#
13d826ff |
|
29-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.4 + three fixes from master Security fixes: #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) #2145 zip: Fix out of boundary access #2148 rar: Fix OOB in rar delta filter #2149 rar: Fix OOB in rar audio filter Important bugfixes: #2131 7zip: Limit amount of properties #2110 bsdtar: Fix error handling around strtol() usages #2116 passphrase: Never allow empty passwords #2124 rar: Fix "File CRC Error" when extracting specific rar4 archives #2123 xar: Avoid infinite link loop #2150 xar: Fix another infinite loop and expat error handling #2108 zip: Update AppleDouble support for directories #2071 zstd: Implement core detectiongit PR: 278588 (exp-run) MFC after: 1 day
|
#
b9128a37 |
|
16-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.3 New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1) Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173 Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives PR: 278315 (exp-run) MFC after: 1 week
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
87c1ec0a |
|
13-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368607: Sync libarchive with vendor. Vendor changes: Issue #1461: Unbreak build without lzma Issue #1462: warc reader: Fix build with gcc11 Issue #1463: Fix code compatibility in test_archive_read_support.c Issue #1464: Use built-in strnlen on platforms where not available Issue #1465: warc reader: fix undefined behaviour in deconst() function MFC after: 3 days X-MFC-With: 368234
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
482a8150 |
|
20-Sep-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r338797: Sync libarchive with vendor. Relevant vendor changes: PR #1019: Add allocation check for the zip_entry struct Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly Approved by: re (kib) MFC after: 1 week
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a7f7e457 |
|
28-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316083,316094: Sync libarchive with vendor Vendor changes (FreeBSD-related): - constify variables in several places - unify platform ACL code in a single source file - fix unused variable if compiling on FreeBSD without NFSv4 ACL support MFC after: 3 days X-MFC-with: 315636, 315876
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
5d6770bd |
|
15-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313781: Sync libarchive with vendor Vendor changes: Make SCHILY.acl.ace header more compact (NFSv4 ACLs) Vendor bugfixes: zip reader integer parsing fix (OSS-Fuzz 556) spelling fixes (issue #863)
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
b9128a37 |
|
16-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.3 New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1) Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173 Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives PR: 278315 (exp-run) MFC after: 1 week
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
87c1ec0a |
|
13-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368607: Sync libarchive with vendor. Vendor changes: Issue #1461: Unbreak build without lzma Issue #1462: warc reader: Fix build with gcc11 Issue #1463: Fix code compatibility in test_archive_read_support.c Issue #1464: Use built-in strnlen on platforms where not available Issue #1465: warc reader: fix undefined behaviour in deconst() function MFC after: 3 days X-MFC-With: 368234
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
482a8150 |
|
20-Sep-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r338797: Sync libarchive with vendor. Relevant vendor changes: PR #1019: Add allocation check for the zip_entry struct Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly Approved by: re (kib) MFC after: 1 week
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a7f7e457 |
|
28-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316083,316094: Sync libarchive with vendor Vendor changes (FreeBSD-related): - constify variables in several places - unify platform ACL code in a single source file - fix unused variable if compiling on FreeBSD without NFSv4 ACL support MFC after: 3 days X-MFC-with: 315636, 315876
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
5d6770bd |
|
15-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313781: Sync libarchive with vendor Vendor changes: Make SCHILY.acl.ace header more compact (NFSv4 ACLs) Vendor bugfixes: zip reader integer parsing fix (OSS-Fuzz 556) spelling fixes (issue #863)
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
87c1ec0a |
|
13-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368607: Sync libarchive with vendor. Vendor changes: Issue #1461: Unbreak build without lzma Issue #1462: warc reader: Fix build with gcc11 Issue #1463: Fix code compatibility in test_archive_read_support.c Issue #1464: Use built-in strnlen on platforms where not available Issue #1465: warc reader: fix undefined behaviour in deconst() function MFC after: 3 days X-MFC-With: 368234
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
482a8150 |
|
20-Sep-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r338797: Sync libarchive with vendor. Relevant vendor changes: PR #1019: Add allocation check for the zip_entry struct Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly Approved by: re (kib) MFC after: 1 week
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a7f7e457 |
|
28-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316083,316094: Sync libarchive with vendor Vendor changes (FreeBSD-related): - constify variables in several places - unify platform ACL code in a single source file - fix unused variable if compiling on FreeBSD without NFSv4 ACL support MFC after: 3 days X-MFC-with: 315636, 315876
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
5d6770bd |
|
15-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313781: Sync libarchive with vendor Vendor changes: Make SCHILY.acl.ace header more compact (NFSv4 ACLs) Vendor bugfixes: zip reader integer parsing fix (OSS-Fuzz 556) spelling fixes (issue #863)
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
87c1ec0a |
|
13-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368607: Sync libarchive with vendor. Vendor changes: Issue #1461: Unbreak build without lzma Issue #1462: warc reader: Fix build with gcc11 Issue #1463: Fix code compatibility in test_archive_read_support.c Issue #1464: Use built-in strnlen on platforms where not available Issue #1465: warc reader: fix undefined behaviour in deconst() function MFC after: 3 days X-MFC-With: 368234
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
482a8150 |
|
20-Sep-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r338797: Sync libarchive with vendor. Relevant vendor changes: PR #1019: Add allocation check for the zip_entry struct Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly Approved by: re (kib) MFC after: 1 week
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a7f7e457 |
|
28-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316083,316094: Sync libarchive with vendor Vendor changes (FreeBSD-related): - constify variables in several places - unify platform ACL code in a single source file - fix unused variable if compiling on FreeBSD without NFSv4 ACL support MFC after: 3 days X-MFC-with: 315636, 315876
