|
|
|
|
Changelog for bsdtar-3.4.3-122.2.i586.rpm :
* Mon Sep 07 2020 Andreas Stieger - fix build with binutils submitted to Factory, adding upstream libarchive-3.4.3-fix_test_write_disk_secure.patch * Wed May 20 2020 Ismail Dönmez - Update to version 3.4.3 * support for pzstd compressed files (#1357) * support for RHT.security.selinux tar extended attribute (#1348) * various zstd fixes and improvements (#1342 #1352 #1359) * child process handling fixes (#1372) * Tue Feb 18 2020 Ismail Dönmez - Switch back to cmake build now that cmake-mini exists, this will no longer create a build-cycle. * Wed Feb 12 2020 Ismail Dönmez - Update to version 3.4.2 New features: * support for atomic file extraction (bsdtar -x --safe-writes) (#1289) * support for mbed TLS (PolarSSL) (#1301) Important bugfixes: * security fixes in RAR5 reader (#1280 #1326) * compression buffer fix in XAR writer (#1317) * fix uname and gname longer than 32 characters in PAX writer (#1319) * fix segfault when archiving hard links in ISO9660 and XAR writers (#1325) * fix support for extracting 7z archive entries with Delta filter (#987) * Mon Dec 30 2019 Ismail Dönmez - Revert back to autoconf, cmake introduces a cycle. Leave cmake patches in since they are basically correct and might be useful in the future. * Mon Dec 30 2019 Ismail Dönmez - Update to version 3.4.1 New features: * Unicode filename support for reading lha/lzh archives * New pax write option \"xattrhdr\" Important bugfixes: * security fixes in wide string processing (#1276 #1298) * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221 * security fixes and optimizations to write filter logic (#351) * security fix related to use of readlink(2) (1dae5a5) * sparse file handling fixes (#1218 #1260)- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream * Fri Nov 22 2019 Adrian Schröter - fix bsc#1157569 CVE-2019-19221.patch out-of-bounds read in libarchive * Sun Aug 18 2019 Ismail Dönmez - Switch to cmake build- Add lib-suffix.patch to honor LIB_SUFFIX- Add fix-zstd-test.patch to fix zstd test- Add fix-soversion.patch to fix the soversion to 13 as autotools * Thu Jun 20 2019 Ismail Dönmez - Add lz4 and zstd support- Add BuildRequires on liblz4-devel and libzstd-devel * Thu Jun 13 2019 Ismail Dönmez - Update to version 3.4.0 * Support for file and directory symlinks on Windows * Read support for RAR 5.0 archives * Read support for ZIPX archives with xz, lzma, ppmd8 and bzip2 compression * Support for non-recursive list and extract * New tar option: --exclude-vcs * Improved file attribute support on Linux and file flags support on FreeBSD * Fix reading Android APK archives (#1055 ) * Fix problems related to unreadable directories (#1167) * A two-digit number of OSS-Fuzz issues was resolved in this release including CVE-2019-18408- Add libarchive.keyring and validate the tarball signature- Drop all security patches, fixed upstream: * CVE-2018-1000877.patch * CVE-2018-1000878.patch * CVE-2018-1000879.patch * CVE-2018-1000880.patch * CVE-2019-1000019.patch * CVE-2019-1000020.patch * Tue Feb 05 2019 Adrian Schröter - Added patches: * CVE-2019-1000019.patch Fixes 7zip crash (boo#1124341) * CVE-2019-1000020.patch ISO9660 infinite loop fixed (boo#1124342) * Thu Jan 03 2019 Karol Babioch - Added patches: * CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR decoder (CVE-2018-1000877 bsc#1120653) * CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR decoder (CVE-2018-1000878 bsc#1120654) * CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656) * CVE-2018-1000880.patch, which fixes an improper input validation vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659)- Make use of %license macro- Applied spec-cleaner * Tue Sep 18 2018 Jan Engelhardt - Fix RPM groups. Remove idempotent %if..