Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libarchive for openSUSE:Factory checked in at 2026-04-16 17:25:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libarchive (Old) and /work/SRC/openSUSE:Factory/.libarchive.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libarchive" Thu Apr 16 17:25:15 2026 rev:64 rq:1346471 version:3.8.7 Changes: -------- --- /work/SRC/openSUSE:Factory/libarchive/libarchive.changes 2026-04-11 22:29:20.511673179 +0200 +++ /work/SRC/openSUSE:Factory/.libarchive.new.11940/libarchive.changes 2026-04-16 17:25:32.743914242 +0200 @@ -1,0 +2,17 @@ +Mon Apr 13 14:32:28 UTC 2026 - Marius Grossu <[email protected]> + +- Update to 3.8.7: + * CAB: fix NULL pointer dereference during skip (#2900) + * CAB: Fix Heap OOB Write in CAB LZX decoder (#2919) + * cpio: various fixes and improvements (#2899, #2908, #2910, #2939) + * contrib/untar: fix out-of-bounds read (#2903) + * iso9660: fix undefined behavior (#2897) + * iso9660: fix posibble heap buffer overflow on 32-bit systems (#2934) + * libarchive: fix handling of option failures (#2871) + * libarchive: do not continue with truncated numbers (#2911) + * libarchive: lzop and grzip filter support (#2947) + * RAR: fix LZSS window size mismatch after PPMd block (#2898) +- Added add-missing-tests.patch: the distributed tarball is missing a test file, add it back +- Removed libarchive-3.8.6-add-missing-test.patch + +------------------------------------------------------------------- Old: ---- libarchive-3.8.6-add-missing-test.patch libarchive-3.8.6.tar.xz libarchive-3.8.6.tar.xz.asc New: ---- add-missing-tests.patch libarchive-3.8.7.tar.xz libarchive-3.8.7.tar.xz.asc ----------(Old B)---------- Old:- Added add-missing-tests.patch: the distributed tarball is missing a test file, add it back - Removed libarchive-3.8.6-add-missing-test.patch ----------(Old E)---------- ----------(New B)---------- New: * RAR: fix LZSS window size mismatch after PPMd block (#2898) - Added add-missing-tests.patch: the distributed tarball is missing a test file, add it back - Removed libarchive-3.8.6-add-missing-test.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libarchive.spec ++++++ --- /var/tmp/diff_new_pack.6JQSel/_old 2026-04-16 17:25:34.051968132 +0200 +++ /var/tmp/diff_new_pack.6JQSel/_new 2026-04-16 17:25:34.055968297 +0200 @@ -20,7 +20,7 @@ %define somajor 13 %define libname libarchive%{somajor} Name: libarchive -Version: 3.8.6 +Version: 3.8.7 Release: 0 Summary: Utility and C library to create and read several streaming archive formats License: BSD-2-Clause @@ -30,8 +30,7 @@ Source1: https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.xz.asc Source2: libarchive.keyring Source1000: baselibs.conf -# https://github.com/libarchive/libarchive/issues/2916 -Patch0: libarchive-3.8.6-add-missing-test.patch +Patch0: add-missing-tests.patch BuildRequires: cmake BuildRequires: ninja BuildRequires: pkgconfig ++++++ add-missing-tests.patch ++++++ >From 32b62cf785e6d89a6ad525dff631da8a8924cecf Mon Sep 17 00:00:00 2001 From: LoboQ1ng <[email protected]> Date: Tue, 10 Mar 2026 17:04:43 +0000 Subject: [PATCH] Fix missing test files for CAB skip malformed test Files were referenced in CMakeLists.txt but missing from the release tarball. diff --git a/libarchive/test/test_read_format_cab_skip_malformed.c