From afb0de5939f9ade429d38b7015d47793eb76543c1c2fe400718297df86eaebb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Thu, 13 Jun 2019 09:45:04 +0000 Subject: [PATCH] Accepting request 709701 from home:namtrac:branches:Archiving - Add libarchive.keyring and validate the tarball signature OBS-URL: https://build.opensuse.org/request/show/709701 OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=86 --- libarchive-3.4.0.tar.gz.asc | 16 ++++++++++ libarchive.changes | 1 + libarchive.keyring | 63 +++++++++++++++++++++++++++++++++++++ libarchive.spec | 4 ++- 4 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 libarchive-3.4.0.tar.gz.asc create mode 100644 libarchive.keyring diff --git a/libarchive-3.4.0.tar.gz.asc b/libarchive-3.4.0.tar.gz.asc new file mode 100644 index 0000000..ed384d8 --- /dev/null +++ b/libarchive-3.4.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEy1V4g2C5kvoIhch48ED3GWupmvQFAl0CEeEACgkQ8ED3GWup +mvRz/g//dSHxY2sqxTg2K8B5eDLxkCZ9wV7X4bu6xR6Te8tqhUh6F6dGioDWAMHC +6rSpAdKn+ldOJhuFoaDrOq+Lu8ZUxn4mRnqj9kG4PhhmPl31K+QwXMWHa4NX3n7u +9d9oU9ebkiOhO8/J+dEljd9HTj9+A8sz97lwRGbckaFjYqRZ2UaYPIXnUwIG+I5I +7djUHekZEJWri8qF4P797k5YTWXZbFhwTo8t8RVBsTZjupL2HD+V10JK7KzvTavE +MpG7jrK4hxzxPdtbiWHMuLXKiDYZ7ANO+360CQyG6aGhr+ZwAEgkflNk9AZ71GRM +vWWCb0b0m041IR6ahdf9R6N0BF0xxc/IpS6PoGq+dEixcteh2Vx/MDx9Jk+54q75 +QstTHFCHa6xmGSJ7Bmv9TIpAJ3s1sZvuTmmVoxDj1k6UEOwtMN+NFd9dDT2eZb2r +7y+0gNrVxuUgaSPV/odPBnVaYZ29NKCDtLldli2JjBn705MxdIB7MDKs7HpiOBi1 +Zo2yG+1T69ZKe8/uxicTI11XnPIoukZr6kPFWBG5ZqfpwBszVZHUqxe35lnAgjfY +KMluK6sQcvqE8rH8AFsvBihV60oC6KI/uiHCrbtYpOtPN6GgyO2hoGGHAbd3XCjb +1JWDV4zwRkaQGdnoIRSapR8gFGd866fOpvsmKfeGVTICuRs2qYE= +=JopE +-----END PGP SIGNATURE----- diff --git a/libarchive.changes b/libarchive.changes index 30dee69..32b4af1 100644 --- a/libarchive.changes +++ b/libarchive.changes @@ -13,6 +13,7 @@ Thu Jun 13 08:00:36 UTC 2019 - Ismail Dönmez * Fix reading Android APK archives (#1055 ) * Fix problems related to unreadable directories (#1167) * A two-digit number of OSS-Fuzz issues was resolved in this release +- Add libarchive.keyring and validate the tarball signature - Drop all security patches, fixed upstream: * CVE-2018-1000877.patch * CVE-2018-1000878.patch diff --git a/libarchive.keyring b/libarchive.keyring new file mode 100644 index 