Changelog for
bsdtar-3.3.3-119.1.x86_64.rpm :
* Tue Feb 05 2019 adrianAATTsuse.de- Added patches:
* CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
* CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)
* Thu Jan 03 2019 kbabiochAATTsuse.de- Added patches:
* CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR decoder (CVE-2018-1000877 bsc#1120653)
* CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR decoder (CVE-2018-1000878 bsc#1120654)
* CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
* CVE-2018-1000880.patch, which fixes an improper input validation vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)- Make use of %license macro- Applied spec-cleaner
* Tue Sep 18 2018 jengelhAATTinai.de- Fix RPM groups. Remove idempotent %if..%endif guards. Diversify summaries. Set CFLAGS instead of re-defining optflags with itself.
* Fri Sep 14 2018 adrianAATTsuse.de- update to version 3.3.3
* Avoid super-linear slowdown on malformed mtree files
* Many fixes for building with Visual Studio
* NO_OVERWRITE doesn\'t change existing directory attributes
* New support for Zstandard read and write filters- fix-CVE-2017-14166.patch is obsolete
* Thu Sep 07 2017 adrianAATTsuse.de- update to version 3.3.2
* NFSv4 ACL support for Linux (librichacl)- fix-CVE-2017-14166.patch (boo#1057514)
* Mon Apr 03 2017 adrianAATTsuse.de- update to version 3.3.1
* Security & Feature release Details are not documented from upstream yet fix-extract-over-links.patch and libarchive-openssl.patch obsoleted
* Fri Dec 02 2016 adrianAATTsuse.com- fix extracting over symlinks: fix-extract-over-links.patch the problem is solved upstream different, but git master is too different atm.
* Wed Oct 26 2016 adrianAATTsuse.com- update to version 3.2.2 Unspecified security fixes, but at least:
* CVE-2016-8687
* CVE-2016-8689
* CVE-2016-8688
* CVE-2016-5844
* CVE-2016-6250
* CVE-2016-5418- obsoletes fix-build.patch
* Sat Jul 23 2016 dmuellerAATTsuse.com- make bsdtar require a matching libarchive version to avoid missing symbol errors
* Mon Jun 20 2016 adrianAATTsuse.de- update to version 3.2.1 Fixes a number of security issues: CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300- and fixing the build (fix-build.patch)
* Thu Jun 16 2016 adrianAATTsuse.de- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990) CVE-2016-4809.patch
* Mon May 09 2016 adrianAATTsuse.de- 4GB _constraints for ppc64le only, it would break other archs- update to version 3.2.0
* Fixes CVE-2016-1541
* Fixes CVE-2015-8928
* changes are only documented in git history
* updated openssl patch
* new bsdcat utility- removed obsolete patches for:
* CVE-2013-0211.patch
* directory-traversal-fix.patch
* libarchive-xattr.patch
* Fri May 06 2016 normandAATTlinux.vnet.ibm.com- add _constraints memory 4096MB to avoid ppc64le build failure
* Sat Sep 19 2015 astiegerAATTsuse.com- build static lib on RHEL 7
* Sun Mar 22 2015 astiegerAATTsuse.com- RHEL/CentOS build fix, skipping autoreconf
* Sun Mar 15 2015 astiegerAATTsuse.com- add CVE for previous change
* Thu Mar 05 2015 adrianAATTsuse.com- fix a directory traversal in cpio tool (bnc#920870) directory-traversal-fix.patch CVE-2015-2304
* Tue Nov 11 2014 jsegitzAATTnovell.com- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)
* Wed May 28 2014 crrodriguezAATTopensuse.org- libarchive-xattr.patch, fix subtle wrong library check that causes this package to depend on libattr when it should be using glibc.
* Sun Nov 24 2013 andreas.stiegerAATTgmx.de- add optional -static-devel library package, intended to publish pixz for CentOS / RHEL, default off- skip some dependencies not required for pixz on CentOS / RHEL
* Tue Aug 20 2013 crrodriguezAATTopensuse.org- remove artificial dependencies on libacl-devel, libbz2-devel, zlib-devel from libarchive-devel.
