Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions SPECS/libarchive/libarchive.signatures.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"Signatures": {
"libarchive-3.7.7.tar.gz": "4cc540a3e9a1eebdefa1045d2e4184831100667e6d7d5b315bb1cbc951f8ddff"
}
}
"Signatures": {
"libarchive-3.7.7-stripped.tar.gz": "d22804b9369bfb0ceb6151d935519364add519a3c597bc2af657ecf976b43ece"
}
}
11 changes: 9 additions & 2 deletions SPECS/libarchive/libarchive.spec
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
Summary: Multi-format archive and compression library
Name: libarchive
Version: 3.7.7
Release: 6%{?dist}
Release: 7%{?dist}
# Certain files have individual licenses. For more details see contents of "COPYING".
License: BSD AND Public Domain AND (ASL 2.0 OR CC0 1.0 OR OpenSSL)
Vendor: Microsoft Corporation
Distribution: Azure Linux
URL: https://www.libarchive.org/
Source0: https://github.com/libarchive/libarchive/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source0: https://github.com/libarchive/libarchive/releases/download/v%{version}/%{name}-%{version}.tar.gz#/%{name}-%{version}-stripped.tar.gz
Patch0: CVE-2025-1632.patch
Patch1: CVE-2025-25724.patch
Patch2: CVE-2025-5914.patch
Expand All @@ -20,6 +20,9 @@ Patch8: CVE-2026-4111.patch
Patch9: CVE-2026-4424.patch
Patch10: CVE-2026-4426.patch
Patch11: CVE-2026-5121.patch
# Skip encrypted corrupted ptests (includes removal of CVE corrupted files also)
Patch12: skip-stripped-fixture-tests.patch

Provides: bsdtar = %{version}-%{release}

BuildRequires: xz-libs
Expand Down Expand Up @@ -77,6 +80,10 @@ make %{?_smp_mflags} check
%{_libdir}/pkgconfig/*.pc

%changelog
* Wed Jul 15 2026 Akhila Guruju <v-guakhila@microsoft.com> - 3.7.7-7
- Strip encrypted/corrupted pre-compressed test fixtures from source tarball
- Skip stripped fixture tests

* Fri Apr 17 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.7.7-6
- Patch for CVE-2026-5121, CVE-2026-4426, CVE-2026-4424

Expand Down
Loading
Loading