- Update to 3.7.7:

* gzip: prevent a hang when processing a malformed gzip inside a gzip * tar: don't crash on truncated tar archives * tar: fix two leaks in tar header parsing * 7-zip: read/write symlink paths as UTF-8 * cpio: exit with an error code if an entry could not be extracted * rar5: report encrypted entries * tar: fix truncation of entry pathnames in specific archives OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=130
2024-10-29 18:58:22 +00:00 · 2024-10-29 18:58:22 +00:00 · 2970be247c
commit 2970be247c
16 changed files with 1190 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+<constraints>
+  <overwrite>
+    <conditions>
+      <arch>ppc64</arch>
+      <arch>ppc64le</arch>
+    </conditions>
+    <hardware>
+      <physicalmemory>
+        <size unit="M">4096</size>
+      </physicalmemory>
+    </hardware>
+  </overwrite>
+</constraints>
--- a/baselibs.conf
+++ b/baselibs.conf
@ -0,0 +1 @@
+libarchive13
--- a/fix-bsdunzip-test.patch
+++ b/fix-bsdunzip-test.patch
@ -0,0 +1,19 @@
+commit 64e2e88ec326dd37fcb85c9a9d21fa43444a0a59
+Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
+Date:   Wed May 22 10:13:47 2024 +0200
+
+    Fix test failure on openSUSE:Leap:15.5
+
+diff --git a/unzip/test/test_I.c b/unzip/test/test_I.c
+index 5d31ce8d..92e5ce59 100644
+--- a/unzip/test/test_I.c
+++ b/unzip/test/test_I.c
+@@ -45,7 +45,7 @@ DEFINE_TEST(test_I)
+ #endif
+ 
+ 	extract_reference_file(reffile);
+-	r = systemf("%s -I UTF-8 %s >test.out 2>test.err", testprog, reffile);
+	r = systemf("env -uLC_ALL LC_CTYPE=en_US.UTF-8 %s -I UTF-8 %s >test.out 2>test.err", testprog, reffile);
+ 	assertEqualInt(0, r);
+ 	assertNonEmptyFile("test.out");
+ 	assertEmptyFile("test.err");
--- a/fix-soversion.patch
+++ b/fix-soversion.patch
@ -0,0 +1,13 @@
+Index: libarchive-3.4.0/CMakeLists.txt
+===================================================================
+--- libarchive-3.4.0.orig/CMakeLists.txt
+++ libarchive-3.4.0/CMakeLists.txt
+@@ -71,7 +71,7 @@ SET(LIBARCHIVE_VERSION_STRING  "${VERSIO
+ # libarchive 2.9 == interface version 11 = 2 + 9
+ # libarchive 3.0 == interface version 12
+ # libarchive 3.1 == interface version 13
+-math(EXPR INTERFACE_VERSION  "13 + ${_minor}")
+set(INTERFACE_VERSION  "13")
+ 
+ # Set SOVERSION == Interface version
+ # ?? Should there be more here ??
--- a/lib-suffix.patch
+++ b/lib-suffix.patch
@ -0,0 +1,42 @@
+Index: b/libarchive/CMakeLists.txt
+===================================================================
+--- a/libarchive/CMakeLists.txt
+++ b/libarchive/CMakeLists.txt
+@@ -266,13 +266,13 @@ IF(ENABLE_INSTALL)
+   IF(BUILD_SHARED_LIBS)
+     INSTALL(TARGETS archive
+             RUNTIME DESTINATION bin
+-            LIBRARY DESTINATION lib
+-            ARCHIVE DESTINATION lib)
+            LIBRARY DESTINATION lib${LIB_SUFFIX}
+            ARCHIVE DESTINATION lib${LIB_SUFFIX})
+   ENDIF(BUILD_SHARED_LIBS)
+   INSTALL(TARGETS archive_static
+           RUNTIME DESTINATION bin
+-          LIBRARY DESTINATION lib
+-          ARCHIVE DESTINATION lib)
+          LIBRARY DESTINATION lib${LIB_SUFFIX}
+          ARCHIVE DESTINATION lib${LIB_SUFFIX})
+   INSTALL_MAN(${libarchive_MANS})
+   INSTALL(FILES ${include_HEADERS} DESTINATION include)
+ ENDIF()
+Index: b/build/cmake/CreatePkgConfigFile.cmake
+===================================================================
+--- a/build/cmake/CreatePkgConfigFile.cmake
+++ b/build/cmake/CreatePkgConfigFile.cmake
+@@ -4,7 +4,7 @@
+ # Set the required variables (we use the same input file as autotools)
+ SET(prefix ${CMAKE_INSTALL_PREFIX})
+ SET(exec_prefix \${prefix})
+-SET(libdir \${exec_prefix}/lib)
+SET(libdir \${exec_prefix}/lib${LIB_SUFFIX})
+ SET(includedir \${prefix}/include)
+ # Now, this is not particularly pretty, nor is it terribly accurate...
+ # Loop over all our additional libs
+@@ -29,5 +29,5 @@ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DI
+ # And install it, of course ;).
