File libarchive.changes of Package libarchive.26954

-------------------------------------------------------------------
Tue Nov 22 13:15:27 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>

- Fix CVE-2022-36227, Handle a calloc returning NULL
  (CVE-2022-36227, bsc#1205629)
  * CVE-2022-36227.patch

-------------------------------------------------------------------
Fri Oct 21 10:02:49 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>

- Fix CVE-2021-31566, modifies file flags of symlink target
  (CVE-2021-31566, bsc#1192426.patch)
  CVE-2021-31566.patch
- Fix bsc#1192427, processing fixup entries may follow symbolic links
  bsc1192427.patch

-------------------------------------------------------------------
Mon Sep 12 13:57:09 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>

- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
  (CVE-2021-23177, bsc#1192425)
  * CVE-2021-23177.patch

-------------------------------------------------------------------
Tue May 10 16:25:11 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>

- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
  (CVE-2022-26280, bsc#1197634)
  * fix-CVE-2022-26280.patch

-------------------------------------------------------------------
Mon Mar 14 14:26:18 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>

- Fix CVE-2021-36976 use-after-free in copy_string
  (CVE-2021-36976, bsc#1188572)
  * fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
  weren't previously mentioned in the changes file:
  CVE-2017-5601, bsc#1022528, bsc#1189528

-------------------------------------------------------------------
Tue Feb 18 14:46:07 UTC 2020 - Ismail Dönmez <idonmez@suse.com>

- Switch back to cmake build now that cmake-mini exists, this will
  no longer create a build-cycle.

-------------------------------------------------------------------
Wed Feb 12 08:34:50 UTC 2020 - Ismail Dönmez <idonmez@suse.com>

- Update to version 3.4.2
  New features:
  * support for atomic file extraction (bsdtar -x --safe-writes) (#1289)
  * support for mbed TLS (PolarSSL) (#1301)
  Important bugfixes:
  * security fixes in RAR5 reader (#1280 #1326)
  * compression buffer fix in XAR writer (#1317)
  * fix uname and gname longer than 32 characters in PAX writer (#1319)
  * fix segfault when archiving hard links in ISO9660 and XAR writers (#1325)
  * fix support for extracting 7z archive entries with Delta filter (#987)

-------------------------------------------------------------------
Mon Dec 30 08:40:05 UTC 2019 - Ismail Dönmez <idonmez@suse.com>

- Revert back to autoconf, cmake introduces a cycle. Leave cmake
  patches in since they are basically correct and might be useful
  in the future.

-------------------------------------------------------------------
Mon Dec 30 08:14:13 UTC 2019 - Ismail Dönmez <idonmez@suse.com>

- Update to version 3.4.1
  New features:
  * Unicode filename support for reading lha/lzh archives
  * New pax write option "xattrhdr"
  Important bugfixes:
  * security fixes in wide string processing (#1276 #1298)
  * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221
  * security fixes and optimizations to write filter logic (#351)
  * security fix related to use of readlink(2) (1dae5a5)
  * sparse file handling fixes (#1218 #1260)
- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream

-------------------------------------------------------------------
Fri Nov 22 13:17:53 UTC 2019 - Adrian Schröter <adrian@suse.de>

- fix bsc#1157569
  CVE-2019-19221.patch out-of-bounds read in libarchive

-------------------------------------------------------------------
Sun Aug 18 12:33:05 UTC 2019 - Ismail Dönmez <idonmez@suse.com>

- Switch to cmake build 
- Add lib-suffix.patch to honor LIB_SUFFIX
- Add fix-zstd-test.patch to fix zstd test
- Add fix-soversion.patch to fix the soversion to 13 as autotools

-------------------------------------------------------------------
Thu Jun 20 11:35:15 UTC 2019 - Ismail Dönmez <idonmez@suse.com>

