221 lines
8.0 KiB
RPMSpec
221 lines
8.0 KiB
RPMSpec
Summary: Tar file manipulation API
|
|
Name: libtar
|
|
Version: 1.2.20
|
|
Release: 17%{?dist}
|
|
License: MIT
|
|
URL: http://repo.or.cz/libtar.git
|
|
Source: http://repo.or.cz/libtar.git/snapshot/refs/tags/v1.2.20.tar.gz#/libtar-v1.2.20.tar.gz
|
|
Patch1: libtar-1.2.11-missing-protos.patch
|
|
Patch4: libtar-1.2.11-mem-deref.patch
|
|
Patch5: libtar-1.2.20-fix-resource-leaks.patch
|
|
Patch6: libtar-1.2.11-bz729009.patch
|
|
Patch7: libtar-1.2.20-no-static-buffer.patch
|
|
|
|
# fix programming mistakes detected by static analysis (#1602596)
|
|
Patch8: libtar-1.2.20-static-analysis.patch
|
|
|
|
# fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
|
|
Patch9: libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
|
|
|
|
# fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
|
|
Patch10: libtar-1.2.20-CVE-2021-33645-CVE-2021-33646.patch
|
|
|
|
BuildRequires: libtool
|
|
BuildRequires: zlib-devel
|
|
|
|
%description
|
|
libtar is a C library for manipulating tar archives. It supports both
|
|
the strict POSIX tar format and many of the commonly-used GNU
|
|
extensions.
|
|
|
|
|
|
%package devel
|
|
Summary: Development files for %{name}
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description devel
|
|
The %{name}-devel package contains libraries and header files for
|
|
developing applications that use %{name}.
|
|
|
|
|
|
%prep
|
|
%autosetup -n libtar-v%{version} -p1
|
|
|
|
# set correct version for .so build
|
|
%global ltversion %(echo %{version} | tr '.' ':')
|
|
sed -i 's/-rpath $(libdir)/-rpath $(libdir) -version-number %{ltversion}/' \
|
|
lib/Makefile.in
|
|
|
|
autoreconf -iv
|
|
|
|
|
|
%build
|
|
%configure --disable-static
|
|
make %{?_smp_mflags}
|
|
|
|
|
|
%install
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
# Without this we get no debuginfo and stripping
|
|
chmod +x $RPM_BUILD_ROOT%{_libdir}/libtar.so.%{version}
|
|
rm $RPM_BUILD_ROOT%{_libdir}/*.la
|
|
|
|
|
|
%ldconfig_scriptlets
|
|
|
|
|
|
%files
|
|
%doc COPYRIGHT TODO README ChangeLog*
|
|
%{_bindir}/%{name}
|
|
%{_libdir}/lib*.so.*
|
|
|
|
%files devel
|
|
%{_includedir}/libtar.h
|
|
%{_includedir}/libtar_listhash.h
|
|
%{_libdir}/lib*.so
|
|
%{_mandir}/man3/*.3*
|
|
|
|
|
|
%changelog
|
|
* Mon Dec 19 2022 Kamil Dudka <kdudka@redhat.com> - 1.2.20-17
|
|
- fix use-after-free bugs introduced by incorrect memleak fixes (CVE-2021-33640)
|
|
|
|
* Fri Aug 26 2022 Kamil Dudka <kdudka@redhat.com> - 1.2.20-16
|
|
- fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
|
|
- fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
|
|
|
|
* Wed Nov 07 2018 Kamil Dudka <kdudka@redhat.com> - 1.2.20-15
|
|
- fix programming mistakes detected by static analysis (#1602596)
|
|
|
|
* Thu Jul 12 2018 Kamil Dudka <kdudka@redhat.com> - 1.2.20-14
|
|
- fix source URL and re-download the upstream tarball
|
|
|
|
* Wed May 30 2018 Kamil Dudka <kdudka@redhat.com> - 1.2.20-13
|
|
- drop obsolete Group tags
|
|
- replace dead project URL
|
|
|
|
* Thu Feb 08 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.2.20-12
|
|
- Switch to %%ldconfig_scriptlets
|
|
|
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.20-12
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.20-11
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.20-10
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.20-9
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.20-8
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.20-7
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
|
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1.2.20-6
|
|
- Rebuilt for Fedora 23 Change
|
|
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
|
|
|
