SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for bsdtar-3.7.6-157.1.x86_64.rpm :

* Fri Sep 27 2024 Antonio Teixeira - Update to 3.7.6:
* tar: clean up linkpath between entries
* tar: fix memory leaks when processing symlinks or parsing pax headers
* iso: be more cautious about parsing ISO-9660 timestamps- Version 3.7.5 changes:
* fix multiple vulnerabilities identified by SAST
* cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
* lzop: prevent integer overflow
* rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971)
* rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972)
* rar4: fix OOB in delta and audio filter
* rar4: fix out of boundary access with large files
* rar4: add boundary checks to rgb filter
* rar4: fix OOB access with unicode filenames
* rar5: clear \'data ready\' cache on window buffer reallocs
* rpm: calculate huge header sizes correctly
* unzip: unify EOF handling
* util: fix out of boundary access in mktemp functions
* uu: stop processing if lines are too long
* 7zip: fix issue when skipping first file in 7zip archive that is a multiple of 65536 bytes
* ar: fix archive entries having no type
* lha: do not allow negative file sizes
* lha: fix integer truncation on 32-bit systems
* shar: check strdup return value
* rar5: don\'t try to read rediculously long names
* xar: fix another infinite loop and expat error handling
* many Windows fixes, cleanups and improvements- Drop fix-soversion.patch, fix-bsdunzip-test.patch
* Fixed upstream
* Thu Jun 20 2024 Antonio Teixeira - Update lib-suffix.patch
* Add LIB_SUFFIX to libdir path in the pkg-config file
* Wed May 22 2024 Danilo Spinella - Fix bsdunzip test failing due to a locale issue
* fix-bsdunzip-test.patch
* Tue Apr 30 2024 Danilo Spinella - Update to 3.7.4:
* rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911)
* zip: Fix out of boundary access
* 7zip: Limit amount of properties
* bsdtar: Fix error handling around strtol() usages
* passphrase: Improve newline handling on Windows
* passphrase: Never allow empty passwords
* rar: Fix \"File CRC Error\" when extracting specific rar4 archives
* xar: Avoid infinite link loop
* zip: Update AppleDouble support for directories
* zstd: Implement core detection- Update to 3.7.3:
* PCRE2 support
* add trailing letter b to bsdtar(1) substitute pattern
* add support for long options \"--group\" and \"--owner\" to tar(1)
* Fix possible vulnerability in tar error reporting introduced in f27c173
* ISO9660: preserve the natural order of links
* rar5: fix decoding unicode filenames on Windows
* rar5: fix infinite loop if during rar5 decompression the last block produced no data
* xz filter: fix incorrect eof at the end of an lzip member
* zip: fix end-of-data marker processing when decompressing zip archives
* multiple bsdunzip(1) fixes
* filetime truncation fix on Windows- Fix rpmlint warning about summary being too long
* Fri Dec 29 2023 Dirk Müller - skip write tests on 32bit, they OOM
* Sun Sep 17 2023 Dirk Müller - update to 3.7.2:
* Multiple vulnerabilities have been fixed in the PAX writer
* bsdunzip(1) now correctly handles arguments following an - x after the zipfile
* zstd filter now supports the \"long\" write option
* SEGV and stack buffer overflow in verbose mode of cpio
* bsdunzip updated to match latest upstream code
* miscellaneous functional bugfixes
* Mon Jul 24 2023 Bernhard Wiedemann - update to 3.7.0
* bsdunzip port from FreeBSD
* fix 2 year 2038 issues
* Fri Dec 23 2022 Dirk Müller - update to 3.6.2 (bsc#1205629, CVE-2022-36227)
* NULL pointer dereference vulnerability in archive_write.c
* include ZSTD in Windows builds (#1688)
* SSL fixes on Windows (#1714, #1723, #1724)
* rar5 reader: fix possible garbled output with bsdtar -O (#1745)
* mtree reader: support reading mtree files with tabs (#1783)
* various small fixes for issues found by CodeQL- Drop upstream merged CVE-2022-36227.patch
* Tue Nov 22 2022 Danilo Spinella - Fix CVE-2022-36227, Handle a calloc returning NULL (CVE-2022-36227, bsc#1205629)
* CVE-2022-36227.patch
* Fri Apr 08 2022 Dirk Müller - update to 3.6.1:
* 7zip reader: fix PPMD read beyond boundary (#1671)
* ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
* ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
* RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
* fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
* fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)- Drop upstream merged fix-CVE-2022-26280.patch
* Thu Apr 07 2022 Danilo Spinella - Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init (CVE-2022-26280, bsc#1197634)
* fix-CVE-2022-26280.patch
* Thu Feb 24 2022 Ferdinand Thiessen - Update to 3.6.0
* Fix use-after-free bug (CVE-2021-36976)
* tar: new option \"--no-read-sparse\"
* tar: threads support for zstd
* RAR reader: filter support
* RAR5 reader: self-extracting archive support
* ZIP reader: zstd decompression support
* tar: respect \"--ignore-zeros\" in c, r and u modes
* reduced size of application binaries
* internal code optimizations- Drop upstream merged:
* fix-following-symlinks.patch
* fix-CVE-2021-36976.patch
* Wed Feb 23 2022 Danilo Spinella - Fix CVE-2021-36976 use-after-free in copy_string (CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch- The following issues have already been fixed in this package but weren\'t previously mentioned in the changes file: CVE-2017-5601, bsc#1022528, bsc#1189528
* Mon Nov 29 2021 Adrian Schröter - fix permission settings on following symlinks (fix-following-symlinks.patch) this fixes also wrong permissions of /var/tmp in factory systems CVE-2021-31566
* Sun Nov 07 2021 Andreas Stieger - update to 3.5.2:
* CPIO: Support for PWB and v7 binary cpio formats
* ZIP reader: Support of deflate algorithm in symbolic link decompression
* security: fix handling of symbolic link ACLs on Linux (boo#1192425)
* security: never follow symlinks when setting file flags on Linux (boo#1192426)
* security: do not follow symlinks when processing the fixup list (boo#1192427)
* fix extraction of hardlinks to symlinks
* 7zip reader and writer fixes
* RAR reader fixes
* ZIP reader: fix excessive read for padded zip
* CAB reader: fix double free
* handle short writes from archive_write_callback- Drop upstream mereged:
* CVE-2021-23177.patch
* CVE-2021-31566.patch
* bsc1192427.patch
* Thu Oct 21 2021 Danilo Spinella - Fix CVE-2021-31566, modifies file flags of symlink target (CVE-2021-31566, bsc#1192426.patch) CVE-2021-31566.patch- Fix bsc#1192427, processing fixup entries may follow symbolic links bsc1192427.patch
* Sun Sep 12 2021 Danilo Spinella - Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target (CVE-2021-23177, bsc#1192425)
* CVE-2021-23177.patch
* Wed Jan 06 2021 Dirk Müller - update to 3.5.1:
* various compilation fixes (#1461, #1462, #1463, #1464)
* fixed undefined behavior in a function in warc reader (#1465)
  
ICM