Accepting request 1326476 from Archiving

OBS-URL: https://build.opensuse.org/request/show/1326476
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libarchive?expand=0&rev=62

fix-bsdunzip-test.patch

@@ -1,19 +0,0 @@
-commit 64e2e88ec326dd37fcb85c9a9d21fa43444a0a59
-Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
-Date:   Wed May 22 10:13:47 2024 +0200
-
-    Fix test failure on openSUSE:Leap:15.5
-
-diff --git a/unzip/test/test_I.c b/unzip/test/test_I.c
-index 5d31ce8d..92e5ce59 100644
---- a/unzip/test/test_I.c
-+++ b/unzip/test/test_I.c
-@@ -45,7 +45,7 @@ DEFINE_TEST(test_I)
- #endif
- 
- 	extract_reference_file(reffile);
--	r = systemf("%s -I UTF-8 %s >test.out 2>test.err", testprog, reffile);
-+	r = systemf("env -uLC_ALL LC_CTYPE=en_US.UTF-8 %s -I UTF-8 %s >test.out 2>test.err", testprog, reffile);
- 	assertEqualInt(0, r);
- 	assertNonEmptyFile("test.out");
- 	assertEmptyFile("test.err");

fix-soversion.patch

@@ -1,13 +0,0 @@
-Index: libarchive-3.4.0/CMakeLists.txt
-===================================================================
---- libarchive-3.4.0.orig/CMakeLists.txt
-+++ libarchive-3.4.0/CMakeLists.txt
-@@ -71,7 +71,7 @@ SET(LIBARCHIVE_VERSION_STRING  "${VERSIO
- # libarchive 2.9 == interface version 11 = 2 + 9
- # libarchive 3.0 == interface version 12
- # libarchive 3.1 == interface version 13
--math(EXPR INTERFACE_VERSION  "13 + ${_minor}")
-+set(INTERFACE_VERSION  "13")
- 
- # Set SOVERSION == Interface version
- # ?? Should there be more here ??

lib-suffix.patch

@@ -1,42 +0,0 @@
-Index: b/libarchive/CMakeLists.txt
-===================================================================
---- a/libarchive/CMakeLists.txt
-+++ b/libarchive/CMakeLists.txt
-@@ -266,13 +266,13 @@ IF(ENABLE_INSTALL)
-   IF(BUILD_SHARED_LIBS)
-     INSTALL(TARGETS archive
-             RUNTIME DESTINATION bin
--            LIBRARY DESTINATION lib
--            ARCHIVE DESTINATION lib)
-+            LIBRARY DESTINATION lib${LIB_SUFFIX}
-+            ARCHIVE DESTINATION lib${LIB_SUFFIX})
-   ENDIF(BUILD_SHARED_LIBS)
-   INSTALL(TARGETS archive_static
-           RUNTIME DESTINATION bin
--          LIBRARY DESTINATION lib
--          ARCHIVE DESTINATION lib)
-+          LIBRARY DESTINATION lib${LIB_SUFFIX}
-+          ARCHIVE DESTINATION lib${LIB_SUFFIX})
-   INSTALL_MAN(${libarchive_MANS})
-   INSTALL(FILES ${include_HEADERS} DESTINATION include)
- ENDIF()
-Index: b/build/cmake/CreatePkgConfigFile.cmake
-===================================================================
---- a/build/cmake/CreatePkgConfigFile.cmake
-+++ b/build/cmake/CreatePkgConfigFile.cmake
-@@ -4,7 +4,7 @@
- # Set the required variables (we use the same input file as autotools)
- SET(prefix ${CMAKE_INSTALL_PREFIX})
- SET(exec_prefix \${prefix})
--SET(libdir \${exec_prefix}/lib)
-+SET(libdir \${exec_prefix}/lib${LIB_SUFFIX})
- SET(includedir \${prefix}/include)
- # Now, this is not particularly pretty, nor is it terribly accurate...
- # Loop over all our additional libs
-@@ -29,5 +29,5 @@ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DI
- # And install it, of course ;).
- IF(ENABLE_INSTALL)
-   INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/build/pkgconfig/libarchive.pc
--          DESTINATION "lib/pkgconfig")
-+          DESTINATION "lib${LIB_SUFFIX}/pkgconfig")
- ENDIF()

libarchive-3.7.4.tar.xz.asc

@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQGzBAABCgAdFiEE2yx88bTCZfrvVuP8WEihi48UGEsFAmYre4IACgkQWEihi48U
-GEvAuwwAmsnbql7+1CW9RuBHitOvHyIL6sHbjR0Hd3ruI9s3FMevMBzPjpb5MgOU
-/D+o0amv1Tv/QSJAid1siZIumgur2hzqglNMK5FkoajpZ1UjYASHHxFoh5qkRKvW
-Ws/ViXMVGB2DlyydzzjFwa0JAAK/IpD9uKPPr6rgt+cRBibkWXuJILbmzi/DF1XH
-zlp/5FGwzY4/zhqbXgz11ZhX3gacdLd68+xsYbSII2JvZ2yb2zsS+0ia3skUawEj
-QMKzdpErqO+RedsRiJG9fjA65Q1hKWpMoWMuKZWLX+v0iv/OHv57RzLelmPy6Ohw
-0/PwCHFzFmOfu2LZd+mCWsrYaBrezGJq9tm+pAsCXSxcj3LuQwZ6d8/wgtS5CeNE
-+LoHCbzAcI5WiyU3wbw1qvulVDewL+j0rQoj23Lj2z9ry2K94NMpYji3JMkWI8dS
-QXitZd29uZ9l5Jf5Kz9BLHOoO1Q8bEOGB33dLpT+UIjFoJ6wqxNXef6OAECoHGH0
-OnEtTuAX
-=kNTk
------END PGP SIGNATURE-----

