File libarchive.changes of Package libarchive.20719
-------------------------------------------------------------------
Fri Aug 6 12:52:50 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- update to version 3.3.3
* Avoid super-linear slowdown on malformed mtree files
* Many fixes for building with Visual Studio
* NO_OVERWRITE doesn't change existing directory attributes
* New support for Zstandard read and write filters
- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503
- fix-CVE-2017-14166.patch, CVE-2017-14501.patch and
CVE-2017-14502.patch are obsolete
- Rebased CVE-2019-18408.patch
- Needed by of Firefox91 (bsc#1188891)
(Dependency chain: libarchive -> cmake3 -> Rust -> Firefox)
-------------------------------------------------------------------
Wed Jul 28 15:11:29 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
- Update to version 3.3.2:
* Fixes the following security fixes:
CVE-2013-0211
CVE-2015-2304
CVE-2015-8915
CVE-2015-8916
CVE-2015-8918
CVE-2015-8919
CVE-2015-8920
CVE-2015-8921
CVE-2015-8922
CVE-2015-8923
CVE-2015-8924
CVE-2015-8925
CVE-2015-8926
CVE-2015-8928
CVE-2015-8929
CVE-2015-8930
CVE-2015-8931
CVE-2015-8932
CVE-2015-8933
CVE-2015-8934
CVE-2016-10209
CVE-2016-10349
CVE-2016-1541
CVE-2016-4300
CVE-2016-4301
CVE-2016-4302
CVE-2016-4809
CVE-2016-5418
CVE-2016-5844
CVE-2016-6250
CVE-2016-7166
CVE-2016-8687
CVE-2016-8688
CVE-2016-8689
- Added patches:
* CVE-2018-1000879.patch
* CVE-2018-1000880.patch
- Rename CVE-2017-14503.patch to CVE-2017-14501.patch to be
consistent with other libarchive packages
- Removed patches:
* CVE-2013-0211.patch
* CVE-2015-2304.patch
* CVE-2015-8915.patch
* CVE-2015-8916.patch
* CVE-2015-8918.patch
* CVE-2015-8919.patch
* CVE-2015-8920.patch
* CVE-2015-8921.patch
* CVE-2015-8922.patch
* CVE-2015-8923.patch
* CVE-2015-8924.patch
* CVE-2015-8925.patch
* CVE-2015-8926.patch
* CVE-2015-8928.patch
* CVE-2015-8929.patch
* CVE-2015-8930.patch
* CVE-2015-8931.patch
* CVE-2015-8932.patch
* CVE-2015-8933.patch
* CVE-2015-8934.patch
* CVE-2016-10209.patch
* CVE-2016-10349.patch
* CVE-2016-1541.patch
* CVE-2016-4300.patch
* CVE-2016-4301-base.patch
* CVE-2016-4301.patch
* CVE-2016-4302.patch
* CVE-2016-4809.patch
* CVE-2016-5418.patch
* CVE-2016-5844.patch
* CVE-2016-6250.patch
* CVE-2016-7166.patch
* CVE-2016-8687.patch
* CVE-2016-8688.patch
* CVE-2016-8689.patch
* fix-build.patch
* libarchive-openssl.patch
- Refreshed patches:
* CVE-2019-18408.patch
- Update build phase
- Required for bsc#1188891
-------------------------------------------------------------------
Fri Oct 25 09:35:44 UTC 2019 - Adrian Schröter <adrian@suse.de>
- Added patch:
* CVE-2019-18408.patch Fixes use-after-free in rar format support (bsc#1155079)
-------------------------------------------------------------------
Tue Feb 5 15:16:08 UTC 2019 - Adrian Schröter <adrian@suse.de>
- Added patches:
* CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
* CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)
-------------------------------------------------------------------
Thu Jan 3 16:01:02 UTC 2019 - Karol Babioch <kbabioch@suse.de>
- Added patches:
* CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR
decoder (CVE-2018-1000877 bsc#1120653)
* CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR
decoder (CVE-2018-1000878 bsc#1120654)
-------------------------------------------------------------------
Wed Oct 10 13:18:24 UTC 2018 - Adrian Schröter <adrian@suse.de>