+ IF(ENABLE_INSTALL)
+   INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/build/pkgconfig/libarchive.pc
+-          DESTINATION "lib/pkgconfig")
+          DESTINATION "lib${LIB_SUFFIX}/pkgconfig")
+ ENDIF()
--- a/libarchive-3.7.4.tar.xz
+++ b/libarchive-3.7.4.tar.xz
--- a/libarchive-3.7.4.tar.xz.asc
+++ b/libarchive-3.7.4.tar.xz.asc
@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmYre4IACgkQWEihi48U
+GEvAuwwAmsnbql7+1CW9RuBHitOvHyIL6sHbjR0Hd3ruI9s3FMevMBzPjpb5MgOU
+/D+o0amv1Tv/QSJAid1siZIumgur2hzqglNMK5FkoajpZ1UjYASHHxFoh5qkRKvW
+Ws/ViXMVGB2DlyydzzjFwa0JAAK/IpD9uKPPr6rgt+cRBibkWXuJILbmzi/DF1XH
+zlp/5FGwzY4/zhqbXgz11ZhX3gacdLd68+xsYbSII2JvZ2yb2zsS+0ia3skUawEj
+QMKzdpErqO+RedsRiJG9fjA65Q1hKWpMoWMuKZWLX+v0iv/OHv57RzLelmPy6Ohw
+0/PwCHFzFmOfu2LZd+mCWsrYaBrezGJq9tm+pAsCXSxcj3LuQwZ6d8/wgtS5CeNE
+LoHCbzAcI5WiyU3wbw1qvulVDewL+j0rQoj23Lj2z9ry2K94NMpYji3JMkWI8dS
+QXitZd29uZ9l5Jf5Kz9BLHOoO1Q8bEOGB33dLpT+UIjFoJ6wqxNXef6OAECoHGH0
+OnEtTuAX
+=kNTk
+-----END PGP SIGNATURE-----
--- a/libarchive-3.7.6.tar.xz
+++ b/libarchive-3.7.6.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0a2efdcb185da2eb1e7cd8421434cb9a6119f72417a13335cca378d476fd3ba0
+size 5458552
--- a/libarchive-3.7.6.tar.xz.asc
+++ b/libarchive-3.7.6.tar.xz.asc
@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmbxNkUACgkQWEihi48U
+GEu+SQwAqe5TjNK7cC1bF0MBthJ+2QQkxCASYJ9ZrvVPS0wBrNGvCx4UvAtR/pVZ
+gnvHJmRA60nY7cLvKyDAysmDfq3x5mIBUha/WzEo35NkvTXBOcttzXxWF0GziHtR
+WGyk8SK8SWICxsgIlp219xS+E+pWA1dPH2mi6o0DZZTrqpt5RM3rD6mkxUmKCerh
+Kqn2aN754Mtt41fMixZpnwVQlXW0H9M/WoGIPUIXfRuA2s3Atyh/RL0nvbOJOWOD
+KlNFlKh4kEEg/13v7Ui1UOcTNRKkMjfB7Th8koSZiVPPLd6h2lwOOJk1YQlwdunN
+OsgqqB4f6rrW58r2Ce3abOCL4kdLGeIO72Cm/qWcpZHVn3k/xBB8qhrczMqB+URd
+U+tHlV65kR4qqv/POZdGqTQ0W0tyqKl4Zp8wvfW2vyuXnYXjQV4cjp4M1ta/KGVb
+zXDQynRdLx59RyIV3nZUUulAJoVjSuWTIry0WLKc9g0wnCx783fBunLJTeSxNrtK
+q719Bv4A
+=VN99
+-----END PGP SIGNATURE-----
--- a/libarchive-3.7.7.tar.xz
+++ b/libarchive-3.7.7.tar.xz
--- a/libarchive-3.7.7.tar.xz.asc
+++ b/libarchive-3.7.7.tar.xz.asc
@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmcLhAYACgkQWEihi48U
+GEvyiwv7B3V7pViPWDiSzWVz4ZDf2ooCr9T71z9VwMn/fJD9roMI8bxzgmCbsVcq
+tFWsoQcFfB3pj2hfD/VL6yYclL8Wj+qYFap7iVqHW55yqL6EIiQcgrwbQp8VecL/
+oRZaFngsNApR3DpaCespkga9JazyT6J9vUZkBZpYAWgk1hpUcGmFGquOM+6raadU
+b7I6be+a1rSbg10cwFTzk0rdg3tenDSB+GfOVI0ifBmtTlfMxLgBBz45UBFg26Bi
+FzIsRrbGXz7aM+Kq5Y9PHnbsxCQXhXdeNXanYtfdnf44nmHv+3DfM2d6KQGRr7Q9
+M5g/OWvJxWyOYcNC14HGLMzAbY7nvQauOoFV4+QoXesSRnxmw/H8T6UNhsRv5kbr
+okqmlofJmhn/xLgOzwsgHCwwRINh0iaEfxpXKyKGqAEcF8pUCFm40NDaNc+s19uo
+W9oPYIVLEdQMZfUKdgRSjVYHVOmd/cBaQtqFlU9+WJeABVlq35u2fYb5ZmMUJ/Fh
+43mpllMc
+=9DT8
+-----END PGP SIGNATURE-----
--- a/libarchive.changes
+++ b/libarchive.changes
@ -0,0 +1,760 @@
+-------------------------------------------------------------------
+Thu Oct 17 08:41:56 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Update to 3.7.7:
+  * gzip: prevent a hang when processing a malformed gzip inside a gzip
+  * tar: don't crash on truncated tar archives
+  * tar: fix two leaks in tar header parsing
+  * 7-zip: read/write symlink paths as UTF-8
+  * cpio: exit with an error code if an entry could not be extracted
+  * rar5: report encrypted entries
+  * tar: fix truncation of entry pathnames in specific archives
+
+-------------------------------------------------------------------
+Fri Sep 27 19:15:54 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Update to 3.7.6:
+  * tar: clean up linkpath between entries
+  * tar: fix memory leaks when processing symlinks or parsing pax headers
+  * iso: be more cautious about parsing ISO-9660 timestamps
+- Version 3.7.5 changes:
+  * fix multiple vulnerabilities identified by SAST
+  * cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
+  * lzop: prevent integer overflow
+  * rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971)
+  * rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972)
+  * rar4: fix OOB in delta and audio filter
+  * rar4: fix out of boundary access with large files
+  * rar4: add boundary checks to rgb filter
+  * rar4: fix OOB access with unicode filenames
+  * rar5: clear 'data ready' cache on window buffer reallocs
+  * rpm: calculate huge header sizes correctly
+  * unzip: unify EOF handling
+  * util: fix out of boundary access in mktemp functions
+  * uu: stop processing if lines are too long
+  * 7zip: fix issue when skipping first file in 7zip archive that is a multiple
+    of 65536 bytes
+  * ar: fix archive entries having no type
+  * lha: do not allow negative file sizes
+  * lha: fix integer truncation on 32-bit systems
+  * shar: check strdup return value
+  * rar5: don't try to read rediculously long names
+  * xar: fix another infinite loop and expat error handling
+  * many Windows fixes, cleanups and improvements
+- Drop fix-soversion.patch, fix-bsdunzip-test.patch
+  * Fixed upstream
+
+-------------------------------------------------------------------
+Thu Jun 20 14:56:58 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Update lib-suffix.patch
+  * Add LIB_SUFFIX to libdir path in the pkg-config file
+
+-------------------------------------------------------------------
+Wed May 22 08:32:02 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Fix bsdunzip test failing due to a locale issue
+  * fix-bsdunzip-test.patch
+
+-------------------------------------------------------------------
+Tue Apr 30 08:05:28 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Update to 3.7.4:
+    * rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911)
+    * zip: Fix out of boundary access
+    * 7zip: Limit amount of properties
+    * bsdtar: Fix error handling around strtol() usages
+    * passphrase: Improve newline handling on Windows
+    * passphrase: Never allow empty passwords
+    * rar: Fix "File CRC Error" when extracting specific rar4 archives
+    * xar: Avoid infinite link loop
+    * zip: Update AppleDouble support for directories
+    * zstd: Implement core detection
+- Update to 3.7.3:
+    * PCRE2 support
+    * add trailing letter b to bsdtar(1) substitute pattern
+    * add support for long options "--group" and "--owner" to tar(1)
+    * Fix possible vulnerability in tar error reporting introduced in f27c173
+    * ISO9660: preserve the natural order of links
+    * rar5: fix decoding unicode filenames on Windows
+    * rar5: fix infinite loop if during rar5 decompression the last block produced no data
+    * xz filter: fix incorrect eof at the end of an lzip member
+    * zip: fix end-of-data marker processing when decompressing zip archives
