# # spec file for package libarchive # # Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define somajor 13 %define libname libarchive%{somajor} %if 0%{?centos_version} || 0%{?rhel_version} %if 0%{?centos_version} <= 600 || 0%{?rhel_version <= 700} %bcond_without static_libs %bcond_with openssl %bcond_with ext2fs %endif %else %bcond_with static_libs %bcond_without openssl %bcond_without ext2fs %endif Name: libarchive Version: 3.7.7 Release: 3.1 Summary: Utility and C library to create and read several streaming archive formats License: BSD-2-Clause Group: Productivity/Archiving/Compression URL: https://www.libarchive.org/ Source0: https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.xz Source1: https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.xz.asc Source2: libarchive.keyring Source1000: baselibs.conf Patch1: lib-suffix.patch # PATCH-FIX-UPSTREAM CVE-2024-57970.patch bsc#1237233 antonio.teixeira@suse.com Patch2: CVE-2024-57970.patch # PATCH-FIX-UPSTREAM bsc#1238610 marius.grossu@suse.com CVE-2025-25724 Patch3: CVE-2025-25724.patch # PATCH-FIX-UPSTREAM bsc#1237606 marius.grossu@suse.com CVE-2025-1632 Patch4: CVE-2025-1632.patch BuildRequires: cmake BuildRequires: libacl-devel BuildRequires: libbz2-devel BuildRequires: liblz4-devel BuildRequires: libtool BuildRequires: libxml2-devel BuildRequires: libzstd-devel BuildRequires: ninja BuildRequires: pkgconfig BuildRequires: xz-devel BuildRequires: zlib-devel %if %{with ext2fs} BuildRequires: libext2fs-devel %endif %if %{with openssl} BuildRequires: libopenssl-devel %endif %description Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants and several cpio formats. It can also write shar archives and read ISO-9660 CDROM images. The bsdtar program is an implementation of tar(1) that is built on top of libarchive. It started as a test harness, but has grown and is now the standard system tar for FreeBSD 5 and 6. This package contains the bsdtar cmdline utility. %package -n bsdtar Summary: Utility to read several different streaming archive formats Group: Productivity/Archiving/Compression Requires: %{libname} >= %{version} %description -n bsdtar This package contains the bsdtar cmdline utility. %package -n %{libname} Summary: Library to work with several different streaming archive formats Group: System/Libraries %description -n %{libname} Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants and several cpio formats. It can also write shar archives and read ISO-9660 CDROM images. The bsdtar program is an implementation of tar(1) that is built on top of libarchive. It started as a test harness, but has grown and is now the standard system tar for FreeBSD 5 and 6. The libarchive library offers a number of features that make it both very flexible and very powerful. - Automatic format detection: libarchive can automatically determine both the compression and the archive format, regardless of the data source. Most tar implementations do not automatically detect the compression format, few implementation that can correctly do this when reading from stdin or a socket. (The tar program included with Gunnar Ritter's heirloom collection also does full automatic format detection.) - Writes POSIX formats: libarchive writes POSIX-standard formats, including "ustar," "pax interchange format," and the POSIX "cpio" format. - Supports pax interchange format: Pax interchange format (which, despite the name, is really an extended tar format) eliminates almost all limitations of historic tar formats and provides a standard method for incorporating vendor-specific extensions. libarchive exploits this extension mechanism to support ACLs and file flags, for example. (Joerg Schilling's star archiver is another open-source tar program that supports pax interchange format.) - Reads popular formats: libarchive can read GNU tar, ustar, pax interchange format, cpio, and older tar variants. The internal architecture is easily