#
13d826ff |
|
29-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.4 + three fixes from master Security fixes: #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) #2145 zip: Fix out of boundary access #2148 rar: Fix OOB in rar delta filter #2149 rar: Fix OOB in rar audio filter Important bugfixes: #2131 7zip: Limit amount of properties #2110 bsdtar: Fix error handling around strtol() usages #2116 passphrase: Never allow empty passwords #2124 rar: Fix "File CRC Error" when extracting specific rar4 archives #2123 xar: Avoid infinite link loop #2150 xar: Fix another infinite loop and expat error handling #2108 zip: Update AppleDouble support for directories #2071 zstd: Implement core detectiongit PR: 278588 (exp-run) MFC after: 1 day
|
#
b9128a37 |
|
16-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.3 New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1) Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173 Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives PR: 278315 (exp-run) MFC after: 1 week
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
bd5e624a |
|
13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.6.2 Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL MFC after: 2 weeks PR: 286306 (exp-run)
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
201d0ebe |
|
17-Nov-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: cherry-pick bugfix from vendor Vendor commit message (ede459d2e): archive_write_disk_posix: fix writing fflags broken in 8a1bd5c The fixup list was erroneously assumed to be directories only. Only in the case of critical file flags modification (e.g. SF_IMMUTABLE on BSD systems), other file types (e.g. regular files or symbolic links) may be added to the fixup list. We still need to verify that we are writing to the correct file type, so compare the archive entry file type with the file type of the file to be modified. Fixes vendor issue #1617: Immutable flag no longer preserved during tar extraction on FreeBSD MFC after: 3 days Reported by: markjdb Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230 |
#
c577bdfc |
|
26-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import bugfix from upstream Reworked bugfix for upstream issue #1566: Do not follow symlinks when processing the fixup list MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
fae5c36e |
|
12-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r348971,r348977: Sync libarchive with vendor. Relevant vendor changes: - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c - version bumped to 3.4.0 MFC after: 2 weeks
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
7d69e4cd |
|
26-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340938: Sync libarchive with vendor. Relevant vendor changes: Issue #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1023: Support extracting extattrs as non-root on non-user-writeable files MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
43f9e382 |
|
02-Apr-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316454,316455: Vendor changes (FreeBSD-related): Report which extended attributes could not be restored Update archive_read_disk.3 and archive_write_disk.3 manual pages Plug memory leaks in xattr tests. MFC after: 1 week
|
#
e46d4714 |
|
23-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315875: Sync libarchive with vendor. Vendor changes (FreeBSD-related): - store extended attributes with extattr_set_link() if no fd is provided - add extended attribute tests to libarchive and bsdtar - fix tar's test_option_acls - support the UF_HIDDEN file flag X-MFC with: 315636
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
d5d08d29 |
|
29-Nov-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r309299: Sync libarchive with vendor. Important vendor bugfixes (relevant to FreeBSD): #821: tar -P cannot extract hardlinks through symlinks #825: Add sanity check of tar "uid, "gid" and "mtime" fields PR: 213255 Reported by: Tijl Coosemans <tilj@FreeBSD.org> MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
e324bf91 |
|
01-Apr-2013 |
Matthew D Fleming <mdf@FreeBSD.org> |
Fix return type of extattr_set_* and fix rmextattr(8) utility. extattr_set_{fd,file,link} is logically a write(2)-like operation and should return ssize_t, just like extattr_get_*. Also, the user-space utility was using an int for the return value of extattr_get_* and extattr_list_*, both of which return an ssize_t. MFC after: 1 week |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
10ed66fd |
|
30-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Backport NFSv4 ACL fix from libarchive master branch. Source: https://github.com/libarchive/libarchive/commit/f67370d5 Obtained from: libarchive (master branch) |
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
b9128a37 |
|
16-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.3 New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1) Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173 Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives PR: 278315 (exp-run) MFC after: 1 week
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
bd5e624a |
|
