libarchive: merge from vendor branch

Libarchive 3.7.4 + three fixes from master

Security fixes:
#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
#2145 zip: Fix out of boundary access
#2148 r

libarchive: merge from vendor branch

Libarchive 3.7.4 + three fixes from master

Security fixes:
#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
#2145 zip: Fix out of boundary access
#2148 rar: Fix OOB in rar delta filter
#2149 rar: Fix OOB in rar audio filter

Important bugfixes:
#2131 7zip: Limit amount of properties
#2110 bsdtar: Fix error handling around strtol() usages
#2116 passphrase: Never allow empty passwords
#2124 rar: Fix "File CRC Error" when extracting specific rar4 archives
#2123 xar: Avoid infinite link loop
#2150 xar: Fix another infinite loop and expat error handling
#2108 zip: Update AppleDouble support for directories
#2071 zstd: Implement core detectiongit

PR: 278588 (exp-run)
MFC after: 1 day

show more ...

libarchive: merge from vendor branch

Libarchive 3.7.3

New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNI

libarchive: merge from vendor branch

Libarchive 3.7.3

New features:
#1941 uudecode filter: support file name and file mode in raw mode
#1943 7-zip reader: translate Windows permissions into UNIX
permissions
#1962 zstd filter now supports the "long" write option
#2012 add trailing letter b to bsdtar(1) substitute pattern
#2031 PCRE2 support
#2054 add support for long options "--group" and "--owner" to tar(1)

Security fixes:
#2101 Fix possible vulnerability in tar error reporting introduced
in f27c173

Important bugfixes:
#1974 ISO9660: preserve the natural order of links
#2105 rar5: fix infinite loop if during rar5 decompression the last
block produced no data
#2027 xz filter: fix incorrect eof at the end of an lzip member
#2043 zip: fix end-of-data marker processing when decompressing zip
archives

PR: 278315 (exp-run)
MFC after: 1 week

show more ...

libarchive: merge from vendor branch

Libarchive 3.7.1

Important changes (relevant to FreeBSD):
ISSUE #1934: stack buffer overflow in cpio verbose mode
ISSUE #1935: SEGV in cpio verbose mode
P

libarchive: merge from vendor branch

Libarchive 3.7.1

Important changes (relevant to FreeBSD):
ISSUE #1934: stack buffer overflow in cpio verbose mode
ISSUE #1935: SEGV in cpio verbose mode
PR #1731 tar: respect --strip-components and -s patterns in cru modes

MFC after: 1 week

show more ...

libarchive: merge from vendor branch

Libarchive 3.7.0

Important changes (relevant to FreeBSD):
#1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
#1818 Add ability to pro

libarchive: merge from vendor branch

Libarchive 3.7.0

Important changes (relevant to FreeBSD):
#1814 Do not account for NULL terminator when comparing with "TRAILER!!!"
#1818 Add ability to produce multi-frame zstd archives
#1840 year 2038 fix for pax archives on platforms with 64-bit time_t
#1860 Make single bit bitfields unsigned to avoid clang 16 warning
#1869 Fix FreeBSD builds with WARNS=6
#1873 bsdunzip ported to libarchive from FreeBSD
#1894 read support for zstd compression in 7zip archives
#1918 ARM64 filter support in 7zip archives

MFC after: 2 weeks
PR: 272567 (exp-run)

show more ...

libarchive: merge from vendor branch

Libarchive 3.6.2

Important bug fixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#

libarchive: merge from vendor branch

Libarchive 3.6.2

Important bug fixes:
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL

MFC after: 2 weeks
PR: 286306 (exp-run)

show more ...

libarchive: merge vendor bugfixes

Bugfixes:
IS #1685 and OSS-Fuzz #38764 (security):
(ISO reader) fix possible heap buffer overflow in read_children()
IS #1715 and OSS-Fuzz #46279 (security)

libarchive: merge vendor bugfixes

Bugfixes:
IS #1685 and OSS-Fuzz #38764 (security):
(ISO reader) fix possible heap buffer overflow in read_children()
IS #1715 and OSS-Fuzz #46279 (security):
(RARv4 reader) fix heap-use-after-free in run_filters()

MFC after: 3 days

show more ...

libarchive: merge vendor bugfix

OSS-Fuzz #44843 (security):
RAR reader: fix null-dereference in RAR (v4) filter code