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.20-5
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.20-4
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
|
* Fri Oct 25 2013 Kamil Dudka <kdudka@redhat.com> - 1.2.20-3
|
|
- avoid using a static buffer in th_get_pathname()
|
|
|
|
* Wed Oct 16 2013 Kamil Dudka <kdudka@redhat.com> - 1.2.20-2
|
|
- use the upstream version of resource leak patches
|
|
|
|
* Thu Oct 10 2013 Kamil Dudka <kdudka@redhat.com> - 1.2.20-1
|
|
- update to 1.2.20 (latest upstream release)
|
|
|
|
* Thu Oct 10 2013 Kamil Dudka <kdudka@redhat.com> - 1.2.11-28
|
|
- fix CVE-2013-4397: buffer overflows by expanding a specially-crafted archive
|
|
|
|
* Fri Oct 04 2013 Kamil Dudka <kdudka@redhat.com> - 1.2.11-27
|
|
- fix file descriptor leaks reported by cppcheck (#785760)
|
|
|
|
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.11-26
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.11-25
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
|
* Tue Aug 28 2012 Kamil Dudka <kdudka@redhat.com> - 1.2.11-24
|
|
- fix specfile issues reported by the fedora-review script
|
|
|
|
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.11-23
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.11-22
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
|
* Tue Aug 09 2011 Kamil Dudka <kdudka@redhat.com> - 1.2.11-21
|
|
- Allow to extract debug-info from /usr/bin/libtar (#729009)
|
|
|
|
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.11-20
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
|
* Thu May 27 2010 Kamil Dudka <kdudka@redhat.com> - 1.2.11-19
|
|
- Completed review of memory leaks related patches (#589056)
|
|
|
|
* Mon May 3 2010 Huzaifa Sidhpurwala <huzaifas@redhat.com> - 1.2.11-18
|
|
- Fix more memory leaks
|
|
|
|
* Mon May 3 2010 Huzaifa Sidhpurwala <huzaifas@redhat.com> - 1.2.11-17
|
|
- Fix lot of memory leaks
|
|
|
|
* Thu Dec 31 2009 Huzaifa Sidhpurwala <huzaifas@redhat.com> - 1.2.11-16
|
|
- Fix invalid memory de-reference issue in BZ #551415
|
|
|
|
* Fri Nov 20 2009 Huzaifa Sidhpurwala <huzaifas@redhat.com> - 1.2.11-15
|
|
- Fix buffer overflow in BZ #538770
|
|
|
|
* Tue Sep 22 2009 Stepan Kasal <skasal@redhat.com> - 1.2.11-14
|
|
- fix up so that it builds again (#511566)
|
|
|
|
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.11-13
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
|
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.11-12
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
|
* Thu Apr 3 2008 Hans de Goede <j.w.r.degoede@hhs.nl> 1.2.11-11
|
|
- Fix missing prototype compiler warnings
|
|
|
|
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.2.11-10
|
|
- Autorebuild for GCC 4.3
|
|
|
|
* Mon Aug 13 2007 Hans de Goede <j.w.r.degoede@hhs.nl> 1.2.11-9
|
|
- Update License tag for new Licensing Guidelines compliance
|
|
|
|
* Mon Aug 28 2006 Hans de Goede <j.w.r.degoede@hhs.nl> 1.2.11-8
|
|
- FE6 Rebuild
|
|
|
|
* Sun Jul 23 2006 Hans de Goede <j.w.r.degoede@hhs.nl> 1.2.11-7
|
|
- Taking over as maintainer since Anvil has other priorities
|
|
- Add a bunch of patches from Debian, which build a .so instead of a .a
|
|
and fix a bunch of memory leaks.
|
|
- Reinstate a proper devel package as we now build a .so
|
|
|
|
* Thu Mar 16 2006 Dams <anvil[AT]livna.org> - 1.2.11-6.fc5
|
|
- Modified URL and added one in Source0
|
|
|
|
* Sun May 22 2005 Jeremy Katz <katzj@redhat.com> - 1.2.11-5
|
|
- rebuild on all arches
|
|
|
|
* Fri Apr 8 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
|
|
- rebuilt
|
|
|
|
* Sat Aug 16 2003 Dams <anvil[AT]livna.org> 0:1.2.11-0.fdr.3
|
|
- Merged devel and main packages
|
|
- Package provide now libtar-devel
|
|
|
|
* Tue Jul 8 2003 Dams <anvil[AT]livna.org>
|
|
- Initial build.
|