Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

bsdtar-3.7.2-150600.1.7 RPM for x86_64

From OpenSuSE Leap 15.6 for x86_64

Name: bsdtar Distribution: SUSE Linux Enterprise 15
Version: 3.7.2 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150600.1.7 Build date: Thu May 9 12:04:07 2024
Group: Productivity/Archiving/Compression Build host: h04-ch1d
Size: 1757032 Source RPM: libarchive-3.7.2-150600.1.7.src.rpm
Packager: https://www.suse.com/
Url: https://www.libarchive.org/
Summary: Utility to read several different streaming archive formats
This package contains the bsdtar cmdline utility.

Provides

Requires

License

BSD-2-Clause

Changelog

* Fri Dec 29 2023 dmueller@suse.com
  - skip write tests on 32bit, they OOM
* Sun Sep 17 2023 dmueller@suse.com
  - update to 3.7.2:
    * Multiple vulnerabilities have been fixed in the PAX writer
    * bsdunzip(1) now correctly handles arguments following an
    - x after the zipfile
    * zstd filter now supports the "long" write option
    * SEGV and stack buffer overflow in verbose mode of cpio
    * bsdunzip updated to match latest upstream code
    * miscellaneous functional bugfixes
* Mon Jul 24 2023 bwiedemann@suse.com
  - update to 3.7.0
    * bsdunzip port from FreeBSD
    * fix 2 year 2038 issues
* Fri Dec 23 2022 dmueller@suse.com
  - update to 3.6.2 (bsc#1205629, CVE-2022-36227)
    * NULL pointer dereference vulnerability in archive_write.c
    * include ZSTD in Windows builds (#1688)
    * SSL fixes on Windows (#1714, #1723, #1724)
    * rar5 reader: fix possible garbled output with bsdtar -O (#1745)
    * mtree reader: support reading mtree files with tabs (#1783)
    * various small fixes for issues found by CodeQL
  - Drop upstream merged CVE-2022-36227.patch
* Tue Nov 22 2022 danilo.spinella@suse.com
  - Fix CVE-2022-36227, Handle a calloc returning NULL
    (CVE-2022-36227, bsc#1205629)
    * CVE-2022-36227.patch
* Fri Apr 08 2022 dmueller@suse.com
  - update to 3.6.1:
    * 7zip reader: fix PPMD read beyond boundary (#1671)
    * ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
    * ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
    * RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
    * fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
    * fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
    * fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
  - Drop upstream merged fix-CVE-2022-26280.patch
* Thu Apr 07 2022 danilo.spinella@suse.com
  - Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
    (CVE-2022-26280, bsc#1197634)
    * fix-CVE-2022-26280.patch
* Thu Feb 24 2022 rpm@fthiessen.de
  - Update to 3.6.0
    * Fix use-after-free bug (CVE-2021-36976)
    * tar: new option "--no-read-sparse"
    * tar: threads support for zstd
    * RAR reader: filter support
    * RAR5 reader: self-extracting archive support
    * ZIP reader: zstd decompression support
    * tar: respect "--ignore-zeros" in c, r and u modes
    * reduced size of application binaries
    * internal code optimizations
  - Drop upstream merged:
    * fix-following-symlinks.patch
    * fix-CVE-2021-36976.patch
* Wed Feb 23 2022 danilo.spinella@suse.com
  - Fix CVE-2021-36976 use-after-free in copy_string
    (CVE-2021-36976, bsc#1188572)
    * fix-CVE-2021-36976.patch
  - The following issues have already been fixed in this package but
    weren't previously mentioned in the changes file:
    CVE-2017-5601, bsc#1022528, bsc#1189528
* Mon Nov 29 2021 adrian@suse.de
  - fix permission settings on following symlinks (fix-following-symlinks.patch)
    this fixes also wrong permissions of /var/tmp in factory systems
    CVE-2021-31566
* Sun Nov 07 2021 andreas.stieger@gmx.de
  - update to 3.5.2:
    * CPIO: Support for PWB and v7 binary cpio formats
    * ZIP reader: Support of deflate algorithm in symbolic link decompression
    * security: fix handling of symbolic link ACLs on Linux (boo#1192425)
    * security: never follow symlinks when setting file flags on Linux (boo#1192426)
    * security: do not follow symlinks when processing the fixup list (boo#1192427)
    * fix extraction of hardlinks to symlinks
    * 7zip reader and writer fixes
    * RAR reader fixes
    * ZIP reader: fix excessive read for padded zip
    * CAB reader: fix double free