libarchive-3.8.5.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d68068e74beee3a0ec0dd04aee9037d5757fcc651591a6dcf1b6d542fb15a703
+size 6009124

libarchive-3.8.5.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEZZyEwOI+ofqX4LWMwEC1CNY9KzYFAmlblxkACgkQwEC1CNY9
+KzaTgw/6Aiworoj88mBHOtONa8HChuwVeTku8MyXPWVQxBuopLLCTOr/20XurcNK
+RjvQQF146u0UsxZSGWXQxxHA6PmaN89zCu5rGmUC4ikK7QFY7uNHSBh0O/5o9/bN
+GRtKKn7vvVGi/GLI++1fkAJBSpcGO2wnDQQ1SsJWETBL5Of8zPmNrrbVor/pC+iY
+Ega5Lom4KQGHwhwOSqM4MUnZ8iAbtx9U+FWvjvCpy1vO8e9TebiHR1xOrv8oK522
+JHklOMLWkHzyXgH3JI0lV6q9u+cMpPSgRpHwYOvIuvpd0FMCryJwb7EPzZWk4D16
+qdHAIAUkOpxNVrRMpjml9bH2fcDIsxjvKpHA7By5ollLi2TrGKCUqs7/4G7B3zAA
+6H0GWj2WmGAFlW0FoQJOytDnfvh/N8FIA/xmkqMoa1SOknCHQTbuJOCueO8oZHw0
+ea2rN5xsVUxSh/VLoaKkTS2TGZXyS/XjjonCL408hDSKWgaXLg658eqgdElRWBGj
+UhwC7Tci9OMmuWufj7vcZjz+ZPeo4aWUc5W4uIOT27BuWLz90QHSF1GfN9kwpOAG
+mWYmm3MlTJPJhaJkhwiZ4p0JQ6dQBXCwa6CO4fCn1+Cs9KRaVFynsQti/cFR/u0J
+qSmdhm7tG4ezCh76f6Mwx4mAbMBIvJa6M/fDPJsP9DqIx5gq1do=
+=g65Z
+-----END PGP SIGNATURE-----