+    * multiple bsdunzip(1) fixes
+    * filetime truncation fix on Windows
+- Fix rpmlint warning about summary being too long
+
+-------------------------------------------------------------------
+Fri Dec 29 18:39:00 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- skip write tests on 32bit, they OOM
+
+-------------------------------------------------------------------
+Sun Sep 17 08:53:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.7.2:
+  * Multiple vulnerabilities have been fixed in the PAX writer
+  * bsdunzip(1) now correctly handles arguments following an
+    -x after the zipfile
+  * zstd filter now supports the "long" write option
+  * SEGV and stack buffer overflow in verbose mode of cpio
+  * bsdunzip updated to match latest upstream code
+  * miscellaneous functional bugfixes
+
+
+-------------------------------------------------------------------
+Mon Jul 24 06:36:59 UTC 2023 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- update to 3.7.0
+  * bsdunzip port from FreeBSD
+  * fix 2 year 2038 issues
+
+-------------------------------------------------------------------
+Fri Dec 23 07:57:09 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.6.2 (bsc#1205629, CVE-2022-36227)
+  * NULL pointer dereference vulnerability in archive_write.c
+  * include ZSTD in Windows builds (#1688)
+  * SSL fixes on Windows (#1714, #1723, #1724)
+  * rar5 reader: fix possible garbled output with bsdtar -O (#1745)
+  * mtree reader: support reading mtree files with tabs (#1783)
+  * various small fixes for issues found by CodeQL
+- Drop upstream merged CVE-2022-36227.patch
+
+-------------------------------------------------------------------
+Tue Nov 22 14:20:36 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Fix CVE-2022-36227, Handle a calloc returning NULL
+  (CVE-2022-36227, bsc#1205629)
+  * CVE-2022-36227.patch
+
+-------------------------------------------------------------------
+Fri Apr  8 17:01:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.6.1:
+  * 7zip reader: fix PPMD read beyond boundary (#1671)
+  * ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
+  * ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
+  * RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
+  * fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
+  * fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
+  * fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
+- Drop upstream merged fix-CVE-2022-26280.patch
+
+-------------------------------------------------------------------
+Tue Apr  7 16:28:45 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
+  (CVE-2022-26280, bsc#1197634)
+  * fix-CVE-2022-26280.patch
+
+-------------------------------------------------------------------
+Thu Feb 24 19:18:32 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update to 3.6.0
+  * Fix use-after-free bug (CVE-2021-36976)
+  * tar: new option "--no-read-sparse"
+  * tar: threads support for zstd
+  * RAR reader: filter support
+  * RAR5 reader: self-extracting archive support
+  * ZIP reader: zstd decompression support
+  * tar: respect "--ignore-zeros" in c, r and u modes
+  * reduced size of application binaries
+  * internal code optimizations
+- Drop upstream merged:
+  * fix-following-symlinks.patch
+  * fix-CVE-2021-36976.patch
+
+-------------------------------------------------------------------
+Mon Feb 23 14:44:21 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Fix CVE-2021-36976 use-after-free in copy_string
+  (CVE-2021-36976, bsc#1188572)
+  * fix-CVE-2021-36976.patch
+- The following issues have already been fixed in this package but
+  weren't previously mentioned in the changes file:
+  CVE-2017-5601, bsc#1022528, bsc#1189528
+
+-------------------------------------------------------------------
+Mon Nov 29 09:00:26 UTC 2021 - Adrian Schröter <adrian@suse.de>
+
+- fix permission settings on following symlinks (fix-following-symlinks.patch)
+  this fixes also wrong permissions of /var/tmp in factory systems
+  CVE-2021-31566
+
+-------------------------------------------------------------------
+Sun Nov  7 19:13:11 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 3.5.2:
+  * CPIO: Support for PWB and v7 binary cpio formats
+  * ZIP reader: Support of deflate algorithm in symbolic link decompression
+  * security: fix handling of symbolic link ACLs on Linux (boo#1192425)
+  * security: never follow symlinks when setting file flags on Linux (boo#1192426)
+  * security: do not follow symlinks when processing the fixup list (boo#1192427)
+  * fix extraction of hardlinks to symlinks
+  * 7zip reader and writer fixes
+  * RAR reader fixes
+  * ZIP reader: fix excessive read for padded zip
+  * CAB reader: fix double free
+  * handle short writes from archive_write_callback
+- Drop upstream mereged:
+  * CVE-2021-23177.patch
+  * CVE-2021-31566.patch
+  * bsc1192427.patch
+
+-------------------------------------------------------------------
+Fri Oct 21 14:18:01 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Fix CVE-2021-31566, modifies file flags of symlink target
+  (CVE-2021-31566, bsc#1192426.patch)
+  CVE-2021-31566.patch
+- Fix bsc#1192427, processing fixup entries may follow symbolic links
+  bsc1192427.patch
+
+-------------------------------------------------------------------
+Mon Sep 12 14:07:20 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
+  (CVE-2021-23177, bsc#1192425)
+  * CVE-2021-23177.patch
+
+-------------------------------------------------------------------
+Wed Jan  6 16:11:01 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.5.1:
+  * various compilation fixes (#1461, #1462, #1463, #1464)
+  * fixed undefined behavior in a function in warc reader (#1465)
+
+-------------------------------------------------------------------
+Tue Dec  1 10:24:21 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
+
+- Update to version 3.5.0
+  New features:
+  * mtree digest reader support (#1347)
+  * completed support for UTF-8 encoding conversion (#1389)
+  * minor API enhancements (#1258, #1405)
+  * support for system extended attributes (#1409)
+  * support for decompression of symbolic links in zipx archives (#1435)
+  Important bugfixes
+  * fixed extraction of archives with hard links pointing to itself (#1381)
+  * cpio fixes (#1387, #1388)
+  * fixed uninitialized size in rar5_read_data (#1408)
+  * fixed memory leaks in error case of archive_write_open() functions (#1456)
+- Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream.
