Antonio Teixeira
2970be247c
* gzip: prevent a hang when processing a malformed gzip inside a gzip * tar: don't crash on truncated tar archives * tar: fix two leaks in tar header parsing * 7-zip: read/write symlink paths as UTF-8 * cpio: exit with an error code if an entry could not be extracted * rar5: report encrypted entries * tar: fix truncation of entry pathnames in specific archives OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=130
761 lines
29 KiB
Plaintext
761 lines
29 KiB
Plaintext
-------------------------------------------------------------------
|
|
Thu Oct 17 08:41:56 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Update to 3.7.7:
|
|
* gzip: prevent a hang when processing a malformed gzip inside a gzip
|
|
* tar: don't crash on truncated tar archives
|
|
* tar: fix two leaks in tar header parsing
|
|
* 7-zip: read/write symlink paths as UTF-8
|
|
* cpio: exit with an error code if an entry could not be extracted
|
|
* rar5: report encrypted entries
|
|
* tar: fix truncation of entry pathnames in specific archives
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 27 19:15:54 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Update to 3.7.6:
|
|
* tar: clean up linkpath between entries
|
|
* tar: fix memory leaks when processing symlinks or parsing pax headers
|
|
* iso: be more cautious about parsing ISO-9660 timestamps
|
|
- Version 3.7.5 changes:
|
|
* fix multiple vulnerabilities identified by SAST
|
|
* cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
|
|
* lzop: prevent integer overflow
|
|
* rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971)
|
|
* rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972)
|
|
* rar4: fix OOB in delta and audio filter
|
|
* rar4: fix out of boundary access with large files
|
|
* rar4: add boundary checks to rgb filter
|
|
* rar4: fix OOB access with unicode filenames
|
|
* rar5: clear 'data ready' cache on window buffer reallocs
|
|
* rpm: calculate huge header sizes correctly
|
|
* unzip: unify EOF handling
|
|
* util: fix out of boundary access in mktemp functions
|
|
* uu: stop processing if lines are too long
|
|
* 7zip: fix issue when skipping first file in 7zip archive that is a multiple
|
|
of 65536 bytes
|
|
* ar: fix archive entries having no type
|
|
* lha: do not allow negative file sizes
|
|
* lha: fix integer truncation on 32-bit systems
|
|
* shar: check strdup return value
|
|
* rar5: don't try to read rediculously long names
|
|
* xar: fix another infinite loop and expat error handling
|
|
* many Windows fixes, cleanups and improvements
|
|
- Drop fix-soversion.patch, fix-bsdunzip-test.patch
|
|
* Fixed upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 20 14:56:58 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
|
|
|
- Update lib-suffix.patch
|
|
* Add LIB_SUFFIX to libdir path in the pkg-config file
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 22 08:32:02 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
|
|
|
|
- Fix bsdunzip test failing due to a locale issue
|
|
* fix-bsdunzip-test.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 30 08:05:28 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
|
|
|
|
- Update to 3.7.4:
|
|
* rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911)
|
|
* zip: Fix out of boundary access
|
|
* 7zip: Limit amount of properties
|
|
* bsdtar: Fix error handling around strtol() usages
|
|
* passphrase: Improve newline handling on Windows
|
|
* passphrase: Never allow empty passwords
|
|
* rar: Fix "File CRC Error" when extracting specific rar4 archives
|
|
* xar: Avoid infinite link loop
|
|
* zip: Update AppleDouble support for directories
|
|
* zstd: Implement core detection
|
|
- Update to 3.7.3:
|
|
* PCRE2 support
|
|
* add trailing letter b to bsdtar(1) substitute pattern
|
|
* add support for long options "--group" and "--owner" to tar(1)
|
|
* Fix possible vulnerability in tar error reporting introduced in f27c173
|
|
* ISO9660: preserve the natural order of links
|
|
* rar5: fix decoding unicode filenames on Windows
|
|
* rar5: fix infinite loop if during rar5 decompression the last block produced no data