%endif guards. Diversify summaries. Set CFLAGS instead of re-defining optflags with itself. * Fri Sep 14 2018 Adrian Schröter - update to version 3.3.3 * Avoid super-linear slowdown on malformed mtree files * Many fixes for building with Visual Studio * NO_OVERWRITE doesn\'t change existing directory attributes * New support for Zstandard read and write filters- Fixes CVE-2017-14501, CVE-2017-14502, CVE-2017-14503- fix-CVE-2017-14166.patch is obsolete * Thu Sep 07 2017 adrianAATTsuse.de- update to version 3.3.2 * NFSv4 ACL support for Linux (librichacl)- fix-CVE-2017-14166.patch (boo#1057514) * Mon Apr 03 2017 adrianAATTsuse.de- update to version 3.3.1 * Security & Feature release Details are not documented from upstream yet fix-extract-over-links.patch and libarchive-openssl.patch obsoleted * Fri Dec 02 2016 adrianAATTsuse.com- fix extracting over symlinks: fix-extract-over-links.patch the problem is solved upstream different, but git master is too different atm. * Wed Oct 26 2016 adrianAATTsuse.com- update to version 3.2.2 Unspecified security fixes, but at least: * CVE-2016-8687 * CVE-2016-8689 * CVE-2016-8688 * CVE-2016-5844 * CVE-2016-6250 * CVE-2016-5418- obsoletes fix-build.patch * Sat Jul 23 2016 dmuellerAATTsuse.com- make bsdtar require a matching libarchive version to avoid missing symbol errors * Mon Jun 20 2016 adrianAATTsuse.de- update to version 3.2.1 Fixes a number of security issues: CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300- and fixing the build (fix-build.patch) * Thu Jun 16 2016 adrianAATTsuse.de- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990) CVE-2016-4809.patch * Mon May 09 2016 adrianAATTsuse.de- 4GB _constraints for ppc64le only, it would break other archs- update to version 3.2.0 * Fixes CVE-2016-1541 * Fixes CVE-2015-8928 * changes are only documented in git history * updated openssl patch * new bsdcat utility- removed obsolete patches for: * CVE-2013-0211.patch * directory-traversal-fix.patch * libarchive-xattr.patch * Fri May 06 2016 normandAATTlinux.vnet.ibm.com- add _constraints memory 4096MB to avoid ppc64le build failure * Sat Sep 19 2015 astiegerAATTsuse.com- build static lib on RHEL 7 * Sun Mar 22 2015 astiegerAATTsuse.com- RHEL/CentOS build fix, skipping autoreconf * Sun Mar 15 2015 astiegerAATTsuse.com- add CVE for previous change * Thu Mar 05 2015 adrianAATTsuse.com- fix a directory traversal in cpio tool (bnc#920870) directory-traversal-fix.patch CVE-2015-2304 * Tue Nov 11 2014 jsegitzAATTnovell.com- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024) * Wed May 28 2014 crrodriguezAATTopensuse.org- libarchive-xattr.patch, fix subtle wrong library check that causes this package to depend on libattr when it should be using glibc. * Sun Nov 24 2013 andreas.stiegerAATTgmx.de- add optional -static-devel library package, intended to publish pixz for CentOS / RHEL, default off- skip some dependencies not required for pixz on CentOS / RHEL * Tue Aug 20 2013 crrodriguezAATTopensuse.org- remove artificial dependencies on libacl-devel, libbz2-devel, zlib-devel from libarchive-devel. * Mon Aug 19 2013 crrodriguezAATTopensuse.org- libarchive-openssl.patch: Call OPENSSL_config where needed, otherwise on systems configured to use openSSL engines such as via-padlock wont benefit from hardware acceleration. * Fri Aug 16 2013 andreas.stiegerAATTgmx.de- update to 3.1.2 This is a maintenance update to fix issues with the new RAR seeking feature.- libarchive\'s new website moved to http://www.libarchive.org. * Sun Jun 16 2013 jengelhAATTinai.de- Explicitly list libattr-devel as BuildRequires (and sort those) * Wed Feb 13 2013 wernerAATTsuse.de- Use %libname macro to be consistent throughout the spec file * Tue Feb 05 2013 p.drouandAATTgmail.com- Update to version 3.1.1: + Fix an issue with the soname versioning in builds of libarchive using cmake- Removed patchs; fixed and merged on upstream release: * libarchive-fix-checks.patch * libarchive-ppc64.patch- The soname has changed and pass to 13. * Thu Aug 23 2012 dvaleevAATTsuse.com- libarchive-ppc64.patch: fix http://code.google.com/p/libarchive/issues/detail?id=277 test_option_b and test_option_nodump are failing on ppc64 * Thu Aug 09 2012 cfarrellAATTsuse.com- license update: BSD-2-Clause The COPYING file shows that the package is predominantly BSD-2-Clause licensed * Tue Aug 07 2012 dimstarAATTopensuse.org- Update to version 3.0.4: + libarchive development moved to http://libarchive.github.com/- Changes from version 3.0.2: + Various fixes merged from FreeBSD + Symlink support in Zip reader and writer + Robustness fixes to 7Zip reader- Changes from version 3.0.1b: + 7Zip reader + Small fixes to ISO and Zip to improve robustness with corrupted input + Improve streaming Zip reader\'s support for uncompressed entries + New seeking Zip reader supports SFX Zip archives + Build fixes on Windows- For more changes since 2.8.5, please see NEWS file- Update URL Tag to represent new home of the project.