+
+-------------------------------------------------------------------
+Mon Sep  7 17:17:45 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- fix build with binutils submitted to Factory, adding upstream
+  libarchive-3.4.3-fix_test_write_disk_secure.patch
+
+-------------------------------------------------------------------
+Wed May 20 05:14:18 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
+
+- Update to version 3.4.3
+  * support for pzstd compressed files (#1357)
+  * support for RHT.security.selinux tar extended attribute (#1348)
+  * various zstd fixes and improvements (#1342 #1352 #1359)
+  * child process handling fixes (#1372)
+
+-------------------------------------------------------------------
+Tue Feb 18 14:46:07 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
+
+- Switch back to cmake build now that cmake-mini exists, this will
+  no longer create a build-cycle.
+
+-------------------------------------------------------------------
+Wed Feb 12 08:34:50 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
+
+- Update to version 3.4.2
+  New features:
+  * support for atomic file extraction (bsdtar -x --safe-writes) (#1289)
+  * support for mbed TLS (PolarSSL) (#1301)
+  Important bugfixes:
+  * security fixes in RAR5 reader (#1280 #1326)
+  * compression buffer fix in XAR writer (#1317)
+  * fix uname and gname longer than 32 characters in PAX writer (#1319)
+  * fix segfault when archiving hard links in ISO9660 and XAR writers (#1325)
+  * fix support for extracting 7z archive entries with Delta filter (#987)
+
+-------------------------------------------------------------------
+Mon Dec 30 08:40:05 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
+
+- Revert back to autoconf, cmake introduces a cycle. Leave cmake
+  patches in since they are basically correct and might be useful
+  in the future.
+
+-------------------------------------------------------------------
+Mon Dec 30 08:14:13 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
+
+- Update to version 3.4.1
+  New features:
+  * Unicode filename support for reading lha/lzh archives
+  * New pax write option "xattrhdr"
+  Important bugfixes:
+  * security fixes in wide string processing (#1276 #1298)
+  * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221
+  * security fixes and optimizations to write filter logic (#351)
+  * security fix related to use of readlink(2) (1dae5a5)
+  * sparse file handling fixes (#1218 #1260)
+- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream
+
+-------------------------------------------------------------------
+Fri Nov 22 13:17:53 UTC 2019 - Adrian Schröter <adrian@suse.de>
+
+- fix bsc#1157569
+  CVE-2019-19221.patch out-of-bounds read in libarchive
+
+-------------------------------------------------------------------
+Sun Aug 18 12:33:05 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
+
+- Switch to cmake build
+- Add lib-suffix.patch to honor LIB_SUFFIX
+- Add fix-zstd-test.patch to fix zstd test
+- Add fix-soversion.patch to fix the soversion to 13 as autotools
+
+-------------------------------------------------------------------
+Thu Jun 20 11:35:15 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
+
+- Add lz4 and zstd support
+- Add BuildRequires on liblz4-devel and libzstd-devel
+
+-------------------------------------------------------------------
+Thu Jun 13 08:00:36 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
+
+- Update to version 3.4.0
+  * Support for file and directory symlinks on Windows
+  * Read support for RAR 5.0 archives
+  * Read support for ZIPX archives with xz, lzma, ppmd8 and
+    bzip2 compression
+  * Support for non-recursive list and extract
+  * New tar option: --exclude-vcs
+  * Improved file attribute support on Linux and file flags support
+    on FreeBSD
+  * Fix reading Android APK archives (#1055 )
+  * Fix problems related to unreadable directories (#1167)
+  * A two-digit number of OSS-Fuzz issues was resolved in this release
+    including CVE-2019-18408
+- Add libarchive.keyring and validate the tarball signature
+- Drop all security patches, fixed upstream:
+  * CVE-2018-1000877.patch
+  * CVE-2018-1000878.patch
+  * CVE-2018-1000879.patch
+  * CVE-2018-1000880.patch
+  * CVE-2019-1000019.patch
+  * CVE-2019-1000020.patch
+
+-------------------------------------------------------------------
+Tue Feb  5 15:16:08 UTC 2019 - Adrian Schröter <adrian@suse.de>
+
+- Added patches:
+  * CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
+  * CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)
+
+-------------------------------------------------------------------
+Thu Jan  3 15:26:58 UTC 2019 - Karol Babioch <kbabioch@suse.de>
+
+- Added patches:
+  * CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR
+    decoder (CVE-2018-1000877 bsc#1120653)
+  * CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR
+    decoder (CVE-2018-1000878 bsc#1120654)
+  * CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference
+    vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
+  * CVE-2018-1000880.patch, which fixes an improper input validation
+    vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)
+- Make use of %license macro
+- Applied spec-cleaner
+
+-------------------------------------------------------------------
+Tue Sep 18 07:08:54 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
+
+- Fix RPM groups. Remove idempotent %if..%endif guards.
+  Diversify summaries. Set CFLAGS instead of re-defining
+  optflags with itself.
+
+-------------------------------------------------------------------
+Fri Sep 14 06:57:14 UTC 2018 - Adrian Schröter <adrian@suse.de>
+
+- update to version 3.3.3
+  * Avoid super-linear slowdown on malformed mtree files
+  * Many fixes for building with Visual Studio
+  * NO_OVERWRITE doesn't change existing directory attributes
+  * New support for Zstandard read and write filters
+- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503
+- fix-CVE-2017-14166.patch is obsolete
+
+-------------------------------------------------------------------
+Thu Sep  7 07:05:15 UTC 2017 - adrian@suse.de
+
+- update to version 3.3.2
+  * NFSv4 ACL support for Linux (librichacl)
+- fix-CVE-2017-14166.patch (boo#1057514)
+
+-------------------------------------------------------------------
+Mon Apr  3 14:44:27 UTC 2017 - adrian@suse.de
+
+- update to version 3.3.1
+  * Security & Feature release
+    Details are not documented from upstream yet
+    fix-extract-over-links.patch and libarchive-openssl.patch obsoleted
+
+-------------------------------------------------------------------
+Fri Dec  2 13:37:54 UTC 2016 - adrian@suse.com
+
+- fix extracting over symlinks: fix-extract-over-links.patch
+  the problem is solved upstream different, but git master
+  is too different atm.