|
|
* xz filter: fix incorrect eof at the end of an lzip member
|
|
* zip: fix end-of-data marker processing when decompressing zip archives
|
|
* multiple bsdunzip(1) fixes
|
|
* filetime truncation fix on Windows
|
|
- Fix rpmlint warning about summary being too long
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 29 18:39:00 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- skip write tests on 32bit, they OOM
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Sep 17 08:53:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- update to 3.7.2:
|
|
* Multiple vulnerabilities have been fixed in the PAX writer
|
|
* bsdunzip(1) now correctly handles arguments following an
|
|
-x after the zipfile
|
|
* zstd filter now supports the "long" write option
|
|
* SEGV and stack buffer overflow in verbose mode of cpio
|
|
* bsdunzip updated to match latest upstream code
|
|
* miscellaneous functional bugfixes
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 24 06:36:59 UTC 2023 - Bernhard Wiedemann <bwiedemann@suse.com>
|
|
|
|
- update to 3.7.0
|
|
* bsdunzip port from FreeBSD
|
|
* fix 2 year 2038 issues
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 23 07:57:09 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- update to 3.6.2 (bsc#1205629, CVE-2022-36227)
|
|
* NULL pointer dereference vulnerability in archive_write.c
|
|
* include ZSTD in Windows builds (#1688)
|
|
* SSL fixes on Windows (#1714, #1723, #1724)
|
|
* rar5 reader: fix possible garbled output with bsdtar -O (#1745)
|
|
* mtree reader: support reading mtree files with tabs (#1783)
|
|
* various small fixes for issues found by CodeQL
|
|
- Drop upstream merged CVE-2022-36227.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 22 14:20:36 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
|
|
|
- Fix CVE-2022-36227, Handle a calloc returning NULL
|
|
(CVE-2022-36227, bsc#1205629)
|
|
* CVE-2022-36227.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 8 17:01:05 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- update to 3.6.1:
|
|
* 7zip reader: fix PPMD read beyond boundary (#1671)
|
|
* ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
|
|
* ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
|
|
* RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
|
|
* fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
|
|
* fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
|
|
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
|
|
- Drop upstream merged fix-CVE-2022-26280.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 7 16:28:45 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
|
|
|
- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
|
|
(CVE-2022-26280, bsc#1197634)
|
|
* fix-CVE-2022-26280.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 24 19:18:32 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
|
|
|
|
- Update to 3.6.0
|
|
* Fix use-after-free bug (CVE-2021-36976)
|
|
* tar: new option "--no-read-sparse"
|
|
* tar: threads support for zstd
|
|
* RAR reader: filter support
|
|
* RAR5 reader: self-extracting archive support
|
|
* ZIP reader: zstd decompression support
|
|
* tar: respect "--ignore-zeros" in c, r and u modes
|
|
* reduced size of application binaries
|
|
* internal code optimizations
|
|
- Drop upstream merged:
|
|
* fix-following-symlinks.patch
|
|
* fix-CVE-2021-36976.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 23 14:44:21 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
|
|
|
- Fix CVE-2021-36976 use-after-free in copy_string
|
|
(CVE-2021-36976, bsc#1188572)
|
|
* fix-CVE-2021-36976.patch
|
|
- The following issues have already been fixed in this package but
|
|
weren't previously mentioned in the changes file:
|
|
CVE-2017-5601, bsc#1022528, bsc#1189528
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 29 09:00:26 UTC 2021 - Adrian Schröter <adrian@suse.de>
|
|
|
|
- fix permission settings on following symlinks (fix-following-symlinks.patch)
|
|
this fixes also wrong permissions of /var/tmp in factory systems
|
|
CVE-2021-31566