libarchive.changes

@@ -1,3 +1,171 @@
+-------------------------------------------------------------------
+Fri Jan  9 21:34:50 UTC 2026 - Marius Grossu <marius.grossu@suse.com>
+
+- Update to 3.8.5:
+  * bsdtar: fix regression from 3.8.4 zero-length pattern issue bugfix (#2809)
+  * various small bugfixes in code and documentation
+- Remove libarchive-3.8.4-tar-fix-tests.patch to fix tests 
+
+-------------------------------------------------------------------
+Tue Dec  9 09:17:20 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Update to 3.8.4:
+  * bsdtar: Fix zero-length pattern issue
+  * lib: Fix regression introduced in libarchive 3.8.2 when walking
+    enterable but unreadable directories
+- add libarchive-3.8.4-tar-fix-tests.patch to fix tests
+
+-------------------------------------------------------------------
+Sat Nov 29 09:02:11 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Update to 3.8.3:
+  * lib: Create temporary files in the target directory
+    (boo#1254340)
+  * lha: Fix for an out-of-bounds buffer overrun when using
+    p[H_LEVEL_OFFSET] (boo#1254341)
+  * 7-zip: Fix a buffer overrun when reading truncated 7zip headers
+    (boo#1254342)
+  * lz4 and zstd: Support both lz4 and zstd data with leading
+    skippable frames
+- update upstream signing key
+
+-------------------------------------------------------------------
+Fri Oct 31 19:56:50 UTC 2025 - Adrian Schröter <adrian@suse.de>
+
+- update to 3.8.2:
+  Security fixes:
+   * 7zip: Fix out of boundary access
+   * tar reader: fix checking the result of the strftime (CVE-2025-25724)
+
+  Notable bugfixes:
+   * bsdtar: Allow filename to have CRLF endings
+   * lib: archive_read_data: handle sparse holes at end of file correctly
+   * lib: improve filter process handling
+   * lib: fix error checking in writing files
+   * lib: handle possible errors from system calls
+   * lib: avoid leaking file descriptors into subprocesses
+   * lib: parse_date: handle dates in 2038 and beyond if time_t is big enough
+   * RAR5 reader: fix multiple issues in extra field parsing function
+   * RAR5 reader: early fail when file declares data for a dir entry
+   * tar writer: fix replacing a regular file with a dir for ARCHIVE_EXTRACT_SAFE_WRITES
+   * tar reader (Windows): check WCS pathname in header_gnutar before overwriting
+   * tar reader: fix an infinite loop when parsing V headers
+   * zip writer: fix a memory leak if write callback error early
+   * zip writer: fix writing with ZSTD compression
+   * zstd write filter: enable Zstandard's checksum feature
+
+-------------------------------------------------------------------
+Thu Jun  5 21:05:40 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 3.8.1:
+  * libarchive: fix FILE_skip regression
+  * compress: Prevent call stack overflow
+  * iso9660: always check archive_string_ensure return value
+  * tar: Support negative time values with pax
+  * tar: Reset accumulated header state after reading macOS metadata blob
+  * tar: Keep block alignment after pax error
+  * tar: Handle extra bytes after sparse entries
+- includes changes from 3.8.0:
+  * bsdtar: support --mtime and --clamp-mtime
+  * 7-zip reader: improve self-extracting archive detection
+  * xar: xmllite support for the XAR reader and writer
+  * zip writer: added XZ, LZMA, ZSTD and BZIP2 support
+  * zip writer: added LZMA + RISCV BCJ filter
+  * rar: do not skip past EOF while reading (boo#1244159)
+  * rar: fix double free with over 4 billion nodes (boo#1244160)
+  * rar: fix heap-buffer-overflow (boo#1244161)
+  * warc: prevent signed integer overflow (boo#1244162)
+  * tar: fix overflow in build_ustar_entry (boo#1244163)
+  * bsdtar: don't hardlink negative inode files together
+  * gz: allow setting the original filename for gzip compressed files
+  * lib: improve lseek handling
+  * lib: support @-prefixed Unix epoch timestamps as date strings
+  * rar: support large headers on 32 bit systems
+  * tar reader: Improve LFS support on 32 bit systems
+- drop lib-suffix.patch, different implementation upstream
+- spec file clean-up, removing currently unused -static
+
+-------------------------------------------------------------------
+Sat Apr  5 08:28:47 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Update to 3.7.9:
+  * fix regression regarding GNU sparse entries
+
+-------------------------------------------------------------------
+Sun Mar 23 18:15:43 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Update to 3.7.8:
+  * 7zip reader: add SPARC and POWERPC filter support for non-LZMA compressors
+  * tar reader: Ignore ustar size when pax size is present
+  * tar writer: Fix bug when -s/a/b/ used more than once with b flag
+  * libarchive: Handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
+  * libarchive: Adding missing seeker function to archive_read_open_FILE()
+- inludes the previously patched security fixes, dropping:
+  CVE-2025-1632.patch, CVE-2025-25724.patch, CVE-2024-57970.patch
+
+-------------------------------------------------------------------
+Tue Mar 11 15:54:34 UTC 2025 - Marius Grossu <marius.grossu@suse.com>
+
+- Fix CVE-2025-1632, null pointer dereference in bsdunzip.c
+  (CVE-2025-1632, bsc#1237606)
+  * CVE-2025-1632.patch
+- Fix CVE-2025-25724, Buffer Overflow vulnerability in libarchive
+  (CVE-2025-25724, bsc#1238610)
+  * CVE-2025-25724.patch 
+
+-------------------------------------------------------------------
+Tue Feb 25 15:14:11 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Fix CVE-2024-57970, heap-based buffer over-read in header_gnu_longlink
+  because it mishandles truncation (CVE-2024-57970, bsc#1237233)
+  * CVE-2024-57970.patch
+
+-------------------------------------------------------------------
+Thu Oct 17 08:41:56 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Update to 3.7.7:
+  * gzip: prevent a hang when processing a malformed gzip inside a gzip
+  * tar: don't crash on truncated tar archives
+  * tar: fix two leaks in tar header parsing
+  * 7-zip: read/write symlink paths as UTF-8
+  * cpio: exit with an error code if an entry could not be extracted
+  * rar5: report encrypted entries
+  * tar: fix truncation of entry pathnames in specific archives
+
+-------------------------------------------------------------------
+Fri Sep 27 19:15:54 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Update to 3.7.6:
+  * tar: clean up linkpath between entries
+  * tar: fix memory leaks when processing symlinks or parsing pax headers
+  * iso: be more cautious about parsing ISO-9660 timestamps
+- Version 3.7.5 changes:
+  * fix multiple vulnerabilities identified by SAST
+  * cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
+  * lzop: prevent integer overflow
+  * rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971)
+  * rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972)
+  * rar4: fix OOB in delta and audio filter
+  * rar4: fix out of boundary access with large files
+  * rar4: add boundary checks to rgb filter
+  * rar4: fix OOB access with unicode filenames
+  * rar5: clear 'data ready' cache on window buffer reallocs
+  * rpm: calculate huge header sizes correctly
+  * unzip: unify EOF handling
+  * util: fix out of boundary access in mktemp functions
+  * uu: stop processing if lines are too long
+  * 7zip: fix issue when skipping first file in 7zip archive that is a multiple
+    of 65536 bytes
+  * ar: fix archive entries having no type
+  * lha: do not allow negative file sizes
+  * lha: fix integer truncation on 32-bit systems
+  * shar: check strdup return value
+  * rar5: don't try to read rediculously long names
+  * xar: fix another infinite loop and expat error handling
+  * many Windows fixes, cleanups and improvements
+- Drop fix-soversion.patch, fix-bsdunzip-test.patch
+  * Fixed upstream
+
 -------------------------------------------------------------------
 Thu Jun 20 14:56:58 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
 

