Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

bsdtar-3.7.2-1.3 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: bsdtar Distribution: openSUSE:Factory:zSystems
Version: 3.7.2 Vendor: openSUSE
Release: 1.3 Build date: Fri Dec 29 19:39:00 2023
Group: Productivity/Archiving/Compression Build host: reproducible
Size: 1920224 Source RPM: libarchive-3.7.2-1.3.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.libarchive.org/
Summary: Utility to read several different streaming archive formats
 
This package contains the bsdtar cmdline utility.

Provides

Requires

License

BSD-2-Clause

Changelog

* Fri Dec 29 2023 Dirk Müller <dmueller@suse.com>
  - skip write tests on 32bit, they OOM
* Sun Sep 17 2023 Dirk Müller <dmueller@suse.com>
  - update to 3.7.2:
    * Multiple vulnerabilities have been fixed in the PAX writer
    * bsdunzip(1) now correctly handles arguments following an
    - x after the zipfile
    * zstd filter now supports the "long" write option
    * SEGV and stack buffer overflow in verbose mode of cpio
    * bsdunzip updated to match latest upstream code
    * miscellaneous functional bugfixes
* Mon Jul 24 2023 Bernhard Wiedemann <bwiedemann@suse.com>
  - update to 3.7.0
    * bsdunzip port from FreeBSD
    * fix 2 year 2038 issues
* Fri Dec 23 2022 Dirk Müller <dmueller@suse.com>
  - update to 3.6.2 (bsc#1205629, CVE-2022-36227)
    * NULL pointer dereference vulnerability in archive_write.c
    * include ZSTD in Windows builds (#1688)
    * SSL fixes on Windows (#1714, #1723, #1724)
    * rar5 reader: fix possible garbled output with bsdtar -O (#1745)
    * mtree reader: support reading mtree files with tabs (#1783)
    * various small fixes for issues found by CodeQL
  - Drop upstream merged CVE-2022-36227.patch
* Tue Nov 22 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2022-36227, Handle a calloc returning NULL
    (CVE-2022-36227, bsc#1205629)
    * CVE-2022-36227.patch
* Fri Apr 08 2022 Dirk Müller <dmueller@suse.com>
  - update to 3.6.1:
    * 7zip reader: fix PPMD read beyond boundary (#1671)
    * ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
    * ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
    * RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
    * fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
    * fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
    * fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
  - Drop upstream merged fix-CVE-2022-26280.patch
* Thu Apr 07 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
    (CVE-2022-26280, bsc#1197634)
    * fix-CVE-2022-26280.patch
* Thu Feb 24 2022 Ferdinand Thiessen <rpm@fthiessen.de>
  - Update to 3.6.0
    * Fix use-after-free bug (CVE-2021-36976)
    * tar: new option "--no-read-sparse"
    * tar: threads support for zstd
    * RAR reader: filter support
    * RAR5 reader: self-extracting archive support
    * ZIP reader: zstd decompression support
    * tar: respect "--ignore-zeros" in c, r and u modes
    * reduced size of application binaries
    * internal code optimizations
  - Drop upstream merged:
    * fix-following-symlinks.patch
    * fix-CVE-2021-36976.patch
* Wed Feb 23 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2021-36976 use-after-free in copy_string
    (CVE-2021-36976, bsc#1188572)
    * fix-CVE-2021-36976.patch
  - The following issues have already been fixed in this package but
    weren't previously mentioned in the changes file:
    CVE-2017-5601, bsc#1022528, bsc#1189528
* Mon Nov 29 2021 Adrian Schröter <adrian@suse.de>
  - fix permission settings on following symlinks (fix-following-symlinks.patch)
    this fixes also wrong permissions of /var/tmp in factory systems
    CVE-2021-31566
* Sun Nov 07 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - update to 3.5.2:
    * CPIO: Support for PWB and v7 binary cpio formats
    * ZIP reader: Support of deflate algorithm in symbolic link decompression
    * security: fix handling of symbolic link ACLs on Linux (boo#1192425)
    * security: never follow symlinks when setting file flags on Linux (boo#1192426)
    * security: do not follow symlinks when processing the fixup list (boo#1192427)
    * fix extraction of hardlinks to symlinks
    * 7zip reader and writer fixes
    * RAR reader fixes
    * ZIP reader: fix excessive read for padded zip
    * CAB reader: fix double free
    * handle short writes from archive_write_callback
  - Drop upstream mereged:
    * CVE-2021-23177.patch
    * CVE-2021-31566.patch
    * bsc1192427.patch
* Thu Oct 21 2021 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2021-31566, modifies file flags of symlink target
    (CVE-2021-31566, bsc#1192426.patch)
    CVE-2021-31566.patch
  - Fix bsc#1192427, processing fixup entries may follow symbolic links
    bsc1192427.patch
* Sun Sep 12 2021 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
    (CVE-2021-23177, bsc#1192425)
    * CVE-2021-23177.patch
* Wed Jan 06 2021 Dirk Müller <dmueller@suse.com>
  - update to 3.5.1:
    * various compilation fixes (#1461, #1462, #1463, #1464)
    * fixed undefined behavior in a function in warc reader (#1465)

Files

/usr/bin/bsdcat
/usr/bin/bsdcpio
/usr/bin/bsdtar
/usr/bin/bsdunzip
/usr/share/man/man1/bsdcat.1.gz
/usr/share/man/man1/bsdcpio.1.gz
/usr/share/man/man1/bsdtar.1.gz
/usr/share/man/man1/bsdunzip.1.gz
/usr/share/man/man5/libarchive-formats.5.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 30 23:50:42 2024