| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: bsdtar | Distribution: SUSE Linux Enterprise 15 |
| Version: 3.5.1 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 150400.3.12.1 | Build date: Tue Nov 22 16:14:19 2022 |
| Group: Productivity/Archiving/Compression | Build host: sheep52 |
| Size: 1845890 | Source RPM: libarchive-3.5.1-150400.3.12.1.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://www.libarchive.org/ | |
| Summary: Utility to read several different streaming archive formats | |
This package contains the bsdtar cmdline utility.
BSD-2-Clause
* Tue Nov 22 2022 danilo.spinella@suse.com
- Fix CVE-2022-36227, Handle a calloc returning NULL
(CVE-2022-36227, bsc#1205629)
* CVE-2022-36227.patch
* Fri Oct 21 2022 danilo.spinella@suse.com
- Fix CVE-2021-31566, modifies file flags of symlink target
(CVE-2021-31566, bsc#1192426.patch)
CVE-2021-31566.patch
- Fix bsc#1192427, processing fixup entries may follow symbolic links
bsc1192427.patch
* Mon Sep 12 2022 danilo.spinella@suse.com
- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
(CVE-2021-23177, bsc#1192425)
* CVE-2021-23177.patch
* Tue May 10 2022 danilo.spinella@suse.com
- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
(CVE-2022-26280, bsc#1197634)
* fix-CVE-2022-26280.patch
* Mon Mar 14 2022 danilo.spinella@suse.com
- Fix CVE-2021-36976 use-after-free in copy_string
(CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
CVE-2017-5601, bsc#1022528, bsc#1189528
* Wed Jan 06 2021 dmueller@suse.com
- update to 3.5.1:
* various compilation fixes (#1461, #1462, #1463, #1464)
* fixed undefined behavior in a function in warc reader (#1465)
* Tue Dec 01 2020 idonmez@suse.com
- Update to version 3.5.0
New features:
* mtree digest reader support (#1347)
* completed support for UTF-8 encoding conversion (#1389)
* minor API enhancements (#1258, #1405)
* support for system extended attributes (#1409)
* support for decompression of symbolic links in zipx archives (#1435)
Important bugfixes
* fixed extraction of archives with hard links pointing to itself (#1381)
* cpio fixes (#1387, #1388)
* fixed uninitialized size in rar5_read_data (#1408)
* fixed memory leaks in error case of archive_write_open() functions (#1456)
- Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream.
* Mon Sep 07 2020 andreas.stieger@gmx.de
- fix build with binutils submitted to Factory, adding upstream
libarchive-3.4.3-fix_test_write_disk_secure.patch
* Wed May 20 2020 idonmez@suse.com
- Update to version 3.4.3
* support for pzstd compressed files (#1357)
* support for RHT.security.selinux tar extended attribute (#1348)
* various zstd fixes and improvements (#1342 #1352 #1359)
* child process handling fixes (#1372)
* Tue Feb 18 2020 idonmez@suse.com
- Switch back to cmake build now that cmake-mini exists, this will
no longer create a build-cycle.
* Wed Feb 12 2020 idonmez@suse.com
- Update to version 3.4.2
New features:
* support for atomic file extraction (bsdtar -x --safe-writes) (#1289)
* support for mbed TLS (PolarSSL) (#1301)
Important bugfixes:
* security fixes in RAR5 reader (#1280 #1326)
* compression buffer fix in XAR writer (#1317)
* fix uname and gname longer than 32 characters in PAX writer (#1319)
* fix segfault when archiving hard links in ISO9660 and XAR writers (#1325)
* fix support for extracting 7z archive entries with Delta filter (#987)
* Mon Dec 30 2019 idonmez@suse.com
- Revert back to autoconf, cmake introduces a cycle. Leave cmake
patches in since they are basically correct and might be useful
in the future.