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 7 19:13:11 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
|
|
|
- update to 3.5.2:
|
|
* CPIO: Support for PWB and v7 binary cpio formats
|
|
* ZIP reader: Support of deflate algorithm in symbolic link decompression
|
|
* security: fix handling of symbolic link ACLs on Linux (boo#1192425)
|
|
* security: never follow symlinks when setting file flags on Linux (boo#1192426)
|
|
* security: do not follow symlinks when processing the fixup list (boo#1192427)
|
|
* fix extraction of hardlinks to symlinks
|
|
* 7zip reader and writer fixes
|
|
* RAR reader fixes
|
|
* ZIP reader: fix excessive read for padded zip
|
|
* CAB reader: fix double free
|
|
* handle short writes from archive_write_callback
|
|
- Drop upstream mereged:
|
|
* CVE-2021-23177.patch
|
|
* CVE-2021-31566.patch
|
|
* bsc1192427.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 21 14:18:01 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
|
|
|
|
- Fix CVE-2021-31566, modifies file flags of symlink target
|
|
(CVE-2021-31566, bsc#1192426.patch)
|
|
CVE-2021-31566.patch
|
|
- Fix bsc#1192427, processing fixup entries may follow symbolic links
|
|
bsc1192427.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 12 14:07:20 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
|
|
|
|
- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
|
|
(CVE-2021-23177, bsc#1192425)
|
|
* CVE-2021-23177.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 6 16:11:01 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- update to 3.5.1:
|
|
* various compilation fixes (#1461, #1462, #1463, #1464)
|
|
* fixed undefined behavior in a function in warc reader (#1465)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 1 10:24:21 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
- Update to version 3.5.0
|
|
New features:
|
|
* mtree digest reader support (#1347)
|
|
* completed support for UTF-8 encoding conversion (#1389)
|
|
* minor API enhancements (#1258, #1405)
|
|
* support for system extended attributes (#1409)
|
|
* support for decompression of symbolic links in zipx archives (#1435)
|
|
Important bugfixes
|
|
* fixed extraction of archives with hard links pointing to itself (#1381)
|
|
* cpio fixes (#1387, #1388)
|
|
* fixed uninitialized size in rar5_read_data (#1408)
|
|
* fixed memory leaks in error case of archive_write_open() functions (#1456)
|
|
- Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 7 17:17:45 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
|
|
|
- fix build with binutils submitted to Factory, adding upstream
|
|
libarchive-3.4.3-fix_test_write_disk_secure.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 20 05:14:18 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
- Update to version 3.4.3
|
|
* support for pzstd compressed files (#1357)
|
|
* support for RHT.security.selinux tar extended attribute (#1348)
|
|
* various zstd fixes and improvements (#1342 #1352 #1359)
|
|
* child process handling fixes (#1372)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 18 14:46:07 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
- Switch back to cmake build now that cmake-mini exists, this will
|
|
no longer create a build-cycle.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 12 08:34:50 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
- Update to version 3.4.2
|
|
New features:
|
|
* support for atomic file extraction (bsdtar -x --safe-writes) (#1289)
|
|
* support for mbed TLS (PolarSSL) (#1301)
|
|
Important bugfixes:
|
|
* security fixes in RAR5 reader (#1280 #1326)
|
|
* compression buffer fix in XAR writer (#1317)
|
|
* fix uname and gname longer than 32 characters in PAX writer (#1319)
|
|
* fix segfault when archiving hard links in ISO9660 and XAR writers (#1325)
|
|
* fix support for extracting 7z archive entries with Delta filter (#987)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 30 08:40:05 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
- Revert back to autoconf, cmake introduces a cycle. Leave cmake
|
|
patches in since they are basically correct and might be useful
