From 8971d00f6c2068bd831ec28aaadd85834769e9dfa08907dadf427c269acddf7a Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Wed, 2 Oct 2024 08:17:45 +0000 Subject: [PATCH] - Update to 3.7.6: * tar: clean up linkpath between entries * tar: fix memory leaks when processing symlinks or parsing pax headers * iso: be more cautious about parsing ISO-9660 timestamps - Version 3.7.5 changes: * fix multiple vulnerabilities identified by SAST * cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing * lzop: prevent integer overflow * rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971) * rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972) * rar4: fix OOB in delta and audio filter * rar4: fix out of boundary access with large files * rar4: add boundary checks to rgb filter * rar4: fix OOB access with unicode filenames * rar5: clear 'data ready' cache on window buffer reallocs * rpm: calculate huge header sizes correctly * unzip: unify EOF handling * util: fix out of boundary access in mktemp functions * uu: stop processing if lines are too long * 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes * ar: fix archive entries having no type * lha: do not allow negative file sizes * lha: fix integer truncation on 32-bit systems * shar: check strdup return value * rar5: don't try to read rediculously long names * xar: fix another infinite loop and expat error handling * many Windows fixes, cleanups and improvements - Drop fix-soversion.patch, fix-bsdunzip-test.patch * Fixed upstream OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=128 --- .gitattributes | 23 ++ .gitignore | 1 + _constraints | 13 + baselibs.conf | 1 + fix-bsdunzip-test.patch | 19 + fix-soversion.patch | 13 + lib-suffix.patch | 42 ++ libarchive-3.7.4.tar.xz | 3 + libarchive-3.7.4.tar.xz.asc | 14 + libarchive-3.7.6.tar.xz | 3 + libarchive-3.7.6.tar.xz.asc | 14 + libarchive.changes | 748 ++++++++++++++++++++++++++++++++++++ libarchive.keyring | 52 +++ libarchive.spec | 215 +++++++++++ 14 files changed, 1161 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _constraints create mode 100644 baselibs.conf create mode 100644 fix-bsdunzip-test.patch create mode 100644 fix-soversion.patch create mode 100644 lib-suffix.patch create mode 100644 libarchive-3.7.4.tar.xz create mode 100644 libarchive-3.7.4.tar.xz.asc create mode 100644 libarchive-3.7.6.tar.xz create mode 100644 libarchive-3.7.6.tar.xz.asc create mode 100644 libarchive.changes create mode 100644 libarchive.keyring create mode 100644 libarchive.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..8025de2 --- /dev/null +++ b/_constraints @@ -0,0 +1,13 @@ + + + + ppc64 + ppc64le + + + + 4096 + + + + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..86f30d2 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libarchive13 diff --git a/fix-bsdunzip-test.patch b/fix-bsdunzip-test.patch new file mode 100644 index 0000000..e93c084 --- /dev/null +++ b/fix-bsdunzip-test.patch @@ -0,0 +1,19 @@ +commit 64e2e88ec326dd37fcb85c9a9d21fa43444a0a59 +Author: Bernhard M. Wiedemann +Date: Wed May 22 10:13:47 2024 +0200 + + Fix test failure on openSUSE:Leap:15.5 + +diff --git a/unzip/test/test_I.c b/unzip/test/test_I.c +index 5d31ce8d..92e5ce59 100644 +--- a/unzip/test/test_I.c ++++ b/unzip/test/test_I.c +@@ -45,7 +45,7 @@ DEFINE_TEST(test_I) + #endif + + extract_reference_file(reffile); +- r = systemf("%s -I UTF-8 %s >test.out 2>test.err", testprog, reffile); ++ r = systemf("env -uLC_ALL LC_CTYPE=en_US.UTF-8 %s -I UTF-8 %s >test.out 2>test.err", testprog, reffile); + assertEqualInt(0, r); + assertNonEmptyFile("test.out"); + assertEmptyFile("test.err"); diff --git a/fix-soversion.patch b/fix-soversion.patch new file mode 100644 index 0000000..9bdfe6d --- /dev/null +++ b/fix-soversion.patch @@ -0,0 +1,13 @@ +Index: libarchive-3.4.0/CMakeLists.txt +=================================================================== +--- libarchive-3.4.0.orig/CMakeLists.txt ++++ libarchive-3.4.0/CMakeLists.txt +@@ -71,7 +71,7 @@ SET(LIBARCHIVE_VERSION_STRING "${VERSIO + # libarchive 2.9 == interface version 11 = 2 + 9 + # libarchive 3.0 == interface version 12 + # libarchive 3.1 == interface version 13 +-math(EXPR INTERFACE_VERSION "13 + ${_minor}") ++set(INTERFACE_VERSION "13") + + # Set SOVERSION == Interface version + # ?? Should there be more here ?? diff --git a/lib-suffix.patch b/lib-suffix.patch new file mode 100644 index 0000000..7d3769e --- /dev/null +++ b/lib-suffix.patch @@ -0,0 +1,42 @@ +Index: b/libarchive/CMakeLists.txt +=================================================================== +--- a/libarchive/CMakeLists.txt ++++ b/libarchive/CMakeLists.txt +@@ -266,13 +266,13 @@ IF(ENABLE_INSTALL) + IF(BUILD_SHARED_LIBS) + INSTALL(TARGETS archive + RUNTIME DESTINATION bin +- LIBRARY DESTINATION lib +- ARCHIVE DESTINATION lib) ++ LIBRARY DESTINATION lib${LIB_SUFFIX} ++ ARCHIVE DESTINATION lib${LIB_SUFFIX}) + ENDIF(BUILD_SHARED_LIBS) + INSTALL(TARGETS archive_static + RUNTIME DESTINATION bin +- LIBRARY DESTINATION lib +- ARCHIVE DESTINATION lib) ++ LIBRARY DESTINATION lib${LIB_SUFFIX} ++ ARCHIVE DESTINATION lib${LIB_SUFFIX}) + INSTALL_MAN(${libarchive_MANS}) + INSTALL(FILES ${include_HEADERS} DESTINATION include) + ENDIF() +Index: b/build/cmake/CreatePkgConfigFile.cmake +=================================================================== +--- a/build/cmake/CreatePkgConfigFile.cmake ++++ b/build/cmake/CreatePkgConfigFile.cmake +@@ -4,7 +4,7 @@ + # Set the required variables (we use the same input file as autotools) + SET(prefix ${CMAKE_INSTALL_PREFIX}) + SET(exec_prefix \${prefix}) +-SET(libdir \${exec_prefix}/lib) ++SET(libdir \${exec_prefix}/lib${LIB_SUFFIX}) + SET(includedir \${prefix}/include) + # Now, this is not particularly pretty, nor is it terribly accurate... + # Loop over all our additional libs +@@ -29,5 +29,5 @@ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DI + # And install it, of course ;). + IF(ENABLE_INSTALL) + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/build/pkgconfig/libarchive.pc +- DESTINATION "lib/pkgconfig") ++ DESTINATION "lib${LIB_SUFFIX}/pkgconfig") + ENDIF() diff --git a/libarchive-3.7.4.tar.xz b/libarchive-3.7.4.tar.xz new file mode 100644 index 0000000..360ad33 --- /dev/null +++ b/libarchive-3.7.