* Mon Dec 30 2019 idonmez@suse.com
- Update to version 3.4.1
New features:
* Unicode filename support for reading lha/lzh archives
* New pax write option "xattrhdr"
Important bugfixes:
* security fixes in wide string processing (#1276 #1298)
* security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221
* security fixes and optimizations to write filter logic (#351)
* security fix related to use of readlink(2) (1dae5a5)
* sparse file handling fixes (#1218 #1260)
- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream
* Fri Nov 22 2019 adrian@suse.de
- fix bsc#1157569
CVE-2019-19221.patch out-of-bounds read in libarchive
* Sun Aug 18 2019 idonmez@suse.com
- Switch to cmake build
- Add lib-suffix.patch to honor LIB_SUFFIX
- Add fix-zstd-test.patch to fix zstd test
- Add fix-soversion.patch to fix the soversion to 13 as autotools
* Thu Jun 20 2019 idonmez@suse.com
- Add lz4 and zstd support
- Add BuildRequires on liblz4-devel and libzstd-devel
* Thu Jun 13 2019 idonmez@suse.com
- Update to version 3.4.0
* Support for file and directory symlinks on Windows
* Read support for RAR 5.0 archives
* Read support for ZIPX archives with xz, lzma, ppmd8 and
bzip2 compression
* Support for non-recursive list and extract
* New tar option: --exclude-vcs
* Improved file attribute support on Linux and file flags support
on FreeBSD
* Fix reading Android APK archives (#1055 )
* Fix problems related to unreadable directories (#1167)
* A two-digit number of OSS-Fuzz issues was resolved in this release
including CVE-2019-18408
- Add libarchive.keyring and validate the tarball signature
- Drop all security patches, fixed upstream:
* CVE-2018-1000877.patch
* CVE-2018-1000878.patch
* CVE-2018-1000879.patch
* CVE-2018-1000880.patch
* CVE-2019-1000019.patch
* CVE-2019-1000020.patch
* Tue Feb 05 2019 adrian@suse.de
- Added patches:
* CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
* CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)
* Thu Jan 03 2019 kbabioch@suse.de
- Added patches:
* CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR
decoder (CVE-2018-1000877 bsc#1120653)
* CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR
decoder (CVE-2018-1000878 bsc#1120654)
* CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference
vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
* CVE-2018-1000880.patch, which fixes an improper input validation
vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)
- Make use of %license macro
- Applied spec-cleaner
* Tue Sep 18 2018 jengelh@inai.de
- Fix RPM groups. Remove idempotent %if..%endif guards.
Diversify summaries. Set CFLAGS instead of re-defining
optflags with itself.
* Fri Sep 14 2018 adrian@suse.de
- update to version 3.3.3
* Avoid super-linear slowdown on malformed mtree files
* Many fixes for building with Visual Studio
* NO_OVERWRITE doesn't change existing directory attributes
* New support for Zstandard read and write filters
- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503
- fix-CVE-2017-14166.patch is obsolete
* Thu Sep 07 2017 adrian@suse.de
- update to version 3.3.2
* NFSv4 ACL support for Linux (librichacl)
- fix-CVE-2017-14166.patch (boo#1057514)
* Mon Apr 03 2017 adrian@suse.de
- update to version 3.3.1
* Security & Feature release
Details are not documented from upstream yet
fix-extract-over-links.patch and libarchive-openssl.patch obsoleted
* Fri Dec 02 2016 adrian@suse.com
- fix extracting over symlinks: fix-extract-over-links.patch
the problem is solved upstream different, but git master
is too different atm.
* Wed Oct 26 2016 adrian@suse.com
- update to version 3.2.2
Unspecified security fixes, but at least:
* CVE-2016-8687
* CVE-2016-8689
* CVE-2016-8688
* CVE-2016-5844
* CVE-2016-6250
* CVE-2016-5418
- obsoletes fix-build.patch
* Sat Jul 23 2016 dmueller@suse.com
- make bsdtar require a matching libarchive version to avoid
missing symbol errors
* Mon Jun 20 2016 adrian@suse.de
- update to version 3.2.1
Fixes a number of security issues:
CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300
- and fixing the build (fix-build.patch)
* Thu Jun 16 2016 adrian@suse.de
- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990)
CVE-2016-4809.patch
* Mon May 09 2016 adrian@suse.de
- 4GB _constraints for ppc64le only, it would break other archs
- update to version 3.2.0
* Fixes CVE-2016-1541
* Fixes CVE-2015-8928
* changes are only documented in git history
* updated openssl patch
* new bsdcat utility
- removed obsolete patches for:
* CVE-2013-0211.patch
* directory-traversal-fix.patch
* libarchive-xattr.patch
* Fri May 06 2016 normand@linux.vnet.ibm.com
- add _constraints memory 4096MB to avoid ppc64le build failure
* Sat Sep 19 2015 astieger@suse.com
- build static lib on RHEL 7
* Sun Mar 22 2015 astieger@suse.com
- RHEL/CentOS build fix, skipping autoreconf
* Sun Mar 15 2015 astieger@suse.com
- add CVE for previous change
* Thu Mar 05 2015 adrian@suse.com
- fix a directory traversal in cpio tool (bnc#920870)
directory-traversal-fix.patch CVE-2015-2304
* Tue Nov 11 2014 jsegitz@novell.com
- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)
/usr/bin/bsdcat /usr/bin/bsdcpio /usr/bin/bsdtar /usr/share/man/man1/bsdcat.1.gz /usr/share/man/man1/bsdcpio.1.gz /usr/share/man/man1/bsdtar.1.gz /usr/share/man/man5/libarchive-formats.5.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 18:11:13 2024