#
b9128a37 |
|
16-Apr-2024 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.3 New features: #1941 uudecode filter: support file name and file mode in raw mode #1943 7-zip reader: translate Windows permissions into UNIX permissions #1962 zstd filter now supports the "long" write option #2012 add trailing letter b to bsdtar(1) substitute pattern #2031 PCRE2 support #2054 add support for long options "--group" and "--owner" to tar(1) Security fixes: #2101 Fix possible vulnerability in tar error reporting introduced in f27c173 Important bugfixes: #1974 ISO9660: preserve the natural order of links #2105 rar5: fix infinite loop if during rar5 decompression the last block produced no data #2027 xz filter: fix incorrect eof at the end of an lzip member #2043 zip: fix end-of-data marker processing when decompressing zip archives PR: 278315 (exp-run) MFC after: 1 week
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
276f481d |
|
23-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340865: Sync libarchive with vendor. Relevant vendor changes: PR #1080: Spelling fixes PR #1084: RAR5 reader bugfixes PR #1091: fix use-after-free in delayed newc link processing PR #1092: Fix a few obvious resource leaks and strcpy() misuses MFC after: 1 week
|
#
b1c91e4b |
|
25-Oct-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r339640,339641,339644: Sync libarchive with vendor Relevant vendor changes: PR #1013: Add missing h_base offset when performing absolute seeks in xar decompression PR #1061: Add support for extraction of RAR v5 archives PR #1066: Fix out of bounds read on empty string filename for gnutar, pax and v7tar PR #1067: Fix temporary file path buffer overflow in tests IS #1068: Correctly process and verify integer arguments passed to bsdcpio and bsdtar PR #1070: Don't default XAR entry atime/mtime to the current time MFC after: 1 month
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a8fc61d5 |
|
03-May-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r317781: Sync libarchive with vendor Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes MFC after: 1 week
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
c38ff13d |
|
15-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r299576 and MFV r299895: Revert r299576: Fix broken cpio behavior. MFV r299895: Update to vendor git commit 860ec63. MFC after: 3 weeks (together with libarchive 3.2.0) Fix broken cpio behavior in pass-through mode with vendor code.
|
#
ec0bb203 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Fix broken cpio behavior. Suggested upstream as PR #704. MFC: 1 month (together with libarchive 3.2.0) |
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
fdaadf20 |
|
21-Nov-2014 |
Dimitry Andric <dim@FreeBSD.org> |
Fix the following -Werror warning from clang 3.5.0, while building usr.bin/cpio on amd64 (or any arch with 64-bit time_t): contrib/libarchive/cpio/cpio.c:1143:6: error: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Werror,-Wabsolute-value] if (abs(mtime - now) > (365/2)*86400) ^ contrib/libarchive/cpio/cpio.c:1143:6: note: use function 'labs' instead if (abs(mtime - now) > (365/2)*86400) ^~~ labs 1 error generated. This is because time_t is a long on amd64. To avoid the warning, just copy the equivalent test from a few lines before, which is used in the Windows case, and which is type safe. Reviewed by: emaste MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D1198 |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
584ad8fd |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from usr.bin/cpio to contrib/libarchive/cpio: r204111 (uqs): Fix common misspelling of hierarchy r211054 (kientzle); Fix -R when used with -p. Previously, the uname and gname weren't overwritten, so the disk restore would use those to lookup the original uid/gid again. Clearing the uname and gname prevents this. r212263 (gjb): Fix typo in bsdcpio manual: s/libarchive_formats/libarchive-formats MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
64884e0d |
|
29-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.1 Important changes (relevant to FreeBSD): ISSUE #1934: stack buffer overflow in cpio verbose mode ISSUE #1935: SEGV in cpio verbose mode PR #1731 tar: respect --strip-components and -s patterns in cru modes MFC after: 1 week
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
276f481d |
|
23-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340865: Sync libarchive with vendor. Relevant vendor changes: PR #1080: Spelling fixes PR #1084: RAR5 reader bugfixes PR #1091: fix use-after-free in delayed newc link processing PR #1092: Fix a few obvious resource leaks and strcpy() misuses MFC after: 1 week
|
#
b1c91e4b |
|