    * handle short writes from archive_write_callback
  - Drop upstream mereged:
    * CVE-2021-23177.patch
    * CVE-2021-31566.patch
    * bsc1192427.patch
* Thu Oct 21 2021 danilo.spinella@suse.com
  - Fix CVE-2021-31566, modifies file flags of symlink target
    (CVE-2021-31566, bsc#1192426.patch)
    CVE-2021-31566.patch
  - Fix bsc#1192427, processing fixup entries may follow symbolic links
    bsc1192427.patch
* Sun Sep 12 2021 danilo.spinella@suse.com
  - Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
    (CVE-2021-23177, bsc#1192425)
    * CVE-2021-23177.patch
* Wed Jan 06 2021 dmueller@suse.com
  - update to 3.5.1:
    * various compilation fixes (#1461, #1462, #1463, #1464)
    * fixed undefined behavior in a function in warc reader (#1465)
* Tue Dec 01 2020 idonmez@suse.com
  - Update to version 3.5.0
    New features:
    * mtree digest reader support (#1347)
    * completed support for UTF-8 encoding conversion (#1389)
    * minor API enhancements (#1258, #1405)
    * support for system extended attributes (#1409)
    * support for decompression of symbolic links in zipx archives (#1435)
    Important bugfixes
    * fixed extraction of archives with hard links pointing to itself (#1381)
    * cpio fixes (#1387, #1388)
    * fixed uninitialized size in rar5_read_data (#1408)
    * fixed memory leaks in error case of archive_write_open() functions (#1456)
  - Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream.
* Mon Sep 07 2020 andreas.stieger@gmx.de
  - fix build with binutils submitted to Factory, adding upstream
    libarchive-3.4.3-fix_test_write_disk_secure.patch
* Wed May 20 2020 idonmez@suse.com
  - Update to version 3.4.3
    * support for pzstd compressed files (#1357)
    * support for RHT.security.selinux tar extended attribute (#1348)
    * various zstd fixes and improvements (#1342 #1352 #1359)
    * child process handling fixes (#1372)
* Tue Feb 18 2020 idonmez@suse.com
  - Switch back to cmake build now that cmake-mini exists, this will
    no longer create a build-cycle.
* Wed Feb 12 2020 idonmez@suse.com
  - Update to version 3.4.2
    New features:
    * support for atomic file extraction (bsdtar -x --safe-writes) (#1289)
    * support for mbed TLS (PolarSSL) (#1301)
    Important bugfixes:
    * security fixes in RAR5 reader (#1280 #1326)
    * compression buffer fix in XAR writer (#1317)
    * fix uname and gname longer than 32 characters in PAX writer (#1319)
    * fix segfault when archiving hard links in ISO9660 and XAR writers (#1325)
    * fix support for extracting 7z archive entries with Delta filter (#987)
* Mon Dec 30 2019 idonmez@suse.com
  - Revert back to autoconf, cmake introduces a cycle. Leave cmake
    patches in since they are basically correct and might be useful
    in the future.
* Mon Dec 30 2019 idonmez@suse.com
  - Update to version 3.4.1
    New features:
    * Unicode filename support for reading lha/lzh archives
    * New pax write option "xattrhdr"
    Important bugfixes:
    * security fixes in wide string processing (#1276 #1298)
    * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221
    * security fixes and optimizations to write filter logic (#351)
    * security fix related to use of readlink(2) (1dae5a5)
    * sparse file handling fixes (#1218 #1260)
  - Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream
* Fri Nov 22 2019 adrian@suse.de
  - fix bsc#1157569
    CVE-2019-19221.patch out-of-bounds read in libarchive
* Sun Aug 18 2019 idonmez@suse.com
  - Switch to cmake build
  - Add lib-suffix.patch to honor LIB_SUFFIX
  - Add fix-zstd-test.patch to fix zstd test
  - Add fix-soversion.patch to fix the soversion to 13 as autotools
* Thu Jun 20 2019 idonmez@suse.com
  - Add lz4 and zstd support
  - Add BuildRequires on liblz4-devel and libzstd-devel
* Thu Jun 13 2019 idonmez@suse.com
  - Update to version 3.4.0
    * Support for file and directory symlinks on Windows
    * Read support for RAR 5.0 archives
    * Read support for ZIPX archives with xz, lzma, ppmd8 and
      bzip2 compression
    * Support for non-recursive list and extract
    * New tar option: --exclude-vcs
    * Improved file attribute support on Linux and file flags support
      on FreeBSD
    * Fix reading Android APK archives (#1055 )
