- Update to 3.7.7:
* gzip: prevent a hang when processing a malformed gzip inside a gzip
* tar: don't crash on truncated tar archives
* tar: fix two leaks in tar header parsing
* 7-zip: read/write symlink paths as UTF-8
* cpio: exit with an error code if an entry could not be extracted
* rar5: report encrypted entries
* tar: fix truncation of entry pathnames in specific archives
OBS-URL: https://build.opensuse.org/request/show/1217035
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=130
- Update to 3.7.6:
* tar: clean up linkpath between entries
* tar: fix memory leaks when processing symlinks or parsing pax headers
* iso: be more cautious about parsing ISO-9660 timestamps
- Version 3.7.5 changes:
* fix multiple vulnerabilities identified by SAST
* cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
* lzop: prevent integer overflow
* rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971)
* rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972)
* rar4: fix OOB in delta and audio filter
* rar4: fix out of boundary access with large files
* rar4: add boundary checks to rgb filter
* rar4: fix OOB access with unicode filenames
* rar5: clear 'data ready' cache on window buffer reallocs
* rpm: calculate huge header sizes correctly
* unzip: unify EOF handling
* util: fix out of boundary access in mktemp functions
* uu: stop processing if lines are too long
* 7zip: fix issue when skipping first file in 7zip archive that is a multiple
of 65536 bytes
* ar: fix archive entries having no type
* lha: do not allow negative file sizes
* lha: fix integer truncation on 32-bit systems
* shar: check strdup return value
* rar5: don't try to read rediculously long names
* xar: fix another infinite loop and expat error handling
* many Windows fixes, cleanups and improvements
- Drop fix-soversion.patch, fix-bsdunzip-test.patch
* Fixed upstream
OBS-URL: https://build.opensuse.org/request/show/1204220
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=128
- Update to 3.7.4:
* rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911)
* zip: Fix out of boundary access
* 7zip: Limit amount of properties
* bsdtar: Fix error handling around strtol() usages
* passphrase: Improve newline handling on Windows
* passphrase: Never allow empty passwords
* rar: Fix "File CRC Error" when extracting specific rar4 archives
* xar: Avoid infinite link loop
* zip: Update AppleDouble support for directories
* zstd: Implement core detection
- Update to 3.7.3:
* PCRE2 support
* add trailing letter b to bsdtar(1) substitute pattern
* add support for long options "--group" and "--owner" to tar(1)
* Fix possible vulnerability in tar error reporting introduced in f27c173
* ISO9660: preserve the natural order of links
* rar5: fix decoding unicode filenames on Windows
* rar5: fix infinite loop if during rar5 decompression the last block produced no data
* xz filter: fix incorrect eof at the end of an lzip member
* zip: fix end-of-data marker processing when decompressing zip archives
* multiple bsdunzip(1) fixes
* filetime truncation fix on Windows
- Fix rpmlint warning about summary being too long
OBS-URL: https://build.opensuse.org/request/show/1170930
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=122
- update to 3.7.2:
* Multiple vulnerabilities have been fixed in the PAX writer
* bsdunzip(1) now correctly handles arguments following an
-x after the zipfile
* zstd filter now supports the "long" write option
* SEGV and stack buffer overflow in verbose mode of cpio
* bsdunzip updated to match latest upstream code
* miscellaneous functional bugfixes
* NULL pointer dereference vulnerability in archive_write.c
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
* ZIP reader: Support of deflate algorithm in symbolic link decompression
- Switch to cmake build
- libarchive-xattr.patch, fix subtle wrong library check
- libarchive-openssl.patch: Call OPENSSL_config where needed,
otherwise on systems configured to use openSSL engines such
This is a maintenance update to fix issues with the new RAR
- Enforce usage of reentrant versions of libc functions
- fix failed tests on ppc
- Use %makeinstall to be SLES compatible
- For SLES11 work around missing rpm macro
- Add suport for xz and xar archives
- Add libarchive-2.8.4-iso9660-data-types.patch:
- fix dependency of devel package
- remove minitar objects (leave binary there for now)
OBS-URL: https://build.opensuse.org/request/show/1111737
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=118
- Update to version 3.5.0
New features:
* mtree digest reader support (#1347)
* completed support for UTF-8 encoding conversion (#1389)
* minor API enhancements (#1258, #1405)
* support for system extended attributes (#1409)
* support for decompression of symbolic links in zipx archives (#1435)
Important bugfixes
* fixed extraction of archives with hard links pointing to itself (#1381)
* cpio fixes (#1387, #1388)
* fixed uninitialized size in rar5_read_data (#1408)
* fixed memory leaks in error case of archive_write_open() functions (#1456)
- Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream.
OBS-URL: https://build.opensuse.org/request/show/852309
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=103