+
+-------------------------------------------------------------------
+Wed Oct 26 09:27:32 UTC 2016 - adrian@suse.com
+
+- update to version 3.2.2
+  Unspecified security fixes, but at least:
+  * CVE-2016-8687
+  * CVE-2016-8689
+  * CVE-2016-8688
+  * CVE-2016-5844
+  * CVE-2016-6250
+  * CVE-2016-5418
+- obsoletes fix-build.patch
+
+-------------------------------------------------------------------
+Sat Jul 23 21:13:34 UTC 2016 - dmueller@suse.com
+
+- make bsdtar require a matching libarchive version to avoid
+  missing symbol errors
+
+-------------------------------------------------------------------
+Mon Jun 20 10:31:43 UTC 2016 - adrian@suse.de
+
+- update to version 3.2.1
+  Fixes a number of security issues:
+    CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300
+- and fixing the build (fix-build.patch)
+
+-------------------------------------------------------------------
+Thu Jun 16 09:33:17 UTC 2016 - adrian@suse.de
+
+- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990)
+  CVE-2016-4809.patch
+
+-------------------------------------------------------------------
+Mon May  9 08:42:19 UTC 2016 - adrian@suse.de
+
+- 4GB _constraints for ppc64le only, it would break other archs
+
+- update to version 3.2.0
+  * Fixes CVE-2016-1541
+  * Fixes CVE-2015-8928
+  * changes are only documented in git history
+  * updated openssl patch
+  * new bsdcat utility
+
+- removed obsolete patches for:
+  * CVE-2013-0211.patch
+  * directory-traversal-fix.patch
+  * libarchive-xattr.patch
+
+-------------------------------------------------------------------
+Fri May  6 14:45:14 UTC 2016 - normand@linux.vnet.ibm.com
+
+- add _constraints memory 4096MB to avoid ppc64le build failure
+
+-------------------------------------------------------------------
+Sat Sep 19 20:17:41 UTC 2015 - astieger@suse.com
+
+- build static lib on RHEL 7
+
+-------------------------------------------------------------------
+Sun Mar 22 19:51:10 UTC 2015 - astieger@suse.com
+
+- RHEL/CentOS build fix, skipping autoreconf
+
+-------------------------------------------------------------------
+Sun Mar 15 20:11:00 UTC 2015 - astieger@suse.com
+
+- add CVE for previous change
+
+-------------------------------------------------------------------
+Thu Mar  5 13:36:09 UTC 2015 - adrian@suse.com
+
+- fix a directory traversal in cpio tool (bnc#920870)
+  directory-traversal-fix.patch CVE-2015-2304
+
+-------------------------------------------------------------------
+Tue Nov 11 12:07:46 UTC 2014 - jsegitz@novell.com
+
+- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)
+
+-------------------------------------------------------------------
+Wed May 28 17:18:59 UTC 2014 - crrodriguez@opensuse.org
+
+- libarchive-xattr.patch, fix subtle wrong library check
+  that causes this package to depend on libattr when it should
+  be using glibc.
+
+-------------------------------------------------------------------
+Sun Nov 24 16:22:02 UTC 2013 - andreas.stieger@gmx.de
+
+- add optional -static-devel library package, intended to publish pixz
+  for CentOS / RHEL, default off
+- skip some dependencies not required for pixz on CentOS / RHEL
+
+-------------------------------------------------------------------
+Tue Aug 20 05:34:09 UTC 2013 - crrodriguez@opensuse.org
+
+- remove artificial dependencies on libacl-devel, libbz2-devel,
+  zlib-devel from libarchive-devel.
+
+-------------------------------------------------------------------
+Mon Aug 19 21:14:38 UTC 2013 - crrodriguez@opensuse.org
+
+- libarchive-openssl.patch: Call OPENSSL_config where needed,
+  otherwise on systems configured to use openSSL engines such
+  as via-padlock wont benefit from hardware acceleration.
+
+-------------------------------------------------------------------
+Fri Aug 16 20:07:27 UTC 2013 - andreas.stieger@gmx.de
+
+- update to 3.1.2
+  This is a maintenance update to fix issues with the new RAR
+  seeking feature.
+- libarchive's new website moved to http://www.libarchive.org.
+
+-------------------------------------------------------------------
+Sun Jun 16 23:59:28 UTC 2013 - jengelh@inai.de
+
+- Explicitly list libattr-devel as BuildRequires (and sort those)
+
+-------------------------------------------------------------------
+Wed Feb 13 08:05:35 UTC 2013 - werner@suse.de
+
+- Use %libname macro to be consistent throughout the spec file
+
+-------------------------------------------------------------------
+Tue Feb  5 18:48:08 UTC 2013 - p.drouand@gmail.com
+
+- Update to version 3.1.1:
+  + Fix an issue with the soname versioning in builds of libarchive
+    using cmake
+- Removed patchs; fixed and merged on upstream release:
+  * libarchive-fix-checks.patch
+  * libarchive-ppc64.patch
+- The soname has changed and pass to 13.
+
+-------------------------------------------------------------------
+Thu Aug 23 08:30:05 UTC 2012 - dvaleev@suse.com
+
+- libarchive-ppc64.patch:
+  fix http://code.google.com/p/libarchive/issues/detail?id=277
+  test_option_b and test_option_nodump are failing on ppc64
+
+-------------------------------------------------------------------
+Thu Aug  9 09:05:01 UTC 2012 - cfarrell@suse.com
+
+- license update: BSD-2-Clause
+  The COPYING file shows that the package is predominantly BSD-2-Clause
+  licensed
+
+-------------------------------------------------------------------
+Tue Aug  7 18:47:14 UTC 2012 - dimstar@opensuse.org
+
+- Update to version 3.0.4:
+  + libarchive development moved to http://libarchive.github.com/
+- Changes from version 3.0.2:
+  + Various fixes merged from FreeBSD
+  + Symlink support in Zip reader and writer
+  + Robustness fixes to 7Zip reader
+- Changes from version 3.0.1b:
+  + 7Zip reader
+  + Small fixes to ISO and Zip to improve robustness with corrupted
+    input
+  + Improve streaming Zip reader's support for uncompressed entries
+  + New seeking Zip reader supports SFX Zip archives
+  + Build fixes on Windows
+- For more changes since 2.8.5, please see NEWS file
+- Update URL Tag to represent new home of the project.
+- Rename libarchive2 to libarchive12, following upstreams soname
+  bumps.
+- Add libarchive-fix-checks.patch: Fix gcc 4.7 side effects.
+- Drop libarchive-test-fuzz.patch: fixed upstream.
+- Drop libarchive-ignore-sigpipe-in-test-suite.patch: fixed
+  upstream.
+- Drop libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: upstream
+  rejected the patch. Seems to be too theoretical problem.