libarchive.keyring

@@ -1,52 +1,82 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: 659C 84C0 E23E A1FA 97E0  B58C C040 B508 D63D 2B36
+Comment: Martin Matuska <martin@matuska.de>
+Comment: Martin Matuska <martin@matuska.org>
+Comment: Martin Matuska <mm@FreeBSD.org>
 
-mQGNBGOTSakBDADYnE8uP/uR+viUTGNdMG8tWtoopvEEACFOwqx6NPb9sXvip5z2
-0ochmO+jNqbV+OiS/6gjpd2f2fmJ241ooqbqZrWklabohbr2ros25bmi1C/77FEK
-sGulay334p1LXPxQA3kjEQSINMresnt8FYCO5q50VHgmnhSNaom8jPAy9S06fWqP
-yXAXoJ53hwzYN6Bgb2CnU5FTwC9O4v5sI4wjQYq5JC9cbl1hM5PzC5bIse79l5Nq
-YTsSuSY2RhOQ7w6L6V295l7C6TPkPBcqkg4Q+AYzdTTZagMN9NcchembtR/aMbuE
-xg1PiUMdPOu99uW605XikwwYTy0ZGlz7GZE9EcpoBaoSX5m3haM5k59e5839YtnC
-VbS0XOLCDp8uPMbLElGsLH6J1f1RxxV+h4r6ZypDSC0vTi54qI1nxsdJm1n21iwQ
-0zP77oLUaIc+Nb0Mmh61+YFPLMgeHlfEsnsYzTWJU/tt6rlFFECKSlBGkiIXy1Ie
-yKx2D+OlCZJ7FQMAEQEAAbQjTWFydGluIE1hdHVza2EgPG1hcnRpbkBtYXR1c2th
-Lm9yZz6JAdQEEwEKAD4WIQTbLHzxtMJl+u9W4/xYSKGLjxQYSwUCY5NMJAIbAwUJ
-BaOagAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBYSKGLjxQYS8wPDACGqLMh
-K5QGA3fjAY5GxEmYUOLB/0fwtCCsW9I1oVOkqdjR72c6iEKcPDcRpU1Xavncb/Kk
-N3kD/xQAVpNhn5tIfNAhflZIeB/2gsOv79qBKyo9SkM9TpdNd60H/uOEeYFA0fPF
-qXvrtdxK9gL3qkZtThvGnW49OlAHd8HvOMHCfCWMvJfwnt19PH/HR3cI3aXQHe3a
-Oek3+E4eKlCruOm0CM1OKfv6FuO79URSw2NB+Tskj2NW91jIF8iZXveR/qi1lupn
-AMLhXXpSJOmRGepKvfPRYoV7llSgSOdE+lElC6ljpe41T19c2PiVxUJOJmT4mtJo
-9ghVUeIkUhXNpAU/5I6QAtPoGQfQVcE23PtFM7gibC3nL7yPT8igi904msOIxoUk
-4kTOUCmW1KcGRT8SNnOrMkdEDGBg1QNNx7D/jyQf6umg4si3wu5NoVYr4eGorDxu
-J0Jq2wm42JQDnXWnmoQpO/XwaOwV+OIveMHd0jgtqYHsQiry8IpUWb/0is60H01h
-cnRpbiBNYXR1c2thIDxtbUBGcmVlQlNELm9yZz6JAdQEEwEKAD4WIQTbLHzxtMJl
-+u9W4/xYSKGLjxQYSwUCY5NJqQIbAwUJBaOagAULCQgHAgYVCgkICwIEFgIDAQIe
-AQIXgAAKCRBYSKGLjxQYS2z5DADN7TMpp246axc2NYYTzmHM1iN39EERH/gXT7dl
-+d9uY9i1dPZrtzuLoh/yQX8z3P/WeR2czSRWhkxqZ4R64oYiOq2VA1aJ9QopFKIi
-DA1mzTjDvuFiuhVR0484gxXf4N6peVhEoGZvUhLaR1n4L5ykAGwKLyqwOQqwK/BX
-jxDSgM45bCWhImE6yux6yNrOYTGZA0IsRShRoDbmXvPZPBxMvQEa8RnzI9QqxbZR
-17bNCt4VRYXUUpD1vAccJcLl1UGK12OSIevuUdv17Y05Da4IOhGHz9dXsojeFX4u
-S7h1JsGZFV4O7XyVpnF5qwqYukN/ScYg2QJIkm/Is3m2AVx58xh2twoFfBew6qID