13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.6.2 Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL MFC after: 2 weeks PR: 286306 (exp-run)
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
201d0ebe |
|
17-Nov-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: cherry-pick bugfix from vendor Vendor commit message (ede459d2e): archive_write_disk_posix: fix writing fflags broken in 8a1bd5c The fixup list was erroneously assumed to be directories only. Only in the case of critical file flags modification (e.g. SF_IMMUTABLE on BSD systems), other file types (e.g. regular files or symbolic links) may be added to the fixup list. We still need to verify that we are writing to the correct file type, so compare the archive entry file type with the file type of the file to be modified. Fixes vendor issue #1617: Immutable flag no longer preserved during tar extraction on FreeBSD MFC after: 3 days Reported by: markjdb Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230 |
#
c577bdfc |
|
26-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import bugfix from upstream Reworked bugfix for upstream issue #1566: Do not follow symlinks when processing the fixup list MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
fae5c36e |
|
12-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r348971,r348977: Sync libarchive with vendor. Relevant vendor changes: - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c - version bumped to 3.4.0 MFC after: 2 weeks
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
7d69e4cd |
|
26-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340938: Sync libarchive with vendor. Relevant vendor changes: Issue #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1023: Support extracting extattrs as non-root on non-user-writeable files MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
43f9e382 |
|
02-Apr-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316454,316455: Vendor changes (FreeBSD-related): Report which extended attributes could not be restored Update archive_read_disk.3 and archive_write_disk.3 manual pages Plug memory leaks in xattr tests. MFC after: 1 week
|
#
e46d4714 |
|
23-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315875: Sync libarchive with vendor. Vendor changes (FreeBSD-related): - store extended attributes with extattr_set_link() if no fd is provided - add extended attribute tests to libarchive and bsdtar - fix tar's test_option_acls - support the UF_HIDDEN file flag X-MFC with: 315636
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
d5d08d29 |
|
29-Nov-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r309299: Sync libarchive with vendor. Important vendor bugfixes (relevant to FreeBSD): #821: tar -P cannot extract hardlinks through symlinks #825: Add sanity check of tar "uid, "gid" and "mtime" fields PR: 213255 Reported by: Tijl Coosemans <tilj@FreeBSD.org> MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
e324bf91 |
|
01-Apr-2013 |
Matthew D Fleming <mdf@FreeBSD.org> |
Fix return type of extattr_set_* and fix rmextattr(8) utility. extattr_set_{fd,file,link} is logically a write(2)-like operation and should return ssize_t, just like extattr_get_*. Also, the user-space utility was using an int for the return value of extattr_get_* and extattr_list_*, both of which return an ssize_t. MFC after: 1 week |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
10ed66fd |
|
30-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Backport NFSv4 ACL fix from libarchive master branch. Source: https://github.com/libarchive/libarchive/commit/f67370d5 Obtained from: libarchive (master branch) |
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
bd5e624a |
|
13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.6.2 Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL MFC after: 2 weeks PR: 286306 (exp-run)
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
201d0ebe |
|
17-Nov-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: cherry-pick bugfix from vendor Vendor commit message (ede459d2e): archive_write_disk_posix: fix writing fflags broken in 8a1bd5c The fixup list was erroneously assumed to be directories only. Only in the case of critical file flags modification (e.g. SF_IMMUTABLE on BSD systems), other file types (e.g. regular files or symbolic links) may be added to the fixup list. We still need to verify that we are writing to the correct file type, so compare the archive entry file type with the file type of the file to be modified. Fixes vendor issue #1617: Immutable flag no longer preserved during tar extraction on FreeBSD MFC after: 3 days Reported by: markjdb Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230 |
#
c577bdfc |
|
26-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import bugfix from upstream Reworked bugfix for upstream issue #1566: Do not follow symlinks when processing the fixup list MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
fae5c36e |
|
12-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r348971,r348977: Sync libarchive with vendor. Relevant vendor changes: - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c - version bumped to 3.4.0 MFC after: 2 weeks