+
+-------------------------------------------------------------------
+Mon May  7 08:35:39 UTC 2012 - werner@suse.de
+
+- Enforce usage of reentrant versions of libc functions
+
+-------------------------------------------------------------------
+Mon Feb 13 18:19:49 UTC 2012 - dvaleev@suse.com
+
+- fix failed tests on ppc
+
+-------------------------------------------------------------------
+Wed Feb  8 10:57:45 UTC 2012 - idonmez@suse.com
+
+- Use %makeinstall to be SLES compatible
+
+-------------------------------------------------------------------
+Thu Dec 22 11:27:05 UTC 2011 - werner@suse.de
+
+- For SLES11 work around missing rpm macro
+
+-------------------------------------------------------------------
+Tue Dec  6 16:00:48 UTC 2011 - coolo@suse.com
+
+- rename main package to libarchive
+
+-------------------------------------------------------------------
+Tue Dec  6 16:00:32 UTC 2011 - coolo@suse.com
+
+- Update to libarchive 2.8.5 (from werner)
+ * Fix issue 134: Improve handling of open failures
+ * Fix issue 119: Relax ISO verification
+ * Fix issue 121: mtree parsing
+ * Fix extraction of GNU tar 'D' directory entries
+ * Be less demanding in LZMA/XZ compression tests
+
+-------------------------------------------------------------------
+Fri Sep 30 08:15:50 UTC 2011 - coolo@suse.com
+
+- add baselibs.conf for PackageKit to use
+
+-------------------------------------------------------------------
+Tue Apr 19 13:23:09 UTC 2011 - idoenmez@novell.com
+
+- Add suport for xz and xar archives
+- Add libarchive-2.8.4-iso9660-data-types.patch:
+  fix ISO9660 reader data type mismatches
+
+-------------------------------------------------------------------
+Thu Nov 11 13:36:59 UTC 2010 - puzel@novell.com
+
+- udpate to libarchive-2.8.4
+  - see /usr/share/doc/packages/libarchive2/NEWS for changes
+- drop libarchive-2.5.5_fix_testsuite.patch (upstream)
+- update libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch
+- clean up specfile
+- disable make check for now
+
+-------------------------------------------------------------------
+Wed Jan  6 04:36:37 UTC 2010 - jengelh@medozas.de
+
+- enable parallel building
+
+-------------------------------------------------------------------
+Wed Oct 29 17:24:49 CET 2008 - mrueckert@suse.de
+
+- added libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch:
+  it can happen that your system at build times supports lutimes
+  but later at runtime the needed syscall is missing.
+
+-------------------------------------------------------------------
+Mon Sep  8 17:57:29 CEST 2008 - mrueckert@suse.de
+
+- fix rm calls in %install
+
+-------------------------------------------------------------------
+Sat Sep  6 17:54:11 CEST 2008 - mrueckert@suse.de
+
+- update to 2.5.5
+  This is a major version bump again: it incorporates
+  lots of bugfixes and improvements.
+  For all the details please see
+  /usr/share/doc/packages/libarchive2/NEWS
+- drop the .la file
+- dropped patch libarchive-2.2.5_rpath.patch:
+  no longer needed
+- added libarchive-2.5.5_fix_testsuite.patch:
+  added missing mode to open() with O_CREAT
+
+-------------------------------------------------------------------
+Wed Aug 15 12:58:06 CEST 2007 - ro@suse.de
+
+- fix dependency of devel package
+
+-------------------------------------------------------------------
+Tue Aug  7 16:47:22 CEST 2007 - mrueckert@suse.de
+
+- restructured package:
+  bsdtar is now the main package and libarchive2 and libarchive-devel
+  the subpackages. This saves us a rename on soversion bumps.
+
+-------------------------------------------------------------------
+Mon Jul 30 14:31:32 CEST 2007 - mrueckert@suse.de
+
+- update to 2.2.5  (#291358)
+  This is a major version bump. For a full list of all changes see
+  /usr/share/doc/packages/libarchive/NEWS. Mostly notable this up-
+  date includes the fixes for the following security bugs:
+  Errors handling corrupt tar files in libarchive
+  (CVE-2007-3641, CVE-2007-3644, CVE-2007-3645)
+- added libarchive-2.2.5_rpath.patch:
+  dont set a rpath on the builddir.
+- no longer building the static lib
+
+-------------------------------------------------------------------
+Fri Jun  8 01:35:37 CEST 2007 - ro@suse.de
+
+- added ldconfig to post scripts
+- remove minitar objects (leave binary there for now)
+
+-------------------------------------------------------------------
+Sun Apr  8 20:53:59 CEST 2007 - mrueckert@suse.de
+
+- updated to 2.0.28
+- removed all patches:
+  included upstream
+
+-------------------------------------------------------------------
+Sat Mar 24 20:07:04 CET 2007 - mrueckert@suse.de
+
+- require libbz2-devel on >= 10.3
+
+-------------------------------------------------------------------
+Sat Mar 24 16:30:08 CET 2007 - aj@suse.de
+
+- Change requires for libbz2 split.
+
+-------------------------------------------------------------------
+Tue Mar  6 16:49:29 CET 2007 - mrueckert@suse.de
+
+- updated bsdtar-1.2.53_ext2_include.patch:
+  the old fix was not complete and on newer glibc/kernel-headers it
+  seems you need to include linux/fs.h explicitly
+  new name: bsdtar-1.3.1_linux_fs_includes.patch
+- build with -fno-strict-aliasing
+
+-------------------------------------------------------------------
+Fri Nov 10 13:01:38 CET 2006 - mrueckert@suse.de
+
+- added SA-06-24_libarchive.patch:
+  fix DOS in libarchive (CVE-2006-5680)
+  http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc
+
+-------------------------------------------------------------------
+Fri Sep 22 13:03:42 CET 2006 - mrueckert@suse.de
+
+- update to version 1.3.1
+
+-------------------------------------------------------------------
+Thu Apr 27 02:32:57 CEST 2006 - mrueckert@suse.de
+
+- updated to 1.2.53:
+  Upstream merged the source tarball.
