ++++++
>From 0a35ab97fae6fb9acecab46b570c14e3be1646e7 Mon Sep 17 00:00:00 2001
From: Peter Kaestle <[email protected]>
Date: Wed, 5 Mar 2025 15:34:44 +0100
Subject: [PATCH] unzip/bsdunzip.c: fix NULL ptr dereference issue inside
 list()

Fix CVE-2025-1632 by detecting NULL return of archive_entry_pathname()
and replacing it by "INVALID PATH" string.

Error poc: https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc

Signed-off-by: Peter Kaestle <[email protected]>
---
 unzip/bsdunzip.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/unzip/bsdunzip.c b/unzip/bsdunzip.c
index 7c8cafc3e..4a9028b79 100644
--- a/unzip/bsdunzip.c
+++ b/unzip/bsdunzip.c
@@ -876,6 +876,7 @@ list(struct archive *a, struct archive_entry *e)
        char buf[20];
        time_t mtime;
        struct tm *tm;
+       const char *pathname;
 
        mtime = archive_entry_mtime(e);
        tm = localtime(&mtime);
@@ -884,22 +885,25 @@ list(struct archive *a, struct archive_entry *e)
        else
                strftime(buf, sizeof(buf), "%m-%d-%g %R", tm);
 
+       pathname = archive_entry_pathname(e);
+       if (!pathname)
+               pathname = "";
        if (!zipinfo_mode) {
                if (v_opt == 1) {
                        printf(" %8ju  %s   %s\n",
                            (uintmax_t)archive_entry_size(e),
-                           buf, archive_entry_pathname(e));
+                           buf, pathname);
                } else if (v_opt == 2) {
                        printf("%8ju  Stored  %7ju   0%%  %s  %08x  %s\n",
                            (uintmax_t)archive_entry_size(e),
                            (uintmax_t)archive_entry_size(e),
                            buf,
                            0U,
-                           archive_entry_pathname(e));
+                           pathname);
                }
        } else {
                if (Z1_opt)
-                       printf("%s\n",archive_entry_pathname(e));
+                       printf("%s\n", pathname);
        }
        ac(archive_read_data_skip(a));
 }


++++++ CVE-2025-25724.patch ++++++
>From 6636f89f5fe08a20de3b2d034712c781d3a67985 Mon Sep 17 00:00:00 2001
From: Peter Kaestle <[email protected]>
Date: Wed, 5 Mar 2025 15:01:14 +0100
Subject: [PATCH] tar/util.c: fix NULL pointer dereference issue on strftime

Fix CVE-2025-25724 by detecting NULL return of localtime_r(&tim, &tmbuf),
which could happen in case tim is incredible big.

In case this error is triggered, put an "INVALID DATE" string into the
outbuf.

Error poc: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug

Signed-off-by: Peter Kaestle <[email protected]>
---
 tar/util.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tar/util.c b/tar/util.c
index 3b099cb5f..f3cbdf0bb 100644
--- a/tar/util.c
+++ b/tar/util.c
@@ -749,7 +749,10 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct 
archive_entry *entry)
 #else
        ltime = localtime(&tim);
 #endif
-       strftime(tmp, sizeof(tmp), fmt, ltime);
+       if (ltime)
+               strftime(tmp, sizeof(tmp), fmt, ltime);
+       else
+               sprintf(tmp, "-- -- ----");
        fprintf(out, " %s ", tmp);
        safe_fprintf(out, "%s", archive_entry_pathname(entry));

commit libarchive for openSUSE:Factory

Reply via email to