25-Oct-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r339640,339641,339644: Sync libarchive with vendor Relevant vendor changes: PR #1013: Add missing h_base offset when performing absolute seeks in xar decompression PR #1061: Add support for extraction of RAR v5 archives PR #1066: Fix out of bounds read on empty string filename for gnutar, pax and v7tar PR #1067: Fix temporary file path buffer overflow in tests IS #1068: Correctly process and verify integer arguments passed to bsdcpio and bsdtar PR #1070: Don't default XAR entry atime/mtime to the current time MFC after: 1 month
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a8fc61d5 |
|
03-May-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r317781: Sync libarchive with vendor Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes MFC after: 1 week
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
c38ff13d |
|
15-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r299576 and MFV r299895: Revert r299576: Fix broken cpio behavior. MFV r299895: Update to vendor git commit 860ec63. MFC after: 3 weeks (together with libarchive 3.2.0) Fix broken cpio behavior in pass-through mode with vendor code.
|
#
ec0bb203 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Fix broken cpio behavior. Suggested upstream as PR #704. MFC: 1 month (together with libarchive 3.2.0) |
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
fdaadf20 |
|
21-Nov-2014 |
Dimitry Andric <dim@FreeBSD.org> |
Fix the following -Werror warning from clang 3.5.0, while building usr.bin/cpio on amd64 (or any arch with 64-bit time_t): contrib/libarchive/cpio/cpio.c:1143:6: error: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Werror,-Wabsolute-value] if (abs(mtime - now) > (365/2)*86400) ^ contrib/libarchive/cpio/cpio.c:1143:6: note: use function 'labs' instead if (abs(mtime - now) > (365/2)*86400) ^~~ labs 1 error generated. This is because time_t is a long on amd64. To avoid the warning, just copy the equivalent test from a few lines before, which is used in the Windows case, and which is type safe. Reviewed by: emaste MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D1198 |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
584ad8fd |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from usr.bin/cpio to contrib/libarchive/cpio: r204111 (uqs): Fix common misspelling of hierarchy r211054 (kientzle); Fix -R when used with -p. Previously, the uname and gname weren't overwritten, so the disk restore would use those to lookup the original uid/gid again. Clearing the uname and gname prevents this. r212263 (gjb): Fix typo in bsdcpio manual: s/libarchive_formats/libarchive-formats MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
e64fe029 |
|
23-Jul-2023 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: merge from vendor branch Libarchive 3.7.0 Important changes (relevant to FreeBSD): #1814 Do not account for NULL terminator when comparing with "TRAILER!!!" #1818 Add ability to produce multi-frame zstd archives #1840 year 2038 fix for pax archives on platforms with 64-bit time_t #1860 Make single bit bitfields unsigned to avoid clang 16 warning #1869 Fix FreeBSD builds with WARNS=6 #1873 bsdunzip ported to libarchive from FreeBSD #1894 read support for zstd compression in 7zip archives #1918 ARM64 filter support in 7zip archives MFC after: 2 weeks PR: 272567 (exp-run)
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
276f481d |
|
23-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340865: Sync libarchive with vendor. Relevant vendor changes: PR #1080: Spelling fixes PR #1084: RAR5 reader bugfixes PR #1091: fix use-after-free in delayed newc link processing PR #1092: Fix a few obvious resource leaks and strcpy() misuses MFC after: 1 week
|
#
b1c91e4b |
|
25-Oct-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r339640,339641,339644: Sync libarchive with vendor Relevant vendor changes: PR #1013: Add missing h_base offset when performing absolute seeks in xar decompression PR #1061: Add support for extraction of RAR v5 archives PR #1066: Fix out of bounds read on empty string filename for gnutar, pax and v7tar PR #1067: Fix temporary file path buffer overflow in tests IS #1068: Correctly process and verify integer arguments passed to bsdcpio and bsdtar PR #1070: Don't default XAR entry atime/mtime to the current time MFC after: 1 month
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a8fc61d5 |
|
03-May-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r317781: Sync libarchive with vendor Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes MFC after: 1 week
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
c38ff13d |
|
15-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r299576 and MFV r299895: Revert r299576: Fix broken cpio behavior. MFV r299895: Update to vendor git commit 860ec63. MFC after: 3 weeks (together with libarchive 3.2.0) Fix broken cpio behavior in pass-through mode with vendor code.
|
#
ec0bb203 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Fix broken cpio behavior. Suggested upstream as PR #704. MFC: 1 month (together with libarchive 3.2.0) |
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
fdaadf20 |
|
21-Nov-2014 |
Dimitry Andric <dim@FreeBSD.org> |
Fix the following -Werror warning from clang 3.5.0, while building usr.bin/cpio on amd64 (or any arch with 64-bit time_t): contrib/libarchive/cpio/cpio.c:1143:6: error: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Werror,-Wabsolute-value] if (abs(mtime - now) > (365/2)*86400) ^ contrib/libarchive/cpio/cpio.c:1143:6: note: use function 'labs' instead if (abs(mtime - now) > (365/2)*86400) ^~~ labs 1 error generated. This is because time_t is a long on amd64. To avoid the warning, just copy the equivalent test from a few lines before, which is used in the Windows case, and which is type safe. Reviewed by: emaste MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D1198 |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
584ad8fd |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from usr.bin/cpio to contrib/libarchive/cpio: r204111 (uqs): Fix common misspelling of hierarchy r211054 (kientzle); Fix -R when used with -p. Previously, the uname and gname weren't overwritten, so the disk restore would use those to lookup the original uid/gid again. Clearing the uname and gname prevents this. r212263 (gjb): Fix typo in bsdcpio manual: s/libarchive_formats/libarchive-formats MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
ddce862a |
|
22-Aug-2021 |
Martin Matuska <mm@FreeBSD.org> |
libarchive: import changes from upstream Libarchive 3.5.2 New features: PR #1502: Support for PWB and v7 binary cpio formats PR #1509: Support of deflate algorithm in symbolic link decompression for ZIP archives Important bugfixes: IS #1044: fix extraction of hardlinks to symlinks PR #1480: Fix truncation of size values during 7zip archive extraction on 32bit architectures PR #1504: fix rar header skiming PR #1514: ZIP excessive disk read - fix location of central directory PR #1520: fix double-free in CAB reader PR #1521: Fixed leak of rar before ending with error PR #1530: Handle short writes from archive_write_callback PR #1532: 7zip: Use compression settings from file also for file header IS #1566: do not follow symlinks when processing the fixup list MFC after: 2 weeks Relnotes: yes
|
#
f55be4fc |
|
02-Mar-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r358511,r358532: Sync libarchive with vendor. Relevant vendor changes: Issue #1257: Add testcase for ZIPX files with LZMA_STREAM_END marker PR #1331: cpio.5: fix hard link description Issue #1335: archive_read.c: fix UBSan warning about undefined behavior Issue #1338: XAR reader: fix UBSan warning about undefined behavior Issue #1339: bsdcpio_test: fix datatype in from_hex() Issue #1341: Safe writes: delete temporary file if rename fails. Issue #1341: Safe writes: improve error handling MFC after: 1 week
|
#
f9762417 |
|
11-Feb-2020 |
Martin Matuska <mm@FreeBSD.org> |
MFV r357783: Update libarchive to 3.4.2 Relevant vendor changes: PR #1289: atomic extraction support (bsdtar -x --safe-writes) PR #1308: big endian fix for UTF16 support in LHA reader PR #1326: reject RAR5 files that declare invalid header flags Issue #987: fix support 7z archive entries with Delta filter Issue #1317: fix compression output buffer handling in XAR writer Issue #1319: fix uname or gname longer than 32 characters in pax writer Issue #1325: fix use after free when archiving hardlinks in ISO9660 or XAR Use localtime_r() and gmtime_r() instead of localtime() and gmtime() X-MFC-With: r356212,r356365,r356416 MFC after: 1 week
|
#
276f481d |
|