-tnuWtzKlIqOlFST5nhSCaIAoGiVDEisXMY1ZffUJsugaKK6cufCw16dU9C3Kez4T
-ap5j1vkIdPylL7i631g7UnNvpi/5ZaxAB3yB00G0LKqTRGjqRAaXnCDuXA89brLF
-/wLqwsOROw6B1iQ/OyDhTPS0z6i5AY0EY5NJqQEMALs/XcCV+Xe34TA/eOWyQ4Qe
-qbNMdjNBxXW3gpapCG5pMKtlrN/elyYTPJHeas63VWWYyWEhpfb54gISyZOrkwU2
-S6kRtNSw4dADLDbMjfclB+EMKkF3rovhlBz5483PC5Dbw4KVIvZPgdWbAzUERBey
-XOlN2n5EQjcKcpuAlXlgR4ZtN9n1Po5SgCyjJbufIBxAho+Em1QoX+hne4eGfKf8
-o8feHbKibBqINj58GpCzyoyDDQ4NV+gRxU3AR85p2jNJrSrFELh7ZnHLTQvE1D9b
-/DRhRHDshTRTiAVHGrlCvhIQL1NnsOqqZUz4zv03CsPzMNfvgxlw8rvt1SIAZecC
-L9xz6P5zVb0svVq89Sc7S5AY7xQ7YhMf+fuG2ihpJFMAEBACypcqnLj0pdG1cZiv
-dx7Pw4Gd/sag5uUiRj+myPzOo5LpfbU8acmGEoemdZOsO1XO1ABJFOhXHY6cyLgD
-xk7sQvnlO2tTu1qvwPzKSr0XX6MfqUgtHwkELSnEVQARAQABiQG8BBgBCgAmFiEE
-2yx88bTCZfrvVuP8WEihi48UGEsFAmOTSakCGwwFCQWjmoAACgkQWEihi48UGEtO
-Hwv+Lht02gAsLxdqoMs5gBhC/jY2KMJhx/jrhCeIvdZWAZiBJ9wslqJkbhwF6tNt
-/x1BY8pam4j5enLkLCWyyp3wm0QWiJME0N3+tN5QMFpO5kMbFygCCIXSOd+kfrA1
-xFfQt840LTV1rzvp+YW8SYBFjWtanW4K49C7cewacZbY+zwsWZ/FV1bbEZGnB7lL
-0hiwOiXfjmxg0fVlEjLy7bt/8pxJ6w4wQsm78a4l3D2Oo1ux97Kcb+ymJvABmG7X
-Lc90uLbJFBiSbxxbVcbvHx55kGtEzttN+YzJuOTDgXHoFXL4wMTsyVlkzCw1m/qW
-uW68PO7RtXWl4C1aa6K/xC2jgiFT8IwppkEINeb2lIy96iyOPKD+NzocHBCcbx4W
-f9yXue8x8Bptr5Pzv1G422yRLv4N9Hdb3fSALs1FCjVJFuov3FPjpKz6YhyY0vLj
-PNcYqehQphtFs0ra8+OkupcNBiAYsPUlMGhFQakPxpEl4/IM5dny0YrtTuYJAdrI
-HXDL
-=weXn
+xsFNBGkbo5wBEADvETPxMJo6FfGWVwILYdkly6HppKUIETRrFEVY3jahDs9Lnit8
+3QfTuXoCYfgvZXaoppcoZZF3YJ7BSFAERKI0idl+/gZDCatMkiE5gHLqQv0BdFcA
+mbEF9tN6gsHASekSKNOVSPWuVUvhH2PhXtc8Hp/ysB6nVJ+Sw0ePB+bMkkU5fwIJ
+QWEAuFsl+PS1ip4IS0UdPLAhDkdOqruMJaxJoIr7c1+Tq8vrqZ7DQ3DBnCbflb6G
+7OjoTsqioNQ/78p0mMTm9pswh9l3Ak0tHOWmEOfCkKuGm5+xNWTy7hRiB9eEai5r
+BvkRlZ4cG1Tbu2Kycf//akAaO1fTLlVellnrgiuTopucxYYL77NFuRIddfRRQK3v
+k3yQdZwyuwa9yTzJuZ/jkfoHsTFpnNY1GLl/ruyOFpzhKSoaAecRyU18w7qE8gO7
+RBtOMWMhmqspX6qFznAGyNd8CAm/8pn0nntkHV7cyNC1GRm8vhxcGZdE7NX4xM3w
+d4f4m8PKBvSlrlOkZ8XKIZWNl2I/JKJyjxC0Hozdi8hXu5Jf4lzN0rO3w4XWum9f
+ZBxI8GEOHKyWZwpAkUcimBV2PSkp8JZGSwX7mJgsS5ivV4wPBkp0XvhoEIzDE52H
+wsfLo9Xfj1lPIxOLYtqpTsetKzq6BbmJm8l7e9WlcY6GO4b+mjs9JVq4WQARAQAB
+zSJNYXJ0aW4gTWF0dXNrYSA8bWFydGluQG1hdHVza2EuZGU+wsGUBBMBCgA+FiEE