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
7d69e4cd |
|
26-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340938: Sync libarchive with vendor. Relevant vendor changes: Issue #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1023: Support extracting extattrs as non-root on non-user-writeable files MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
43f9e382 |
|
02-Apr-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316454,316455: Vendor changes (FreeBSD-related): Report which extended attributes could not be restored Update archive_read_disk.3 and archive_write_disk.3 manual pages Plug memory leaks in xattr tests. MFC after: 1 week
|
#
e46d4714 |
|
23-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315875: Sync libarchive with vendor. Vendor changes (FreeBSD-related): - store extended attributes with extattr_set_link() if no fd is provided - add extended attribute tests to libarchive and bsdtar - fix tar's test_option_acls - support the UF_HIDDEN file flag X-MFC with: 315636
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
d5d08d29 |
|
29-Nov-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r309299: Sync libarchive with vendor. Important vendor bugfixes (relevant to FreeBSD): #821: tar -P cannot extract hardlinks through symlinks #825: Add sanity check of tar "uid, "gid" and "mtime" fields PR: 213255 Reported by: Tijl Coosemans <tilj@FreeBSD.org> MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
e324bf91 |
|
01-Apr-2013 |
Matthew D Fleming <mdf@FreeBSD.org> |
Fix return type of extattr_set_* and fix rmextattr(8) utility. extattr_set_{fd,file,link} is logically a write(2)-like operation and should return ssize_t, just like extattr_get_*. Also, the user-space utility was using an int for the return value of extattr_get_* and extattr_list_*, both of which return an ssize_t. MFC after: 1 week |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
10ed66fd |
|
30-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Backport NFSv4 ACL fix from libarchive master branch. Source: https://github.com/libarchive/libarchive/commit/f67370d5 Obtained from: libarchive (master branch) |
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
bd5e624a |
|
13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.6.2 Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL MFC after: 2 weeks PR: 286306 (exp-run)
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
201d0ebe |
|
17-Nov-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: cherry-pick bugfix from vendor Vendor commit message (ede459d2e): archive_write_disk_posix: fix writing fflags broken in 8a1bd5c The fixup list was erroneously assumed to be directories only. Only in the case of critical file flags modification (e.g. SF_IMMUTABLE on BSD systems), other file types (e.g. regular files or symbolic links) may be added to the fixup list. We still need to verify that we are writing to the correct file type, so compare the archive entry file type with the file type of the file to be modified. Fixes vendor issue #1617: Immutable flag no longer preserved during tar extraction on FreeBSD MFC after: 3 days Reported by: markjdb Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230 |
#
c577bdfc |
|
26-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import bugfix from upstream Reworked bugfix for upstream issue #1566: Do not follow symlinks when processing the fixup list MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
fae5c36e |
|
12-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r348971,r348977: Sync libarchive with vendor. Relevant vendor changes: - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c - version bumped to 3.4.0 MFC after: 2 weeks
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
7d69e4cd |
|
26-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340938: Sync libarchive with vendor. Relevant vendor changes: Issue #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1023: Support extracting extattrs as non-root on non-user-writeable files MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
43f9e382 |
|
02-Apr-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316454,316455: Vendor changes (FreeBSD-related): Report which extended attributes could not be restored Update archive_read_disk.3 and archive_write_disk.3 manual pages Plug memory leaks in xattr tests. MFC after: 1 week
|
#
e46d4714 |
|
23-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315875: Sync libarchive with vendor. Vendor changes (FreeBSD-related): - store extended attributes with extattr_set_link() if no fd is provided - add extended attribute tests to libarchive and bsdtar - fix tar's test_option_acls - support the UF_HIDDEN file flag X-MFC with: 315636
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
d5d08d29 |
|
29-Nov-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r309299: Sync libarchive with vendor. Important vendor bugfixes (relevant to FreeBSD): #821: tar -P cannot extract hardlinks through symlinks #825: Add sanity check of tar "uid, "gid" and "mtime" fields PR: 213255 Reported by: Tijl Coosemans <tilj@FreeBSD.org> MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