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
5d6770bd |
|
15-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313781: Sync libarchive with vendor Vendor changes: Make SCHILY.acl.ace header more compact (NFSv4 ACLs) Vendor bugfixes: zip reader integer parsing fix (OSS-Fuzz 556) spelling fixes (issue #863)
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
0c9c2eb3 |
|
26-Mar-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes Bugfixes: IS #1672 and OSS-Fuzz #38766: (zip reader) fix possible out-of-bounds read in zipx_lzma_alone_init() PR #1676: (mtree reader) remove the unused variable "detected_bytes" PR #1674: (doc) fix use of At mdoc(7) macro in cpio.5 MFC after: 3 days
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
87c1ec0a |
|
13-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368607: Sync libarchive with vendor. Vendor changes: Issue #1461: Unbreak build without lzma Issue #1462: warc reader: Fix build with gcc11 Issue #1463: Fix code compatibility in test_archive_read_support.c Issue #1464: Use built-in strnlen on platforms where not available Issue #1465: warc reader: fix undefined behaviour in deconst() function MFC after: 3 days X-MFC-With: 368234
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
482a8150 |
|
20-Sep-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r338797: Sync libarchive with vendor. Relevant vendor changes: PR #1019: Add allocation check for the zip_entry struct Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly Approved by: re (kib) MFC after: 1 week
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a7f7e457 |
|
28-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316083,316094: Sync libarchive with vendor Vendor changes (FreeBSD-related): - constify variables in several places - unify platform ACL code in a single source file - fix unused variable if compiling on FreeBSD without NFSv4 ACL support MFC after: 3 days X-MFC-with: 315636, 315876
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
5d6770bd |
|
15-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313781: Sync libarchive with vendor Vendor changes: Make SCHILY.acl.ace header more compact (NFSv4 ACLs) Vendor bugfixes: zip reader integer parsing fix (OSS-Fuzz 556) spelling fixes (issue #863)
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
87c1ec0a |
|
13-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368607: Sync libarchive with vendor. Vendor changes: Issue #1461: Unbreak build without lzma Issue #1462: warc reader: Fix build with gcc11 Issue #1463: Fix code compatibility in test_archive_read_support.c Issue #1464: Use built-in strnlen on platforms where not available Issue #1465: warc reader: fix undefined behaviour in deconst() function MFC after: 3 days X-MFC-With: 368234
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
482a8150 |
|
20-Sep-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r338797: Sync libarchive with vendor. Relevant vendor changes: PR #1019: Add allocation check for the zip_entry struct Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly Approved by: re (kib) MFC after: 1 week
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a7f7e457 |
|
28-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316083,316094: Sync libarchive with vendor Vendor changes (FreeBSD-related): - constify variables in several places - unify platform ACL code in a single source file - fix unused variable if compiling on FreeBSD without NFSv4 ACL support MFC after: 3 days X-MFC-with: 315636, 315876
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
5d6770bd |
|
15-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313781: Sync libarchive with vendor Vendor changes: Make SCHILY.acl.ace header more compact (NFSv4 ACLs) Vendor bugfixes: zip reader integer parsing fix (OSS-Fuzz 556) spelling fixes (issue #863)
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
87c1ec0a |
|
13-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368607: Sync libarchive with vendor. Vendor changes: Issue #1461: Unbreak build without lzma Issue #1462: warc reader: Fix build with gcc11 Issue #1463: Fix code compatibility in test_archive_read_support.c Issue #1464: Use built-in strnlen on platforms where not available Issue #1465: warc reader: fix undefined behaviour in deconst() function MFC after: 3 days X-MFC-With: 368234
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
482a8150 |
|
20-Sep-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r338797: Sync libarchive with vendor. Relevant vendor changes: PR #1019: Add allocation check for the zip_entry struct Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly Approved by: re (kib) MFC after: 1 week
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a7f7e457 |
|
28-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316083,316094: Sync libarchive with vendor Vendor changes (FreeBSD-related): - constify variables in several places - unify platform ACL code in a single source file - fix unused variable if compiling on FreeBSD without NFSv4 ACL support MFC after: 3 days X-MFC-with: 315636, 315876
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
5d6770bd |
|
15-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313781: Sync libarchive with vendor Vendor changes: Make SCHILY.acl.ace header more compact (NFSv4 ACLs) Vendor bugfixes: zip reader integer parsing fix (OSS-Fuzz 556) spelling fixes (issue #863)
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
2dbf8c4a |
|
10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899: Sync libarchive with vendor. Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs MFC after: 1 week X-MFC with: r310866
|
#
7105995c |
|
26-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310622: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 846: Spelling fixes PR 850: Fix issues with reading certain jar files OSS-Fuzz 286: Bugfix in archive_strncat_l()
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap.
|
#
e2f3482b |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from lib/libarchive to contrib/libarchive: r204111 (uqs): Fix common misspelling of hierarchy r208027 (uqs): mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the bottom of the manpages and order them consistently. GNU groff doesn't care about the ordering, and doesn't even mention CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put them. r208291 (uqs): mdoc: consistently spell our email addresses <foo@FreeBSD.org> r209031 (uqs): mdoc nitpicking: the title argument shall be uppercase r214822 (kientzle): Clarify the naming: Methods that free an object should be called "free". Retain the old "finish" names to preserve source compatibility for now. r214905 (kientzle): If the Zip reader doesn't see a PK signature block because there's inter-entry garbage, just scan forward to find the next one. This allows us to handle a lot of Zip archives that have been modified in-place. Thanks to: Gleb Kurtsou for sending me a sample archive r216258 (kientzle): Don't write data into an empty "file." In particular, this check avoids a warning when extracting directory entries from certain GNU tar archives that store directory contents. r225525 (kientzle): Fix cpio on ARM. MFC after: 2 weeks
|
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks
|