Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libarchive13-3.7.7-1.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: libarchive13 Distribution: openSUSE:Factory:zSystems
Version: 3.7.7 Vendor: openSUSE
Release: 1.1 Build date: Thu Oct 17 10:41:56 2024
Group: System/Libraries Build host: reproducible
Size: 967955 Source RPM: libarchive-3.7.7-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.libarchive.org/
Summary: Library to work with several different streaming archive formats
Libarchive is a programming library that can create and read several
different streaming archive formats, including most popular tar
variants and several cpio formats. It can also write shar archives and
read ISO-9660 CDROM images. The bsdtar program is an implementation of
tar(1) that is built on top of libarchive. It started as a test
harness, but has grown and is now the standard system tar for FreeBSD 5
and 6.

The libarchive library offers a number of features that make it both
very flexible and very powerful.

- Automatic format detection: libarchive can automatically determine
   both the compression and the archive format, regardless of the
   data source. Most tar implementations do not automatically detect
   the compression format, few implementation that can correctly do
   this when reading from stdin or a socket. (The tar program
   included with Gunnar Ritter's heirloom collection also does full
   automatic format detection.)

- Writes POSIX formats: libarchive writes POSIX-standard formats,
   including "ustar," "pax interchange format," and the POSIX "cpio"
   format.

- Supports pax interchange format: Pax interchange format (which,
   despite the name, is really an extended tar format) eliminates
   almost all limitations of historic tar formats and provides a
   standard method for incorporating vendor-specific extensions.
   libarchive exploits this extension mechanism to support ACLs and
   file flags, for example. (Joerg Schilling's star archiver is
   another open-source tar program that supports pax interchange
   format.)

- Reads popular formats: libarchive can read GNU tar, ustar, pax
   interchange format, cpio, and older tar variants. The internal
   architecture is easily extensible. The only requirement for
   support is that it be possible to read the format without seeking
   in the file. (For example, a format that includes a compressed
   size field before the data cannot be correctly written without
   seeking.)

- High-Level API: the libarchive API makes it fairly simple to build
   an archive from a list of filenames or to extract the entries
   from an archive. However, the API also provides extreme
   flexibility with regards to data sources. For example, there are
   generic hooks that allow you to write an archive to a socket or
   read data from an archive entry into a memory buffer.

- Extensible. The internal design uses generic interfaces for
compression, archive format detection and decoding, and archive data
I/O. It should be very easy to add new formats, new compression
methods, or new ways of reading/writing archives.