- Add lz4 and zstd support
- Add BuildRequires on liblz4-devel and libzstd-devel

-------------------------------------------------------------------
Thu Jun 13 08:00:36 UTC 2019 - Ismail Dönmez <idonmez@suse.com>

- Update to version 3.4.0
  * Support for file and directory symlinks on Windows
  * Read support for RAR 5.0 archives
  * Read support for ZIPX archives with xz, lzma, ppmd8 and
    bzip2 compression
  * Support for non-recursive list and extract
  * New tar option: --exclude-vcs
  * Improved file attribute support on Linux and file flags support
    on FreeBSD
  * Fix reading Android APK archives (#1055 )
  * Fix problems related to unreadable directories (#1167)
  * A two-digit number of OSS-Fuzz issues was resolved in this release
    including CVE-2019-18408
- Add libarchive.keyring and validate the tarball signature
- Drop all security patches, fixed upstream:
  * CVE-2018-1000877.patch
  * CVE-2018-1000878.patch
  * CVE-2018-1000879.patch
  * CVE-2018-1000880.patch
  * CVE-2019-1000019.patch
  * CVE-2019-1000020.patch

-------------------------------------------------------------------
Tue Feb  5 15:16:08 UTC 2019 - Adrian Schröter <adrian@suse.de>

- Added patches:
  * CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
  * CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)

-------------------------------------------------------------------
Thu Jan  3 15:26:58 UTC 2019 - Karol Babioch <kbabioch@suse.de>

- Added patches:
  * CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR
    decoder (CVE-2018-1000877 bsc#1120653)
  * CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR
    decoder (CVE-2018-1000878 bsc#1120654)
  * CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference
    vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
  * CVE-2018-1000880.patch, which fixes an improper input validation
    vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)
- Make use of %license macro
- Applied spec-cleaner

-------------------------------------------------------------------
Tue Sep 18 07:08:54 UTC 2018 - Jan Engelhardt <jengelh@inai.de>

- Fix RPM groups. Remove idempotent %if..%endif guards.
  Diversify summaries. Set CFLAGS instead of re-defining
  optflags with itself.

-------------------------------------------------------------------
Fri Sep 14 06:57:14 UTC 2018 - Adrian Schröter <adrian@suse.de>

- update to version 3.3.3
  * Avoid super-linear slowdown on malformed mtree files
  * Many fixes for building with Visual Studio
  * NO_OVERWRITE doesn't change existing directory attributes
  * New support for Zstandard read and write filters
- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503
- fix-CVE-2017-14166.patch is obsolete

-------------------------------------------------------------------
Thu Sep  7 07:05:15 UTC 2017 - adrian@suse.de

- update to version 3.3.2
  * NFSv4 ACL support for Linux (librichacl)
- fix-CVE-2017-14166.patch (boo#1057514)

-------------------------------------------------------------------
Mon Apr  3 14:44:27 UTC 2017 - adrian@suse.de

- update to version 3.3.1
  * Security & Feature release
    Details are not documented from upstream yet
    fix-extract-over-links.patch and libarchive-openssl.patch obsoleted

-------------------------------------------------------------------
Fri Dec  2 13:37:54 UTC 2016 - adrian@suse.com

- fix extracting over symlinks: fix-extract-over-links.patch
  the problem is solved upstream different, but git master
  is too different atm.

-------------------------------------------------------------------
Wed Oct 26 09:27:32 UTC 2016 - adrian@suse.com

- update to version 3.2.2
  Unspecified security fixes, but at least:
  * CVE-2016-8687
  * CVE-2016-8689
  * CVE-2016-8688
  * CVE-2016-5844
  * CVE-2016-6250
  * CVE-2016-5418
- obsoletes fix-build.patch

-------------------------------------------------------------------
Sat Jul 23 21:13:34 UTC 2016 - dmueller@suse.com

- make bsdtar require a matching libarchive version to avoid
  missing symbol errors

