rpms/libarchive
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix for CVE-2026-4111

Browse Source 
Resolves: RHEL-155145

Since we're adding test (changing Makefile) we need the autoreconf
This commit is contained in:
Lukas Javorsky 2026-03-16 13:48:19 +01:00
parent 476a518562
commit 3250f4640e
2 changed files with 332 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

322
libarchive-3.5.3-Fix-CVE-2026-4111.patch Normal file
View File

@ -0,0 +1,322 @@
From 4d64ea1e460d5883b1cb268920f1beac5794b762 Mon Sep 17 00:00:00 2001
From: Lukas Javorsky <ljavorsk@redhat.com>
Date: Mon, 16 Mar 2026 13:42:41 +0100
Subject: [PATCH] Infinite loop in Rar5 decompression
Fix for CVE-2026-4111
Source: https://github.com/libarchive/libarchive/pull/2877
---
Makefile.am | 2 +
libarchive/archive_read_support_format_rar5.c | 4 +-
libarchive/test/CMakeLists.txt | 1 +
.../test/test_read_format_rar5_loop_bug.c | 53 +++++
.../test_read_format_rar5_loop_bug.rar.uu | 189 ++++++++++++++++++
5 files changed, 248 insertions(+), 1 deletion(-)
create mode 100644 libarchive/test/test_read_format_rar5_loop_bug.c
create mode 100644 libarchive/test/test_read_format_rar5_loop_bug.rar.uu
diff --git a/Makefile.am b/Makefile.am
index 103773c..c21d026 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -504,6 +504,7 @@ libarchive_test_SOURCES= \
libarchive/test/test_read_format_rar_encryption_header.c \
libarchive/test/test_read_format_rar_invalid1.c \
libarchive/test/test_read_format_rar5.c \
+ libarchive/test/test_read_format_rar5_loop_bug.c \
libarchive/test/test_read_format_raw.c \
libarchive/test/test_read_format_tar.c \
libarchive/test/test_read_format_tar_concatenated.c \
@@ -861,6 +862,7 @@ libarchive_test_EXTRA_DIST=\
libarchive/test/test_read_format_rar5_invalid_dict_reference.rar.uu \
libarchive/test/test_read_format_rar5_leftshift1.rar.uu \
libarchive/test/test_read_format_rar5_leftshift2.rar.uu \
+ libarchive/test/test_read_format_rar5_loop_bug.rar.uu \
libarchive/test/test_read_format_rar5_multiarchive.part01.rar.uu \
libarchive/test/test_read_format_rar5_multiarchive.part02.rar.uu \
libarchive/test/test_read_format_rar5_multiarchive.part03.rar.uu \
diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
index 734d62f..54b14a6 100644
--- a/libarchive/archive_read_support_format_rar5.c
+++ b/libarchive/archive_read_support_format_rar5.c
@@ -2812,7 +2812,9 @@ static int parse_filter(struct archive_read* ar, const uint8_t* p) {
if(block_length < 4 ||
block_length > 0x400000 ||
filter_type > FILTER_ARM ||
- !is_valid_filter_block_start(rar, block_start))
+ !is_valid_filter_block_start(rar, block_start) ||
+ (rar->cstate.window_size > 0 &&
+ (ssize_t)block_length > rar->cstate.window_size >> 1))
{
archive_set_error(&ar->archive, ARCHIVE_ERRNO_FILE_FORMAT,
"Invalid filter encountered");
diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt
index 53cc3e2..4c65de8 100644
--- a/libarchive/test/CMakeLists.txt
+++ b/libarchive/test/CMakeLists.txt
@@ -153,6 +153,7 @@ IF(ENABLE_TEST)
test_read_format_rar_encryption_partially.c
test_read_format_rar_invalid1.c
test_read_format_rar5.c
+ test_read_format_rar5_loop_bug.c
test_read_format_raw.c
test_read_format_tar.c
test_read_format_tar_concatenated.c
diff --git a/libarchive/test/test_read_format_rar5_loop_bug.c b/libarchive/test/test_read_format_rar5_loop_bug.c
new file mode 100644
index 0000000..77dd78c
--- /dev/null
+++ b/libarchive/test/test_read_format_rar5_loop_bug.c
@@ -0,0 +1,53 @@
+/*-
+ * Copyright (c) 2026 Tim Kientzle
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "test.h"
+
+DEFINE_TEST(test_read_format_rar5_loop_bug)
+{
+ const char *reffile = "test_read_format_rar5_loop_bug.rar";
+ struct archive_entry *ae;
+ struct archive *a;
+ const void *buf;
+ size_t size;
+ la_int64_t offset;
+
+ extract_reference_file(reffile);
+ assert((a = archive_read_new()) != NULL);
+ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
+ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
+ assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, reffile, 10240));
+
+ // This has just one entry
+ assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae));
+
+ // Read blocks until the end of the entry
+ while (ARCHIVE_OK == archive_read_data_block(a, &buf, &size, &offset)) {
+ }
+
+ assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae));
+
+ assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
+ assertEqualInt(ARCHIVE_OK, archive_free(a));
+}
diff --git a/libarchive/test/test_read_format_rar5_loop_bug.rar.uu b/libarchive/test/test_read_format_rar5_loop_bug.rar.uu
new file mode 100644
index 0000000..3e47004
--- /dev/null
+++ b/libarchive/test/test_read_format_rar5_loop_bug.rar.uu
@@ -0,0 +1,189 @@
+begin 644 test_read_format_rar5_loop_bug.rar
+M4F%R(1H'`0#%&C,R`P$``)T-9%L.`@+P0`"`@`P`@`,``6'(WFP@`?\7_U/^
+M8@!.`B`H````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+M````````````````````````````````````````````````````````````
+5```````````````````Y^;*!`@4`
+`
+end
--
2.53.0

11
libarchive.spec
View File

@ -2,7 +2,7 @@
Name: libarchive
Version: 3.5.3
Release: 6%{?dist}
Release: 7%{?dist}
Summary: A library for handling streaming archive formats
License: BSD
@ -20,8 +20,13 @@ Patch4: %{name}-3.5.3-Fix-CVE-2022-36227.patch
Patch5: %{name}-3.5.3-Fix-CVE-2025-25724.patch
# Source: https://github.com/libarchive/libarchive/commit/09685126fcec664e2b8ca595e1fc371bd494d209
Patch6: %{name}-3.5.3-Fix-CVE-2025-5914.patch
# Source: https://github.com/mmatuska/libarchive/commit/ec19fcbd20b18bd3b0fdcf2b3fb97789cd1bf575
Patch7: %{name}-3.5.3-Fix-CVE-2026-4111.patch
BuildRequires: automake
BuildRequires: autoconf
BuildRequires: libtool
BuildRequires: bison
BuildRequires: bzip2-devel
BuildRequires: e2fsprogs-devel
@ -90,6 +95,7 @@ standard output.
%build
autoreconf -ifv
%configure --disable-static LT_SYS_LIBRARY_PATH=%_libdir
%make_build
@ -223,6 +229,9 @@ run_testsuite
%changelog
* Mon Mar 16 2026 Lukas Javorsky <ljavorsk@redhat.com> - 3.5.3-7
- Resolves: CVE-2026-4111
* Wed Aug 13 2025 Lukas Javorsky <ljavorsk@redhat.com> - 3.5.3-6
- Resolves: CVE-2025-5914