+  Splitted of a bsdtar package
+
+-------------------------------------------------------------------
+Mon Feb 27 19:24:00 CET 2006 - mrueckert@suse.de
+
+- fixed building of debuginfo package
+
+-------------------------------------------------------------------
+Mon Feb 27 18:32:04 CET 2006 - mrueckert@suse.de
+
+- libarchive 1.2.38
+
--- a/libarchive.keyring
+++ b/libarchive.keyring
@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGOTSakBDADYnE8uP/uR+viUTGNdMG8tWtoopvEEACFOwqx6NPb9sXvip5z2
+0ochmO+jNqbV+OiS/6gjpd2f2fmJ241ooqbqZrWklabohbr2ros25bmi1C/77FEK
+sGulay334p1LXPxQA3kjEQSINMresnt8FYCO5q50VHgmnhSNaom8jPAy9S06fWqP
+yXAXoJ53hwzYN6Bgb2CnU5FTwC9O4v5sI4wjQYq5JC9cbl1hM5PzC5bIse79l5Nq
+YTsSuSY2RhOQ7w6L6V295l7C6TPkPBcqkg4Q+AYzdTTZagMN9NcchembtR/aMbuE
+xg1PiUMdPOu99uW605XikwwYTy0ZGlz7GZE9EcpoBaoSX5m3haM5k59e5839YtnC
+VbS0XOLCDp8uPMbLElGsLH6J1f1RxxV+h4r6ZypDSC0vTi54qI1nxsdJm1n21iwQ
+0zP77oLUaIc+Nb0Mmh61+YFPLMgeHlfEsnsYzTWJU/tt6rlFFECKSlBGkiIXy1Ie
+yKx2D+OlCZJ7FQMAEQEAAbQjTWFydGluIE1hdHVza2EgPG1hcnRpbkBtYXR1c2th
+Lm9yZz6JAdQEEwEKAD4WIQTbLHzxtMJl+u9W4/xYSKGLjxQYSwUCY5NMJAIbAwUJ
+BaOagAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBYSKGLjxQYS8wPDACGqLMh
+K5QGA3fjAY5GxEmYUOLB/0fwtCCsW9I1oVOkqdjR72c6iEKcPDcRpU1Xavncb/Kk
+N3kD/xQAVpNhn5tIfNAhflZIeB/2gsOv79qBKyo9SkM9TpdNd60H/uOEeYFA0fPF
+qXvrtdxK9gL3qkZtThvGnW49OlAHd8HvOMHCfCWMvJfwnt19PH/HR3cI3aXQHe3a
+Oek3+E4eKlCruOm0CM1OKfv6FuO79URSw2NB+Tskj2NW91jIF8iZXveR/qi1lupn
+AMLhXXpSJOmRGepKvfPRYoV7llSgSOdE+lElC6ljpe41T19c2PiVxUJOJmT4mtJo
+9ghVUeIkUhXNpAU/5I6QAtPoGQfQVcE23PtFM7gibC3nL7yPT8igi904msOIxoUk
+4kTOUCmW1KcGRT8SNnOrMkdEDGBg1QNNx7D/jyQf6umg4si3wu5NoVYr4eGorDxu
+J0Jq2wm42JQDnXWnmoQpO/XwaOwV+OIveMHd0jgtqYHsQiry8IpUWb/0is60H01h
+cnRpbiBNYXR1c2thIDxtbUBGcmVlQlNELm9yZz6JAdQEEwEKAD4WIQTbLHzxtMJl
+u9W4/xYSKGLjxQYSwUCY5NJqQIbAwUJBaOagAULCQgHAgYVCgkICwIEFgIDAQIe
+AQIXgAAKCRBYSKGLjxQYS2z5DADN7TMpp246axc2NYYTzmHM1iN39EERH/gXT7dl
+d9uY9i1dPZrtzuLoh/yQX8z3P/WeR2czSRWhkxqZ4R64oYiOq2VA1aJ9QopFKIi
+DA1mzTjDvuFiuhVR0484gxXf4N6peVhEoGZvUhLaR1n4L5ykAGwKLyqwOQqwK/BX
+jxDSgM45bCWhImE6yux6yNrOYTGZA0IsRShRoDbmXvPZPBxMvQEa8RnzI9QqxbZR
+17bNCt4VRYXUUpD1vAccJcLl1UGK12OSIevuUdv17Y05Da4IOhGHz9dXsojeFX4u
+S7h1JsGZFV4O7XyVpnF5qwqYukN/ScYg2QJIkm/Is3m2AVx58xh2twoFfBew6qID
+tnuWtzKlIqOlFST5nhSCaIAoGiVDEisXMY1ZffUJsugaKK6cufCw16dU9C3Kez4T
+ap5j1vkIdPylL7i631g7UnNvpi/5ZaxAB3yB00G0LKqTRGjqRAaXnCDuXA89brLF
+/wLqwsOROw6B1iQ/OyDhTPS0z6i5AY0EY5NJqQEMALs/XcCV+Xe34TA/eOWyQ4Qe
+qbNMdjNBxXW3gpapCG5pMKtlrN/elyYTPJHeas63VWWYyWEhpfb54gISyZOrkwU2
+S6kRtNSw4dADLDbMjfclB+EMKkF3rovhlBz5483PC5Dbw4KVIvZPgdWbAzUERBey
+XOlN2n5EQjcKcpuAlXlgR4ZtN9n1Po5SgCyjJbufIBxAho+Em1QoX+hne4eGfKf8
+o8feHbKibBqINj58GpCzyoyDDQ4NV+gRxU3AR85p2jNJrSrFELh7ZnHLTQvE1D9b
+/DRhRHDshTRTiAVHGrlCvhIQL1NnsOqqZUz4zv03CsPzMNfvgxlw8rvt1SIAZecC
+L9xz6P5zVb0svVq89Sc7S5AY7xQ7YhMf+fuG2ihpJFMAEBACypcqnLj0pdG1cZiv
+dx7Pw4Gd/sag5uUiRj+myPzOo5LpfbU8acmGEoemdZOsO1XO1ABJFOhXHY6cyLgD
+xk7sQvnlO2tTu1qvwPzKSr0XX6MfqUgtHwkELSnEVQARAQABiQG8BBgBCgAmFiEE
+2yx88bTCZfrvVuP8WEihi48UGEsFAmOTSakCGwwFCQWjmoAACgkQWEihi48UGEtO
+Hwv+Lht02gAsLxdqoMs5gBhC/jY2KMJhx/jrhCeIvdZWAZiBJ9wslqJkbhwF6tNt
+/x1BY8pam4j5enLkLCWyyp3wm0QWiJME0N3+tN5QMFpO5kMbFygCCIXSOd+kfrA1
+xFfQt840LTV1rzvp+YW8SYBFjWtanW4K49C7cewacZbY+zwsWZ/FV1bbEZGnB7lL
+0hiwOiXfjmxg0fVlEjLy7bt/8pxJ6w4wQsm78a4l3D2Oo1ux97Kcb+ymJvABmG7X
+Lc90uLbJFBiSbxxbVcbvHx55kGtEzttN+YzJuOTDgXHoFXL4wMTsyVlkzCw1m/qW
+uW68PO7RtXWl4C1aa6K/xC2jgiFT8IwppkEINeb2lIy96iyOPKD+NzocHBCcbx4W
+f9yXue8x8Bptr5Pzv1G422yRLv4N9Hdb3fSALs1FCjVJFuov3FPjpKz6YhyY0vLj
+PNcYqehQphtFs0ra8+OkupcNBiAYsPUlMGhFQakPxpEl4/IM5dny0YrtTuYJAdrI
+HXDL
+=weXn
+-----END PGP PUBLIC KEY BLOCK-----
--- a/libarchive.spec
+++ b/libarchive.spec
@ -0,0 +1,215 @@
+#
+# spec file for package libarchive
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define somajor 13
+%define libname libarchive%{somajor}
+%if 0%{?centos_version} || 0%{?rhel_version}
+%if 0%{?centos_version} <= 600 || 0%{?rhel_version <= 700}
+%bcond_without	static_libs
+%bcond_with	openssl
+%bcond_with	ext2fs
+%endif
+%else
+%bcond_with	static_libs
+%bcond_without	openssl
+%bcond_without	ext2fs
+%endif
+Name:           libarchive
+Version:        3.7.7
+Release:        0
+Summary:        Utility and C library to create and read several streaming archive formats
+License:        BSD-2-Clause
+Group:          Productivity/Archiving/Compression
+URL:            https://www.libarchive.org/
+Source0:        https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.xz
+Source1:        https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.xz.asc
+Source2:        libarchive.keyring
+Source1000:     baselibs.conf
+Patch1:         lib-suffix.patch
+BuildRequires:  cmake
+BuildRequires:  libacl-devel
+BuildRequires:  libbz2-devel
+BuildRequires:  liblz4-devel
+BuildRequires:  libtool
+BuildRequires:  libxml2-devel
+BuildRequires:  libzstd-devel
+BuildRequires:  ninja
+BuildRequires:  pkgconfig
+BuildRequires:  xz-devel
+BuildRequires:  zlib-devel
+%if %{with ext2fs}
+BuildRequires:  libext2fs-devel
+%endif
+%if %{with openssl}
+BuildRequires:  libopenssl-devel
+%endif
+
+%description
+Libarchive is a programming library that can create and read several
+different streaming archive formats, including most popular tar
+variants and several cpio formats. It can also write shar archives and
+read ISO-9660 CDROM images. The bsdtar program is an implementation of
+tar(1) that is built on top of libarchive. It started as a test
+harness, but has grown and is now the standard system tar for FreeBSD 5
+and 6.
