#
b9128a37 |
|
16-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.3 New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1) Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173 Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives PR: 278315 (exp-run) MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a8fc61d5 |
|
03-May-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r317781: Sync libarchive with vendor Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes MFC after: 1 week
|
#
333b68ab |
|
10-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313569:313569:313569: Sync libarchive with vendor Vendor bugfixes: cpio reader sanity fix (OSS-Fuzz 504) WARC reader sanity fixes (OSS-Fuzz 511, 526, 532, 552) mtree reader time parsing fix (OSS-Fuzz 538) XAR reader memleak fix (OSS-Fuzz 551) MFC after: 1 week
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
c38ff13d |
|
15-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r299576 and MFV r299895: Revert r299576: Fix broken cpio behavior. MFV r299895: Update to vendor git commit 860ec63. MFC after: 3 weeks (together with libarchive 3.2.0) Fix broken cpio behavior in pass-through mode with vendor code.
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
a85f1b1a |
|
14-May-2015 |
Xin LI <delphij@FreeBSD.org> |
MFV r282927,r282928,r282930 (kientzle): Don't segfault when reading malformed cpio archives. MFC after: 3 days
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
73278c58 |
|
27-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Update to vendor revision 4016. Vendor has integrated most of our local changes in revisions 3976-3979 so future updates are going to be easier. Thanks to Tim Kientzle <kientzle@FreeBSD.org>. MFC after: 8 days
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a8fc61d5 |
|
03-May-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r317781: Sync libarchive with vendor Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes MFC after: 1 week
|
#
333b68ab |
|
10-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313569:313569:313569: Sync libarchive with vendor Vendor bugfixes: cpio reader sanity fix (OSS-Fuzz 504) WARC reader sanity fixes (OSS-Fuzz 511, 526, 532, 552) mtree reader time parsing fix (OSS-Fuzz 538) XAR reader memleak fix (OSS-Fuzz 551) MFC after: 1 week
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
c38ff13d |
|
15-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r299576 and MFV r299895: Revert r299576: Fix broken cpio behavior. MFV r299895: Update to vendor git commit 860ec63. MFC after: 3 weeks (together with libarchive 3.2.0) Fix broken cpio behavior in pass-through mode with vendor code.
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
a85f1b1a |
|
14-May-2015 |
Xin LI <delphij@FreeBSD.org> |
MFV r282927,r282928,r282930 (kientzle): Don't segfault when reading malformed cpio archives. MFC after: 3 days
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
73278c58 |
|
27-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Update to vendor revision 4016. Vendor has integrated most of our local changes in revisions 3976-3979 so future updates are going to be easier. Thanks to Tim Kientzle <kientzle@FreeBSD.org>. MFC after: 8 days
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a8fc61d5 |
|
03-May-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r317781: Sync libarchive with vendor Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes MFC after: 1 week
|
#
333b68ab |
|
10-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313569:313569:313569: Sync libarchive with vendor Vendor bugfixes: cpio reader sanity fix (OSS-Fuzz 504) WARC reader sanity fixes (OSS-Fuzz 511, 526, 532, 552) mtree reader time parsing fix (OSS-Fuzz 538) XAR reader memleak fix (OSS-Fuzz 551) MFC after: 1 week
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
c38ff13d |
|
15-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r299576 and MFV r299895: Revert r299576: Fix broken cpio behavior. MFV r299895: Update to vendor git commit 860ec63. MFC after: 3 weeks (together with libarchive 3.2.0) Fix broken cpio behavior in pass-through mode with vendor code.
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
a85f1b1a |
|
14-May-2015 |
Xin LI <delphij@FreeBSD.org> |
MFV r282927,r282928,r282930 (kientzle): Don't segfault when reading malformed cpio archives. MFC after: 3 days
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
73278c58 |
|
27-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Update to vendor revision 4016. Vendor has integrated most of our local changes in revisions 3976-3979 so future updates are going to be easier. Thanks to Tim Kientzle <kientzle@FreeBSD.org>. MFC after: 8 days
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks
|
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks
|