#
13d826ff |
| 29-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch
Libarchive 3.7.4 + three fixes from master
Security fixes: #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) #2145 zip: Fix out of boundary access #2148 r
libarchive: merge from vendor branch
Libarchive 3.7.4 + three fixes from master
Security fixes: #2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256) #2145 zip: Fix out of boundary access #2148 rar: Fix OOB in rar delta filter #2149 rar: Fix OOB in rar audio filter
Important bugfixes: #2131 7zip: Limit amount of properties #2110 bsdtar: Fix error handling around strtol() usages #2116 passphrase: Never allow empty passwords #2124 rar: Fix "File CRC Error" when extracting specific rar4 archives #2123 xar: Avoid infinite link loop #2150 xar: Fix another infinite loop and expat error handling #2108 zip: Update AppleDouble support for directories #2071 zstd: Implement core detectiongit
PR: 278588 (exp-run) MFC after: 1 day
show more ...
|
#
b9128a37 |
| 16-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch
Libarchive 3.7.3
New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNI
libarchive: merge from vendor branch
Libarchive 3.7.3
New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1)
Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173
Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives
PR: 278315 (exp-run) MFC after: 1 week
show more ...
|
#
64884e0d |
| 29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch
Libarchive 3.7.1
Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode P
libarchive: merge from vendor branch
Libarchive 3.7.1
Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes
MFC after: 1 week
show more ...
|
#
e64fe029 |
| 24-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch
Libarchive 3.7.0
Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to pro
libarchive: merge from vendor branch
Libarchive 3.7.0
Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives
MFC after: 2 weeks PR: 272567 (exp-run)
show more ...
|
#
bd5e624a |
| 13-Dec-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch
Libarchive 3.6.2
Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#
libarchive: merge from vendor branch
Libarchive 3.6.2
Important bug fixes: rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL
MFC after: 2 weeks PR: 286306 (exp-run)
show more ...
|
#
9f690fcf |
| 03-Apr-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes
Bugfixes: IS #1685 and OSS-Fuzz #38764 (security): (ISO reader) fix possible heap buffer overflow in read_children() IS #1715 and OSS-Fuzz #46279 (security)
libarchive: merge vendor bugfixes
Bugfixes: IS #1685 and OSS-Fuzz #38764 (security): (ISO reader) fix possible heap buffer overflow in read_children() IS #1715 and OSS-Fuzz #46279 (security): (RARv4 reader) fix heap-use-after-free in run_filters()
MFC after: 3 days
show more ...
|
#
5ccf909a |
| 21-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfix
OSS-Fuzz #44843 (security): RAR reader: fix null-dereference in RAR (v4) filter code
X-MFC-with: 833a452e9d
|
#
47a2e541 |
| 18-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge vendor bugfixes
Bugfixes: OSS-Fuzz #44547: fix heap-use-after-free in RAR (v4) filter code PR #1671: Fix 7z PPMD reading beyond boundary
X-MFC-with: 833a452e9d
|
#
833a452e |
| 09-Feb-2022 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream
Libarchive 3.6.0
New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting arch
libarchive: import changes from upstream
Libarchive 3.6.0
New features: PR #1614: tar: new option "--no-read-sparse" PR #1503: RAR reader: filter support PR #1585: RAR5 reader: self-extracting archive support
New features (not used in FreeBSD base): PR #1567: tar: threads support for zstd (#1567) PR #1518: ZIP reader: zstd decompression support
Security Fixes: PR #1491, #1492, #1493, CVE-2021-36976: fix invalid memory access and out of bounds read in RAR5 reader PR #1566, #1618, CVE-2021-31566: extended fix for following symlinks when processing the fixup list
Other notable bugfixes and improvements: PR #1620: tar: respect "--ignore-zeros" in c, r and u modes PR #1625: reduced size of application binaries
MFC after: 2 weeks Relnotes: yes
show more ...
|
#
ddce862a |
| 23-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream
Libarchive 3.5.2
New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompressio
libarchive: import changes from upstream
Libarchive 3.5.2
New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives
Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list
MFC after: 2 weeks Relnotes: yes
show more ...