e324bf91 |
|
01-Apr-2013 |
Matthew D Fleming <mdf@FreeBSD.org> |
Fix return type of extattr_set_* and fix rmextattr(8) utility. extattr_set_{fd,file,link} is logically a write(2)-like operation and should return ssize_t, just like extattr_get_*. Also, the user-space utility was using an int for the return value of extattr_get_* and extattr_list_*, both of which return an ssize_t. MFC after: 1 week |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
10ed66fd |
|
30-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Backport NFSv4 ACL fix from libarchive master branch. Source: https://github.com/libarchive/libarchive/commit/f67370d5 Obtained from: libarchive (master branch) |
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
bd5e624a |
|
13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.6.2 Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL MFC after: 2 weeks PR: 286306 (exp-run)
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
201d0ebe |
|
17-Nov-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: cherry-pick bugfix from vendor Vendor commit message (ede459d2e): archive_write_disk_posix: fix writing fflags broken in 8a1bd5c The fixup list was erroneously assumed to be directories only. Only in the case of critical file flags modification (e.g. SF_IMMUTABLE on BSD systems), other file types (e.g. regular files or symbolic links) may be added to the fixup list. We still need to verify that we are writing to the correct file type, so compare the archive entry file type with the file type of the file to be modified. Fixes vendor issue #1617: Immutable flag no longer preserved during tar extraction on FreeBSD MFC after: 3 days Reported by: markjdb Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230 |
#
c577bdfc |
|
26-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import bugfix from upstream Reworked bugfix for upstream issue #1566: Do not follow symlinks when processing the fixup list MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
fae5c36e |
|
12-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r348971,r348977: Sync libarchive with vendor. Relevant vendor changes: - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c - version bumped to 3.4.0 MFC after: 2 weeks
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
7d69e4cd |
|
26-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340938: Sync libarchive with vendor. Relevant vendor changes: Issue #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1023: Support extracting extattrs as non-root on non-user-writeable files MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
43f9e382 |
|
02-Apr-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316454,316455: Vendor changes (FreeBSD-related): Report which extended attributes could not be restored Update archive_read_disk.3 and archive_write_disk.3 manual pages Plug memory leaks in xattr tests. MFC after: 1 week
|
#
e46d4714 |
|
23-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315875: Sync libarchive with vendor. Vendor changes (FreeBSD-related): - store extended attributes with extattr_set_link() if no fd is provided - add extended attribute tests to libarchive and bsdtar - fix tar's test_option_acls - support the UF_HIDDEN file flag X-MFC with: 315636
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
d5d08d29 |
|
29-Nov-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r309299: Sync libarchive with vendor. Important vendor bugfixes (relevant to FreeBSD): #821: tar -P cannot extract hardlinks through symlinks #825: Add sanity check of tar "uid, "gid" and "mtime" fields PR: 213255 Reported by: Tijl Coosemans <tilj@FreeBSD.org> MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
e324bf91 |
|
01-Apr-2013 |
Matthew D Fleming <mdf@FreeBSD.org> |
Fix return type of extattr_set_* and fix rmextattr(8) utility. extattr_set_{fd,file,link} is logically a write(2)-like operation and should return ssize_t, just like extattr_get_*. Also, the user-space utility was using an int for the return value of extattr_get_* and extattr_list_*, both of which return an ssize_t. MFC after: 1 week |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
10ed66fd |
|
30-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Backport NFSv4 ACL fix from libarchive master branch. Source: https://github.com/libarchive/libarchive/commit/f67370d5 Obtained from: libarchive (master branch) |
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
833a452e |
|
09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.6.0 New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries MFC after: 2 weeks Relnotes: yes
|
#
201d0ebe |
|
17-Nov-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: cherry-pick bugfix from vendor Vendor commit message (ede459d2e): archive_write_disk_posix: fix writing fflags broken in 8a1bd5c The fixup list was erroneously assumed to be directories only. Only in the case of critical file flags modification (e.g. SF_IMMUTABLE on BSD systems), other file types (e.g. regular files or symbolic links) may be added to the fixup list. We still need to verify that we are writing to the correct file type, so compare the archive entry file type with the file type of the file to be modified. Fixes vendor issue #1617: Immutable flag no longer preserved during tar extraction on FreeBSD MFC after: 3 days Reported by: markjdb Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230 |