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f887755c434a736a609cbd28d87ddbfbe9d6a3bb5b703c22c02f6af80a802735 +size 5417660 diff --git a/libarchive-3.7.4.tar.xz.asc b/libarchive-3.7.4.tar.xz.asc new file mode 100644 index 0000000..acfe79b --- /dev/null +++ b/libarchive-3.7.4.tar.xz.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmYre4IACgkQWEihi48U +GEvAuwwAmsnbql7+1CW9RuBHitOvHyIL6sHbjR0Hd3ruI9s3FMevMBzPjpb5MgOU +/D+o0amv1Tv/QSJAid1siZIumgur2hzqglNMK5FkoajpZ1UjYASHHxFoh5qkRKvW +Ws/ViXMVGB2DlyydzzjFwa0JAAK/IpD9uKPPr6rgt+cRBibkWXuJILbmzi/DF1XH +zlp/5FGwzY4/zhqbXgz11ZhX3gacdLd68+xsYbSII2JvZ2yb2zsS+0ia3skUawEj +QMKzdpErqO+RedsRiJG9fjA65Q1hKWpMoWMuKZWLX+v0iv/OHv57RzLelmPy6Ohw +0/PwCHFzFmOfu2LZd+mCWsrYaBrezGJq9tm+pAsCXSxcj3LuQwZ6d8/wgtS5CeNE ++LoHCbzAcI5WiyU3wbw1qvulVDewL+j0rQoj23Lj2z9ry2K94NMpYji3JMkWI8dS +QXitZd29uZ9l5Jf5Kz9BLHOoO1Q8bEOGB33dLpT+UIjFoJ6wqxNXef6OAECoHGH0 +OnEtTuAX +=kNTk +-----END PGP SIGNATURE----- diff --git a/libarchive-3.7.6.tar.xz b/libarchive-3.7.6.tar.xz new file mode 100644 index 0000000..2d558b0 --- /dev/null +++ b/libarchive-3.7.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0a2efdcb185da2eb1e7cd8421434cb9a6119f72417a13335cca378d476fd3ba0 +size 5458552 diff --git a/libarchive-3.7.6.tar.xz.asc b/libarchive-3.7.6.tar.xz.asc new file mode 100644 index 0000000..e43b62b --- /dev/null +++ b/libarchive-3.7.6.tar.xz.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmbxNkUACgkQWEihi48U +GEu+SQwAqe5TjNK7cC1bF0MBthJ+2QQkxCASYJ9ZrvVPS0wBrNGvCx4UvAtR/pVZ +gnvHJmRA60nY7cLvKyDAysmDfq3x5mIBUha/WzEo35NkvTXBOcttzXxWF0GziHtR +WGyk8SK8SWICxsgIlp219xS+E+pWA1dPH2mi6o0DZZTrqpt5RM3rD6mkxUmKCerh +Kqn2aN754Mtt41fMixZpnwVQlXW0H9M/WoGIPUIXfRuA2s3Atyh/RL0nvbOJOWOD +KlNFlKh4kEEg/13v7Ui1UOcTNRKkMjfB7Th8koSZiVPPLd6h2lwOOJk1YQlwdunN +OsgqqB4f6rrW58r2Ce3abOCL4kdLGeIO72Cm/qWcpZHVn3k/xBB8qhrczMqB+URd +U+tHlV65kR4qqv/POZdGqTQ0W0tyqKl4Zp8wvfW2vyuXnYXjQV4cjp4M1ta/KGVb +zXDQynRdLx59RyIV3nZUUulAJoVjSuWTIry0WLKc9g0wnCx783fBunLJTeSxNrtK +q719Bv4A +=VN99 +-----END PGP SIGNATURE----- diff --git a/libarchive.changes b/libarchive.changes new file mode 100644 index 0000000..375042c --- /dev/null +++ b/libarchive.changes @@ -0,0 +1,748 @@ +------------------------------------------------------------------- +Fri Sep 27 19:15:54 UTC 2024 - Antonio Teixeira + +- Update to 3.7.6: + * tar: clean up linkpath between entries + * tar: fix memory leaks when processing symlinks or parsing pax headers + * iso: be more cautious about parsing ISO-9660 timestamps +- Version 3.7.5 changes: + * fix multiple vulnerabilities identified by SAST + * cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing + * lzop: prevent integer overflow + * rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971) + * rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972) + * rar4: fix OOB in delta and audio filter + * rar4: fix out of boundary access with large files + * rar4: add boundary checks to rgb filter + * rar4: fix OOB access with unicode filenames + * rar5: clear 'data ready' cache on window buffer reallocs + * rpm: calculate huge header sizes correctly + * unzip: unify EOF handling + * util: fix out of boundary access in mktemp functions + * uu: stop processing if lines are too long + * 7zip: fix issue when skipping first file in 7zip archive that is a multiple + of 65536 bytes + * ar: fix archive entries having no type + * lha: do not allow negative file sizes + * lha: fix integer truncation on 32-bit systems + * shar: check strdup return value + * rar5: don't try to read rediculously long names + * xar: fix another infinite loop and expat error handling + * many Windows fixes, cleanups and improvements +- Drop fix-soversion.patch, fix-bsdunzip-test.patch + * Fixed upstream + +------------------------------------------------------------------- +Thu Jun 20 14:56:58 UTC 2024 - Antonio Teixeira + +- Update lib-suffix.patch + * Add LIB_SUFFIX to libdir path in the pkg-config file + +------------------------------------------------------------------- +Wed May 22 08:32:02 UTC 2024 - Danilo Spinella + +- Fix bsdunzip test failing due to a locale issue + * fix-bsdunzip-test.patch + +------------------------------------------------------------------- +Tue Apr 30 08:05:28 UTC 2024 - Danilo Spinella + +- Update to 3.7.4: + * rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911) + * zip: Fix out of boundary access + * 7zip: Limit amount of properties + * bsdtar: Fix error handling around strtol() usages + * passphrase: Improve newline handling on Windows + * passphrase: Never allow empty passwords + * rar: Fix "File CRC Error" when extracting specific rar4 archives + * xar: Avoid infinite link loop + * zip: Update AppleDouble support for directories + * zstd: Implement core detection +- Update to 3.7.3: + * PCRE2 support + * add trailing letter b to bsdtar(1) substitute pattern + * add support for long options "--group" and "--owner" to tar(1) + * Fix possible vulnerability in tar error reporting introduced in f27c173 + * ISO9660: preserve the natural order of links + * rar5: fix decoding unicode filenames on Windows + * rar5: fix infinite loop if during rar5 decompression the last block produced no data + * xz filter: fix incorrect eof at the end of an lzip member + * zip: fix end-of-data marker processing when decompressing zip archives + * multiple bsdunzip(1) fixes + * filetime truncation fix on Windows +- Fix rpmlint warning about summary being too long + +------------------------------------------------------------------- +Fri Dec 29 18:39:00 UTC 2023 - Dirk Müller + +- skip write tests on 32bit, they OOM + +------------------------------------------------------------------- +Sun Sep 17 08:53:58 UTC 2023 - Dirk Müller + +- update to 3.7.2: + * Multiple vulnerabilities have been fixed in the PAX writer + * bsdunzip(1) now correctly handles arguments following an + -x after the zipfile + * zstd filter now supports the "long" write option + * SEGV and stack buffer overflow in verbose mode of cpio + * bsdunzip updated to match latest upstream code + * miscellaneous functional bugfixes + + +------------------------------------------------------------------- +Mon Jul 24 06:36:59 UTC 2023 - Bernhard Wiedemann + +- update to 3.7.0 + * bsdunzip port from FreeBSD + * fix 2 year 2038 issues + +------------------------------------------------------------------- +Fri Dec 23 07:57:09 UTC 2022 - Dirk Müller + +- update to 3.6.2 (bsc#1205629, CVE-2022-36227) + * NULL pointer dereference vulnerability in archive_write.c + * include ZSTD in Windows builds (#1688) + * SSL fixes on Windows (#1714, #1723, #1724) + * rar5 reader: fix possible garbled output with bsdtar -O (#1745) + * mtree reader: support reading mtree files with tabs (#1783) + * various small fixes for issues found by CodeQL +- Drop upstream merged CVE-2022-36227.patch + +------------------------------------------------------------------- +Tue Nov 22 14:20:36 UTC 2022 - Danilo Spinella + +- Fix CVE-2022-36227, Handle a calloc returning NULL + (CVE-2022-36227, bsc#1205629) + * CVE-2022-36227.patch + +------------------------------------------------------------------- +Fri Apr 8 17:01:05 UTC 2022 - Dirk Müller + +- update to 3.6.1: + * 7zip reader: fix PPMD read beyond boundary (#1671) + * ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672) + * ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685) + * RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0) + * fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50) + * fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77) + * fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715) +- Drop upstream merged fix-CVE-2022-26280.patch + +------------------------------------------------------------------- +Tue Apr 7 16:28:45 UTC 2022 - Danilo Spinella + +- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init + (CVE-2022-26280, bsc#1197634) + * fix-CVE-2022-26280.patch + +------------------------------------------------------------------- +Thu Feb 24 19:18:32 UTC 2022 - Ferdinand Thiessen + +- Update to 3.6.0 + * Fix use-after-free bug (CVE-2021-36976) + * tar: new option "--no-read-sparse" + * tar: threads support for zstd + * RAR reader: filter support + * RAR5 reader: self-extracting archive support + * ZIP reader: zstd decompression support + * tar: respect "--ignore-zeros" in c, r and u modes + * reduced size of application binaries + * internal code optimizations +- Drop upstream merged: + * fix-following-symlinks.patch + * fix-CVE-2021-36976.patch + +------------------------------------------------------------------- +Mon Feb 23 14:44:21 UTC 2022 - Danilo Spinella + +- Fix CVE-2021-36976 use-after-free in copy_string + (CVE-2021-36976, bsc#1188572) + * fix-CVE-2021-36976.patch +- The following issues have already been fixed in this package but + weren't previously mentioned in the changes file: + CVE-2017-5601, bsc#1022528, bsc#1189528 + +------------------------------------------------------------------- +Mon Nov 29 09:00:26 UTC 2021 - Adrian Schröter + +- fix permission settings on following symlinks (fix-following-symlinks.patch) + this fixes also wrong permissions of /var/tmp in factory systems + CVE-2021-31566 + +------------------------------------------------------------------- +Sun Nov 7 19:13:11 UTC 2021 - Andreas Stieger + +- update to 3.5.2: + * CPIO: Support for PWB and v7 binary cpio formats + * ZIP reader: Support of deflate algorithm in symbolic link decompression + * security: fix handling of symbolic link ACLs on Linux (boo#1192425) + * security: never follow symlinks when setting file flags on Linux (boo#1192426) + * security: do not follow symlinks when processing the fixup list (boo#1192427) + * fix extraction of hardlinks to symlinks + * 7zip reader and writer fixes + * RAR reader fixes + * ZIP reader: fix excessive read for padded zip + * CAB reader: fix double free + * handle short writes from archive_write_callback +- Drop upstream mereged: + * CVE-2021-23177.patch + * CVE-2021-31566.patch + * bsc1192427.patch + +------------------------------------------------------------------- +Fri Oct 21 14:18:01 UTC 2021 - Danilo Spinella + +- Fix CVE-2021-31566, modifies file flags of symlink target + (CVE-2021-31566, bsc#1192426.patch) + CVE-2021-31566.patch +- Fix bsc#1192427, processing fixup entries may follow symbolic links + bsc1192427.patch + +------------------------------------------------------------------- +Mon Sep 12 14:07:20 UTC 2021 - Danilo Spinella + +- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target + (CVE-2021-23177, bsc#1192425) + * CVE-2021-23177.patch + +------------------------------------------------------------------- +Wed Jan 6 16:11:01 UTC 2021 - Dirk Müller + +- update to 3.5.1: + * various compilation fixes (#1461, #1462, #1463, #1464) + * fixed undefined behavior in a function in warc reader (#1465) + +------------------------------------------------------------------- +Tue Dec 1 10:24:21 UTC 2020 - Ismail Dönmez + +- Update to version 3.5.0 + New features: + * mtree digest reader support (#1347) + * completed support for UTF-8 encoding conversion (#1389) + * minor API enhancements (#1258, #1405) + * support for system extended attributes (#1409) + * support for decompression of symbolic links in zipx archives (#1435) + Important bugfixes + * fixed