File libarchive-3.1.2-CVE-2015-8916-CVE-2015-8917.patch of Package libarchive

From b2e2abbb13ddcd962470cc1adb43b085f6e407a4 Mon Sep 17 00:00:00 2001
From: Tim Kientzle <kientzle@acm.org>
Date: Fri, 6 Feb 2015 22:45:58 -0800
Subject: [PATCH] Issues 396, 397: Ignore entries with empty filenames.

Bugs in the rar and cab readers lead to returning entries
with empty filenames.  Make bsdtar resistant to this.

Of course, we should also fix the rar and cab
readers to handle these cases correctly and either
return correctly-populated entries or fail cleanly.
---
 tar/read.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tar/read.c b/tar/read.c
index 8267b70..430cff0 100644
--- a/tar/read.c
+++ b/tar/read.c
@@ -264,6 +264,12 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer)
 		}
 		if (r == ARCHIVE_FATAL)
 			break;
+		const char *p = archive_entry_pathname(entry);
+		if (p == NULL || p[0] == '\0') {
+			lafe_warnc(0, "Archive entry has empty or unreadable filename ... skipping.");
+			bsdtar->return_value = 1;
+			continue;
+		}
 
 		if (bsdtar->uid >= 0) {
 			archive_entry_set_uid(entry, bsdtar->uid);
-- 
2.7.4