X-MFC-with: 833a452e9d

libarchive: merge vendor bugfixes

Bugfixes:
OSS-Fuzz #44547: fix heap-use-after-free in RAR (v4) filter code
PR #1671: Fix 7z PPMD reading beyond boundary

X-MFC-with: 833a452e9d

libarchive: import changes from upstream

Libarchive 3.6.0

New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting arch

libarchive: import changes from upstream

Libarchive 3.6.0

New features:
PR #1614: tar: new option "--no-read-sparse"
PR #1503: RAR reader: filter support
PR #1585: RAR5 reader: self-extracting archive support

New features (not used in FreeBSD base):
PR #1567: tar: threads support for zstd (#1567)
PR #1518: ZIP reader: zstd decompression support

Security Fixes:
PR #1491, #1492, #1493, CVE-2021-36976:
fix invalid memory access and out of bounds read in RAR5 reader
PR #1566, #1618, CVE-2021-31566:
extended fix for following symlinks when processing the fixup list

Other notable bugfixes and improvements:
PR #1620: tar: respect "--ignore-zeros" in c, r and u modes
PR #1625: reduced size of application binaries

MFC after: 2 weeks
Relnotes: yes

show more ...

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompressio

libarchive: import changes from upstream

Libarchive 3.5.2

New features:
PR #1502: Support for PWB and v7 binary cpio formats
PR #1509: Support of deflate algorithm in symbolic link decompression
for ZIP archives

Important bugfixes:
IS #1044: fix extraction of hardlinks to symlinks
PR #1480: Fix truncation of size values during 7zip archive
extraction on 32bit architectures
PR #1504: fix rar header skiming
PR #1514: ZIP excessive disk read - fix location of central directory
PR #1520: fix double-free in CAB reader
PR #1521: Fixed leak of rar before ending with error
PR #1530: Handle short writes from archive_write_callback
PR #1532: 7zip: Use compression settings from file also for file header
IS #1566: do not follow symlinks when processing the fixup list

MFC after: 2 weeks
Relnotes: yes

show more ...

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointi

MFV r368207:
Update libarchive to 3.5.0

Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename

MFC after: 1 week

show more ...

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326

MFV r357783:
Update libarchive to 3.4.2

Relevant vendor changes:
PR #1289: atomic extraction support (bsdtar -x --safe-writes)
PR #1308: big endian fix for UTF16 support in LHA reader
PR #1326: reject RAR5 files that declare invalid header flags
Issue #987: fix support 7z archive entries with Delta filter
Issue #1317: fix compression output buffer handling in XAR writer
Issue #1319: fix uname or gname longer than 32 characters in pax writer
Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR
Use localtime_r() and gmtime_r() instead of localtime() and gmtime()

X-MFC-With: r356212,r356365,r356416
MFC after: 1 week

show more ...

MFV r349134:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1212: RAR5 reader - window_mask was not updated correctly
(OSS-Fuzz 15278)
OSS-Fuzz 15120: RAR reader - extend

MFV r349134:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1212: RAR5 reader - window_mask was not updated correctly
(OSS-Fuzz 15278)
OSS-Fuzz 15120: RAR reader - extend use after free bugfix

MFC after: 1 week (together with r348993)

show more ...

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #9

MFV r347989:
Sync libarchive with vendor.

Relevant vendor changes:
Issue #795: XAR - do not try to add xattrs without an allocated name
PR #812: non-recursive option for extract and list
PR #958: support reading metadata from compressed files
PR #999: add --exclude-vcs option to bsdtar
Issue #1062: treat empty archives with a GNU volume header as valid
PR #1074: Handle ZIP files with trailing 0s in the extra fields
(Android APK archives)
PR #1109: Ignore padding in Zip extra field data (Android APK archives)
PR #1167: fix problems related to unreadable directories
Issue #1168: fix handling of strtol() and strtoul()
PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter
PR #1174: ZIP reader - fix of MSZIP signature parsing
PR #1175: gzip filter - fix reading files larger than 4GB from memory
PR #1177: gzip filter - fix memory leak with repeated header reads
PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field
PR #1181: RAR5 - fix merge_block() recursion
(OSS-Fuzz 12999, 13029, 13144, 13478, 13490)
PR #1183: fix memory leak when decompressing ZIP files with LZMA
PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817
OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables
OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations
OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables
PR #1186: RAR5 - fix invalid type used for dictionary size mask
(OSS-Fuzz 14537)
PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555)
PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories
(OSS-Fuzz 14574)
PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds
OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry
OSS-Fuzz 14331: RAR5 - fix maximum owner name length
OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check

Additional RAR5 reader changes:
- support symlinks, hardlinks, file owner, file group, versioned files
- change ARCHIVE_FORMAT_RAR_V5 to 0x100000
- set correct mode for readonly directories
- support readonly, hidden and system Windows file attributes

MFC after: 2 weeks

show more ...

