- Update to 3.7.4:
* rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911)
* zip: Fix out of boundary access
* 7zip: Limit amount of properties
* bsdtar: Fix error handling around strtol() usages
* passphrase: Improve newline handling on Windows
* passphrase: Never allow empty passwords
* rar: Fix "File CRC Error" when extracting specific rar4 archives
* xar: Avoid infinite link loop
* zip: Update AppleDouble support for directories
* zstd: Implement core detection
- Update to 3.7.3:
* PCRE2 support
* add trailing letter b to bsdtar(1) substitute pattern
* add support for long options "--group" and "--owner" to tar(1)
* Fix possible vulnerability in tar error reporting introduced in f27c173
* ISO9660: preserve the natural order of links
* rar5: fix decoding unicode filenames on Windows
* rar5: fix infinite loop if during rar5 decompression the last block produced no data
* xz filter: fix incorrect eof at the end of an lzip member
* zip: fix end-of-data marker processing when decompressing zip archives
* multiple bsdunzip(1) fixes
* filetime truncation fix on Windows
- Fix rpmlint warning about summary being too long
OBS-URL: https://build.opensuse.org/request/show/1170930
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=122
- update to 3.7.2:
* Multiple vulnerabilities have been fixed in the PAX writer
* bsdunzip(1) now correctly handles arguments following an
-x after the zipfile
* zstd filter now supports the "long" write option
* SEGV and stack buffer overflow in verbose mode of cpio
* bsdunzip updated to match latest upstream code
* miscellaneous functional bugfixes
* NULL pointer dereference vulnerability in archive_write.c
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
* ZIP reader: Support of deflate algorithm in symbolic link decompression
- Switch to cmake build
- libarchive-xattr.patch, fix subtle wrong library check
- libarchive-openssl.patch: Call OPENSSL_config where needed,
otherwise on systems configured to use openSSL engines such
This is a maintenance update to fix issues with the new RAR
- Enforce usage of reentrant versions of libc functions
- fix failed tests on ppc
- Use %makeinstall to be SLES compatible
- For SLES11 work around missing rpm macro
- Add suport for xz and xar archives
- Add libarchive-2.8.4-iso9660-data-types.patch:
- fix dependency of devel package
- remove minitar objects (leave binary there for now)
OBS-URL: https://build.opensuse.org/request/show/1111737
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=118
- Update to version 3.5.0
New features:
* mtree digest reader support (#1347)
* completed support for UTF-8 encoding conversion (#1389)
* minor API enhancements (#1258, #1405)
* support for system extended attributes (#1409)
* support for decompression of symbolic links in zipx archives (#1435)
Important bugfixes
* fixed extraction of archives with hard links pointing to itself (#1381)
* cpio fixes (#1387, #1388)
* fixed uninitialized size in rar5_read_data (#1408)
* fixed memory leaks in error case of archive_write_open() functions (#1456)
- Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream.
OBS-URL: https://build.opensuse.org/request/show/852309
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=103
- Revert back to autoconf, cmake introduces a cycle. Leave cmake
patches in since they are basically correct and might be useful
in the future.
- Update to version 3.4.1
New features:
* Unicode filename support for reading lha/lzh archives
* New pax write option "xattrhdr"
Important bugfixes:
* security fixes in wide string processing (#1276#1298)
* security fixes in RAR5 reader (#1212#1217#1296) CVE-2019-19221
* security fixes and optimizations to write filter logic (#351)
* security fix related to use of readlink(2) (1dae5a5)
* sparse file handling fixes (#1218#1260)
- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream
CVE-2019-19221.patch out-of-bounds read in libarchive
OBS-URL: https://build.opensuse.org/request/show/760008
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=91
- Update to version 3.4.0
* Support for file and directory symlinks on Windows
* Read support for RAR 5.0 archives
* Read support for ZIPX archives with xz, lzma, ppmd8 and
bzip2 compression
* Support for non-recursive list and extract
* New tar option: --exclude-vcs
* Improved file attribute support on Linux and file flags support
on FreeBSD
* Fix reading Android APK archives (#1055 )
* Fix problems related to unreadable directories (#1167)
* A two-digit number of OSS-Fuzz issues was resolved in this release
- Drop all security patches, fixed upstream:
* CVE-2018-1000877.patch
* CVE-2018-1000878.patch
* CVE-2018-1000879.patch
* CVE-2018-1000880.patch
* CVE-2019-1000019.patch
* CVE-2019-1000020.patch
OBS-URL: https://build.opensuse.org/request/show/709686
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=85
- Added patches:
* CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR
decoder (CVE-2018-1000877 bsc#1120653)
* CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR
decoder (CVE-2018-1000878 bsc#1120654)
* CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference
vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
* CVE-2018-1000880.patch, which fixes an improper input validation
vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)
- Make use of %license macro
- Applied spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/662692
OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=80