0000000..5090aa8 --- /dev/null +++ b/libarchive.keyring @@ -0,0 +1,63 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFhUn/MBEACxbpg9G9KKuROKDLgugNKr6c4lrp3lTvx4XwuA+EGLCC/tBwOE +8ak5f21g/QogUnYkhpuI3XLqKGsuWCDFQHB3Wk1dUYE/7wk4Um4DyHrMncyUmAHY +fy9OZ+ZVYDBcodxlBDtVHKG0lzNhTs/HNO4Ep6Ja/37GsbEJRqz0XRgqM6l7GYwC +iltTaU3nJuGDeWtRsaZO5Xqm36NoXNTlR4MYy1m+ddAZZexgonNX33MNaATlkcJg +o1HIr7fUt2JcLjrM0LVd5BAbLEcaXSlE0Dl6MjnOYsJLL/zjMQ8esfRzVNYYZiZv +qHCCDLii3rOzdCiuaJ0D2BfZKZNF4ETi+tvtL4YkmiDUb9+jc7p/CbYRpk0eV/9O +4JERtwI7TVvObksY4N88Oc882dNvbw8y3R9WLuIoRx69lBwTmiYYlDt6kCd/7Wgp +rqq2Spmvyp5KOVm7qFi0F2SsMqsNWngdKbiMTXD2Rg0rZqpcnLdWcYysrAnnyuQH +vR6WUmDaeJdAnSf3VBsavdK2sjjjqcqW8+0NGWBg2UaHgUGc1gh01hfkp5tjAyR2 +G3jNSfzP0PtJIuxvOOwDZsdja/BW5bnuzjZUNGOoZQ8OcYR6By8uugfcmd4H6GK9 ++Yj+xUDnook3WKksy80ekDT8KdC/XTdmRYYZRbtb8gjBGxdlzciC5l262wARAQAB +tB9NYXJ0aW4gTWF0dXNrYSA8bW1ARnJlZUJTRC5vcmc+iQI9BBMBCAAnAhsDBQsJ +CAcCBhUICQoLAgQWAgMBAh4BAheABQJYVKWNBQkFo6AaAAoJEPBA9xlrqZr05uoP +/0JduegGf9eD69vXJvDORE+eGhqHhEP3v6mbfJ6ErmyaypKfbyWfLw2rdEaY14Wt +8IEPQi8ULpTaJPZOjlk77BAZ/efPIBAvGNs0D1z424bn3uZM+pZhh6jY7nPkyajh +8tDeMtixLiaK6re2/TRuIUPy7Y91P94uPgLVxx88qtI62gh5Sc8oGY+OMQybtZ8S +6kEuio3ZhQF4fXM92NUf1XY9BYZ330yiv/CQTz+Bz/nOHU7QqDG8OKVrUA0lNKfE +crF7dsrrBeLoC73FB+gqcHcTZ/A+ZlO+IWunWfs6plB7F92v4d3dzsHIuPt6Ldf2 +tP+hmsMa0mGmL6zriG1vo3hxpRmRqlr5KTpa1yrjs/8PULfuae8qcGuUcytaZVhY +zu2hIijwWJ0OxIF6EhV4maG/9bEINqNUaHzthrHbSVeYTR7i4EIGOXgK3jMZ9zhj +Uz70IzAcshNdypVO6QeMB9Cv5ei975MKG0khRukdmg43Q4OijSmh6F4+Ikp5yTT3 +BfVUiK0Jy+ceGE+hU/fRFhPWp3+oyVXO9Xhng7LNvp+gT32UN9FLOVmAhPj0mYVS +aHKs1MwCV2xZv1nJjVE9TbmwR1G27fyQfXZ/m3+Gzl+mT+oD9FnsiFAO67FEm/O1 +GPPl4LSHWD5QP3L+RXXJ0sxTmDUew6XgbnVFNnuaypFatCNNYXJ0aW4gTWF0dXNr +YSA8bWFydGluQG1hdHVza2Eub3JnPokCPQQTAQgAJwIbAwULCQgHAgYVCAkKCwIE +FgIDAQIeAQIXgAUCWFSljQUJBaOgGgAKCRDwQPcZa6ma9H8rEACEjIuI1hNpsCRF +CFdtrS5bUrMBrS29LEmiyPIAS2uSYf5A/iSek0oe2MG9NZ8zGNpjJ9o2ZSw2LlFp +dJlJ5fNjF+MQu09LbmuZKSYArFwnS8Vc2bjpzUQuBsQRcItD3kWAI1HbgjnrF5Ey +gj6ps5m8H6PM8+sxLhtVfTPN8Ad2vARJFr/OEfJtZGvJgaBvoivQw2GfTBbCvtGG +du1f9mrraC/pPSIkgx97Zrv1z841gAIjfmChpjgP+kAYosunBNAwJtbqQctrpnP+ +SoNceUxrKf2hI8qRBDAE2CyB2KwLC3Qdr2TOzsZ2XG3OqNh7k4GoikfQr8V278QW +SAImpzUmJQqA0vCKnAjIHEVRNGSiVNlbNIDLdzYj0f6SDyW+YTm3PKNOGvDcZT5m +ZAogGnXQn23on0c1mWqe9LKWQjgch+7CXdA4ovSVI12poGVhhQ0b92WFsozBUIYa +W/7OVfDhlJDRehHT8MmR7eQS1AeBujUxyg0mfapdDMCepr8xrpuMpfrT0s4Yw1Mk +Nnne0DAMFKF9bA7JQ+2L971IpikITKnY17wua+XggfcCB970VM1XiPvRLPIxZr+a +BLvKFLhM2dYDbdetFDKRxypbz2ePaAjAVlOk96Om5LavKhqC/jbJeUk2CVtauYLz +itB5D6WMHTlyQLvU2G2T4clYFNyfw7kCDQRYVJ/zARAA1zIB+5uoKEGwPClb+INb +/6JNaj6wBQ/RVYDR+dpN1Sdp19WnoAErz5hKX+qficy2aq2tI/xzA7E4hwS+qWA9 +vne1ALzBaWIfk699lOBnDwFCcwgJe6UeYBEQtuFC4pyJvLlT/Tr6uGuImEMl5BZn +BNnJZHFvkQYEGkX2MX85xd9opgugNoKIZVOUJ5nh86WsLlsTHiVmlORgA4TfEuFk +b4SDdJsfhV11Dt44Vyvz5tA6ha4uOQ5/6CQl4X5i345wAYyeUYK9asXXfsVXR67b +/rB7v8htSX/3fQ04vzD5+UGeRdc/7FiczR5+PXg5/hVBagnUg1kVScopB2v34UXa +Z6Wod/hHPgIQsTEdhtCKf6qcSmHqYL4vrSl19JY33U+EI67cvm2H2MzgnVdja0l7 +O3N7KUNjYhWb8d6lvknaM5WX/snBlDJhJyiE2eK9hfZCfFB9s/W+k5HVXvBtm6Sp +VGA6hCljLN4WhXoNtXxXNySvJX9XlNP2+VeNsGGGNgqcmN9PGey+93pioa/tyOEm +hKJhz+rtypRdkcfvo5axzFVdYr7EIHQgWep7rAxj/TtOu8NghWC8hl3h52HAVT+w +dVOuP3CgE8tNnSULYcCIW7AJGG+K90E5KFenrvM/ndhQAct8o0J+ySpsd7rXpviZ +pnfy4903ZFcNJu+9cM+IgPcAEQEAAYkCHwQYAQgACQUCWFSf8wIbDAAKCRDwQPcZ +a6ma9EGDEACbe5pzfhvR0Da7owUJCdGErVg+NWpdrGINMXk0Q18Q7RkMegfOpCI3 ++RUHmrU0OmU3abUEiSVnvyrx5GhtkTPI+eVvCc0pwpUFhH5nORtRa6ptW9C90/EF +xP5T10vIrIQSKgeiJMOxULpa3f2eF62t48RI4950W+le+Jd2QyC6QavabXtjxk8e +YSjjT4Vn7uqKuAfVSuFrhTHqA+/o5VTzbYmrkJ012SXxwE+URjc+jMHNuKCrJmMS +38JCVXa060I0Ci3EisRtBIj9O1Gy0at8txEFTwkt86nQd0Cjgh/YXN9Ontil3JjI +2DBl/pOei96dQ26CC4LxbPEc5sj9D2wDeMw7KrXbXRPskkJ6eSUpRtc0Cq7f86uV +bLQZwkYU2WXcaqQG3ql1RvoRV7m+OchZJ/27f5gFLRR3eTuy99Se/mxknwvpxDTd +XV9MqhXUkXkkWfhpij8bsGp0O9FRSXh00iJG5n9+EygD+jJe6Jrt+i4DCDctILGQ +22rnKEJ0sOfcPtObxB+yqbsRab6ws6dpGCnLfbyyxkVp0Uaax0+JUyQZkwfZ00/f +uLL6J9Q3BNNQnqeFNvA+D5TjM7uFL7Sg9BwAsuOwTodhd2WJpeYknnWZZ+LqJ9Bl +Heo9XgfmVI+nhV7kXqil0pKc1D2SguOTqtRiBRJznEuAsaaCmQclkA== +=H6gz +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libarchive.spec b/libarchive.spec index 30b0199..8b56e8e 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -37,7 +37,9 @@ License: BSD-2-Clause Group: Productivity/Archiving/Compression URL: http://www.libarchive.org/ Source0: https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.gz -Source1: baselibs.conf +Source1: https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.gz.asc +Source2: libarchive.keyring +Source1000: baselibs.conf BuildRequires: libacl-devel BuildRequires: libbz2-devel BuildRequires: libtool