Provides

Requires

License

BSD-2-Clause

Changelog

* Thu Oct 17 2024 Antonio Teixeira <antonio.teixeira@suse.com>
  - Update to 3.7.7:
    * gzip: prevent a hang when processing a malformed gzip inside a gzip
    * tar: don't crash on truncated tar archives
    * tar: fix two leaks in tar header parsing
    * 7-zip: read/write symlink paths as UTF-8
    * cpio: exit with an error code if an entry could not be extracted
    * rar5: report encrypted entries
    * tar: fix truncation of entry pathnames in specific archives
* Fri Sep 27 2024 Antonio Teixeira <antonio.teixeira@suse.com>
  - Update to 3.7.6:
    * tar: clean up linkpath between entries
    * tar: fix memory leaks when processing symlinks or parsing pax headers
    * iso: be more cautious about parsing ISO-9660 timestamps
  - Version 3.7.5 changes:
    * fix multiple vulnerabilities identified by SAST
    * cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
    * lzop: prevent integer overflow
    * rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971)
    * rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972)
    * rar4: fix OOB in delta and audio filter
    * rar4: fix out of boundary access with large files
    * rar4: add boundary checks to rgb filter
    * rar4: fix OOB access with unicode filenames
    * rar5: clear 'data ready' cache on window buffer reallocs
    * rpm: calculate huge header sizes correctly
    * unzip: unify EOF handling
    * util: fix out of boundary access in mktemp functions
    * uu: stop processing if lines are too long
    * 7zip: fix issue when skipping first file in 7zip archive that is a multiple
      of 65536 bytes
    * ar: fix archive entries having no type
    * lha: do not allow negative file sizes
    * lha: fix integer truncation on 32-bit systems
    * shar: check strdup return value
    * rar5: don't try to read rediculously long names
    * xar: fix another infinite loop and expat error handling
    * many Windows fixes, cleanups and improvements
  - Drop fix-soversion.patch, fix-bsdunzip-test.patch
    * Fixed upstream
* Thu Jun 20 2024 Antonio Teixeira <antonio.teixeira@suse.com>
  - Update lib-suffix.patch
    * Add LIB_SUFFIX to libdir path in the pkg-config file
* Wed May 22 2024 Danilo Spinella <danilo.spinella@suse.com>
  - Fix bsdunzip test failing due to a locale issue
    * fix-bsdunzip-test.patch
* Tue Apr 30 2024 Danilo Spinella <danilo.spinella@suse.com>
  - Update to 3.7.4:
    * rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911)
    * zip: Fix out of boundary access
    * 7zip: Limit amount of properties
    * bsdtar: Fix error handling around strtol() usages
    * passphrase: Improve newline handling on Windows
    * passphrase: Never allow empty passwords
    * rar: Fix "File CRC Error" when extracting specific rar4 archives
    * xar: Avoid infinite link loop
    * zip: Update AppleDouble support for directories
    * zstd: Implement core detection
  - Update to 3.7.3:
    * PCRE2 support
    * add trailing letter b to bsdtar(1) substitute pattern
    * add support for long options "--group" and "--owner" to tar(1)
    * Fix possible vulnerability in tar error reporting introduced in f27c173
    * ISO9660: preserve the natural order of links
    * rar5: fix decoding unicode filenames on Windows
    * rar5: fix infinite loop if during rar5 decompression the last block produced no data
    * xz filter: fix incorrect eof at the end of an lzip member
    * zip: fix end-of-data marker processing when decompressing zip archives
    * multiple bsdunzip(1) fixes
    * filetime truncation fix on Windows
  - Fix rpmlint warning about summary being too long
* Fri Dec 29 2023 Dirk Müller <dmueller@suse.com>
  - skip write tests on 32bit, they OOM
* Sun Sep 17 2023 Dirk Müller <dmueller@suse.com>
  - update to 3.7.2:
    * Multiple vulnerabilities have been fixed in the PAX writer
    * bsdunzip(1) now correctly handles arguments following an
    - x after the zipfile
    * zstd filter now supports the "long" write option
    * SEGV and stack buffer overflow in verbose mode of cpio
    * bsdunzip updated to match latest upstream code
    * miscellaneous functional bugfixes
* Mon Jul 24 2023 Bernhard Wiedemann <bwiedemann@suse.com>
  - update to 3.7.0
    * bsdunzip port from FreeBSD
    * fix 2 year 2038 issues
* Fri Dec 23 2022 Dirk Müller <dmueller@suse.com>
  - update to 3.6.2 (bsc#1205629, CVE-2022-36227)
    * NULL pointer dereference vulnerability in archive_write.c
    * include ZSTD in Windows builds (#1688)
    * SSL fixes on Windows (#1714, #1723, #1724)
    * rar5 reader: fix possible garbled output with bsdtar -O (#1745)
    * mtree reader: support reading mtree files with tabs (#1783)
    * various small fixes for issues found by CodeQL
  - Drop upstream merged CVE-2022-36227.patch
* Tue Nov 22 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2022-36227, Handle a calloc returning NULL
    (CVE-2022-36227, bsc#1205629)
    * CVE-2022-36227.patch
* Fri Apr 08 2022 Dirk Müller <dmueller@suse.com>
  - update to 3.6.1:
    * 7zip reader: fix PPMD read beyond boundary (#1671)
    * ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
    * ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
    * RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
    * fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
    * fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
    * fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
  - Drop upstream merged fix-CVE-2022-26280.patch
* Thu Apr 07 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
    (CVE-2022-26280, bsc#1197634)
    * fix-CVE-2022-26280.patch
* Thu Feb 24 2022 Ferdinand Thiessen <rpm@fthiessen.de>
  - Update to 3.6.0
    * Fix use-after-free bug (CVE-2021-36976)
    * tar: new option "--no-read-sparse"
    * tar: threads support for zstd
    * RAR reader: filter support
    * RAR5 reader: self-extracting archive support
    * ZIP reader: zstd decompression support
    * tar: respect "--ignore-zeros" in c, r and u modes
    * reduced size of application binaries
    * internal code optimizations
  - Drop upstream merged:
    * fix-following-symlinks.patch
    * fix-CVE-2021-36976.patch
* Wed Feb 23 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2021-36976 use-after-free in copy_string
    (CVE-2021-36976, bsc#1188572)
    * fix-CVE-2021-36976.patch
  - The following issues have already been fixed in this package but
    weren't previously mentioned in the changes file:
    CVE-2017-5601, bsc#1022528, bsc#1189528
* Mon Nov 29 2021 Adrian Schröter <adrian@suse.de>
  - fix permission settings on following symlinks (fix-following-symlinks.patch)
    this fixes also wrong permissions of /var/tmp in factory systems
    CVE-2021-31566
* Sun Nov 07 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - update to 3.5.2:
    * CPIO: Support for PWB and v7 binary cpio formats
    * ZIP reader: Support of deflate algorithm in symbolic link decompression
    * security: fix handling of symbolic link ACLs on Linux (boo#1192425)
    * security: never follow symlinks when setting file flags on Linux (boo#1192426)
    * security: do not follow symlinks when processing the fixup list (boo#1192427)
    * fix extraction of hardlinks to symlinks
    * 7zip reader and writer fixes
    * RAR reader fixes
    * ZIP reader: fix excessive read for padded zip
    * CAB reader: fix double free
    * handle short writes from archive_write_callback
  - Drop upstream mereged:
    * CVE-2021-23177.patch
    * CVE-2021-31566.patch
    * bsc1192427.patch
* Thu Oct 21 2021 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2021-31566, modifies file flags of symlink target
    (CVE-2021-31566, bsc#1192426.patch)
    CVE-2021-31566.patch
  - Fix bsc#1192427, processing fixup entries may follow symbolic links
    bsc1192427.patch
* Sun Sep 12 2021 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
    (CVE-2021-23177, bsc#1192425)
    * CVE-2021-23177.patch
* Wed Jan 06 2021 Dirk Müller <dmueller@suse.com>
  - update to 3.5.1:
    * various compilation fixes (#1461, #1462, #1463, #1464)
    * fixed undefined behavior in a function in warc reader (#1465)

Files

/usr/lib64/libarchive.so.13
/usr/lib64/libarchive.so.13.7.7
/usr/share/doc/packages/libarchive13
/usr/share/doc/packages/libarchive13/NEWS
/usr/share/licenses/libarchive13
/usr/share/licenses/libarchive13/COPYING


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Dec 4 00:10:59 2024