extensible. The only requirement for support is that it be possible to read the format without seeking in the file. (For example, a format that includes a compressed size field before the data cannot be correctly written without seeking.) - High-Level API: the libarchive API makes it fairly simple to build an archive from a list of filenames or to extract the entries from an archive. However, the API also provides extreme flexibility with regards to data sources. For example, there are generic hooks that allow you to write an archive to a socket or read data from an archive entry into a memory buffer. - Extensible. The internal design uses generic interfaces for compression, archive format detection and decoding, and archive data I/O. It should be very easy to add new formats, new compression methods, or new ways of reading/writing archives. %package -n libarchive-devel Summary: Development files for libarchive Group: Development/Libraries/C and C++ Requires: %{libname} = %{version} Requires: glibc-devel %description -n libarchive-devel Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants and several cpio formats. It can also write shar archives and read ISO-9660 CDROM images. The bsdtar program is an implementation of tar(1) that is built on top of libarchive. It started as a test harness, but has grown and is now the standard system tar for FreeBSD 5 and 6. This package contains the development files. %package static-devel Summary: Static library for libarchive Group: Development/Libraries/C and C++ Requires: %{name}-devel = %{version} %description static-devel Static library for libarchive %prep %setup -q %autopatch -p1 %build %define __builder ninja %cmake %cmake_build %check exclude="" %ifarch %arm %ix86 ppc s390 exclude="-E test_write_filter" %endif %ctest $exclude %install %cmake_install find %{buildroot} -type f -name "*.la" -delete -print rm "%{buildroot}%{_libdir}/libarchive.a" rm "%{buildroot}%{_mandir}/man5/"{tar,cpio,mtree}.5* sed -i -e '/Libs.private/d' %{buildroot}%{_libdir}/pkgconfig/libarchive.pc %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig %files -n bsdtar %{_bindir}/bsdcat %{_bindir}/bsdcpio %{_bindir}/bsdtar %{_bindir}/bsdunzip %{_mandir}/man1/* %{_mandir}/man5/* %files -n %{libname} %license COPYING %doc NEWS %{_libdir}/libarchive.so.* %files -n libarchive-devel %doc examples/ %{_mandir}/man3/* %{_libdir}/libarchive.so %{_includedir}/archive* %{_libdir}/pkgconfig/libarchive.pc %if %{with static_libs} %files static-devel %{_libdir}/%{name}.a %endif %changelog * Tue Mar 11 2025 Marius Grossu - Fix CVE-2025-1632, null pointer dereference in bsdunzip.c (CVE-2025-1632, bsc#1237606) * CVE-2025-1632.patch - Fix CVE-2025-25724, Buffer Overflow vulnerability in libarchive (CVE-2025-25724, bsc#1238610) * CVE-2025-25724.patch * Tue Feb 25 2025 Antonio Teixeira - Fix CVE-2024-57970, heap-based buffer over-read in header_gnu_longlink because it mishandles truncation (CVE-2024-57970, bsc#1237233) * CVE-2024-57970.patch * Thu Oct 17 2024 Antonio Teixeira - Update to 3.7.7: * gzip: prevent a hang when processing a malformed gzip inside a gzip * tar: don't crash on truncated tar archives * tar: fix two leaks in tar header parsing * 7-zip: read/write symlink paths as UTF-8 * cpio: exit with an error code if an entry could not be extracted * rar5: report encrypted entries * tar: fix truncation of entry pathnames in specific archives * Fri Sep 27 2024 Antonio Teixeira - Update to 3.7.6: * tar: clean up linkpath between entries * tar: fix memory leaks when processing symlinks or parsing pax headers * iso: be more cautious about parsing ISO-9660 timestamps - Version 3.7.5 changes: * fix multiple vulnerabilities identified by SAST * cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing * lzop: prevent integer overflow * rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971) * rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972) * rar4: fix OOB in delta and audio filter * rar4: fix out of boundary access with large files * rar4: add boundary checks to rgb filter * rar4: fix OOB access with unicode filenames * rar5: clear 'data ready' cache on window buffer reallocs * rpm: calculate huge header sizes correctly * unzip: unify EOF handling * util: fix out of boundary access in mktemp functions * uu: stop processing if lines are too long * 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes * ar: fix archive entries having no type * lha: do not allow negative file sizes * lha: fix integer truncation on 32-bit systems * shar: check strdup return value * rar5: don't try to read rediculously long names * xar: fix another infinite loop and expat error handling * many Windows fixes, cleanups and improvements - Drop fix-soversion.patch, fix-bsdunzip-test.patch * Fixed upstream * Thu Jun 20 2024 Antonio Teixeira - Update lib-suffix.patch * Add LIB_SUFFIX to libdir path in the pkg-config file * Wed May 22 2024 Danilo Spinella - Fix bsdunzip test failing due to a locale issue * fix-bsdunzip-test.patch * Tue Apr 30 2024 Danilo Spinella - Update to 3.7.4: * rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911) * zip: Fix out of boundary access * 7zip: Limit amount of properties * bsdtar: Fix error handling around strtol() usages * passphrase: Improve newline handling on Windows * passphrase: Never allow empty passwords * rar: Fix "File CRC Error" when extracting specific rar4 archives * xar: Avoid infinite link loop * zip: Update AppleDouble support for directories * zstd: Implement core detection - Update to 3.7.3: * PCRE2 support * add trailing letter b to bsdtar(1) substitute pattern * add support for long options "--group" and "--owner" to tar(1) * Fix possible vulnerability in tar error reporting introduced in f27c173 * ISO9660: preserve the natural order of links * rar5: fix decoding unicode filenames on Windows * rar5: fix infinite loop if during rar5 decompression the last block produced no data * xz filter: fix incorrect eof at the end of an lzip member * zip: fix end-of-data marker processing when decompressing zip archives * multiple bsdunzip(1) fixes * filetime truncation fix on Windows - Fix rpmlint warning about summary being too long * Fri Dec 29 2023 Dirk Müller - skip write tests on 32bit, they OOM * Sun Sep 17 2023 Dirk Müller - update to 3.7.2: * Multiple vulnerabilities have been fixed in the PAX writer * bsdunzip(1) now correctly handles arguments following an - x after the zipfile * zstd filter now supports the "long" write option * SEGV and stack buffer overflow in verbose mode of cpio * bsdunzip updated to match latest upstream code * miscellaneous functional bugfixes * Mon Jul 24 2023 Bernhard Wiedemann - update to 3.7.0 * bsdunzip port from FreeBSD * fix 2 year 2038 issues * Fri Dec 23 2022 Dirk Müller - update to 3.6.2 (bsc#1205629, CVE-2022-36227) * NULL pointer dereference vulnerability in archive_write.c * include ZSTD in Windows builds (#1688) * SSL fixes on Windows (#1714, #1723, #1724) * rar5 reader: fix possible garbled output with bsdtar -O (#1745) * mtree reader: support reading mtree files with tabs (#1783) * various small fixes for issues found by CodeQL - Drop upstream merged CVE-2022-36227.patch * Tue Nov 22 2022 Danilo Spinella - Fix CVE-2022-36227, Handle a calloc returning NULL (CVE-2022-36227, bsc#1205629) * CVE-2022-36227.patch * Fri Apr 8 2022 Dirk Müller - update to 3.6.1: * 7zip reader: fix PPMD read beyond boundary (#1671) * ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672) * ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685) * RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0) * fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50) * fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77) * fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715) - Drop upstream merged fix-CVE-2022-26280.patch * Thu Apr 7 2022 Danilo