b/libarchive/test/test_read_format_cab_skip_malformed.c new file mode 100644 index 0000000000..05cc80b79c --- /dev/null +++ b/libarchive/test/test_read_format_cab_skip_malformed.c @@ -0,0 +1,41 @@ +#include "test.h" + +DEFINE_TEST(test_read_format_cab_skip_malformed) +{ + /* Reference to the malformed CAB file */ + const char *refname = "test_read_format_cab_skip_malformed.cab"; + struct archive *a; + struct archive_entry *ae; + void *buffer; + size_t buffersize; + + /* Extract the reference file into the test sandbox */ + extract_reference_file(refname); + + /* Read the entire file into memory */ + buffer = slurpfile(&buffersize, "%s", refname); + assert(buffer != NULL); + + /* Initialize the archive reader */ + assert((a = archive_read_new()) != NULL); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); + + /* Read from memory (a prerequisite for triggering this specific bug) */ + assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buffer, buffersize)); + + /* Simulate the parsing flow to trigger the implicit skip routine */ + while (archive_read_next_header(a, &ae) == ARCHIVE_OK) { + const void *buff; + size_t size_read; + int64_t offset; + while (archive_read_data_block(a, &buff, &size_read, &offset) == ARCHIVE_OK) { + /* Consume data. This will fail quickly due to the malformed payload. */ + } + } + + /* Clean up. If the patch is effective, the program reaches here safely. */ + assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); + assertEqualInt(ARCHIVE_OK, archive_read_free(a)); + free(buffer); +} \ No newline at end of file diff --git a/libarchive/test/test_read_format_cab_skip_malformed.cab.uu b/libarchive/test/test_read_format_cab_skip_malformed.cab.uu new file mode 100644 index 0000000000..7ec8343354 --- /dev/null +++ b/libarchive/test/test_read_format_cab_skip_malformed.cab.uu @@ -0,0 +1,95 @@ +begin 664 test_read_format_cab_skip_malformed.cab +M35-#1@````!!``"2DI*2DI(````````2Y``!``$``,2PW@``'P$``-(!```! +M.]+2"0D)"0D)"0D)"0D)"0D)"0FRLK*R"0D)"0D)"0D)"0D)LK*RLK*RLK(` +M``````````````````"RLK*RLK*RLK*RLK*RLK*RLK(*,``````````````` +M````LK*RX____[:RL@```````````````#`W,"]`````"G!P`````&UDL@HP +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M`````````%!+`P0````!#`P,#`P,#`P,#`P,#```````````````__\```3_ +M``!(___H````````````````````````````````````````____________ +M____________________________________________________```````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M@```````````````@`````$````````````````````````````````````` +M````````````````````````````````````````````#`H,#````'H,#`P` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M``````#__P``!/\``$C__^@```````````#_________________________ +M______________________________________\````````````````````` +M`"\O+R\O+R\O+R\O+R\O+R\O+R\O+R\G+PHQ-C4P+U):22\P-S!,4EI)"@HO +M=6YS970@<F$@("T@("!/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T\@(2`@("`@ +M+2`@("`@("`@(",@("`@("`@("L@("`@("`@("`@("`@("`@("`@("`@("`@ +M("`K('A,4EI)"@H*("`@("`@(``````````````````````````````````` +M```````````````````````````````````````````````````,]@P,#`H* +M```````````````````````````````````````````````````````````` +M``````````````````````````````````````#__P``!