+ZZyEwOI+ofqX4LWMwEC1CNY9KzYFAmkbo5wCGwMFCQeFfBQFCwkIBwIGFQoJCAsC
+BBYCAwECHgECF4AACgkQwEC1CNY9KzbL7xAAt6ik1v61ZN59i4pb23ObmtBUpIaJ
+UZ2VFhNgSxaTqKikBsQxnlBVQ6rKE97d7ZbTO4ajwFvV1MGBe6Yg9GuG3GLWNloY
+hs+bMPZB4+kLFK88dHornRi7Ey4qGjojfEZ3J4p0DAS38y6HW+/YDo+aZTs/O0vb
+19AQssccz/FWrEGxw+LJGZ7wMU5bq8UbQiItVjoLfQHCfXFXnMCVbpc/fi1+KIt8
+MmGW7sQuu1bPpoSVGW3XNlUXUPK8U2aNXrNGmqTlSIPUzWufSCFtIu5QEwAN/lrk
+7QHvEr/kbiB86DPXvrN6vGw2ORWkNEhUgnilHNdFX7u3M/KpSB3f0CpIuBF4rTXN
+xM08+mFm3kp6r2jZ3Lirnsl/oZTIB+npcF9OSrwW+qJ3LrnimVwMM4YIFKq3W24b
+icCoCfnWHI5zGIjEoCNhnkV4cFQfOsrzwnD39XROEddTj5PFKJSMf7FmMUa3X2yA
+nvQdhfexJi6l2/+8wv2G+Ie/OcdtkeedXjXXvnbOUtap8c+TvLt+r6vP4i9XwDXb
+CEL4TMVendZX4BDMusAU+j67vGtfmCDPpnuurj3uvTzx9I9rOZ+8+Cq4HP6tT+Is
+tBftcyKf6MKtY1naiKGFWnhVCxo5LczxYQC3SMFfCeG3ljl95a5yGBSyCRBsNxil
+3WdlDiY3KSTV9qPNI01hcnRpbiBNYXR1c2thIDxtYXJ0aW5AbWF0dXNrYS5vcmc+
+wsGUBBMBCgA+FiEEZZyEwOI+ofqX4LWMwEC1CNY9KzYFAmkbo7MCGwMFCQeFfBQF
+CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQwEC1CNY9KzZ41g/9EwXeMXXe5Mg6
+FFRKSfJZbeD+4VuRLUNHgS/L8YmgdI7aP81536pQy7htlL3Z1IQgZJJ5SBsDGPYX
+zd4cTScESiB6yg+eX63BuCJxQsTWluVeh5k9xhb+m4fHiY6vRaf3M3n9SXrryYlZ
+Sl4JEMO51IWcjVhCwbxjnXN0GORA0h74feAwRUhAHIONGjygnBDDAShIlHrXyEa2
+D4Zp32ko+KzCwairPcoQX/iu+gzIDde2wl5iChBbiaiSO7tU1TNVJB7k1pWl+656
+dboUlBH9qm2eBshexDc7Tl3YhNvxekwd/XFyOGj9hsua3w5m1VMrEDEWzp6i+M0V
+nWS0aGXx2j6GsQF8SxZJ9oXwatwWv95n7DYV+Prx4Q9RrMup4FZJ0qu6YnYGsbRI
+w8i7YFQm9q9N0dzWn9rxu3MGVTK0wgwTTPxDT29NwLNdAnnBYOx+TlqiujRC2S/c
+WOSrRHpFDsefc4HvHR5X9kOJn6AvUgZLYClm9aT6rTvY5WYBXDZTg90oyoWdqiG6
+zT7C5EAjLDy2H3ehNsyymYfr3MKNlBN/1JHZqnzZ0C04pexef9LQngoLIe4emltF
+uLlJ+3N0Az3qjDbxSMvXxUSha1G+ZU9xRwRNH5r1VS7+m7IewVRSosM1uLvzeYdr
+RzNFONhUSypFmYJrFLPiDbbGc3F8si7NH01hcnRpbiBNYXR1c2thIDxtbUBGcmVl
+QlNELm9yZz7CwZQEEwEKAD4WIQRlnITA4j6h+pfgtYzAQLUI1j0rNgUCaRujugIb
+AwUJB4V8FAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDAQLUI1j0rNgvdD/9f
+q1hZzn+D63GzvAuSW2TDl/2tjx/Nw9xyFcTZDoJINvTP8+2Bu5lxCAfnpWl47pkR
+FT3YF50VjujX++TwuWJvuVVI8yTZJUQOECZ0JJlfQtanT7CWQ5qUwgRhfHZOX7R9
+yffTsb9IcWwBg1GWmsurZHB9ZipmuLAp4e0WF8ZrJDjuu4fYRp6N8CUxaF/DuI4m
