Dominique Leuenberger 2024-01-04 14:57:03 +00:00 committed by Git OBS Bridge
commit 824dc2deb2
6 changed files with 108 additions and 38 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:44729a0cc3b0b0be6742a9873d25e85e240c9318f5f5ebf2cca6bc84d7b91b07
size 5243356

View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmS2Pm8ACgkQWEihi48U
GEtM+Av/a42UPkVL5hw6TpXr6h5mct7aoltKoP/XrJp74SdXRnTZuDtz4RCPqbkg
vduB9L0udtwYHT6LVeZg2wv81cI3Vq+zcq5W3GJhE99aVa9ZL44JmKvdlBsWjPHc
38Q+juvQ1W+hShpUQb0Y1WvYHMaYM8U7GW33Cq9YgzpgCjl9hsAAQgowWouhR0iY
MEdgU7E1rcNSrSDr9oVWdJ3DfOmqZQHHKM3P+W9XSdl/OWGc4u2HFfSq8YZE5I94
9wlVWnWoUN4oGxKDeCxeqEdOfTNqcwfOB4v+nroVrOHfHG5TA3+JvCBXElRMTkAY
9lTHkBoDlcOoxdT1yKqf6b09SRNV1YdFaIb4H5sGPX4mjzQ01tQOYwqPn+PgZEJT
CdLF52IvLtf3E550KZqQvA4JyC/4GcYrHEnFidRsrOTgEPMTXcDzxztNljtTLQVy
WCcGDdlqFFBhhedtichRLPB7nRDoPPFS3R2gPEhkjOILWD3z0sloAF+dDOush5Kc
icEahCNV
=W7Hb
-----END PGP SIGNATURE-----

3
libarchive-3.7.2.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:04357661e6717b6941682cde02ad741ae4819c67a260593dfb2431861b251acb
size 5237056

