Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-12-SP4:Update
libarchive.26953
libarchive.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libarchive.changes of Package libarchive.26953
------------------------------------------------------------------- Tue Nov 22 11:36:19 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com> - Fix CVE-2022-36227, Handle a calloc returning NULL (CVE-2022-36227, bsc#1205629) * CVE-2022-36227.patch ------------------------------------------------------------------- Mon Nov 8 08:09:35 UTC 2021 - Adrian Schröter <adrian@suse.de> - backporting symlink security fixes from 3.5.2: extracting with ACLs modifies ACLs of target (1565.patch, bsc#1192425) modifies file flags of target (symlink-followup-fix.patch, bsc#1192426) avoid follow on fixup entries (1566.patch, bsc#1192427) - adding older security fixes with low prio out-of-bounds read caused by incorrect mbrtowc or mbtowc call: CVE-2019-19221.patch, bsc#1157569 ------------------------------------------------------------------- Fri Aug 6 12:52:50 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com> - update to version 3.3.3 * Avoid super-linear slowdown on malformed mtree files * Many fixes for building with Visual Studio * NO_OVERWRITE doesn't change existing directory attributes * New support for Zstandard read and write filters - Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503 - fix-CVE-2017-14166.patch, CVE-2017-14501.patch and CVE-2017-14502.patch are obsolete - Rebased CVE-2019-18408.patch - Needed by of Firefox91 (bsc#1188891) (Dependency chain: libarchive -> cmake3 -> Rust -> Firefox) ------------------------------------------------------------------- Wed Jul 28 15:11:29 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com> - Update to version 3.3.2: * Fixes the following security fixes: CVE-2013-0211 CVE-2015-2304 CVE-2015-8915 CVE-2015-8916 CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-10209 CVE-2016-10349 CVE-2016-1541 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-7166 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 - Added patches: * CVE-2018-1000879.patch * CVE-2018-1000880.patch - Rename CVE-2017-14503.patch to CVE-2017-14501.patch to be consistent with other libarchive packages - Removed patches: * CVE-2013-0211.patch * CVE-2015-2304.patch * CVE-2015-8915.patch * CVE-2015-8916.patch * CVE-2015-8918.patch * CVE-2015-8919.patch * CVE-2015-8920.patch * CVE-2015-8921.patch * CVE-2015-8922.patch * CVE-2015-8923.patch * CVE-2015-8924.patch * CVE-2015-8925.patch * CVE-2015-8926.patch * CVE-2015-8928.patch * CVE-2015-8929.patch * CVE-2015-8930.patch * CVE-2015-8931.patch * CVE-2015-8932.patch * CVE-2015-8933.patch * CVE-2015-8934.patch * CVE-2016-10209.patch * CVE-2016-10349.patch * CVE-2016-1541.patch * CVE-2016-4300.patch * CVE-2016-4301-base.patch * CVE-2016-4301.patch * CVE-2016-4302.patch * CVE-2016-4809.patch * CVE-2016-5418.patch * CVE-2016-5844.patch * CVE-2016-6250.patch * CVE-2016-7166.patch * CVE-2016-8687.patch * CVE-2016-8688.patch * CVE-2016-8689.patch * fix-build.patch * libarchive-openssl.patch - Refreshed patches: * CVE-2019-18408.patch - Update build phase - Required for bsc#1188891 ------------------------------------------------------------------- Fri Oct 25 09:35:44 UTC 2019 - Adrian Schröter <adrian@suse.de> - Added patch: * CVE-2019-18408.patch Fixes use-after-free in rar format support (bsc#1155079) ------------------------------------------------------------------- Tue Feb 5 15:16:08 UTC 2019 - Adrian Schröter <adrian@suse.de> - Added patches: * CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341) * CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342) ------------------------------------------------------------------- Thu Jan 3 16:01:02 UTC 2019 - Karol Babioch <kbabioch@suse.de> - Added patches: * CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR decoder (CVE-2018-1000877 bsc#1120653) * CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR decoder (CVE-2018-1000878 