| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libarchive-devel | Distribution: openSUSE Tumbleweed |
| Version: 3.8.1 | Vendor: openSUSE |
| Release: 1.2 | Build date: Thu Jun 5 23:05:40 2025 |
| Group: Development/Libraries/C and C++ | Build host: reproducible |
| Size: 203845 | Source RPM: libarchive-3.8.1-1.2.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://www.libarchive.org/ | |
| Summary: Development files for libarchive | |
Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants and several cpio formats. It can also write shar archives and read ISO-9660 CDROM images. The bsdtar program is an implementation of tar(1) that is built on top of libarchive. It started as a test harness, but has grown and is now the standard system tar for FreeBSD 5 and 6. This package contains the development files.
BSD-2-Clause
* Thu Jun 05 2025 Andreas Stieger <andreas.stieger@gmx.de>
- update to 3.8.1:
* libarchive: fix FILE_skip regression
* compress: Prevent call stack overflow
* iso9660: always check archive_string_ensure return value
* tar: Support negative time values with pax
* tar: Reset accumulated header state after reading macOS metadata blob
* tar: Keep block alignment after pax error
* tar: Handle extra bytes after sparse entries
- includes changes from 3.8.0:
* bsdtar: support --mtime and --clamp-mtime
* 7-zip reader: improve self-extracting archive detection
* xar: xmllite support for the XAR reader and writer
* zip writer: added XZ, LZMA, ZSTD and BZIP2 support
* zip writer: added LZMA + RISCV BCJ filter
* rar: do not skip past EOF while reading (boo#1244159)
* rar: fix double free with over 4 billion nodes (boo#1244160)
* rar: fix heap-buffer-overflow (boo#1244161)
* warc: prevent signed integer overflow (boo#1244162)
* tar: fix overflow in build_ustar_entry (boo#1244163)
* bsdtar: don't hardlink negative inode files together
* gz: allow setting the original filename for gzip compressed files
* lib: improve lseek handling
* lib: support @-prefixed Unix epoch timestamps as date strings
* rar: support large headers on 32 bit systems
* tar reader: Improve LFS support on 32 bit systems
- drop lib-suffix.patch, different implementation upstream
- spec file clean-up, removing currently unused -static
* Sat Apr 05 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 3.7.9:
* fix regression regarding GNU sparse entries
* Sun Mar 23 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 3.7.8:
* 7zip reader: add SPARC and POWERPC filter support for non-LZMA compressors
* tar reader: Ignore ustar size when pax size is present
* tar writer: Fix bug when -s/a/b/ used more than once with b flag
* libarchive: Handle ARCHIVE_FILTER_LZOP in archive_read_append_filter
* libarchive: Adding missing seeker function to archive_read_open_FILE()
- inludes the previously patched security fixes, dropping:
CVE-2025-1632.patch, CVE-2025-25724.patch, CVE-2024-57970.patch
* Tue Mar 11 2025 Marius Grossu <marius.grossu@suse.com>
- Fix CVE-2025-1632, null pointer dereference in bsdunzip.c
(CVE-2025-1632, bsc#1237606)
* CVE-2025-1632.patch
- Fix CVE-2025-25724, Buffer Overflow vulnerability in libarchive
(CVE-2025-25724, bsc#1238610)
* CVE-2025-25724.patch
* Tue Feb 25 2025 Antonio Teixeira <antonio.teixeira@suse.com>
- Fix CVE-2024-57970, heap-based buffer over-read in header_gnu_longlink
because it mishandles truncation (CVE-2024-57970, bsc#1237233)
* CVE-2024-57970.patch
* Thu Oct 17 2024 Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 3.7.7:
* gzip: prevent a hang when processing a malformed gzip inside a gzip
* tar: don't crash on truncated tar archives
* tar: fix two leaks in tar header parsing
* 7-zip: read/write symlink paths as UTF-8
* cpio: exit with an error code if an entry could not be extracted
* rar5: report encrypted entries
* tar: fix truncation of entry pathnames in specific archives
* Fri Sep 27 2024 Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 3.7.6:
* tar: clean up linkpath between entries
* tar: fix memory leaks when processing symlinks or parsing pax headers
* iso: be more cautious about parsing ISO-9660 timestamps
- Version 3.7.5 changes:
* fix multiple vulnerabilities identified by SAST
* cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
* lzop: prevent integer overflow
* rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971)
* rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972)
* rar4: fix OOB in delta and audio filter
* rar4: fix out of boundary access with large files
* rar4: add boundary checks to rgb filter
* rar4: fix OOB access with unicode filenames
* rar5: clear 'data ready' cache on window buffer reallocs
* rpm: calculate huge header sizes correctly
* unzip: unify EOF handling
* util: fix out of boundary access in mktemp functions
* uu: stop processing if lines are too long
* 7zip: fix issue when skipping first file in 7zip archive that is a multiple
of 65536 bytes
* ar: fix archive entries having no type
* lha: do not allow negative file sizes
* lha: fix integer truncation on 32-bit systems
* shar: check strdup return value
* rar5: don't try to read rediculously long names
* xar: fix another infinite loop and expat error handling
* many Windows fixes, cleanups and improvements
- Drop fix-soversion.patch, fix-bsdunzip-test.patch
* Fixed upstream
* Thu Jun 20 2024 Antonio Teixeira <antonio.teixeira@suse.com>
- Update lib-suffix.patch
* Add LIB_SUFFIX to libdir path in the pkg-config file
* Wed May 22 2024 Danilo Spinella <danilo.spinella@suse.com>
- Fix bsdunzip test failing due to a locale issue
* fix-bsdunzip-test.patch
* Tue Apr 30 2024 Danilo Spinella <danilo.spinella@suse.com>
- Update to 3.7.4:
* rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911)
* zip: Fix out of boundary access
* 7zip: Limit amount of properties
* bsdtar: Fix error handling around strtol() usages
* passphrase: Improve newline handling on Windows
* passphrase: Never allow empty passwords
* rar: Fix "File CRC Error" when extracting specific rar4 archives
* xar: Avoid infinite link loop
* zip: Update AppleDouble support for directories
* zstd: Implement core detection
- Update to 3.7.3:
* PCRE2 support
* add trailing letter b to bsdtar(1) substitute pattern
* add support for long options "--group" and "--owner" to tar(1)
* Fix possible vulnerability in tar error reporting introduced in f27c173
* ISO9660: preserve the natural order of links
* rar5: fix decoding unicode filenames on Windows
* rar5: fix infinite loop if during rar5 decompression the last block produced no data
* xz filter: fix incorrect eof at the end of an lzip member
* zip: fix end-of-data marker processing when decompressing zip archives
* multiple bsdunzip(1) fixes
* filetime truncation fix on Windows
- Fix rpmlint warning about summary being too long
* Fri Dec 29 2023 Dirk Müller <dmueller@suse.com>
- skip write tests on 32bit, they OOM
* Sun Sep 17 2023 Dirk Müller <dmueller@suse.com>
- update to 3.7.2:
* Multiple vulnerabilities have been fixed in the PAX writer
* bsdunzip(1) now correctly handles arguments following an
- x after the zipfile
* zstd filter now supports the "long" write option
* SEGV and stack buffer overflow in verbose mode of cpio
* bsdunzip updated to match latest upstream code
* miscellaneous functional bugfixes
* Mon Jul 24 2023 Bernhard Wiedemann <bwiedemann@suse.com>
- update to 3.7.0
* bsdunzip port from FreeBSD
* fix 2 year 2038 issues
* Fri Dec 23 2022 Dirk Müller <dmueller@suse.com>
- update to 3.6.2 (bsc#1205629, CVE-2022-36227)
* NULL pointer dereference vulnerability in archive_write.c
* include ZSTD in Windows builds (#1688)
* SSL fixes on Windows (#1714, #1723, #1724)
* rar5 reader: fix possible garbled output with bsdtar -O (#1745)
* mtree reader: support reading mtree files with tabs (#1783)
* various small fixes for issues found by CodeQL
- Drop upstream merged CVE-2022-36227.patch