|
|
in the future.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 30 08:14:13 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
- Update to version 3.4.1
|
|
New features:
|
|
* Unicode filename support for reading lha/lzh archives
|
|
* New pax write option "xattrhdr"
|
|
Important bugfixes:
|
|
* security fixes in wide string processing (#1276 #1298)
|
|
* security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221
|
|
* security fixes and optimizations to write filter logic (#351)
|
|
* security fix related to use of readlink(2) (1dae5a5)
|
|
* sparse file handling fixes (#1218 #1260)
|
|
- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 22 13:17:53 UTC 2019 - Adrian Schröter <adrian@suse.de>
|
|
|
|
- fix bsc#1157569
|
|
CVE-2019-19221.patch out-of-bounds read in libarchive
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 18 12:33:05 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
- Switch to cmake build
|
|
- Add lib-suffix.patch to honor LIB_SUFFIX
|
|
- Add fix-zstd-test.patch to fix zstd test
|
|
- Add fix-soversion.patch to fix the soversion to 13 as autotools
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 20 11:35:15 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
- Add lz4 and zstd support
|
|
- Add BuildRequires on liblz4-devel and libzstd-devel
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 13 08:00:36 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
|
|
|
|
- Update to version 3.4.0
|
|
* Support for file and directory symlinks on Windows
|
|
* Read support for RAR 5.0 archives
|
|
* Read support for ZIPX archives with xz, lzma, ppmd8 and
|
|
bzip2 compression
|
|
* Support for non-recursive list and extract
|
|
* New tar option: --exclude-vcs
|
|
* Improved file attribute support on Linux and file flags support
|
|
on FreeBSD
|
|
* Fix reading Android APK archives (#1055 )
|
|
* Fix problems related to unreadable directories (#1167)
|
|
* A two-digit number of OSS-Fuzz issues was resolved in this release
|
|
including CVE-2019-18408
|
|
- Add libarchive.keyring and validate the tarball signature
|
|
- Drop all security patches, fixed upstream:
|
|
* CVE-2018-1000877.patch
|
|
* CVE-2018-1000878.patch
|
|
* CVE-2018-1000879.patch
|
|
* CVE-2018-1000880.patch
|
|
* CVE-2019-1000019.patch
|
|
* CVE-2019-1000020.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 5 15:16:08 UTC 2019 - Adrian Schröter <adrian@suse.de>
|
|
|
|
- Added patches:
|
|
* CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
|
|
* CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 3 15:26:58 UTC 2019 - Karol Babioch <kbabioch@suse.de>
|
|
|
|
- Added patches:
|
|
* CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR
|
|
decoder (CVE-2018-1000877 bsc#1120653)
|
|
* CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR
|
|
decoder (CVE-2018-1000878 bsc#1120654)
|
|
* CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference
|
|
vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
|
|
* CVE-2018-1000880.patch, which fixes an improper input validation
|
|
vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)
|
|
- Make use of %license macro
|
|
- Applied spec-cleaner
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 18 07:08:54 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Fix RPM groups. Remove idempotent %if..%endif guards.
|
|
Diversify summaries. Set CFLAGS instead of re-defining
|
|
optflags with itself.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 14 06:57:14 UTC 2018 - Adrian Schröter <adrian@suse.de>
|
|
|
|
- update to version 3.3.3
|
|
* Avoid super-linear slowdown on malformed mtree files
|
|
* Many fixes for building with Visual Studio
|
|
* NO_OVERWRITE doesn't change existing directory attributes
|
|
* New support for Zstandard read and write filters
|
|
- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503
|
|
- fix-CVE-2017-14166.patch is obsolete
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 7 07:05:15 UTC 2017 - adrian@suse.de
|
|
|
|
- update to version 3.3.2
|
|
* NFSv4 ACL support for Linux (librichacl)
|
|