bsc#1120654) ------------------------------------------------------------------- Wed Oct 10 13:18:24 UTC 2018 - Adrian Schröter <adrian@suse.de> - CVE-2017-14503.patch: CVE-2017-14501 bsc#1057514 bsc#1059139 CVE-2016-10209.patch: bsc#1032089 CVE-2016-10349.patch: bsc#1037008 - is also fixing CVE-2016-10350 and bsc#1037009 CVE-2017-14166.patch: bsc#1057514 CVE-2017-14502.patch: bsc#1059134 ------------------------------------------------------------------- Tue Oct 18 07:51:30 UTC 2016 - adrian@suse.com - CVE-2016-8687.patch: bsc#1005070 CVE-2016-8689.patch: bsc#1005072 CVE-2016-8688.patch: bsc#1005076 CVE-2016-5844.patch: bsc#986566, upstream issue 717 CVE-2015-8915.patch: bsc#985691, upstream issue 502 CVE-2016-6250.patch: bsc#989980, upstream issue 711 CVE-2016-5418.patch: bsc#998677, upstream issues 744, 745 and 746 rename directory-traversal-fix.patch to CVE-2015-2304.patch ------------------------------------------------------------------- Tue Jun 21 06:32:05 UTC 2016 - adrian@suse.de - Adding more security fixes: CVE-2015-8924.patch: bsc#985609, upstream issue 515 CVE-2015-8932.patch: bsc#985665, upstream issue 547 CVE-2015-8929.patch: bsc#985669, upstream issue 517 CVE-2015-8934.patch: bsc#985673, upstream issue 521 CVE-2015-8920.patch: bsc#985675, upstream issue 511 CVE-2015-8928.patch: bsc#985679, upstream issue 550 CVE-2015-8921.patch: bsc#985682, upstream issue 512 CVE-2015-8922.patch: bsc#985685, upstream issue 513 CVE-2015-8933.patch: bsc#985688, upstream issue 548 & 582 - lacks test cases since they need new support functions CVE-2015-8931.patch: bsc#985689, upstream issue 539 CVE-2015-8916.patch: bsc#985694, upstream issue 504 CVE-2015-8918.patch. bsc#985698, upstream issue 506 CVE-2015-8919.patch: bsc#985697, upstream issue 510 CVE-2015-8930.patch: bsc#985700, upstream issue 522 CVE-2015-8923.patch: bsc#985703, upstream issue 514 CVE-2015-8926.patch: bsc#985704, upstream issue 518 CVE-2015-8925.patch: bsc#985706, upstream issue 516 CVE-2016-4300.patch: bsc#985832 CVE-2016-4301.patch, CVE-2016-4301-base.patch: bsc#985826, upstream issue 523 CVE-2016-4302.patch: bsc#985835, upstream issue 718 ------------------------------------------------------------------- Thu Jun 16 09:33:17 UTC 2016 - adrian@suse.de - limit size of symlinks in cpio archives (CVE-2016-4809, bsc#984990) CVE-2016-4809.patch ------------------------------------------------------------------- Mon May 9 08:34:22 UTC 2016 - adrian@suse.de - Fix CVE-2016-1541 (bsc#979005) ------------------------------------------------------------------- Thu Mar 5 13:36:09 UTC 2015 - adrian@suse.com - fix a directory traversal in cpio tool (bnc#920870) CVE-2015-2304 ------------------------------------------------------------------- Tue Nov 11 12:07:46 UTC 2014 - jsegitz@novell.com - Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024) ------------------------------------------------------------------- Sun Nov 24 16:22:02 UTC 2013 - andreas.stieger@gmx.de - add optional -static-devel library package, intended to publish pixz for CentOS / RHEL, default off - skip some dependencies not required for pixz on CentOS / RHEL ------------------------------------------------------------------- Tue Aug 20 05:34:09 UTC 2013 - crrodriguez@opensuse.org - remove artificial dependencies on libacl-devel, libbz2-devel, zlib-devel from libarchive-devel. ------------------------------------------------------------------- Mon Aug 19 21:14:38 UTC 2013 - crrodriguez@opensuse.org - libarchive-openssl.patch: Call OPENSSL_config where needed, otherwise on systems configured to use openSSL engines such as via-padlock wont benefit from hardware acceleration. ------------------------------------------------------------------- Fri Aug 16 20:07:27 UTC 2013 - andreas.stieger@gmx.de - update to 3.1.2 This is a maintenance update to fix issues with the new RAR seeking feature. - libarchive's new website moved to http://www.libarchive.org. ------------------------------------------------------------------- Sun Jun 16 23:59:28 UTC 2013 - jengelh@inai.de - Explicitly