#
c577bdfc |
|
26-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import bugfix from upstream Reworked bugfix for upstream issue #1566: Do not follow symlinks when processing the fixup list MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
fae5c36e |
|
12-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r348971,r348977: Sync libarchive with vendor. Relevant vendor changes: - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c - version bumped to 3.4.0 MFC after: 2 weeks
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
7d69e4cd |
|
26-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340938: Sync libarchive with vendor. Relevant vendor changes: Issue #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1023: Support extracting extattrs as non-root on non-user-writeable files MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
43f9e382 |
|
02-Apr-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316454,316455: Vendor changes (FreeBSD-related): Report which extended attributes could not be restored Update archive_read_disk.3 and archive_write_disk.3 manual pages Plug memory leaks in xattr tests. MFC after: 1 week
|
#
e46d4714 |
|
23-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315875: Sync libarchive with vendor. Vendor changes (FreeBSD-related): - store extended attributes with extattr_set_link() if no fd is provided - add extended attribute tests to libarchive and bsdtar - fix tar's test_option_acls - support the UF_HIDDEN file flag X-MFC with: 315636
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
d5d08d29 |
|
29-Nov-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r309299: Sync libarchive with vendor. Important vendor bugfixes (relevant to FreeBSD): #821: tar -P cannot extract hardlinks through symlinks #825: Add sanity check of tar "uid, "gid" and "mtime" fields PR: 213255 Reported by: Tijl Coosemans <tilj@FreeBSD.org> MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
e324bf91 |
|
01-Apr-2013 |
Matthew D Fleming <mdf@FreeBSD.org> |
Fix return type of extattr_set_* and fix rmextattr(8) utility. extattr_set_{fd,file,link} is logically a write(2)-like operation and should return ssize_t, just like extattr_get_*. Also, the user-space utility was using an int for the return value of extattr_get_* and extattr_list_*, both of which return an ssize_t. MFC after: 1 week |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
10ed66fd |
|
30-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Backport NFSv4 ACL fix from libarchive master branch. Source: https://github.com/libarchive/libarchive/commit/f67370d5 Obtained from: libarchive (master branch) |
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
201d0ebe |
|
17-Nov-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: cherry-pick bugfix from vendor Vendor commit message (ede459d2e): archive_write_disk_posix: fix writing fflags broken in 8a1bd5c The fixup list was erroneously assumed to be directories only. Only in the case of critical file flags modification (e.g. SF_IMMUTABLE on BSD systems), other file types (e.g. regular files or symbolic links) may be added to the fixup list. We still need to verify that we are writing to the correct file type, so compare the archive entry file type with the file type of the file to be modified. Fixes vendor issue #1617: Immutable flag no longer preserved during tar extraction on FreeBSD MFC after: 3 days Reported by: markjdb Libarchive commit: ede459d2ebb879f5eedb6f7abea203be0b334230
|
#
c577bdfc |
|
26-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import bugfix from upstream Reworked bugfix for upstream issue #1566: Do not follow symlinks when processing the fixup list MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
fae5c36e |
|
12-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r348971,r348977: Sync libarchive with vendor. Relevant vendor changes: - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c - version bumped to 3.4.0 MFC after: 2 weeks
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
7d69e4cd |
|
26-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340938: Sync libarchive with vendor. Relevant vendor changes: Issue #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1023: Support extracting extattrs as non-root on non-user-writeable files MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
43f9e382 |
|
02-Apr-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316454,316455: Vendor changes (FreeBSD-related): Report which extended attributes could not be restored Update archive_read_disk.3 and archive_write_disk.3 manual pages Plug memory leaks in xattr tests. MFC after: 1 week
|
#
e46d4714 |
|
23-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315875: Sync libarchive with vendor. Vendor changes (FreeBSD-related): - store extended attributes with extattr_set_link() if no fd is provided - add extended attribute tests to libarchive and bsdtar - fix tar's test_option_acls - support the UF_HIDDEN file flag X-MFC with: 315636