extraction of archives with hard links pointing to itself (#1381) + * cpio fixes (#1387, #1388) + * fixed uninitialized size in rar5_read_data (#1408) + * fixed memory leaks in error case of archive_write_open() functions (#1456) +- Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream. + +------------------------------------------------------------------- +Mon Sep 7 17:17:45 UTC 2020 - Andreas Stieger + +- fix build with binutils submitted to Factory, adding upstream + libarchive-3.4.3-fix_test_write_disk_secure.patch + +------------------------------------------------------------------- +Wed May 20 05:14:18 UTC 2020 - Ismail Dönmez + +- Update to version 3.4.3 + * support for pzstd compressed files (#1357) + * support for RHT.security.selinux tar extended attribute (#1348) + * various zstd fixes and improvements (#1342 #1352 #1359) + * child process handling fixes (#1372) + +------------------------------------------------------------------- +Tue Feb 18 14:46:07 UTC 2020 - Ismail Dönmez + +- Switch back to cmake build now that cmake-mini exists, this will + no longer create a build-cycle. + +------------------------------------------------------------------- +Wed Feb 12 08:34:50 UTC 2020 - Ismail Dönmez + +- Update to version 3.4.2 + New features: + * support for atomic file extraction (bsdtar -x --safe-writes) (#1289) + * support for mbed TLS (PolarSSL) (#1301) + Important bugfixes: + * security fixes in RAR5 reader (#1280 #1326) + * compression buffer fix in XAR writer (#1317) + * fix uname and gname longer than 32 characters in PAX writer (#1319) + * fix segfault when archiving hard links in ISO9660 and XAR writers (#1325) + * fix support for extracting 7z archive entries with Delta filter (#987) + +------------------------------------------------------------------- +Mon Dec 30 08:40:05 UTC 2019 - Ismail Dönmez + +- Revert back to autoconf, cmake introduces a cycle. Leave cmake + patches in since they are basically correct and might be useful + in the future. + +------------------------------------------------------------------- +Mon Dec 30 08:14:13 UTC 2019 - Ismail Dönmez + +- Update to version 3.4.1 + New features: + * Unicode filename support for reading lha/lzh archives + * New pax write option "xattrhdr" + Important bugfixes: + * security fixes in wide string processing (#1276 #1298) + * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221 + * security fixes and optimizations to write filter logic (#351) + * security fix related to use of readlink(2) (1dae5a5) + * sparse file handling fixes (#1218 #1260) +- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream + +------------------------------------------------------------------- +Fri Nov 22 13:17:53 UTC 2019 - Adrian Schröter + +- fix bsc#1157569 + CVE-2019-19221.patch out-of-bounds read in libarchive + +------------------------------------------------------------------- +Sun Aug 18 12:33:05 UTC 2019 - Ismail Dönmez + +- Switch to cmake build +- Add lib-suffix.patch to honor LIB_SUFFIX +- Add fix-zstd-test.patch to fix zstd test +- Add fix-soversion.patch to fix the soversion to 13 as autotools + +------------------------------------------------------------------- +Thu Jun 20 11:35:15 UTC 2019 - Ismail Dönmez + +- Add lz4 and zstd support +- Add BuildRequires on liblz4-devel and libzstd-devel + +------------------------------------------------------------------- +Thu Jun 13 08:00:36 UTC 2019 - Ismail Dönmez + +- Update to version 3.4.0 + * Support for file and directory symlinks on Windows + * Read support for RAR 5.0 archives + * Read support for ZIPX archives with xz, lzma, ppmd8 and + bzip2 compression + * Support for non-recursive list and extract + * New tar option: --exclude-vcs + * Improved file attribute support on Linux and file flags support + on FreeBSD + * Fix reading Android APK archives (#1055 ) + * Fix problems related to unreadable directories (#1167) + * A two-digit number of OSS-Fuzz issues was resolved in this release + including CVE-2019-18408 +- Add libarchive.keyring and validate the tarball signature +- Drop all security patches, fixed upstream: + * CVE-2018-1000877.patch + * CVE-2018-1000878.patch + * CVE-2018-1000879.patch + * CVE-2018-1000880.patch + * CVE-2019-1000019.patch + * CVE-2019-1000020.patch + +------------------------------------------------------------------- +Tue Feb 5 15:16:08 UTC 2019 - Adrian Schröter + +- Added patches: + * CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341) + * CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342) + +------------------------------------------------------------------- +Thu Jan 3 15:26:58 UTC 2019 - Karol Babioch + +- Added patches: + * CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR + decoder (CVE-2018-1000877 bsc#1120653) + * CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR + decoder (CVE-2018-1000878 bsc#1120654) + * CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference + vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656) + * CVE-2018-1000880.patch, which fixes an improper input validation + vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659) +- Make use of %license macro +- Applied spec-cleaner + +------------------------------------------------------------------- +Tue Sep 18 07:08:54 UTC 2018 - Jan Engelhardt + +- Fix RPM groups. Remove idempotent %if..