Ubuntu

“libarchive” 2.8.4-1ubuntu0.10.10.1 source package in Ubuntu

Changelog

libarchive (2.8.4-1ubuntu0.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via iso9660 overflows
    - debian/patches/CVE-2011-1777.patch: correctly fail on out of memory
      conditions in libarchive/archive_read_support_format_iso9660.c.
    - CVE-2011-1777
  * SECURITY UPDATE: arbitrary code execution via tar overflows
    - debian/patches/CVE-2011-1778.patch: correctly fail on out of memory
      conditions in libarchive/archive_read_support_format_tar.c
    - CVE-2011-1778
 -- Marc Deslauriers <email address hidden>   Fri, 09 Dec 2011 12:34:05 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2011-12-12
Uploaded to:
Maverick
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
any
Section:
libs
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
libarchive_2.8.4.orig.tar.gz 1.4 MiB 83b237a542f27969a8d68ac217dc3796
libarchive_2.8.4-1ubuntu0.10.10.1.debian.tar.gz 15.5 KiB bcdaf4f554c7f2274856cf500e28c563
libarchive_2.8.4-1ubuntu0.10.10.1.dsc 2.1 KiB 7dc37c51556e05b00f344769b85fb373

Binary packages built by this source

bsdcpio: cpio(1) from FreeBSD, using libarchive

 This package provides an interface similar to cpio(1), but using
 libarchive as the backend for the archiving and extraction of data.
 It can read CPIO, tar, pax, zip, jar, ar, and ISO9660 images and provides
 similar features to the bsdtar package. Features include:
 .
  * Automatic format detection. Libarchive automatically detects the
    compression (none/gzip/bzip2) and format (old tar, ustar, gnutar,
    pax, cpio, iso9660, zip) when reading archives. It does this for
    any data source.
 .
  * Pax Interchange Format Support. This is a POSIX/SUSv3 extension to
    the old "ustar" tar format that adds arbitrary extended attributes
    to each entry. Does everything that GNU tar format does, only
    better.
 .
  * Handles file flags, ACLs, arbitrary pathnames, etc. Pax interchange
    format supports key/value attributes using an easily-extensible
    technique. Arbitrary pathnames, group names, user names, file sizes
    are part of the POSIX standard; libarchive extends this with
    support for file flags, ACLs, and arbitrary device numbers.
 .
  * GNU tar support. Libarchive reads most GNU tar archives. If there
    is demand, this can be improved further.

bsdtar: tar(1) from FreeBSD, using libarchive

 The bsdtar program has a number of advantages over previous tar
 implementations:
 .
  * Library. Since the core functionality is in a library, it can be
    used by other tools, such as pkg_add.
 .
  * Automatic format detection. Libarchive automatically detects the
    compression (none/gzip/bzip2) and format (old tar, ustar, gnutar,
    pax, cpio, iso9660, zip) when reading archives. It does this for
    any data source.
 .
  * Pax Interchange Format Support. This is a POSIX/SUSv3 extension to
    the old "ustar" tar format that adds arbitrary extended attributes
    to each entry. Does everything that GNU tar format does, only
    better.
 .
  * Handles file flags, ACLs, arbitrary pathnames, etc. Pax interchange
    format supports key/value attributes using an easily-extensible
    technique. Arbitrary pathnames, group names, user names, file sizes
    are part of the POSIX standard; libarchive extends this with
    support for file flags, ACLs, and arbitrary device numbers.
 .
  * GNU tar support. Libarchive reads most GNU tar archives. If there
    is demand, this can be improved further.

libarchive-dev: Single library to read/write tar, cpio, pax, zip, iso9660, etc.

 The libarchive library provides a flexible interface for reading and
 writing streaming archive files such as tar and cpio. The library is
 inherently stream-oriented; readers serially iterate through the archive,
 writers serially add things to the archive. In particular, note that
 there is no built-in support for random access nor for in-place
 modification.
 .
 libarchive can read at least five tar formats, four cpio formats,
 ISO9660 CD/DVD images (including RockRidge extensions), and ZIP
 files.
 .
 libarchive can write two tar formats (ustar and pax), one cpio format
 (odc/POSIX), and two types of shar files (with and without uuencoding).
 .
 The bsdtar Debian package, which is the default tar(1) on FreeBSD,
 is built using libarchive. The bsdcpio Debian package is also built
 using libarchive.
 .
 There is also a manpage, tar(5), in libarchive1 that provides
 an excellent description of the various tar file formats.

libarchive1: Single library to read/write tar, cpio, pax, zip, iso9660, etc.

 The libarchive library provides a flexible interface for reading and
 writing streaming archive files such as tar and cpio. The library is
 inherently stream-oriented; readers serially iterate through the archive,
 writers serially add things to the archive. In particular, note that
 there is no built-in support for random access nor for in-place
 modification.
 .
 libarchive can read at least five tar formats, four cpio formats,
 ISO9660 CD/DVD images (including RockRidge extensions), and ZIP
 files.
 .
 libarchive can write two tar formats (ustar and pax), one cpio format
 (odc/POSIX), and two types of shar files (with and without uuencoding).
 .
 The bsdtar Debian package, which is the default tar(1) on FreeBSD,
 is built using libarchive.
 .
 There is also a manpage, tar(5), that provides an excellent description
 of the various tar file formats.