From be59ea631aa555475a49b3793452c082830bab72 Mon Sep 17 00:00:00 2001 From: lingsheng <860373352@qq.com> Date: Tue, 11 Mar 2025 14:33:29 +0800 Subject: [PATCH] fix CVE-2025-25724 (cherry picked from commit 47d6e67f1a5a5e31195ce05ba029d5b0695ead2d) --- backport-CVE-2025-25724.patch | 34 ++++++++++++++++++++++++++++++++++ libarchive.spec | 9 ++++++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-25724.patch diff --git a/backport-CVE-2025-25724.patch b/backport-CVE-2025-25724.patch new file mode 100644 index 0000000..1cbbfaa --- /dev/null +++ b/backport-CVE-2025-25724.patch @@ -0,0 +1,34 @@ +From 6636f89f5fe08a20de3b2d034712c781d3a67985 Mon Sep 17 00:00:00 2001 +From: Peter Kaestle +Date: Wed, 5 Mar 2025 15:01:14 +0100 +Subject: [PATCH] tar/util.c: fix NULL pointer dereference issue on strftime + +Fix CVE-2025-25724 by detecting NULL return of localtime_r(&tim, &tmbuf), +which could happen in case tim is incredible big. + +In case this error is triggered, put an "INVALID DATE" string into the +outbuf. + +Error poc: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug + +Signed-off-by: Peter Kaestle +--- + tar/util.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/tar/util.c b/tar/util.c +index 3b099cb5f..f3cbdf0bb 100644 +--- a/tar/util.c ++++ b/tar/util.c +@@ -749,7 +749,10 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry) + #else + ltime = localtime(&tim); + #endif +- strftime(tmp, sizeof(tmp), fmt, ltime); ++ if (ltime) ++ strftime(tmp, sizeof(tmp), fmt, ltime); ++ else ++ sprintf(tmp, "-- -- ----"); + fprintf(out, " %s ", tmp); + safe_fprintf(out, "%s", archive_entry_pathname(entry)); + diff --git a/libarchive.spec b/libarchive.spec index 8b860cc..c7184bb 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -2,7 +2,7 @@ Name: libarchive Version: 3.5.2 -Release: 7 +Release: 8 Summary: Multi-format archive and compression library License: BSD @@ -20,6 +20,7 @@ Patch6003: backport-CVE-2021-31566.patch Patch6004: backport-CVE-2022-26280.patch Patch6005: backport-CVE-2022-36227.patch Patch6006: backport-CVE-2024-20696.patch +Patch6007: backport-CVE-2025-25724.patch Patch9000: libarchive-uninitialized-value.patch @@ -194,6 +195,12 @@ run_testsuite %{_bindir}/bsdcat %changelog +* Tue Mar 11 2025 lingsheng - 3.5.2-8 +- Type:CVE +- ID:CVE-2025-25724 +- SUG:NA +- DESC:fix CVE-2025-25724 + * Thu Jun 06 2024 lingsheng - 3.5.2-7 - Type:CVE - ID:CVE-2024-20696 -- Gitee