-------------------------------------------------------------------
Mon Jun 20 10:31:43 UTC 2016 - adrian@suse.de

- update to version 3.2.1
  Fixes a number of security issues:
    CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300
- and fixing the build (fix-build.patch)

-------------------------------------------------------------------
Thu Jun 16 09:33:17 UTC 2016 - adrian@suse.de

- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990)
  CVE-2016-4809.patch

-------------------------------------------------------------------
Mon May  9 08:42:19 UTC 2016 - adrian@suse.de

- 4GB _constraints for ppc64le only, it would break other archs

- update to version 3.2.0
  * Fixes CVE-2016-1541
  * Fixes CVE-2015-8928
  * changes are only documented in git history
  * updated openssl patch
  * new bsdcat utility

- removed obsolete patches for:
  * CVE-2013-0211.patch
  * directory-traversal-fix.patch
  * libarchive-xattr.patch

-------------------------------------------------------------------
Fri May  6 14:45:14 UTC 2016 - normand@linux.vnet.ibm.com

- add _constraints memory 4096MB to avoid ppc64le build failure

-------------------------------------------------------------------
Sat Sep 19 20:17:41 UTC 2015 - astieger@suse.com

- build static lib on RHEL 7

-------------------------------------------------------------------
Sun Mar 22 19:51:10 UTC 2015 - astieger@suse.com

- RHEL/CentOS build fix, skipping autoreconf

-------------------------------------------------------------------
Sun Mar 15 20:11:00 UTC 2015 - astieger@suse.com

- add CVE for previous change

-------------------------------------------------------------------
Thu Mar  5 13:36:09 UTC 2015 - adrian@suse.com

- fix a directory traversal in cpio tool (bnc#920870)
  directory-traversal-fix.patch CVE-2015-2304

-------------------------------------------------------------------
Tue Nov 11 12:07:46 UTC 2014 - jsegitz@novell.com

- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)

-------------------------------------------------------------------
Wed May 28 17:18:59 UTC 2014 - crrodriguez@opensuse.org

- libarchive-xattr.patch, fix subtle wrong library check 
  that causes this package to depend on libattr when it should
  be using glibc.

-------------------------------------------------------------------
Sun Nov 24 16:22:02 UTC 2013 - andreas.stieger@gmx.de

- add optional -static-devel library package, intended to publish pixz
  for CentOS / RHEL, default off
- skip some dependencies not required for pixz on CentOS / RHEL

-------------------------------------------------------------------
Tue Aug 20 05:34:09 UTC 2013 - crrodriguez@opensuse.org

- remove artificial dependencies on libacl-devel, libbz2-devel,
  zlib-devel from libarchive-devel.

-------------------------------------------------------------------
Mon Aug 19 21:14:38 UTC 2013 - crrodriguez@opensuse.org

- libarchive-openssl.patch: Call OPENSSL_config where needed, 
  otherwise on systems configured to use openSSL engines such 
  as via-padlock wont benefit from hardware acceleration.

-------------------------------------------------------------------
Fri Aug 16 20:07:27 UTC 2013 - andreas.stieger@gmx.de

- update to 3.1.2
  This is a maintenance update to fix issues with the new RAR 
  seeking feature.
- libarchive's new website moved to http://www.libarchive.org.

-------------------------------------------------------------------
Sun Jun 16 23:59:28 UTC 2013 - jengelh@inai.de

- Explicitly list libattr-devel as BuildRequires (and sort those)

-------------------------------------------------------------------
Wed Feb 13 08:05:35 UTC 2013 - werner@suse.de

- Use %libname macro to be consistent throughout the spec file

-------------------------------------------------------------------
Tue Feb  5 18:48:08 UTC 2013 - p.drouand@gmail.com

- Update to version 3.1.1:
  + Fix an issue with the soname versioning in builds of libarchive
    using cmake
- Removed patchs; fixed and merged on upstream release:
  * libarchive-fix-checks.patch
  * libarchive-ppc64.patch
- The soname has changed and pass to 13.

