[packages/libarchive] - updated to 3.8.5 (fixes CVE-2025-25724); added patches (upstream+additional) for nettle 4.0 compat

qboosh qboosh at pld-linux.org
Sun Feb 22 18:21:09 CET 2026 

commit 654d01dec3f8612d3a137f95fd51a080b373a3f4
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Sun Feb 22 18:21:11 2026 +0100

    - updated to 3.8.5 (fixes CVE-2025-25724); added patches (upstream+additional) for nettle 4.0 compatibility

 libarchive-nettle.patch  |  50 +++++++++++++++++++++++
 libarchive-nettle2.patch | 101 +++++++++++++++++++++++++++++++++++++++++++++++
 libarchive.spec          |  16 +++++---
 3 files changed, 161 insertions(+), 6 deletions(-)
---
diff --git a/libarchive.spec b/libarchive.spec
index f8a255f..72c5655 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -5,15 +5,17 @@
 Summary:	Multi-format archive and compression library
 Summary(pl.UTF-8):	Biblioteka do archiwizacji i kompresji w wielu formatach
 Name:		libarchive
-Version:	3.8.1
-Release:	2
+Version:	3.8.5
+Release:	1
 License:	BSD
 Group:		Libraries
 # see main page, downloads index may be out of date
 #Source0Download: http://www.libarchive.org/
 Source0:	https://www.libarchive.org/downloads/%{name}-%{version}.tar.xz
-# Source0-md5:	80fd1a7acc4da7c7d4a5f9f96df6e3ff
+# Source0-md5:	2cd5a73ed7fe7f9da22d34ac1048534e
 Patch0:		%{name}-man_progname.patch
+Patch1:		%{name}-nettle.patch
+Patch2:		%{name}-nettle2.patch
 URL:		http://www.libarchive.org/
 BuildRequires:	acl-devel
 BuildRequires:	attr-devel
@@ -145,6 +147,8 @@ bsdunzip - implementacja programu unzip(1), oparta na libarchive.
 %prep
 %setup -q
 %patch -P0 -p1
+%patch -P1 -p1
+%patch -P2 -p1 -b .orig
 
 %build
 %{__libtoolize}
@@ -182,12 +186,12 @@ rm -rf $RPM_BUILD_ROOT
 %files
 %defattr(644,root,root,755)
 %doc NEWS COPYING
-%attr(755,root,root) %{_libdir}/libarchive.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libarchive.so.13
+%{_libdir}/libarchive.so.*.*.*
+%ghost %{_libdir}/libarchive.so.13
 