- CVE-2017-14503.patch: CVE-2017-14501 bsc#1057514 bsc#1059139
CVE-2016-10209.patch: bsc#1032089
CVE-2016-10349.patch: bsc#1037008
- is also fixing CVE-2016-10350 and bsc#1037009
CVE-2017-14166.patch: bsc#1057514
CVE-2017-14502.patch: bsc#1059134
-------------------------------------------------------------------
Tue Oct 18 07:51:30 UTC 2016 - adrian@suse.com
- CVE-2016-8687.patch: bsc#1005070
CVE-2016-8689.patch: bsc#1005072
CVE-2016-8688.patch: bsc#1005076
CVE-2016-5844.patch: bsc#986566, upstream issue 717
CVE-2015-8915.patch: bsc#985691, upstream issue 502
CVE-2016-6250.patch: bsc#989980, upstream issue 711
CVE-2016-5418.patch: bsc#998677, upstream issues 744, 745 and 746
rename directory-traversal-fix.patch to CVE-2015-2304.patch
-------------------------------------------------------------------
Tue Jun 21 06:32:05 UTC 2016 - adrian@suse.de
- Adding more security fixes:
CVE-2015-8924.patch: bsc#985609, upstream issue 515
CVE-2015-8932.patch: bsc#985665, upstream issue 547
CVE-2015-8929.patch: bsc#985669, upstream issue 517
CVE-2015-8934.patch: bsc#985673, upstream issue 521
CVE-2015-8920.patch: bsc#985675, upstream issue 511
CVE-2015-8928.patch: bsc#985679, upstream issue 550
CVE-2015-8921.patch: bsc#985682, upstream issue 512
CVE-2015-8922.patch: bsc#985685, upstream issue 513
CVE-2015-8933.patch: bsc#985688, upstream issue 548 & 582
- lacks test cases since they need new support functions
CVE-2015-8931.patch: bsc#985689, upstream issue 539
CVE-2015-8916.patch: bsc#985694, upstream issue 504
CVE-2015-8918.patch. bsc#985698, upstream issue 506
CVE-2015-8919.patch: bsc#985697, upstream issue 510
CVE-2015-8930.patch: bsc#985700, upstream issue 522
CVE-2015-8923.patch: bsc#985703, upstream issue 514
CVE-2015-8926.patch: bsc#985704, upstream issue 518
CVE-2015-8925.patch: bsc#985706, upstream issue 516
CVE-2016-4300.patch: bsc#985832
CVE-2016-4301.patch, CVE-2016-4301-base.patch: bsc#985826, upstream issue 523
CVE-2016-4302.patch: bsc#985835, upstream issue 718
-------------------------------------------------------------------
Thu Jun 16 09:33:17 UTC 2016 - adrian@suse.de
- limit size of symlinks in cpio archives (CVE-2016-4809, bsc#984990)
CVE-2016-4809.patch
-------------------------------------------------------------------
Mon May 9 08:34:22 UTC 2016 - adrian@suse.de
- Fix CVE-2016-1541 (bsc#979005)
-------------------------------------------------------------------
Thu Mar 5 13:36:09 UTC 2015 - adrian@suse.com
- fix a directory traversal in cpio tool (bnc#920870) CVE-2015-2304
-------------------------------------------------------------------
Tue Nov 11 12:07:46 UTC 2014 - jsegitz@novell.com
- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)
-------------------------------------------------------------------
Sun Nov 24 16:22:02 UTC 2013 - andreas.stieger@gmx.de
- add optional -static-devel library package, intended to publish pixz
for CentOS / RHEL, default off
- skip some dependencies not required for pixz on CentOS / RHEL
-------------------------------------------------------------------
Tue Aug 20 05:34:09 UTC 2013 - crrodriguez@opensuse.org
- remove artificial dependencies on libacl-devel, libbz2-devel,
zlib-devel from libarchive-devel.
-------------------------------------------------------------------
Mon Aug 19 21:14:38 UTC 2013 - crrodriguez@opensuse.org
- libarchive-openssl.patch: Call OPENSSL_config where needed,
otherwise on systems configured to use openSSL engines such
as via-padlock wont benefit from hardware acceleration.