-------------------------------------------------------------------
Thu Aug 23 08:30:05 UTC 2012 - dvaleev@suse.com

- libarchive-ppc64.patch:
  fix http://code.google.com/p/libarchive/issues/detail?id=277
  test_option_b and test_option_nodump are failing on ppc64

-------------------------------------------------------------------
Thu Aug  9 09:05:01 UTC 2012 - cfarrell@suse.com

- license update: BSD-2-Clause
  The COPYING file shows that the package is predominantly BSD-2-Clause
  licensed

-------------------------------------------------------------------
Tue Aug  7 18:47:14 UTC 2012 - dimstar@opensuse.org

- Update to version 3.0.4:
  + libarchive development moved to http://libarchive.github.com/
- Changes from version 3.0.2:
  + Various fixes merged from FreeBSD
  + Symlink support in Zip reader and writer
  + Robustness fixes to 7Zip reader
- Changes from version 3.0.1b:
  + 7Zip reader
  + Small fixes to ISO and Zip to improve robustness with corrupted
    input
  + Improve streaming Zip reader's support for uncompressed entries
  + New seeking Zip reader supports SFX Zip archives
  + Build fixes on Windows
- For more changes since 2.8.5, please see NEWS file
- Update URL Tag to represent new home of the project.
- Rename libarchive2 to libarchive12, following upstreams soname
  bumps.
- Add libarchive-fix-checks.patch: Fix gcc 4.7 side effects.
- Drop libarchive-test-fuzz.patch: fixed upstream.
- Drop libarchive-ignore-sigpipe-in-test-suite.patch: fixed
  upstream.
- Drop libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: upstream
  rejected the patch. Seems to be too theoretical problem.

-------------------------------------------------------------------
Mon May  7 08:35:39 UTC 2012 - werner@suse.de

- Enforce usage of reentrant versions of libc functions 

-------------------------------------------------------------------
Mon Feb 13 18:19:49 UTC 2012 - dvaleev@suse.com

- fix failed tests on ppc 

-------------------------------------------------------------------
Wed Feb  8 10:57:45 UTC 2012 - idonmez@suse.com

- Use %makeinstall to be SLES compatible 

-------------------------------------------------------------------
Thu Dec 22 11:27:05 UTC 2011 - werner@suse.de

- For SLES11 work around missing rpm macro 

-------------------------------------------------------------------
Tue Dec  6 16:00:48 UTC 2011 - coolo@suse.com

- rename main package to libarchive

-------------------------------------------------------------------
Tue Dec  6 16:00:32 UTC 2011 - coolo@suse.com

- Update to libarchive 2.8.5 (from werner)
 * Fix issue 134: Improve handling of open failures
 * Fix issue 119: Relax ISO verification
 * Fix issue 121: mtree parsing
 * Fix extraction of GNU tar 'D' directory entries
 * Be less demanding in LZMA/XZ compression tests

-------------------------------------------------------------------
Fri Sep 30 08:15:50 UTC 2011 - coolo@suse.com

- add baselibs.conf for PackageKit to use

-------------------------------------------------------------------
Tue Apr 19 13:23:09 UTC 2011 - idoenmez@novell.com

- Add suport for xz and xar archives 
- Add libarchive-2.8.4-iso9660-data-types.patch: 
  fix ISO9660 reader data type mismatches

-------------------------------------------------------------------
Thu Nov 11 13:36:59 UTC 2010 - puzel@novell.com

- udpate to libarchive-2.8.4
  - see /usr/share/doc/packages/libarchive2/NEWS for changes
- drop libarchive-2.5.5_fix_testsuite.patch (upstream)
- update libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch
- clean up specfile
- disable make check for now

-------------------------------------------------------------------
Wed Jan  6 04:36:37 UTC 2010 - jengelh@medozas.de

- enable parallel building

-------------------------------------------------------------------
Wed Oct 29 17:24:49 CET 2008 - mrueckert@suse.de

- added libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch:
  it can happen that your system at build times supports lutimes
  but later at runtime the needed syscall is missing.