Spinella - Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init (CVE-2022-26280, bsc#1197634) * fix-CVE-2022-26280.patch * Thu Feb 24 2022 Ferdinand Thiessen - Update to 3.6.0 * Fix use-after-free bug (CVE-2021-36976) * tar: new option "--no-read-sparse" * tar: threads support for zstd * RAR reader: filter support * RAR5 reader: self-extracting archive support * ZIP reader: zstd decompression support * tar: respect "--ignore-zeros" in c, r and u modes * reduced size of application binaries * internal code optimizations - Drop upstream merged: * fix-following-symlinks.patch * fix-CVE-2021-36976.patch * Wed Feb 23 2022 Danilo Spinella - Fix CVE-2021-36976 use-after-free in copy_string (CVE-2021-36976, bsc#1188572) * fix-CVE-2021-36976.patch - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2017-5601, bsc#1022528, bsc#1189528 * Mon Nov 29 2021 Adrian Schröter - fix permission settings on following symlinks (fix-following-symlinks.patch) this fixes also wrong permissions of /var/tmp in factory systems CVE-2021-31566 * Sun Nov 7 2021 Andreas Stieger - update to 3.5.2: * CPIO: Support for PWB and v7 binary cpio formats * ZIP reader: Support of deflate algorithm in symbolic link decompression * security: fix handling of symbolic link ACLs on Linux (boo#1192425) * security: never follow symlinks when setting file flags on Linux (boo#1192426) * security: do not follow symlinks when processing the fixup list (boo#1192427) * fix extraction of hardlinks to symlinks * 7zip reader and writer fixes * RAR reader fixes * ZIP reader: fix excessive read for padded zip * CAB reader: fix double free * handle short writes from archive_write_callback - Drop upstream mereged: * CVE-2021-23177.patch * CVE-2021-31566.patch * bsc1192427.patch * Thu Oct 21 2021 Danilo Spinella - Fix CVE-2021-31566, modifies file flags of symlink target (CVE-2021-31566, bsc#1192426.patch) CVE-2021-31566.patch - Fix bsc#1192427, processing fixup entries may follow symbolic links bsc1192427.patch * Sun Sep 12 2021 Danilo Spinella - Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target (CVE-2021-23177, bsc#1192425) * CVE-2021-23177.patch * Wed Jan 6 2021 Dirk Müller - update to 3.5.1: * various compilation fixes (#1461, #1462, #1463, #1464) * fixed undefined behavior in a function in warc reader (#1465) * Tue Dec 1 2020 Ismail Dönmez - Update to version 3.5.0 New features: * mtree digest reader support (#1347) * completed support for UTF-8 encoding conversion (#1389) * minor API enhancements (#1258, #1405) * support for system extended attributes (#1409) * support for decompression of symbolic links in zipx archives (#1435) Important bugfixes * fixed extraction of archives with hard links pointing to itself (#1381) * cpio fixes (#1387, #1388) * fixed uninitialized size in rar5_read_data (#1408) * fixed memory leaks in error case of archive_write_open() functions (#1456) - Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream. * Mon Sep 7 2020 Andreas Stieger - fix build with binutils submitted to Factory, adding upstream libarchive-3.4.3-fix_test_write_disk_secure.patch * Wed May 20 2020 Ismail Dönmez - Update to version 3.4.3 * support for pzstd compressed files (#1357) * support for RHT.security.selinux tar extended attribute (#1348) * various zstd fixes and improvements (#1342 #1352 #1359) * child process handling fixes (#1372) * Tue Feb 18 2020 Ismail Dönmez - Switch back to cmake build now that cmake-mini exists, this will no longer create a build-cycle. * Wed Feb 12 2020 Ismail Dönmez - Update to version 3.4.2 New features: * support for atomic file extraction (bsdtar -x --safe-writes) (#1289) * support for mbed TLS (PolarSSL) (#1301) Important bugfixes: * security fixes in RAR5 reader (#1280 #1326) * compression buffer fix in XAR writer (#1317) * fix uname and gname longer than 32 characters in PAX writer (#1319) * fix segfault when archiving hard links in ISO9660 and XAR writers (#1325) * fix