Sync from SUSE:SLFO:Main libarchive revision e768e5a9050a15f673a67aeba0beb6ad

This commit is contained in:
Adrian Schröter 2024-06-21 11:43:23 +02:00
parent f8862a83b0
commit 55025b12d0
8 changed files with 190 additions and 48 deletions

19
fix-bsdunzip-test.patch Normal file
View File

@ -0,0 +1,19 @@
commit 64e2e88ec326dd37fcb85c9a9d21fa43444a0a59
Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date: Wed May 22 10:13:47 2024 +0200
Fix test failure on openSUSE:Leap:15.5
diff --git a/unzip/test/test_I.c b/unzip/test/test_I.c
index 5d31ce8d..92e5ce59 100644
--- a/unzip/test/test_I.c
+++ b/unzip/test/test_I.c
@@ -45,7 +45,7 @@ DEFINE_TEST(test_I)
#endif
extract_reference_file(reffile);
- r = systemf("%s -I UTF-8 %s >test.out 2>test.err", testprog, reffile);
+ r = systemf("env -uLC_ALL LC_CTYPE=en_US.UTF-8 %s -I UTF-8 %s >test.out 2>test.err", testprog, reffile);
assertEqualInt(0, r);
assertNonEmptyFile("test.out");
assertEmptyFile("test.err");

View File

@ -1,10 +1,17 @@
Index: libarchive-3.4.3/libarchive/CMakeLists.txt
Index: libarchive-3.7.0/libarchive/CMakeLists.txt
===================================================================
--- libarchive-3.4.3.orig/libarchive/CMakeLists.txt
+++ libarchive-3.4.3/libarchive/CMakeLists.txt
@@ -255,8 +255,8 @@ IF(ENABLE_INSTALL)
# How to install the libraries
INSTALL(TARGETS archive archive_static
--- libarchive-3.7.0.orig/libarchive/CMakeLists.txt
+++ libarchive-3.7.0/libarchive/CMakeLists.txt
@@ -265,13 +265,13 @@ IF(ENABLE_INSTALL)
IF(BUILD_SHARED_LIBS)
INSTALL(TARGETS archive
RUNTIME DESTINATION bin
- LIBRARY DESTINATION lib
- ARCHIVE DESTINATION lib)
+ LIBRARY DESTINATION lib${LIB_SUFFIX}
+ ARCHIVE DESTINATION lib${LIB_SUFFIX})
ENDIF(BUILD_SHARED_LIBS)
INSTALL(TARGETS archive_static
RUNTIME DESTINATION bin
- LIBRARY DESTINATION lib
- ARCHIVE DESTINATION lib)
@ -13,10 +20,10 @@ Index: libarchive-3.4.3/libarchive/CMakeLists.txt
INSTALL_MAN(${libarchive_MANS})
INSTALL(FILES ${include_HEADERS} DESTINATION include)
ENDIF()
Index: libarchive-3.4.3/build/cmake/CreatePkgConfigFile.cmake
Index: libarchive-3.7.0/build/cmake/CreatePkgConfigFile.cmake
===================================================================
--- libarchive-3.4.3.orig/build/cmake/CreatePkgConfigFile.cmake
+++ libarchive-3.4.3/build/cmake/CreatePkgConfigFile.cmake
--- libarchive-3.7.0.orig/build/cmake/CreatePkgConfigFile.cmake
+++ libarchive-3.7.0/build/cmake/CreatePkgConfigFile.cmake
@@ -29,5 +29,5 @@ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DI
# And install it, of course ;).
IF(ENABLE_INSTALL)

BIN
libarchive-3.6.2.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmOTTgMACgkQWEihi48U
GEsIrgv6ApeOuR8LQt9p2PUBHxcQbyXXtjJSP6VpKCE5PfwonjpVt3+vlFKenFko
BjXvDARtlAX2SU17UYIGlpHfGF7dofke3JykRPKwjQfT8bxu/+QdwaJjjyEyHCGI
3sdPkrK7TGDc9/R5imsBAq30hDX3Cwpmdv8IBT5G/sjdXmXPGog1E7GjUFHO0ADE
GqpOhvyxUzjPln1RRpT0KVTgHBN/GJosM/Wwt615s8MqmRgxgi/EwZAc1p2QuIwS
KjCHIQ6GdONNMPWxxJY0kI8ifXmhGiBseIyECIFah7eUhqmQfWnwgL7p3bb0A2r8
UMX8IvW79n5Er6U3r0SbS+kIhirq8YH8jUvCgkH5cYjU9vTcCYYnhY3/nz+lFW06
2CZzKwwTUARPjhPJnqPLmf6IQPLJ25g92zauQE1tQ7s1OWnSMdjE4F+nBeNRlAEr
wXwOuINhaH/d0ujxb7fgEtzmj9iETGnNfa6MAVw8+u6fIbjBZO/8atp1askbAPPl
SYPNnQ/2
=9Ggs
-----END PGP SIGNATURE-----