-------------------------------------------------------------------
Fri Aug 16 20:07:27 UTC 2013 - andreas.stieger@gmx.de
- update to 3.1.2
This is a maintenance update to fix issues with the new RAR
seeking feature.
- libarchive's new website moved to http://www.libarchive.org.
-------------------------------------------------------------------
Sun Jun 16 23:59:28 UTC 2013 - jengelh@inai.de
- Explicitly list libattr-devel as BuildRequires (and sort those)
-------------------------------------------------------------------
Wed Feb 13 08:05:35 UTC 2013 - werner@suse.de
- Use %libname macro to be consistent throughout the spec file
-------------------------------------------------------------------
Tue Feb 5 18:48:08 UTC 2013 - p.drouand@gmail.com
- Update to version 3.1.1:
+ Fix an issue with the soname versioning in builds of libarchive
using cmake
- Removed patchs; fixed and merged on upstream release:
* libarchive-fix-checks.patch
* libarchive-ppc64.patch
- The soname has changed and pass to 13.
-------------------------------------------------------------------
Thu Aug 23 08:30:05 UTC 2012 - dvaleev@suse.com
- libarchive-ppc64.patch:
fix http://code.google.com/p/libarchive/issues/detail?id=277
test_option_b and test_option_nodump are failing on ppc64
-------------------------------------------------------------------
Thu Aug 9 09:05:01 UTC 2012 - cfarrell@suse.com
- license update: BSD-2-Clause
The COPYING file shows that the package is predominantly BSD-2-Clause
licensed
-------------------------------------------------------------------
Tue Aug 7 18:47:14 UTC 2012 - dimstar@opensuse.org
- Update to version 3.0.4:
+ libarchive development moved to http://libarchive.github.com/
- Changes from version 3.0.2:
+ Various fixes merged from FreeBSD
+ Symlink support in Zip reader and writer
+ Robustness fixes to 7Zip reader
- Changes from version 3.0.1b:
+ 7Zip reader
+ Small fixes to ISO and Zip to improve robustness with corrupted
input
+ Improve streaming Zip reader's support for uncompressed entries
+ New seeking Zip reader supports SFX Zip archives
+ Build fixes on Windows
- For more changes since 2.8.5, please see NEWS file
- Update URL Tag to represent new home of the project.
- Rename libarchive2 to libarchive12, following upstreams soname
bumps.
- Add libarchive-fix-checks.patch: Fix gcc 4.7 side effects.
- Drop libarchive-test-fuzz.patch: fixed upstream.
- Drop libarchive-ignore-sigpipe-in-test-suite.patch: fixed
upstream.
- Drop libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: upstream
rejected the patch. Seems to be too theoretical problem.
-------------------------------------------------------------------
Mon May 7 08:35:39 UTC 2012 - werner@suse.de
- Enforce usage of reentrant versions of libc functions
-------------------------------------------------------------------
Mon Feb 13 18:19:49 UTC 2012 - dvaleev@suse.com
- fix failed tests on ppc
-------------------------------------------------------------------
Wed Feb 8 10:57:45 UTC 2012 - idonmez@suse.com
- Use %makeinstall to be SLES compatible
-------------------------------------------------------------------
Thu Dec 22 11:27:05 UTC 2011 - werner@suse.de
- For SLES11 work around missing rpm macro
-------------------------------------------------------------------
Tue Dec 6 16:00:48 UTC 2011 - coolo@suse.com
- rename main package to libarchive
-------------------------------------------------------------------
Tue Dec 6 16:00:32 UTC 2011 - coolo@suse.com
- Update to libarchive 2.8.5 (from werner)
* Fix issue 134: Improve handling of open failures
* Fix issue 119: Relax ISO verification
* Fix issue 121: mtree parsing
* Fix extraction of GNU tar 'D' directory entries
* Be less demanding in LZMA/XZ compression tests
-------------------------------------------------------------------
Fri Sep 30 08:15:50 UTC 2011 - coolo@suse.com
- add baselibs.conf for PackageKit to use
-------------------------------------------------------------------
Tue Apr 19 13:23:09 UTC 2011 - idoenmez@novell.com
- Add suport for xz and xar archives
- Add libarchive-2.8.4-iso9660-data-types.patch:
fix ISO9660 reader data type mismatches
-------------------------------------------------------------------
Thu Nov 11 13:36:59 UTC 2010 - puzel@novell.com
- udpate to libarchive-2.8.4
- see /usr/share/doc/packages/libarchive2/NEWS for changes
- drop libarchive-2.5.5_fix_testsuite.patch (upstream)
- update libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch
- clean up specfile
- disable make check for now
-------------------------------------------------------------------
Wed Jan 6 04:36:37 UTC 2010 - jengelh@medozas.de
- enable parallel building
-------------------------------------------------------------------
Wed Oct 29 17:24:49 CET 2008 - mrueckert@suse.de
- added libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch:
it can happen that your system at build times supports lutimes
but later at runtime the needed syscall is missing.