 %files devel
 %defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/libarchive.so
+%{_libdir}/libarchive.so
 %{_includedir}/archive*.h
 %{_mandir}/man3/archive_*.3*
 %{_mandir}/man3/libarchive.3*
diff --git a/libarchive-nettle.patch b/libarchive-nettle.patch
new file mode 100644
index 0000000..a8d8b15
--- /dev/null
+++ b/libarchive-nettle.patch
@@ -0,0 +1,50 @@
+From 6a3d059507dd23e981090909e6f42f79f6de2a39 Mon Sep 17 00:00:00 2001
+From: FooIbar <118464521+FooIbar at users.noreply.github.com>
+Date: Fri, 6 Feb 2026 20:52:25 +0800
+Subject: [PATCH] Fix incompatibility with Nettle 4.x
+
+---
+ libarchive/archive_cryptor_private.h | 4 ++++
+ libarchive/archive_hmac.c            | 6 ++++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/libarchive/archive_cryptor_private.h b/libarchive/archive_cryptor_private.h
+index 367d7c3bc9..069eccd994 100644
+--- a/libarchive/archive_cryptor_private.h
++++ b/libarchive/archive_cryptor_private.h
+@@ -109,6 +109,10 @@ typedef struct {
+ #include <nettle/version.h>
+ #define	ARCHIVE_CRYPTOR_USE_NETTLE 1
+ 
++#ifndef AES_MAX_KEY_SIZE
++#define AES_MAX_KEY_SIZE AES256_KEY_SIZE
++#endif
++
+ typedef struct {
+ #if NETTLE_VERSION_MAJOR < 3
+ 	struct aes_ctx	ctx;
+diff --git a/libarchive/archive_hmac.c b/libarchive/archive_hmac.c
+index edb3bf5abd..e1e8f05ff0 100644
+--- a/libarchive/archive_hmac.c
++++ b/libarchive/archive_hmac.c
+@@ -198,6 +198,7 @@ static void __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx)
+ }
+ 
+ #elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_HMAC_H)
++#include <nettle/version.h>
+ 
+ static int
+ __hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len)
+@@ -216,7 +217,12 @@ __hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data,
+ static void
+ __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len)
+ {
++#if NETTLE_VERSION_MAJOR < 4
+ 	hmac_sha1_digest(ctx, (unsigned)*out_len, out);
++#else
++	hmac_sha1_digest(ctx, out);
++	*out_len = SHA1_DIGEST_SIZE;
++#endif
+ }
+ 
+ static void
diff --git a/libarchive-nettle2.patch b/libarchive-nettle2.patch
new file mode 100644
index 0000000..4458747
--- /dev/null
+++ b/libarchive-nettle2.patch
@@ -0,0 +1,101 @@
+--- libarchive-3.8.5/libarchive/archive_digest.c.orig	2026-01-05 11:30:19.000000000 +0100
++++ libarchive-3.8.5/libarchive/archive_digest.c	2026-02-22 17:23:18.331360134 +0100
+@@ -320,7 +320,11 @@ __archive_md5update(archive_md5_ctx *ctx
+ static int
+ __archive_md5final(archive_md5_ctx *ctx, void *md)
+ {
++#if NETTLE_VERSION_MAJOR < 4
+   md5_digest(ctx, MD5_DIGEST_SIZE, md);
++#else
++  md5_digest(ctx, md);
++#endif
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -503,7 +507,11 @@ __archive_ripemd160update(archive_rmd160
+ static int
+ __archive_ripemd160final(archive_rmd160_ctx *ctx, void *md)
+ {
++#if NETTLE_VERSION_MAJOR < 4
+   ripemd160_digest(ctx, RIPEMD160_DIGEST_SIZE, md);
++#else
++  ripemd160_digest(ctx, md);
++#endif
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -731,7 +739,11 @@ __archive_sha1update(archive_sha1_ctx *c
+ static int
+ __archive_sha1final(archive_sha1_ctx *ctx, void *md)
+ {
++#if NETTLE_VERSION_MAJOR < 4
+   sha1_digest(ctx, SHA1_DIGEST_SIZE, md);
++#else
++  sha1_digest(ctx, md);
++#endif
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -1011,7 +1023,11 @@ __archive_sha256update(archive_sha256_ct
+ static int
+ __archive_sha256final(archive_sha256_ctx *ctx, void *md)
+ {
++#if NETTLE_VERSION_MAJOR < 4
+   sha256_digest(ctx, SHA256_DIGEST_SIZE, md);
++#else
++  sha256_digest(ctx, md);
++#endif
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -1263,7 +1279,11 @@ __archive_sha384update(archive_sha384_ct
+ static int
+ __archive_sha384final(archive_sha384_ctx *ctx, void *md)
+ {
++#if NETTLE_VERSION_MAJOR < 4
+   sha384_digest(ctx, SHA384_DIGEST_SIZE, md);
++#else
++  sha384_digest(ctx, md);
++#endif
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -1539,7 +1559,11 @@ __archive_sha512update(archive_sha512_ct
+ static int
+ __archive_sha512final(archive_sha512_ctx *ctx, void *md)
+ {
++#if NETTLE_VERSION_MAJOR < 4
+   sha512_digest(ctx, SHA512_DIGEST_SIZE, md);
++#else
++  sha512_digest(ctx, md);
++#endif
+   return (ARCHIVE_OK);
+ }
+ 
+--- libarchive-3.8.5/libarchive/archive_digest_private.h.orig	2026-01-05 11:30:19.000000000 +0100
++++ libarchive-3.8.5/libarchive/archive_digest_private.h	2026-02-22 18:08:18.496732082 +0100
+@@ -137,15 +137,21 @@
+ /* Nettle crypto headers */
+ #if defined(ARCHIVE_CRYPTO_MD5_NETTLE)
+ #include <nettle/md5.h>
++#include <nettle/version.h>
+ #endif
+ #if defined(ARCHIVE_CRYPTO_RMD160_NETTLE)
+ #include <nettle/ripemd160.h>
++#include <nettle/version.h>
+ #endif
+-#if defined(ARCHIVE_CRYPTO_SHA1_NETTLE) ||\
+-  defined(ARCHIVE_CRYPTO_SHA256_NETTLE) ||\
++#if defined(ARCHIVE_CRYPTO_SHA1_NETTLE)
++#include <nettle/sha1.h>
++#include <nettle/version.h>
++#endif
++#if defined(ARCHIVE_CRYPTO_SHA256_NETTLE) ||\
+   defined(ARCHIVE_CRYPTO_SHA384_NETTLE) ||\
+   defined(ARCHIVE_CRYPTO_SHA512_NETTLE)
+-#include <nettle/sha.h>
++#include <nettle/sha2.h>
++#include <nettle/version.h>
+ #endif
+ 
+ /* OpenSSL crypto headers */
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/libarchive.git/commitdiff/654d01dec3f8612d3a137f95fd51a080b373a3f4

More information about the pld-cvs-commit mailing list