- Rename libarchive2 to libarchive12, following upstreams soname bumps.- Add libarchive-fix-checks.patch: Fix gcc 4.7 side effects.- Drop libarchive-test-fuzz.patch: fixed upstream.- Drop libarchive-ignore-sigpipe-in-test-suite.patch: fixed upstream.- Drop libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: upstream rejected the patch. Seems to be too theoretical problem. * Mon May 07 2012 wernerAATTsuse.de- Enforce usage of reentrant versions of libc functions * Mon Feb 13 2012 dvaleevAATTsuse.com- fix failed tests on ppc * Wed Feb 08 2012 idonmezAATTsuse.com- Use %makeinstall to be SLES compatible * Thu Dec 22 2011 wernerAATTsuse.de- For SLES11 work around missing rpm macro * Tue Dec 06 2011 cooloAATTsuse.com- rename main package to libarchive * Tue Dec 06 2011 cooloAATTsuse.com- Update to libarchive 2.8.5 (from werner) * Fix issue 134: Improve handling of open failures * Fix issue 119: Relax ISO verification * Fix issue 121: mtree parsing * Fix extraction of GNU tar \'D\' directory entries * Be less demanding in LZMA/XZ compression tests * Fri Sep 30 2011 cooloAATTsuse.com- add baselibs.conf for PackageKit to use * Tue Apr 19 2011 idoenmezAATTnovell.com- Add suport for xz and xar archives- Add libarchive-2.8.4-iso9660-data-types.patch: fix ISO9660 reader data type mismatches * Thu Nov 11 2010 puzelAATTnovell.com- udpate to libarchive-2.8.4 - see /usr/share/doc/packages/libarchive2/NEWS for changes- drop libarchive-2.5.5_fix_testsuite.patch (upstream)- update libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch- clean up specfile- disable make check for now * Wed Jan 06 2010 jengelhAATTmedozas.de- enable parallel building * Wed Oct 29 2008 mrueckertAATTsuse.de- added libarchive-2.5.5_handle_ENOSYS_from_lutimes.patch: it can happen that your system at build times supports lutimes but later at runtime the needed syscall is missing. * Mon Sep 08 2008 mrueckertAATTsuse.de- fix rm calls in %install * Sat Sep 06 2008 mrueckertAATTsuse.de- update to 2.5.5 This is a major version bump again: it incorporates lots of bugfixes and improvements. For all the details please see /usr/share/doc/packages/libarchive2/NEWS- drop the .la file- dropped patch libarchive-2.2.5_rpath.patch: no longer needed- added libarchive-2.5.5_fix_testsuite.patch: added missing mode to open() with O_CREAT * Wed Aug 15 2007 roAATTsuse.de- fix dependency of devel package * Tue Aug 07 2007 mrueckertAATTsuse.de- restructured package: bsdtar is now the main package and libarchive2 and libarchive-devel the subpackages. This saves us a rename on soversion bumps. * Mon Jul 30 2007 mrueckertAATTsuse.de- update to 2.2.5 (#291358) This is a major version bump. For a full list of all changes see /usr/share/doc/packages/libarchive/NEWS. Mostly notable this up- date includes the fixes for the following security bugs: Errors handling corrupt tar files in libarchive (CVE-2007-3641, CVE-2007-3644, CVE-2007-3645)- added libarchive-2.2.5_rpath.patch: dont set a rpath on the builddir.- no longer building the static lib * Thu Jun 07 2007 roAATTsuse.de- added ldconfig to post scripts- remove minitar objects (leave binary there for now) * Sun Apr 08 2007 mrueckertAATTsuse.de- updated to 2.0.28- removed all patches: included upstream * Sat Mar 24 2007 mrueckertAATTsuse.de- require libbz2-devel on >= 10.3 * Sat Mar 24 2007 ajAATTsuse.de- Change requires for libbz2 split. * Tue Mar 06 2007 mrueckertAATTsuse.de- updated bsdtar-1.2.53_ext2_include.patch: the old fix was not complete and on newer glibc/kernel-headers it seems you need to include linux/fs.h explicitly new name: bsdtar-1.3.1_linux_fs_includes.patch- build with -fno-strict-aliasing * Fri Nov 10 2006 mrueckertAATTsuse.de- added SA-06-24_libarchive.patch: fix DOS in libarchive (CVE-2006-5680) http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc * Fri Sep 22 2006 mrueckertAATTsuse.de- update to version 1.3.1 * Thu Apr 27 2006 mrueckertAATTsuse.de- updated to 1.2.53: Upstream merged the source tarball. Splitted of a bsdtar package * Mon Feb 27 2006 mrueckertAATTsuse.de- fixed building of debuginfo package * Mon Feb 27 2006 mrueckertAATTsuse.de- libarchive 1.2.38
|
|
|