#
b9128a37 |
|
16-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.3 New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1) Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173 Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives PR: 278315 (exp-run) MFC after: 1 week
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
bd5e624a |
|
13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.6.2 Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL MFC after: 2 weeks PR: 286306 (exp-run)
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
de6fa6b4 |
|
20-May-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r361280: Update libarchive to 3.4.3 Relevant vendor changes: PR #1352: support negative zstd compression levels PR #1359: improve zstd version checking PR #1348: support RHT.security.selinux from GNU tar PR #1357: support for archives compressed with pzstd PR #1367: fix issues in acl tests PR #1372: child handling cleanup PR #1378: fix memory leak from passphrase callback
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
74e51512 |
|
28-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r349454: Sync libarchive with vendor. Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
2a021abd |
|
13-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344088 (libarchive): archive_read_disk_posix.c: initialize delayed_errno MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
47af42f8 |
|
05-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305420: Sync libarchive with vendor Vendor issues fixed: PR #777: Multiple bugfixes for setup_acls() This includes a bugfix for a bug that caused ACLs not to be read properly for files and directories inside subdirectories and as a result not being stored or being incorrectly stored in tar archives. MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
eb828e1b |
|
30-Mar-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix --one-file-system to include the directory encountered rather than excluding it. This was broken in 3.0.4 (r238856). Obtained from: https://github.com/libarchive/libarchive/commit/fa9e61 MFC after: 3 days Sponsored by: EMC / Isilon Storage Division |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
bd5e624a |
|
13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.6.2 Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL MFC after: 2 weeks PR: 286306 (exp-run)
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
de6fa6b4 |
|
20-May-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r361280: Update libarchive to 3.4.3 Relevant vendor changes: PR #1352: support negative zstd compression levels PR #1359: improve zstd version checking PR #1348: support RHT.security.selinux from GNU tar PR #1357: support for archives compressed with pzstd PR #1367: fix issues in acl tests PR #1372: child handling cleanup PR #1378: fix memory leak from passphrase callback
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
74e51512 |
|
28-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r349454: Sync libarchive with vendor. Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
2a021abd |
|
13-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344088 (libarchive): archive_read_disk_posix.c: initialize delayed_errno MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
47af42f8 |
|
05-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305420: Sync libarchive with vendor Vendor issues fixed: PR #777: Multiple bugfixes for setup_acls() This includes a bugfix for a bug that caused ACLs not to be read properly for files and directories inside subdirectories and as a result not being stored or being incorrectly stored in tar archives. MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
eb828e1b |
|
30-Mar-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix --one-file-system to include the directory encountered rather than excluding it. This was broken in 3.0.4 (r238856). Obtained from: https://github.com/libarchive/libarchive/commit/fa9e61 MFC after: 3 days Sponsored by: EMC / Isilon Storage Division |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
bd5e624a |
|
13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.6.2 Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL MFC after: 2 weeks PR: 286306 (exp-run)
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
de6fa6b4 |
|
20-May-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r361280: Update libarchive to 3.4.3 Relevant vendor changes: PR #1352: support negative zstd compression levels PR #1359: improve zstd version checking PR #1348: support RHT.security.selinux from GNU tar PR #1357: support for archives compressed with pzstd PR #1367: fix issues in acl tests PR #1372: child handling cleanup PR #1378: fix memory leak from passphrase callback
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
74e51512 |
|
28-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r349454: Sync libarchive with vendor. Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
2a021abd |
|
13-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344088 (libarchive): archive_read_disk_posix.c: initialize delayed_errno MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
47af42f8 |
|
05-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305420: Sync libarchive with vendor Vendor issues fixed: PR #777: Multiple bugfixes for setup_acls() This includes a bugfix for a bug that caused ACLs not to be read properly for files and directories inside subdirectories and as a result not being stored or being incorrectly stored in tar archives. MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
eb828e1b |
|
30-Mar-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix --one-file-system to include the directory encountered rather than excluding it. This was broken in 3.0.4 (r238856). Obtained from: https://github.com/libarchive/libarchive/commit/fa9e61 MFC after: 3 days Sponsored by: EMC / Isilon Storage Division |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
bd5e624a |
|
13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.6.2 Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL MFC after: 2 weeks PR: 286306 (exp-run)
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
de6fa6b4 |
|
20-May-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r361280: Update libarchive to 3.4.3 Relevant vendor changes: PR #1352: support negative zstd compression levels PR #1359: improve zstd version checking PR #1348: support RHT.security.selinux from GNU tar PR #1357: support for archives compressed with pzstd PR #1367: fix issues in acl tests PR #1372: child handling cleanup PR #1378: fix memory leak from passphrase callback
