Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libarchive13-32bit-3.7.2-150600.1.7 RPM for x86_64

From OpenSuSE Leap 15.6 for x86_64

Name: libarchive13-32bit Distribution: SUSE Linux Enterprise 15
Version: 3.7.2 Vendor: SUSE LLC <>
Release: 150600.1.7 Build date: Thu May 9 15:05:42 2024
Group: System/Libraries Build host: h01-ch2d
Size: 918884 Source RPM: libarchive-3.7.2-150600.1.7.src.rpm
Summary: Library to work with several different streaming archive formats
Libarchive is a programming library that can create and read several
different streaming archive formats, including most popular tar
variants and several cpio formats. It can also write shar archives and
read ISO-9660 CDROM images. The bsdtar program is an implementation of
tar(1) that is built on top of libarchive. It started as a test
harness, but has grown and is now the standard system tar for FreeBSD 5
and 6.

The libarchive library offers a number of features that make it both
very flexible and very powerful.

- Automatic format detection: libarchive can automatically determine
   both the compression and the archive format, regardless of the
   data source. Most tar implementations do not automatically detect
   the compression format, few implementation that can correctly do
   this when reading from stdin or a socket. (The tar program
   included with Gunnar Ritter's heirloom collection also does full
   automatic format detection.)

- Writes POSIX formats: libarchive writes POSIX-standard formats,
   including "ustar," "pax interchange format," and the POSIX "cpio"

- Supports pax interchange format: Pax interchange format (which,
   despite the name, is really an extended tar format) eliminates
   almost all limitations of historic tar formats and provides a
   standard method for incorporating vendor-specific extensions.
   libarchive exploits this extension mechanism to support ACLs and
   file flags, for example. (Joerg Schilling's star archiver is
   another open-source tar program that supports pax interchange

- Reads popular formats: libarchive can read GNU tar, ustar, pax
   interchange format, cpio, and older tar variants. The internal
   architecture is easily extensible. The only requirement for
   support is that it be possible to read the format without seeking
   in the file. (For example, a format that includes a compressed
   size field before the data cannot be correctly written without

- High-Level API: the libarchive API makes it fairly simple to build
   an archive from a list of filenames or to extract the entries
   from an archive. However, the API also provides extreme
   flexibility with regards to data sources. For example, there are
   generic hooks that allow you to write an archive to a socket or
   read data from an archive entry into a memory buffer.

- Extensible. The internal design uses generic interfaces for
compression, archive format detection and decoding, and archive data
I/O. It should be very easy to add new formats, new compression
methods, or new ways of reading/writing archives.