    * Fix problems related to unreadable directories (#1167)
    * A two-digit number of OSS-Fuzz issues was resolved in this release
      including CVE-2019-18408
  - Add libarchive.keyring and validate the tarball signature
  - Drop all security patches, fixed upstream:
    * CVE-2018-1000877.patch
    * CVE-2018-1000878.patch
    * CVE-2018-1000879.patch
    * CVE-2018-1000880.patch
    * CVE-2019-1000019.patch
    * CVE-2019-1000020.patch
* Tue Feb 05 2019 adrian@suse.de
  - Added patches:
    * CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
    * CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)
* Thu Jan 03 2019 kbabioch@suse.de
  - Added patches:
    * CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR
      decoder (CVE-2018-1000877 bsc#1120653)
    * CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR
      decoder (CVE-2018-1000878 bsc#1120654)
    * CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference
      vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
    * CVE-2018-1000880.patch, which fixes an improper input validation
      vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)
  - Make use of %license macro
  - Applied spec-cleaner
* Tue Sep 18 2018 jengelh@inai.de
  - Fix RPM groups. Remove idempotent %if..%endif guards.
    Diversify summaries. Set CFLAGS instead of re-defining
    optflags with itself.
* Fri Sep 14 2018 adrian@suse.de
  - update to version 3.3.3
    * Avoid super-linear slowdown on malformed mtree files
    * Many fixes for building with Visual Studio
    * NO_OVERWRITE doesn't change existing directory attributes
    * New support for Zstandard read and write filters
  - Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503
  - fix-CVE-2017-14166.patch is obsolete
* Thu Sep 07 2017 adrian@suse.de
  - update to version 3.3.2
    * NFSv4 ACL support for Linux (librichacl)
  - fix-CVE-2017-14166.patch (boo#1057514)
* Mon Apr 03 2017 adrian@suse.de
  - update to version 3.3.1
    * Security & Feature release
      Details are not documented from upstream yet
      fix-extract-over-links.patch and libarchive-openssl.patch obsoleted
* Fri Dec 02 2016 adrian@suse.com
  - fix extracting over symlinks: fix-extract-over-links.patch
    the problem is solved upstream different, but git master
    is too different atm.
* Wed Oct 26 2016 adrian@suse.com
  - update to version 3.2.2
    Unspecified security fixes, but at least:
    * CVE-2016-8687
    * CVE-2016-8689
    * CVE-2016-8688
    * CVE-2016-5844
    * CVE-2016-6250
    * CVE-2016-5418
  - obsoletes fix-build.patch
* Sat Jul 23 2016 dmueller@suse.com
  - make bsdtar require a matching libarchive version to avoid
    missing symbol errors
* Mon Jun 20 2016 adrian@suse.de
  - update to version 3.2.1
    Fixes a number of security issues:
      CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300
  - and fixing the build (fix-build.patch)
* Thu Jun 16 2016 adrian@suse.de
  - limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990)
    CVE-2016-4809.patch
* Mon May 09 2016 adrian@suse.de
  - 4GB _constraints for ppc64le only, it would break other archs
  - update to version 3.2.0
    * Fixes CVE-2016-1541
    * Fixes CVE-2015-8928
    * changes are only documented in git history
    * updated openssl patch
    * new bsdcat utility
  - removed obsolete patches for:
    * CVE-2013-0211.patch
    * directory-traversal-fix.patch
    * libarchive-xattr.patch
* Fri May 06 2016 normand@linux.vnet.ibm.com
  - add _constraints memory 4096MB to avoid ppc64le build failure
* Sat Sep 19 2015 astieger@suse.com
  - build static lib on RHEL 7
* Sun Mar 22 2015 astieger@suse.com
  - RHEL/CentOS build fix, skipping autoreconf
* Sun Mar 15 2015 astieger@suse.com
  - add CVE for previous change
* Thu Mar 05 2015 adrian@suse.com
  - fix a directory traversal in cpio tool (bnc#920870)
    directory-traversal-fix.patch CVE-2015-2304
* Tue Nov 11 2014 jsegitz@novell.com
  - Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)

Files

/usr/bin/bsdcat
/usr/bin/bsdcpio
/usr/bin/bsdtar
/usr/bin/bsdunzip
/usr/share/man/man1/bsdcat.1.gz
/usr/share/man/man1/bsdcpio.1.gz
/usr/share/man/man1/bsdtar.1.gz
/usr/share/man/man1/bsdunzip.1.gz
/usr/share/man/man5/libarchive-formats.5.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 20:06:21 2024