23-Nov-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r340865: Sync libarchive with vendor. Relevant vendor changes: PR #1080: Spelling fixes PR #1084: RAR5 reader bugfixes PR #1091: fix use-after-free in delayed newc link processing PR #1092: Fix a few obvious resource leaks and strcpy() misuses MFC after: 1 week
|
#
b1c91e4b |
|
25-Oct-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r339640,339641,339644: Sync libarchive with vendor Relevant vendor changes: PR #1013: Add missing h_base offset when performing absolute seeks in xar decompression PR #1061: Add support for extraction of RAR v5 archives PR #1066: Fix out of bounds read on empty string filename for gnutar, pax and v7tar PR #1067: Fix temporary file path buffer overflow in tests IS #1068: Correctly process and verify integer arguments passed to bsdcpio and bsdtar PR #1070: Don't default XAR entry atime/mtime to the current time MFC after: 1 month
|
#
f1951fd7 |
|
28-Jul-2018 |
Martin Matuska <mm@FreeBSD.org> |
MFV r336851: Update vendor/libarchive/dist to git 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Important vendor changes: PR #993: Chdir to -C directory for metalog processing OSS-Fuzz #4969: Check size of the extended time field in zip archives PR #973: Record informational compression level in gzip header MFC after: 1 week
|
#
5c831a5b |
|
30-Sep-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r324145,324147: Sync libarchive with vendor. Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) MFC after: 1 week Security: CVE-2017-14166, CVE-2017-14502
|
#
a8fc61d5 |
|
03-May-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r317781: Sync libarchive with vendor Vendor changes (FreeBSD-related): PR 897: add test for ZIP archives with invalid EOCD headers PR 901: fix invalid renaming of sparse files OSS-Fuzz issue 497: remove fallback tree in LZX decoder OSS-Fuzz issue 527: rewrite expressions in lz4 filter OSS-Fuzz issue 577: fix integer overflow in cpio reader OSS-Fuzz issue 862: fix numerc parsing in mtree reader OSS-Fuzz issue 1097: fix undefined shift in rar reader cpio: various optimizations and memory leak fixes MFC after: 1 week
|
#
4657548d |
|
20-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r315633, 315635: Sync libarchive with vendor Vendor changes/bugfixes (FreeBSD-related): PR 867 (bsdcpio): show numeric uid/gid when names are not found PR 870 (seekable zip): accept files with valid ZIP64 EOCD headers PR 880 (pax): Fix handling of "size" pax header keyword PR 887 (crypto): Discard 3072 bytes instead of 1024 of first keystream OSS-Fuzz issue 806 (mtree): rework mtree_atol10 integer parser Break ACL read/write code into platform-specific source files Unbreak static dependency on libbz2 MFC after: 1 week
|
#
64287048 |
|
02-Mar-2017 |
Martin Matuska <mm@FreeBSD.org> |
MFV r314565,314567,314570: Update libarchive to version 3.3.1 (and sync with latest vendor dist) Notable vendor changes: PR #501: improvements in ACL path handling PR #724: fix hang when reading malformed cpio files PR #864: fix out of bounds read with malformed GNU tar archives Documentation, style, test suite improvements and typo fixes. New options to bsdtar that enable or disable reading and/or writing of: Access Control Lists (--acls, --no-acls) Extended file flags (--fflags, --no-fflags) Extended attributes (--xattrs, --no-xattrs) Mac OS X metadata (Mac OS X only) (--mac-metadata, --no-mac-metadata) MFC after: 2 weeks
|
#
09c253fd |
|
30-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310798: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR #843: Fix memory leak of struct archive_entry in cpio/cpio.c PR #851: Spelling fixes Fix two protoypes in manual page archive_read_disk.3 MFC after: 2 weeks
|
#
6a414569 |
|
