Skip to content

Commit 59d25ec

Browse files
CBL-Mariner-BotKanishk-Bansal
CBL-Mariner-Bot
and
Kanishk-Bansal
authored
[AUTO-CHERRYPICK] Patch libarchive for CVE-2025-25724 [Medium] - branch main (#12949)
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
1 parent 1b27711 commit 59d25ec

6 files changed

Lines changed: 51 additions & 11 deletions

File tree

SPECS/libarchive/CVE-2025-25724.patch

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
From 6636f89f5fe08a20de3b2d034712c781d3a67985 Mon Sep 17 00:00:00 2001
2+
From: Peter Kaestle <peter@piie.net>
3+
Date: Wed, 5 Mar 2025 15:01:14 +0100
4+
Subject: [PATCH] tar/util.c: fix NULL pointer dereference issue on strftime
5+
6+
Fix CVE-2025-25724 by detecting NULL return of localtime_r(&tim, &tmbuf),
7+
which could happen in case tim is incredible big.
8+
9+
In case this error is triggered, put an "INVALID DATE" string into the
10+
outbuf.
11+
12+
Error poc: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug
13+
14+
Upstream Reference : https://github.com/libarchive/libarchive/pull/2532/commits/6636f89f5fe08a20de3b2d034712c781d3a67985
15+
16+
Signed-off-by: Peter Kaestle <peter@piie.net>
17+
---
18+
tar/util.c | 5 ++++-
19+
1 file changed, 4 insertions(+), 1 deletion(-)
20+
21+
diff --git a/tar/util.c b/tar/util.c
22+
index 3b099cb5f..f3cbdf0bb 100644
23+
--- a/tar/util.c
24+
+++ b/tar/util.c
25+
@@ -749,7 +749,10 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry)
26+
#else
27+
ltime = localtime(&tim);
28+
#endif
29+
- strftime(tmp, sizeof(tmp), fmt, ltime);
30+
+ if (ltime)
31+
+ strftime(tmp, sizeof(tmp), fmt, ltime);
32+
+ else
33+
+ sprintf(tmp, "-- -- ----");
34+
fprintf(out, " %s ", tmp);
35+
safe_fprintf(out, "%s", archive_entry_pathname(entry));
36+

SPECS/libarchive/libarchive.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: Multi-format archive and compression library
22
Name: libarchive
33
Version: 3.6.1
4-
Release: 4%{?dist}
4+
Release: 5%{?dist}
55
# Certain files have individual licenses. For more details see contents of "COPYING".
66
License: BSD AND Public Domain AND (ASL 2.0 OR CC0 1.0 OR OpenSSL)
77
Vendor: Microsoft Corporation
@@ -14,6 +14,7 @@ Patch1: CVE-2024-26256.patch
1414
Patch2: CVE-2024-20696.patch
1515
Patch3: CVE-2024-48958.patch
1616
Patch4: CVE-2024-48957.patch
17+
Patch5: CVE-2025-25724.patch
1718
Provides: bsdtar = %{version}-%{release}
1819

1920
BuildRequires: xz-libs
@@ -66,6 +67,9 @@ make %{?_smp_mflags} check
6667
%{_libdir}/pkgconfig/*.pc
6768

6869
%changelog
70+
* Tue Mar 11 2025 Kanishk Bansal <kanbansal@microsoft.com> - 3.6.1-5
71+
- Patch CVE-2025-25724
72+
6973
* Tue Oct 15 2024 Nan Liu <liunan@microsoft.com> - 3.6.1-4
7074
- Patch CVE-2024-48957, CVE-2024-48958, CVE-2024-20696
7175

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -173,8 +173,8 @@ openssl-static-1.1.1k-35.cm2.aarch64.rpm
173173
libcap-2.60-4.cm2.aarch64.rpm
174174
libcap-devel-2.60-4.cm2.aarch64.rpm
175175
debugedit-5.0-2.cm2.aarch64.rpm
176-
libarchive-3.6.1-4.cm2.aarch64.rpm
177-
libarchive-devel-3.6.1-4.cm2.aarch64.rpm
176+
libarchive-3.6.1-5.cm2.aarch64.rpm
177+
libarchive-devel-3.6.1-5.cm2.aarch64.rpm
178178
rpm-4.18.0-4.cm2.aarch64.rpm
179179
rpm-build-4.18.0-4.cm2.aarch64.rpm
180180
rpm-build-libs-4.18.0-4.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -173,8 +173,8 @@ openssl-static-1.1.1k-35.cm2.x86_64.rpm
173173
libcap-2.60-4.cm2.x86_64.rpm
174174
libcap-devel-2.60-4.cm2.x86_64.rpm
175175
debugedit-5.0-2.cm2.x86_64.rpm
176-
libarchive-3.6.1-4.cm2.x86_64.rpm
177-
libarchive-devel-3.6.1-4.cm2.x86_64.rpm
176+
libarchive-3.6.1-5.cm2.x86_64.rpm
177+
libarchive-devel-3.6.1-5.cm2.x86_64.rpm
178178
rpm-4.18.0-4.cm2.x86_64.rpm
179179
rpm-build-4.18.0-4.cm2.x86_64.rpm
180180
rpm-build-libs-4.18.0-4.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -144,9 +144,9 @@ krb5-1.19.4-3.cm2.aarch64.rpm
144144
krb5-debuginfo-1.19.4-3.cm2.aarch64.rpm
145145
krb5-devel-1.19.4-3.cm2.aarch64.rpm
146146
krb5-lang-1.19.4-3.cm2.aarch64.rpm
147-
libarchive-3.6.1-4.cm2.aarch64.rpm
148-
libarchive-debuginfo-3.6.1-4.cm2.aarch64.rpm
149-
libarchive-devel-3.6.1-4.cm2.aarch64.rpm
147+
libarchive-3.6.1-5.cm2.aarch64.rpm
148+
libarchive-debuginfo-3.6.1-5.cm2.aarch64.rpm
149+
libarchive-devel-3.6.1-5.cm2.aarch64.rpm
150150
libassuan-2.5.5-2.cm2.aarch64.rpm
151151
libassuan-debuginfo-2.5.5-2.cm2.aarch64.rpm
152152
libassuan-devel-2.5.5-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -150,9 +150,9 @@ krb5-1.19.4-3.cm2.x86_64.rpm
150150
krb5-debuginfo-1.19.4-3.cm2.x86_64.rpm
151151
krb5-devel-1.19.4-3.cm2.x86_64.rpm
152152
krb5-lang-1.19.4-3.cm2.x86_64.rpm
153-
libarchive-3.6.1-4.cm2.x86_64.rpm
154-
libarchive-debuginfo-3.6.1-4.cm2.x86_64.rpm
155-
libarchive-devel-3.6.1-4.cm2.x86_64.rpm
153+
libarchive-3.6.1-5.cm2.x86_64.rpm
154+
libarchive-debuginfo-3.6.1-5.cm2.x86_64.rpm
155+
libarchive-devel-3.6.1-5.cm2.x86_64.rpm
156156
libassuan-2.5.5-2.cm2.x86_64.rpm
157157
libassuan-debuginfo-2.5.5-2.cm2.x86_64.rpm
158158
libassuan-devel-2.5.5-2.cm2.x86_64.rpm

0 commit comments

Comments
 (0)