support for extracting 7z archive entries with Delta filter (#987) * Mon Dec 30 2019 Ismail Dönmez - Revert back to autoconf, cmake introduces a cycle. Leave cmake patches in since they are basically correct and might be useful in the future. * Mon Dec 30 2019 Ismail Dönmez - Update to version 3.4.1 New features: * Unicode filename support for reading lha/lzh archives * New pax write option "xattrhdr" Important bugfixes: * security fixes in wide string processing (#1276 #1298) * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221 * security fixes and optimizations to write filter logic (#351) * security fix related to use of readlink(2) (1dae5a5) * sparse file handling fixes (#1218 #1260) - Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream * Fri Nov 22 2019 Adrian Schröter - fix bsc#1157569 CVE-2019-19221.patch out-of-bounds read in libarchive * Sun Aug 18 2019 Ismail Dönmez - Switch to cmake build - Add lib-suffix.patch to honor LIB_SUFFIX - Add fix-zstd-test.patch to fix zstd test - Add fix-soversion.patch to fix the soversion to 13 as autotools * Thu Jun 20 2019 Ismail Dönmez - Add lz4 and zstd support - Add BuildRequires on liblz4-devel and libzstd-devel * Thu Jun 13 2019 Ismail Dönmez - Update to version 3.4.0 * Support for file and directory symlinks on Windows * Read support for RAR 5.0 archives * Read support for ZIPX archives with xz, lzma, ppmd8 and bzip2 compression * Support for non-recursive list and extract * New tar option: --exclude-vcs * Improved file attribute support on Linux and file flags support on FreeBSD * Fix reading Android APK archives (#1055 ) * Fix problems related to unreadable directories (#1167) * A two-digit number of OSS-Fuzz issues was resolved in this release including CVE-2019-18408 - Add libarchive.keyring and validate the tarball signature - Drop all security patches, fixed upstream: * CVE-2018-1000877.patch * CVE-2018-1000878.patch * CVE-2018-1000879.patch * CVE-2018-1000880.patch * CVE-2019-1000019.patch * CVE-2019-1000020.patch * Tue Feb 5 2019 Adrian Schröter - Added patches: * CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341) * CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342) * Thu Jan 3 2019 Karol Babioch - Added patches: * CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR decoder (CVE-2018-1000877 bsc#1120653) * CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR decoder (CVE-2018-1000878 bsc#1120654) * CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656) * CVE-2018-1000880.patch, which fixes an improper input validation vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659) - Make use of %%license macro - Applied spec-cleaner * Tue Sep 18 2018 Jan Engelhardt - Fix RPM groups. Remove idempotent %%if..%%endif guards. Diversify summaries. Set CFLAGS instead of re-defining optflags with itself. * Fri Sep 14 2018 Adrian Schröter - update to version 3.3.3 * Avoid super-linear slowdown on malformed mtree files * Many fixes for building with Visual Studio * NO_OVERWRITE doesn't change existing directory attributes * New support for Zstandard read and write filters - Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503 - fix-CVE-2017-14166.patch is obsolete * Thu Sep 7 2017 adrian@suse.de - update to version 3.3.2 * NFSv4 ACL support for Linux (librichacl) - fix-CVE-2017-14166.patch (boo#1057514) * Mon Apr 3 2017 adrian@suse.de - update to version 3.3.1 * Security & Feature release Details are not documented from upstream yet fix-extract-over-links.patch and libarchive-openssl.patch obsoleted * Fri Dec 2 2016 adrian@suse.com - fix extracting over symlinks: fix-extract-over-links.patch the problem is solved upstream different, but git master is too different atm. * Wed Oct 26 2016 adrian@suse.com - update to version 3.2.2 Unspecified security fixes, but at least: * CVE-2016-8687 * CVE-2016-8689 * CVE-2016-8688 * CVE-2016-5844 * CVE-2016-6250 * CVE-2016-5418 - obsoletes