BIN
libarchive-3.7.4.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,14 @@
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmYre4IACgkQWEihi48U
GEvAuwwAmsnbql7+1CW9RuBHitOvHyIL6sHbjR0Hd3ruI9s3FMevMBzPjpb5MgOU
/D+o0amv1Tv/QSJAid1siZIumgur2hzqglNMK5FkoajpZ1UjYASHHxFoh5qkRKvW
Ws/ViXMVGB2DlyydzzjFwa0JAAK/IpD9uKPPr6rgt+cRBibkWXuJILbmzi/DF1XH
zlp/5FGwzY4/zhqbXgz11ZhX3gacdLd68+xsYbSII2JvZ2yb2zsS+0ia3skUawEj
QMKzdpErqO+RedsRiJG9fjA65Q1hKWpMoWMuKZWLX+v0iv/OHv57RzLelmPy6Ohw
0/PwCHFzFmOfu2LZd+mCWsrYaBrezGJq9tm+pAsCXSxcj3LuQwZ6d8/wgtS5CeNE
+LoHCbzAcI5WiyU3wbw1qvulVDewL+j0rQoj23Lj2z9ry2K94NMpYji3JMkWI8dS
QXitZd29uZ9l5Jf5Kz9BLHOoO1Q8bEOGB33dLpT+UIjFoJ6wqxNXef6OAECoHGH0
OnEtTuAX
=kNTk
-----END PGP SIGNATURE-----

