| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libarchive13 | Distribution: openSUSE Step 15 |
| Version: 3.5.1 | Vendor: openSUSE |
| Release: 3.13.1 | Build date: Wed Nov 23 17:54:02 2022 |
| Group: System/Libraries | Build host: armbuild01 |
| Size: 823568 | Source RPM: libarchive-3.5.1-3.13.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.libarchive.org/ | |
| Summary: Library to work with several different streaming archive formats | |
Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants and several cpio formats. It can also write shar archives and read ISO-9660 CDROM images. The bsdtar program is an implementation of tar(1) that is built on top of libarchive. It started as a test harness, but has grown and is now the standard system tar for FreeBSD 5 and 6. The libarchive library offers a number of features that make it both very flexible and very powerful. - Automatic format detection: libarchive can automatically determine both the compression and the archive format, regardless of the data source. Most tar implementations do not automatically detect the compression format, few implementation that can correctly do this when reading from stdin or a socket. (The tar program included with Gunnar Ritter's heirloom collection also does full automatic format detection.) - Writes POSIX formats: libarchive writes POSIX-standard formats, including "ustar," "pax interchange format," and the POSIX "cpio" format. - Supports pax interchange format: Pax interchange format (which, despite the name, is really an extended tar format) eliminates almost all limitations of historic tar formats and provides a standard method for incorporating vendor-specific extensions. libarchive exploits this extension mechanism to support ACLs and file flags, for example. (Joerg Schilling's star archiver is another open-source tar program that supports pax interchange format.) - Reads popular formats: libarchive can read GNU tar, ustar, pax interchange format, cpio, and older tar variants. The internal architecture is easily extensible. The only requirement for support is that it be possible to read the format without seeking in the file. (For example, a format that includes a compressed size field before the data cannot be correctly written without seeking.) - High-Level API: the libarchive API makes it fairly simple to build an archive from a list of filenames or to extract the entries from an archive. However, the API also provides extreme flexibility with regards to data sources. For example, there are generic hooks that allow you to write an archive to a socket or read data from an archive entry into a memory buffer. - Extensible. The internal design uses generic interfaces for compression, archive format detection and decoding, and archive data I/O. It should be very easy to add new formats, new compression methods, or new ways of reading/writing archives.
BSD-2-Clause
* Tue Nov 22 2022 danilo.spinella@suse.com
- Fix CVE-2022-36227, Handle a calloc returning NULL
(CVE-2022-36227, bsc#1205629)
* CVE-2022-36227.patch
* Fri Oct 21 2022 danilo.spinella@suse.com
- Fix CVE-2021-31566, modifies file flags of symlink target
(CVE-2021-31566, bsc#1192426.patch)
CVE-2021-31566.patch
- Fix bsc#1192427, processing fixup entries may follow symbolic links
bsc1192427.patch
* Mon Sep 12 2022 danilo.spinella@suse.com
- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
(CVE-2021-23177, bsc#1192425)
* CVE-2021-23177.patch
* Tue May 10 2022 danilo.spinella@suse.com
- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
(CVE-2022-26280, bsc#1197634)
* fix-CVE-2022-26280.patch
* Mon Mar 14 2022 danilo.spinella@suse.com
- Fix CVE-2021-36976 use-after-free in copy_string
(CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
CVE-2017-5601, bsc#1022528, bsc#1189528
* Wed Jan 06 2021 dmueller@suse.com
- update to 3.5.1:
* various compilation fixes (#1461, #1462, #1463, #1464)
* fixed undefined behavior in a function in warc reader (#1465)
* Tue Dec 01 2020 idonmez@suse.com
- Update to version 3.5.0
New features:
* mtree digest reader support (#1347)
* completed support for UTF-8 encoding conversion (#1389)
* minor API enhancements (#1258, #1405)
* support for system extended attributes (#1409)
* support for decompression of symbolic links in zipx archives (#1435)
Important bugfixes
* fixed extraction of archives with hard links pointing to itself (#1381)
* cpio fixes (#1387, #1388)
* fixed uninitialized size in rar5_read_data (#1408)
* fixed memory leaks in error case of archive_write_open() functions (#1456)
- Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream.
* Mon Sep 07 2020 andreas.stieger@gmx.de
- fix build with binutils submitted to Factory, adding upstream
libarchive-3.4.3-fix_test_write_disk_secure.patch
* Wed May 20 2020 idonmez@suse.com
- Update to version 3.4.3
* support for pzstd compressed files (#1357)
* support for RHT.security.selinux tar extended attribute (#1348)
* various zstd fixes and improvements (#1342 #1352 #1359)
* child process handling fixes (#1372)
* Tue Feb 18 2020 idonmez@suse.com
- Switch back to cmake build now that cmake-mini exists, this will
no longer create a build-cycle.
* Wed Feb 12 2020 idonmez@suse.com
- Update to version 3.4.2
New features:
* support for atomic file extraction (bsdtar -x --safe-writes) (#1289)
* support for mbed TLS (PolarSSL) (#1301)
Important bugfixes:
* security fixes in RAR5 reader (#1280 #1326)
* compression buffer fix in XAR writer (#1317)
* fix uname and gname longer than 32 characters in PAX writer (#1319)
* fix segfault when archiving hard links in ISO9660 and XAR writers (#1325)
* fix support for extracting 7z archive entries with Delta filter (#987)
* Mon Dec 30 2019 idonmez@suse.com
- Revert back to autoconf, cmake introduces a cycle. Leave cmake
patches in since they are basically correct and might be useful
in the future.