+
+This package contains the bsdtar cmdline utility.
+
+%package -n bsdtar
+Summary:        Utility to read several different streaming archive formats
+Group:          Productivity/Archiving/Compression
+Requires:       %{libname} >= %{version}
+
+%description -n bsdtar
+This package contains the bsdtar cmdline utility.
+
+%package -n %{libname}
+Summary:        Library to work with several different streaming archive formats
+Group:          System/Libraries
+
+%description -n %{libname}
+Libarchive is a programming library that can create and read several
+different streaming archive formats, including most popular tar
+variants and several cpio formats. It can also write shar archives and
+read ISO-9660 CDROM images. The bsdtar program is an implementation of
+tar(1) that is built on top of libarchive. It started as a test
+harness, but has grown and is now the standard system tar for FreeBSD 5
+and 6.
+
+The libarchive library offers a number of features that make it both
+very flexible and very powerful.
+
+- Automatic format detection: libarchive can automatically determine
+   both the compression and the archive format, regardless of the
+   data source. Most tar implementations do not automatically detect
+   the compression format, few implementation that can correctly do
+   this when reading from stdin or a socket. (The tar program
+   included with Gunnar Ritter's heirloom collection also does full
+   automatic format detection.)
+
+- Writes POSIX formats: libarchive writes POSIX-standard formats,
+   including "ustar," "pax interchange format," and the POSIX "cpio"
+   format.
+
+- Supports pax interchange format: Pax interchange format (which,
+   despite the name, is really an extended tar format) eliminates
+   almost all limitations of historic tar formats and provides a
+   standard method for incorporating vendor-specific extensions.
+   libarchive exploits this extension mechanism to support ACLs and
+   file flags, for example. (Joerg Schilling's star archiver is
+   another open-source tar program that supports pax interchange
+   format.)
+
+- Reads popular formats: libarchive can read GNU tar, ustar, pax
+   interchange format, cpio, and older tar variants. The internal
+   architecture is easily extensible. The only requirement for
+   support is that it be possible to read the format without seeking
+   in the file. (For example, a format that includes a compressed
+   size field before the data cannot be correctly written without
+   seeking.)
+
+- High-Level API: the libarchive API makes it fairly simple to build
+   an archive from a list of filenames or to extract the entries
+   from an archive. However, the API also provides extreme
+   flexibility with regards to data sources. For example, there are
+   generic hooks that allow you to write an archive to a socket or
+   read data from an archive entry into a memory buffer.
+
+- Extensible. The internal design uses generic interfaces for
+compression, archive format detection and decoding, and archive data
+I/O. It should be very easy to add new formats, new compression
+methods, or new ways of reading/writing archives.
+
+%package -n libarchive-devel
+Summary:        Development files for libarchive
+Group:          Development/Libraries/C and C++
+Requires:       %{libname} = %{version}
+Requires:       glibc-devel
+
+%description -n libarchive-devel
+Libarchive is a programming library that can create and read several
+different streaming archive formats, including most popular tar
+variants and several cpio formats. It can also write shar archives and
+read ISO-9660 CDROM images. The bsdtar program is an implementation of
+tar(1) that is built on top of libarchive. It started as a test
+harness, but has grown and is now the standard system tar for FreeBSD 5
+and 6.
+
+This package contains the development files.
+
+%package static-devel
+Summary:        Static library for libarchive
+Group:          Development/Libraries/C and C++
+Requires:       %{name}-devel = %{version}
+
+%description static-devel
+Static library for libarchive
+
+%prep
+%setup -q
+%autopatch -p1
+
+%build
+%define __builder ninja
+%cmake
+%cmake_build
+
+%check
+exclude=""
+%ifarch %arm %ix86 ppc s390
+exclude="-E test_write_filter"
+%endif
+%ctest $exclude
+
+%install
+%cmake_install
+
+find %{buildroot} -type f -name "*.la" -delete -print
+rm "%{buildroot}%{_libdir}/libarchive.a"
+rm "%{buildroot}%{_mandir}/man5/"{tar,cpio,mtree}.5*
+sed -i -e '/Libs.private/d' %{buildroot}%{_libdir}/pkgconfig/libarchive.pc
+
+%post   -n %{libname} -p /sbin/ldconfig
+%postun -n %{libname} -p /sbin/ldconfig
+
+%files -n bsdtar
+%{_bindir}/bsdcat
+%{_bindir}/bsdcpio
+%{_bindir}/bsdtar
+%{_bindir}/bsdunzip
+%{_mandir}/man1/*
+%{_mandir}/man5/*
+
+%files -n %{libname}
+%license COPYING
+%doc NEWS
+%{_libdir}/libarchive.so.*
+
+%files -n libarchive-devel
+%doc examples/
+%{_mandir}/man3/*
+%{_libdir}/libarchive.so
+%{_includedir}/archive*
+%{_libdir}/pkgconfig/libarchive.pc
+
+%if %{with static_libs}
+%files static-devel
+%{_libdir}/%{name}.a
+%endif
+
+%changelog