diff --git a/libarchive-3.5.3-Fix-size-filed-in-pax-header.patch b/libarchive-3.5.3-Fix-size-filed-in-pax-header.patch new file mode 100644 index 0000000..1339f91 --- /dev/null +++ b/libarchive-3.5.3-Fix-size-filed-in-pax-header.patch @@ -0,0 +1,41 @@ +From afef3d7fc131df0dac09a46b8673898860a193db Mon Sep 17 00:00:00 2001 +From: Zdenek Zambersky +Date: Tue, 11 Jan 2022 14:43:27 +0100 +Subject: [PATCH] Fixed size filed in pax header + +--- + libarchive/archive_write_set_format_pax.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c +index a2b27107..52911491 100644 +--- a/libarchive/archive_write_set_format_pax.c ++++ b/libarchive/archive_write_set_format_pax.c +@@ -1028,10 +1028,8 @@ archive_write_pax_header(struct archive_write *a, + archive_string_init(&entry_name); + archive_strcpy(&entry_name, archive_entry_pathname(entry_main)); + +- /* If file size is too large, add 'size' to pax extended attrs. */ ++ /* If file size is too large, we need pax extended attrs. */ + if (archive_entry_size(entry_main) >= (((int64_t)1) << 33)) { +- add_pax_attr_int(&(pax->pax_header), "size", +- archive_entry_size(entry_main)); + need_extension = 1; + } + +@@ -1347,6 +1345,12 @@ archive_write_pax_header(struct archive_write *a, + mapsize + pax->sparse_map_padding + sparse_total); + } + ++ /* If file size is too large, add 'size' to pax extended attrs. */ ++ if (archive_entry_size(entry_main) >= (((int64_t)1) << 33)) { ++ add_pax_attr_int(&(pax->pax_header), "size", ++ archive_entry_size(entry_main)); ++ } ++ + /* Format 'ustar' header for main entry. + * + * The trouble with file size: If the reader can't understand +-- +2.34.3 + diff --git a/libarchive.spec b/libarchive.spec index 6623fa2..9638421 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -2,7 +2,7 @@ Name: libarchive Version: 3.5.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A library for handling streaming archive formats License: BSD @@ -12,6 +12,8 @@ Source0: https://libarchive.org/downloads/%{name}-%{version}.tar.gz Patch1: openssl3-rmd160failure.patch # Source: https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff Patch2: %{name}-3.5.3-Fix-CVE-2022-26280.patch +# Source: https://github.com/libarchive/libarchive/commit/b1b501161013296d19dfe9acb84a341c8a1755b9 +Patch3: %{name}-3.5.3-Fix-size-filed-in-pax-header.patch BuildRequires: automake BuildRequires: bison @@ -215,6 +217,9 @@ run_testsuite %changelog +* Tue Jul 12 2022 Lukas Javorsky - 3.5.3-3 +- Resolves: #2106651 + * Wed May 18 2022 Lukas Javorsky - 3.5.3-2 - Resolves: CVE-2022-26280