From 10f42d3f74fcadd5a7d179d8203fdba9bb0312af Mon Sep 17 00:00:00 2001
From: lingsheng <860373352@qq.com>
Date: Tue, 25 Nov 2025 11:10:03 +0800
Subject: [PATCH] fix CVE-2025-60753

(cherry picked from commit 5e4e7cb9e545f1f87d15f6eb1a1ba2d84935f6af)
---
 backport-CVE-2025-60753.patch | 78 +++++++++++++++++++++++++++++++++++
 libarchive.spec               |  6 ++-
 2 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-60753.patch

diff --git a/backport-CVE-2025-60753.patch b/backport-CVE-2025-60753.patch
new file mode 100644
index 0000000..2c99e56
--- /dev/null
+++ b/backport-CVE-2025-60753.patch
@@ -0,0 +1,78 @@
+From 3150539edb18690c2c5f81c37fd2d3a35c69ace5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?ARJANEN=20Lo=C3=AFc=20Jean=20David?= <ljd@luigiscorner.mu>
+Date: Fri, 14 Nov 2025 20:34:48 +0100
+Subject: [PATCH] Fix bsdtar zero-length pattern issue.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Uses the sed-like way (and Java-like, and .Net-like, and Javascript-like…) to fix this issue of advancing the string to be processed by one if the match is zero-length.
+
+Fixes libarchive/libarchive#2725 and solves libarchive/libarchive#2438.
+
+Reference:https://github.com/libarchive/libarchive/commit/3150539edb18690c2c5f81c37fd2d3a35c69ace5
+Conflict:Adapt context
+---
+ tar/subst.c              | 19 ++++++++++++-------
+ tar/test/test_option_s.c |  8 +++++++-
+ 2 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/tar/subst.c b/tar/subst.c
+index 55ad63d..b66bd3a 100644
+--- a/tar/subst.c
++++ b/tar/subst.c
+@@ -237,7 +237,9 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+ 				continue;
+ 		}
+ 
+-		while (1) {
++		char isEnd = 0;
++		do {
++            isEnd = *name == '\0';
+ 			if (regexec(&rule->re, name, 10, matches, 0))
+ 				break;
+ 
+@@ -291,12 +293,15 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+ 			}
+ 
+ 			realloc_strcat(result, rule->result + j);
+-
+-			name += matches[0].rm_eo;
+-
+-			if (!rule->global)
+-				break;
+-		}
++			if (matches[0].rm_eo > 0) {
++                name += matches[0].rm_eo;
++            } else {
++                // We skip a character because the match is 0-length
++                // so we need to add it to the output
++                realloc_strncat(result, name, 1);
++                name += 1;
++            }
++		} while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end
+ 	}
+ 
+ 	if (got_match)
+diff --git a/tar/test/test_option_s.c b/tar/test/test_option_s.c
+index fa799a2..50eaeea 100644
+--- a/tar/test/test_option_s.c
++++ b/tar/test/test_option_s.c
+@@ -61,7 +61,13 @@ DEFINE_TEST(test_option_s)
+ 	systemf("%s -cf test1_2.tar -s /d1/d2/ in/d1/foo", testprog);
+ 	systemf("%s -xf test1_2.tar -C test1", testprog);
+ 	assertFileContents("foo", 3, "test1/in/d2/foo");
+-
++	systemf("%s -cf test1_3.tar -s /o/#/g in/d1/foo", testprog);
++	systemf("%s -xf test1_3.tar -C test1", testprog);
++	assertFileContents("foo", 3, "test1/in/d1/f##");
++	// For the 0-length pattern check, remember that "test1/" isn't part of the string affected by the regexp
++	systemf("%s -cf test1_4.tar -s /f*/\\<~\\>/g in/d1/foo", testprog);
++	systemf("%s -xf test1_4.tar -C test1", testprog);
++	assertFileContents("foo", 3, "test1/<>i<>n<>/<>d<>1<>/<f><>o<>o<>");
+ 	/*
+ 	 * Test 2: Basic substitution when extracting archive.
+ 	 */
+-- 
+2.33.0
+
diff --git a/libarchive.spec b/libarchive.spec
index a844374..4084ad1 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -2,7 +2,7 @@
 
 Name:           libarchive
 Version:        3.7.1
-Release:        7
+Release:        8
 Summary:        Multi-format archive and compression library
 License:        BSD
 URL:            https://www.libarchive.org/
@@ -23,6 +23,7 @@ Patch6011:      backport-0001-CVE-2025-5918.patch
 Patch6012:      backport-0002-CVE-2025-5918.patch
 Patch6013:      backport-0003-CVE-2025-5918.patch
 Patch6014:      backport-0004-CVE-2025-5918.patch
+Patch6015:      backport-CVE-2025-60753.patch
 
 BuildRequires:  gcc bison sharutils zlib-devel bzip2-devel xz-devel
 BuildRequires:  lzo-devel e2fsprogs-devel libacl-devel libattr-devel
@@ -214,6 +215,9 @@ run_testsuite
 %{_mandir}/*/bsdunzip*
 
 %changelog
+* Tue Nov 25 2025 lingsheng <lingsheng1@h-partners.com> - 3.7.1-8
+- fix CVE-2025-60753
+
 * Wed Jun 11 2025 lingsheng <lingsheng1@h-partners.com> - 3.7.1-7
 - Type:CVE
 - ID:CVE-2025-5914,CVE-2025-5915,CVE-2025-5916,CVE-2025-5917,CVE-2025-5918
-- 
Gitee