16-Dec-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r310115,310184: Sync libarchive with vendor. Vendor bugfixes (relevant to FreeBSD): PR 830, 831, 833: Spelling fixes OSS-Fuzz 227, 230, 239: Fix possible memory leak in archive_read_free() OSS-Fuzz 237: Fix heap buffer overflow when reading invalid ar archives MFC after: 1 week
|
#
f061a221 |
|
22-Jun-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r302003,r302037,r302038,r302056: Update libarchive to 3.2.1 (bugfix and security fix release) List of vendor fixes: - fix exploitable heap overflow vulnerability in Rar decompression (vendor issue 719, CVE-2016-4302, TALOS-2016-0154) - fix exploitable stack based buffer overflow vulnebarility in mtree parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153) - fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo (vendor issue 718, CVE-2016-4300, TALOS-2016-152) - fix integer overflow when computing location of volume descriptor (vendor issue 717) - fix buffer overflow when reading a crafred rar archive (vendor issue 521) - fix possible buffer overflow when reading ISO9660 archives on machines where sizeof(int) < sizeof(size_t) (vendor issue 711) - tar and cpio should fail if an input file named on the command line is missing (vendor issue 708) - fix incorrect writing of gnutar filenames that are exactly 512 bytes long (vendor issue 682) - allow tests to be run from paths that are equal or longer than 128 characters (vendor issue 657) - add memory allocation errors in archive_entry_xattr.c (vendor PR 603) - remove dead code in archive_entry_xattr_add_entry() (vendor PR 716) - fix broken decryption of ZIP files (vendor issue 553) - manpage style, typo and description fixes Post-3.2.1 vendor fixes: - fix typo in cpio version reporting (Vendor PR 725, 726) - fix argument range of ctype functions in libarchive_fe/passphrase.c - fix ctype use and avoid empty loop bodies in WARC reader MFC after: 1 week Security: CVE-2016-4300, CVE-2016-4301, CVE-2016-4302 Approved by: re (kib)
|
#
c38ff13d |
|
15-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Revert r299576 and MFV r299895: Revert r299576: Fix broken cpio behavior. MFV r299895: Update to vendor git commit 860ec63. MFC after: 3 weeks (together with libarchive 3.2.0) Fix broken cpio behavior in pass-through mode with vendor code.
|
#
ec0bb203 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Fix broken cpio behavior. Suggested upstream as PR #704. MFC: 1 month (together with libarchive 3.2.0) |
#
cdf63a70 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
MFV r299425: Update libarchive to 3.2.0 New features: - new bsdcat command-line utility - LZ4 compression (in src only via external utility from ports) - Warc format support - 'Raw' format writer - Zip: Support archives >4GB, entries >4GB - Zip: Support encrypting and decrypting entries - Zip: Support experimental streaming extension - Identify encrypted entries in several formats - New --clear-nochange-flags option to bsdtar tries to remove noschg and similar flags before deleting files - New --ignore-zeros option to bsdtar to handle concatenated tar archives - Use multi-threaded LZMA decompression if liblzma supports it - Expose version info for libraries used by libarchive Patched files (fixed compiler warnings): contrib/libarchive/cat/bsdcat.c (vendor PR #702) contrib/libarchive/cat/bsdcat.h (vendor PR #702) contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701) contrib/libarchive/libarchive_fe/err.c (vendor PR #703) MFC after: 1 month Relnotes: yes
|
#
fdaadf20 |
|
21-Nov-2014 |
Dimitry Andric <dim@FreeBSD.org> |
