|
|
@@ -1,7 +1,7 @@
|
|
|
Name: libarchive
|
|
|
Summary: A library for handling streaming archive formats
|
|
|
Version: 3.6.1
|
|
|
-Release: 1%{?_dist_release}
|
|
|
+Release: 2%{?_dist_release}
|
|
|
Group: system
|
|
|
Vendor: Project Vine
|
|
|
Distribution: Vine Linux
|
|
|
@@ -16,6 +16,8 @@ Source0: https://www.libarchive.org/downloads/%{name}-%{version}.tar.gz
|
|
|
# loaded, which breaks the RIPEMD-160 test. This patch disables the RIPEMD-160
|
|
|
# support explicitly.
|
|
|
Patch0001: 0001-Drop-rmd160-from-OpenSSL.patch
|
|
|
+# https://github.com/libarchive/libarchive/commit/fd180c36036df7181a64931264732a10ad8cd024
|
|
|
+Patch1000: CVE-2022-36227.patch
|
|
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
|
|
BuildRequires: bzip2-devel
|
|
|
@@ -50,6 +52,8 @@ developing applications that use %{name}.
|
|
|
%prep
|
|
|
%autosetup -p1
|
|
|
|
|
|
+autoreconf -vif
|
|
|
+
|
|
|
|
|
|
%build
|
|
|
%configure \
|
|
|
@@ -88,6 +92,9 @@ rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
+* Tue Nov 29 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.6.1-2
|
|
|
+- imported Patch1000 from upstream to fix CVE-2022-36227.
|
|
|
+
|
|
|
* Fri May 13 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.6.1-1
|
|
|
- new upstream release.
|
|
|
- dropped Patch0: fixed in upstream.
|