MFV r341771,342040,342041:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1102: RAR5 reader - fix big-endian problems
PR #1105: Fix various crash, memory corruption and infinite loop

MFV r341771,342040,342041:
Sync libarchive with vendor.

Relevant vendor changes:
PR #1102: RAR5 reader - fix big-endian problems
PR #1105: Fix various crash, memory corruption and infinite loop conditions
PR #1107: RAR5 reader: removed an unused function: bf_is_last_block

MFC after: 1 week

show more ...

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names

MFV r328323,328324:
Sync libarchive with vendor.

Relevant vendor changes:
PR #893: delete dead ppmd7 alloc callbacks
PR #904: Fix archive freeing bug in bsdcat
PR #961: Fix ZIP format names
PR #962: Don't modify attributes for existing directories
when ARCHIVE_EXTRACT_NO_OVERWRITE is set
PR #964: Fix -Werror=implicit-fallthrough= for GCC 7
PR #970: zip: Allow backslash as path separator

MFC after: 1 week

show more ...

MFV r324145,324147:
Sync libarchive with vendor.

Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue

MFV r324145,324147:
Sync libarchive with vendor.

Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)

MFC after: 1 week
Security: CVE-2017-14166, CVE-2017-14502

show more ...

MFV r317781:
Sync libarchive with vendor

Vendor changes (FreeBSD-related):
PR 897: add test for ZIP archives with invalid EOCD headers
PR 901: fix invalid renaming of sparse files
OSS-Fuzz iss

MFV r317781:
Sync libarchive with vendor

Vendor changes (FreeBSD-related):
PR 897: add test for ZIP archives with invalid EOCD headers
PR 901: fix invalid renaming of sparse files
OSS-Fuzz issue 497: remove fallback tree in LZX decoder
OSS-Fuzz issue 527: rewrite expressions in lz4 filter
OSS-Fuzz issue 577: fix integer overflow in cpio reader
OSS-Fuzz issue 862: fix numerc parsing in mtree reader
OSS-Fuzz issue 1097: fix undefined shift in rar reader
cpio: various optimizations and memory leak fixes

MFC after: 1 week

show more ...

MFV r311899:

Sync libarchive with vendor.

Vendor bugfixes:
#691: Support for SCHILY.xattr extended attributes
#854: Spelling fixes

Multiple fixes in ACL code:
- prefer acl_set_fd_np() to acl_set

MFV r311899:

Sync libarchive with vendor.

Vendor bugfixes:
#691: Support for SCHILY.xattr extended attributes
#854: Spelling fixes

Multiple fixes in ACL code:
- prefer acl_set_fd_np() to acl_set_fd()
- if acl_set_fd_np() fails, do no fallback to acl_set_file()
- do not warn if trying to write ACLs to a filesystem without ACL support
- fix id handling in archive_acl_(from_to)_text*() for NFSv4 ACLs

MFC after: 1 week
X-MFC with: r310866

show more ...

MFV r310115,310184:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-

MFV r310115,310184:

Sync libarchive with vendor.

Vendor bugfixes (relevant to FreeBSD):
PR 830, 831, 833: Spelling fixes
OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free()
OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives

MFC after: 1 week

show more ...

MFV r302003,r302037,r302038,r302056:

Update libarchive to 3.2.1 (bugfix and security fix release)

List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
(vendor

MFV r302003,r302037,r302038,r302056:

Update libarchive to 3.2.1 (bugfix and security fix release)

List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
(vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
(vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
(vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes

Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader

MFC after: 1 week
Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by: re (kib)

show more ...

MFV r299425:

Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
-

MFV r299425:

Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after: 1 month
Relnotes: yes

show more ...

MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support

MFV r248590,248594:
Update libarchive to 3.1.2

Some of new features:
- support for lrzip and grzip compression
- support for writing tar v7 format
- b64encode and uuencode filters
- support for __MACOSX directory in Zip archives
- support for lzop compresion (external utility)

show more ...

Update libarchive to 3.0.4

Update libarchive to 3.0.3

Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip

Update libarchive to 3.0.3

Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.

Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes

show more ...