|
#
c3afd20f |
| 01-Dec-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r368207: Update libarchive to 3.5.0
Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointi
MFV r368207: Update libarchive to 3.5.0
Relevant vendor changes: Issue #1258: add archive_read_support_filter_by_code() PR #1347: mtree digest reader support Issue #1381: skip hardlinks pointing to itself on extraction PR #1387: fix writing of cpio archives with hardlinks without file type PR #1388: fix rdev field in cpio format for device nodes PR #1389: completed support for UTF-8 encoding conversion PR #1405: more formats in archive_read_support_format_by_code() PR #1408: fix uninitialized size in rar5_read_data PR #1409: system extended attribute support PR #1435: support for decompression of symbolic links in zipx archives Issue #1456: memory leak after unsuccessful archive_write_open_filename
MFC after: 1 week
show more ...
|
#
f9762417 |
| 12-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2
Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326
MFV r357783: Update libarchive to 3.4.2
Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime()
X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
show more ...
|
#
7d8ec1b7 |
| 17-Jun-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r349134: Sync libarchive with vendor.
Relevant vendor changes: PR #1212: RAR5 reader - window_mask was not updated correctly (OSS-Fuzz 15278) OSS-Fuzz 15120: RAR reader - extend
MFV r349134: Sync libarchive with vendor.
Relevant vendor changes: PR #1212: RAR5 reader - window_mask was not updated correctly (OSS-Fuzz 15278) OSS-Fuzz 15120: RAR reader - extend use after free bugfix
MFC after: 1 week (together with r348993)
show more ...
|
#
52c2bb75 |
| 20-May-2019 |
Martin Matuska <mm@FreeBSD.org> |
MFV r347989: Sync libarchive with vendor.
Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #9
MFV r347989: Sync libarchive with vendor.
Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check
Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes
MFC after: 2 weeks
show more ...
|
#
98bf66e6 |
| 13-Dec-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r341771,342040,342041: Sync libarchive with vendor.
Relevant vendor changes: PR #1102: RAR5 reader - fix big-endian problems PR #1105: Fix various crash, memory corruption and infinite loop
MFV r341771,342040,342041: Sync libarchive with vendor.
Relevant vendor changes: PR #1102: RAR5 reader - fix big-endian problems PR #1105: Fix various crash, memory corruption and infinite loop conditions PR #1107: RAR5 reader: removed an unused function: bf_is_last_block
MFC after: 1 week
show more ...
|
#
a2a3407c |
| 24-Jan-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r328323,328324: Sync libarchive with vendor.
Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names
MFV r328323,328324: Sync libarchive with vendor.
Relevant vendor changes: PR #893: delete dead ppmd7 alloc callbacks PR #904: Fix archive freeing bug in bsdcat PR #961: Fix ZIP format names PR #962: Don't modify attributes for existing directories when ARCHIVE_EXTRACT_NO_OVERWRITE is set PR #964: Fix -Werror=implicit-fallthrough= for GCC 7 PR #970: zip: Allow backslash as path separator
MFC after: 1 week
show more ...
|
#
5c831a5b |
| 01-Oct-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor.
Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue
MFV r324145,324147: Sync libarchive with vendor.
Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
show more ...
|
#
a8fc61d5 |
| 04-May-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r317781: Sync libarchive with vendor
Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz iss
MFV r317781: Sync libarchive with vendor
Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes
MFC after: 1 week
show more ...
|
#
2dbf8c4a |
| 10-Jan-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r311899:
Sync libarchive with vendor.
Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes
Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set
MFV r311899:
Sync libarchive with vendor.
Vendor bugfixes: #691: Support for SCHILY.xattr extended attributes #854: Spelling fixes
Multiple fixes in ACL code: - prefer acl_set_fd_np() to acl_set_fd() - if acl_set_fd_np() fails, do no fallback to acl_set_file() - do not warn if trying to write ACLs to a filesystem without ACL support - fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs
MFC after: 1 week X-MFC with: r310866
show more ...
|
#
6a414569 |
| 17-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184:
Sync libarchive with vendor.
Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-
MFV r310115,310184:
Sync libarchive with vendor.
Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives
MFC after: 1 week
show more ...
|
#
f061a221 |
| 22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056:
Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor
MFV r302003,r302037,r302038,r302056:
Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes
Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader
MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
show more ...
|
#
cdf63a70 |
| 12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425:
Update libarchive to 3.2.0
New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer -
MFV r299425:
Update libarchive to 3.2.0
New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive
Patched files (fixed compiler warnings):
contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703)
MFC after: 1 month Relnotes: yes
show more ...
|
#
acc60b03 |
| 22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2
Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support
MFV r248590,248594: Update libarchive to 3.1.2
Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
show more ...
|
#
fd082e96 |
| 28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
| 25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3
Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip
Update libarchive to 3.0.3
Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible.
Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
show more ...
|