From b0a6163a05836e0cc26c1c82ee79c472f665b835 Mon Sep 17 00:00:00 2001
From: lingsheng <860373352@qq.com>
Date: Thu, 19 Sep 2024 02:28:46 +0000
Subject: [PATCH] fix CVE-2024-26256 CVE-2024-43495

(cherry picked from commit 9951af39e9e91d44d96cb3a19d4166cd5162c36c)
---
 backport-CVE-2024-26256-CVE-2024-43495.patch | 33 ++++++++++++++++++++
 libarchive.spec                              |  9 +++++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-26256-CVE-2024-43495.patch

diff --git a/backport-CVE-2024-26256-CVE-2024-43495.patch b/backport-CVE-2024-26256-CVE-2024-43495.patch
new file mode 100644
index 0000000..738dabe
--- /dev/null
+++ b/backport-CVE-2024-26256-CVE-2024-43495.patch
@@ -0,0 +1,33 @@
+From b7b0c7c4379531206a53634a12a02a8d45b28a2f Mon Sep 17 00:00:00 2001
+From: terrynini <terrynini38514@gmail.com>
+Date: Wed, 14 Aug 2024 16:01:21 +0800
+Subject: [PATCH] Fix CVE-2024-26256 (#2269)
+
+Opening a manipulated RAR archive could lead to remote code execution
+
+Security: CVE-2024-26256
+Co-authored-by: Timothy Lyanguzov <theta682@gmail.com>
+---
+ libarchive/archive_read_support_format_rar.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index fb7cfde7..f4dcb752 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -3428,6 +3428,12 @@ run_filters(struct archive_read *a)
+       return 0;
+   }
+ 
++  if (filter->blocklength > VM_MEMORY_SIZE)
++  {
++    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
++    return 0;
++  }
++
+   ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
+   if (ret != ARCHIVE_OK)
+     return 0;
+-- 
+2.33.0
+
diff --git a/libarchive.spec b/libarchive.spec
index 4782ee5..0efa035 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -2,7 +2,7 @@
 
 Name:           libarchive
 Version:        3.7.1
-Release:        3
+Release:        4
 Summary:        Multi-format archive and compression library
 License:        BSD
 URL:            https://www.libarchive.org/
@@ -10,6 +10,7 @@ Source0:        https://libarchive.org/downloads/%{name}-%{version}.tar.gz
 
 Patch6000:      backport-CVE-2024-20697-CVE-2024-26256.patch
 Patch6001:      backport-CVE-2024-20696.patch
+Patch6002:      backport-CVE-2024-26256-CVE-2024-43495.patch
 
 BuildRequires:  gcc bison sharutils zlib-devel bzip2-devel xz-devel
 BuildRequires:  lzo-devel e2fsprogs-devel libacl-devel libattr-devel
@@ -201,6 +202,12 @@ run_testsuite
 %{_mandir}/*/bsdunzip*
 
 %changelog
+* Thu Sep 19 2024 lingsheng <lingsheng1@h-partners.com> - 3.7.1-4
+- Type:CVE
+- ID:CVE-2024-26256,CVE-2024-43495
+- SUG:NA
+- DESC:fix CVE-2024-26256 CVE-2024-43495
+
 * Thu Jun 06 2024 lingsheng <lingsheng1@h-partners.com> - 3.7.1-3
 - Type:CVE
 - ID:CVE-2024-20696
-- 
Gitee