rpms/libarchive
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix for CVE-2024-57970

Browse Source 
Resolves: RHEL-79877
This commit is contained in:
Nikola Davidova 2025-03-04 09:30:08 +01:00
parent 827200bcd7
commit 7b85225cbe
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
0002-Handle-truncation-in-the-middle-of-a-GNU-long-linkna.patch Normal file
View File

@ -0,0 +1,34 @@
From 82912103214506316bd9990d73f33d743d55f570 Mon Sep 17 00:00:00 2001
From: Tim Kientzle <kientzle@acm.org>
Date: Mon, 9 Dec 2024 21:09:29 -0800
Subject: [PATCH] Handle truncation in the middle of a GNU long linkname
(#2422)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Thanks to gbdngb12 김동건 for reporting this.
Resolves Issue #2415
---
libarchive/archive_read_support_format_tar.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c
index 4aaf1b90..b1344ae5 100644
--- a/libarchive/archive_read_support_format_tar.c
+++ b/libarchive/archive_read_support_format_tar.c
@@ -1146,7 +1146,9 @@ header_gnu_longlink(struct archive_read *a, struct tar *tar,
struct archive_string linkpath;
archive_string_init(&linkpath);
err = read_body_to_string(a, tar, &linkpath, h, unconsumed);
- archive_entry_set_link(entry, linkpath.s);
+ if (err == ARCHIVE_OK) {
+ archive_entry_set_link(entry, linkpath.s);
+ }
archive_string_free(&linkpath);
return (err);
}
--
2.48.1

9
libarchive.spec
View File

@ -2,7 +2,7 @@
Name: libarchive
Version: 3.7.7
Release: 1%{?dist}
Release: 2%{?dist}
Summary: A library for handling streaming archive formats
# Licenses:
@ -43,6 +43,9 @@ BuildRequires: make
# loaded, which breaks the RIPEMD-160 test. This patch disables the RIPEMD-160
# support explicitly.
Patch0001: 0001-Drop-rmd160-from-OpenSSL.patch
# Upstream commit: https://github.com/libarchive/libarchive/commit/82912103214506316bd9990d73f33d743d55f570
# Fixes the CVE-2024-57970
Patch0002: 0002-Handle-truncation-in-the-middle-of-a-GNU-long-linkna.patch
%description
Libarchive is a programming library that can create and read several different
@ -241,6 +244,10 @@ run_testsuite
%changelog
* Tue Mar 04 2025 Nikola Davidova <ndavidov@redhat.com> - 3.7.7-2
- Fix for CVE-2024-57970
- Resolves: RHEL-79877
* Mon Nov 18 2024 Lukas Javorsky <ljavorsk@redhat.com> - 3.7.7-1
- Rebase to version 3.7.7
- Fixing SAST issues, accepted by upstream