Fix the following -Werror warning from clang 3.5.0, while building usr.bin/cpio on amd64 (or any arch with 64-bit time_t): contrib/libarchive/cpio/cpio.c:1143:6: error: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Werror,-Wabsolute-value] if (abs(mtime - now) > (365/2)*86400) ^ contrib/libarchive/cpio/cpio.c:1143:6: note: use function 'labs' instead if (abs(mtime - now) > (365/2)*86400) ^~~ labs 1 error generated. This is because time_t is a long on amd64. To avoid the warning, just copy the equivalent test from a few lines before, which is used in the Windows case, and which is type safe. Reviewed by: emaste MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D1198 |
#
acc60b03 |
|
22-Mar-2013 |
Martin Matuska <mm@FreeBSD.org> |
MFV r248590,248594: Update libarchive to 3.1.2 Some of new features: - support for lrzip and grzip compression - support for writing tar v7 format - b64encode and uuencode filters - support for __MACOSX directory in Zip archives - support for lzop compresion (external utility)
|
#
fd082e96 |
|
28-Jul-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.4
|
#
6c95142e |
|
25-Feb-2012 |
Martin Matuska <mm@FreeBSD.org> |
Update libarchive to 3.0.3 Some of new features: - New readers: RAR, LHA/LZH, CAB reader, 7-Zip - New writers: ISO9660, XAR - Improvements to many formats, especially including ISO9660 and Zip - Stackable write filters to write, e.g., tar.gz.uu in a single pass - Exploit seekable input; new "seekable" Zip reader can exploit the Zip Central Directory when it's available; the old "streamable" Zip reader is still fully supported for cases where seeking is not possible. Full release notes available at: https://github.com/libarchive/libarchive/wiki/ReleaseNotes
|
#
584ad8fd |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from usr.bin/cpio to contrib/libarchive/cpio: r204111 (uqs): Fix common misspelling of hierarchy r211054 (kientzle); Fix -R when used with -p. Previously, the uname and gname weren't overwritten, so the disk restore would use those to lookup the original uid/gid again. Clearing the uname and gname prevents this. r212263 (gjb): Fix typo in bsdcpio manual: s/libarchive_formats/libarchive-formats MFC after: 2 weeks |
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks |
#
caf54c4f |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Copy libarchive from vendor branch to contrib MFC after: 2 weeks
|
#
ec0bb203 |
|
12-May-2016 |
Martin Matuska <mm@FreeBSD.org> |
Fix broken cpio behavior. Suggested upstream as PR #704. MFC: 1 month (together with libarchive 3.2.0)
|
#
fdaadf20 |
|
21-Nov-2014 |
Dimitry Andric <dim@FreeBSD.org> |
Fix the following -Werror warning from clang 3.5.0, while building usr.bin/cpio on amd64 (or any arch with 64-bit time_t): contrib/libarchive/cpio/cpio.c:1143:6: error: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Werror,-Wabsolute-value] if (abs(mtime - now) > (365/2)*86400) ^ contrib/libarchive/cpio/cpio.c:1143:6: note: use function 'labs' instead if (abs(mtime - now) > (365/2)*86400) ^~~ labs 1 error generated. This is because time_t is a long on amd64. To avoid the warning, just copy the equivalent test from a few lines before, which is used in the Windows case, and which is type safe. Reviewed by: emaste MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D1198
|
#
584ad8fd |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Merge FreeBSD changes from usr.bin/cpio to contrib/libarchive/cpio: r204111 (uqs): Fix common misspelling of hierarchy r211054 (kientzle); Fix -R when used with -p. Previously, the uname and gname weren't overwritten, so the disk restore would use those to lookup the original uid/gid again. Clearing the uname and gname prevents this. r212263 (gjb): Fix typo in bsdcpio manual: s/libarchive_formats/libarchive-formats MFC after: 2 weeks
|
#
6c22d9ef |
|
21-Dec-2011 |
Martin Matuska <mm@FreeBSD.org> |
Set svn:keywords to FreeBSD=%H for contrib/libarchive MFC after: 2 weeks
|