- fix-CVE-2017-14166.patch (boo#1057514)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 3 14:44:27 UTC 2017 - adrian@suse.de
|
|
|
|
- update to version 3.3.1
|
|
* Security & Feature release
|
|
Details are not documented from upstream yet
|
|
fix-extract-over-links.patch and libarchive-openssl.patch obsoleted
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 2 13:37:54 UTC 2016 - adrian@suse.com
|
|
|
|
- fix extracting over symlinks: fix-extract-over-links.patch
|
|
the problem is solved upstream different, but git master
|
|
is too different atm.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 26 09:27:32 UTC 2016 - adrian@suse.com
|
|
|
|
- update to version 3.2.2
|
|
Unspecified security fixes, but at least:
|
|
* CVE-2016-8687
|
|
* CVE-2016-8689
|
|
* CVE-2016-8688
|
|
* CVE-2016-5844
|
|
* CVE-2016-6250
|
|
* CVE-2016-5418
|
|
- obsoletes fix-build.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 23 21:13:34 UTC 2016 - dmueller@suse.com
|
|
|
|
- make bsdtar require a matching libarchive version to avoid
|
|
missing symbol errors
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 20 10:31:43 UTC 2016 - adrian@suse.de
|
|
|
|
- update to version 3.2.1
|
|
Fixes a number of security issues:
|
|
CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300
|
|
- and fixing the build (fix-build.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 16 09:33:17 UTC 2016 - adrian@suse.de
|
|
|
|
- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990)
|
|
CVE-2016-4809.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 9 08:42:19 UTC 2016 - adrian@suse.de
|
|
|
|
- 4GB _constraints for ppc64le only, it would break other archs
|
|
|
|
- update to version 3.2.0
|
|
* Fixes CVE-2016-1541
|
|
* Fixes CVE-2015-8928
|
|
* changes are only documented in git history
|
|
* updated openssl patch
|
|
* new bsdcat utility
|
|
|
|
- removed obsolete patches for:
|
|
* CVE-2013-0211.patch
|
|
* directory-traversal-fix.patch
|
|
* libarchive-xattr.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 6 14:45:14 UTC 2016 - normand@linux.vnet.ibm.com
|
|
|
|
- add _constraints memory 4096MB to avoid ppc64le build failure
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Sep 19 20:17:41 UTC 2015 - astieger@suse.com
|
|
|
|
- build static lib on RHEL 7
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 22 19:51:10 UTC 2015 - astieger@suse.com
|
|
|
|
- RHEL/CentOS build fix, skipping autoreconf
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 15 20:11:00 UTC 2015 - astieger@suse.com
|
|
|
|
- add CVE for previous change
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 5 13:36:09 UTC 2015 - adrian@suse.com
|
|
|
|
- fix a directory traversal in cpio tool (bnc#920870)
|
|
directory-traversal-fix.patch CVE-2015-2304
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 11 12:07:46 UTC 2014 - jsegitz@novell.com
|
|
|
|
- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 28 17:18:59 UTC 2014 - crrodriguez@opensuse.org
|
|
|
|
- libarchive-xattr.patch, fix subtle wrong library check
|
|
that causes this package to depend on libattr when it should
|
|
be using glibc.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 24 16:22:02 UTC 2013 - andreas.stieger@gmx.de
|
|
|
|
- add optional -static-devel library package, intended to publish pixz
|
|
for CentOS / RHEL, default off
|
|
- skip some dependencies not required for pixz on CentOS / RHEL
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 20 05:34:09 UTC 2013 - crrodriguez@opensuse.org
|
|
|
|
- remove artificial dependencies on libacl-devel, libbz2-devel,
|
|
zlib-devel from libarchive-devel.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 19 21:14:38 UTC 2013 - crrodriguez@opensuse.org
|
|
|
|
- libarchive-openssl.patch: Call OPENSSL_config where needed,
|
|
otherwise on systems configured to use openSSL engines such
|
|
as via-padlock wont benefit from hardware acceleration.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 16 20:07:27 UTC 2013 - andreas.stieger@gmx.de
|
|
|
|
- update to 3.1.2
|
|
This is a maintenance update to fix issues with the new RAR
|
|
seeking feature.