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
d5d08d29 |
|
29-Nov-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r309299: Sync libarchive with vendor. Important vendor bugfixes (relevant to FreeBSD): #821: tar -P cannot extract hardlinks through symlinks #825: Add sanity check of tar "uid, "gid" and "mtime" fields PR: 213255 Reported by: Tijl Coosemans <tilj@FreeBSD.org> MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
e324bf91 |
|
01-Apr-2013 |
Matthew D Fleming <mdf@FreeBSD.org> |
Fix return type of extattr_set_* and fix rmextattr(8) utility. extattr_set_{fd,file,link} is logically a write(2)-like operation and should return ssize_t, just like extattr_get_*. Also, the user-space utility was using an int for the return value of extattr_get_* and extattr_list_*, both of which return an ssize_t. MFC after: 1 week |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
10ed66fd |
|
30-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Backport NFSv4 ACL fix from libarchive master branch. Source: https://github.com/libarchive/libarchive/commit/f67370d5 Obtained from: libarchive (master branch) |
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
c3afd20f |
|
01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0 Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename MFC after: 1 week
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
79085fd3 |
|
30-Dec-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r356163,r356197: Update libarchive to 3.4.1 Relevant vendor changes since last update: Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2) MFC after: 2 weeks
|
#
f057565e |
|
25-Sep-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r352731: Sync libarchive with vendor. Relevant vendor changes: Issue #1237: Fix integer overflow in archive_read_support_filter_lz4.c PR #1249: Correct some typographical and grammatical errors. PR #1250: Minor corrections to the formatting of manual pages MFC after: 1 week
|
#
fae5c36e |
|
12-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r348971,r348977: Sync libarchive with vendor. Relevant vendor changes: - check_symlinks_fsobj() without chdir() and fchdir() - bsdtar.1 manpage fixes - patches from OpenBSD to libarchive_fe/passphrase.c - version bumped to 3.4.0 MFC after: 2 weeks
|
#
52c2bb75 |
|
19-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor. Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes MFC after: 2 weeks
|
#
df422cb4 |
|
25-Mar-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r345495: Sync libarchive with vendor. Relevant vendor changes: PR #1153: fixed 2 bugs in ZIP reader [1] PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK Changes to file flags code, support more file flags on FreeBSD: UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM UF_ARCHIVE is not supported by intention (yet) PR: 236300 MFC after: 2 weeks
|
#
a39fc08d |
|
12-Feb-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r344063: Sync libarchive with vendor. Relevant vendor changes: PR #1085: Fix a null pointer dereference bug in zip writer PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2 decopmpression PR #1116: Add support for 64-bit ar format PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2] PR #1125: RAR5 reader - fix an invalid read and a memory leak PR #1131: POSIX reader - do not fail when tree_current_lstat() fails due to ENOENT [3] PR #1134: Delete unnecessary null pointer checks before calls of free() OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy. OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader PR: 233006 [3] Security: CVE-2019-1000019 [1], CVE-2019-1000020 [2] MFC after: 2 weeks
|
#
7d69e4cd |
|
26-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340938: Sync libarchive with vendor. Relevant vendor changes: Issue #1096: Support extracting ACLs with in-entry comments (GNU tar) PR #1023: Support extracting extattrs as non-root on non-user-writeable files MFC after: 1 week
|
#
a2a3407c |
|
24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor. Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator MFC after: 1 week
|
#
43f9e382 |
|
02-Apr-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r316454,316455: Vendor changes (FreeBSD-related): Report which extended attributes could not be restored Update archive_read_disk.3 and archive_write_disk.3 manual pages Plug memory leaks in xattr tests. MFC after: 1 week
|
#
e46d4714 |
|
23-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315875: Sync libarchive with vendor. Vendor changes (FreeBSD-related): - store extended attributes with extattr_set_link() if no fd is provided - add extended attribute tests to libarchive and bsdtar - fix tar's test_option_acls - support the UF_HIDDEN file flag X-MFC with: 315636
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
9f3de9e2 |
|
