Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libarchive for openSUSE:Factory checked in at 2024-01-04 15:57:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libarchive (Old) and /work/SRC/openSUSE:Factory/.libarchive.new.28375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libarchive" Thu Jan 4 15:57:03 2024 rev:49 rq:1135735 version:3.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libarchive/libarchive.changes 2023-07-25 11:22:56.299576901 +0200 +++ /work/SRC/openSUSE:Factory/.libarchive.new.28375/libarchive.changes 2024-01-04 15:58:22.278653348 +0100 @@ -1,0 +2,18 @@ +Fri Dec 29 18:39:00 UTC 2023 - Dirk Müller <dmuel...@suse.com> + +- skip write tests on 32bit, they OOM + +------------------------------------------------------------------- +Sun Sep 17 08:53:58 UTC 2023 - Dirk Müller <dmuel...@suse.com> + +- update to 3.7.2: + * Multiple vulnerabilities have been fixed in the PAX writer + * bsdunzip(1) now correctly handles arguments following an + -x after the zipfile + * zstd filter now supports the "long" write option + * SEGV and stack buffer overflow in verbose mode of cpio + * bsdunzip updated to match latest upstream code + * miscellaneous functional bugfixes + + +------------------------------------------------------------------- @@ -17,0 +36,8 @@ +- Drop upstream merged CVE-2022-36227.patch + +------------------------------------------------------------------- +Tue Nov 22 14:20:36 UTC 2022 - Danilo Spinella <danilo.spine...@suse.com> + +- Fix CVE-2022-36227, Handle a calloc returning NULL + (CVE-2022-36227, bsc#1205629) + * CVE-2022-36227.patch @@ -29,0 +56,8 @@ +- Drop upstream merged fix-CVE-2022-26280.patch + +------------------------------------------------------------------- +Tue Apr 7 16:28:45 UTC 2022 - Danilo Spinella <danilo.spine...@suse.com> + +- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init + (CVE-2022-26280, bsc#1197634) + * fix-CVE-2022-26280.patch @@ -44 +78,13 @@ -- Drop upstream merged fix-following-symlinks.patch +- Drop upstream merged: + * fix-following-symlinks.patch + * fix-CVE-2021-36976.patch + +------------------------------------------------------------------- +Mon Feb 23 14:44:21 UTC 2022 - Danilo Spinella <danilo.spine...@suse.com> + +- Fix CVE-2021-36976 use-after-free in copy_string + (CVE-2021-36976, bsc#1188572) + * fix-CVE-2021-36976.patch +- The following issues have already been fixed in this package but + weren't previously mentioned in the changes file: + CVE-2017-5601, bsc#1022528, bsc#1189528 @@ -67,0 +114,20 @@ +- Drop upstream mereged: + * CVE-2021-23177.patch + * CVE-2021-31566.patch + * bsc1192427.patch + +------------------------------------------------------------------- +Fri Oct 21 14:18:01 UTC 2021 - Danilo Spinella <danilo.spine...@suse.com> + +- Fix CVE-2021-31566, modifies file flags of symlink target + (CVE-2021-31566, bsc#1192426.patch) + CVE-2021-31566.patch +- Fix bsc#1192427, processing fixup entries may follow symbolic links + bsc1192427.patch + +------------------------------------------------------------------- +Mon Sep 12 14:07:20 UTC 2021 - Danilo Spinella <danilo.spine...@suse.com> + +- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target + (CVE-2021-23177, bsc#1192425) + * CVE-2021-23177.patch Old: ---- libarchive-3.7.0.tar.xz libarchive-3.7.0.tar.xz.asc New: ---- libarchive-3.7.2.tar.xz libarchive-3.7.2.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libarchive.spec ++++++ --- /var/tmp/diff_new_pack.86Hgpo/_old 2024-01-04 15:58:22.850674245 +0100 +++ /var/tmp/diff_new_pack.86Hgpo/_new 2024-01-04 15:58:22.854674391 +0100 @@ -1,7 +1,7 @@ # # spec file for package libarchive # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,7 +30,7 @@ %bcond_without ext2fs %endif Name: libarchive -Version: 3.7.0 +Version: 3.7.2 Release: 0 Summary: Utility and C library to create and read several different streaming archive formats License: BSD-2-Clause @@ -171,7 +171,11 @@ %cmake_build %check -%ctest +exclude="" +%ifarch %arm %ix86 ppc s390 +exclude="-E test_write_filter" +%endif +%ctest $exclude %install %cmake_install ++++++ libarchive-3.7.0.tar.xz -> libarchive-3.7.2.tar.xz ++++++ ++++ 4537 lines of diff (skipped)