-------------------------------------------------------------------
Mon Sep  8 17:57:29 CEST 2008 - mrueckert@suse.de

- fix rm calls in %install

-------------------------------------------------------------------
Sat Sep  6 17:54:11 CEST 2008 - mrueckert@suse.de

- update to 2.5.5
  This is a major version bump again: it incorporates
  lots of bugfixes and improvements.
  For all the details please see
  /usr/share/doc/packages/libarchive2/NEWS
- drop the .la file
- dropped patch libarchive-2.2.5_rpath.patch:
  no longer needed
- added libarchive-2.5.5_fix_testsuite.patch:
  added missing mode to open() with O_CREAT

-------------------------------------------------------------------
Wed Aug 15 12:58:06 CEST 2007 - ro@suse.de

- fix dependency of devel package 

-------------------------------------------------------------------
Tue Aug  7 16:47:22 CEST 2007 - mrueckert@suse.de

- restructured package:
  bsdtar is now the main package and libarchive2 and libarchive-devel
  the subpackages. This saves us a rename on soversion bumps.

-------------------------------------------------------------------
Mon Jul 30 14:31:32 CEST 2007 - mrueckert@suse.de

- update to 2.2.5  (#291358)
  This is a major version bump. For a full list of all changes see
  /usr/share/doc/packages/libarchive/NEWS. Mostly notable this up-
  date includes the fixes for the following security bugs:
  Errors handling corrupt tar files in libarchive
  (CVE-2007-3641, CVE-2007-3644, CVE-2007-3645)
- added libarchive-2.2.5_rpath.patch:
  dont set a rpath on the builddir.
- no longer building the static lib

-------------------------------------------------------------------
Fri Jun  8 01:35:37 CEST 2007 - ro@suse.de

- added ldconfig to post scripts
- remove minitar objects (leave binary there for now) 

-------------------------------------------------------------------
Sun Apr  8 20:53:59 CEST 2007 - mrueckert@suse.de

- updated to 2.0.28
- removed all patches:
  included upstream

-------------------------------------------------------------------
Sat Mar 24 20:07:04 CET 2007 - mrueckert@suse.de

- require libbz2-devel on >= 10.3

-------------------------------------------------------------------
Sat Mar 24 16:30:08 CET 2007 - aj@suse.de

- Change requires for libbz2 split.

-------------------------------------------------------------------
Tue Mar  6 16:49:29 CET 2007 - mrueckert@suse.de

- updated bsdtar-1.2.53_ext2_include.patch:
  the old fix was not complete and on newer glibc/kernel-headers it
  seems you need to include linux/fs.h explicitly
  new name: bsdtar-1.3.1_linux_fs_includes.patch
- build with -fno-strict-aliasing

-------------------------------------------------------------------
Fri Nov 10 13:01:38 CET 2006 - mrueckert@suse.de

- added SA-06-24_libarchive.patch:
  fix DOS in libarchive (CVE-2006-5680)
  http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc

-------------------------------------------------------------------
Fri Sep 22 13:03:42 CET 2006 - mrueckert@suse.de

- update to version 1.3.1

-------------------------------------------------------------------
Thu Apr 27 02:32:57 CEST 2006 - mrueckert@suse.de

- updated to 1.2.53:
  Upstream merged the source tarball.
  Splitted of a bsdtar package

-------------------------------------------------------------------
Mon Feb 27 19:24:00 CET 2006 - mrueckert@suse.de

- fixed building of debuginfo package

-------------------------------------------------------------------
Mon Feb 27 18:32:04 CET 2006 - mrueckert@suse.de

- libarchive 1.2.38

openSUSE Build Service is sponsored by