fix-build.patch * Sat Jul 23 2016 dmueller@suse.com - make bsdtar require a matching libarchive version to avoid missing symbol errors * Mon Jun 20 2016 adrian@suse.de - update to version 3.2.1 Fixes a number of security issues: CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300 - and fixing the build (fix-build.patch) * Thu Jun 16 2016 adrian@suse.de - limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990) CVE-2016-4809.patch * Mon May 9 2016 adrian@suse.de - 4GB _constraints for ppc64le only, it would break other archs - update to version 3.2.0 * Fixes CVE-2016-1541 * Fixes CVE-2015-8928 * changes are only documented in git history * updated openssl patch * new bsdcat utility - removed obsolete patches for: * CVE-2013-0211.patch * directory-traversal-fix.patch * libarchive-xattr.patch * Fri May 6 2016 normand@linux.vnet.ibm.com - add _constraints memory 4096MB to avoid ppc64le build failure * Sat Sep 19 2015 astieger@suse.com - build static lib on RHEL 7 * Sun Mar 22 2015 astieger@suse.com - RHEL/CentOS build fix, skipping autoreconf * Sun Mar 15 2015 astieger@suse.com - add CVE for previous change * Thu Mar 5 2015 adrian@suse.com - fix a directory traversal in cpio tool (bnc#920870) directory-traversal-fix.patch CVE-2015-2304 * Tue Nov 11 2014 jsegitz@novell.com - Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024) * Wed May 28 2014 crrodriguez@opensuse.org - libarchive-xattr.patch, fix subtle wrong library check that causes this package to depend on libattr when it should be using glibc. * Sun Nov 24 2013 andreas.stieger@gmx.de - add optional -static-devel library package, intended to publish pixz for CentOS / RHEL, default off - skip some dependencies not required for pixz on CentOS / RHEL * Tue Aug 20 2013 crrodriguez@opensuse.org - remove artificial dependencies on libacl-devel, libbz2-devel, zlib-devel from libarchive-devel. * Mon Aug 19 2013 crrodriguez@opensuse.org - libarchive-openssl.patch: Call OPENSSL_config where needed, otherwise on systems configured to use openSSL engines such as via-padlock wont benefit from hardware acceleration. * Fri Aug 16 2013 andreas.stieger@gmx.de - update to 3.1.2 This is a maintenance update to fix issues with the new RAR seeking feature. - libarchive's new website moved to http://www.libarchive.org. * Sun Jun 16 2013 jengelh@inai.de - Explicitly list libattr-devel as BuildRequires (and sort those) * Wed Feb 13 2013 werner@suse.de - Use %%libname macro to be consistent throughout the spec file * Tue Feb 5 2013 p.drouand@gmail.com - Update to version 3.1.1: + Fix an issue with the soname versioning in builds of libarchive using cmake - Removed patchs; fixed and merged on upstream release: * libarchive-fix-checks.patch * libarchive-ppc64.patch - The soname has changed and pass to 13. * Thu Aug 23 2012 dvaleev@suse.com - libarchive-ppc64.patch: fix http://code.google.com/p/libarchive/issues/detail?id=277 test_option_b and test_option_nodump are failing on ppc64 * Thu Aug 9 2012 cfarrell@suse.com - license update: BSD-2-Clause The COPYING file shows that the package is predominantly BSD-2-Clause licensed * Tue Aug 7 2012 dimstar@opensuse.org - Update to version 3.0.4: + libarchive development moved to http://libarchive.github.com/ - Changes from version 3.0.2: + Various fixes merged from FreeBSD + Symlink support in Zip reader and writer + Robustness fixes to 7Zip reader - Changes from version 3.0.1b: + 7Zip reader + Small fixes to ISO and Zip to improve robustness with corrupted input + Improve streaming Zip reader's support for uncompressed entries + New seeking Zip reader supports SFX Zip archives + Build fixes on Windows - For more changes since 2.8.5, please see NEWS file - Update URL Tag to represent new home of the project. - Rename libarchive2 to libarchive12, following upstreams soname bumps. - Add libarchive-fix-checks.patch: Fix gcc 4.7 side effects. - Drop libarchive-test-fuzz.patch: fixed