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
74e51512 |
|
28-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r349454: Sync libarchive with vendor. Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
2a021abd |
|
13-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344088 (libarchive): archive_read_disk_posix.c: initialize delayed_errno MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
47af42f8 |
|
05-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305420: Sync libarchive with vendor Vendor issues fixed: PR #777: Multiple bugfixes for setup_acls() This includes a bugfix for a bug that caused ACLs not to be read properly for files and directories inside subdirectories and as a result not being stored or being incorrectly stored in tar archives. MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
eb828e1b |
|
30-Mar-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix --one-file-system to include the directory encountered rather than excluding it. This was broken in 3.0.4 (r238856). Obtained from: https://github.com/libarchive/libarchive/commit/fa9e61 MFC after: 3 days Sponsored by: EMC / Isilon Storage Division |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
de6fa6b4 |
|
20-May-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r361280: Update libarchive to 3.4.3 Relevant vendor changes: PR #1352: support negative zstd compression levels PR #1359: improve zstd version checking PR #1348: support RHT.security.selinux from GNU tar PR #1357: support for archives compressed with pzstd PR #1367: fix issues in acl tests PR #1372: child handling cleanup PR #1378: fix memory leak from passphrase callback
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
74e51512 |
|
28-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r349454: Sync libarchive with vendor. Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
2a021abd |
|
13-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344088 (libarchive): archive_read_disk_posix.c: initialize delayed_errno MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
47af42f8 |
|
05-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305420: Sync libarchive with vendor Vendor issues fixed: PR #777: Multiple bugfixes for setup_acls() This includes a bugfix for a bug that caused ACLs not to be read properly for files and directories inside subdirectories and as a result not being stored or being incorrectly stored in tar archives. MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
eb828e1b |
|
30-Mar-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix --one-file-system to include the directory encountered rather than excluding it. This was broken in 3.0.4 (r238856). Obtained from: https://github.com/libarchive/libarchive/commit/fa9e61 MFC after: 3 days Sponsored by: EMC / Isilon Storage Division |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
de6fa6b4 |
|
20-May-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r361280: Update libarchive to 3.4.3 Relevant vendor changes: PR #1352: support negative zstd compression levels PR #1359: improve zstd version checking PR #1348: support RHT.security.selinux from GNU tar PR #1357: support for archives compressed with pzstd PR #1367: fix issues in acl tests PR #1372: child handling cleanup PR #1378: fix memory leak from passphrase callback
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
74e51512 |
|
28-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r349454: Sync libarchive with vendor. Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
2a021abd |
|
13-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344088 (libarchive): archive_read_disk_posix.c: initialize delayed_errno MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
47af42f8 |
|
05-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305420: Sync libarchive with vendor Vendor issues fixed: PR #777: Multiple bugfixes for setup_acls() This includes a bugfix for a bug that caused ACLs not to be read properly for files and directories inside subdirectories and as a result not being stored or being incorrectly stored in tar archives. MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
eb828e1b |
|
30-Mar-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix --one-file-system to include the directory encountered rather than excluding it. This was broken in 3.0.4 (r238856). Obtained from: https://github.com/libarchive/libarchive/commit/fa9e61 MFC after: 3 days Sponsored by: EMC / Isilon Storage Division |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
de6fa6b4 |
|
20-May-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r361280: Update libarchive to 3.4.3 Relevant vendor changes: PR #1352: support negative zstd compression levels PR #1359: improve zstd version checking PR #1348: support RHT.security.selinux from GNU tar PR #1357: support for archives compressed with pzstd PR #1367: fix issues in acl tests PR #1372: child handling cleanup PR #1378: fix memory leak from passphrase callback
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
74e51512 |
|
28-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r349454: Sync libarchive with vendor. Relevant vendor changes: PR #1217: RAR5 reader - fix ARM filter going beyond window buffer boundary (OSS-Fuzz 15431) PR #1218: Fixes to sparse file handling MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
2a021abd |
|
13-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344088 (libarchive): archive_read_disk_posix.c: initialize delayed_errno MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
47af42f8 |
|
05-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305420: Sync libarchive with vendor Vendor issues fixed: PR #777: Multiple bugfixes for setup_acls() This includes a bugfix for a bug that caused ACLs not to be read properly for files and directories inside subdirectories and as a result not being stored or being incorrectly stored in tar archives. MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
eb828e1b |
|
30-Mar-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix --one-file-system to include the directory encountered rather than excluding it. This was broken in 3.0.4 (r238856). Obtained from: https://github.com/libarchive/libarchive/commit/fa9e61 MFC after: 3 days Sponsored by: EMC / Isilon Storage Division |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
eb828e1b |
|
30-Mar-2015 |
Bryan Drewery <bdrewery@FreeBSD.org> |
Fix --one-file-system to include the directory encountered rather than excluding it. This was broken in 3.0.4 (r238856). Obtained from: https://github.com/libarchive/libarchive/commit/fa9e61 MFC after: 3 days Sponsored by: EMC / Isilon Storage Division
|