|
|
- libarchive's new website moved to http://www.libarchive.org.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 16 23:59:28 UTC 2013 - jengelh@inai.de
|
|
|
|
- Explicitly list libattr-devel as BuildRequires (and sort those)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 13 08:05:35 UTC 2013 - werner@suse.de
|
|
|
|
- Use %libname macro to be consistent throughout the spec file
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 5 18:48:08 UTC 2013 - p.drouand@gmail.com
|
|
|
|
- Update to version 3.1.1:
|
|
+ Fix an issue with the soname versioning in builds of libarchive
|
|
using cmake
|
|
- Removed patchs; fixed and merged on upstream release:
|
|
* libarchive-fix-checks.patch
|
|
* libarchive-ppc64.patch
|
|
- The soname has changed and pass to 13.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 23 08:30:05 UTC 2012 - dvaleev@suse.com
|
|
|
|
- libarchive-ppc64.patch:
|
|
fix http://code.google.com/p/libarchive/issues/detail?id=277
|
|
test_option_b and test_option_nodump are failing on ppc64
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 9 09:05:01 UTC 2012 - cfarrell@suse.com
|
|
|
|
- license update: BSD-2-Clause
|
|
The COPYING file shows that the package is predominantly BSD-2-Clause
|
|
licensed
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 7 18:47:14 UTC 2012 - dimstar@opensuse.org
|
|
|
|
- Update to version 3.0.4:
|
|
+ libarchive development moved to http://libarchive.github.com/
|
|
- Changes from version 3.0.2:
|
|
+ Various fixes merged from FreeBSD
|
|
+ Symlink support in Zip reader and writer
|
|
+ Robustness fixes to 7Zip reader
|
|
- Changes from version 3.0.1b:
|
|
+ 7Zip reader
|
|
+ Small fixes to ISO and Zip to improve robustness with corrupted
|
|
input
|
|
+ Improve streaming Zip reader's support for uncompressed entries
|
|
+ New seeking Zip reader supports SFX Zip archives
|
|
+ Build fixes on Windows
|
|
- For more changes since 2.8.5, please see NEWS file
|
|
- Update URL Tag to represent new home of the project.
|
|
- Rename libarchive2 to libarchive12, following upstreams soname
|
|
bumps.
|
|
- Add libarchive-fix-checks.patch: Fix gcc 4.7 side effects.
|
|
- Drop libarchive-test-fuzz.patch: fixed upstream.
|
|
- Drop libarchive-ignore-sigpipe-in-test-suite.patch: fixed
|
|
upstream.
|
|
- Drop libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: upstream
|
|
rejected the patch. Seems to be too theoretical problem.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 7 08:35:39 UTC 2012 - werner@suse.de
|
|
|
|
- Enforce usage of reentrant versions of libc functions
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 13 18:19:49 UTC 2012 - dvaleev@suse.com
|
|
|
|
- fix failed tests on ppc
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 8 10:57:45 UTC 2012 - idonmez@suse.com
|
|
|
|
- Use %makeinstall to be SLES compatible
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 22 11:27:05 UTC 2011 - werner@suse.de
|
|
|
|
- For SLES11 work around missing rpm macro
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 6 16:00:48 UTC 2011 - coolo@suse.com
|
|
|
|
- rename main package to libarchive
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 6 16:00:32 UTC 2011 - coolo@suse.com
|
|
|
|
- Update to libarchive 2.8.5 (from werner)
|
|
* Fix issue 134: Improve handling of open failures
|
|
* Fix issue 119: Relax ISO verification
|
|
* Fix issue 121: mtree parsing
|
|
* Fix extraction of GNU tar 'D' directory entries
|
|
* Be less demanding in LZMA/XZ compression tests
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 30 08:15:50 UTC 2011 - coolo@suse.com
|
|
|
|
- add baselibs.conf for PackageKit to use
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 19 13:23:09 UTC 2011 - idoenmez@novell.com
|
|
|
|
- Add suport for xz and xar archives
|
|
- Add libarchive-2.8.4-iso9660-data-types.patch:
|
|
fix ISO9660 reader data type mismatches
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 11 13:36:59 UTC 2010 - puzel@novell.com
|
|
|
|
- udpate to libarchive-2.8.4
|
|
- see /usr/share/doc/packages/libarchive2/NEWS for changes
|
|
- drop libarchive-2.5.5_fix_testsuite.patch (upstream)
|
|
- update libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch
|
|
- clean up specfile
|
|
- disable make check for now
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 6 04:36:37 UTC 2010 - jengelh@medozas.de
|
|
|
|
- enable parallel building
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 29 17:24:49 CET 2008 - mrueckert@suse.de
|
|
|
|
- added libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch:
|
|
it can happen that your system at build times supports lutimes
|
|
but later at runtime the needed syscall is missing.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 8 17:57:29 CEST 2008 - mrueckert@suse.de
|
|
|
|
- fix rm calls in %install
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Sep 6 17:54:11 CEST 2008 - mrueckert@suse.de
|
|
|
|
- update to 2.5.5
|
|
This is a major version bump again: it incorporates
|
|
lots of bugfixes and improvements.