* Mon Dec 30 2019 idonmez@suse.com
- Update to version 3.4.1
New features:
* Unicode filename support for reading lha/lzh archives
* New pax write option "xattrhdr"
Important bugfixes:
* security fixes in wide string processing (#1276 #1298)
* security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221
* security fixes and optimizations to write filter logic (#351)
* security fix related to use of readlink(2) (1dae5a5)
* sparse file handling fixes (#1218 #1260)
- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream
* Fri Nov 22 2019 adrian@suse.de
- fix bsc#1157569
CVE-2019-19221.patch out-of-bounds read in libarchive
* Sun Aug 18 2019 idonmez@suse.com
- Switch to cmake build
- Add lib-suffix.patch to honor LIB_SUFFIX
- Add fix-zstd-test.patch to fix zstd test
- Add fix-soversion.patch to fix the soversion to 13 as autotools
* Thu Jun 20 2019 idonmez@suse.com
- Add lz4 and zstd support
- Add BuildRequires on liblz4-devel and libzstd-devel
* Thu Jun 13 2019 idonmez@suse.com
- Update to version 3.4.0
* Support for file and directory symlinks on Windows
* Read support for RAR 5.0 archives
* Read support for ZIPX archives with xz, lzma, ppmd8 and
bzip2 compression
* Support for non-recursive list and extract
* New tar option: --exclude-vcs
* Improved file attribute support on Linux and file flags support
on FreeBSD
* Fix reading Android APK archives (#1055 )
* Fix problems related to unreadable directories (#1167)
* A two-digit number of OSS-Fuzz issues was resolved in this release
including CVE-2019-18408
- Add libarchive.keyring and validate the tarball signature
- Drop all security patches, fixed upstream:
* CVE-2018-1000877.patch
* CVE-2018-1000878.patch
* CVE-2018-1000879.patch
* CVE-2018-1000880.patch
* CVE-2019-1000019.patch
* CVE-2019-1000020.patch
* Tue Feb 05 2019 adrian@suse.de
- Added patches:
* CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
* CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)
* Thu Jan 03 2019 kbabioch@suse.de
- Added patches:
* CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR
decoder (CVE-2018-1000877 bsc#1120653)
* CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR
decoder (CVE-2018-1000878 bsc#1120654)
* CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference
vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
* CVE-2018-1000880.patch, which fixes an improper input validation
vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)
- Make use of %license macro
- Applied spec-cleaner
* Tue Sep 18 2018 jengelh@inai.de
- Fix RPM groups. Remove idempotent %if..%endif guards.
Diversify summaries. Set CFLAGS instead of re-defining
optflags with itself.
* Fri Sep 14 2018 adrian@suse.de
- update to version 3.3.3
* Avoid super-linear slowdown on malformed mtree files
* Many fixes for building with Visual Studio
* NO_OVERWRITE doesn't change existing directory attributes
* New support for Zstandard read and write filters
- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503
- fix-CVE-2017-14166.patch is obsolete
* Thu Sep 07 2017 adrian@suse.de
- update to version 3.3.2
* NFSv4 ACL support for Linux (librichacl)
- fix-CVE-2017-14166.patch (boo#1057514)
* Mon Apr 03 2017 adrian@suse.de
- update to version 3.3.1
* Security & Feature release
Details are not documented from upstream yet
fix-extract-over-links.patch and libarchive-openssl.patch obsoleted
* Fri Dec 02 2016 adrian@suse.com
- fix extracting over symlinks: fix-extract-over-links.patch
the problem is solved upstream different, but git master
is too different atm.
* Wed Oct 26 2016 adrian@suse.com
- update to version 3.2.2
Unspecified security fixes, but at least:
* CVE-2016-8687
* CVE-2016-8689
* CVE-2016-8688
* CVE-2016-5844
* CVE-2016-6250
* CVE-2016-5418
- obsoletes fix-build.patch
* Sat Jul 23 2016 dmueller@suse.com
- make bsdtar require a matching libarchive version to avoid
missing symbol errors
* Mon Jun 20 2016 adrian@suse.de
- update to version 3.2.1
Fixes a number of security issues:
CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300
- and fixing the build (fix-build.patch)
* Thu Jun 16 2016 adrian@suse.de
- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990)
CVE-2016-4809.patch
* Mon May 09 2016 adrian@suse.de
- 4GB _constraints for ppc64le only, it would break other archs
- update to version 3.2.0
* Fixes CVE-2016-1541
* Fixes CVE-2015-8928
* changes are only documented in git history
* updated openssl patch
* new bsdcat utility
- removed obsolete patches for:
* CVE-2013-0211.patch
* directory-traversal-fix.patch
* libarchive-xattr.patch
* Fri May 06 2016 normand@linux.vnet.ibm.com
- add _constraints memory 4096MB to avoid ppc64le build failure
* Sat Sep 19 2015 astieger@suse.com
- build static lib on RHEL 7
* Sun Mar 22 2015 astieger@suse.com
- RHEL/CentOS build fix, skipping autoreconf
* Sun Mar 15 2015 astieger@suse.com
- add CVE for previous change
* Thu Mar 05 2015 adrian@suse.com
- fix a directory traversal in cpio tool (bnc#920870)
directory-traversal-fix.patch CVE-2015-2304
* Tue Nov 11 2014 jsegitz@novell.com
- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)
/usr/lib/libarchive.so.13 /usr/share/doc/packages/libarchive13 /usr/share/doc/packages/libarchive13/NEWS /usr/share/licenses/libarchive13 /usr/share/licenses/libarchive13/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 18:42:22 2024