%endif guards. + Diversify summaries. Set CFLAGS instead of re-defining + optflags with itself. + +------------------------------------------------------------------- +Fri Sep 14 06:57:14 UTC 2018 - Adrian Schröter + +- update to version 3.3.3 + * Avoid super-linear slowdown on malformed mtree files + * Many fixes for building with Visual Studio + * NO_OVERWRITE doesn't change existing directory attributes + * New support for Zstandard read and write filters +- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503 +- fix-CVE-2017-14166.patch is obsolete + +------------------------------------------------------------------- +Thu Sep 7 07:05:15 UTC 2017 - adrian@suse.de + +- update to version 3.3.2 + * NFSv4 ACL support for Linux (librichacl) +- fix-CVE-2017-14166.patch (boo#1057514) + +------------------------------------------------------------------- +Mon Apr 3 14:44:27 UTC 2017 - adrian@suse.de + +- update to version 3.3.1 + * Security & Feature release + Details are not documented from upstream yet + fix-extract-over-links.patch and libarchive-openssl.patch obsoleted + +------------------------------------------------------------------- +Fri Dec 2 13:37:54 UTC 2016 - adrian@suse.com + +- fix extracting over symlinks: fix-extract-over-links.patch + the problem is solved upstream different, but git master + is too different atm. + +------------------------------------------------------------------- +Wed Oct 26 09:27:32 UTC 2016 - adrian@suse.com + +- update to version 3.2.2 + Unspecified security fixes, but at least: + * CVE-2016-8687 + * CVE-2016-8689 + * CVE-2016-8688 + * CVE-2016-5844 + * CVE-2016-6250 + * CVE-2016-5418 +- obsoletes fix-build.patch + +------------------------------------------------------------------- +Sat Jul 23 21:13:34 UTC 2016 - dmueller@suse.com + +- make bsdtar require a matching libarchive version to avoid + missing symbol errors + +------------------------------------------------------------------- +Mon Jun 20 10:31:43 UTC 2016 - adrian@suse.de + +- update to version 3.2.1 + Fixes a number of security issues: + CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300 +- and fixing the build (fix-build.patch) + +------------------------------------------------------------------- +Thu Jun 16 09:33:17 UTC 2016 - adrian@suse.de + +- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990) + CVE-2016-4809.patch + +------------------------------------------------------------------- +Mon May 9 08:42:19 UTC 2016 - adrian@suse.de + +- 4GB _constraints for ppc64le only, it would break other archs + +- update to version 3.2.0 + * Fixes CVE-2016-1541 + * Fixes CVE-2015-8928 + * changes are only documented in git history + * updated openssl patch + * new bsdcat utility + +- removed obsolete patches for: + * CVE-2013-0211.patch + * directory-traversal-fix.patch + * libarchive-xattr.patch + +------------------------------------------------------------------- +Fri May 6 14:45:14 UTC 2016 - normand@linux.vnet.ibm.com + +- add _constraints memory 4096MB to avoid ppc64le build failure + +------------------------------------------------------------------- +Sat Sep 19 20:17:41 UTC 2015 - astieger@suse.com + +- build static lib on RHEL 7 + +------------------------------------------------------------------- +Sun Mar 22 19:51:10 UTC 2015 - astieger@suse.com + +- RHEL/CentOS build fix, skipping autoreconf + +------------------------------------------------------------------- +Sun Mar 15 20:11:00 UTC 2015 - astieger@suse.com + +- add CVE for previous change + +------------------------------------------------------------------- +Thu Mar 5 13:36:09 UTC 2015 - adrian@suse.com + +- fix a directory traversal in cpio tool (bnc#920870) + directory-traversal-fix.patch CVE-2015-2304 + +------------------------------------------------------------------- +Tue Nov 11 12:07:46 UTC 2014 - jsegitz@novell.com + +- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024) + +------------------------------------------------------------------- +Wed May 28 17:18:59 UTC 2014 - crrodriguez@opensuse.org + +- libarchive-xattr.patch, fix subtle wrong library check + that causes this package to depend on libattr when it should + be using glibc. + +------------------------------------------------------------------- +Sun Nov 24 16:22:02 UTC 2013 - andreas.stieger@gmx.de + +- add optional -static-devel library package, intended to publish pixz + for CentOS / RHEL, default off +- skip some dependencies not required for pixz on CentOS / RHEL + +------------------------------------------------------------------- +Tue Aug 20 05:34:09 UTC 2013 - crrodriguez@opensuse.org + +- remove artificial dependencies on libacl-devel, libbz2-devel, + zlib-devel from libarchive-devel. + +------------------------------------------------------------------- +Mon Aug 19 21:14:38 UTC 2013 - crrodriguez@opensuse.org + +- libarchive-openssl.patch: Call OPENSSL_config where needed, + otherwise on systems configured to use openSSL engines such + as via-padlock wont benefit from hardware acceleration. + +------------------------------------------------------------------- +Fri Aug 16 20:07:27 UTC 2013 - andreas.stieger@gmx.de + +- update to 3.1.2 + This is a maintenance update to fix issues with the new RAR + seeking feature. +- libarchive's new website moved to http://www.libarchive.org. + +------------------------------------------------------------------- +Sun Jun 16 23:59:28 UTC 2013 - jengelh@inai.de + +- Explicitly list libattr-devel as BuildRequires (and sort those) + +------------------------------------------------------------------- +Wed Feb 13 08:05:35 UTC 2013 - werner@suse.de + +- Use %libname macro to be consistent throughout the spec file + +------------------------------------------------------------------- +Tue Feb 5 18:48:08 UTC 2013 - p.drouand@gmail.com + +- Update to version 3.1.1: + + Fix an issue with the soname versioning in builds of libarchive + using cmake +- Removed patchs; fixed and merged on upstream release: + * libarchive-fix-checks.patch + * libarchive-ppc64.patch +- The soname has changed and pass to 13. + +------------------------------------------------------------------- +Thu Aug 23 08:30:05 UTC 2012 - dvaleev@suse.com + +- libarchive-ppc64.patch: + fix http://code.google.com/p/libarchive/issues/detail?id=277 + test_option_b and test_option_nodump are failing