#
324418 |
|
08-Oct-2017 |
mm |
MFH r324148: Sync libarchive with vendor.
Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
Security: CVE-2017-14166, CVE-2017-14502
|
#
316338 |
|
31-Mar-2017 |
mm |
MFC r315636,315876,316095: Sync libarchive with vendor
Vendor changes/bugfixes (FreeBSD-related): r315636: PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files
r315876: Store extended attributes with extattr_set_link() if no fd is provided Add extended attribute tests to libarchive and bsdtar Fix tar's test_option_acls Support the UF_HIDDEN file flag
r316095: Constify variables in several places Unify platform ACL code in a single source file Fix unused variable if compiling on FreeBSD without NFSv4 ACL support
|
#
315433 |
|
16-Mar-2017 |
mm |
MFC r314571: Update libarchive to version 3.3.1 (and sync with latest vendor dist)
Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes.
New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)
|
#
302295 |
|
30-Jun-2016 |
mm |
MFC r302075:
Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes
Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader
Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
|
#
302001 |
|
17-Jun-2016 |
mm |
MFC r299529,r299540,r299576,r299896:
r299529,r299540: Update libarchive to 3.2.0
New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive
r299576,r299896: Fix broken cpio behavior.
Relnotes: yes
|
#
291814 |
|
04-Dec-2015 |
bdrewery |
MFC r291329:
Remove redundant DPSRCS which were already in SRCS.
|
#
290892 |
|
15-Nov-2015 |
ngie |
MFC r289195:
Integrate the tests from lib/libarchive, usr.bin/cpio, and usr.bin/tar in to the FreeBSD test suite
functional_test.sh was ported from bin/sh/tests/functional_test.sh, as a small wrapper around libarchive_test, bsdcpio_test, and bsdtar_test provided by upstream.
A handful of testcases in lib/libarchive/tests have been disabled as they were failing when run with kyua test (see BROKEN_TESTS in lib/libarchive/tests/Makefile)
As a sidenote: this removes the check/test targets from the Makefiles as they don't match the pattern used in the rest of the FreeBSD test suite.
Sponsored by: EMC / Isilon Storage Division
Conflicts: lib/libarchive/test usr.bin/cpio/test
|