Hello community, here is the log from the commit of package libarchive for openSUSE:Factory checked in at 2016-07-09 09:18:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libarchive (Old) and /work/SRC/openSUSE:Factory/.libarchive.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libarchive" Changes: -------- --- /work/SRC/openSUSE:Factory/libarchive/libarchive.changes 2016-06-13 21:48:33.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libarchive.new/libarchive.changes 2016-07-09 09:18:48.000000000 +0200 @@ -1,0 +2,14 @@ +Mon Jun 20 10:31:43 UTC 2016 - [email protected] + +- update to version 3.2.1 + Fixes a number of security issues: + CVE-2015-8934, CVE-2015-8933, CVE-2015-8917, CVE-2016-4301, CVE-2016-4300 +- and fixing the build (fix-build.patch) + +------------------------------------------------------------------- +Thu Jun 16 09:33:17 UTC 2016 - [email protected] + +- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990) + CVE-2016-4809.patch + +------------------------------------------------------------------- @@ -7,0 +22 @@ + * Fixes CVE-2015-8928 Old: ---- libarchive-3.2.0.tar.gz New: ---- fix-build.patch libarchive-3.2.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libarchive.spec ++++++ --- /var/tmp/diff_new_pack.4NcCX4/_old 2016-07-09 09:18:50.000000000 +0200 +++ /var/tmp/diff_new_pack.4NcCX4/_new 2016-07-09 09:18:50.000000000 +0200 @@ -33,7 +33,7 @@ %define libname libarchive%{somajor} Name: libarchive -Version: 3.2.0 +Version: 3.2.1 Release: 0 Summary: Creates and reads several different streaming archive formats License: BSD-2-Clause @@ -41,6 +41,7 @@ Url: http://www.libarchive.org/ Source0: http://www.libarchive.org/downloads/libarchive-%{version}.tar.gz Source1: baselibs.conf +Patch1: fix-build.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libacl-devel BuildRequires: libbz2-devel @@ -164,6 +165,7 @@ %if %{with openssl} %patch0 -p0 %endif +%patch1 -p0 %build %if !0%{?skip_autoreconf} @@ -176,6 +178,10 @@ --disable-static \ %endif --enable-bsdcpio + +# lzma mt detection is broken +sed -i -e "/HAVE_LZMA_STREAM_ENCODER_MT/d" config.h + make %{?_smp_mflags} %check ++++++ fix-build.patch ++++++ --- libarchive/test/test_write_format_gnutar_filenames.c.orig 2016-06-20 13:03:13.796386223 +0200 +++ libarchive/test/test_write_format_gnutar_filenames.c 2016-06-20 13:04:19.472387624 +0200 @@ -55,7 +55,7 @@ archive_entry_set_mode(template, S_IFREG | 0755); archive_entry_set_size(template, 8); - for (int i = 0; i < 2000; ++i) { + int i; for (i = 0; i < 2000; ++i) { filename[i] = 'a'; filename[i + 1] = '\0'; archive_entry_copy_pathname(template, filename); @@ -110,7 +110,7 @@ archive_entry_set_mode(template, S_IFLNK | 0755); archive_entry_copy_pathname(template, "link"); - for (int i = 0; i < 2000; ++i) { + int i; for (i = 0; i < 2000; ++i) { filename[i] = 'a'; filename[i + 1] = '\0'; archive_entry_copy_symlink(template, filename); ++++++ libarchive-3.2.0.tar.gz -> libarchive-3.2.1.tar.gz ++++++ ++++ 3352 lines of diff (skipped)