01-Feb-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r313071: Sync libarchive with vendor Vendor changes (relevant to FreeBSD): - support extracting NFSv4 ACLs from Solaris tar archives - bugfixes and optimizations in the ACL code - multiple fixes in the test suite - typo and other small bugfixes Security fixes: - cab reader: endless loop when parsing MSZIP signature (OSS-Fuzz 335) - LHA reader: heap-buffer-overflow in lha_read_file_header_1() (CVE-2017-5601) - LZ4 reader: null-pointer dereference in lz4_filter_read_legacy_stream() (OSS-Fuzz 453) - mtree reader: heap-buffer-overflow in detect_form() (OSS-Fuzz 421, 443) - WARC reader: heap-buffer-overflow in xstrpisotime() (OSS-Fuzz 382, 458) Memory leak fixes: - ACL support: free memory allocated by acl_get_qualifier() - disk writer: missing free in create_filesystem_object() - file reader: fd leak (Coverity 1016755) - gnutar writer: fix free in archive_write_gnutar_header() (Coverity 101675) - iso 9660 reader: missing free in parse_file_info() (partial Coverity 1016754) - program reader: missing free in __archive_read_program() - program writer: missing free in __archive_write_program_free() - xar reader: missing free in xar_cleanup() - xar reader: missing frees in expat_xmlattr_setup() (Coverity 1229979-1229981) - xar writer: missing free in file_free() - zip reader: missing free in zip_read_local_file_header() MFC after: 1 week X-MFC with: 310866, 310868, 310870, 311899
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
d5d08d29 |
|
29-Nov-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r309299: Sync libarchive with vendor. Important vendor bugfixes (relevant to FreeBSD): #821: tar -P cannot extract hardlinks through symlinks #825: Add sanity check of tar "uid, "gid" and "mtime" fields PR: 213255 Reported by: Tijl Coosemans <tilj@FreeBSD.org> MFC after: 1 week
|
#
24113d8c |
|
14-Sep-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r305816: Sync libarchive with vendor including important security fixes. Issues fixed (FreeBSD): PR #778: ACL error handling Issue #745: Symlink check prefix optimization is too aggressive Issue #746: Hard links with data can evade sandboxing restrictions This update fixes the vulnerability #3 and vulnerability #4 as reported in "non-cryptanalytic attacks against FreeBSD update components". https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Fix for vulnerability #2 has already been merged in r304989. MFC after: 1 week Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
#
cff8ef76 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Redo MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap. |
#
c4676089 |
|
26-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304866: Sync libarchive with vendor including security fixes Vendor issues fixed: Issue #731: Reject tar entries >= INT64_MAX Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames Issue #748: Zip decompression failure with highly-compressed data Issue #767: Buffer overflow printing a filename Issue #770: Zip read: be more careful about extra_length MFC after: 3 days
|
#
cfa49a9b |
|
14-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r304060: Sync libarchive with vendor including three security fixes Vendor issues fixed: Issue #744: Very long pathnames evade symlink checks Issue #748: libarchive can compress, but cannot decompress zip some files PR #750: ustar: fix out of bounds read on empty string ("") filename PR #755: fix use of acl_get_flagset_np() on FreeBSD MFC after: 3 days
|
#
ae5876ea |
|
30-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302264: Sync libarchive with vendor, bugfixes for tests: - fix tests on filesystems without birthtime support, e.g. UFS1 (1) - vendor issue #729: avoid use of C99 for-scope declarations in test_write_format_gnutar_filenames.c MFC after: 1 week PR: 204157 (1) Approved by: re (hrs)
|
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
e324bf91 |
|
01-Apr-2013 |
Matthew D Fleming <mdf@FreeBSD.org> |
Fix return type of extattr_set_* and fix rmextattr(8) utility. extattr_set_{fd,file,link} is logically a write(2)-like operation and should return ssize_t, just like extattr_get_*. Also, the user-space utility was using an int for the return value of extattr_get_* and extattr_list_*, both of which return an ssize_t. MFC after: 1 week |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
10ed66fd |
|
30-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Backport NFSv4 ACL fix from libarchive master branch. Source: https://github.com/libarchive/libarchive/commit/f67370d5 Obtained from: libarchive (master branch) |
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
c438d384 |
|
29-Aug-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r304869 This commit was incorrect and will be re-committed asap.
|
#
e324bf91 |
|
01-Apr-2013 |
Matthew D Fleming <mdf@FreeBSD.org> |
Fix return type of extattr_set_* and fix rmextattr(8) utility. extattr_set_{fd,file,link} is logically a write(2)-like operation and should return ssize_t, just like extattr_get_*. Also, the user-space utility was using an int for the return value of extattr_get_* and extattr_list_*, both of which return an ssize_t. MFC after: 1 week
|
#
10ed66fd |
|
30-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Backport NFSv4 ACL fix from libarchive master branch. Source: https://github.com/libarchive/libarchive/commit/f67370d5 Obtained from: libarchive (master branch)
|