SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libarchive-devel-3.6.1-1.1.x86_64.rpm :

* Fri Apr 08 2022 Dirk Müller - update to 3.6.1:
* 7zip reader: fix PPMD read beyond boundary (#1671)
* ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
* ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
* RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
* fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
* fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
* Thu Feb 24 2022 Ferdinand Thiessen - Update to 3.6.0
* Fix use-after-free bug (CVE-2021-36976)
* tar: new option \"--no-read-sparse\"
* tar: threads support for zstd
* RAR reader: filter support
* RAR5 reader: self-extracting archive support
* ZIP reader: zstd decompression support
* tar: respect \"--ignore-zeros\" in c, r and u modes
* reduced size of application binaries
* internal code optimizations- Drop upstream merged fix-following-symlinks.patch
* Mon Nov 29 2021 Adrian Schröter - fix permission settings on following symlinks (fix-following-symlinks.patch) this fixes also wrong permissions of /var/tmp in factory systems CVE-2021-31566
* Sun Nov 07 2021 Andreas Stieger - update to 3.5.2:
* CPIO: Support for PWB and v7 binary cpio formats
* ZIP reader: Support of deflate algorithm in symbolic link decompression
* security: fix handling of symbolic link ACLs on Linux (boo#1192425)
* security: never follow symlinks when setting file flags on Linux (boo#1192426)
* security: do not follow symlinks when processing the fixup list (boo#1192427)
* fix extraction of hardlinks to symlinks
* 7zip reader and writer fixes
* RAR reader fixes
* ZIP reader: fix excessive read for padded zip
* CAB reader: fix double free
* handle short writes from archive_write_callback
* Wed Jan 06 2021 Dirk Müller - update to 3.5.1:
* various compilation fixes (#1461, #1462, #1463, #1464)
* fixed undefined behavior in a function in warc reader (#1465)
* Tue Dec 01 2020 Ismail Dönmez - Update to version 3.5.0 New features:
* mtree digest reader support (#1347)
* completed support for UTF-8 encoding conversion (#1389)
* minor API enhancements (#1258, #1405)
* support for system extended attributes (#1409)
* support for decompression of symbolic links in zipx archives (#1435) Important bugfixes
* fixed extraction of archives with hard links pointing to itself (#1381)
* cpio fixes (#1387, #1388)
* fixed uninitialized size in rar5_read_data (#1408)
* fixed memory leaks in error case of archive_write_open() functions (#1456)- Drop libarchive-3.4.3-fix_test_write_disk_secure.patch, fixed upstream.
* Mon Sep 07 2020 Andreas Stieger - fix build with binutils submitted to Factory, adding upstream libarchive-3.4.3-fix_test_write_disk_secure.patch
* Wed May 20 2020 Ismail Dönmez - Update to version 3.4.3
* support for pzstd compressed files (#1357)
* support for RHT.security.selinux tar extended attribute (#1348)
* various zstd fixes and improvements (#1342 #1352 #1359)
* child process handling fixes (#1372)
* Tue Feb 18 2020 Ismail Dönmez - Switch back to cmake build now that cmake-mini exists, this will no longer create a build-cycle.
* Wed Feb 12 2020 Ismail Dönmez - Update to version 3.4.2 New features:
* support for atomic file extraction (bsdtar -x --safe-writes) (#1289)
* support for mbed TLS (PolarSSL) (#1301) Important bugfixes:
* security fixes in RAR5 reader (#1280 #1326)
* compression buffer fix in XAR writer (#1317)
* fix uname and gname longer than 32 characters in PAX writer (#1319)
* fix segfault when archiving hard links in ISO9660 and XAR writers (#1325)
* fix support for extracting 7z archive entries with Delta filter (#987)
* Mon Dec 30 2019 Ismail Dönmez - Revert back to autoconf, cmake introduces a cycle. Leave cmake patches in since they are basically correct and might be useful in the future.
* Mon Dec 30 2019 Ismail Dönmez - Update to version 3.4.1 New features:
* Unicode filename support for reading lha/lzh archives
* New pax write option \"xattrhdr\" Important bugfixes:
* security fixes in wide string processing (#1276 #1298)
* security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221
* security fixes and optimizations to write filter logic (#351)
* security fix related to use of readlink(2) (1dae5a5)
* sparse file handling fixes (#1218 #1260)- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream
* Fri Nov 22 2019 Adrian Schröter - fix bsc#1157569 CVE-2019-19221.patch out-of-bounds read in libarchive
* Sun Aug 18 2019 Ismail Dönmez - Switch to cmake build- Add lib-suffix.patch to honor LIB_SUFFIX- Add fix-zstd-test.patch to fix zstd test- Add fix-soversion.patch to fix the soversion to 13 as autotools
* Thu Jun 20 2019 Ismail Dönmez - Add lz4 and zstd support- Add BuildRequires on liblz4-devel and libzstd-devel
* Thu Jun 13 2019 Ismail Dönmez - Update to version 3.4.0
* Support for file and directory symlinks on Windows
* Read support for RAR 5.0 archives
* Read support for ZIPX archives with xz, lzma, ppmd8 and bzip2 compression
* Support for non-recursive list and extract
* New tar option: --exclude-vcs
* Improved file attribute support on Linux and file flags support on FreeBSD
* Fix reading Android APK archives (#1055 )
* Fix problems related to unreadable directories (#1167)
* A two-digit number of OSS-Fuzz issues was resolved in this release including CVE-2019-18408- Add libarchive.keyring and validate the tarball signature- Drop all security patches, fixed upstream:
* CVE-2018-1000877.patch
* CVE-2018-1000878.patch
* CVE-2018-1000879.patch
* CVE-2018-1000880.patch
* CVE-2019-1000019.patch
* CVE-2019-1000020.patch
* Tue Feb 05 2019 Adrian Schröter - Added patches:
* CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341)
* CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342)
* Thu Jan 03 2019 Karol Babioch - Added patches:
* CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR decoder (CVE-2018-1000877 bsc#1120653)
* CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR decoder (CVE-2018-1000878 bsc#1120654)
* CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656)
* CVE-2018-1000880.patch, which fixes an improper input validation vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)- Make use of %license macro- Applied spec-cleaner
* Tue Sep 18 2018 Jan Engelhardt - Fix RPM groups. Remove idempotent %if..%endif guards. Diversify summaries. Set CFLAGS instead of re-defining optflags with itself.
* Fri Sep 14 2018 Adrian Schröter - update to version 3.3.3
* Avoid super-linear slowdown on malformed mtree files
* Many fixes for building with Visual Studio
* NO_OVERWRITE doesn\'t change existing directory attributes
* New support for Zstandard read and write filters- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503- fix-CVE-2017-14166.patch is obsolete
  
ICM