Hello community, here is the log from the commit of package libarchive for openSUSE:Leap:15.2 checked in at 2020-02-27 06:40:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/libarchive (Old) and /work/SRC/openSUSE:Leap:15.2/.libarchive.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libarchive" Thu Feb 27 06:40:55 2020 rev:20 rq:778876 version:3.4.2 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/libarchive/libarchive.changes 2020-01-15 15:18:57.258360114 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.libarchive.new.26092/libarchive.changes 2020-02-27 06:41:00.417547573 +0100 @@ -2 +2 @@ -Fri Oct 25 09:35:44 UTC 2019 - Adrian Schröter <[email protected]> +Wed Feb 12 08:34:50 UTC 2020 - Ismail Dönmez <[email protected]> @@ -4,2 +4,76 @@ -- Added patch: - * CVE-2019-18408.patch Fixes use-after-free in a certain ARCHIVE_FAILED situation (bsc#1155079) +- Update to version 3.4.2 + New features: + * support for atomic file extraction (bsdtar -x --safe-writes) (#1289) + * support for mbed TLS (PolarSSL) (#1301) + Important bugfixes: + * security fixes in RAR5 reader (#1280 #1326) + * compression buffer fix in XAR writer (#1317) + * fix uname and gname longer than 32 characters in PAX writer (#1319) + * fix segfault when archiving hard links in ISO9660 and XAR writers (#1325) + * fix support for extracting 7z archive entries with Delta filter (#987) + +------------------------------------------------------------------- +Mon Dec 30 08:40:05 UTC 2019 - Ismail Dönmez <[email protected]> + +- Revert back to autoconf, cmake introduces a cycle. Leave cmake + patches in since they are basically correct and might be useful + in the future. + +------------------------------------------------------------------- +Mon Dec 30 08:14:13 UTC 2019 - Ismail Dönmez <[email protected]> + +- Update to version 3.4.1 + New features: + * Unicode filename support for reading lha/lzh archives + * New pax write option "xattrhdr" + Important bugfixes: + * security fixes in wide string processing (#1276 #1298) + * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221 + * security fixes and optimizations to write filter logic (#351) + * security fix related to use of readlink(2) (1dae5a5) + * sparse file handling fixes (#1218 #1260) +- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream + +------------------------------------------------------------------- +Fri Nov 22 13:17:53 UTC 2019 - Adrian Schröter <[email protected]> + +- fix bsc#1157569 + CVE-2019-19221.patch out-of-bounds read in libarchive + +------------------------------------------------------------------- +Sun Aug 18 12:33:05 UTC 2019 - Ismail Dönmez <[email protected]> + +- Switch to cmake build +- Add lib-suffix.patch to honor LIB_SUFFIX +- Add fix-zstd-test.patch to fix zstd test +- Add fix-soversion.patch to fix the soversion to 13 as autotools + +------------------------------------------------------------------- +Thu Jun 20 11:35:15 UTC 2019 - Ismail Dönmez <[email protected]> + +- Add lz4 and zstd support +- Add BuildRequires on liblz4-devel and libzstd-devel + +------------------------------------------------------------------- +Thu Jun 13 08:00:36 UTC 2019 - Ismail Dönmez <[email protected]> + +- Update to version 3.4.0 + * Support for file and directory symlinks on Windows + * Read support for RAR 5.0 archives + * Read support for ZIPX archives with xz, lzma, ppmd8 and + bzip2 compression + * Support for non-recursive list and extract + * New tar option: --exclude-vcs + * Improved file attribute support on Linux and file flags support + on FreeBSD + * Fix reading Android APK archives (#1055 ) + * Fix problems related to unreadable directories (#1167) + * A two-digit number of OSS-Fuzz issues was resolved in this release +- Add libarchive.keyring and validate the tarball signature +- Drop all security patches, fixed upstream: + * CVE-2018-1000877.patch + * CVE-2018-1000878.patch + * CVE-2018-1000879.patch + * CVE-2018-1000880.patch + * CVE-2019-1000019.patch + * CVE-2019-1000020.patch @@ -15 +89 @@ -Thu Jan 3 15:47:07 UTC 2019 - Karol Babioch <[email protected]> +Thu Jan 3 15:26:58 UTC 2019 - Karol Babioch <[email protected]> @@ -25,0 +100,9 @@ +- Make use of %license macro +- Applied spec-cleaner + +------------------------------------------------------------------- +Tue Sep 18 07:08:54 UTC 2018 - Jan Engelhardt <[email protected]> + +- Fix RPM groups. Remove idempotent %if..