* Fri Dec 29 2023
  - skip write tests on 32bit, they OOM
* Sun Sep 17 2023
  - update to 3.7.2:
    * Multiple vulnerabilities have been fixed in the PAX writer
    * bsdunzip(1) now correctly handles arguments following an
    - x after the zipfile
    * zstd filter now supports the "long" write option
    * SEGV and stack buffer overflow in verbose mode of cpio
    * bsdunzip updated to match latest upstream code
    * miscellaneous functional bugfixes
* Mon Jul 24 2023
  - update to 3.7.0
    * bsdunzip port from FreeBSD
    * fix 2 year 2038 issues
* Fri Dec 23 2022
  - update to 3.6.2 (bsc#1205629, CVE-2022-36227)
    * NULL pointer dereference vulnerability in archive_write.c
    * include ZSTD in Windows builds (#1688)
    * SSL fixes on Windows (#1714, #1723, #1724)
    * rar5 reader: fix possible garbled output with bsdtar -O (#1745)
    * mtree reader: support reading mtree files with tabs (#1783)
    * various small fixes for issues found by CodeQL
  - Drop upstream merged CVE-2022-36227.patch
* Tue Nov 22 2022
  - Fix CVE-2022-36227, Handle a calloc returning NULL
    (CVE-2022-36227, bsc#1205629)
    * CVE-2022-36227.patch
* Fri Apr 08 2022
  - update to 3.6.1:
    * 7zip reader: fix PPMD read beyond boundary (#1671)
    * ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
    * ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
    * RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
    * fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
    * fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
    * fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
  - Drop upstream merged fix-CVE-2022-26280.patch
* Thu Apr 07 2022
  - Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
    (CVE-2022-26280, bsc#1197634)
    * fix-CVE-2022-26280.patch
* Thu Feb 24 2022
  - Update to 3.6.0
    * Fix use-after-free bug (CVE-2021-36976)
    * tar: new option "--no-read-sparse"
    * tar: threads support for zstd
    * RAR reader: filter support
    * RAR5 reader: self-extracting archive support
    * ZIP reader: zstd decompression support
    * tar: respect "--ignore-zeros" in c, r and u modes
    * reduced size of application binaries
    * internal code optimizations
  - Drop upstream merged:
    * fix-following-symlinks.patch
    * fix-CVE-2021-36976.patch
* Wed Feb 23 2022
  - Fix CVE-2021-36976 use-after-free in copy_string
    (CVE-2021-36976, bsc#1188572)
    * fix-CVE-2021-36976.patch
  - The following issues have already been fixed in this package but
    weren't previously mentioned in the changes file:
    CVE-2017-5601, bsc#1022528, bsc#1189528
* Mon Nov 29 2021
  - fix permission settings on following symlinks (fix-following-symlinks.patch)
    this fixes also wrong permissions of /var/tmp in factory systems
* Sun Nov 07 2021
  - update to 3.5.2:
    * CPIO: Support for PWB and v7 binary cpio formats
    * ZIP reader: Support of deflate algorithm in symbolic link decompression
    * security: fix handling of symbolic link ACLs on Linux (boo#1192425)
    * security: never follow symlinks when setting file flags on Linux (boo#1192426)
    * security: do not follow symlinks when processing the fixup list (boo#1192427)
    * fix extraction of hardlinks to symlinks
    * 7zip reader and writer fixes
    * RAR reader fixes
    * ZIP reader: fix excessive read for padded zip
    * CAB reader: fix double free
    * handle short writes from archive_write_callback
  - Drop upstream mereged:
    * CVE-2021-23177.patch
    * CVE-2021-31566.patch
    * bsc1192427.patch
* Thu Oct 21 2021
  - Fix CVE-2021-31566, modifies file flags of symlink target
    (CVE-2021-31566, bsc#1192426.patch)
  - Fix bsc#1192427, processing fixup entries may follow symbolic links
* Sun Sep 12 2021
  - Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
    (CVE-2021-23177, bsc#1192425)
    * CVE-2021-23177.patch
* Wed Jan 06 2021
  - update to 3.5.1:
    * various compilation fixes (#1461, #1462, #1463, #1464)
    * fixed undefined behavior in a function in warc reader (#1465)
* Tue Dec 01 2020
  - Update to version 3.5.0
    New features:
    * mtree digest reader support (#1347)
    * completed support for UTF-8 encoding conversion (#1389)
    * minor API enhancements (#1258, #1405)
    * support for system extended attributes (#1409)
    * support for decompression of symbolic links in zipx archives (#1435)
    Important bugfixes
    * fixed extraction of archives with hard links pointing to itself (#1381)
    * cpio fixes (#1387, #1388)
    * fixed uninitialized size in rar5_read_data (#1408)
    * fixed memory leaks in error case of archive_write_open() functions (#1456)
  - Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream.
* Mon Sep 07 2020
  - fix build with binutils submitted to Factory, adding upstream
* Wed May 20 2020
  - Update to version 3.4.3
    * support for pzstd compressed files (#1357)
    * support for tar extended attribute (#1348)
    * various zstd fixes and improvements (#1342 #1352 #1359)
    * child process handling fixes (#1372)
* Tue Feb 18 2020
  - Switch back to cmake build now that cmake-mini exists, this will
    no longer create a build-cycle.
* Wed Feb 12 2020
  - Update to version 3.4.2
    New features:
    * support for atomic file extraction (bsdtar -x --safe-writes) (#1289)
    * support for mbed TLS (PolarSSL) (#1301)
    Important bugfixes:
    * security fixes in RAR5 reader (#1280 #1326)
    * compression buffer fix in XAR writer (#1317)