View File

@ -1,13 +1,80 @@
-------------------------------------------------------------------
Wed May 22 08:32:02 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
- Fix bsdunzip test failing due to a locale issue
* fix-bsdunzip-test.patch
-------------------------------------------------------------------
Tue Apr 30 08:05:28 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
- Update to 3.7.4:
* rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911)
* zip: Fix out of boundary access
* 7zip: Limit amount of properties
* bsdtar: Fix error handling around strtol() usages
* passphrase: Improve newline handling on Windows
* passphrase: Never allow empty passwords
* rar: Fix "File CRC Error" when extracting specific rar4 archives
* xar: Avoid infinite link loop
* zip: Update AppleDouble support for directories
* zstd: Implement core detection
- Update to 3.7.3:
* PCRE2 support
* add trailing letter b to bsdtar(1) substitute pattern
* add support for long options "--group" and "--owner" to tar(1)
* Fix possible vulnerability in tar error reporting introduced in f27c173
* ISO9660: preserve the natural order of links
* rar5: fix decoding unicode filenames on Windows
* rar5: fix infinite loop if during rar5 decompression the last block produced no data
* xz filter: fix incorrect eof at the end of an lzip member
* zip: fix end-of-data marker processing when decompressing zip archives
* multiple bsdunzip(1) fixes
* filetime truncation fix on Windows
- Fix rpmlint warning about summary being too long
-------------------------------------------------------------------
Fri Dec 29 18:39:00 UTC 2023 - Dirk Müller <dmueller@suse.com>
- skip write tests on 32bit, they OOM
-------------------------------------------------------------------
Sun Sep 17 08:53:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 3.7.2:
* Multiple vulnerabilities have been fixed in the PAX writer
* bsdunzip(1) now correctly handles arguments following an
-x after the zipfile
* zstd filter now supports the "long" write option
* SEGV and stack buffer overflow in verbose mode of cpio
* bsdunzip updated to match latest upstream code
* miscellaneous functional bugfixes
-------------------------------------------------------------------
Mon Jul 24 06:36:59 UTC 2023 - Bernhard Wiedemann <bwiedemann@suse.com>
- update to 3.7.0
* bsdunzip port from FreeBSD
* fix 2 year 2038 issues
-------------------------------------------------------------------
Fri Dec 23 07:57:09 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 3.6.2 (bsc#1205629, CVE-2022-36227)
* NULL pointer dereference vulnerability in archive_write.c
* NULL pointer dereference vulnerability in archive_write.c
* include ZSTD in Windows builds (#1688)
* SSL fixes on Windows (#1714, #1723, #1724)
* rar5 reader: fix possible garbled output with bsdtar -O (#1745)
* mtree reader: support reading mtree files with tabs (#1783)
* various small fixes for issues found by CodeQL
- Drop upstream merged CVE-2022-36227.patch
-------------------------------------------------------------------
Tue Nov 22 14:20:36 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2022-36227, Handle a calloc returning NULL
(CVE-2022-36227, bsc#1205629)
* CVE-2022-36227.patch
-------------------------------------------------------------------
Fri Apr 8 17:01:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
@ -19,7 +86,15 @@ Fri Apr 8 17:01:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
* RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
* fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
* fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
- Drop upstream merged fix-CVE-2022-26280.patch
-------------------------------------------------------------------
Tue Apr 7 16:28:45 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
(CVE-2022-26280, bsc#1197634)
* fix-CVE-2022-26280.patch
-------------------------------------------------------------------
Thu Feb 24 19:18:32 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
@ -34,7 +109,19 @@ Thu Feb 24 19:18:32 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
* tar: respect "--ignore-zeros" in c, r and u modes
* reduced size of application binaries
* internal code optimizations
- Drop upstream merged fix-following-symlinks.patch
- Drop upstream merged:
* fix-following-symlinks.patch
* fix-CVE-2021-36976.patch
-------------------------------------------------------------------
Mon Feb 23 14:44:21 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2021-36976 use-after-free in copy_string
(CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
CVE-2017-5601, bsc#1022528, bsc#1189528
-------------------------------------------------------------------
Mon Nov 29 09:00:26 UTC 2021 - Adrian Schröter <adrian@suse.de>
@ -48,7 +135,7 @@ Sun Nov 7 19:13:11 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 3.5.2:
* CPIO: Support for PWB and v7 binary cpio formats
* ZIP reader: Support of deflate algorithm in symbolic link decompression
* ZIP reader: Support of deflate algorithm in symbolic link decompression
* security: fix handling of symbolic link ACLs on Linux (boo#1192425)
* security: never follow symlinks when setting file flags on Linux (boo#1192426)
* security: do not follow symlinks when processing the fixup list (boo#1192427)
@ -58,7 +145,27 @@ Sun Nov 7 19:13:11 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
* ZIP reader: fix excessive read for padded zip
* CAB reader: fix double free
* handle short writes from archive_write_callback
- Drop upstream mereged:
* CVE-2021-23177.patch
* CVE-2021-31566.patch
* bsc1192427.patch
-------------------------------------------------------------------
Fri Oct 21 14:18:01 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2021-31566, modifies file flags of symlink target
(CVE-2021-31566, bsc#1192426.patch)
CVE-2021-31566.patch
- Fix bsc#1192427, processing fixup entries may follow symbolic links
bsc1192427.patch
-------------------------------------------------------------------
Mon Sep 12 14:07:20 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
(CVE-2021-23177, bsc#1192425)
* CVE-2021-23177.patch
-------------------------------------------------------------------
Wed Jan 6 16:11:01 UTC 2021 - Dirk Müller <dmueller@suse.com>
@ -149,7 +256,7 @@ Fri Nov 22 13:17:53 UTC 2019 - Adrian Schröter <adrian@suse.de>
-------------------------------------------------------------------
Sun Aug 18 12:33:05 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
- Switch to cmake build
- Switch to cmake build
- Add lib-suffix.patch to honor LIB_SUFFIX
- Add fix-zstd-test.patch to fix zstd test
- Add fix-soversion.patch to fix the soversion to 13 as autotools
@ -331,7 +438,7 @@ Tue Nov 11 12:07:46 UTC 2014 - jsegitz@novell.com
-------------------------------------------------------------------
Wed May 28 17:18:59 UTC 2014 - crrodriguez@opensuse.org
- libarchive-xattr.patch, fix subtle wrong library check
- libarchive-xattr.patch, fix subtle wrong library check
that causes this package to depend on libattr when it should
be using glibc.
@ -351,15 +458,15 @@ Tue Aug 20 05:34:09 UTC 2013 - crrodriguez@opensuse.org
-------------------------------------------------------------------
Mon Aug 19 21:14:38 UTC 2013 - crrodriguez@opensuse.org
- libarchive-openssl.patch: Call OPENSSL_config where needed,
otherwise on systems configured to use openSSL engines such
- libarchive-openssl.patch: Call OPENSSL_config where needed,
otherwise on systems configured to use openSSL engines such
as via-padlock wont benefit from hardware acceleration.
-------------------------------------------------------------------
Fri Aug 16 20:07:27 UTC 2013 - andreas.stieger@gmx.de
- update to 3.1.2
This is a maintenance update to fix issues with the new RAR
This is a maintenance update to fix issues with the new RAR
seeking feature.
- libarchive's new website moved to http://www.libarchive.org.
@ -428,22 +535,22 @@ Tue Aug 7 18:47:14 UTC 2012 - dimstar@opensuse.org
-------------------------------------------------------------------
Mon May 7 08:35:39 UTC 2012 - werner@suse.de
- Enforce usage of reentrant versions of libc functions
- Enforce usage of reentrant versions of libc functions
-------------------------------------------------------------------
Mon Feb 13 18:19:49 UTC 2012 - dvaleev@suse.com
- fix failed tests on ppc
- fix failed tests on ppc
-------------------------------------------------------------------
Wed Feb 8 10:57:45 UTC 2012 - idonmez@suse.com
- Use %makeinstall to be SLES compatible
- Use %makeinstall to be SLES compatible
-------------------------------------------------------------------
Thu Dec 22 11:27:05 UTC 2011 - werner@suse.de
- For SLES11 work around missing rpm macro
- For SLES11 work around missing rpm macro
-------------------------------------------------------------------
Tue Dec 6 16:00:48 UTC 2011 - coolo@suse.com
@ -468,8 +575,8 @@ Fri Sep 30 08:15:50 UTC 2011 - coolo@suse.com
-------------------------------------------------------------------
Tue Apr 19 13:23:09 UTC 2011 - idoenmez@novell.com
- Add suport for xz and xar archives
- Add libarchive-2.8.4-iso9660-data-types.patch:
- Add suport for xz and xar archives
- Add libarchive-2.8.4-iso9660-data-types.patch:
fix ISO9660 reader data type mismatches
-------------------------------------------------------------------
@ -516,7 +623,7 @@ Sat Sep 6 17:54:11 CEST 2008 - mrueckert@suse.de
-------------------------------------------------------------------
Wed Aug 15 12:58:06 CEST 2007 - ro@suse.de
- fix dependency of devel package
- fix dependency of devel package
-------------------------------------------------------------------
Tue Aug 7 16:47:22 CEST 2007 - mrueckert@suse.de
@ -542,7 +649,7 @@ Mon Jul 30 14:31:32 CEST 2007 - mrueckert@suse.de
Fri Jun 8 01:35:37 CEST 2007 - ro@suse.de
- added ldconfig to post scripts
- remove minitar objects (leave binary there for now)
- remove minitar objects (leave binary there for now)
-------------------------------------------------------------------
Sun Apr 8 20:53:59 CEST 2007 - mrueckert@suse.de

