#
358088 |
|
19-Feb-2020 |
mm |
MFC r356212,r356366,r356416,r357785 Update libarchive to version 3.4.2
Relevant vendor changes (r356212): Issue #351: Refactor and implement private state logic for write filters PR #1252: RAR5 reader - verify window size for solid files (OSS-Fuzz 15482) PR #1255: zip writer - don't append unused NUL for directories PR #1260: Fix sparse file offset overflow on 32-bit systems PR #1263: UNICODE filename support for reading lha/lzh format Issue #1276: Bugfix and optimize archive_wstring_append_from_mbs() PR #1288: Add the "xattrhdr" option to pax write options PR #1295: 7z reader - fix reading archives with digests in PackInfo PR #1296: RAR5 reader - verify window size for multivolume archives PR #1297: ZIP reader - support LZMA_STREAM_END marker in 'lzma alone' files Issue #1298: Fix a heap-buffer-overflow in archive_string_append_from_wcs() OSS-Fuzz 19360, 19362: LHA reader - plug two memory leaks on error Fix possible off-by-one when dealing with readlink(2)
Relevant vendor changes (r356366): Issue #1302: Plug memory leak on failure of archive_write_client_open()
Relevant vendor changes (r356416): Issue #1302: Re-do fix for archive_write_client_open()
Relevant vendor changes (r357785): PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime()
|
#
348607 |
|
04-Jun-2019 |
mm |
MFC r347990: Sync libarchive with vendor.
Relevant vendor changes: Issue #795: XAR - do not try to add xattrs without an allocated name PR #812: non-recursive option for extract and list PR #958: support reading metadata from compressed files PR #999: add --exclude-vcs option to bsdtar Issue #1062: treat empty archives with a GNU volume header as valid PR #1074: Handle ZIP files with trailing 0s in the extra fields (Android APK archives) PR #1109: Ignore padding in Zip extra field data (Android APK archives) PR #1167: fix problems related to unreadable directories Issue #1168: fix handling of strtol() and strtoul() PR #1172: RAR5 - fix invalid window buffer read in E8E9 filter PR #1174: ZIP reader - fix of MSZIP signature parsing PR #1175: gzip filter - fix reading files larger than 4GB from memory PR #1177: gzip filter - fix memory leak with repeated header reads PR #1180: ZIP reader - add support for Info-ZIP Unicode Path Extra Field PR #1181: RAR5 - fix merge_block() recursion (OSS-Fuzz 12999, 13029, 13144, 13478, 13490) PR #1183: fix memory leak when decompressing ZIP files with LZMA PR #1184: fix RAR5 OSS-Fuzz issues 12466, 14490, 14491, 12817 OSS-Fuzz 12466: RAR5 - fix buffer overflow when parsing huffman tables OSS-Fuzz 14490, 14491: RAR5 - fix bad shift-left operations OSS-Fuzz 12817: RAR5 - handle a case with truncated huffman tables PR #1186: RAR5 - fix invalid type used for dictionary size mask (OSS-Fuzz 14537) PR #1187: RAR5 - fix integer overflow (OSS-Fuzz 14555) PR #1190: RAR5 - RAR5 don't try to unpack entries marked as directories (OSS-Fuzz 14574) PR #1196: RAR5 - fix a potential SIGSEGV on 32-bit builds OSS-Fuzz 2582: RAR - fix use after free if there is an invalid entry OSS-Fuzz 14331: RAR5 - fix maximum owner name length OSS-Fuzz 13965: RAR5 - use unsigned int for volume number + range check
Additional RAR5 reader changes: - support symlinks, hardlinks, file owner, file group, versioned files - change ARCHIVE_FORMAT_RAR_V5 to 0x100000 - set correct mode for readonly directories - support readonly, hidden and system Windows file attributes
MFC r347999: Install missing data file for lib.libarchive.functional_test.test_read_format_zip_utf8_paths
Approved by: re (gjb blanket)
|
#
315432 |
|
16-Mar-2017 |
mm |
MFC r314571: Update libarchive to version 3.3.1 (and sync with latest vendor dist)
Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes.
New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata)
|
#
311041 |
|
02-Jan-2017 |
mm |
MFC r309300,r309363,r309405,r309523,r309590,r310185,r310623:
Sync libarchive with vendor.
Fixed vendor issues (relevant to FreeBSD) #825, #832: Add sanity check of tar "uid, "gid" and "mtime" fields #830, #831, #833, #846: Spelling fixes #850: Fix issues with reading certain jar files
Fixed issues found by Google OSS-Fuzz: OSS-Fuzz #15: Fix heap-buffer-overflow in archive_le16dec() OSS-Fuzz #16: Fix possible hang in uudecode_filter_read() OSS-Fuzz #139, #145, #152: Fix heap-buffer-overflow in uudecode_bidder_bid() OSS-Fuzz #220: Reject an 'ar' filename table larger than 1GB or a filename larger than 1MB OSS-Fuzz #227, #230, #239: Fix possible memory leak in archive_read_free() OSS-Fuzz #237: Fix heap buffer overflow when reading invalid ar archives OSS-Fuzz #286: Bugfix in archive_strncat_l()
More information: https://github.com/libarchive/libarchive/issues/[libarchive_issue_number] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=[oss_fuzz_issue_number]
|