%endif guards. + Diversify summaries. Set CFLAGS instead of re-defining + optflags with itself. @@ -28 +111 @@ -Wed Oct 10 13:18:24 UTC 2018 - Adrian Schröter <[email protected]> +Fri Sep 14 06:57:14 UTC 2018 - Adrian Schröter <[email protected]> @@ -30,2 +113,6 @@ -- CVE-2017-14502.patch: bsc#1059100 - CVE-2017-14501.patch: CVE-2017-14503 bsc#1057514 bsc#1059139 +- update to version 3.3.3 + * Avoid super-linear slowdown on malformed mtree files + * Many fixes for building with Visual Studio + * NO_OVERWRITE doesn't change existing directory attributes + * New support for Zstandard read and write filters +- fix-CVE-2017-14166.patch is obsolete Old: ---- CVE-2017-14501.patch CVE-2017-14502.patch CVE-2018-1000877.patch CVE-2018-1000878.patch CVE-2018-1000879.patch CVE-2018-1000880.patch CVE-2019-1000019.patch CVE-2019-1000020.patch CVE-2019-18408.patch fix-CVE-2017-14166.patch libarchive-3.3.2.tar.gz New: ---- fix-soversion.patch lib-suffix.patch libarchive-3.4.2.tar.gz libarchive-3.4.2.tar.gz.asc libarchive.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libarchive.spec ++++++ --- /var/tmp/diff_new_pack.RyXOEM/_old 2020-02-27 06:41:01.181549164 +0100 +++ /var/tmp/diff_new_pack.RyXOEM/_new 2020-02-27 06:41:01.185549172 +0100 @@ -1,7 +1,7 @@ # # spec file for package libarchive # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,69 +12,57 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%define somajor 13 +%define libname libarchive%{somajor} %if 0%{?centos_version} || 0%{?rhel_version} %if 0%{?centos_version} <= 600 || 0%{?rhel_version <= 700} %bcond_without static_libs %bcond_with openssl %bcond_with ext2fs -%define skip_autoreconf 1 %endif %else %bcond_with static_libs %bcond_without openssl %bcond_without ext2fs %endif - -%define somajor 13 -%define libname libarchive%{somajor} - Name: libarchive -Version: 3.3.2 +Version: 3.4.2 Release: 0 -Summary: Creates and reads several different streaming archive formats +Summary: Utility and C library to create and read several different streaming archive formats License: BSD-2-Clause Group: Productivity/Archiving/Compression -Url: http://www.libarchive.org/ -Source0: http://www.libarchive.org/downloads/libarchive-%{version}.tar.gz -Source1: baselibs.conf -Patch1: fix-CVE-2017-14166.patch -# PATCH-FIX-UPSTREAM bsc#1059139 bsc#1059100 -Patch2: CVE-2017-14501.patch -# PATCH-FIX-UPSTREAM bsc#1057514 -Patch3: CVE-2017-14502.patch -Patch4: CVE-2018-1000877.patch -Patch5: CVE-2018-1000878.patch -Patch6: CVE-2018-1000879.patch -Patch7: CVE-2018-1000880.patch -# PATCH-FIX-UPSTREAM bsc#1124341 -Patch8: CVE-2019-1000019.patch -# PATCH-FIX-UPSTREAM bsc#1124342 -Patch9: CVE-2019-1000020.patch -# PATCH-FIX-UPSTREAM bsc#1155079 -Patch10: CVE-2019-18408.patch +URL: http://www.libarchive.org/ +Source0: https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.gz +Source1: https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.gz.asc +Source2: libarchive.keyring +Source1000: baselibs.conf +Patch1: lib-suffix.patch +Patch2: fix-soversion.patch BuildRequires: libacl-devel BuildRequires: libbz2-devel +BuildRequires: liblz4-devel +BuildRequires: libtool +BuildRequires: libxml2-devel +BuildRequires: libzstd-devel +BuildRequires: pkgconfig +BuildRequires: xz-devel +BuildRequires: zlib-devel %if %{with ext2fs} BuildRequires: libext2fs-devel %endif %if %{with openssl} BuildRequires: libopenssl-devel %endif -BuildRequires: libtool -BuildRequires: libxml2-devel -BuildRequires: pkg-config -BuildRequires: xz-devel -BuildRequires: zlib-devel %description Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants and several cpio formats. It can also write shar archives and -read ISO9660 CDROM images. The bsdtar program is an implementation of +read ISO-9660 CDROM images. The bsdtar program is an implementation of tar(1) that is built on top of libarchive. It started as a test harness, but has grown and is now the standard system tar for FreeBSD 5 and 6. @@ -82,22 +70,22 @@ This package contains the bsdtar cmdline utility. %package -n bsdtar -Requires: %{libname} >= %{version} -Summary: Creates and reads several different streaming archive formats +Summary: Utility to read several different streaming archive formats Group: Productivity/Archiving/Compression +Requires: %{libname} >= %{version} %description -n bsdtar This package contains the bsdtar cmdline utility. %package -n %{libname} Summary: Library to work with several different streaming archive formats -Group: Development/Libraries/C and C++ +Group: System/Libraries %description -n %{libname} Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants and several cpio formats. It can also write shar archives and -read ISO9660 CDROM images. The bsdtar program is an