+zUxmmYVFmwO2mL89hXw1rBCmYexkMrKwcs+iu7+HJQlBPJS2SDidXNrpwQoQ/XOf
+O8v+gReaQgUWhb3PKc5o8yCO7mGF2Mu96CPbSJS2HaSdw61hYCnn4vCsi8VyUrkV
+ozGLMU5YJfVTe1xqbBKqg7Cnx8HeyGBvk4DFDaP6ZtJ7Zk+yKdyPofDzrLqtqjZF
+XwXEN+gdEz1AZPIeanu4kJZePuoZpj0jP5kiGyux2SRx2UKItcI8eMDyPCveSzpp
+oTE3LYn4xzbQ+pX/uZgC3IY2LgDc5SSAhHNSq/yGl02OohWCjGIW14m3V8hv5Eqh
+VEy27v6hKBbQzhC2hrIl4Htt4wGL8y/LBTbHBBYvKkqWcLYTfpTAChDk8Nhp/YiT
+K8vrZfBX4ZaRxqwoKCl/wUYpUSUzz+nbOPEHjHacbMPEhrhTsvSOZU0sD4QoYJd2
+OThcLP3pB57NMEd+jmFKcGns0WhydUq/3lmDvb5oVc7BTQRpG6OcARAAr3XLdz5q
+uxoLsEwDoKJaSp2FvaQZ+yRyayKyTaj0NFsTRKgv8V+tQNdNRhMUsS4XMFzMQ6rY
+fiJmvHT6XDFKRhOgyT3oI8kVJG987xrdzw27ECTdjwG9T/p2CotuyEByMMJds2Ji
+p33dKWNXcQMnoHH0EZ/29ZsXLRXAHp2z5lq7Jv/0BpUSYH8+eekPqkrFBRNJrn2S
+plSYM/FtCbAKnvToZmcgNUmgaaFPy1jRLyss2hVnGA6OSZOvJVChtEQsKdvuprEY
+iYUPEjpnKFt2m4oyhsQvI9BxW6ny6pYkwVzGa/oxN3DB2PJ6mCnMFEyzBR5QXCDR
+QVR5jyAiLQEBE9Ol53cC6CZG9BroRetPX8njPztdXsIzEJLaAqvJ5fQpd/DE5mME
+0JTUhAGW2cAKEnVJryUyfJ3ft753cw8ZXoSwFTFN/GDebfqUztwKPjzILYaa1Ryx
+va2mCVu0S0a91ib7Lpa1RTVw15sDBfLnGum2ChJ8qobBOfAJTdmBWZxeSBdwQ6gb
+unJ33K2BPH+FR4xZcQXoz9wC6bgJnNudljlbeyw8pyOkQWeja9bXdddXLfuQLAOj
+xTcxs6QtpuCZuKitoVu9x1B+dAeBj37rhcV1sVwYPGaUCM+527c+h0smy0Pz+ITL
+049x68e1nm6D9hFjvMscuodwgzZj/UZoMbsAEQEAAcLBfAQYAQoAJhYhBGWchMDi
+PqH6l+C1jMBAtQjWPSs2BQJpG6OcAhsMBQkHhXwUAAoJEMBAtQjWPSs2/SkP/0R2
+JHgE7Yz6rgmfOWL7SBW5xCjvVwglXoyyRliiRd84cvqOSGZeY4333O9uanYLo+uW
+J0jz8I2wMieXcdBHq6N/evzO1ps55jsbHIb8AcfYMdW3DeP7C9QAvMUOIANY5Wm3
+ZmvWMNeGtW16gTg9F680EyRzxCWbK2uno/OrgO5RljrSX7P3lPLuPFzcDYI9wNUX
+UOhkAcuyRa2QBA8P4lag1QhbVxKFN4nWpw47V4ad0dgMp6LdFEB48Yio9tyNe464
+XFU6KkoenII4E23hAueSb2Y8Wti8T5Q/vVNJpU5DnHTaPJA/0V9ahUeOyMzvv9Wt
+QHh72P0uGtYQLZRqKrecEdtaREPM63AfYdlQEvr6xiODSUgJzk1ApofFBJoJocCg
+sBssj4BmZX7/YBG+VNZ/WOSJwUVm2YdBrTEBQDgUrQBG5JHsUUC/y2h/CXKsqjxK
+wM2KI6245FGHLmDqjuhDha93+XPIWxZdsXymqZtabCTL2Ck7F7VEfvZeLQdABEJc
+SMLX7CirwB4nxDJnCpXT9EVx/2Dr7Nxuj3A40QmDmzGwjTMeQYk9HBd+3AqcDrT0
+XcGScS8NcIzfu7VMzOseRlGuvqFdb8icIanTzq/x2ERuK120IMrXDIbFkWnnHz+e
++v00rWkJq+IWj/uDcWwC5MDOyYENoGaeD2GAnO40
+=Bisa
 -----END PGP PUBLIC KEY BLOCK-----