    * fix uname and gname longer than 32 characters in PAX writer (#1319)
    * fix segfault when archiving hard links in ISO9660 and XAR writers (#1325)
    * fix support for extracting 7z archive entries with Delta filter (#987)
* Mon Dec 30 2019
  - Revert back to autoconf, cmake introduces a cycle. Leave cmake
    patches in since they are basically correct and might be useful
    in the future.
* Mon Dec 30 2019
  - Update to version 3.4.1
    New features:
    * Unicode filename support for reading lha/lzh archives
    * New pax write option "xattrhdr"
    Important bugfixes:
    * security fixes in wide string processing (#1276 #1298)
    * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221
    * security fixes and optimizations to write filter logic (#351)
    * security fix related to use of readlink(2) (1dae5a5)
    * sparse file handling fixes (#1218 #1260)
  - Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream
* Fri Nov 22 2019
  - fix bsc#1157569
    CVE-2019-19221.patch out-of-bounds read in libarchive
* Sun Aug 18 2019
  - Switch to cmake build
  - Add lib-suffix.patch to honor LIB_SUFFIX
  - Add fix-zstd-test.patch to fix zstd test
  - Add fix-soversion.patch to fix the soversion to 13 as autotools
* Thu Jun 20 2019
  - Add lz4 and zstd support
  - Add BuildRequires on liblz4-devel and libzstd-devel
* Thu Jun 13 2019
  - Update to version 3.4.0
    * Support for file and directory symlinks on Windows
    * Read support for RAR 5.0 archives
    * Read support for ZIPX archives with xz, lzma, ppmd8 and
      bzip2 compression
    * Support for non-recursive list and extract
    * New tar option: --exclude-vcs
    * Improved file attribute support on Linux and file flags support
      on FreeBSD
    * Fix reading Android APK archives (#1055 )
    * Fix problems related to unreadable directories (#1167)
    * A two-digit number of OSS-Fuzz issues was resolved in this release
      including CVE-2019-18408
  - Add libarchive.keyring and validate the tarball signature
  - Drop all security patches, fixed upstream:
    * CVE-2018-1000877.patch
    * CVE-2018-1000878.patch
    * CVE-2018-1000879.patch
    * CVE-2018-1000880.patch
    * CVE-2019-1000019.patch
    * CVE-2019-1000020.patch
* Tue Feb 05 2019
  - Added patches:
    * CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
    * CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)
* Thu Jan 03 2019
  - Added patches:
    * CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR
      decoder (CVE-2018-1000877 bsc#1120653)
    * CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR
      decoder (CVE-2018-1000878 bsc#1120654)
    * CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference
      vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
    * CVE-2018-1000880.patch, which fixes an improper input validation
      vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)
  - Make use of %license macro
  - Applied spec-cleaner
* Tue Sep 18 2018
  - Fix RPM groups. Remove idempotent %if..%endif guards.
    Diversify summaries. Set CFLAGS instead of re-defining
    optflags with itself.
* Fri Sep 14 2018
  - update to version 3.3.3
    * Avoid super-linear slowdown on malformed mtree files
    * Many fixes for building with Visual Studio
    * NO_OVERWRITE doesn't change existing directory attributes
    * New support for Zstandard read and write filters
  - Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503
  - fix-CVE-2017-14166.patch is obsolete
* Thu Sep 07 2017
  - update to version 3.3.2
    * NFSv4 ACL support for Linux (librichacl)
  - fix-CVE-2017-14166.patch (boo#1057514)
* Mon Apr 03 2017
  - update to version 3.3.1
    * Security & Feature release
      Details are not documented from upstream yet
      fix-extract-over-links.patch and libarchive-openssl.patch obsoleted
* Fri Dec 02 2016
  - fix extracting over symlinks: fix-extract-over-links.patch
    the problem is solved upstream different, but git master
    is too different atm.
* Wed Oct 26 2016
  - update to version 3.2.2
    Unspecified security fixes, but at least:
    * CVE-2016-8687
    * CVE-2016-8689
    * CVE-2016-8688
    * CVE-2016-5844
    * CVE-2016-6250
    * CVE-2016-5418
  - obsoletes fix-build.patch
* Sat Jul 23 2016
  - make bsdtar require a matching libarchive version to avoid
    missing symbol errors
* Mon Jun 20 2016
  - update to version 3.2.1
    Fixes a number of security issues:
      CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300
  - and fixing the build (fix-build.patch)
* Thu Jun 16 2016
  - limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990)
* Mon May 09 2016
  - 4GB _constraints for ppc64le only, it would break other archs
  - update to version 3.2.0
    * Fixes CVE-2016-1541
    * Fixes CVE-2015-8928
    * changes are only documented in git history
    * updated openssl patch
    * new bsdcat utility
  - removed obsolete patches for:
    * CVE-2013-0211.patch
    * directory-traversal-fix.patch
    * libarchive-xattr.patch
* Fri May 06 2016
  - add _constraints memory 4096MB to avoid ppc64le build failure
* Sat Sep 19 2015
  - build static lib on RHEL 7
* Sun Mar 22 2015
  - RHEL/CentOS build fix, skipping autoreconf
* Sun Mar 15 2015
  - add CVE for previous change
* Thu Mar 05 2015
  - fix a directory traversal in cpio tool (bnc#920870)
    directory-traversal-fix.patch CVE-2015-2304
* Tue Nov 11 2014
  - Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 20:06:21 2024