|
|
For all the details please see
|
|
/usr/share/doc/packages/libarchive2/NEWS
|
|
- drop the .la file
|
|
- dropped patch libarchive-2.2.5_rpath.patch:
|
|
no longer needed
|
|
- added libarchive-2.5.5_fix_testsuite.patch:
|
|
added missing mode to open() with O_CREAT
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 15 12:58:06 CEST 2007 - ro@suse.de
|
|
|
|
- fix dependency of devel package
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 7 16:47:22 CEST 2007 - mrueckert@suse.de
|
|
|
|
- restructured package:
|
|
bsdtar is now the main package and libarchive2 and libarchive-devel
|
|
the subpackages. This saves us a rename on soversion bumps.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 30 14:31:32 CEST 2007 - mrueckert@suse.de
|
|
|
|
- update to 2.2.5 (#291358)
|
|
This is a major version bump. For a full list of all changes see
|
|
/usr/share/doc/packages/libarchive/NEWS. Mostly notable this up-
|
|
date includes the fixes for the following security bugs:
|
|
Errors handling corrupt tar files in libarchive
|
|
(CVE-2007-3641, CVE-2007-3644, CVE-2007-3645)
|
|
- added libarchive-2.2.5_rpath.patch:
|
|
dont set a rpath on the builddir.
|
|
- no longer building the static lib
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 8 01:35:37 CEST 2007 - ro@suse.de
|
|
|
|
- added ldconfig to post scripts
|
|
- remove minitar objects (leave binary there for now)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Apr 8 20:53:59 CEST 2007 - mrueckert@suse.de
|
|
|
|
- updated to 2.0.28
|
|
- removed all patches:
|
|
included upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 24 20:07:04 CET 2007 - mrueckert@suse.de
|
|
|
|
- require libbz2-devel on >= 10.3
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 24 16:30:08 CET 2007 - aj@suse.de
|
|
|
|
- Change requires for libbz2 split.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 6 16:49:29 CET 2007 - mrueckert@suse.de
|
|
|
|
- updated bsdtar-1.2.53_ext2_include.patch:
|
|
the old fix was not complete and on newer glibc/kernel-headers it
|
|
seems you need to include linux/fs.h explicitly
|
|
new name: bsdtar-1.3.1_linux_fs_includes.patch
|
|
- build with -fno-strict-aliasing
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 10 13:01:38 CET 2006 - mrueckert@suse.de
|
|
|
|
- added SA-06-24_libarchive.patch:
|
|
fix DOS in libarchive (CVE-2006-5680)
|
|
http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 22 13:03:42 CET 2006 - mrueckert@suse.de
|
|
|
|
- update to version 1.3.1
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 27 02:32:57 CEST 2006 - mrueckert@suse.de
|
|
|
|
- updated to 1.2.53:
|
|
Upstream merged the source tarball.
|
|
Splitted of a bsdtar package
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 27 19:24:00 CET 2006 - mrueckert@suse.de
|
|
|
|
- fixed building of debuginfo package
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 27 18:32:04 CET 2006 - mrueckert@suse.de
|
|
|
|
- libarchive 1.2.38
|
|
|