Just to have it in devel package, misses documentation about security issues in changes file for submission to factory

OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=56

CVE-2016-4809.patch

@@ -1,22 +0,0 @@
-commit fd7e0c02e272913a0a8b6d492c7260dfca0b1408
-Author: Tim Kientzle <kientzle@acm.org>
-Date:   Sat May 14 12:37:37 2016 -0700
-
-    Reject cpio symlinks that exceed 1MB
-
-diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c
-index c2ca85b..b09db0e 100644
---- a/libarchive/archive_read_support_format_cpio.c
-+++ b/libarchive/archive_read_support_format_cpio.c
-@@ -401,6 +401,11 @@ archive_read_format_cpio_read_header(struct archive_read *a,
- 
- 	/* If this is a symlink, read the link contents. */
- 	if (archive_entry_filetype(entry) == AE_IFLNK) {
-+		if (cpio->entry_bytes_remaining > 1024 * 1024) {
-+			archive_set_error(&a->archive, ENOMEM,
-+			    "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte");
-+			return (ARCHIVE_FATAL);
-+		}
- 		h = __archive_read_ahead(a,
- 			(size_t)cpio->entry_bytes_remaining, NULL);
- 		if (h == NULL)

fix-build.patch

@@ -0,0 +1,20 @@
+--- libarchive/test/test_write_format_gnutar_filenames.c.orig	2016-06-20 13:03:13.796386223 +0200
++++ libarchive/test/test_write_format_gnutar_filenames.c	2016-06-20 13:04:19.472387624 +0200
+@@ -55,7 +55,7 @@
+ 	archive_entry_set_mode(template, S_IFREG | 0755);
+ 	archive_entry_set_size(template, 8);
+ 
+-	for (int i = 0; i < 2000; ++i) {
++	int i; for (i = 0; i < 2000; ++i) {
+ 		filename[i] = 'a';
+ 		filename[i + 1] = '\0';
+ 		archive_entry_copy_pathname(template, filename);
+@@ -110,7 +110,7 @@
+ 	archive_entry_set_mode(template, S_IFLNK | 0755);
+ 	archive_entry_copy_pathname(template, "link");
+ 
+-	for (int i = 0; i < 2000; ++i) {
++	int i; for (i = 0; i < 2000; ++i) {
+ 		filename[i] = 'a';
+ 		filename[i + 1] = '\0';
+ 		archive_entry_copy_symlink(template, filename);

libarchive-3.2.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7bce45fd71ff01dc20d19edd78322d4965583d81b8bed8e26cacb65d6f5baa87
-size 5448095

libarchive-3.2.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:72ee1a4e3fd534525f13a0ba1aa7b05b203d186e0c6072a8a4738649d0b3cfd2
+size 5448888

libarchive.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Jun 20 10:31:43 UTC 2016 - adrian@suse.de
+
+- update to version 3.2.1
+
 -------------------------------------------------------------------
 Thu Jun 16 09:33:17 UTC 2016 - adrian@suse.de
 

libarchive.spec

@@ -33,7 +33,7 @@
 %define libname libarchive%{somajor}
 
 Name:           libarchive
-Version:        3.2.0
+Version:        3.2.1
 Release:        0
 Summary:        Creates and reads several different streaming archive formats
 License:        BSD-2-Clause
@@ -41,6 +41,7 @@ Group:          Productivity/Archiving/Compression
 Url:            http://www.libarchive.org/
 Source0:        http://www.libarchive.org/downloads/libarchive-%{version}.tar.gz
 Source1:        baselibs.conf
+Patch1:         fix-build.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libacl-devel
 BuildRequires:  libbz2-devel
@@ -56,8 +57,6 @@ BuildRequires:  pkg-config
 BuildRequires:  xz-devel
 BuildRequires:  zlib-devel
 Patch0:         libarchive-openssl.patch
-# PATCH-FIX-UPSTREAM bnc#984990
-Patch1:         CVE-2016-4809.patch
 
 %description
 Libarchive is a programming library that can create and read several
@@ -166,7 +165,7 @@ static library for libarchive
 %if %{with openssl}
 %patch0 -p0
 %endif
-%patch1 -p1
+%patch1 -p0
 
 %build
 %if !0%{?skip_autoreconf}
@@ -179,6 +178,10 @@ autoreconf -fiv
 	--disable-static \
 %endif
 	--enable-bsdcpio
+
+# lzma mt detection is broken
+sed -i -e "/HAVE_LZMA_STREAM_ENCODER_MT/d" config.h
+
 make %{?_smp_mflags}
 
 %check