upstream. - Drop libarchive-ignore-sigpipe-in-test-suite.patch: fixed upstream. - Drop libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: upstream rejected the patch. Seems to be too theoretical problem. * Mon May 7 2012 werner@suse.de - Enforce usage of reentrant versions of libc functions * Mon Feb 13 2012 dvaleev@suse.com - fix failed tests on ppc * Wed Feb 8 2012 idonmez@suse.com - Use %%makeinstall to be SLES compatible * Thu Dec 22 2011 werner@suse.de - For SLES11 work around missing rpm macro * Tue Dec 6 2011 coolo@suse.com - rename main package to libarchive * Tue Dec 6 2011 coolo@suse.com - Update to libarchive 2.8.5 (from werner) * Fix issue 134: Improve handling of open failures * Fix issue 119: Relax ISO verification * Fix issue 121: mtree parsing * Fix extraction of GNU tar 'D' directory entries * Be less demanding in LZMA/XZ compression tests * Fri Sep 30 2011 coolo@suse.com - add baselibs.conf for PackageKit to use * Tue Apr 19 2011 idoenmez@novell.com - Add suport for xz and xar archives - Add libarchive-2.8.4-iso9660-data-types.patch: fix ISO9660 reader data type mismatches * Thu Nov 11 2010 puzel@novell.com - udpate to libarchive-2.8.4 - see /usr/share/doc/packages/libarchive2/NEWS for changes - drop libarchive-2.5.5_fix_testsuite.patch (upstream) - update libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch - clean up specfile - disable make check for now * Wed Jan 6 2010 jengelh@medozas.de - enable parallel building * Wed Oct 29 2008 mrueckert@suse.de - added libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: it can happen that your system at build times supports lutimes but later at runtime the needed syscall is missing. * Mon Sep 8 2008 mrueckert@suse.de - fix rm calls in %%install * Sat Sep 6 2008 mrueckert@suse.de - update to 2.5.5 This is a major version bump again: it incorporates lots of bugfixes and improvements. For all the details please see /usr/share/doc/packages/libarchive2/NEWS - drop the .la file - dropped patch libarchive-2.2.5_rpath.patch: no longer needed - added libarchive-2.5.5_fix_testsuite.patch: added missing mode to open() with O_CREAT * Wed Aug 15 2007 ro@suse.de - fix dependency of devel package * Tue Aug 7 2007 mrueckert@suse.de - restructured package: bsdtar is now the main package and libarchive2 and libarchive-devel the subpackages. This saves us a rename on soversion bumps. * Mon Jul 30 2007 mrueckert@suse.de - update to 2.2.5 (#291358) This is a major version bump. For a full list of all changes see /usr/share/doc/packages/libarchive/NEWS. Mostly notable this up- date includes the fixes for the following security bugs: Errors handling corrupt tar files in libarchive (CVE-2007-3641, CVE-2007-3644, CVE-2007-3645) - added libarchive-2.2.5_rpath.patch: dont set a rpath on the builddir. - no longer building the static lib * Thu Jun 7 2007 ro@suse.de - added ldconfig to post scripts - remove minitar objects (leave binary there for now) * Sun Apr 8 2007 mrueckert@suse.de - updated to 2.0.28 - removed all patches: included upstream * Sat Mar 24 2007 mrueckert@suse.de - require libbz2-devel on >= 10.3 * Sat Mar 24 2007 aj@suse.de - Change requires for libbz2 split. * Tue Mar 6 2007 mrueckert@suse.de - updated bsdtar-1.2.53_ext2_include.patch: the old fix was not complete and on newer glibc/kernel-headers it seems you need to include linux/fs.h explicitly new name: bsdtar-1.3.1_linux_fs_includes.patch - build with -fno-strict-aliasing * Fri Nov 10 2006 mrueckert@suse.de - added SA-06-24_libarchive.patch: fix DOS in libarchive (CVE-2006-5680) http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc * Fri Sep 22 2006 mrueckert@suse.de - update to version 1.3.1 * Thu Apr 27 2006 mrueckert@suse.de - updated to 1.2.53: Upstream merged the source tarball. Splitted of a bsdtar package * Mon Feb 27 2006 mrueckert@suse.de - fixed building of debuginfo package * Mon Feb 27 2006 mrueckert@suse.de - libarchive 1.2.38