on ppc64 + +------------------------------------------------------------------- +Thu Aug 9 09:05:01 UTC 2012 - cfarrell@suse.com + +- license update: BSD-2-Clause + The COPYING file shows that the package is predominantly BSD-2-Clause + licensed + +------------------------------------------------------------------- +Tue Aug 7 18:47:14 UTC 2012 - dimstar@opensuse.org + +- Update to version 3.0.4: + + libarchive development moved to http://libarchive.github.com/ +- Changes from version 3.0.2: + + Various fixes merged from FreeBSD + + Symlink support in Zip reader and writer + + Robustness fixes to 7Zip reader +- Changes from version 3.0.1b: + + 7Zip reader + + Small fixes to ISO and Zip to improve robustness with corrupted + input + + Improve streaming Zip reader's support for uncompressed entries + + New seeking Zip reader supports SFX Zip archives + + Build fixes on Windows +- For more changes since 2.8.5, please see NEWS file +- Update URL Tag to represent new home of the project. +- Rename libarchive2 to libarchive12, following upstreams soname + bumps. +- Add libarchive-fix-checks.patch: Fix gcc 4.7 side effects. +- Drop libarchive-test-fuzz.patch: fixed upstream. +- Drop libarchive-ignore-sigpipe-in-test-suite.patch: fixed + upstream. +- Drop libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: upstream + rejected the patch. Seems to be too theoretical problem. + +------------------------------------------------------------------- +Mon May 7 08:35:39 UTC 2012 - werner@suse.de + +- Enforce usage of reentrant versions of libc functions + +------------------------------------------------------------------- +Mon Feb 13 18:19:49 UTC 2012 - dvaleev@suse.com + +- fix failed tests on ppc + +------------------------------------------------------------------- +Wed Feb 8 10:57:45 UTC 2012 - idonmez@suse.com + +- Use %makeinstall to be SLES compatible + +------------------------------------------------------------------- +Thu Dec 22 11:27:05 UTC 2011 - werner@suse.de + +- For SLES11 work around missing rpm macro + +------------------------------------------------------------------- +Tue Dec 6 16:00:48 UTC 2011 - coolo@suse.com + +- rename main package to libarchive + +------------------------------------------------------------------- +Tue Dec 6 16:00:32 UTC 2011 - coolo@suse.com + +- Update to libarchive 2.8.5 (from werner) + * Fix issue 134: Improve handling of open failures + * Fix issue 119: Relax ISO verification + * Fix issue 121: mtree parsing + * Fix extraction of GNU tar 'D' directory entries + * Be less demanding in LZMA/XZ compression tests + +------------------------------------------------------------------- +Fri Sep 30 08:15:50 UTC 2011 - coolo@suse.com + +- add baselibs.conf for PackageKit to use + +------------------------------------------------------------------- +Tue Apr 19 13:23:09 UTC 2011 - idoenmez@novell.com + +- Add suport for xz and xar archives +- Add libarchive-2.8.4-iso9660-data-types.patch: + fix ISO9660 reader data type mismatches + +------------------------------------------------------------------- +Thu Nov 11 13:36:59 UTC 2010 - puzel@novell.com + +- udpate to libarchive-2.8.4 + - see /usr/share/doc/packages/libarchive2/NEWS for changes +- drop libarchive-2.5.5_fix_testsuite.patch (upstream) +- update libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch +- clean up specfile +- disable make check for now + +------------------------------------------------------------------- +Wed Jan 6 04:36:37 UTC 2010 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Wed Oct 29 17:24:49 CET 2008 - mrueckert@suse.de + +- added libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: + it can happen that your system at build times supports lutimes + but later at runtime the needed syscall is missing. + +------------------------------------------------------------------- +Mon Sep 8 17:57:29 CEST 2008 - mrueckert@suse.de + +- fix rm calls in %install + +------------------------------------------------------------------- +Sat Sep 6 17:54:11 CEST 2008 - mrueckert@suse.de + +- update to 2.5.5 + This is a major version bump again: it incorporates + lots of bugfixes and improvements. + For all the details please see + /usr/share/doc/packages/libarchive2/NEWS +- drop the .la file +- dropped patch libarchive-2.2.5_rpath.patch: + no longer needed +- added libarchive-2.5.5_fix_testsuite.patch: + added missing mode to open() with O_CREAT + +------------------------------------------------------------------- +Wed Aug 15 12:58:06 CEST 2007 - ro@suse.de + +- fix dependency of devel package + +------------------------------------------------------------------- +Tue Aug 7 16:47:22 CEST 2007 - mrueckert@suse.de + +- restructured package: + bsdtar is now the main package and libarchive2 and libarchive-devel + the subpackages. This saves us a rename on soversion bumps. + +------------------------------------------------------------------- +Mon Jul 30 14:31:32 CEST 2007 - mrueckert@suse.de + +- update to 2.2.5 (#291358) + This is a major version bump. For a full list of all changes see + /usr/share/doc/packages/libarchive/NEWS. Mostly notable this up- + date includes the fixes for the following security bugs: + Errors handling corrupt tar files in libarchive + (CVE-2007-3641, CVE-2007-3644, CVE-2007-3645) +- added libarchive-2.2.5_rpath.patch: + dont set a rpath on the builddir. +- no longer building the static lib + +------------------------------------------------------------------- +Fri Jun 8 01:35:37 CEST 2007 - ro@suse.de + +- added ldconfig to post scripts +- remove minitar objects (leave binary there for now) + +------------------------------------------------------------------- +Sun Apr 8 20:53:59 CEST 2007 - mrueckert@suse.de + +- updated to 2.0.28 +- removed all patches: + included upstream + +------------------------------------------------------------------- +Sat