* Mon Aug 19 2013 crrodriguezAATTopensuse.org- libarchive-openssl.patch: Call OPENSSL_config where needed, otherwise on systems configured to use openSSL engines such as via-padlock wont benefit from hardware acceleration.
* Fri Aug 16 2013 andreas.stiegerAATTgmx.de- update to 3.1.2 This is a maintenance update to fix issues with the new RAR seeking feature.- libarchive\'s new website moved to http://www.libarchive.org.
* Sun Jun 16 2013 jengelhAATTinai.de- Explicitly list libattr-devel as BuildRequires (and sort those)
* Wed Feb 13 2013 wernerAATTsuse.de- Use %libname macro to be consistent throughout the spec file
* Tue Feb 05 2013 p.drouandAATTgmail.com- Update to version 3.1.1: + Fix an issue with the soname versioning in builds of libarchive using cmake- Removed patchs; fixed and merged on upstream release:
* libarchive-fix-checks.patch
* libarchive-ppc64.patch- The soname has changed and pass to 13.
* Thu Aug 23 2012 dvaleevAATTsuse.com- libarchive-ppc64.patch: fix http://code.google.com/p/libarchive/issues/detail?id=277 test_option_b and test_option_nodump are failing on ppc64
* Thu Aug 09 2012 cfarrellAATTsuse.com- license update: BSD-2-Clause The COPYING file shows that the package is predominantly BSD-2-Clause licensed
* Tue Aug 07 2012 dimstarAATTopensuse.org- Update to version 3.0.4: + libarchive development moved to http://libarchive.github.com/- Changes from version 3.0.2: + Various fixes merged from FreeBSD + Symlink support in Zip reader and writer + Robustness fixes to 7Zip reader- Changes from version 3.0.1b: + 7Zip reader + Small fixes to ISO and Zip to improve robustness with corrupted input + Improve streaming Zip reader\'s support for uncompressed entries + New seeking Zip reader supports SFX Zip archives + Build fixes on Windows- For more changes since 2.8.5, please see NEWS file- Update URL Tag to represent new home of the project.- Rename libarchive2 to libarchive12, following upstreams soname bumps.- Add libarchive-fix-checks.patch: Fix gcc 4.7 side effects.- Drop libarchive-test-fuzz.patch: fixed upstream.- Drop libarchive-ignore-sigpipe-in-test-suite.patch: fixed upstream.- Drop libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: upstream rejected the patch. Seems to be too theoretical problem.
* Mon May 07 2012 wernerAATTsuse.de- Enforce usage of reentrant versions of libc functions
* Mon Feb 13 2012 dvaleevAATTsuse.com- fix failed tests on ppc
* Wed Feb 08 2012 idonmezAATTsuse.com- Use %makeinstall to be SLES compatible
* Thu Dec 22 2011 wernerAATTsuse.de- For SLES11 work around missing rpm macro
* Tue Dec 06 2011 cooloAATTsuse.com- rename main package to libarchive
* Tue Dec 06 2011 cooloAATTsuse.com- Update to libarchive 2.8.5 (from werner)
* Fix issue 134: Improve handling of open failures
* Fix issue 119: Relax ISO verification
* Fix issue 121: mtree parsing
* Fix extraction of GNU tar \'D\' directory entries
* Be less demanding in LZMA/XZ compression tests
* Fri Sep 30 2011 cooloAATTsuse.com- add baselibs.conf for PackageKit to use
* Tue Apr 19 2011 idoenmezAATTnovell.com- Add suport for xz and xar archives- Add libarchive-2.8.4-iso9660-data-types.patch: fix ISO9660 reader data type mismatches
* Thu Nov 11 2010 puzelAATTnovell.com- udpate to libarchive-2.8.4 - see /usr/share/doc/packages/libarchive2/NEWS for changes- drop libarchive-2.5.5_fix_testsuite.patch (upstream)- update libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch- clean up specfile- disable make check for now
* Wed Jan 06 2010 jengelhAATTmedozas.de- enable parallel building