/\``$C__^@````` +M`%``````````````````````````````````________________________ +M________________________________________```````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M````````````````````````````````````````````````````@``````` +M````````@`````$````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M``````````````````````````````````````````#__P``!/\``$C__^@` +M``````````#_________________________________________________ +M______________\````````````````````````````````````````````` +M`````````````````````%!+`P0````!#`P,#`P,#`P,#`P,#```#`H,#``` +M`'H,```````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````,#`SV``````````````````````P, +M#`H*`/__```$_P``2/__Z````````````%#_________________________ +M______________________________________\````````````````````` +M````````````````````````````````````````````+R\P23@*"DQ:3#`P +M"DQ26DD*"DQ:+PH*,#`W,"\O,#<P+R\O+R\O+S!).`H*3%I,,"\P-S!,4EI) +M"@I,6B\O"F)E9VEN-F%E<RUB-"`Q(%TP-#`P5T%20R\O25HX"DQ,,`I,4EI) +M"@I,6B\O-S`W"DQ:3#`O,#<P3%):20H*3%HO+PIB96=I;BUB87-E-C0@-B`P +M-#`P5T%20R\O25HX"DQ,,`I,4EI)"@I,6B\O-S`W,#<O+R]:4B\O+R\O"C!@ +M-S`W,#$*#8V-C8V-C8V-C8V-C8V-C8V-C5!+`P10"@`*"C`P-S`O+S`W,"\O +M+R\O+R\P23@*"DQ:3#`O,#<P3%):20H*3%HO+PIB96=I;BUB87-E-C0@,2`P +M-#`P5T%20R\O25HX"DQ,"DQ:3#`O,#<P3%):20H*3%HO+PIB96=I;BUB87-E +M-C0@,2`P-#`P5T%20R\O25HV"DQ,,`I,4EI)"@I,6B\*"C`P-S`O+S`W,"\O +M+R\O+R\P23@*"DQ:3#`O,#<P3%):20H*3%HO+PIB90``V/\M`?\-__\-_RO_ +M_?____\F__\+____B?\*)PH``')R<G)R<G)R<G+_____________________ +M____________________________________________________________ +M____________________________________________________________ +M____________________________________________________<G)R<G)R +M<G)R<G)R<G)R<G)R<G)R<G)R<G)R<G)R<G)R<G)R<G)R<G)R<G)R<G)``!0` +M`````````````````$#_____"`1W2"__0`#D$P`G_D3________NXEQ<7%QR +M7#`P-S=<,#)<7%Q<7%Q<?%Q<7%Q<<EPP,#<W7#`R7%Q<7%Q<7%Q<,#)<7%Q< +M7%Q<7')<,#`W-UPP,EQ<7%Q<7"L*=75,6B\O"F)E9VEN+6)A<V4V-"`V(#`T +M,#!705)#+R])6C@*3"`Q(#`T,#!705)#+R])6C@*3$P*3%I,,"\P-S!,4EI) +M"@I,6B\O"F)E9VEN+6)A<V4V-"`Q(#`T,#!705)#+R])6C@*3$PP"DQ26DD* +M"DQ:+PH*,#`W,"\O,#<P+R\O+R\O+S!).`H*3%I,,"\P-S!,4EI)"@I,6B\O +M"F)E9VEN+6)A<V4V-"`Q,S`T,#!705)#+R])6C@*3$PP"DQ26DD*"DQ:+R\W +M,#<*3%I,,"\P-S!,4EI)"@I,6B\O"F)E9VEN+6)A<V4V-"`V(#`T,#!705)# +M+R])6C@*3$PP"DQ26DD*"DQ:+R\W,#<P-R\O+UI2+R\O+R\O+R\O-S`W"DQ: +M3#`O04Y325\P-S!,4EI)"@I,6B\O"F)E9VEN+6)A<V4V-"`V(#`T,#!705)# +M+R])6CP*3$PP"DQ26DD*"DQ:+R\W,#<P-R\O+UI2+R\O+R\O+R\O+R\O+R\O +M+R\O+R\O+R\O+R\P23@*"DQ:3"\O+R\O+R\P23@*"DQ:3#`O,#<P3%):20H* +M3%HO+PIB96=I;BUB87-E-C0@,2`P-#`P5T%20R\O25HX"DQ,,`I,4EI)"@I, +M6B\O-S`W"DQ:3#`O,#<P3%):20H*3%HO+PIB96=I;BUB87-/-C0@-B`P-#`P +M5T%20R\O25HX"DQ,,`I,4EI)"@I,6B\O-S`W,#<O+R]:4B\O+R\O+R\O+S<P +M-PI,6DPP+S`W,$Q26DD*"DQ:+R\*8F5G:6XM8F%S938T(#8@,#0P,%=!4D,O +M,#<P3%):20H*3%HO+PIB96=I;BUB87-E-C0@,2!=,#0P,%=!4D,O+TE:.`I, +M3#`*3%):20H*3%HO+S<P-PI,6DPP+S`W,$Q26DD*"DQ:+R\*8F5G:6XM8F%S +M938T(#8@,#0P,%=!4D,O+TE:.`I,3#`*3%):20H*,!^+#@`````````````` +M```````+``````#'<?\```````````L``````,=Q_____U):20```````!`D +M````````3%HO+S<P-S`W+R\O6E(O+R]Z+R\*,&`W,#<P,0H-"@U=2@T*#0HN +M+@H*#0!$`````%Q<7%QA7%Q<55Q<05PR*5Q<7%Q<7%Q<7%PP7%Q!7#(I7%Q< +M7%Q<7%Q<7#!<7$%<,BE<7%Q<85Q<7%5<7$%<,BE<7%Q<7%Q<7%Q<,%Q<7%Q< +M7%Q<7%Q57%Q!7#(I7`D)"0D)"0D)"0D)"0D)"0D)"0D)"@````!%1@"']@`` +!```` +` +end ++++++ libarchive-3.8.6.tar.xz -> libarchive-3.8.7.tar.xz ++++++ ++++ 5627 lines of diff (skipped)