-------------------------------------------------------------------
Mon Sep 8 17:57:29 CEST 2008 - mrueckert@suse.de
- fix rm calls in %install
-------------------------------------------------------------------
Sat Sep 6 17:54:11 CEST 2008 - mrueckert@suse.de
- update to 2.5.5
This is a major version bump again: it incorporates
lots of bugfixes and improvements.
For all the details please see
/usr/share/doc/packages/libarchive2/NEWS
- drop the .la file
- dropped patch libarchive-2.2.5_rpath.patch:
no longer needed
- added libarchive-2.5.5_fix_testsuite.patch:
added missing mode to open() with O_CREAT
-------------------------------------------------------------------
Wed Aug 15 12:58:06 CEST 2007 - ro@suse.de
- fix dependency of devel package
-------------------------------------------------------------------
Tue Aug 7 16:47:22 CEST 2007 - mrueckert@suse.de
- restructured package:
bsdtar is now the main package and libarchive2 and libarchive-devel
the subpackages. This saves us a rename on soversion bumps.
-------------------------------------------------------------------
Mon Jul 30 14:31:32 CEST 2007 - mrueckert@suse.de
- update to 2.2.5 (#291358)
This is a major version bump. For a full list of all changes see
/usr/share/doc/packages/libarchive/NEWS. Mostly notable this up-
date includes the fixes for the following security bugs:
Errors handling corrupt tar files in libarchive
(CVE-2007-3641, CVE-2007-3644, CVE-2007-3645)
- added libarchive-2.2.5_rpath.patch:
dont set a rpath on the builddir.
- no longer building the static lib
-------------------------------------------------------------------
Fri Jun 8 01:35:37 CEST 2007 - ro@suse.de
- added ldconfig to post scripts
- remove minitar objects (leave binary there for now)
-------------------------------------------------------------------
Sun Apr 8 20:53:59 CEST 2007 - mrueckert@suse.de
- updated to 2.0.28
- removed all patches:
included upstream
-------------------------------------------------------------------
Sat Mar 24 20:07:04 CET 2007 - mrueckert@suse.de
- require libbz2-devel on >= 10.3
-------------------------------------------------------------------
Sat Mar 24 16:30:08 CET 2007 - aj@suse.de
- Change requires for libbz2 split.
-------------------------------------------------------------------
Tue Mar 6 16:49:29 CET 2007 - mrueckert@suse.de
- updated bsdtar-1.2.53_ext2_include.patch:
the old fix was not complete and on newer glibc/kernel-headers it
seems you need to include linux/fs.h explicitly
new name: bsdtar-1.3.1_linux_fs_includes.patch
- build with -fno-strict-aliasing
-------------------------------------------------------------------
Fri Nov 10 13:01:38 CET 2006 - mrueckert@suse.de
- added SA-06-24_libarchive.patch:
fix DOS in libarchive (CVE-2006-5680)
http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc
-------------------------------------------------------------------
Fri Sep 22 13:03:42 CET 2006 - mrueckert@suse.de
- update to version 1.3.1
-------------------------------------------------------------------
Thu Apr 27 02:32:57 CEST 2006 - mrueckert@suse.de
- updated to 1.2.53:
Upstream merged the source tarball.
Splitted of a bsdtar package
-------------------------------------------------------------------
Mon Feb 27 19:24:00 CET 2006 - mrueckert@suse.de
- fixed building of debuginfo package
-------------------------------------------------------------------
Mon Feb 27 18:32:04 CET 2006 - mrueckert@suse.de
- libarchive 1.2.38
