new file mode 100644
@@ -0,0 +1,36 @@
+From b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60 Mon Sep 17 00:00:00 2001
+From: Martin Matuska <martin@matuska.org>
+Date: Sat, 11 May 2019 02:36:53 +0200
+Subject: [PATCH] RAR reader: fix use after free
+
+If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed
+to continue with next archive headers. We need to set rar->start_new_table
+after the ppmd7_context got freed, otherwise it won't be allocated again.
+
+Reported by: OSS-Fuzz issue 2582
+
+[Peter: fixes CVE-2019-18408]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libarchive/archive_read_support_format_rar.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index a8cc5c94..49360876 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -1024,8 +1024,10 @@ archive_read_format_rar_read_data(struct archive_read *a, const void **buff,
+ case COMPRESS_METHOD_GOOD:
+ case COMPRESS_METHOD_BEST:
+ ret = read_data_compressed(a, buff, size, offset);
+- if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN)
++ if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) {
+ __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
++ rar->start_new_table = 1;
++ }
+ break;
+
+ default:
+--
+2.20.1
+
Fixes the following security issue: - CVE-2019-18408: archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- .../0007-RAR-reader-fix-use-after-free.patch | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 package/libarchive/0007-RAR-reader-fix-use-after-free.patch