implementation of +read ISO-9660 CDROM images. The bsdtar program is an implementation of tar(1) that is built on top of libarchive. It started as a test harness, but has grown and is now the standard system tar for FreeBSD 5 and 6. @@ -147,50 +135,37 @@ methods, or new ways of reading/writing archives. %package -n libarchive-devel -Requires: %{libname} = %{version} -Requires: glibc-devel Summary: Development files for libarchive Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} +Requires: glibc-devel %description -n libarchive-devel Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants and several cpio formats. It can also write shar archives and -read ISO9660 CDROM images. The bsdtar program is an implementation of +read ISO-9660 CDROM images. The bsdtar program is an implementation of tar(1) that is built on top of libarchive. It started as a test harness, but has grown and is now the standard system tar for FreeBSD 5 and 6. This package contains the development files. -%if %{with static_libs} %package static-devel -Requires: %{name}-devel = %{version} -Summary: static library for libarchive +Summary: Static library for libarchive Group: Development/Libraries/C and C++ +Requires: %{name}-devel = %{version} %description static-devel -static library for libarchive -%endif +Static library for libarchive %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 +%autopatch -p1 %build -%if !0%{?skip_autoreconf} -autoreconf -fiv -%endif -%global optflags %{optflags} -D_REENTRANT -pipe +export CFLAGS="%{optflags} -D_REENTRANT -pipe" +export CXXFLAGS="$CFLAGS" %configure \ --disable-silent-rules \ %if %{without static_libs} @@ -204,21 +179,19 @@ make %{?_smp_mflags} %check -# test suite is a bit racy unfortunatly, so give it three attempts -make check || make check || make check +make %{?_smp_mflags} check %install -%makeinstall -find %{buildroot} -name '*.la' -type f -delete -print +%make_install + +find %{buildroot} -type f -name "*.la" -delete -print rm "%{buildroot}%{_mandir}/man5/"{tar,cpio,mtree}.5* sed -i -e '/Libs.private/d' %{buildroot}%{_libdir}/pkgconfig/libarchive.pc %post -n %{libname} -p /sbin/ldconfig - %postun -n %{libname} -p /sbin/ldconfig %files -n bsdtar -%defattr(-,root,root) %{_bindir}/bsdcat %{_bindir}/bsdcpio %{_bindir}/bsdtar @@ -226,13 +199,11 @@ %{_mandir}/man5/* %files -n %{libname} -%defattr(-,root,root) %license COPYING %doc NEWS %{_libdir}/libarchive.so.* %files -n libarchive-devel -%defattr(-,root,root) %doc examples/ %{_mandir}/man3/* %{_libdir}/libarchive.so @@ -241,7 +212,6 @@ %if %{with static_libs} %files static-devel -%defattr(-,root,root) %{_libdir}/%{name}.a %endif ++++++ fix-soversion.patch ++++++ Index: libarchive-3.4.0/CMakeLists.txt =================================================================== --- libarchive-3.4.0.orig/CMakeLists.txt +++ libarchive-3.4.0/CMakeLists.txt @@ -71,7 +71,7 @@ SET(LIBARCHIVE_VERSION_STRING "${VERSIO # libarchive 2.9 == interface version 11 = 2 + 9 # libarchive 3.0 == interface version 12 # libarchive 3.1 == interface version 13 -math(EXPR INTERFACE_VERSION "13 + ${_minor}") +set(INTERFACE_VERSION "13") # Set SOVERSION == Interface version # ?? Should there be more here ?? ++++++ lib-suffix.patch ++++++ Index: libarchive-3.4.0/build/cmake/CreatePkgConfigFile.cmake =================================================================== --- libarchive-3.4.0.orig/build/cmake/CreatePkgConfigFile.cmake +++ libarchive-3.4.0/build/cmake/CreatePkgConfigFile.cmake @@ -29,5 +29,5 @@ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DI # And install it, of course ;). IF(ENABLE_INSTALL) INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/build/pkgconfig/libarchive.pc - DESTINATION "lib/pkgconfig") + DESTINATION "lib${LIB_SUFFIX}/pkgconfig") ENDIF() Index: libarchive-3.4.0/libarchive/CMakeLists.txt =================================================================== --- libarchive-3.4.0.orig/libarchive/CMakeLists.txt +++ libarchive-3.4.0/libarchive/CMakeLists.txt @@ -254,8 +254,8 @@ IF(ENABLE_INSTALL) # How to install the libraries INSTALL(TARGETS archive archive_static RUNTIME DESTINATION bin - LIBRARY DESTINATION lib - ARCHIVE DESTINATION lib) + LIBRARY DESTINATION lib${LIB_SUFFIX} + ARCHIVE DESTINATION lib${LIB_SUFFIX}) INSTALL_MAN(${libarchive_MANS}) INSTALL(FILES ${include_HEADERS} DESTINATION include) ENDIF() ++++++ libarchive-3.3.2.tar.gz -> libarchive-3.4.2.tar.gz ++++++ /work/SRC/openSUSE:Leap:15.2/libarchive/libarchive-3.3.2.tar.gz /work/SRC/openSUSE:Leap:15.2/.libarchive.new.26092/libarchive-3.4.2.tar.gz differ: char 5, line 1