libarchive.spec

@@ -1,7 +1,8 @@
 #
 # spec file for package libarchive
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
+# Copyright (c) 2025 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,19 +19,8 @@
 
 %define somajor 13
 %define libname libarchive%{somajor}
-%if 0%{?centos_version} || 0%{?rhel_version}
-%if 0%{?centos_version} <= 600 || 0%{?rhel_version <= 700}
-%bcond_without	static_libs
-%bcond_with	openssl
-%bcond_with	ext2fs
-%endif
-%else
-%bcond_with	static_libs
-%bcond_without	openssl
-%bcond_without	ext2fs
-%endif
 Name:           libarchive
-Version:        3.7.4
+Version:        3.8.5
 Release:        0
 Summary:        Utility and C library to create and read several streaming archive formats
 License:        BSD-2-Clause
@@ -40,29 +30,21 @@ Source0:        https://github.com/libarchive/libarchive/releases/download/v%{ve
 Source1:        https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.xz.asc
 Source2:        libarchive.keyring
 Source1000:     baselibs.conf
-Patch1:         lib-suffix.patch
-Patch2:         fix-soversion.patch
-# PATCH-FIX-SUSE danilo.spinella@suse.com
-# bsdunzip test fails because of a locale issue, set locale properly to fix it
-# It will be fixed in the next release
-Patch3:         fix-bsdunzip-test.patch
+# https://github.com/libarchive/libarchive/issues/2804
+# https://github.com/libarchive/libarchive/pull/2809
 BuildRequires:  cmake
-BuildRequires:  libacl-devel
-BuildRequires:  libbz2-devel
-BuildRequires:  liblz4-devel
-BuildRequires:  libtool
-BuildRequires:  libxml2-devel
-BuildRequires:  libzstd-devel
 BuildRequires:  ninja
 BuildRequires:  pkgconfig
-BuildRequires:  xz-devel
-BuildRequires:  zlib-devel
-%if %{with ext2fs}
-BuildRequires:  libext2fs-devel
-%endif
-%if %{with openssl}
-BuildRequires:  libopenssl-devel
-%endif
+BuildRequires:  pkgconfig(bzip2)
+BuildRequires:  pkgconfig(expat)
+BuildRequires:  pkgconfig(ext2fs)
+BuildRequires:  pkgconfig(libacl)
+BuildRequires:  pkgconfig(libcrypto)
+BuildRequires:  pkgconfig(liblz4)
+BuildRequires:  pkgconfig(liblzma)
+BuildRequires:  pkgconfig(libxml-2.0)
+BuildRequires:  pkgconfig(libzstd)
+BuildRequires:  pkgconfig(zlib) >= 1.2.1
 
 %description
 Libarchive is a programming library that can create and read several
@@ -140,13 +122,12 @@ compression, archive format detection and decoding, and archive data
 I/O. It should be very easy to add new formats, new compression
 methods, or new ways of reading/writing archives.
 
-%package -n libarchive-devel
+%package devel
 Summary:        Development files for libarchive
 Group:          Development/Libraries/C and C++
 Requires:       %{libname} = %{version}
-Requires:       glibc-devel
 
-%description -n libarchive-devel
+%description devel
 Libarchive is a programming library that can create and read several
 different streaming archive formats, including most popular tar
 variants and several cpio formats. It can also write shar archives and
@@ -157,64 +138,48 @@ and 6.
 
 This package contains the development files.
 
-%package static-devel
-Summary:        Static library for libarchive
-Group:          Development/Libraries/C and C++
-Requires:       %{name}-devel = %{version}
-
-%description static-devel
-Static library for libarchive
-
 %prep
-%setup -q
-%autopatch -p1
+%autosetup -p1
 
 %build
 %define __builder ninja
 %cmake
 %cmake_build
 
+%install
+%cmake_install
+rm "%{buildroot}%{_mandir}/man5/"{tar,cpio,mtree}.5*
+rm "%{buildroot}%{_libdir}/libarchive.a"
+
 %check
 exclude=""
-%ifarch %arm %ix86 ppc s390
+%ifarch %{arm} %{ix86} ppc s390
 exclude="-E test_write_filter"
 %endif
 %ctest $exclude
 
-%install
-%cmake_install
-
-find %{buildroot} -type f -name "*.la" -delete -print
-rm "%{buildroot}%{_libdir}/libarchive.a"
-rm "%{buildroot}%{_mandir}/man5/"{tar,cpio,mtree}.5*
-sed -i -e '/Libs.private/d' %{buildroot}%{_libdir}/pkgconfig/libarchive.pc
-
-%post   -n %{libname} -p /sbin/ldconfig
-%postun -n %{libname} -p /sbin/ldconfig
+%ldconfig_scriptlets -n %{libname}
 
 %files -n bsdtar
+%license COPYING
 %{_bindir}/bsdcat
 %{_bindir}/bsdcpio
 %{_bindir}/bsdtar
 %{_bindir}/bsdunzip
-%{_mandir}/man1/*
-%{_mandir}/man5/*
+%{_mandir}/man1/*.1%{?ext_man}
+%{_mandir}/man5/*.5%{?ext_man}
 
 %files -n %{libname}
 %license COPYING
 %doc NEWS
-%{_libdir}/libarchive.so.*
+%{_libdir}/libarchive.so.%{somajor}{,.*}
 
-%files -n libarchive-devel
+%files devel
+%license COPYING
 %doc examples/
-%{_mandir}/man3/*
+%{_mandir}/man3/*.3%{?ext_man}
 %{_libdir}/libarchive.so
 %{_includedir}/archive*
 %{_libdir}/pkgconfig/libarchive.pc
 
-%if %{with static_libs}
-%files static-devel
-%{_libdir}/%{name}.a
-%endif
-
 %changelog