View File

@ -0,0 +1,14 @@
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmT/ktkACgkQWEihi48U
GEuaGQwAys30icl3gHL4W1EBf63n2EtlEWUMy3pVab2ZO7eTYGO7slWygXYmfjTe
WwkuIsBpfrH5fBsfMRq12WxXNKBQiTY0mwTH881H1kOXsLEbeFxlUZ5JRajTLa55
UBy/u2MJZZHjvdUUJMJG8qTHUdbjquZkZUfMWJyd7jRz9UTez6SolayUzFx6Os/V
MI0djMCQ+7FZecvA0+3AHiTsiAmK3+6upsJz2+KgczABlmFzQhcQ4y7ZdBzbSDTG
AJ6yqivLC+6Kfe6Kph8Ci5VJ/EWkc9vdei0JxQDNT/ramrGuk+9XwEC8rdCLWr6x
q8spjOHRPYf9wPeQXSEPuSkvFJIN6Y9EQ1KWHn2cYmBcr99C0iDVile0ztPO5SqX
IAgLxnZo0WuVytR2gy+xMS7gLPOIMB6Zu6+ViWlhp0Uqlk0ypndFnTXnycVWbtz2
iCSlAH7qikHt1MhbnbPILPhNS/8IScq6aiF2TPN+p9COnzy7Gnzi/IstlG8VM/cu
njTFixjD
=aLKb
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Fri Dec 29 18:39:00 UTC 2023 - Dirk Müller <dmueller@suse.com>
- skip write tests on 32bit, they OOM
-------------------------------------------------------------------
Sun Sep 17 08:53:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 3.7.2:
* Multiple vulnerabilities have been fixed in the PAX writer
* bsdunzip(1) now correctly handles arguments following an
-x after the zipfile
* zstd filter now supports the "long" write option
* SEGV and stack buffer overflow in verbose mode of cpio
* bsdunzip updated to match latest upstream code
* miscellaneous functional bugfixes
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 24 06:36:59 UTC 2023 - Bernhard Wiedemann <bwiedemann@suse.com> Mon Jul 24 06:36:59 UTC 2023 - Bernhard Wiedemann <bwiedemann@suse.com>
@ -15,6 +33,14 @@ Fri Dec 23 07:57:09 UTC 2022 - Dirk Müller <dmueller@suse.com>
* rar5 reader: fix possible garbled output with bsdtar -O (#1745) * rar5 reader: fix possible garbled output with bsdtar -O (#1745)
* mtree reader: support reading mtree files with tabs (#1783) * mtree reader: support reading mtree files with tabs (#1783)
* various small fixes for issues found by CodeQL * various small fixes for issues found by CodeQL
- Drop upstream merged CVE-2022-36227.patch
-------------------------------------------------------------------
Tue Nov 22 14:20:36 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2022-36227, Handle a calloc returning NULL
(CVE-2022-36227, bsc#1205629)
* CVE-2022-36227.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 8 17:01:05 UTC 2022 - Dirk Müller <dmueller@suse.com> Fri Apr 8 17:01:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
@ -27,6 +53,14 @@ Fri Apr 8 17:01:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
* fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50) * fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
* fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77) * fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715) * fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
- Drop upstream merged fix-CVE-2022-26280.patch
-------------------------------------------------------------------
Tue Apr 7 16:28:45 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
(CVE-2022-26280, bsc#1197634)
* fix-CVE-2022-26280.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 24 19:18:32 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de> Thu Feb 24 19:18:32 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
@ -41,7 +75,19 @@ Thu Feb 24 19:18:32 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
* tar: respect "--ignore-zeros" in c, r and u modes * tar: respect "--ignore-zeros" in c, r and u modes
* reduced size of application binaries * reduced size of application binaries
* internal code optimizations * internal code optimizations
- Drop upstream merged fix-following-symlinks.patch - Drop upstream merged:
* fix-following-symlinks.patch
* fix-CVE-2021-36976.patch
-------------------------------------------------------------------
Mon Feb 23 14:44:21 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2021-36976 use-after-free in copy_string
(CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
CVE-2017-5601, bsc#1022528, bsc#1189528
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Nov 29 09:00:26 UTC 2021 - Adrian Schröter <adrian@suse.de> Mon Nov 29 09:00:26 UTC 2021 - Adrian Schröter <adrian@suse.de>
@ -65,6 +111,26 @@ Sun Nov 7 19:13:11 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
* ZIP reader: fix excessive read for padded zip * ZIP reader: fix excessive read for padded zip
* CAB reader: fix double free * CAB reader: fix double free
* handle short writes from archive_write_callback * handle short writes from archive_write_callback
- Drop upstream mereged:
* CVE-2021-23177.patch
* CVE-2021-31566.patch
* bsc1192427.patch
-------------------------------------------------------------------
Fri Oct 21 14:18:01 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2021-31566, modifies file flags of symlink target
(CVE-2021-31566, bsc#1192426.patch)
CVE-2021-31566.patch
- Fix bsc#1192427, processing fixup entries may follow symbolic links
bsc1192427.patch
-------------------------------------------------------------------
Mon Sep 12 14:07:20 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
(CVE-2021-23177, bsc#1192425)
* CVE-2021-23177.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 6 16:11:01 UTC 2021 - Dirk Müller <dmueller@suse.com> Wed Jan 6 16:11:01 UTC 2021 - Dirk Müller <dmueller@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package libarchive # spec file for package libarchive
# #
# Copyright (c) 2022 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -30,7 +30,7 @@
%bcond_without ext2fs %bcond_without ext2fs
%endif %endif
Name: libarchive Name: libarchive
Version: 3.7.0 Version: 3.7.2
Release: 0 Release: 0
Summary: Utility and C library to create and read several different streaming archive formats Summary: Utility and C library to create and read several different streaming archive formats
License: BSD-2-Clause License: BSD-2-Clause
@ -171,7 +171,11 @@ Static library for libarchive
%cmake_build %cmake_build
%check %check
%ctest exclude=""
%ifarch %arm %ix86 ppc s390
exclude="-E test_write_filter"
%endif
%ctest $exclude
%install %install
%cmake_install %cmake_install