* Tue Nov 22 2022 Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2022-36227, Handle a calloc returning NULL
(CVE-2022-36227, bsc#1205629)
* CVE-2022-36227.patch
* Fri Apr 08 2022 Dirk Müller <dmueller@suse.com>
- update to 3.6.1:
* 7zip reader: fix PPMD read beyond boundary (#1671)
* ZIP reader: fix possible out of bounds read (OSS-Fuzz 38766 #1672)
* ISO reader: fix possible heap buffer overflow in read_children() (OSS-Fuzz 38764, #1685)
* RARv4 redaer: fix multiple issues in RARv4 filter code (introduced in libarchive 3.6.0)
* fix heap use after free in archive_read_format_rar_read_data() (OSS-Fuzz 44547, 52efa50)
* fix null dereference in read_data_compressed() (OSS-Fuzz 44843, 1271f77)
* fix heap user after free in run_filters() (OSS-Fuzz 46279, #1715)
- Drop upstream merged fix-CVE-2022-26280.patch
* Thu Apr 07 2022 Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init
(CVE-2022-26280, bsc#1197634)
* fix-CVE-2022-26280.patch
* Thu Feb 24 2022 Ferdinand Thiessen <rpm@fthiessen.de>
- Update to 3.6.0
* Fix use-after-free bug (CVE-2021-36976)
* tar: new option "--no-read-sparse"
* tar: threads support for zstd
* RAR reader: filter support
* RAR5 reader: self-extracting archive support
* ZIP reader: zstd decompression support
* tar: respect "--ignore-zeros" in c, r and u modes
* reduced size of application binaries
* internal code optimizations
- Drop upstream merged:
* fix-following-symlinks.patch
* fix-CVE-2021-36976.patch
* Wed Feb 23 2022 Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2021-36976 use-after-free in copy_string
(CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
CVE-2017-5601, bsc#1022528, bsc#1189528
/usr/include/archive.h /usr/include/archive_entry.h /usr/lib64/libarchive.so /usr/lib64/pkgconfig/libarchive.pc /usr/share/doc/packages/libarchive-devel /usr/share/doc/packages/libarchive-devel/examples /usr/share/doc/packages/libarchive-devel/examples/minitar /usr/share/doc/packages/libarchive-devel/examples/minitar/README /usr/share/doc/packages/libarchive-devel/examples/minitar/minitar.c /usr/share/doc/packages/libarchive-devel/examples/tarfilter.c /usr/share/doc/packages/libarchive-devel/examples/untar.c /usr/share/licenses/libarchive-devel /usr/share/licenses/libarchive-devel/COPYING /usr/share/man/man3/archive_entry.3.gz /usr/share/man/man3/archive_entry_acl.3.gz /usr/share/man/man3/archive_entry_linkify.3.gz /usr/share/man/man3/archive_entry_misc.3.gz /usr/share/man/man3/archive_entry_paths.3.gz /usr/share/man/man3/archive_entry_perms.3.gz /usr/share/man/man3/archive_entry_stat.3.gz /usr/share/man/man3/archive_entry_time.3.gz /usr/share/man/man3/archive_read.3.gz /usr/share/man/man3/archive_read_add_passphrase.3.gz /usr/share/man/man3/archive_read_data.3.gz /usr/share/man/man3/archive_read_disk.3.gz /usr/share/man/man3/archive_read_extract.3.gz /usr/share/man/man3/archive_read_filter.3.gz /usr/share/man/man3/archive_read_format.3.gz /usr/share/man/man3/archive_read_free.3.gz /usr/share/man/man3/archive_read_header.3.gz /usr/share/man/man3/archive_read_new.3.gz /usr/share/man/man3/archive_read_open.3.gz /usr/share/man/man3/archive_read_set_options.3.gz /usr/share/man/man3/archive_util.3.gz /usr/share/man/man3/archive_write.3.gz /usr/share/man/man3/archive_write_blocksize.3.gz /usr/share/man/man3/archive_write_data.3.gz /usr/share/man/man3/archive_write_disk.3.gz /usr/share/man/man3/archive_write_filter.3.gz /usr/share/man/man3/archive_write_finish_entry.3.gz /usr/share/man/man3/archive_write_format.3.gz /usr/share/man/man3/archive_write_free.3.gz /usr/share/man/man3/archive_write_header.3.gz /usr/share/man/man3/archive_write_new.3.gz /usr/share/man/man3/archive_write_open.3.gz /usr/share/man/man3/archive_write_set_options.3.gz /usr/share/man/man3/archive_write_set_passphrase.3.gz /usr/share/man/man3/libarchive.3.gz /usr/share/man/man3/libarchive_changes.3.gz /usr/share/man/man3/libarchive_internals.3.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Oct 19 22:42:15 2025