View File

@ -1,7 +1,7 @@
#
# spec file for package libarchive
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -30,9 +30,9 @@
%bcond_without ext2fs
%endif
Name: libarchive
Version: 3.6.2
Version: 3.7.4
Release: 0
Summary: Utility and C library to create and read several different streaming archive formats
Summary: Utility and C library to create and read several streaming archive formats
License: BSD-2-Clause
Group: Productivity/Archiving/Compression
URL: https://www.libarchive.org/
@ -42,6 +42,10 @@ Source2: libarchive.keyring
Source1000: baselibs.conf
Patch1: lib-suffix.patch
Patch2: fix-soversion.patch
# PATCH-FIX-SUSE danilo.spinella@suse.com
# bsdunzip test fails because of a locale issue, set locale properly to fix it
# It will be fixed in the next release
Patch3: fix-bsdunzip-test.patch
BuildRequires: cmake
BuildRequires: libacl-devel
BuildRequires: libbz2-devel
@ -171,7 +175,11 @@ Static library for libarchive
%cmake_build
%check
%ctest
exclude=""
%ifarch %arm %ix86 ppc s390
exclude="-E test_write_filter"
%endif
%ctest $exclude
%install
%cmake_install
@ -188,6 +196,7 @@ sed -i -e '/Libs.private/d' %{buildroot}%{_libdir}/pkgconfig/libarchive.pc
%{_bindir}/bsdcat
%{_bindir}/bsdcpio
%{_bindir}/bsdtar
%{_bindir}/bsdunzip
%{_mandir}/man1/*
%{_mandir}/man5/*