Mar 24 20:07:04 CET 2007 - mrueckert@suse.de + +- require libbz2-devel on >= 10.3 + +------------------------------------------------------------------- +Sat Mar 24 16:30:08 CET 2007 - aj@suse.de + +- Change requires for libbz2 split. + +------------------------------------------------------------------- +Tue Mar 6 16:49:29 CET 2007 - mrueckert@suse.de + +- updated bsdtar-1.2.53_ext2_include.patch: + the old fix was not complete and on newer glibc/kernel-headers it + seems you need to include linux/fs.h explicitly + new name: bsdtar-1.3.1_linux_fs_includes.patch +- build with -fno-strict-aliasing + +------------------------------------------------------------------- +Fri Nov 10 13:01:38 CET 2006 - mrueckert@suse.de + +- added SA-06-24_libarchive.patch: + fix DOS in libarchive (CVE-2006-5680) + http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc + +------------------------------------------------------------------- +Fri Sep 22 13:03:42 CET 2006 - mrueckert@suse.de + +- update to version 1.3.1 + +------------------------------------------------------------------- +Thu Apr 27 02:32:57 CEST 2006 - mrueckert@suse.de + +- updated to 1.2.53: + Upstream merged the source tarball. + Splitted of a bsdtar package + +------------------------------------------------------------------- +Mon Feb 27 19:24:00 CET 2006 - mrueckert@suse.de + +- fixed building of debuginfo package + +------------------------------------------------------------------- +Mon Feb 27 18:32:04 CET 2006 - mrueckert@suse.de + +- libarchive 1.2.38 + diff --git a/libarchive.keyring b/libarchive.keyring new file mode 100644 index 0000000..3235a8b --- /dev/null +++ b/libarchive.keyring @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGOTSakBDADYnE8uP/uR+viUTGNdMG8tWtoopvEEACFOwqx6NPb9sXvip5z2 +0ochmO+jNqbV+OiS/6gjpd2f2fmJ241ooqbqZrWklabohbr2ros25bmi1C/77FEK +sGulay334p1LXPxQA3kjEQSINMresnt8FYCO5q50VHgmnhSNaom8jPAy9S06fWqP +yXAXoJ53hwzYN6Bgb2CnU5FTwC9O4v5sI4wjQYq5JC9cbl1hM5PzC5bIse79l5Nq +YTsSuSY2RhOQ7w6L6V295l7C6TPkPBcqkg4Q+AYzdTTZagMN9NcchembtR/aMbuE +xg1PiUMdPOu99uW605XikwwYTy0ZGlz7GZE9EcpoBaoSX5m3haM5k59e5839YtnC +VbS0XOLCDp8uPMbLElGsLH6J1f1RxxV+h4r6ZypDSC0vTi54qI1nxsdJm1n21iwQ +0zP77oLUaIc+Nb0Mmh61+YFPLMgeHlfEsnsYzTWJU/tt6rlFFECKSlBGkiIXy1Ie +yKx2D+OlCZJ7FQMAEQEAAbQjTWFydGluIE1hdHVza2EgPG1hcnRpbkBtYXR1c2th +Lm9yZz6JAdQEEwEKAD4WIQTbLHzxtMJl+u9W4/xYSKGLjxQYSwUCY5NMJAIbAwUJ +BaOagAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBYSKGLjxQYS8wPDACGqLMh +K5QGA3fjAY5GxEmYUOLB/0fwtCCsW9I1oVOkqdjR72c6iEKcPDcRpU1Xavncb/Kk +N3kD/xQAVpNhn5tIfNAhflZIeB/2gsOv79qBKyo9SkM9TpdNd60H/uOEeYFA0fPF +qXvrtdxK9gL3qkZtThvGnW49OlAHd8HvOMHCfCWMvJfwnt19PH/HR3cI3aXQHe3a +Oek3+E4eKlCruOm0CM1OKfv6FuO79URSw2NB+Tskj2NW91jIF8iZXveR/qi1lupn +AMLhXXpSJOmRGepKvfPRYoV7llSgSOdE+lElC6ljpe41T19c2PiVxUJOJmT4mtJo +9ghVUeIkUhXNpAU/5I6QAtPoGQfQVcE23PtFM7gibC3nL7yPT8igi904msOIxoUk +4kTOUCmW1KcGRT8SNnOrMkdEDGBg1QNNx7D/jyQf6umg4si3wu5NoVYr4eGorDxu +J0Jq2wm42JQDnXWnmoQpO/XwaOwV+OIveMHd0jgtqYHsQiry8IpUWb/0is60H01h +cnRpbiBNYXR1c2thIDxtbUBGcmVlQlNELm9yZz6JAdQEEwEKAD4WIQTbLHzxtMJl ++u9W4/xYSKGLjxQYSwUCY5NJqQIbAwUJBaOagAULCQgHAgYVCgkICwIEFgIDAQIe +AQIXgAAKCRBYSKGLjxQYS2z5DADN7TMpp246axc2NYYTzmHM1iN39EERH/gXT7dl ++d9uY9i1dPZrtzuLoh/yQX8z3P/WeR2czSRWhkxqZ4R64oYiOq2VA1aJ9QopFKIi +DA1mzTjDvuFiuhVR0484gxXf4N6peVhEoGZvUhLaR1n4L5ykAGwKLyqwOQqwK/BX +jxDSgM45bCWhImE6yux6yNrOYTGZA0IsRShRoDbmXvPZPBxMvQEa8RnzI9QqxbZR +17bNCt4VRYXUUpD1vAccJcLl1UGK12OSIevuUdv17Y05Da4IOhGHz9dXsojeFX4u +S7h1JsGZFV4O7XyVpnF5qwqYukN/ScYg2QJIkm/Is3m2AVx58xh2twoFfBew6qID +tnuWtzKlIqOlFST5nhSCaIAoGiVDEisXMY1ZffUJsugaKK6cufCw16dU9C3Kez4T +ap5j1vkIdPylL7i631g7UnNvpi/5ZaxAB3yB00G0LKqTRGjqRAaXnCDuXA89brLF +/wLqwsOROw6B1iQ/OyDhTPS0z6i5AY0EY5NJqQEMALs/XcCV+Xe34TA/eOWyQ4Qe +qbNMdjNBxXW3gpapCG5pMKtlrN/elyYTPJHeas63VWWYyWEhpfb54gISyZOrkwU2 +S6kRtNSw4dADLDbMjfclB+EMKkF3rovhlBz5483PC5Dbw4KVIvZPgdWbAzUERBey +XOlN2n5EQjcKcpuAlXlgR4ZtN9n1Po5SgCyjJbufIBxAho+Em1QoX+hne4eGfKf8 +o8feHbKibBqINj58GpCzyoyDDQ4NV+gRxU3AR85p2jNJrSrFELh7ZnHLTQvE1D9b +/DRhRHDshTRTiAVHGrlCvhIQL1NnsOqqZUz4zv03CsPzMNfvgxlw8rvt1SIAZecC +L9xz6P5zVb0svVq89Sc7S5AY7xQ7YhMf+fuG2ihpJFMAEBACypcqnLj0pdG1cZiv +dx7Pw4Gd/sag5uUiRj+myPzOo5LpfbU8acmGEoemdZOsO1XO1ABJFOhXHY6cyLgD +xk7sQvnlO2tTu1qvwPzKSr0XX6MfqUgtHwkELSnEVQARAQABiQG8BBgBCgAmFiEE +2yx88bTCZfrvVuP8WEihi48UGEsFAmOTSakCGwwFCQWjmoAACgkQWEihi48UGEtO +Hwv+Lht02gAsLxdqoMs5gBhC/jY2KMJhx/jrhCeIvdZWAZiBJ9wslqJkbhwF6tNt +/x1BY8pam4j5enLkLCWyyp3wm0QWiJME0N3+tN5QMFpO5kMbFygCCIXSOd+kfrA1 +xFfQt840LTV1rzvp+YW8SYBFjWtanW4K49C7cewacZbY+zwsWZ/FV1bbEZGnB7lL +0hiwOiXfjmxg0fVlEjLy7bt/8pxJ6w4wQsm78a4l3D2Oo1ux97Kcb+ymJvABmG7X +Lc90uLbJFBiSbxxbVcbvHx55kGtEzttN+YzJuOTDgXHoFXL4wMTsyVlkzCw1m/qW +uW68PO7RtXWl4C1aa6K/xC2jgiFT8IwppkEINeb2lIy96iyOPKD+NzocHBCcbx4W +f9yXue8x8Bptr5Pzv1G422yRLv4N9Hdb3fSALs1FCjVJFuov3FPjpKz6YhyY0vLj +PNcYqehQphtFs0ra8+OkupcNBiAYsPUlMGhFQakPxpEl4/IM5dny0YrtTuYJAdrI +HXDL +=weXn +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libarchive.spec b/libarchive.spec new file mode 100644 index 0000000..e175742 --- /dev/null +++ b/libarchive.spec @@ -0,0 +1,215 @@ +# +# spec file for package libarchive +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define somajor 13 +%define libname libarchive%{somajor} +%if 0%{?centos_version} || 0%{?rhel_version} +%if 0%{?centos_version} <= 600 || 0%{?rhel_version <= 700} +%bcond_without static_libs +%bcond_with openssl +%bcond_with ext2fs +%endif +%else +%bcond_with static_libs +%bcond_without openssl +%bcond_without ext2fs +%endif +Name: libarchive +Version: 3.7.6 +Release: 0 +Summary: Utility and C library to create and read several streaming archive formats +License: BSD-2-Clause +Group: Productivity/Archiving/Compression +URL: https://www.libarchive.org/ +Source0: https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.xz +Source1: https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.xz.asc +Source2: libarchive.keyring +Source1000: baselibs.conf +Patch1: lib-suffix.patch +BuildRequires: cmake +BuildRequires: libacl-devel +BuildRequires: libbz2-devel +BuildRequires: liblz4-devel +BuildRequires: libtool +BuildRequires: libxml2-devel +BuildRequires: libzstd-devel +BuildRequires: ninja +BuildRequires: pkgconfig +BuildRequires: xz-devel +BuildRequires: zlib-devel +%if %{with ext2fs} +BuildRequires: libext2fs-devel +%endif +%if %{with openssl} +BuildRequires: libopenssl-devel +%endif + +%description +Libarchive is a programming library that can create and read several +different streaming archive formats, including most popular tar +variants and several cpio formats. It can also write shar archives and +read ISO-9660 CDROM images. The bsdtar program is an implementation of +tar(1) that is built on top of libarchive. It started as a test +harness, but has grown and is now the standard system tar for FreeBSD 5 +and 6. + +This package contains the bsdtar cmdline utility. + +%package -n bsdtar +Summary: Utility to read several different streaming archive formats +Group: Productivity/Archiving/Compression +Requires: %{libname} >= %{version} + +%description -n bsdtar +This package contains the bsdtar cmdline utility. + +%package -n %{libname} +Summary: Library to work with several different streaming archive formats +Group: System/Libraries + +%description -n %{libname} +Libarchive is a programming library that can create and read several +different streaming archive formats, including most popular tar +variants and several cpio formats. It can also write shar archives and +read ISO-9660 CDROM images. The bsdtar program is an implementation of +tar(1) that is built on top of libarchive. It started as a test +harness, but has grown and is now the standard system tar for FreeBSD 5 +and 6. + +The libarchive library offers a number of features that make it both +very flexible and very powerful. + +- Automatic format detection: libarchive can automatically determine + both the compression and the archive format, regardless of the + data source. Most tar implementations do not automatically detect + the compression format, few implementation that can correctly do + this when reading from stdin or a socket. (The tar program + included with Gunnar Ritter's heirloom collection also does full + automatic format detection.) + +- Writes POSIX formats: libarchive writes POSIX-standard formats, + including "ustar," "pax interchange format," and the POSIX "cpio" + format. + +- Supports pax interchange format: Pax interchange format (which, + despite the name, is really an extended tar format) eliminates + almost all limitations of historic tar formats and provides a + standard method for incorporating vendor-specific extensions. + libarchive exploits this extension mechanism to support ACLs and + file flags, for example. (Joerg Schilling's star archiver is + another open-source tar program that supports pax interchange + format.) + +- Reads popular formats: libarchive can read GNU tar, ustar, pax + interchange format, cpio, and older tar variants. The internal + architecture is easily extensible. The only requirement for + support is that it be possible to read the format without seeking + in the file. (For example, a format that includes a compressed + size field before the data cannot be correctly written without + seeking.) + +- High-Level API: the libarchive API makes it fairly simple to build + an archive from a list of filenames or to extract the entries + from an archive. However, the API also provides extreme + flexibility with regards to data sources. For example, there are + generic hooks that allow you to write an archive to a socket or + read data from an archive entry into a memory buffer. + +- Extensible. The internal design uses generic interfaces for +compression, archive format detection and decoding, and archive data +I/O. It should be very easy to add new formats, new compression +methods, or new ways of reading/writing archives. + +%package -n libarchive-devel +Summary: Development files for libarchive +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} +Requires: glibc-devel + +%description -n libarchive-devel +Libarchive is a programming library that can create and read several +different streaming archive formats, including most popular tar +variants and several cpio formats. It can also write shar archives and +read ISO-9660 CDROM images. The bsdtar program is an implementation of +tar(1) that is built on top of libarchive. It started as a test +harness, but has grown and is now the standard system tar for FreeBSD 5 +and 6. + +This package contains the development files. + +%package static-devel +Summary: Static library for libarchive +Group: Development/Libraries/C and C++ +Requires: %{name}-devel = %{version} + +%description static-devel +Static library for libarchive + +%prep +%setup -q +%autopatch -p1 + +%build +%define __builder ninja +%cmake +%cmake_build + +%check +exclude="" +%ifarch %arm %ix86 ppc s390 +exclude="-E test_write_filter" +%endif +%ctest $exclude + +%install +%cmake_install + +find %{buildroot} -type f -name "*.la" -delete -print +rm "%{buildroot}%{_libdir}/libarchive.a" +rm "%{buildroot}%{_mandir}/man5/"{tar,cpio,mtree}.5* +sed -i -e '/Libs.private/d' %{buildroot}%{_libdir}/pkgconfig/libarchive.pc + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files -n bsdtar +%{_bindir}/bsdcat +%{_bindir}/bsdcpio +%{_bindir}/bsdtar +%{_bindir}/bsdunzip +%{_mandir}/man1/* +%{_mandir}/man5/* + +%files -n %{libname} +%license COPYING +%doc NEWS +%{_libdir}/libarchive.so.* + +%files -n libarchive-devel +%doc examples/ +%{_mandir}/man3/* +%{_libdir}/libarchive.so +%{_includedir}/archive* +%{_libdir}/pkgconfig/libarchive.pc + +%if %{with static_libs} +%files static-devel +%{_libdir}/%{name}.a +%endif + +%changelog