From 7b85225cbe44a3d9c2334443a314941c16a8b0c3 Mon Sep 17 00:00:00 2001
From: Nikola Davidova <ndavidov@redhat.com>
Date: Tue, 4 Mar 2025 09:30:08 +0100
Subject: [PATCH] Fix for CVE-2024-57970

Resolves: RHEL-79877
---
 ...n-in-the-middle-of-a-GNU-long-linkna.patch | 34 +++++++++++++++++++
 libarchive.spec                               |  9 ++++-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 0002-Handle-truncation-in-the-middle-of-a-GNU-long-linkna.patch

diff --git a/0002-Handle-truncation-in-the-middle-of-a-GNU-long-linkna.patch b/0002-Handle-truncation-in-the-middle-of-a-GNU-long-linkna.patch
new file mode 100644
index 0000000..22be56a
--- /dev/null
+++ b/0002-Handle-truncation-in-the-middle-of-a-GNU-long-linkna.patch
@@ -0,0 +1,34 @@
+From 82912103214506316bd9990d73f33d743d55f570 Mon Sep 17 00:00:00 2001
+From: Tim Kientzle <kientzle@acm.org>
+Date: Mon, 9 Dec 2024 21:09:29 -0800
+Subject: [PATCH] Handle truncation in the middle of a GNU long linkname
+ (#2422)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thanks to gbdngb12 김동건 for reporting this.
+
+Resolves Issue #2415
+---
+ libarchive/archive_read_support_format_tar.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c
+index 4aaf1b90..b1344ae5 100644
+--- a/libarchive/archive_read_support_format_tar.c
++++ b/libarchive/archive_read_support_format_tar.c
+@@ -1146,7 +1146,9 @@ header_gnu_longlink(struct archive_read *a, struct tar *tar,
+ 	struct archive_string linkpath;
+ 	archive_string_init(&linkpath);
+ 	err = read_body_to_string(a, tar, &linkpath, h, unconsumed);
+-	archive_entry_set_link(entry, linkpath.s);
++	if (err == ARCHIVE_OK) {
++		archive_entry_set_link(entry, linkpath.s);
++	}
+ 	archive_string_free(&linkpath);
+ 	return (err);
+ }
+-- 
+2.48.1
+
diff --git a/libarchive.spec b/libarchive.spec
index e4ca8fa..5512c35 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -2,7 +2,7 @@
 
 Name:           libarchive
 Version:        3.7.7
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A library for handling streaming archive formats
 
 # Licenses:
@@ -43,6 +43,9 @@ BuildRequires: make
 # loaded, which breaks the RIPEMD-160 test. This patch disables the RIPEMD-160
 # support explicitly.
 Patch0001: 0001-Drop-rmd160-from-OpenSSL.patch
+# Upstream commit: https://github.com/libarchive/libarchive/commit/82912103214506316bd9990d73f33d743d55f570
+# Fixes the CVE-2024-57970
+Patch0002: 0002-Handle-truncation-in-the-middle-of-a-GNU-long-linkna.patch
 
 %description
 Libarchive is a programming library that can create and read several different
@@ -241,6 +244,10 @@ run_testsuite
 
 
 %changelog
+* Tue Mar 04 2025 Nikola Davidova <ndavidov@redhat.com> - 3.7.7-2
+- Fix for CVE-2024-57970
+- Resolves: RHEL-79877
+
 * Mon Nov 18 2024 Lukas Javorsky <ljavorsk@redhat.com> - 3.7.7-1
 - Rebase to version 3.7.7
 - Fixing SAST issues, accepted by upstream