From 46bfbe4b92d34bc5e0f1aeb9f80967af7a4e58ab Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Tue, 2 Dec 2025 14:51:46 +0800
Subject: [PATCH] 3.8.4

---
 backport-CVE-2025-60753.patch                 | 72 -------------------
 ...ve-3.8.3.tar.xz => libarchive-3.8.4.tar.xz |  4 +-
 libarchive.spec                               |  9 +--
 3 files changed, 7 insertions(+), 78 deletions(-)
 delete mode 100644 backport-CVE-2025-60753.patch
 rename libarchive-3.8.3.tar.xz => libarchive-3.8.4.tar.xz (32%)

diff --git a/backport-CVE-2025-60753.patch b/backport-CVE-2025-60753.patch
deleted file mode 100644
index 5f59d30..0000000
--- a/backport-CVE-2025-60753.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 3150539edb18690c2c5f81c37fd2d3a35c69ace5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?ARJANEN=20Lo=C3=AFc=20Jean=20David?= <ljd@luigiscorner.mu>
-Date: Fri, 14 Nov 2025 20:34:48 +0100
-Subject: [PATCH] Fix bsdtar zero-length pattern issue.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Uses the sed-like way (and Java-like, and .Net-like, and Javascript-like…) to fix this issue of advancing the string to be processed by one if the match is zero-length.
-
-Fixes libarchive/libarchive#2725 and solves libarchive/libarchive#2438.
----
- tar/subst.c              | 19 ++++++++++++-------
- tar/test/test_option_s.c |  8 +++++++-
- 2 files changed, 19 insertions(+), 8 deletions(-)
-
-diff --git a/tar/subst.c b/tar/subst.c
-index 9747abb906..902a4d6485 100644
---- a/tar/subst.c
-+++ b/tar/subst.c
-@@ -252,7 +252,9 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
- 			(*result)[0] = 0;
- 		}
- 
--		while (1) {
-+		char isEnd = 0;
-+		do {
-+            isEnd = *name == '\0';
- 			if (regexec(&rule->re, name, 10, matches, 0))
- 				break;
- 
-@@ -307,12 +309,15 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
- 			}
- 
- 			realloc_strcat(result, rule->result + j);
--
--			name += matches[0].rm_eo;
--
--			if (!rule->global)
--				break;
--		}
-+			if (matches[0].rm_eo > 0) {
-+                name += matches[0].rm_eo;
-+            } else {
-+                // We skip a character because the match is 0-length
-+                // so we need to add it to the output
-+                realloc_strncat(result, name, 1);
-+                name += 1;
-+            }
-+		} while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end
- 	}
- 
- 	if (got_match)
-diff --git a/tar/test/test_option_s.c b/tar/test/test_option_s.c
-index 564793b97d..90b4c471c1 100644
---- a/tar/test/test_option_s.c
-+++ b/tar/test/test_option_s.c
-@@ -60,7 +60,13 @@ DEFINE_TEST(test_option_s)
- 	systemf("%s -cf test1_2.tar -s /d1/d2/ in/d1/foo", testprog);
- 	systemf("%s -xf test1_2.tar -C test1", testprog);
- 	assertFileContents("foo", 3, "test1/in/d2/foo");
--
-+	systemf("%s -cf test1_3.tar -s /o/#/g in/d1/foo", testprog);
-+	systemf("%s -xf test1_3.tar -C test1", testprog);
-+	assertFileContents("foo", 3, "test1/in/d1/f##");
-+	// For the 0-length pattern check, remember that "test1/" isn't part of the string affected by the regexp
-+	systemf("%s -cf test1_4.tar -s /f*/\\<~\\>/g in/d1/foo", testprog);
-+	systemf("%s -xf test1_4.tar -C test1", testprog);
-+	assertFileContents("foo", 3, "test1/<>i<>n<>/<>d<>1<>/<f><>o<>o<>");
- 	/*
- 	 * Test 2: Basic substitution when extracting archive.
- 	 */
diff --git a/libarchive-3.8.3.tar.xz b/libarchive-3.8.4.tar.xz
similarity index 32%
rename from libarchive-3.8.3.tar.xz
rename to libarchive-3.8.4.tar.xz
index 4813247..0ca7c17 100644
--- a/libarchive-3.8.3.tar.xz
+++ b/libarchive-3.8.4.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:90e21f2b89f19391ce7b90f6e48ed9fde5394d23ad30ae256fb8236b38b99788
-size 5990552
+oid sha256:c7b847b57feacf5e182f4d14dd6cae545ac6843d55cb725f58e107cdf1c9ad73
+size 6065584
diff --git a/libarchive.spec b/libarchive.spec
index b75907c..1c51f46 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -1,15 +1,13 @@
 %bcond_without check
 
 Name:           libarchive
-Version:        3.8.3
-Release:        2
+Version:        3.8.4
+Release:        1
 Summary:        Multi-format archive and compression library
 License:        BSD-2-Clause
 URL:            https://www.libarchive.org/
 Source0:        https://github.com/libarchive/libarchive/releases/download/v%{version}/%{name}-%{version}.tar.xz
 
-Patch6000:      backport-CVE-2025-60753.patch
-
 BuildRequires:  gcc bison sharutils zlib-devel bzip2-devel xz-devel
 BuildRequires:  e2fsprogs-devel libacl-devel libattr-devel
 BuildRequires:  openssl-devel libxml2-devel lz4-devel libzstd-devel
@@ -187,6 +185,9 @@ run_testsuite
 %{_bindir}/bsdunzip
 
 %changelog
+* Tue Dec 02 2025 Funda Wang <fundawang@yeah.net> - 3.8.4-1
+- update to 3.8.4
+
 * Fri Nov 21 2025 lingsheng <lingsheng1@h-partners.com> - 3.8.3-2
 - fix CVE-2025-60753
 
-- 
Gitee