list libattr-devel as BuildRequires (and sort those) ------------------------------------------------------------------- Wed Feb 13 08:05:35 UTC 2013 - werner@suse.de - Use %libname macro to be consistent throughout the spec file ------------------------------------------------------------------- Tue Feb 5 18:48:08 UTC 2013 - p.drouand@gmail.com - Update to version 3.1.1: + Fix an issue with the soname versioning in builds of libarchive using cmake - Removed patchs; fixed and merged on upstream release: * libarchive-fix-checks.patch * libarchive-ppc64.patch - The soname has changed and pass to 13. ------------------------------------------------------------------- Thu Aug 23 08:30:05 UTC 2012 - dvaleev@suse.com - libarchive-ppc64.patch: fix http://code.google.com/p/libarchive/issues/detail?id=277 test_option_b and test_option_nodump are failing on ppc64 ------------------------------------------------------------------- Thu Aug 9 09:05:01 UTC 2012 - cfarrell@suse.com - license update: BSD-2-Clause The COPYING file shows that the package is predominantly BSD-2-Clause licensed ------------------------------------------------------------------- Tue Aug 7 18:47:14 UTC 2012 - dimstar@opensuse.org - Update to version 3.0.4: + libarchive development moved to http://libarchive.github.com/ - Changes from version 3.0.2: + Various fixes merged from FreeBSD + Symlink support in Zip reader and writer + Robustness fixes to 7Zip reader - Changes from version 3.0.1b: + 7Zip reader + Small fixes to ISO and Zip to improve robustness with corrupted input + Improve streaming Zip reader's support for uncompressed entries + New seeking Zip reader supports SFX Zip archives + Build fixes on Windows - For more changes since 2.8.5, please see NEWS file - Update URL Tag to represent new home of the project. - Rename libarchive2 to libarchive12, following upstreams soname bumps. - Add libarchive-fix-checks.patch: Fix gcc 4.7 side effects. - Drop libarchive-test-fuzz.patch: fixed upstream. - Drop libarchive-ignore-sigpipe-in-test-suite.patch: fixed upstream. - Drop libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: upstream rejected the patch. Seems to be too theoretical problem. ------------------------------------------------------------------- Mon May 7 08:35:39 UTC 2012 - werner@suse.de - Enforce usage of reentrant versions of libc functions ------------------------------------------------------------------- Mon Feb 13 18:19:49 UTC 2012 - dvaleev@suse.com - fix failed tests on ppc ------------------------------------------------------------------- Wed Feb 8 10:57:45 UTC 2012 - idonmez@suse.com - Use %makeinstall to be SLES compatible ------------------------------------------------------------------- Thu Dec 22 11:27:05 UTC 2011 - werner@suse.de - For SLES11 work around missing rpm macro ------------------------------------------------------------------- Tue Dec 6 16:00:48 UTC 2011 - coolo@suse.com - rename main package to libarchive ------------------------------------------------------------------- Tue Dec 6 16:00:32 UTC 2011 - coolo@suse.com - Update to libarchive 2.8.5 (from werner) * Fix issue 134: Improve handling of open failures * Fix issue 119: Relax ISO verification * Fix issue 121: mtree parsing * Fix extraction of GNU tar 'D' directory entries * Be less demanding in LZMA/XZ compression tests ------------------------------------------------------------------- Fri Sep 30 08:15:50 UTC 2011 - coolo@suse.com - add baselibs.conf for PackageKit to use ------------------------------------------------------------------- Tue Apr 19 13:23:09 UTC 2011 - idoenmez@novell.com - Add suport for xz and xar archives - Add libarchive-2.8.4-iso9660-data-types.patch: fix ISO9660 reader data type mismatches ------------------------------------------------------------------- Thu Nov 11 13:36:59 UTC 2010 - puzel@novell.com - udpate to libarchive-2.8.4 - see /usr/share/doc/packages/libarchive2/NEWS for changes - drop libarchive-2.5.5_fix_testsuite.patch (upstream) - update libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch - clean up specfile - disable make check for now ------------------------------------------------------------------- Wed Jan 6 04:36:37 UTC 2010 - jengelh@medozas.de - enable parallel building ------------------------------------------------------------------- Wed Oct 29 17:24:49 CET 2008 - mrueckert@suse.de - added libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: it can happen that your system at build times supports lutimes but later at runtime the needed syscall is missing. ------------------------------------------------------------------- Mon Sep 8 17:57:29 CEST 2008 - mrueckert@suse.de - fix rm calls in %install ------------------------------------------------------------------- Sat Sep 6 17:54:11 CEST 2008 - mrueckert@suse.de - update to 2.5.5 This is a major version bump again: it incorporates lots of bugfixes and improvements. For all the details please see /usr/share/doc/packages/libarchive2/NEWS - drop the .la file - dropped patch libarchive-2.2.5_rpath.patch: no longer needed - added libarchive-2.5.5_fix_testsuite.patch: added missing mode to open() with O_CREAT ------------------------------------------------------------------- Wed Aug 15 12:58:06 CEST 2007 - ro@suse.de - fix dependency of devel package ------------------------------------------------------------------- Tue Aug 7 16:47:22 CEST 2007 - mrueckert@suse.de - restructured package: bsdtar is now the main package and libarchive2 and libarchive-devel the subpackages. This saves us a rename on soversion bumps. ------------------------------------------------------------------- Mon Jul 30 14:31:32 CEST 2007 - mrueckert@suse.de - update to 2.2.5 (#291358) This is a major version bump. For a full list of all changes see /usr/share/doc/packages/libarchive/NEWS. Mostly notable this up- date includes the fixes for the following security bugs: Errors handling corrupt tar files in libarchive (CVE-2007-3641, CVE-2007-3644, CVE-2007-3645) - added libarchive-2.2.5_rpath.patch: dont set a rpath on the builddir. - no longer building the static lib ------------------------------------------------------------------- Fri Jun 8 01:35:37 CEST 2007 - ro@suse.de - added ldconfig to post scripts - remove minitar objects (leave binary there for now) ------------------------------------------------------------------- Sun Apr 8 20:53:59 CEST 2007 - mrueckert@suse.de - updated to 2.0.28 - removed all patches: included upstream ------------------------------------------------------------------- Sat Mar 24 20:07:04 CET 2007 - mrueckert@suse.de - require libbz2-devel on >= 10.3 ------------------------------------------------------------------- Sat Mar 24 16:30:08 CET 2007 - aj@suse.de - Change requires for libbz2 split. ------------------------------------------------------------------- Tue Mar 6 16:49:29 CET 2007 - mrueckert@suse.de - updated bsdtar-1.2.53_ext2_include.patch: the old fix was not complete and on newer glibc/kernel-headers it seems you need to include linux/fs.h explicitly new name: bsdtar-1.3.1_linux_fs_includes.patch - build with -fno-strict-aliasing ------------------------------------------------------------------- Fri Nov 10 13:01:38 CET 2006 - mrueckert@suse.de - added SA-06-24_libarchive.patch: fix DOS in libarchive (CVE-2006-5680) http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc ------------------------------------------------------------------- Fri Sep 22 13:03:42 CET 2006 - mrueckert@suse.de - update to version 1.3.1 ------------------------------------------------------------------- Thu Apr 27 02:32:57 CEST 2006 - mrueckert@suse.de - updated to 1.2.53: Upstream merged the source tarball. Splitted of a bsdtar package ------------------------------------------------------------------- Mon Feb 27 19:24:00 CET 2006 - mrueckert@suse.de - fixed building of debuginfo package ------------------------------------------------------------------- Mon Feb 27 18:32:04 CET 2006 - mrueckert@suse.de - libarchive 1.2.38
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor